From b31c6ae5a541e1b0e08fa4d8a5f73408e609e323 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Wed, 19 Jul 2023 12:56:29 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- enterprise/authelia/16.0.0/CHANGELOG.md | 99 + enterprise/authelia/16.0.0/Chart.yaml | 43 + enterprise/authelia/16.0.0/LICENSE | 106 + enterprise/authelia/16.0.0/README.md | 27 + enterprise/authelia/16.0.0/app-changelog.md | 9 + enterprise/authelia/16.0.0/app-readme.md | 8 + .../authelia/16.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../authelia/16.0.0/charts/redis-6.0.62.tgz | Bin 0 -> 136825 bytes enterprise/authelia/16.0.0/ix_values.yaml | 633 + enterprise/authelia/16.0.0/questions.yaml | 2969 ++++ .../authelia/16.0.0/templates/NOTES.txt | 1 + .../authelia/16.0.0/templates/_configmap.tpl | 349 + .../authelia/16.0.0/templates/_secrets.tpl | 53 + .../authelia/16.0.0/templates/common.yaml | 77 + enterprise/authelia/16.0.0/values.yaml | 0 enterprise/blocky/6.0.0/CHANGELOG.md | 99 + enterprise/blocky/6.0.0/Chart.yaml | 33 + enterprise/blocky/6.0.0/LICENSE | 106 + enterprise/blocky/6.0.0/README.md | 27 + enterprise/blocky/6.0.0/app-changelog.md | 9 + enterprise/blocky/6.0.0/app-readme.md | 8 + .../blocky/6.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../blocky/6.0.0/charts/redis-6.0.62.tgz | Bin 0 -> 136825 bytes enterprise/blocky/6.0.0/ix_values.yaml | 374 + enterprise/blocky/6.0.0/questions.yaml | 2786 ++++ enterprise/blocky/6.0.0/templates/NOTES.txt | 1 + .../blocky/6.0.0/templates/_blockyConfig.tpl | 231 + .../blocky/6.0.0/templates/_k8sgateway.tpl | 90 + enterprise/blocky/6.0.0/templates/common.yaml | 106 + enterprise/blocky/6.0.0/values.yaml | 0 enterprise/clusterissuer/2.0.0/CHANGELOG.md | 99 + enterprise/clusterissuer/2.0.0/Chart.yaml | 29 + enterprise/clusterissuer/2.0.0/LICENSE | 106 + enterprise/clusterissuer/2.0.0/README.md | 27 + .../clusterissuer/2.0.0/app-changelog.md | 9 + enterprise/clusterissuer/2.0.0/app-readme.md | 8 + .../2.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes enterprise/clusterissuer/2.0.0/ix_values.yaml | 80 + enterprise/clusterissuer/2.0.0/questions.yaml | 327 + .../clusterissuer/2.0.0/templates/NOTES.txt | 1 + .../2.0.0/templates/clusterissuer/_ACME.tpl | 98 + .../2.0.0/templates/clusterissuer/_CA.tpl | 54 + .../templates/clusterissuer/_selfSigned.tpl | 14 + .../clusterissuer/2.0.0/templates/common.yaml | 9 + enterprise/clusterissuer/2.0.0/values.yaml | 0 enterprise/grafana/8.0.0/CHANGELOG.md | 99 + enterprise/grafana/8.0.0/Chart.yaml | 32 + enterprise/grafana/8.0.0/LICENSE | 106 + enterprise/grafana/8.0.0/README.md | 27 + enterprise/grafana/8.0.0/app-changelog.md | 9 + enterprise/grafana/8.0.0/app-readme.md | 8 + .../grafana/8.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes enterprise/grafana/8.0.0/ix_values.yaml | 87 + enterprise/grafana/8.0.0/questions.yaml | 2080 +++ enterprise/grafana/8.0.0/templates/NOTES.txt | 1 + .../grafana/8.0.0/templates/common.yaml | 1 + enterprise/grafana/8.0.0/values.yaml | 0 enterprise/metallb-config/2.0.0/CHANGELOG.md | 99 + enterprise/metallb-config/2.0.0/Chart.yaml | 30 + enterprise/metallb-config/2.0.0/LICENSE | 106 + enterprise/metallb-config/2.0.0/README.md | 27 + .../metallb-config/2.0.0/app-changelog.md | 9 + enterprise/metallb-config/2.0.0/app-readme.md | 8 + .../2.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../metallb-config/2.0.0/ix_values.yaml | 77 + .../metallb-config/2.0.0/questions.yaml | 364 + .../metallb-config/2.0.0/templates/NOTES.txt | 1 + .../2.0.0/templates/_bgpadvertisement.tpl | 33 + .../2.0.0/templates/_community.tpl | 16 + .../2.0.0/templates/_ipaddresspool.tpl | 17 + .../2.0.0/templates/_l2advertisement.tpl | 22 + .../metallb-config/2.0.0/templates/_peers.tpl | 51 + .../2.0.0/templates/common.yaml | 21 + enterprise/metallb-config/2.0.0/values.yaml | 0 enterprise/prometheus/10.0.0/CHANGELOG.md | 99 + enterprise/prometheus/10.0.0/Chart.yaml | 37 + enterprise/prometheus/10.0.0/LICENSE | 106 + enterprise/prometheus/10.0.0/README.md | 27 + enterprise/prometheus/10.0.0/app-changelog.md | 9 + enterprise/prometheus/10.0.0/app-readme.md | 8 + .../10.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../charts/kube-state-metrics-1.0.31.tgz | Bin 0 -> 135528 bytes .../10.0.0/charts/node-exporter-1.0.35.tgz | Bin 0 -> 135344 bytes enterprise/prometheus/10.0.0/ix_values.yaml | 1368 ++ enterprise/prometheus/10.0.0/questions.yaml | 1353 ++ .../prometheus/10.0.0/templates/NOTES.txt | 1 + .../prometheus/10.0.0/templates/_helpers.tpl | 210 + .../templates/alertmanager/_alertmanager.tpl | 174 + .../templates/alertmanager/secrets.yaml | 13 + .../alertmanager/serviceaccount.yaml | 12 + .../alertmanager/servicemonitor.yaml | 26 + .../prometheus/10.0.0/templates/common.yaml | 13 + .../templates/exporters/core-dns/service.yaml | 22 + .../exporters/core-dns/servicemonitor.yaml | 29 + .../kube-apiserver/servicemonitor.yaml | 35 + .../kube-controller-manager/endpoints.yaml | 18 + .../kube-controller-manager/service.yaml | 25 + .../servicemonitor.yaml | 40 + .../exporters/kube-scheduler/endpoints.yaml | 18 + .../exporters/kube-scheduler/service.yaml | 25 + .../kube-scheduler/servicemonitor.yaml | 40 + .../exporters/kubelet/servicemonitor.yaml | 85 + .../prometheus/_additionalPrometheusRules.tpl | 15 + .../prometheus/_additionalScrapeJobs.tpl | 13 + .../templates/prometheus/_prometheus.tpl | 362 + .../templates/prometheus/_servicemonitor.tpl | 29 + .../templates/prometheus/clusterrole.yaml | 41 + .../prometheus/clusterrolebinding.yaml | 15 + .../templates/prometheus/serviceaccount.yaml | 12 + enterprise/prometheus/10.0.0/values.yaml | 0 enterprise/traefik/19.0.0/CHANGELOG.md | 99 + enterprise/traefik/19.0.0/Chart.yaml | 31 + enterprise/traefik/19.0.0/LICENSE | 106 + enterprise/traefik/19.0.0/README.md | 27 + enterprise/traefik/19.0.0/app-changelog.md | 9 + enterprise/traefik/19.0.0/app-readme.md | 8 + .../traefik/19.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../traefik.containo.us_ingressroutes.yaml | 267 + .../traefik.containo.us_ingressroutetcps.yaml | 211 + .../traefik.containo.us_ingressrouteudps.yaml | 98 + .../crds/traefik.containo.us_middlewares.yaml | 917 ++ .../traefik.containo.us_middlewaretcps.yaml | 72 + ...traefik.containo.us_serverstransports.yaml | 128 + .../crds/traefik.containo.us_tlsoptions.yaml | 113 + .../crds/traefik.containo.us_tlsstores.yaml | 99 + .../traefik.containo.us_traefikservices.yaml | 381 + .../19.0.0/crds/traefik.io_ingressroutes.yaml | 275 + .../crds/traefik.io_ingressroutetcps.yaml | 218 + .../crds/traefik.io_ingressrouteudps.yaml | 105 + .../19.0.0/crds/traefik.io_middlewares.yaml | 924 ++ .../crds/traefik.io_middlewaretcps.yaml | 72 + .../crds/traefik.io_serverstransports.yaml | 128 + .../19.0.0/crds/traefik.io_tlsoptions.yaml | 113 + .../19.0.0/crds/traefik.io_tlsstores.yaml | 99 + .../crds/traefik.io_traefikservices.yaml | 402 + enterprise/traefik/19.0.0/ix_values.yaml | 430 + enterprise/traefik/19.0.0/questions.yaml | 2728 ++++ enterprise/traefik/19.0.0/templates/NOTES.txt | 1 + enterprise/traefik/19.0.0/templates/_args.tpl | 182 + .../traefik/19.0.0/templates/_helpers.tpl | 22 + .../19.0.0/templates/_ingressclass.tpl | 24 + .../19.0.0/templates/_ingressroute.tpl | 34 + .../traefik/19.0.0/templates/_portalhook.tpl | 25 + .../traefik/19.0.0/templates/_tlsoptions.tpl | 12 + .../traefik/19.0.0/templates/common.yaml | 23 + .../templates/middlewares/addPrefix.yaml | 12 + .../middlewares/basic-middleware.yaml | 57 + .../templates/middlewares/basicauth.yaml | 30 + .../19.0.0/templates/middlewares/chain.yaml | 21 + .../middlewares/customRequestHeaders.yaml | 15 + .../middlewares/customResponseHeaders.yaml | 15 + .../templates/middlewares/forwardauth.yaml | 29 + .../templates/middlewares/geoblock.yaml | 29 + .../templates/middlewares/ipwhitelist.yaml | 27 + .../templates/middlewares/ratelimit.yaml | 13 + .../19.0.0/templates/middlewares/real-ip.yaml | 15 + .../templates/middlewares/redirectScheme.yaml | 13 + .../templates/middlewares/redirectregex.yaml | 14 + .../middlewares/stripPrefixRegex.yaml | 14 + .../templates/middlewares/tc-chains.yaml | 24 + .../templates/middlewares/tc-headers.yaml | 57 + .../templates/middlewares/tc-nextcloud.yaml | 20 + .../templates/middlewares/theme-park.yaml | 20 + enterprise/traefik/19.0.0/values.yaml | 0 enterprise/vaultwarden/21.0.0/CHANGELOG.md | 99 + enterprise/vaultwarden/21.0.0/Chart.yaml | 33 + enterprise/vaultwarden/21.0.0/LICENSE | 106 + enterprise/vaultwarden/21.0.0/README.md | 27 + .../vaultwarden/21.0.0/app-changelog.md | 9 + enterprise/vaultwarden/21.0.0/app-readme.md | 8 + .../21.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes enterprise/vaultwarden/21.0.0/ix_values.yaml | 161 + enterprise/vaultwarden/21.0.0/questions.yaml | 2387 ++++ .../vaultwarden/21.0.0/templates/NOTES.txt | 1 + .../21.0.0/templates/_configmap.tpl | 111 + .../vaultwarden/21.0.0/templates/_secrets.tpl | 37 + .../21.0.0/templates/_validate.tpl | 17 + .../vaultwarden/21.0.0/templates/common.yaml | 17 + enterprise/vaultwarden/21.0.0/values.yaml | 0 operators/cert-manager/1.0.0/CHANGELOG.md | 0 operators/cert-manager/1.0.0/Chart.yaml | 34 + operators/cert-manager/1.0.0/LICENSE | 106 + operators/cert-manager/1.0.0/README.md | 27 + operators/cert-manager/1.0.0/app-changelog.md | 0 operators/cert-manager/1.0.0/app-readme.md | 8 + .../1.0.0/charts/cert-manager-v1.12.2.tgz | Bin 0 -> 68114 bytes .../1.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes operators/cert-manager/1.0.0/ix_values.yaml | 36 + operators/cert-manager/1.0.0/questions.yaml | 45 + .../cert-manager/1.0.0/templates/NOTES.txt | 1 + .../cert-manager/1.0.0/templates/common.yaml | 5 + .../cert-manager/1.0.0/templates/crds.yaml | 0 operators/cert-manager/1.0.0/values.yaml | 0 operators/cloudnative-pg/2.0.0/CHANGELOG.md | 96 + operators/cloudnative-pg/2.0.0/Chart.yaml | 31 + operators/cloudnative-pg/2.0.0/LICENSE | 106 + operators/cloudnative-pg/2.0.0/README.md | 27 + .../cloudnative-pg/2.0.0/app-changelog.md | 9 + operators/cloudnative-pg/2.0.0/app-readme.md | 8 + .../2.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes operators/cloudnative-pg/2.0.0/ix_values.yaml | 816 ++ operators/cloudnative-pg/2.0.0/questions.yaml | 45 + .../cloudnative-pg/2.0.0/templates/NOTES.txt | 1 + .../_mutatingwebhookconfiguration.tpl | 85 + .../_validatingwebhookconfiguration.tpl | 106 + .../2.0.0/templates/common.yaml | 8 + .../cloudnative-pg/2.0.0/templates/crds.yaml | 11805 ++++++++++++++++ operators/cloudnative-pg/2.0.0/values.yaml | 0 operators/metallb/10.0.0/CHANGELOG.md | 99 + operators/metallb/10.0.0/Chart.yaml | 30 + operators/metallb/10.0.0/LICENSE | 106 + operators/metallb/10.0.0/README.md | 27 + operators/metallb/10.0.0/app-changelog.md | 9 + operators/metallb/10.0.0/app-readme.md | 8 + .../metallb/10.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes operators/metallb/10.0.0/ix_values.yaml | 347 + operators/metallb/10.0.0/questions.yaml | 45 + operators/metallb/10.0.0/templates/NOTES.txt | 1 + .../metallb/10.0.0/templates/_webhooks.tpl | 162 + .../metallb/10.0.0/templates/common.yaml | 7 + operators/metallb/10.0.0/templates/crds.yaml | 1233 ++ operators/metallb/10.0.0/values.yaml | 0 .../prometheus-operator/1.0.0/CHANGELOG.md | 78 + .../prometheus-operator/1.0.0/Chart.yaml | 30 + operators/prometheus-operator/1.0.0/LICENSE | 106 + operators/prometheus-operator/1.0.0/README.md | 27 + .../1.0.0/app-changelog.md | 9 + .../prometheus-operator/1.0.0/app-readme.md | 8 + .../1.0.0/charts/common-13.2.0.tgz | Bin 0 -> 133368 bytes .../prometheus-operator/1.0.0/ix_values.yaml | 302 + .../prometheus-operator/1.0.0/questions.yaml | 45 + .../1.0.0/templates/NOTES.txt | 1 + .../_mutatingwebhookconfiguration.tpl | 77 + .../_validatingwebhookconfiguration.tpl | 77 + .../1.0.0/templates/common.yaml | 8 + .../crds/crd-alertmanagerconfigs.yaml | 4484 ++++++ .../templates/crds/crd-alertmanagers.yaml | 7253 ++++++++++ .../1.0.0/templates/crds/crd-podmonitors.yaml | 683 + .../1.0.0/templates/crds/crd-probes.yaml | 726 + .../templates/crds/crd-prometheusagents.yaml | 8269 +++++++++++ .../templates/crds/crd-prometheuses.yaml | 9596 +++++++++++++ .../templates/crds/crd-prometheusrules.yaml | 134 + .../templates/crds/crd-scrapeconfigs.yaml | 360 + .../templates/crds/crd-servicemonitors.yaml | 713 + .../templates/crds/crd-thanosrulers.yaml | 6834 +++++++++ .../1.0.0/update-operator-crds.sh | 34 + .../prometheus-operator/1.0.0/values.yaml | 0 247 files changed, 83870 insertions(+) create mode 100644 enterprise/authelia/16.0.0/CHANGELOG.md create mode 100644 enterprise/authelia/16.0.0/Chart.yaml create mode 100644 enterprise/authelia/16.0.0/LICENSE create mode 100644 enterprise/authelia/16.0.0/README.md create mode 100644 enterprise/authelia/16.0.0/app-changelog.md create mode 100644 enterprise/authelia/16.0.0/app-readme.md create mode 100644 enterprise/authelia/16.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/authelia/16.0.0/charts/redis-6.0.62.tgz create mode 100644 enterprise/authelia/16.0.0/ix_values.yaml create mode 100644 enterprise/authelia/16.0.0/questions.yaml create mode 100644 enterprise/authelia/16.0.0/templates/NOTES.txt create mode 100644 enterprise/authelia/16.0.0/templates/_configmap.tpl create mode 100644 enterprise/authelia/16.0.0/templates/_secrets.tpl create mode 100644 enterprise/authelia/16.0.0/templates/common.yaml create mode 100644 enterprise/authelia/16.0.0/values.yaml create mode 100644 enterprise/blocky/6.0.0/CHANGELOG.md create mode 100644 enterprise/blocky/6.0.0/Chart.yaml create mode 100644 enterprise/blocky/6.0.0/LICENSE create mode 100644 enterprise/blocky/6.0.0/README.md create mode 100644 enterprise/blocky/6.0.0/app-changelog.md create mode 100644 enterprise/blocky/6.0.0/app-readme.md create mode 100644 enterprise/blocky/6.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/blocky/6.0.0/charts/redis-6.0.62.tgz create mode 100644 enterprise/blocky/6.0.0/ix_values.yaml create mode 100644 enterprise/blocky/6.0.0/questions.yaml create mode 100644 enterprise/blocky/6.0.0/templates/NOTES.txt create mode 100644 enterprise/blocky/6.0.0/templates/_blockyConfig.tpl create mode 100644 enterprise/blocky/6.0.0/templates/_k8sgateway.tpl create mode 100644 enterprise/blocky/6.0.0/templates/common.yaml create mode 100644 enterprise/blocky/6.0.0/values.yaml create mode 100644 enterprise/clusterissuer/2.0.0/CHANGELOG.md create mode 100644 enterprise/clusterissuer/2.0.0/Chart.yaml create mode 100644 enterprise/clusterissuer/2.0.0/LICENSE create mode 100644 enterprise/clusterissuer/2.0.0/README.md create mode 100644 enterprise/clusterissuer/2.0.0/app-changelog.md create mode 100644 enterprise/clusterissuer/2.0.0/app-readme.md create mode 100644 enterprise/clusterissuer/2.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/clusterissuer/2.0.0/ix_values.yaml create mode 100644 enterprise/clusterissuer/2.0.0/questions.yaml create mode 100644 enterprise/clusterissuer/2.0.0/templates/NOTES.txt create mode 100644 enterprise/clusterissuer/2.0.0/templates/clusterissuer/_ACME.tpl create mode 100644 enterprise/clusterissuer/2.0.0/templates/clusterissuer/_CA.tpl create mode 100644 enterprise/clusterissuer/2.0.0/templates/clusterissuer/_selfSigned.tpl create mode 100644 enterprise/clusterissuer/2.0.0/templates/common.yaml create mode 100644 enterprise/clusterissuer/2.0.0/values.yaml create mode 100644 enterprise/grafana/8.0.0/CHANGELOG.md create mode 100644 enterprise/grafana/8.0.0/Chart.yaml create mode 100644 enterprise/grafana/8.0.0/LICENSE create mode 100644 enterprise/grafana/8.0.0/README.md create mode 100644 enterprise/grafana/8.0.0/app-changelog.md create mode 100644 enterprise/grafana/8.0.0/app-readme.md create mode 100644 enterprise/grafana/8.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/grafana/8.0.0/ix_values.yaml create mode 100644 enterprise/grafana/8.0.0/questions.yaml create mode 100644 enterprise/grafana/8.0.0/templates/NOTES.txt create mode 100644 enterprise/grafana/8.0.0/templates/common.yaml create mode 100644 enterprise/grafana/8.0.0/values.yaml create mode 100644 enterprise/metallb-config/2.0.0/CHANGELOG.md create mode 100644 enterprise/metallb-config/2.0.0/Chart.yaml create mode 100644 enterprise/metallb-config/2.0.0/LICENSE create mode 100644 enterprise/metallb-config/2.0.0/README.md create mode 100644 enterprise/metallb-config/2.0.0/app-changelog.md create mode 100644 enterprise/metallb-config/2.0.0/app-readme.md create mode 100644 enterprise/metallb-config/2.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/metallb-config/2.0.0/ix_values.yaml create mode 100644 enterprise/metallb-config/2.0.0/questions.yaml create mode 100644 enterprise/metallb-config/2.0.0/templates/NOTES.txt create mode 100644 enterprise/metallb-config/2.0.0/templates/_bgpadvertisement.tpl create mode 100644 enterprise/metallb-config/2.0.0/templates/_community.tpl create mode 100644 enterprise/metallb-config/2.0.0/templates/_ipaddresspool.tpl create mode 100644 enterprise/metallb-config/2.0.0/templates/_l2advertisement.tpl create mode 100644 enterprise/metallb-config/2.0.0/templates/_peers.tpl create mode 100644 enterprise/metallb-config/2.0.0/templates/common.yaml create mode 100644 enterprise/metallb-config/2.0.0/values.yaml create mode 100644 enterprise/prometheus/10.0.0/CHANGELOG.md create mode 100644 enterprise/prometheus/10.0.0/Chart.yaml create mode 100644 enterprise/prometheus/10.0.0/LICENSE create mode 100644 enterprise/prometheus/10.0.0/README.md create mode 100644 enterprise/prometheus/10.0.0/app-changelog.md create mode 100644 enterprise/prometheus/10.0.0/app-readme.md create mode 100644 enterprise/prometheus/10.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/prometheus/10.0.0/charts/kube-state-metrics-1.0.31.tgz create mode 100644 enterprise/prometheus/10.0.0/charts/node-exporter-1.0.35.tgz create mode 100644 enterprise/prometheus/10.0.0/ix_values.yaml create mode 100644 enterprise/prometheus/10.0.0/questions.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/NOTES.txt create mode 100644 enterprise/prometheus/10.0.0/templates/_helpers.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/alertmanager/_alertmanager.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/alertmanager/secrets.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/alertmanager/serviceaccount.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/alertmanager/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/common.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/core-dns/service.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-apiserver/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/service.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/service.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/_additionalPrometheusRules.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/_additionalScrapeJobs.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/_prometheus.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/_servicemonitor.tpl create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/clusterrole.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/clusterrolebinding.yaml create mode 100644 enterprise/prometheus/10.0.0/templates/prometheus/serviceaccount.yaml create mode 100644 enterprise/prometheus/10.0.0/values.yaml create mode 100644 enterprise/traefik/19.0.0/CHANGELOG.md create mode 100644 enterprise/traefik/19.0.0/Chart.yaml create mode 100644 enterprise/traefik/19.0.0/LICENSE create mode 100644 enterprise/traefik/19.0.0/README.md create mode 100644 enterprise/traefik/19.0.0/app-changelog.md create mode 100644 enterprise/traefik/19.0.0/app-readme.md create mode 100644 enterprise/traefik/19.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutes.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutetcps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressrouteudps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewares.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewaretcps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_serverstransports.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsoptions.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsstores.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.containo.us_traefikservices.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_ingressroutes.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_ingressroutetcps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_ingressrouteudps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_middlewares.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_middlewaretcps.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_serverstransports.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_tlsoptions.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_tlsstores.yaml create mode 100644 enterprise/traefik/19.0.0/crds/traefik.io_traefikservices.yaml create mode 100644 enterprise/traefik/19.0.0/ix_values.yaml create mode 100644 enterprise/traefik/19.0.0/questions.yaml create mode 100644 enterprise/traefik/19.0.0/templates/NOTES.txt create mode 100644 enterprise/traefik/19.0.0/templates/_args.tpl create mode 100644 enterprise/traefik/19.0.0/templates/_helpers.tpl create mode 100644 enterprise/traefik/19.0.0/templates/_ingressclass.tpl create mode 100644 enterprise/traefik/19.0.0/templates/_ingressroute.tpl create mode 100644 enterprise/traefik/19.0.0/templates/_portalhook.tpl create mode 100644 enterprise/traefik/19.0.0/templates/_tlsoptions.tpl create mode 100644 enterprise/traefik/19.0.0/templates/common.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/addPrefix.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/basic-middleware.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/basicauth.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/chain.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/customRequestHeaders.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/customResponseHeaders.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/forwardauth.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/geoblock.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/ipwhitelist.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/ratelimit.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/real-ip.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/redirectScheme.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/redirectregex.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/stripPrefixRegex.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/tc-chains.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/tc-headers.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/tc-nextcloud.yaml create mode 100644 enterprise/traefik/19.0.0/templates/middlewares/theme-park.yaml create mode 100644 enterprise/traefik/19.0.0/values.yaml create mode 100644 enterprise/vaultwarden/21.0.0/CHANGELOG.md create mode 100644 enterprise/vaultwarden/21.0.0/Chart.yaml create mode 100644 enterprise/vaultwarden/21.0.0/LICENSE create mode 100644 enterprise/vaultwarden/21.0.0/README.md create mode 100644 enterprise/vaultwarden/21.0.0/app-changelog.md create mode 100644 enterprise/vaultwarden/21.0.0/app-readme.md create mode 100644 enterprise/vaultwarden/21.0.0/charts/common-13.2.0.tgz create mode 100644 enterprise/vaultwarden/21.0.0/ix_values.yaml create mode 100644 enterprise/vaultwarden/21.0.0/questions.yaml create mode 100644 enterprise/vaultwarden/21.0.0/templates/NOTES.txt create mode 100644 enterprise/vaultwarden/21.0.0/templates/_configmap.tpl create mode 100644 enterprise/vaultwarden/21.0.0/templates/_secrets.tpl create mode 100644 enterprise/vaultwarden/21.0.0/templates/_validate.tpl create mode 100644 enterprise/vaultwarden/21.0.0/templates/common.yaml create mode 100644 enterprise/vaultwarden/21.0.0/values.yaml create mode 100644 operators/cert-manager/1.0.0/CHANGELOG.md create mode 100644 operators/cert-manager/1.0.0/Chart.yaml create mode 100644 operators/cert-manager/1.0.0/LICENSE create mode 100644 operators/cert-manager/1.0.0/README.md create mode 100644 operators/cert-manager/1.0.0/app-changelog.md create mode 100644 operators/cert-manager/1.0.0/app-readme.md create mode 100644 operators/cert-manager/1.0.0/charts/cert-manager-v1.12.2.tgz create mode 100644 operators/cert-manager/1.0.0/charts/common-13.2.0.tgz create mode 100644 operators/cert-manager/1.0.0/ix_values.yaml create mode 100644 operators/cert-manager/1.0.0/questions.yaml create mode 100644 operators/cert-manager/1.0.0/templates/NOTES.txt create mode 100644 operators/cert-manager/1.0.0/templates/common.yaml create mode 100644 operators/cert-manager/1.0.0/templates/crds.yaml create mode 100644 operators/cert-manager/1.0.0/values.yaml create mode 100644 operators/cloudnative-pg/2.0.0/CHANGELOG.md create mode 100644 operators/cloudnative-pg/2.0.0/Chart.yaml create mode 100644 operators/cloudnative-pg/2.0.0/LICENSE create mode 100644 operators/cloudnative-pg/2.0.0/README.md create mode 100644 operators/cloudnative-pg/2.0.0/app-changelog.md create mode 100644 operators/cloudnative-pg/2.0.0/app-readme.md create mode 100644 operators/cloudnative-pg/2.0.0/charts/common-13.2.0.tgz create mode 100644 operators/cloudnative-pg/2.0.0/ix_values.yaml create mode 100644 operators/cloudnative-pg/2.0.0/questions.yaml create mode 100644 operators/cloudnative-pg/2.0.0/templates/NOTES.txt create mode 100644 operators/cloudnative-pg/2.0.0/templates/_mutatingwebhookconfiguration.tpl create mode 100644 operators/cloudnative-pg/2.0.0/templates/_validatingwebhookconfiguration.tpl create mode 100644 operators/cloudnative-pg/2.0.0/templates/common.yaml create mode 100644 operators/cloudnative-pg/2.0.0/templates/crds.yaml create mode 100644 operators/cloudnative-pg/2.0.0/values.yaml create mode 100644 operators/metallb/10.0.0/CHANGELOG.md create mode 100644 operators/metallb/10.0.0/Chart.yaml create mode 100644 operators/metallb/10.0.0/LICENSE create mode 100644 operators/metallb/10.0.0/README.md create mode 100644 operators/metallb/10.0.0/app-changelog.md create mode 100644 operators/metallb/10.0.0/app-readme.md create mode 100644 operators/metallb/10.0.0/charts/common-13.2.0.tgz create mode 100644 operators/metallb/10.0.0/ix_values.yaml create mode 100644 operators/metallb/10.0.0/questions.yaml create mode 100644 operators/metallb/10.0.0/templates/NOTES.txt create mode 100644 operators/metallb/10.0.0/templates/_webhooks.tpl create mode 100644 operators/metallb/10.0.0/templates/common.yaml create mode 100644 operators/metallb/10.0.0/templates/crds.yaml create mode 100644 operators/metallb/10.0.0/values.yaml create mode 100644 operators/prometheus-operator/1.0.0/CHANGELOG.md create mode 100644 operators/prometheus-operator/1.0.0/Chart.yaml create mode 100644 operators/prometheus-operator/1.0.0/LICENSE create mode 100644 operators/prometheus-operator/1.0.0/README.md create mode 100644 operators/prometheus-operator/1.0.0/app-changelog.md create mode 100644 operators/prometheus-operator/1.0.0/app-readme.md create mode 100644 operators/prometheus-operator/1.0.0/charts/common-13.2.0.tgz create mode 100644 operators/prometheus-operator/1.0.0/ix_values.yaml create mode 100644 operators/prometheus-operator/1.0.0/questions.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/NOTES.txt create mode 100644 operators/prometheus-operator/1.0.0/templates/_mutatingwebhookconfiguration.tpl create mode 100644 operators/prometheus-operator/1.0.0/templates/_validatingwebhookconfiguration.tpl create mode 100644 operators/prometheus-operator/1.0.0/templates/common.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagerconfigs.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagers.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-podmonitors.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-probes.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-prometheusagents.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-prometheuses.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-prometheusrules.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-scrapeconfigs.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-servicemonitors.yaml create mode 100644 operators/prometheus-operator/1.0.0/templates/crds/crd-thanosrulers.yaml create mode 100755 operators/prometheus-operator/1.0.0/update-operator-crds.sh create mode 100644 operators/prometheus-operator/1.0.0/values.yaml diff --git a/enterprise/authelia/16.0.0/CHANGELOG.md b/enterprise/authelia/16.0.0/CHANGELOG.md new file mode 100644 index 00000000000..71b223e4081 --- /dev/null +++ b/enterprise/authelia/16.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [authelia-16.0.0](https://github.com/truecharts/charts/compare/authelia-15.1.31...authelia-16.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [authelia-15.1.31](https://github.com/truecharts/charts/compare/authelia-15.1.30...authelia-15.1.31) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [authelia-15.1.30](https://github.com/truecharts/charts/compare/authelia-15.1.29...authelia-15.1.30) (2023-06-29) + +### Fix + +- redirection URL require https ([#10026](https://github.com/truecharts/charts/issues/10026)) + + + + +## [authelia-15.1.29](https://github.com/truecharts/charts/compare/authelia-15.1.28...authelia-15.1.29) (2023-06-17) + +### Docs + +- Add extra section on middleware ([#9616](https://github.com/truecharts/charts/issues/9616)) + + ### Fix + +- fix configmap ([#9724](https://github.com/truecharts/charts/issues/9724)) + + + + +## [authelia-15.1.28](https://github.com/truecharts/charts/compare/authelia-15.1.27...authelia-15.1.28) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + ### Docs + +- Guide for Authelia+LLDAP+Traefik ([#9577](https://github.com/truecharts/charts/issues/9577)) + + + + +## [authelia-15.1.27](https://github.com/truecharts/charts/compare/authelia-15.1.26...authelia-15.1.27) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + + + + +## [authelia-15.1.26](https://github.com/truecharts/charts/compare/authelia-15.1.25...authelia-15.1.26) (2023-06-07) + +### Chore + +- update helm general non-major ([#9459](https://github.com/truecharts/charts/issues/9459)) + + + + +## [authelia-15.1.25](https://github.com/truecharts/charts/compare/authelia-15.1.24...authelia-15.1.25) (2023-06-07) + +### Chore + +- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457)) + + + + +## [authelia-15.1.24](https://github.com/truecharts/charts/compare/authelia-15.1.23...authelia-15.1.24) (2023-06-07) + +### Chore + +- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423)) + + + + +## [authelia-15.1.23](https://github.com/truecharts/charts/compare/authelia-15.1.22...authelia-15.1.23) (2023-06-04) + +### Chore + diff --git a/enterprise/authelia/16.0.0/Chart.yaml b/enterprise/authelia/16.0.0/Chart.yaml new file mode 100644 index 00000000000..7ff6a795de5 --- /dev/null +++ b/enterprise/authelia/16.0.0/Chart.yaml @@ -0,0 +1,43 @@ +apiVersion: v2 +appVersion: "4.37.5" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 6.0.62 +deprecated: false +description: Authelia is a Single Sign-On Multi-Factor portal for web apps +home: https://truecharts.org/charts/enterprise/authelia +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png +keywords: + - authelia + - authentication + - login + - SSO + - Authentication + - Security + - Two-Factor + - U2F + - YubiKey + - Push Notifications + - LDAP +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: authelia +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia + - https://github.com/authelia/chartrepo + - https://github.com/authelia/authelia +type: application +version: 16.0.0 +annotations: + truecharts.org/catagories: | + - security + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/authelia/16.0.0/LICENSE b/enterprise/authelia/16.0.0/LICENSE new file mode 100644 index 00000000000..80e4ab93f92 --- /dev/null +++ b/enterprise/authelia/16.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/authelia/16.0.0/README.md b/enterprise/authelia/16.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/authelia/16.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/authelia/16.0.0/app-changelog.md b/enterprise/authelia/16.0.0/app-changelog.md new file mode 100644 index 00000000000..0a0d441cab7 --- /dev/null +++ b/enterprise/authelia/16.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [authelia-16.0.0](https://github.com/truecharts/charts/compare/authelia-15.1.31...authelia-16.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/authelia/16.0.0/app-readme.md b/enterprise/authelia/16.0.0/app-readme.md new file mode 100644 index 00000000000..9417c0c13d5 --- /dev/null +++ b/enterprise/authelia/16.0.0/app-readme.md @@ -0,0 +1,8 @@ +Authelia is a Single Sign-On Multi-Factor portal for web apps + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/authelia](https://truecharts.org/charts/enterprise/authelia) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/authelia/16.0.0/charts/common-13.2.0.tgz b/enterprise/authelia/16.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/authelia/16.0.0/charts/redis-6.0.62.tgz b/enterprise/authelia/16.0.0/charts/redis-6.0.62.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7cf04c3e372563dd314b9097c47790f0ba02f611 GIT binary patch literal 136825 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5x5D7ruEufQi~&&E>`P3kRuC*NI)e(b^hYC+wE?r+iE+`Uu>t@a+-eu_H!VUeddJ1_%HU8+sbzC z5Awhu2q~mE49Kts0FCF!Wz0aVFrFOUoE*PBYmj*qg)tq1I{RGD7jq$nlQ71J48iX; z003wJ4^lXS1j(N+bf+j^a}q-j4Z-^wjPM5(6C4IZuxQp`6zQKm%eEY+=Aj4$9tvF6 zOsxR|I736=hO=21)BuQ46cS9s_;CoPltyHDbmZev4CBX!Y%tw+4SNaa%dvfmJG3CD>y7$k~#tQjwx7v1A{x^Gj`M;BACsGwp z5TQdrrm)%R4sCA)(YQZqxBIQZpx+&J$Gv9PbGn`Os5Q2s)3bYSx7lskUAHrG-R_`e zLuZWK)~M;V-Ck{i0u)1vydkJJ?PjZCcN@*#tbfyoB8|matfBx!bKk!Tee6CC z!TI~M-c5vD0S*8+OjIEtpQJhQpkQJC1mODY^!(=T z`t0iM`N{F^`Q^pkyUWwFArQ(-s_60Cx0fI9&fZ=aA7&3UQ@!{-n1qop~DERV)amwe<0Qm%gFJH#cC;VsN<ars5!{2g!xJQpeS-cTRtj(TAaX3OGOP=E-@5*!6^8!V$b4jE&@T@4Uw90D1@#vSzdHD@*PwoN zdGV$W{`KFC1x?mQ?lc7TF~mOd01erQ2FRsgPH->*N|p^lh77v*Ly$CNg8hW4T#nf@ z#^%W7M9Y5QRt_BNXa3{c%j47Yi#On!AqX%5Ogmx&#{>9hzP!nfUoyA~q08&ryNmblemuK=wmJHQdA1*- zEf3MRI~%z?x`TmNGU&pkedpo$b^XOl561!5bYIx@!=yFV)*Ydc&dF0L9Ds8t2 zTkK_tDfT;1dT>1m=@bW(IymGuQB5e+!psU|tvl2Xz-53yIA+XF5D58>3ZEY_`fZM5 z}*y8H8dIS9`v99HZ+9LGlGj!rZJiA4+$cI$ecnNLubf1OufL=j59fG>vq~Lw1 z*J=@p2__T;uJppNaapbw3#&lu(fnO#nChZ-zG?AZu(}-4ccI5@d%M@^i1(PHnWj%e z7`Y|$J|P^3zr2(QDmQhCAe9v=#z{}1b@41UosS{;V-XH zV~h`dHt1o5f(+LQJFYf^0Ujel-@yP*gzc9p^0ghA`)8v^`2VSrWk(m6w`VsN{Y1Ce z#;W~4yPNg@w{5$-_y6zW`TV&7aNzoL4}m&$t%YNW%|FY>BTFo}K}Zp)gBPIj<;#Aa ze_u~_{>#DN>Q3Ow`QK?}=YOZQ-~ZpqQ~Uh6Z2pJPL$L*YzYZ+0pZVYCBj&#~Mg9y= zf-pwU(8j9y-|gk%KReC#e*W*`IRICXQWOUS&=3d~01s0XfYBWLp4bs^@8JXyt9Afx zrr0x_4lUE={KBRboxCLUohk;i+00Elttv2v7iqRN*JLPx2*tq10kUe=>CN2@4P#V004H2Nfe$A)z{4@ASrbf;_u>D`YZB5~(Hup0(Ec$CM0Zejdo{NK;V z7jMqqUcRwr-WGsnp5^nu+io^{x%j`m{=b{&0Gv!=FhPDesnu$=g9GrZ@IkdL+p_=l zvQo&d8_psaBjMC)v@F|lnk~z+3`mFIWz%jp8;;X(>_gTNYnjc)S_2%)DfoA>AZy{swXeSwG$^g$2?jTx`;^4EiQ ztJ|&E8BE9=kt0^)@UWI9is)K;!Z21DnG7`6n5wEOFFNV{LcAx{tq&LGn} zQz+QI^?T=t-n9nn_O3N3?wwN=Qc>^v>E1bmC-%;kz3Z*ryIx7}s&YY5?|PZu^{e!5 zx!h`1oheDr9NDv6*Q$!ZqOP?wUF(`%>uk7Its39H8ehA!E*0#~;bEmVdX_VIQX@r_ ze!}ACWEMZiT>R|zGf}!{Ih|sr*=Q}n0l||gZP=D=wK|y&rB;;Ix^uo~IfYA#^MobE z$t)>OYDsaPkLF_OX?E9LdYavmrN?=~(qm_q9>?Ay6_!f5X16NZ2?6Y40@zPjo$So& zWGAbW-Dqv9kXK-XW?@gBuoBssmB{WJJ!$6j%~u>MW%~(Ao1IbGY{w)(^Vzt(CyB7`66bWwmblGzwn0W^vu%?G z&!@O{3;HqGT=N>F6|ccyH@#?!k!-K)JaF2*v~jt7x~%PbaY|e-gLO4RIv*hzyHmWt zgo+#w|0ZD|Bx8E|4EjrHzM7a#Nz8SHztb)j{)5dGzd>5>8<=XJ^Tg$E`A}E(jp^Py zB}2Wr);CBieFIbHbDqmn)3cnSUQ}Hu%GdAoDmUnuoyj>vs*I7{uc}$8F|zyZ;xXD> zMH{5ml7Xq9InQZn+r4!S6T4Szm<*n-n`I=BshXAU@+{#%;VZPe>q;QITOxrr*UknR zwl#ILyd!u!<6G2&jnpf1jGAc$W8f_9$f_~wDhGjGc>_ofQqw6Oq>YrPR2MVKhp9s4 zJ=-MmF$K``_)(1jkQwxS6eqz6tbeURZ_R~()mTHPuq*rdH2oaA8vFtpS2lR^6QQ3b zZr{}Gp3|k+8uZpQQdo^b4(o63hwG=^aQ*%kd%t9o^^1D3xjNNPt5bcgPT7O!^Cfnz zju^-Gnj815M)3w%|H;}&Gee1vNr^IN!jdkwMHee?7wIlK#TrRv)uv#O(;7*?ZFcRs zw8pO3oo@9jD-((W{Xy}X-QPSoqo0n==(n~=fu*9V-(PbvWHpL=zq!WJPirjwrrG=F z+I8$&c2O_Z)moOBxy|&(b>A`jwW*hEn}gq3b0udrDsF9eig%X!oBNx3X?3t~o78+R zms?3UDyvup-AJ3ry}>rRu`l)qDi)(LbZHoa8*u=d0G`EnooLBcud?l-rfzRgQ3)5K zp}D4GlGUg#8syTu?p7_Uu|_9)y>;RDdc}V7=bG=E>f!rh-$Jp96ZspM2;aW6*wsYd z+!W1D<&4b(xU!tlH96y%Bi+BjA^+xwWYcpLyWed3_Gy{hMBfu>dqny^dY{{h-*LCr zjUrjPJDrZY=yjHMG)A*eLJeJ=Wk-pR3@3>o= zNBi{B(LOyh+9w}>zItX3iqPBqY*#NG8QwF4cGiy!?}&qmtzL6&(b!xgD7V#Hdk3!9 zEY3nwIY>WGx^6l`r)Ng!e6>nc2E-BzY&iGtIA zzKjYTt1F1mS~mu~+p3y2rembuGCR1g(zJ|N?WM$83qv&HcZ+*s_N>jT>FS(aGZ3qw zx}0Mx=T*~#)il?|ERIj>VmseOlXdf9@2f{c1bcU#wY%vo>E_z(mag8)ceDM(Znk7M z*OotyZHDb~RwkJZ&d`3}_sRbDE)gD+s)9 z@&{IfvVFsJN{e;7TeO5)LfmPBSW$78jhsq z>bw~l=u2e&O09BDI=7b6dFS0*IT@FAuRxD%n%!GljciNDQgd}+NVK=Fi124JZ9K>jhVidTD0B_Dy&QIqP1aRQS2oiq5 zWsIVbU>e4c)#t!!CqB_L(n5XRmtH@4UMZHAvmbzh#5*CIO`k~-q$%krvFT?do?9(qm z)n0oV^ z1a>;>O<BozXq{E@C-a z?Imb!tQp$Uhn|I(MeD#AxgUhM7JQ2X8uClYxhxj93W;G^ox?9ZEGmOvS^ry0`oFQp zX6H3FJEO6!7?$P|w4S!WEYh|n0p8P`4J7*=Df zWDMKO$Ivl|mHlLN%~oCe2|>zx=6NQj3^#lAc3lcLn{U>A?Q4<#G!Nf+J`()*ESG<+ zzW=Xjx9!aRUrx8x+28-Qi|0Vf96lt~ zWfCQv$KcoB=GeV&u=zm2WR5*V_|=7}!6+ro3PGbKQ5;;QyiPH3!`Mqod*X#PnH-U_In60uPUT1kiXK#uS8O-WfvScx=@a@xy>%rism@ zp$vZY!hkbzDWQqL>5xq`?)}H3Ic1ecka4$YKVh;*@BkmdV>oBn{#UK`!?Ev!Ydo1! z03D&=}5rIt2B)d=sPJ<~T;)5HMB8K$(aW z=htCKzsRy_%x4e>`a^;jqoz8pUN^pb$>!z|)R`f872_F-S=-)v~V6>!WzG%!LVu4$!A4B!~!)mkzk#pQK-o*`?6!J? z6=hdV&$CYvim8~SB_9huyu~E-df`%Yo-gH#92aE9+#F#KQdl4&m}EPJ6oMNX#&EJk zOt1oS_>Lnk*16}ERkn6003s9U>E|KTgynJQl&QC!&7M@{(V%9>Syx%Y(XdYTQ$1me@&Dou9e^o!^U0`Kk8Bf0aJl8V_Gan! z9_jzlKD}8O9PvGXEn0%B{6F1RGh_dC>~4E+|Lx*|5&po|NhV+x%^Hj%{gWRIptY0? z`e`1B!!14@#mqz)r+3Gu;S3Eyg>VlVBXl%_grYdjeKqW|h7<_6fE32W5}??!!L&sb zP!4r|)a$lwyVvQ|?$IMNx5%*807+xDhQhSLU(_1X&0M>mkC5)_-~Q*dV>w;RZrFdT z>Al;S14A>2{UP69{(E{Wt_FDY%+MqN0Q1;S(9cv5#U%zp_)7F@3x$hxe(y-g70v%` zJAs$ae>UlJ^S{;F@Bi%NIRK3Yc*DIrK#Y4$_WeSZkX&?l%?8$;h8LHGVtC~QQJ+$kF4 z00F2}!xJA8asg*Z=#LNB_rZwk;vSdd(D%XBhZDlQ8`+;*=pB_jh5_qv~b05Mf*(Qs}CpO2LA_%qU^6BaBTYx&KCS|a;pk1 zT)L#-)rXTKR`}R;5h36mQ=l2!@}K;dQ0p7~w8F<2Q*;@)ImG0k;28?%e323ZBYz7J zK3<>z5$!O*0j3!Gr^ttoH^>bGk1!z8^#E&tr5ujS-oKzL$I< zbKV)_i^IRf2zvP2K&UBvxD>{89&Ln9rv#g3DK=eu34NG7)@Xq98Jr*`wlVvmr=$3k zI-QjKV6)1NEgYI^*~2u1Gn}qZArng!PKLm-2A2JIGKI}fcQ_vRz43V5a+}>Q9CzCg z_F%W$X}R{OH*UHeXY6%dyKDDbtLe zl+!K&ph|F=jXqH=Boi54E-H1I8c6;YyrX?Zi906osu=GO^ezMc@j49YPuNEy0@84n zLEjG_u425vKANC2;zAKgnMfx#(dB2)d`pn)hO_7@4#(I>>1~PYdBC_-iVptCg%KQK zA5)CFV3!Cfz#uYyUPz}*VpH#XS$w=Cb+zK`%mz| znl{e!%>x1;0oRw8w+eAg*kXOtJ%JH1NyK^K>izj?@u*iCcfbK8Bg$dEe|LQI%aed| z2t!b}?PjyC*!C*)${AK_4kgf|&=V6#jNmxSi1Nh=4-ivR^D62)U5LxR+hGi_Pzw@D43hCYgw zhRq8RcZ$5ZkKzm7fRN)c4!KxX%Bp-H3$c`a%_T@U52z&QvFoy5x8Xf9)HZfXAc1DlBZVO~!=(OjQdVF)d^QMo%FZ<`LoVZ zA{BItb-;?km=gJ?RPw=>FIlH`#EmKjrE}Q`7JofLj|059{d}*6nP@AlsIuU!=C4( z2Np>?0mrIK!6qQ(N|=h0 zDFWrIT#a}HU0#m;k^8#f-8}Ijp53Z+QitH>4TThq=l%_%{EXCLt*BrgI~V#WH|7G% z!cRF$@nXhcCUuRM#qGYidY_bjbM;=qzPP+SyRqmeS_?udbfhVQ9y8#7muA~XZ8qUO0 zOT&M{nXgw|xx%Xw614;Hz6>E=;PdAOz+=4t$1PElARQu;K&GR;`uk^w6SW2-%>z(&+5?-V7}P!bE4rx zz^D;J8pdD-13X5A$}}D#{g8V34hC={CQnwkAQVn;FiD6grHwAYIo?oHd_=V)p*Hd7 zh|Ys^7EJ=(k%=*G7)pMNPLq>UEIU?{@l4 zchDM)x(@8Sw$mJYE#!9GeshE%8jO}YhE)VnRa8}ZjVn(RrM=sz3!B|$zujp$qh{Og zcRSD?wH(iJ`~6l2^$~LV-DYnvaQjZzcG{@zb_TA~wjDS^j@wy^D}~tS>q}K+bp?&B zW3}4}wobD>Zn>V*bw(|_)pbX`p3`l*y|LZ*+RcH}ZZ(nDL_NFRMP9E1TW;GPdtR^O zIV0EcTFYJTI%2CTx~xV+RM7~xEyqB(+w0iEV9zmII&?ZFo6jRq~`GetwxYz1;M{c(_9=kmk+KdgluswD=O{duz zIOFE1)kDiU;C?M-DvKMu+UzDn-)gqts0SI5T-0y7cC+n`djroNx4P|Szv((o ztJ59~nuGqh(;lHF^iaFovHQ?*x^8>96nL1R$`XK;O?I|yV>b1=?U6GY^#-Gk*J>dT zjk=wYJ@Pv3PIF|#LATi)_q%p;+-bpH4|QS3={CELJ4UQu-ck&skWjYNocI_8m2ve( zjR%NnL)A|3He?obx-GZYZ*{%iXw+_XVY}HMcf3w#G#Wu0je4z->x~8@w`n)+b`Lc> z&DLl%>a+%o=BT?A?-`6S^hTSZEh`sd-5xaIpxYUA9LH-l`~49djJlmxcRX@>p5u<} zR&P9N^?TiM+irT}G3g4{h2EXI`}s<31dZq22F#_MkT!wEN?3 zb7Z$$Ew5*f+f8Qxn@!|4*%F5s&-4bZfz$5}T5V_Kjk>M=ayp9}GB%{Ms9cD3$7TW+ zb~`ONushIewmQ8oYTA9zMxAEcK?B$ALxj9;Ycv`(Td3>7ey7_Sd2Y*f&~i~G_e41&8QAS2|54>hJgEuuun5Xu#YA=0ME0>I@o(N60XG?BF$ zqE=P7=5}{l!aC!A%R{a=?mBIEG;a4%v)vpFn$D;@w$T{csNd|2+wI=C<8~aIi41pO zkGoyF+3a=u{mK|r-3sT>KH?a?nZwvym+B8VMiW-CobCziiX_)CD?l>|z2K>7?WSW7 zoVKF(VBG1VPPc2LzBlfBZLihuG#%viTCnZ9&A}Kp+oN%(*SGE7XgosQRtwp-({H0D z8jVM86&$LPx~8H6IAM`Y@4_txnII?0+A~ElvT6t5I0=7CipnHP(DOuAAn17_=ZlAV zOf8Hb!998e1kbP!W0lI~Z!?I4zbQCY>7XhrCgsOA;?a0sCb`{B%w81PTS?`2@LpQ> zBCm`%87QlQm)zvRf!sZM1-OIc6+qOrEbGvcaL&2?FA{z7Y)y0u1K=nyufUA8LIioC za2O?@c`X>Lx5ueQ^P0PgL4|b z#ld~P7jnqCeJQf7!r)QwyKrCT0~Bh7VuPRXC*-};UQUuDFOTM!B5;CY+K>h)aK)xF zPs0)C$Rc*(Wpo}dA`D;+^DQPkOH$%p7-&LO6DH5d6-6lU1bp^eg^=pDh?4QAv4DYNlF8f!CO;18L*zc7wGL@u?^TSi3a*L61rr3upqVkn!pAj(k33(SlqXge4H*U@fHFHN z4iH6zt)prxyF8>81QQ&5Dk(~R(ts|He_)eR&L9zm{q&CBASz+0W4N9UTsR`qrB4t& z@*tXp0YP*rktC=k^x3?o5qO@)-;j+wTBM4&J^vS*0gCVwZ~*Fj zpp+0h$S4WZkkCXyFvTGMl1x&8`p+TZaq}E0kxx;j?^dcq1PM{y*B(!ydNj}{IE#E_ z`JoGaT_T561nD$EiUCMAqS+@i8bD!o1?kiR)lf=Yu1BeNVl$1eKOVqi9^-Bt!2$pC znprIEhMj{XLbI=8G{&FO@e9eueXb?7^b+$ZxmZ1ueLBqwteFfHK69!==HUs|APd)Y z!m`Qu+`hfZvWo?NWJ-Y8%H!KMOgswCVj~cVC@=uiqobJm4WdM@`koAiG*@6YDaP3M z)qcNE4Cw(HMza|%YfztPX(GZ3*?^7^aKqV%r@iE|UT?c4h4U&v1vsfnNd*l)4ab;X z2a1!6CW+AOe>}TA9%g3A1XA<>A3+?>X%!`3mV26p&w((&ayyDa;tL&@UqWW_6&1nQ zX9AHzv9ZQR5kWeS(W~^Xl{`zr%rY2IB=uqF(m7kI!9y6|bA#eX#L#4f5G7m~9P#*E zkrPlU1mihtL+d3$NU@9b4we`4#(0M6z-LVP7|y{140zx#6=npaAjagrb^w0;HAdrq z8L8a_$r~`j7Qqu@-S_!=m)yZ|#H`$-16j}tM4TiJCbH;Xo8yH8{b&lChox2$C-NFL z5-(r2Bb8cmcu8=N15bYY0DbJKU`n32_RaOx$u%qX3jBO~dnNz8J<)%?y^(*tKNasd zCP0lh|JeWry;Fn-=$?jK8Dpcej|YCs$BY(RjuV$4N*gA$`z`KAl|~()P-_v;wjynZ)D~$ zmnAPW8ad4ZB^pSeLuU#GEuQ;Q@UhWilvIa_NRneVl_f}8)2v=rwMoE^pnK0XeG#q4 zW5=27QNh|q-eZCSn&=g>V!|B)zDmhth9ipMlkvc{@+Cb-b&%RP7S991lPOhal0a6a za>GE(6GOYyox*_|&dlCfNwkoj%}GQxuZJ=k7}upT8iWWKV_I2(R;0E2qgri-XpCJ_ z655zLB$5eCJkUYlYItX1fN2=N0#WG6ziSCH^>it<7<&fG5S64!og4-Fm6jYR@S+e0 zS~+gWeRnex6W>W+Kz|52ns&sEVWiHpnIAH$=rjxz0_pyTGeoCoPOj(4ahL)^Nl9ax za;%%okP@6|yk!6PrFG3`Me3WFC&>YtR1HQg5eA}E2r(TO81k7X90_mUpX;?aT%hzQ!L4*f;dP`{WVOTQHDSV^C`iq<37ZtJD91yQZeHSDCAn8D#cy% zqEO~o>IW3#F=je6WA0cl+6hjHp&}v2C{YiMZ2$b~F3|?J6&4KgV_86}_8Sv^1<*L0 z2WFd77<-K|#JX4WQ#0p&oXK@_HIkgLF_Te|98t`c-Be}*>L?vT; zsR~KnI^dwVmdn=VxuHi~IuCY{A)kc~1%jOH!R635d+%j*$@03d*% z1;4TadR`+8h{cK$?VV8DVaNmXz*Dp69zB+Cqlm0UdXAR2tc|-5R~NE*3!KvmO*7Eh z#*GL)Hoqd%HZgaxSYvF-wF=A&X}EZ=fQ-d@r8XH~0lhuPB$F9Z#M)4sw``t&)CFOj zge4*mcqodI%LDd+k)cgAY4|g474WiMNl~(x`r;e=tuOURtnUISMVV$)`^H}*KO7w~ zCE|z&``-7-Q9KVUB78HtT%vx9oti1P)|osJ@vlliGg_tfOE{;~d-P~%q6grZ%>qU} z7smX^t4i3#bie?KkiU2yF!Op&P|S5vSzG^39Ts7&+=W5*t?QzQ-gyB@t17}NVW8w8 zLhrDtE|bu`@7#%KE#ozpsCO`)q-t}I?_J@ya85^T65p}$xQpWO)8n1bj~}Ec!l-K4 zr(=^96{S?CG6rhGUn?RFR&ke{5vid*iIIl_ilI-IkG9Oab^ zJsRQ&jIl3Id;oE7bBrg+c#70nB*kq@q0S>wB>@RQ%ECR6x2N(_waRe4@FB=UW^b3n zPCJF<*#i6@u6t9LR}gTfX_gOW;!kHpr3H`FC9GR+ibZ(_uTgsDvuyd(tgP8lfz zad3di7U7TQoSzUyrQ;E-FN>;EL@AKM+!m>b7}hut#N{dvprI^z?0KM`1pe0fKCe&2 zX0PCU^^L(|pFdn($d$AxzP=&scctrVABdr91fG)X(&Op-HxHP)Q)8t=pLj|nPacpb zcjs4&ww~lgU%SGLE70Xs`ntR}XT&c{t&aC!nC3MU=qIGW6G(t%#3+V?G zsT-Dr@9<|0y!wV3UnRy;1*pC4P!nMyrfh7-#xC zi&i}0DC!O46MbSwxC20g2V^vu-P7=JETVe!IZT=oSNyi)c!5&XSAfK>i|83wwDde` zG?)sge+FTIjQ(a2Fuv5~`N1P=L0F5XR4}az=`{x&eKSWG)0*@aqKPt<2h(Jf7vFBe z3lzLkS$zcvH4ju22a~oDoa%#NI40C!Dsfcs9V^9QOT11olafbjZB6h0nzJW~rb>*5 z?6kJBZoXV9Z8Mjc*nP*uLH1Patz|Z^vp2c5nO1auS z8qQE7ijmT=!WfMC#z#O^Fr2E` z3q4Uqy+k=jVlbbLP|PF|cX$S_Bm=pXzV(?PR z%tPI@*>J2Pu*6lO`kPuZQOsm)VY7UflvB^a5d6#Y!2~u58=#F#(PnX9r zN*A*pe|g>?dfb&GbVIRPb63puWsb?Djt&U^PqHS_hY&;y_iuz}icQTW>=f$L-U zei|~MYf~YqTa6G&`EQdJB=qC;slaL#_Md$?33&v(BYz6D@pw+BY=*irCr>>H>qYcp zHNH(sy-jcQiu4m)58|=u$+3bM@leDXFL)dITtENX8P>n;rzrowiXtXQVl&h{(|>fA zSh5z4DqRq;;{K0zv)M}L|8KTf@qPaP9Xy{uAN^2M>6k>o3HM`WJOW`*JD1)dm6`rX zr7ICLPllFg-jR7`LNc-5#ZNrLNPNAW%4QI>q{A@n?L#i9P{%}Iaf@| zi=g~-eh57RI0+^4NwMK;Jv_^4YUw(4V1eIxb~Bz!DxnD@WdhmEt@J{n!P=W3nh;BW z$PzSF{f^aRMui4s$@Hg|aXUh43nGV!NpVGoDJ1gdO0``(d@U9dqmoE1^@1$i3phis z_+K)8*6?*U4P^>%Mi5;%Gm6D!l*ycwDaG_PH;yvU%9C2Bg+?Q=1e!R-UumI zY}FA`KGnhzk{_##kZQMNgwl}e=5gkFy7#h!vWurki^p=f2PWssrmV!?O#QXPT|Ttuo)N@quG%!jsbD?iF}3 z4G9OECY2@5W|i^cOB{IUlc;Qovv~HQj-IZAmmYShAa^~XN}b_R*PS`6$h0p&UF2#L zsA=dD;d%!3G}vNtb5FjN04QjA9u&5npA}_)e{GfMPxWk~|I3xQs`|f5|8KTi-K_rK z?m2t?e;1F?|Fc>{cDr5%x!{1Hm?Cdo4c^o?*$hu_dnSqJ)9L05a&YrqP9xR&x}sbP zE147Wh~F!aPWrx^MpLQRchO`f_kTT;*RP)BA67|ljMg)Stt3|tYpCEJ9pi!epJu)_G?S$=YJ}#|0*J2lf{4a`tNjmx%J;^?(hHH$@7fszv7zZtG^7gW6MSZ z9F1^r#7|{3K*Qz#5Feok;9!gcOdnS(3+8fCw65#@lENiee9f+wsr15=8v)8lt@_!f4H@p9%IBm_{pYn)^&&E8)A@8Z$=zdSHE#uKjf$%Bhp@fU}ys)_DJ z6j+*DigbPtQaCL2Td?Y~d21dCrE4BpWI6=DH?&A&A~e8($MnB;Rxhdq+Y2880iFG| z7X0r==vANpGN-`F`W}E4^S@>1?f>@P{@=}`=f51@E!qBTo=J$y&Hs$4ZQePgZT*tK z9@d6(0$j18Vltb40ajC9l4j25rk>B*0$u7&Fs!eqITk8<4%YS*Ku2`RC2uyUWw}Z_jGNy8yuH#m(I>XJ=P;7sv0;ZqBYhoLvt=Jq+sX+vP3$dpxc$ z8@%L{uNsdR>J+cc;KySaUK$|*ul~BIC$PBKlC)&{?8*7*b;(zT%Wf79OLYC3EVaui|)pl0PxfK_1VYcw{P_zsuy>c?{9y+e1CCzck}+o zi?iDs>D4f<@vjViQ=-<)WEvuKcUrUK09O@pv`Xba^q& zY!h$Sa@s0ilR98rjl|!T?z4Z^(f?%PoM+JgdYxSScYAOD?dEw#{ZBH?TKb=PAJm^$ z|1)-uo?DOG=K7mkM+-nIrcl|imKM^vv^eAsR~L83?{9zREA7if$@%Y;PWaTe4ng6f zT3v<3(W31yQ#%T^OSN8`?G&oFxn^F=+f$5Jl^__)d1<3cYu>!k3 zs-fCPtgmV-_^$Hv{*B6OXlwUD_`pU|WlH237w3fEJcWsxhaL~Rsxcf?T3nTm`q*{D zc_7l#^4KgNL7u8(4E=eG+Csg9mhFHeT9(a}39Ki}S7-CbQ@{^Or_Z_jUT&o0El zo4gOAa_jOcI@J=l+iso=Ri=*DU{B9(Ztu>oo($JaK(B!_j=bsIsXfIfHjyN(*A1Ng zLqy9R zW{d!U1Cf(cWVd!vb*n%!k_2qTcaI=JSCCG5(8scnY6FU@!!tkREDMpxS;r#QMD8$g zq3t4)nfXZ#eTrb(y(RqFG{#tPEXj0DdhDk6)~*6S?A7 z!4^Y>XhjK7hAe83>bD_j^2zu=mz~uVYf377TnRWP>V$r6+?vAkcVF>_ndH+0w@Toy z;59K&+h;Wacgvi{0ck?;Rn(+Ih7;ughw&00SD{DV%+kk4m9w<4GL|tYvwb+Hs0NG^ z;rdlM+vOWJ=T81`ZE>BliDep%nK>zFQBYHpF~wUFNMjqhSh`LAVf<-MSck~#|bE&%m2N_Sa30b0fUq#IKPtRDdf> z8ki)Xxny{UIbxd!Wve?Q!KvykF%<^mv9h`Y+pSw=f~L+47;iE`^vPMLp8 z36}s~mu?Dt0f-e;JNf~f1!NxUytmp2k=_C#u2H}Nzc&-Hr4f&1!c;T2L_X04k9{?= zU6e)vtjcy?+`_u~&Wk&r7fb0x8b+oGqqlNzWqHbH^qXN(6z+&AEx;J+$|*WZPOH8s zVz6bII@ZY6VdX1T%+bLWq{7BO7o`kOOtrdUbXOwb(GTFK^MAZM8&gDs_b8|rrAA+Ga0>&GzRlq^2WgW*mggCsX_ge6 z>G?LvxcMwGd?L?6LJj}BBjO5uVqFoGT~mrZkE?ZzB#H^Iqh=VWF4Z(r;MY<%bWI*K zRWAXxgtTRj$u;c%>i!?ix7&{YZME~~KYOix{Qpj#XFUH|DCky3|LR(Q&NHB5D=44O zV^xqW^!@PRD#i=!qX{}=QbgYOCU=@v1kN76KRv&_`*?kRd$uH)_U7#N{rRc+^Ue7# z50~DYT^(N^-(Fr1LH)n$H2}`9ZjXO_dvU_zF=vwxhteSdm(dU1C9@$&kY zo4fO?5AEV4Ad7Z34aiz&Esd?6Kipx<6$I;+1|AoaVntfn{rSmnr56s^q=h3dF$pyKXcNEuvX5_G6<S(ik6+==NITNAVt5RN2xvflQ70~Ivawslhd1H{!&~>-|TexuQ(JJ zs;etyj>WMj0JxtpzD8pKO81RnQZOV1r~x3!<j|Fn~5mGBLsiRFr+PsOf@kPh?uB~~=!@tZ>O3wi`r@m+w% z87Is9odB_)i3rEN&W?^5vDK35-1X9eU>OkYQ zQE`e#C=U30Zq9_`ab`m=j5Q2Z*syUXemH`@MQ9iu`)OZf3ifNB#4&HCY`BOSTu{1j ziO(gAR(2>7iujt`FK2T?-=TPdz{`RGNn)-&?9#)sKwlq^EQNyweP7g0d)NH1O5d}|maP-|iM3t#6&m7?LuP%%cym!W6E?uMG&T6e}DM3Ii7rBgGN1 z^jm|hO&JI@3PVb045i}_2bg*z^6dp3iFpy^k@b=rVATd>iK9;pMGEkr-7KtZ|6PTlznS^B z(*M`%*;)Iq+1lrS+R0PJ{)_m~fA8jBwv2w4DJLdEwse%d{R(DfqLk)PDp6RsWOF9K zUjuuq=BC8H#M%^tP;6`_TX+q=g_q@n41IXak)ifWJ2&H+EVf`XCPG3D{#Be~G?nOd zivUEEQ8*7=)f)RQ&TEJYK^1Ss<_%j&kquw%)<0#KD(#vAZo)hF5C)rtD z*+Hw~x~lrHl~vWSv`VF@K7}Eh{s4XKaS^Bqxr}((ReJ=fJ3UI)ZqfVw%DrE?zpa(q zu)5cqA2$(lmmyp_S$+rU1)4oHvk?M-IZ=|Q;+#+isfy=D3S#-Qg&DNPmZH$xQA2-QJ73cb2|CHAAt5h2qs=C2Qn=1O{icP4ApW6B&85p&u&O;CWUdH&9P zUsWI}MqMJ9DvoUR@vS1nw%#cEL{S_-|2&{59zz#hgQ z)}33dS!*>rsrw*Sgr-z$-Rj9*w(Yy`>#^U`9hXb2{qGSvKMIcK4Ug6xg6y>a&K z8E5kmK~&x@3q3DJgrJIckzPb}y)7=3fS;a>>AJY^I)A7Id&|#S>;H|9-3>B;u2}zD zO* zrBEfcQb+gA53fb)P4m@@d>2&um8|mOVd91h6hB(`ePZG8D5uSEYW-m~8soYY*`%zY4wMISu(GMccanr`^o?f7-UaKmWUvXRZA22_Nta zETQIv^5pMxf`iG%x!l%@8Pd=EK5W6bFpA7(R3BED>d9?K(?Foc$+HK?lsU1|2;!i z&M1S1`pkfy)jz%z*XvSdmK8OZGLIP`rKi`{Dr z=>4{Y&r{&dRH=se=9OkRxJHqWU6{_XY`izBJF*h|R9q=}Z&Yf@N{GhTHR#K%_ z>4jZ+hh|~?xXs?oIK)jlQ~{UIf2RAEzO|>4{*MEmH28V)|2VCdllA}FonB|J|L@{i z`~IhM!3)oJ-IL_C`m^Zj68M_>x~#Pwo!tcXM7>>ts-nBgqU-7JDRLDg&s7P|-XO|{ z+f2VG?+Z{a`B%aicr-8me<90AKfD^0C0f^o9+o}MEyqQ%{s6q<`ESm;& z6~qW6Z7@-)_Ft%t6(HP(7RJO8$M$*EJjL4wzdMy~`(xjGCBjvo;H!)}+g&mOjq4B2^ z-HY2WO z_$gZ>DJ$>YW7gcKS2@_GAkHb22IutHjYLweAwf zqN%5?bS|c~#=V0vN13m1b(*G_zI>wS23pqB%)O>Z^0tD8xKcH_xJX@jWARIGN-E1c zT^sl4v7s(&ZA97IS~EfMb){n{mQBY(#NnKx*g^q~ALXub$}N<9FoReg(1;*+9;5nt z%^0&)He=4;Kg?BgtMo5kFZ(ugEnQKS`~)ysDd90{PO8k3$gd9mpbcbwX-IOTFaQm} ze<~NEzGB#{%xk3Y#S*16mlVX>DqCH$3h(kH8XOMRoS`KoG9 z(%1fkms!K97`+UIQf=!t(?m^C(kh}{-Zz{KcmlLkuH;CcH33bk>pthT4m<{8u{Rp! zn-nJ~X7Y2n)sR0r#IJ*9wB-{q`!Na3;>GINtAnD3S5{1!&jtM}BMxa$pKt;#yDF{F zG4}l+q~S@d(l>$)NKk~=L1}uyy^7Hof2xbhxB5b&v zDw^boAVT!>RRIX*vyr;xl+z(qcZpTE-!OXOQ)&O_33osIr9%FfW-pWf#p(6zeg2o7 zJlqw&rMn-#y?Y<3-}&&B?t9q!T@U+v9`@1k-(qz9nrU6OdB?*(AId%-%03^;Q&@7J z4`rVZ1^hYkq5RpNO7>rXC>zjYN})TQp@5z;MH(|ss$v(e%Ky@Cb+hMxy6wIFx08q4 zdKY4RK{CJ~8R2bMhD#Xe>)sN)wCBrj4qjQc%5B0cfrvYPMSbzNs*2U}Sk1s)Is{uW zd<%@z`#!PU09$V0j#CH2FUqlbiuw9<4LhSs{c)|+EopW;p~nvFPBo7*tR$z@?|^9E z`JYS2SZDpe;*kN{&i~@HI(F{<|6XsO|7|A^kN^KM73FWNOJc;OueDP6zGM{Lv{6`piiA~y`%@LZ(h=SKpyZ>-^JS_Z+fAtr0>TDSb}35b zW9^DHk38BdUFStZxR10eq0jzMZ(3D}Lhr^%L7s`)GQK7dc*viO_$w%Q$Z1m4ayBfA zpV>^qFVy=5VbaCxRlo?RF!HWKkHJynRC?@~jms4I5sHbWVe;xqJg;Fs9+sh^R}te~ z;%Zj4o-q~tY9Dw8TVtD}pBc}cW1B&>UN1o|8x)>!DiZ@q5Q_Yaek&?b*9Qc7+2jiu zf?w-0PP+cD41<@zLQ6oMDM-~oNwgZvKq~BBfdqPmLks3v6LENumlS^&2W*+;8i0n` z7)OhSnf04+DLsbf(E5DaG(>VpOH0Z_@DcCN%-$#oRTr z8S9r6?2Qy{;*e!KIC+J1zfd&2@2#Uf%i_VK4;1O49l28-^WnE73(Ud)%3qO zoFO_zb8wmj=R_T9w4GWr zD(Qo%8edB%%nwO{UYIZRth!;Uxl;WwC92AF#60G!^~9o)-0O-Z^x5l+X?<}Lhw~_( zX^64pEAWDUO;Qb6qIBA6y@YccJW4H~YpI6wbbOwCWfJLoACd3IBl_ohs_Fj= z_ZjoQw0hl6F8@n&AOF9Tho9)X`f#$1Q-0B+C}G16PxD=UI9YyXPZp?hGLILnbh3_j zduypmW;uMvef;CjCVqpY4W^!*WZ?@xtd#c`0Ojr22P@RBLT=LFP8Vd$q5Da5>Z zCf#lV=5;~g^0*FG@dp0~RmGK;%_woHEDy=|Oare~2E@|qX-luxzhZ9)MFIT~`tun& z@gbh=ljZ!WlI1Y9E<0Bw#z{&@6RG=Z$TOwDsIozp2T*sR@3Vf_uRfgA3z9xaWEJHlUNQP@j*JAVgoZJk zD2-kUigMwy;Ilum`jg*7Bg3jfe#4=aIH`YiUf%7INe+0nfuRxXRUu-blKvNu;8PU9 zRr&wgcGmxE+pWF+x08qKde=W5Z$$xQeDZZQK+dU4RX|muiVmpC$|UO_v4@7>;}p@U z%rD3a08CT?@PIu8!WaZ0wRA>Z(JyXqXW){#xI{}7QNPlqDyg7?@XwXSfg=LvlwbeL zDU`eDpUF)W2QYpF^%Fsi>(EDaP#6EC&fF)|EI)Kvs(|6K2n#F+2$CRA0ZS>Q*T_eZ zAS=1xqQuX+*YWq=$YE=QKnJzjQ;m+x*|W>rFD;LB1k56KX%=49?&hyqH3*6WVhJve!qf0 z)$G4;PS+3n(a#F|uiIAZD41;b7Eq=j)XA*%eb>?MY zKi}S7T_=oC+w79z&tLJ1;ip_MT!8nw*9(8He7SHDpFI6);j;F(bFpyNtNBN}R5)vW zO&~=N@KGhF!oei5zMvmXVKX&M0Wzmi{mu2&iI^;hxo^ot%742(DgX5LrtH)EQ(a4s z^cZ44xz6_@qyRF0#~u(;mQU}OeO07lB!z*n#Q%L_Qg7qre zYq>RP*B4!WgO@NyFh&8rM&pt^1j+X#l58RjIrC<%(&=26fqh9lm1cTf`HiSt2Vzmw zB{lEI=(jnJk(W$3jh0v%F-giWo$ap+aZzqEt@QLc1Xem~FzrZL)s*n5tlysDivh+t zWP)5ag1HOt)Jw6kWtJ+v?5^0)QzAf@2tq^JnK$9_P6)XAXW=cbnZl(Zc4Yy#Rj%eU z0{I&1(l*7zW_io_wv>N0n@aL7;a0i2m2<1U>aJj&U&?#BVu2U0h>7^ca!XoF?*6mV z_scyXJej7eI=~Wdm&BdoF?fl7D_v|;94X8Xek3X31o<-^5L&<*-4gCD=N9A73ie+m z`(Io!xv>La)%l-hx0$v7+s@wp-^s%*l^Z_3+t>jXobq+|fF-vs-33m{RM`hkN>hH3 zCM(AN%76Ft{dD|dy4-g|$|Jd*G@L$gWx{+7>glty{Jvzv{bJ-?%(Z}LaDuMpzJFtMzEUe* z=-#7Pmv1_-k=x!qR_*L!17IZfa18EHl7l?Ery2dDBxJ))W*^%NI3Uu5*=-&YmM%ZT>rug|XZ)p? zXFRW2gDQH}UU_6)dXBula%Ml5)_P|bUc(jq%qAn<1|rPQCYyM`$9FJ}^$AaAle&!< zQEaMFEZ3VdiU3KT9?;scpzew4yt*tjZH;%!X!sLPTTW zP~qxToXXtFsIw2p0y!eAN(n^geyrdDCRbZN2(2di+7!d9nA_!QGCGG=9(6_5G`Mp4 z{&{tAhrqx_zXWiVs!oKFrS-a5ivw$lv`6P5FnQWJ92R-n=>NI%SJ&}>clHj={0}?Z zgO&b&DUYWA=L6i~JwUm?;8G2OwCP)87-W`hW*}tMn&#*Y`QsYh!bFK0fxv{)ShN2SAA=|uhw3{<{-dq$QXU1R!Obte|NTb2dndc8BeqG20)(|F2gz3{$^<{C^$2Cf>q& zjqeoy-!UY%@1~>BL&pEtn=6a|f2D0zCH#p4^I8_gIg@cmi+(oMuN5=DbLYD9 z)8r0iw=wcVwfR5%I0`BAA&FW=NR!9*(-arc92G*WRCp^D-Vdk3(+q7|Et9JhxCbO5*6rPM>aNG6$-}b?db^kZm z*hx)&6967d{N#Z(_5*mg z@ZJM!xA4Bl!m2-@x}d*hz$V} zH-}^pob{-icZ7i-XV4Gtg@c>`#U_X(l)#iz%jJbq<=&=IK}Lbq=OrhO29m|RIDdJ5 z1i-r_%E2|nIR^ePhZ%s$Yzro{*AdRQhS6sj5=zopw%qmKaQ`1c>P&d)C!_XZAZqsi z-2*HB`_ACtV731*<6-%~U_Q+f3|^xCqH2L?>x&VcIq=y7p{YsQ`spEh0htY#nxz{5}sWt5Hx10K4e-|yRg%fcf^4ey{j zn4i%>%P1Vbhy!4|f=fuog|z~ZgFH?`I&-P3I`4)8PxBBd0qWG$XyUI)Co8mr!?VNb zL{ZQoK}G)y7jbYi%|&-alzCTgG}Q_(*Ac?i?(Jf9I9%PtN}q*f3Kt&lwc?=IlwypZ}-sR z|8@_ySNz{H9?kz}lSZ2n15LxubimMc6iA0H>ncV~cgAVV`_&i%)OV#T){Pfp@q%ap z{!`yJTyeD&6|v^WYI8rp6&GnT#raDJ(-V~5b1i_u_X*WD=-a`I_^#~=U}S0pe!^h0 zm|%oaVJZL?ONuiwo}@v)SIbN2jh6%lYl8%b&=d(8uP2HjxP#y}L3eBlN-l7ip$X83 zVFSc4{}YRh6y*SZPU9$u^7x)YyprLNK;S1JgF~3n;8t|$g;55BJigzcj%0owjA?r} zaO}?_G|kA=_T>s7@W`A%)7-#8@{8*}#?uMJz?)*3n8-6@XsKtX7-mm)Qn%-q9IGY( zB*?@-jcarV0mDOGz@)?!N6ARbnIxr53H><6h`>)Elh6Wsj1N%;Cet{N(pXfEAd5M= z0U|Fh#@Q>JP>4Fp+A<%Ic|C8?nh!R4X^5Ppd+f;59PVI2*~uEd>Fag+?! z>N3iF+Vg)`t%JeV@qhc<=Kas^&dUF5IZqY;Cti2U1J)V$KQcbh=+07kL9DjDC_ktJ zYr+$XGo*|q)FC$K$OPO@SVIkoIoLxNGAkCbibd3i{X4OVSlzoGgjG~hdscCZxbWa< zr&+JoiknQMk+RgS%&l19Yj*Pw%0QM+5|v^<1|zBC`m~tIYW^>dZni$=!AH#zx3vdQ z9sjqpZN~rKJ{;_=_`hX5>Y|`GyJ?!CG>iP4{1*Nrbc?(|A$O|=HL1MS*^;8r<+5EI z1T4L{#|uTts2`vVB21ud&9*&DEB>qn&bm8z8@wyr&6kAxMTRCYAHylWoW`&f&1KDO z8pH2_`&lx|VBtsB1nG!Xsm9ioBY81Qc~I{Q6i2~*3v@XqDXq6`q<=?Q^e>d;etdz# z<7tj?;1fR7zxBcI7soBSF;4wzcICt4*%_*dj5}o+xo~t z_{^07s)qmDIovkye+P$$EBo)IJWQ>}O!+VvPLqK7R*@ZI1QVF~IT5W{7Hgp)Q%nYP zBi7;xnJqOth#40ukwLKep3$dJ`aH>ZjP77Yy-}t~01kG!W6ITZIE+36Z__KYy;X4( zv8NWnvxr}%D&dk=F|gG5SA{KgAO?Uz(~@56TDpYAVse$R%*E6Sg>q~2C+r#ZS)p>P z=%mYm_!K4!4Z^1|(FUOCS)cT*!b8e24n5#VF#Z)}FpbGC@4r0Yee~w(GxyhrSY11f zdpT3Q{aur-FGtJ~Nc<9x;O93~^XL8Vdw=s^gU!EuSQkGw|N3?Fui}s1m%+xt_BZk8 zn#Y>Z)tS0_l+GAc8%lBQgEv#01G1Si17boAs(dfsdKq-46)w z1I}`)NaE`N{Au$~eQKFWx&v+?@N+OhI41)jYvI0utuYAZh@51QutAi}Y|kQi&Nxft zV`k!eb6?yEFc;UBLq~s?%uu%Wl--U07JS))GjERlzxnx(@&`Kqw+DOMrv7IzSjB%? z%F|?8qg>o<)rMqXHOA1V4!r#~m4YeG(WGUiAws#*lC=ZWbWI>y>>tzySE%IKoM(l! zU|9oG`P-y1(ZR~bSfRxm6NIU3j1{VG?0Zkp)$^cFgZ)2AM_V76jQ@s3M(x)Acd$D! z8l+S`AIHvxT1e^^_N zh-HQIkcV{6dAt_dGIGrYO*F^j~{e~K?kjQ&|+`RC#o^f1^rK8}J-f0~cw>LzU# zAt`zMV)BwNY9He}l<^%vN8<@D)dzVRtbdwpeB!5D9}BHyt4*Lz|Fg4a#s4|jU&Vh| z$|LT7*bsw13}eRmtiI)x(e&7LQELse?#eV>MGFlxbZHerX*RCfiz`JMn1Z|e*x0^X zSKF&L+F@Y=uBhKVHb!s!6l{Xi&nYubPEfK5Cux2Uej(Lfc;%Nk;(|bUsZadWv)ZlF z`#TX}&GHZ#KD9rOP~vCz8#EHZ2<71YPqPmmYxjI;w^*yZ|K2O)X+Mqje-`Iu>!Y8I z=D7l>+y8e5mi_1cU?u-8<)_+_y~fc|ZJYL_4cBLf@9R)7GY6|7&$fbnvv=|H*ehX&e5dp8p@1_rE*a`z!nZ zr99gH&&RjJBY;DE5~qOdOUDO+D|D2?C5u7P_EpDs_cmLxmAim!+74_rsFa^0tDXB1 zJgxSBn9Lp^|I^{Yo^}7TyT9`PU&^EH|1t*cqT4=9W=~?vr~P;!zJCL((V)vlq+x9f z?k2o;T||W21ri;1=HFUJq>dSOi6C z1pK>?m9O9{7)BY+dkhsvc8-e3-BQ^Hli3Sy)C)2=Bx`K!&mf>)@k449tm^&n2M?_O z6GaK|Hh{-lR^Mp&VU*>^aXR*UJ+sq}Fr(5En$Mt94$aWO4@< zE#JKeawZTPhK=KMcU5QWR(#-AV@8ff5$1zX{k_>Hjn2=zI7{p<;rj@wA)4)uXp1XoFo-#<$df-oB zOr2bKPYk!3nqlBQ9inOC2&%4@vAD_5xD54 zAJLJV^~HDg%gL~mw+?hrSS&%dCE{sa(Lv!pG*~ok`!}lD9E_Eln8Ul?39X%8o}A9 zGa1HOk+_&j*l7%^#PTLWxgnDG8_468(s%<&+?J^7Wbjf6ymR@RkBv(Pw}#2hnwJh< zEBSkV>3cERyPf3SNba6P>TV`;x21j!wfVWGhxgS=6bT_c6K6%_BU_Gfz&QKI+jC3i zh25*V=u6fT$LqObJnF(v9R!MGaqP{5A*Cu;o0PXB?aW&Ogou!^l-HPdDL!rp0)J%d-YH?do zi0ukqZVS9+Si!ZG|6WJ9wFg+8{ny^%fhqs(3|8{rQXWhGd)=As7oROpMgC)bc^G2= zn7B*<=um9hSM8*@$@I5UvC&1$xqQbC!&tS`;))$am_>OqGIo9k>jX9m{1^~)unZL> zfwYaaxZ5}E0!VTCu~%h9_au$iTJ8TLQFXWRKMwbIE&Jcyot6LZQXXyp|BZ}qcUE9x zx;%*!py*7eM*xwDXDA9m62*YVJAs*!e4tQhD5eQ=W0W}QIwxlqd!@9QCdLZ)IE%u_ zKk-xS%2Odpa-LET%l_Lx&R(7!e>^$9xKhCwS%&4_VHTHIE6qM{TGfHRAXo@tdirVV z#~Ng68}%-UKB;eeHGYo{ZJ`UN7rN4Lnna(bkQ=F0*+n@JaScnr2Sm6E#j!`^`AIs> z$>BK7qd3a%J>ZQpKOIK__JB8wLWo?-}0S@4!%t+W^NK=XU~HhY@v0u#lZ|iYa(;xrUA@ZCG^Lr?eN4_Fmgs2= z)f|?rxmPv?Z9w+iVL5z`)07~=-|<;_>jCfjf5;BtkqM>l0L?1XVdnMe?>RwyygI#h zgW38ST%W%@KLY2&A0A;`Mj5VO5sE#k zneO#WO?GoC^F8(D<=G#nmt<=_{`Ktj+4b4!6(hUYKPwIzuEJLAtnUaZqXb-?9KSv_ zq`tyf#8}Lu7~S|W@JuS}2S%%2{c(16_Ur4@k1tREI6DzN@(9D^H8}x*Oe~g7lZ426 zK4uIhnM8CYM=Z1 zDKA2oH7U~r>m$euxi_RnG$U2{Qe#lsgLrp!diim2C<{X%JE8#bYCaIJF3;axd|Vui z6GF)(Ln#04icF~t`XOCN=a(QvkOj)-bB`wX1NfkjL@?okcxFI92SY4CP(D(hc_`B- z5^v~|G#$kd-{Txk?78+9C8Wq41h_i*czJsK^5gm2*Z=q9<@q_^&An}}f>|~6S`6ss z_tYH~(vPA%vRz#0+cLEgQxrWZ)le(_Pc-pIP-JFot^}&l|Lh#@?3ww0cXwC*-%EL{ z{0wxAl|Vk-sDiYa^Ca{^MvuC-3!~uAnLCkG*AxOR&#`&*9C);(ihz~%S3^}l0VJg7 zrZabye#OoIDbTbwWLLOjR81|*rlzTuL9n6RN=9CsbMO_XmAF?CnD#T6A{^yNNu=7| zqN>10f%jrgjB6jRUb%RxZ3{6YVvA3JnW@FY5JI#r#$^Sp^<0Jgd}zlEyL- z?INs4tMfmOhA_Af;x@_u8{~f-9GdaJcJ{Yd_diQ{wDVt%Z#Rd&1otEke5E&CANFH} zZq-dM&EQpzQjeugyvqG7*S5MfmZG|-06)XP1Kv2#Q~n>;Dp)K*G1BTb$fY)d&IbGM zk0O|_p~kVcTT+~NWj^n6iPH=43jxz$Z&i0x-ZK5afdjcX-HKlJ302*g*B-Dc?gY#W zQ|ncZflfgc6*kO^6O$s;j+ne<6D1d2=?db*U%138cBf{y_-r+M)hMDM%TCy55E`lj zlzHq0eoT{Cc*Sb&aradv3C@n$O>UrCI#PTYI@jNPJtQz*L6`B=gLTsMR4BPrdyHC+ z)l>Gg;{Q^V<=yB1KiE0gwetV3?0=T?X#5`?-wvbyQFu>+`Qtr#80$|Avso0txBdif z$iE8C%f2(G1#}raMIqDhKu5p;aX%qyMi}sX4E=uJy4}+;=<|{~_rl=iW0+BBK9EAL z;H-~Y_NugNG=WQCR?T2-7RxS{&t+pim$#zM30yLhD`;C4 zdB*KGQ{vZHJHNF~J7;;>Om|N6Zu`{CD^E_2k`d(R2^lQ+1hjE=tX)~?g1{l`#u|P4 zMX{bz3ed)Fs4izty&)I5j3Up$I`!(*-xi)vcC%%^S9y?LWGF`gidB6@9;9XJ3axs| z>k6mhb&UezW4U?R(2wIAKe&C#zRR;y;N*-4sE|?$e6lUQM^0MGvd?)(-Q+SZp2cp; zZk094vjX~H&{Co$4xymOG)+a4B(+(l22w~kMmR6PiN9DjM!P!Q5sZ?_G>+RZvZ_PK zsG#4kZ~Y9erx~^6AvnB+`5nq`0ZKMNl!Jhp?_h}@@TWPN_<2Mm;(Kbelk?h94#>m+ zXgDkkGzz1!NgrInJQwXyVDNJqM?sXw)M%A-9Na~5tkt5uxu&OzpFx0gQXud##LToq z0*llZ!wqWW20#0gG=>{w=G~(yGbQ%H^~nWA{oTt8w&l=aB)bzP^Cg*1ZeZ5u@iE7c zlvhYVQM`eoC5GW~jHw$rWLROdtD=8Cy>6kjrEuP!Uju(QBy6@q{te(`S%i0)xp=rN2_%$RdYK4x~N4lI#6rWrX}&~V6E_U|n+J*lUi{LfD4KU$^%tF!;u z-8KC`_jdMH`M;L(i2Pr|5bakVM?rUKz=Zg0PMmqH=jjp9N@%xRZ7iYJNcqy}FNyNV zkE4G+A0a(a;aR&YH9{95L0=$!>SBBDN=j=P8a}hPD02}xTIfq4igh3-mT#WqC9o}x! z3YnuI;UaG1*m7cmUBXY(h_EU-h@p>jim^qI4K@__=B!W#NgZ|;OR7NCVQHa}>R4@D zG*OU^u;6ucD`gnJ_wM@RKP}IHbOYO8092p<+k>5L)Bba3u(JPL&ZFu7FX;Gob>tIR zPeb|7yVAAU2Zc*yepNLRM>Ci}j6L9yBP!y*$t=yMscr^B0bColAevT1s9Hu@8hHHX zz2`FW)AVq37F6%rE+Yt5u__6v9+_Vyz^2Y&_?1{|&~qgXj@gOr9!?58XAU+$Sefhh}nF6$pY z7YL~K6M{Ee{83@_Q%v4(-{|3CnE$vs=d_hsuCWZGPhls+H~1EoK=iIgcF9)rw(UV4 zq*o}o{hobbN5mqXU=Y3+{!6whTL6E@UeJ`Gx{f9gO`S#+m1xR^>S;TD39dEApdoIV z3?vXpcF0Ip^!t(WlSPlZVk=Fql9nm{QaR6DjL;Et{(K2xdVcRIX^xm4?FK71Mk5M%WfZ@#FO!Yo3e_}dYDMex5A3C)a$UFOIf zQbo_yL>(^fLFU(I5PG6x!x;Jb!JbFDn6rNm_B<=YR&)OO1^A`lpnZP(WM=!P=t@)? zGuFn9E1$TwU}OqI1xbV#y&zoQ9IqbOUZm?LI6;VQfD#tRl@|4C`Du-na?CzekN7S9vD^3&!mbz!Ho*~M^apy{zhr-8+e>9(@*MYrT;4epLFQ|wY{^u zzhn7-9c-`kf6I6@_U%%}-06gKlhfr%aBWI&x>f`hv5riB%w)xilI5J1UPiJO#cMYg zReY}k<~p@og-n_`?tlx*7FcjzGJ~I{5a;;l82~{#J>v1S1vK%wAEZ-enlynEl--w> zW1oR~fu$6Sqe+z0bBX;rdZz1w%#yrW#?xN-7)Qwn3^tf0472Z{(=N(4zy$i#@@SgS zy2U-3=vLpIIK8rc*`38uP>5EE#WJE}RY=gygwR(P?_~6_jyJNoyY!>)X{=*iSx3kn zM?^VeC5k`Q&2N-W#kr#eL)1m4R~PRpJR$-=hGf_s5>io<^wGup*WPOg@C1N6Vz#0l z$K}@Se2HclD#p`8Dg0W-76s-Gi}Rur(i}g0YuJG>Vl@DxQ_L_E0l-o}*O814;*=Xn zvz!)^h&mD_sr@Y52Vo7ujO2NynG*kwo}zblTFomxbebLGhAtKEHx3*54gRaJVnE@R z!{S6$Z&JGowaB(n(;WUO|K#np; zdi!VyMmbk>%z9uTZeytbHA_*scsfdDG8(&T#V|O6ST->0X6G|E(}P$E{h1>$@$+B| ze31Hi4zrHz5$9n?TO8rC7B4CL!`AJbNA%2X$EXPp4t||b>f+rIpf_ztTU!|%!OzXibG(FqeF08t?eg&@2RL|d;2WTRBHbrEe{M_aF=tvAuu z-y&HyB87F7qXgXClO@E<40iTNq0`SPN(dv(U+?b0gPv{&BBzmQPQpmT`_OZ6W`Uo> z5n?8;ypE8zSa~+3{?6j^`Y}ep4@2NF3C07=By$MvAh`3BoG}0lLG!-0%r24o1ek15 zVH%=HtOAKS^xDd{U97dA@C(lc)p>k!LgdomKqKX*Y1Jw_P|=GuGupV%PuEoaUq?AxLMht`=K$)NA?DP^G zzHTCJfRoobmt-$}Ln{iL$mYrsQJ561{hm7=T$9@kbDo$PTgk~bL~)GnNV7wfP5d0Y zW1Z1^9~KgYB`_8HFUQ`%*}-5{d5_s|THI8BZ%ylu`Lxpio6-6k-U8I<{||Te&G>J- zhleZs-=#d7=B(HruJ}j;kvO9hw%eFLPvTm@>Qkqe1GE}B z@RZ2)R06X=log~G;^K8^RVzNxyLlJ{Xp&xJXc)!RmXe&BRwca{Gfh=5G+1Di%HrN@ z6!`HN;oM_YWAV3Wyr$8V{SQo2hQLq#n<$R*2-4e=LcJ6ebE+uPC!zp_;fLXo$x+u< z0${V^&f<&avrZZS?>{(#_g7;WW+-J4$gjpY7S-AyNt>{-w6!HCVqq?Q*RI?X9{v8U z_O9z|Uc%g86bs(r5-L>rFvAhfVIqS{4nl?E^<4JoL)l3w z>75OM5BN)(v4h1bpz#tW&`)^K2R)F?*vG(6fRAxBB0?b}sY@s{C(N9;5lvO_4Ks6T zkejK)YhjlA3@y$8RoYWj_flYRK7&~nh1^(GxgK-0ZiU)4n$XoD3aW0a45dK7f<}dp zJEqY%?jV>%qj63OPE&>yjp)Hu5dJWS8JLj99RB2nPDij_9{)|*D^syE)Ac9{-cEIn z+jx~H;qBgb)g0%-g!O%tKjCwzF;REMJsP`6B$jLUd1Mtv&0Y zvF>#mK~c6JcMnTg+d>IEh6zwU5OyS+!VOT$KGSWLYJ-gn@)Cs005w70*lrt;r|61j zU$ZWP;haNTUyZHfLF4jlt;-5c^}s4&Dtc^m#d8Z{U2HXmQ{v22KX$N@5YUE3^r3bV zdSI6dXH8FNt1~(n%T2ZvqctuKs`o~h(4Xm6me5%h;)2U~g;yRYM{H(3m9vC49z9Og}U-2q^7`Dpk)tvsEB1 z<~5O(&o$YOizU*Q$SaRBE5p>3nDOYY{3y#W=}y{EXU9_I*&Hm78cAU_R@&+P>=|p4 zS|UjV`!Tu$>#^{((cbsim9rrs6-@P=pXAi4<0eW%;InXczdWb4=&kVE)9a7Fp1pnf z@#^&QkFyga_2`-(h9^96b(Ll1Y>lUPylSVzJWuOL4fa~ zJQzpGh?MaYl#gKsrWj@{V&7|+V>&o`G({qYo&0|O_qQPMQ&Q5EOt+lT1*Qd>>zFQ8 zu0`0tiQ(13$($Li3a@fcdHiK^qG0^v5xg3bslc%f<>lGSk`>cBwMXG~zNQpDne@kPIUrXCMWLD14eh<##>NbU+@H&!hBSc5N^jgj)?RfN`<5D` zNlQ#DA&4vP@$@OF)i3vpqqSA!Oo~4bbQwJpjR~~w%%lsNLFn%Wv`E( zyJ1^J^=z@fMKSb%_Ztsba*bZ25k5~&vkYaPc{bVsxJq-xwqb+RO;YP?TcuKwAvV>L z!aC{OY|!|e5j`y#Ew?750Jl1wpU%_j{8#Sk+k}9qvH#rPA6V!A&cWg8{9neSo&U=C zc9;cDf%+tv0Ife=GXXOcv-RcjgX#&WY9<) zY=phij9zr5FZ^Vxty!48tK84wa2j7h;|hYo*3~HVmB$En68q8QT5K)NgTz`vvf3F* zxgwf5L&!F@k^<6YQ+jMp=!%iF-@-5pAoXM-1BU5FfZ6() zu$yGsm<~k-4=5pdbcQNCyZqFbUrM-mCpbL4aRTG-+kj&2XDIbYLQZrcSQKzc1gcKk z(X%R@*iX2`XiZjs;eqwQpTIcqu`)b;I`x{V>}WOwIE+36Z_9I`Sgp6yaa1s)?&7&G zazgoFh_X9B3jvOOJO=N#KFp8%T3XQDJZ9dagveRHBb;9&DF%7K`!x!q4AOY2er(6* z^VRibkLE5KSbrGAf#e06JO~ooG09Ov4ocPMFHH>bR(+U1~u; zY13V4w_;&p_sGa`C#xhf(Vd*jMu}qa(qf_wqm+0JG!if!h_xxvGW-uS#hrWiHUL@E zQ0YPOwi@)8iXaGWxlirjRc#53qn5^jHQu?47i?4Ce%qLrE%-tDRfI0BvgZ{E934rN z)Z>sc7fKVZ10`|u8#T2gH(_(Z4Q%0s<1aVn#zfjElHZZZ=VRH&XvpSFO5XE4fX)~| zwI{g)wPM|F{Jj2d3U(SlgpW$>L4#jfE7Dfg5DCN;6F z1?%8sN@=2OA~x!J{4Co~gr}!f;wT-*F-uU(gS=rt#Pt+~cuTPoA(M+$H|xp_m=pgN z0t^!jX-3Lfkh`)yIaY)La6RD?oLl&_f&$QvTA_-zeg;=C2f-BQXaeYZK?yZONntjL zFs8=$C2^G0h*56I$^hi`Ts)k)eyB9qEk+ASFUcyxYR6cl<8~pY*?PB|BDgM zyUa+^wM80jeg(Ji-m>yq6MZsOJ+<)4!^Tyckx;Fg(QMrnk->lKnDo^^>hB3}Q^|)@ z_Pd;rg;kk`V1rwu!WvAYXq%oXaju(2fE=zggL4XlXcz@m=_l8QFb~EsyegUSMhBcYJN+43DIVzz zabn_BExK_oLAhiQz*jJgGMqcSF_t zr&$SR=8jK>tB5{HHWji}`!%^&zbqbqvXpWTg(nN5M2o5x<5B*nVpVT&w^~X{^@2(l zmE_=Rm(#i|qfm&$^b^2#Eh<=Q5a}Biu%{JTsLlN^O=+WT{=bYz+yBWpKFI!GmEQ6R9Rg|! z&4)h(%1#05RJq_0Kwz-_pY*9_|5tU^v~e>JvOuUfxlGrbH4AC>hNabIzt?OE^3#Xl zNRAv*jNK5@3agW#{^?}@=lOTbj)0o|e|KR6HF^Ecqw1@TheJt=a$g4h~HDe}AyI+W(jG@Q`BH z>dp>EFo7A3E$Adw7~i3cnGnDPPcw)?lml*Ug@GSr2xBl!X%4?F7)C78o7|0S zHdA$)^@~~7=U$8j{}~N|h~BIe)BW^JJM)>JMdZ6~Sx(JB5^f=1*fnhyV1o>X*aQ7b z7(*Y!zG+Dw-lQ3vMQF<0H4(aIYD5*a-{8VHbDjZ4sI^Z4Sj@>lO|3o{J2ogjN)cI;X;$ z--(c`PN>=DPcw54DJ|=+8z{?d07rk`-r4meaJ4*<=#;WVYCPK7`f0Y67RRYsX`02( zI!8av{=c7Q)bP}?!it~oFwE%e6+|vtsjNqMfE!|0;~2w z(4YHiVl;u$$PNLuRk9K`07k%1Qw*jwEjsfwNjGRFLhhoW&ELXE*VPdM5_oCsN7S~T zj|P{X-R=Q3U|1m6ML`vBF2p3JFzMJVf*v6~^U9pveR#Im?Ba#{NA$XHg6Zn;oDmBQgq0 zvzJH7sK;g~KjDt3P2Dp{9e`QP*0)pxM14e_kqwC&V%R$yzbAu0-%Ycay(09aZ|HKSuPA*gt?1hG1`%gLbsaLJ^3n4W;k1s?=!37+ zFYW*OlURYvquUeE+BsuQ5i!atNAZ)zMA(OR&w#%iW5c%me|YnEKWd!$k3H4=|IY6I zzN!D&+1nkg`2S@*mCB6}rnrCSN17@_;lJtRu|i}pU4_&wlrBWA1qRClYxe3Z)}Nh& zMpe)YtnN^D8zbK~5Ld2c{s!*>bv#I60K6!Pa;Xf#&b;r+IxnlHdZ(6Is=Gn;bx6RY z#Moq%FYR^PEI)!i6Cwoov8KLgRjzL?E9UnVJj)xk%Qf7uSPkaO$kDO0rvnbbPl8#Kemt;p2 zFfC8@`spL8F1X~AbhOZnS$hmqruk}5(or{)rkNn>WLY;Y;hbgdWy!0aMH7Dng{$Ea zpp{PI2qyU%`SQ$&x=w_5B@Oca!Jowop75BzDamY1+vgQz)@A;(Jee`m9RQ$aDi-hT zq{JdEv7X}T831PTUp48jnm!kRO>q4B^)r~v$cxL`tqel=%&Qy^7glHf8w=o;r&se3y}z29A91i{rvLfcSMTG0YZUOV0M0a zeFVIN-NV0l&lH!NP2g?aM9CH&d+e{xfc^MNfzod`J|2T#e)-es`ERT#7>p6{PCvt7 znn%e9y!;iA*^T@CzDEnZe-Abj;H~LY@xX@<;6MM9&;VsQL+s@B*~jB|*S|lv3jg;r zPA^jS_1Pb%&nczYYch>u;H{DOykv+t88V1dlwkOLZC%-G$h1S#9Bg8+3wFRiluwLg zK^$ps0oWYNE|8h#nV-|5hv%2p=QK)2@Q1ASZb#I+$XzTlz<7GpzPiQAO4$sNo32Ea(p%ODM&}JXvX-! z8oH!kLl|z5J&v?THqv6l^plVo7LrdBKS~N4h;`hP69LeRmv&8)qlA?p?e_b9a1}#H zRfa>9f$afVSV{{3VDcSo5BQ5=BxXdynm#@MZLZx~3aah)YhG=&W78cwgBVS-fECW* zrzylauNb7$Bd|S~&_CD&J_7rLH_xqvW4oMdCbob9{Mr{PNeOoCth) z>(2y%)aCj4_0o=pO6-KHAwwuH&WHy;4(M*p@tEA>Pq80Pq6BPCsU6nl*jxLe4&XNr zY^KUPjeg%ey0gm7_CNo#3y?VX^C|vs4l_i2OWEmaBN1AYmKzDHw%SORxRIQ{eRaO9 zjf4$vgN=kE_44@o_}AmB(<9)0`C=*f`2X_C{M)xBaC+*}{{8&T>GLfX)0*;mv~qaU z&!))$8*N>$CH>C6!O<1U#M+nLCdH5#(9I zI)3@)?Cr;QSErY6kKde@0Fl;lR>fsW4dtYyN_HtKJp9JSH6-N&!PFx65SzLVwj~DB zEC!pK)NNsNbBft6=opJ{-jV)65eLKvCORDb`7eLo-6Dk85+CS%`sQs>se>9$D%+~) zJKff00Ye>ja}9vfakq5z~> zY}1P+YJM!gYwooS$Cof?PE(hE2Pr}^%r-y{F~wTG0{+a8Vm8Y6PEm^iyXF-`A@ZSw z8C2?Me*3nW-HD}|jy^`1OzeBG`HtotpnK%EZ(uW|e};wp2sXzKNT#&4ud{&aFfrcm z^1O@&=Qa(_AC3m7Ga8_J8Ym9eRe!0~%}w%q8~T+zZS6m~(y_VoSH1t&!S4QnVgI?e zyS?)NTFOKHzkV?9FJYiq<@)6|VqDDcOV_sl;7(sUvW-2y6nEsu;}|AxI?8>t%x*OR zrd^vnu%B5s9kAgw=|gkRwQ(cQHSHd?+HGxjcW~fI$Vz$Pd!v@epW-qvG_lzE{|)@l zj2bS_vuPG52;;aChrePRPf!S-hY=d%^t2S>7)lPq+W>+468az4O=k=^}L%Zb5TtJk|ejb>LL*lrxPn`=!;f=T$ zocY`a%OK6?GiX3lo&DtIGY=rKYjCeYwu8(AsN8R`1pvBm1r)Zn=LRLV^>uA2|2Q6v z<{4_cGdfR2R!lB1-A_?Y1@W4Wr}SZDqubCQ()6V)f}OdXAjz*yw(rU>Yyg$deA_Gv z@ImRqjZ#d3#eFDEcD*YH$`+f^45<6A4>j{XRZRI~&zLoS>AOCZEZ_kwf2CMtuCTc{wrC}uY{=nG|quH@P0t~O?P8nQiM&#JHJ{=p>EW!;F^Xc zK>?P@5z4Ss$PjWsl~%|>E2e^i6>Xv+dS?;afPtoZ+BJU=4;&s?c0 z*ndX|w#B%A#bc_J`6p$%WB*lXZLfY5Yz>IZzS7ZXqMa@hn?fv53vgE1-A zrn%zgq)CfiOCp7bYqcQq=fC{f9p%3!VE;6WHCe=VMJ(uJ-)9)Ell4Lbtoqe#K5=rt5>B zb8=qCXBXP$!aTyo7+u9t080|~6#!m%WeiOb;MGdK=R}1L17ioyllUHxgFc4f>;gm> z;Au(@HW-3nnq@G_<9l+*(76&vH{$45`XM*O(*CHu;7J;N@SY+0VFTPub1*_Vc>fdr z;IU4e56f^j6BN=vHbIoiytpOwR}&IHX;ns>{hthV+r9rk>i7Shz5QKd|KHx<-(T(j z%XrNF|ALHhCwo7gEsu5I=g4=w=da~KdXb?V1&G;ut;Z402_C5@GTzhwis;&3to-8y zHO6GR(yQuXIAK?d@?}BIQ;rga$NMJu*r6ZCH-2!-Lsk&RmQqu6qc|OS39@C2NMcAN@b(1Xy`Zv2`D|b zd4bk*ux_WJ?HTlRgumyN$r4+$Q5A{l)&3~tHSiE$oay+rve6Jsra1rI$4WJQ4yxeo z2H3hWd~SE<%K-g6}o%{F}gFMHcTb(q|g5U zXm$QmMs4e(__GBgP$&QG4@~)QclU6W|7$6acK!=qT#j)Ui~uG;i@zQzM_~10B@R9b zaZu5Cu&`JEW^!Tc{eKQ2uvY#%H1ogj?C-Ahe@l6s`+sLbAlo$`vm~hXU?mQ&#KDy~ zxDp2+_mQtX4bFeT{UkZehCbl|W_}!nG!SYR{{MSByLSA)gO&gPQXalDvLOa?jKLpr zh!^4m%(>GqrjBF?Do_8aQ$0t3gM%O+`?<(kh3R20+9um9?-a{sG0jN(DCsxi11ftk zhm=Q-AoY}H$B_tl4Aym7jBp=bMfqOOmJJJ;${to#u+kwZ!WH2{8i`gVxReW-YUMG) zxq_H2;Z|a=h`Ab|29mCdM3nlIMcO9y=V-E@-=_=pSpunQe2o-P8Ov}?IZK@Tc@$_o zrBDJ$2EmCi1GvDHE70b%4JD8;=VXdm6YifVN`SWkJlU=jtLj-tmfJeY?5d0iXBQ{R zo{%^?&dOb)X-+U$PhbgcOsX~?R&_|-SiPX#_{GBK1-Ki-L?bH?_x_$0`%pbK;isC; zn9_rDE|*YJ=LzST-(|#bb=vH()n%1?tQunjZ=NdH;(9qT`XP;2%??VNdv4il1=tG^ zC9V-K=f9okjr<(m`S**X#sRfQYsF*#&`&-8PZKg+OyiiDq;Gu;sL3f~0J`x1-r3vR zHt&B92P^xJr96zUryK0VPdj4!jVaSFW=tK^&(wpSp-h=W1^5h58G%(%b$}*rO@x4| z{xlW=Y7~d^I~+wg&+f0J>9S0iF3s|%`Iww}HwSw#2~Y@`UrtVrMbgE)F^Z)*xL!`R z#rFvq%@5}2C+u;RmU2WA>d~AE%#}cnjJu$86)FmT>Pv%r9Sf?|4H;@&%x2oOyHVYoO5e2zYDq zj}5hmBr7Q*|Imss%8~Evm-dko?g)7668@0{(*rj?h6j5^aw5S}e0%nduU)<@E@3{+ z*a|Qx>tpbLu-MYv>+CDY5iRr32KPVMGspSgQu|kL|8a0&#s3^^Z?De(Wjsqc{})jD zJp&;2Z(xksNzQ(kp5*}eNrG}FD6$&Li;8Lw$15zTE;J=>>nLP$98HV{NV9-%XeAP+ zpZjf$K_-6cS?yOTfGQDT%}YfinF$d}{On%U{me>~jkM*8gOy*4-okrD<5h44%HgjZ zt^8o>xfC7iBj}(#X~4YVYe52KEPf(lvkq?gVsZWcKY_VVdcO71kK^NFHFakHH`w1c zH6hM z;hufT-wKy|Qru6|{_XSzW(mw8?nh`#+P5@on=vANH>@bZxt|13$Ac%Sbd;aLtU&vO zwsM@Nf3UaJXixmaAHi_*=3Z~?irI4UN^=r5W5C?qXtmpl;qE^fW7{9_X|w-Zwh#@u z!CL#Dff@hlU}qKobvX|YBjUIRtY!*R6keq;=;Tze=G6rXHCD^A90nd~e~dC3oP=6w z7Jv3Yab*A^W(-t%X`tvDNLg-P#0`mLOdCZfkfN~7u~pl*uI~>b(g+PQ%1l3~9Bhlp zG)U40FYdDR#epBgQxkhdQstqf6ceE1m|F5;m;;|h4x&mF8jeYG{fLI3Z&ox+WVLQQ zr-rLM8j=2qbwo$&G{(@x4P_FwBqW2#{*0MaUX88@K}Bj>_F68B87!uvS=>|{bkfa) z8_^K#{TnocOq;^{m}b$$&+Z#`QL`WCHM>H&RJEZ3reV&sd0UvS8#6TeY)wzBnTlv_ zvrDD6AQ(C>laK;kx)crjhpnH%E0`KEp0FMaSoy!PMAj)WCSj2hmGrNQb!p_ z9sJo)>0g9Fq`*Z(_MSxyyWt1NhB^!B<($>NVx+!K?c*t!o-wx^cIwLPaZF0~p_Evb z6^+wgCB|?*t0rmUWluMIw!LthFgex?8-qIt#{P_~UeV7Db`|W0jL@nEoQGs2dqd#I zF`JBP@JA!SpF+HE-=5w68PjtviTXhj45j#aQ>eREaoPe01XZHf1!2XfVW>0+&pcqOEtlorWg>rPQz_SG@{(Tak?Bm2V4SC zKdL$tQbPT^#SI>YFnKN8G44U=*JHgQ^NNpMb!hnMCbAn~ZD!tDsNo52$@dbE*W$wK zRz+2e-P$eq_N|DnJyYYZNM=me+$;UnHTTMgwcG9-OjRP;L-c@@IyUCw{Nz$6fK4;? zYnOyuox4x(X>){dY2soVee_pSJ^dxtCg&!s$cPk+OQxFh#Z zxhppJ`vhL#$1xGM*4U4Bj-Y{XU~TFGs#S11e=0@V2#s_3d-6i8>$Cv>X$P}XE%Z1M z)~j7Mxo}rc6Ll*{*Ok%3v z|5Frhee|a}dV{7(&V59VgMj>Xjc#H6VNkdKAMBd?zy0mQRs8RzJlg#~8RbdIC@*p# z5XQR-wo{K+8X=&gnBZ*bQ&A^Jfa&^Z-3t`<8}R=1ooXut)P)O|t&u`BAFFN)T4cW- zW@y5sAZ9M%0hAV}y4-x_-g<*j>{-^)DGJY1cGq9kQGM@Ku(X{D8bYivcs-xNEQ>_Hw#B+MQkLLD$weZ0C%&i2B)RzT7SvmITT?D5{gVKYYlY zohdfpVuDqJZbZ~L8p7Z{h~eUtm7pGM2F#z{M?;i?c`zhrD4tFr6=4@gRRPu(<35Qt~&``mVFhn%? ztFVx8X-d=Tt7mW#3{=&H!esVxnnKSR z7`4#=!esVah9-*-9|zQY@L)143O7M@7=4D}X)^0-th7jO%}Dhfn|>YP&St4Ouck@) z%v#w|uAcvxL;k-?{kyhmfI9on!+p#D>)>!D|1aec@n6~KE@bGTiOqbTJbw9KcBEr9 zKr=>=M&S6vzD8}EL{ks`B3pRNa!AU*%MwX4C1+4f6C+%z385^tq%1~5v`(fte+glF zg3@~ngcT|!;npwBY)yvKI5zA}EDKH=Ti2qtWiQEER^#MvQXK?~F0auNlo(d3{U}(z zf*Kx2HPJ&;l$TeGn+yz^)HZ@AIV0CJgmb}&<~4~NQwBpb^kP~UH9Z#B{4>5gEbcbQ zGBx=94YulU?t$Pct$dp=s*AFtCc5b82p-sCyO58V+`E(7nE4 z@&H+%Q%2#V=fFFOr#Oe%Z&601K-Ch6k=~X4rR6oRGwzjg4;vX$&oBPA4**) zDnaupq=Dvrs{q~jp4ZA0BX;VAd*y~XcXxR1Y2Ln?heVO7GsCJ{$RiqNA$bw#6D-{cc_olCqM84zHkbet8ap0^MM@Ha72Rw_G zqa3WqFaiA@*lkWhFhLp3znp;gyB}0SDviCcGJLRxTqL9~l)6Wbbey!zrX#z1(*beN zM$)m0FbDGy=0GEiXsI<-M8##1L`*eWf&Wq3Hfdd6=u;fD{A<9V8*QjRBV0rAiT>%% z+Hbi-n%!x<2v@rA;%O-VF+PJEx4n*%+cx50t^db?ng4%xduNsZe<_b9|JkFwsPJb) ze6+Hlt1DfLhK>PPx~Z>?gTYxlkgT-yb(CL@eeaw-X#}Z4cql3SW1ct-_kSW|9mkQ6 z;T(Fvy8FMu!LA+uWwrk=<J}ovi>a-Rt<2ei&{I z{N;n{;udLLY6^S@051ObBl8}nUfPe+7fjXwC;`7H7{2Ix?sSY+tE5umNDoloIH^e^ zz4KW44KSeA(otGSMp0@ARuY{fL&>5bS|=hdbd$7t9^=#E{O5|`&d>kty2j_qJ)xqOA|79P#KL3?VnB@w1O0NugNT5_H&Z#$0%aP+6AzWRrLR=Ft z{ymSm7W@Cj*~|HCK#CI2nuvG@OrvzJ}${TF91AN9UZ@qdUtpV0Ta z?D-dGFCE(_L8o@VCxu$<^^0xwm3WrdsoCO1iGRN>zVd0Y{}UOK9008kfx7*FXJG07 z4)<64|56?Y|1b0MEp`AfljcW!0JB|OidyUPEwlt*o(Wbzx;`4B$*2HdmApG)Zd<&(D|@$rt6>^Djbjl@c-`=7 zs`4(cbg$|$w0hQMi9plo6IPl;JkO@k^xaW`m8TDP6Vu2EtbZ&hvZ*?2i5%OJE0wr! zB~bpNdj2O-elo8Qc+L5LxVvZifA8*Zui`&1 z<&m1F4xPYVljZTA`p(XDe)OxYFt-y*F5uyNoWqGnPa9=>cRwD1)4VLs{Wxw~e436j zKZLBf=2gCy-=~_djKGilsXq{I( zKd>!-rV{UW@tO(j^3OFR36wlzkB2##uW1aT9NfSFO(5YrSTh^+{Pn>NLa}+63I`m~ z0`sJ@&rt;-!ftIkPh<@c)mm3VD)id+SzCJcl7n9*n#0G(8VoY&N*sN>Gj*b<(Z3Zd z98&*4w9{(I;W-5KCzy(a|Poq>WGy2Gj$!oK@&L^ zmO2bt+R+eJ!58KXzM$?!mvDk+kh%TQJV7C18&I0Y_W&h;?9CuBc!;|8l{kk=sIwZJ zd2~Fh!q(5=nlmW?(#3%RE6mEWV?G3M1{1om@eQW|raUAcL3joehzpZe4#Z>oo;BsG zU}ew`qppAvE;gU0m7pF)G!5+lWFlRTxS`}wonSXU&r(I_tBDw4R}F@WdWjk=MD+%! zbg!}=+X#gKYBa4z@o*i2rJ8y(`Oz6ZV|ZL*xuf; z{C{?Lc6L_h|1uu!{J%gU5W@`kI4{Zu)JNoh9GrmFkB*rEae5f1o6#&mMLRs1zMBl3 zTgzPm=S67*wD!!$8is+GFh}e@zR(Ld>{2&uh5_B=G$fV`$u}??LDJw|7UfVYP{E0; zjne6H7_wU;^}<8p7hYYwQ!brM5(It>UtPRYu;Z36W0*l^ULx2Gzyb$`EDBr9Mp&x5 zgz`i-XPAZ9JW927$$B}YuT=YMUsDv+aNi?omp?`~*&P2EsIHmZ6n}eCSI$j&Ni#308V5Kl z)vL;dplyYPYFpX!JUmU)7*1f4`!QPp9#{`h68KudzFm&5lD$2!JvgjM`mA;QVX@K{ zbCr4e1JPsu;Lp9D%nlIT-S!O9%i27~a6U7cPakNp`DL*sie zO`=az$OKbdb(7o-Cl|$2l;xLndu*6}a13Lzv@Hf=1oI04Yq6||>~!*rYbJ2#Cpo4J zWR!%!r&-FtFVDgDU}ul8o&imi)K*_M=<E#O*2@Pzq3JI*DaR*UExWD69wq#PuYg-|&X)L=d_n2U#-Ius_A6ycQ zUFw9c6GuSqh8DR^=0n( z&D98+yY9Dd&v+>obJ#JCMG+NHS#gaThD=s{ntl8B%zkTyEK(vB^(%rCaZRlQAb9`b znX8J8BHvvI81}OS8EvNY9kxPsbD30m0ip!_!W&YI&s=<+Xo~5E+qFgO)HTLwTotm{ zh`MV;=Vh3c6|NXBPH20OR{H2=KTY+&S%fId75f;!<&NM@+o+HKVcGu=whvbN-(@_y z{+Ew3pu^mWC%83n9<2h{(UY$4g98EDbPn(SHrVQoE{7MGH1#fDJWgciC~1{e$BXl6 zxc_I6id2l_Yij^hXaBRiYsUZB+1cJ+?f=VowEh2*jk3rAw&2#U&6!8L?Hj%5ddpXm zfeA^qcGnMCh9T^=+3>Y~=sT-SmDGNxSIx(zvM?G-Tl*&aes`F;H2`nn3}&9D3HZ&A z;%W9E$(i)tSn_=*>6siZcQ0WYqkAF)d#be)@UC({hr?;iY@aqwZR9$c_<}OBU8f6r z?($V?ON#fbtq(LKzJnlkgY~pXig503ZFB$M z-QHQ{|5?hT@BeI+0UzdWP62D?Jl>vIMDk}_;?p94P(xAk|M4;7rYqBC>GsBHnU8G%}ms6sgX{-JBTng=Catd$+3AsFR4 zxa}sFIerc%2$RBB`nJI~R$r)IP(qF5LwcRl2ft2p@cyUS2XF_oqEuPfGZn3>3m;Cz z6`!~G)0F=k`x(5*Pym?*1gCz`m<6np{||NtCjWP^^8a4Wqw{}clmQ=RAjf%O7SJ_$ z9xoT@?oH>6psShXCk}I>VWj7Bqgt6%%w460u3`QZV+-}DDZHw~tF-+0ILjLD|2fPi zQ9^V7yvqClUcfA(Awf_Q;<|I7cK_cu?f>?7cUJb_OL?^Y|GF4uK!+KyaRz*#7d;3n zXVIfQ5NdkW^}#SI+IV=Kab@51JyXT2WgM|~isJ{t>GX5zCn41~mz*dvy1N3jSJfPi z#ihP#pu|>-FXc#Ry8ojXW*t*L8{wWKYb-Mx)~BLmO;qlU76nPQvO=@QJUvaiG)BFqr1hBfo{IiU+)l3=UzY zys~B~4ZFfu&bmHj`CHMRdt__oE34Zwn1g6g{AxH=DfV^%l47a%dPWy%>GPphM$j}$ zSbC=XV9x{IFh)N4)tie7*7hO@;)7&5xq+EVjoAksX{+-zwVs$$EDVL5%t}#q(vY2) zzPyDzWQBa=Hm_sV_}J6;>^G~dzOSm!RuX+(L`EoyS7G0r%`+|xwnb@%wzA#3XVRBd zq=nUEJPqZ)8H%S9IEU=_ANBIz!OotQ|9`Nzvj17iqsf1Nuu)!A_T!V~(aL=i|Bhuo z-9Tq)0YKG)j;w7Kn2Ib&DkLopTH;E!CjAy%4k*GDgL8{{Hia8vSl9r#%x)9}8ra;3 z_7y)9)8eOaHXuL!X->F|NrbT?(wc@IrH&k)ULV&+Rqc}s7exh!$qS1)S5>JWjL}_E zS7d_Relboe=|!qs7%D8Nm?;v5`34BaFt{aMsqkp|QW6-p%EP9aHPSlGT2}$H=e9_y zAWWrgk(&ypfzfds+k|oWue3KYD#g13Ytnw%s4#ms{!MRg>u2zity!{s__{64%qH{_ zJdftOJ|yIAq1P~X!l56>H-2#YlKVZXTVs*C&72wV6Y$bmz%yRDmREz5tWO~{41}qm z)dOEao<$Sz6(ms-!X)Pgo7yZYHWe@W%ue71(JjC%0p~Ho`Gud47sR;$vjm(m&ELKt z#sbI^@C{Hhj7HRJaUqlyI7`5qYL8w<*@8$HV3vS$GQ92I(EFtX#+-yqo1VnyluzyW1+<=S`|PIz~hp1&jusPa2ul)(}7>^;GIOubS4C zaqMY-G3wF#azC!VWGNZm0tieY zrdDYbW{6T&z$>m_FX0G&e&grC7hA^janL>g@W7P=BOH9c@?bJWbk*8IAZsG`->&&LZl zOMsNL%U^BE`*9jn;Z_NZ1!OG(rYJ)(vkSSmt(EZh_@0*XA5$2#yauj||8QXCf8W_T zJY30t%Xl>TkBu%^7s}XPw{l>qw&}46fqKrw&LqG!LHBEZL1J=n>N%&C)%Y6ii_P3< zpBr&ErT`-#%q5hH%1k6>lq{D=jV`%_QTfe`JE4jKV;^5+a2S0C-j-LubEe-a;kydN za|BqNbjp1AgzdWXvk>6e$7Aq*>qDci$rJ@+KYK~bs@9Hqe(#D-y;eHx+_->1qlN@3 z*iG{~uONqHH@8AK+oJi=NX?!?bL)c9m|)(CY|6~})-J5wO^kwDn-n#1LVEKa#4|0gcvI*tE57+Co~4t7@j-%=ip{}ZFzE!$Udf&17PzoIK$vwjm8 zM$?JK^sV9OUp6afDLr^?jSb}Q8bnYm0ZNAcSJA)V5g6xrijTIo zGB|>tw+EEqTiMpzw-VKa zTi4Ont7z*@wDq@0mW@c^i`b76aF*n71TzpN;O0Ijyay{Y*x4h6PCut8fk`f2@9x2a zp2;(mpQTD-=jdNhP2~*5S{b4^Mt6h`qQkC}RZ@cyt2v7zxCK7z))OdydvD-`uqAUa z2Jab&4+cx{5APq|24G-~E>PB6EK|XJb4+?*UcTT6{weAw$H4F`n+js!%gVlD^*EoF{GVWGyX60N_V?`kFS{%M z|D`+{|0l(qPWitI)6U1n{}o+Xss0vK{VDpir>Fd@@7zkYvr_H+08h*FU$_=@dH(P1 z4GygHe}5JKb19E@{)^G=_WZAKM|o`Lf602tWh;z+8qQV1kj8x@1nYQ4#_lO#D0;Z?Iw3Lqu^}=png`%fwpRny{V&!c`roDWqnC;x(hSgRm}@ zP(#~5b$L;Bm@ov^rX_wsJI8o0+D(zvE-aL2<{Z}NiNdCd4pmuYcE^er(}*&0EEt*E zvt|r>^A);c&{qul(|ua<|H-iX_@CPc`-f)ymxJ9^{=cO>8vpkqWFM3PE~9%_OMOr3RayB^=`c!0C$S$H7DNKY8jGLCyP^yqk+Vrg zn`HZBKz_cJFht8MHvOTWmis>odeg1{&;HKAwyFQ$UD@T z(UFH21Ue4;zz|=>e3&EV10!8|4287-X8CyyjKGiK3C!|n7zKU~=L#QDw9|D!3Est3 zG>KI-iB&X-RWylZN0VUN&kTJnmQ-U$ri_p6C-)qo38-aNEmq$wXA3!`wG}*`@9RX>x?3iZwRpGuyM(UUa8bxK%#~G4!cj8#E@TNIOQU4#Pe;X7nc|r#MPR;Jsu0 ztP`;t`blrYn(Nf?tM{QocgD9*vm%v($T~OzdUMZ|xOrSuNkl4mCYp%-_7akA!hVq{ z-ojxa?zk!cmrdh&(?8Yv{~aEf_Wy&G|KE}xjsLqOgWMg%N9W9n&ok-q@D~WQp$40% zBJvjqzNp{lDw`5I2tSQpWoVk3cF`?RDPX*CCp|UW%pgY7%nt3;rcDW>VVg6U-7L}` ztzXg>C;QgVpr9t5Y@5Z4Bf~yjAv}e+DRnQ!eESMMO;KJEL}2S@P|%VyCGv&UVj0;5 zi7dXMjy^ESvwM0CQ8O@xN~%F$OM1&jk@uATVfE5A(B1aXoC@uGSHW?)*@UL&Kc3Px zKNky7XaBW#XrBMuyF07=k4t%U{SP1H4s|{p;))A!kfdWqz&@NsQ>q}sw~+M=ews!Z z4C{|6x%3Hu7apMh_e!=PDb~!}2mwGEVQLh2BjSWxs38G_G$wwRHTZNdBbx62G|@QC zIo-Ye@8OPV|FwOvv$xv+m+`RupRAb+t}OaPj`YI2Ki5AM5XrVr)(r*RV6SulkQ?6C z&)_VH^8d%)-*-1|BZ`KgQYE`C0P2J=b@7?seSmjAy&uKDLu=HajN+k&uKm zMKAzlw)n?EP~4NuGl@5&%Jplx1~yBA%SIMFNFF0jMezstQ;J1DfDlt-wj9 zDdQDXp8`H0;`4|MLHQOlV9e8g5<3Z|?v`E)pPKt> z&$6UwqUNGd<3eQITV(M_7ml{T=7vqz%AJ`zUxHUcam7-kQ6$a0DMc`O1h8n+w^Ww> zvq)Zd`mFi$+bn&Q7C8wlhM5r62G4nR*y;d>DAvswDb*k;L|ogV-RW&b-$#FdZNCj` z7?q<|iDf8SMw8>rZqh)Pq?yhb574HCYTxRa&;Nb@HF*{+)r+=*V4nT&__%Wa+ri2D z{C6dfocLcO4r~uasaZaO`TJ95pl3|$ize;OKz~WQ0aLO>tA+n>eNS3z=W{gtp5;k; z`BHk3mKjTJH>70CVODS8I|SH_Iz3Wun#|)%g)nf=a6yFMTRmezug7Y#1G`Gl>Sa%) zy0jTKkb2XX>wg*Ug^!V@W3ww}4T?4)r5o6vaq<`G=vJmtz*zwQN~3cRzGTt_G1wsF zG92zxKsy$3Jjgc4)Di5 z>^sgy?j*? zTEeLt4rJ_UBMpVrkCn- zRl4YbtIxIg7eFZZa|xxRsF8Th5ip`mqgbgTsZld>M9dCMGDsh7VRBy=xn;Lk-;K>s zgr5w74Mb3KD{)z47hcJ{gMa2SSK2$I5yt!reR)pwsmZoB{9m4m?)(Uo1gm(dvvQ%e zkp*-3|H1A_MgKoKTIc^-$)owdI{5B`H;BXZ^;f_e;it(033xD7U@fQ%m;ylr?fM(m zucccFHR8QS8FLRQhQkyAibjZ{EJoXcr$OaJEx;IZTD97VntHM=%V|Itvil=S*}rXj z6`Mecl7CfZnWx5esM9PE&lo3Dpg;?5YR-X79D0su;go^yk@&_R5X!)GmU5h@dPE(2 zXZ0GZ0`tBTrBb}^cA=GLsvDvz)(max5oDK)G4BsQl(14G2 zV49MLzQVANg}n7UQRk4*^Vahng=mD|Eqgt41-9jSUedCC;#xGMSa2nL8}R-5g*`eOc7&)ce5d)8RCcyFfr0y=bd9Lo*=PeBY8htNLl=db(!_k{pq0p z<%B+q|L5VszJLC^cW|=1*8f)Vc=F)eiVjZ!GecO*0u7{7a|vTGD! zzor|YNWia42$5?l0Rwqk8Ow{`0JB2F^W2vtz7i7)arw@}T3M8@1EsAmUY(32C{&|( z@B3R_$fQv~wqNzLs;0LQ1*@^Fs!uP#rpyZ?f0WU}RZo9^cvNMaas77Q z%>?r$xaIJ@>52g8qMFM>svdTB1B$QIInudrylg#LnX!{lednm0d+METL%%mI{t9Nf z*ssYlgglALJa4S-!T(5=nX?v@QV6dvzeH!GdBx~QzQ z6Fi>C=n0rf+pKS?b$ZgUGK*j)Q$$ZWQ?+(gHh4~~w|GnLV!^-{t z2W$K9Y92@bU)BMjQlp=C0@!v70D!*z8oQ*9`@tt zk~Oi7BZslC-p6;|%}M9!jB!LSuOkq>CNTL5rZ9^UjVzfBqKo$&(F~?n(sW$>yu1$H zkmO5$?~)|{bAeWO;)SnAYPcP#XsY(8F+{gAe!wUNf$XIj3g|s9;q2a3_mIuIM|b}i z*g1xAtp;JZVh*{tM+ zs@GL39`)X$2{THRPB$w516%XV$4G}D-e-R~UKt4mDphj)p z9KKe3qA~|Vnyq6<-m2pi%ZN(UEj>eEVmS!G*hDiRUBeSSZX-D0%2-bGCM2*25xWVc z8M%iEUG@}p^QPPWVWkW%pdc>B*=n@MXJu;=d55Rv)(9*Z@$B0lpUTc8JlnhF69|C* zV5~+G3ugxLO63&wBRm1H-9njbC zgeJvqK8sk&`oE)aG{W&UNpbvGJVkJEHR1*qoS8X?PlurmP*e&tNY zHsKeoYlN!#HGcc87i`HmGnFL#gKrz3#Q$;r3QlnvVEN87hyU*%9r^y>M~D0C{2wcM zJpOM+bQvt)!1~mfsz6z&ND!6`$if*er+jo1~k>8s}OGJVU-)%#2`V#dHQSTa%5S5;LLiH-6 zvTSFMlCo+U3NHq*Bn516#R)VV=w02E6MZX5h66eMT~EvnS+Z#=)=kFC>-)n<{&O7p z^QJP>R4aj5wm40@&M^rg@)C;#h4bSWpYHLyQ5{h+=d%iRcW=!QfC!Bbm1D5iQVc^#VG z4fb{;FIoX;a9*^5eJULAkNrG}|1-oGCfV6&gfq-*w}Er`zu@-X{_kY>U>*OvlE>r! zw`xRz8Pa9&eQ%b0YV5v({&VjNy#`%&4b9s*#y(xnH}_$bap`}5MKUyR-&eF{LF>Nt z^SaYfFSlDR5DISpymr+7ujqo?PxQ0($s&u}w|OI@*kEOsBC8Ez4b*kp(WArh6p@*9 zvKr{WZ&6ILBox(&N1z(Ns{w@Er;Cp!cvt@ngud3g7gZps_}yTu_Ac6#D80eW)>VJm zGIMd163CCm)(~gKzfr}>zW`6Dig7e8>~4Y0vGw~;$A`PS)!GZrQZ=;2AbNvj=CDae z^usRbD+H=>kww2l{R&TA)wtM^oA%Z2+(kl1*6Qwea$66-Y3VQip(WP(S?05l{&$3V|s*e`2`&mVJiT2i}L zx7U_Te#NGhUje6hS{lryKC}7!&OWN$E&J^D^4c;?55TV=!&!nd4)&||{FZSXOWBTS z5|#Muf({rwZ8bct?I#_|g_~Y02cPis6!~AS(q;uRoiP*}^kC&{@_O3Z!8o$W^}Vn6EVDe^zHa(F#K{vYgC<^S%<+W&hck0<}_v~0_j z|EZJk?Gu#$ZU>fY2)4=IgK0`)$dUchgr;P_-6|F@FIk^g#(pC==$2EL43&<&tIOvY3fuRvyK z^QAV8D%1s9B#Jh@UrJ(CtKDvSqfL)O>7%{zSup9UkK$AFuNGraO)G7h_;k{+8kCOwJ0QzT>g2l`Jtc;0H+zn;hb z9Llts)_@3&zl@^fnUtPcoa$`sw;~kpKFR^As{R&*js3=E(oUgMDBA9~>U9 z{XbUnSn~f?jW3V`45T05Q+E9d+Q6SRAC)@LY;36QL07pyM|WsY3wFMgEc$W;Y%J^> z)JZ10Wc6ALm@ff{`VpXr&uGR#6m5ft363XVieSb7ML*9F<2V}w2(G`CmVPqhAQlZ+ zAa2jkUSIV8{nc#=O0*{pDu5xeCj{RQ=Iu-J1*qdK&70_?re6=w2>G0NT z0Bl~ohtoVoU___{H=6MoMO$UBz(vZCZc&ks;xW!(T9DPoTJ76q6+8kD2tbMe&H&7S zi_JEG=>vRZHe|p1{=m5q+@?z7h&%iS1TKhEy{X?Szg^;kb!RR!X*3|B1rS4qiZU7D z6P%5EKrQ}aju!Zzz5tQE1hAWz&_UGEqnt0N=0g0ss_q^6Uh)nxu{VM(RnUC_qW_5g zBl51r(*zcvtO?!((&)gRZrg6o&&g!yYJQdRj}iVFj`B zHi)q^9P9nbB2NeX|C#Q8-`zhxIjY?MezL#T|5x!8`u}py`f@}WW*lW7@c#GwKJIe& zdmYM4PV=_Gy=$2B`#1uT6b&yijX;!*SOlU8Vf-5MNdzMN{#%mHfhm&%o>-=5zsX${`T{DZB%`~1pfhI){J)F* zmjsagFS_4K6PP3ak9I5a|M1{sZ!P~<@o0wwWqPTZ;!CgshUQMd64=0{mSh1`OLE3g zBL1W(OOUb=U6W+c!6+E+(2{iq*U9KU=4$ICPY1o-R0yAn<)j2r=R73%w@^`p{_ql^ z{G8;ER<+7q<{L~hE8j`VD)6KD!Vp)mBQ_zFD=Vt(mk;o1V(mWWl{+SC0jk*|kYFLe znL<)DTOi#Y_!My{CR`hoL8SKkQJs*9wkkecmm}awI?M!_w?RBX@jEfvIZ4z@JwjE# zF4;K`jBlyJqp&tv&;)G0Lys&3tCGysoiUcLRD+L|>1{^B9R`FtAI{RWN`o5LHqRy% zv}fkE-es+OGPiF6%cfx}zWFT(qTk|wq7X-@*jG$hABYMyl=IyG?6p#R1`hmVWHbHM zVMJz8q#6rZ-n{mI9JE%~O`JHI(O zD+j^;0AP7woVH^6i+VnF>Pu)KC}J|~x4=`M?iIg_o)^ndF6i0=fqEy^wVCyI^~~S@ z%{WeXeuOhlazv*cT|ed1y#L$VJKXp0f80AdTE~B`>%&jxB4J1d6J!uq+T`Hs?+9?4AX^TftTZbWm) zC)@I^bU@diFb6ZawbNFMH)NJ^Id=gkr0C7Y5HchXkf+)^Q&}pqta6tb<^X0uo#07s z&Iy>1G*R2h5|XMb;1qIPf%uvLa*rsm?99?=HHPx=Jwqr#J~VgZH}!)`Y*77*yZ_XQ z4$(iw$Xr{4S~7Y?R{wh$hcXxp{74i+YrqcT33O_`uh9=_Hdv8d2>`+r4++i?t~gNV5*D-t3Tv3{f`0x$Ni^ax7Gy zN7EgpG8T>N*%!6!z|NQ8EJ*+(Q>4}sMPo=4oQ=W51abglrEV(e8n?D}K!K zF@*{8i}oK79#4353ZjFk@-aav;;64K!j4XXe92~UEV6rT3rFvHsY26PcE+wqc0&k1Rn{)|+cyl+Q?OgS zjA0IkIF;8Iom!jf1T%r_?eRIxnS-3{Uy|5`0qBGCzrOwM%6s?n?EJ^K-(K9@T)w>U zKD~PT-POfSu@&(41^}dZin)VPoX<|d{_gJX)OtBZQzD4B|1~b?Nro<DPtMn^|+bNY`(S5?vmG|E-tjPZN_6JgPbIT5&K$}YeI4yEa5csqN!vvo^8lP1?CLj`xZe9$O{nl zH^NYA+TQunQ5l?&ULOIaE>_x}GfnLkAe1T<&|)UnZ@+m^z1Y}f9CFZ)LG(F{ zDiyc9S_(Z;ih|#MQ)U$l>q>p_>#rL3S5k%wRilFOjEOfAMgUP&-6kL$aUpVk*ie1= zdxsixdRqf3>M+u83yv{ooW-7@>o}L}Xz@{=oqj%^KhPz%W>I@?rN8|qyL*`M0FSZ@-;ZI?`%w_{hmN>T%Qg zt3wm1oQ!HB%w05Ph0v0znL3?UO|S!g^;bBG2ab1LZ!z+q9X*`9SEql)wZ;-bNv^aafzQ)zjAg zD@$m1i>@Z%IriV({UbmB-~RsLI{t4ZkK_L%W8?IB_jhI)Y44eq7GQgxl+0x3OK?sR zp)xg#4xkhY3C_k8F~!u>hDl&) zcUn0uTMqTJg(krI}9=hiN+WGS;AjfZO(9@N0SLm_56* zoK!CWC$}t?a4LVwY4HZ50Y zku#D|&IU!M9zBTcKGvRDJ}FC=4N=I9yQ)Xct#1L! z1Z#$8k!ZNu@sNL~Ug(v=19_5WVH9-e)J%9$D9uZt`n$r@OB4!WzEQ}4f{VfobIedc z+mK~#<|3DH#5C~WE11%KZYAkQ>S0v@)uVn# zXXxte7RbnW>7R&4I0i9E{Ao~U+4H4mxY*#`Y=~%vIATAl_&lFim`%rv_8?5A=pSR8 zP#>Pzo^*kybw3wgU}?GIP}ntJ;Vc0%xdkTxPxBN_QO1EpBS9R+W!PHX#4d1++tAo9 zG&sAy{^sVjPX;wZTGa?B^$pFL@tQx3jn%p}Y6f-wST|Oi&n>GqGiN{|MY>4Q*V1L@ z)zjUNNua@u+Y}G-clC$zgVt#yN5{OH-3Ps9ivosG%aTq<4P5-|xX3e~T!? zBs&E|$m7Y*{a)`K&JyJ}Wrv)U0VhSvzx~!XSTbEg>i8-G;0C1#GBmgcY-;sAHbG(q;G~QQpi7B2WV`>jo zx~q`f2_pg0gGCKZmXM;RdZZ!d6hwPb;V9!eklEGeAp?w`ml|C?ONCAp^HlnJ4JgV9 z!<^7ZeL5K|#o^dJkgIhL1FjR;(ea(^NiDH?xf6DbjAbPLVpl zH=w=Szz=`--X@gfen~OhXRlxPY(iCB*+4MZMWd0=PQjkz(grNIwxiuQ*!fg-iz}cU zdaiLcoIibSgE1~~*OUxB%Axn=S}dT4T**StWVKFf;=$^sgO@0UkGCi$S;9omoic(= z%qY5>P{bxAO-{kFTR`#}#;gK+&UZ1|WX22lNA83|6q6*}c;UbIdmzgGl8B<64Sx?L zX`UzhO(e1DRpV9}Y5&N`f8US&SHF6s&^5uI|NOd}N_*d=EU_FAK=x*2KN3}Bw8kD%WdiVC8Ah7$z( z{Sl!t>c=D-r8wpc^!sB9W7Jnu4jk-)e*gZ(A?UvY(wKI-vopqgG8+mdbVrC&y$>pe zZbv8@npDb5=|7f@(W1DBU**8mc|Ga53r5<5sAk?SG)gMSzQ%8_a7%uGm@|1YD$9pf zj-jE_fMqm%zdyn#P5Mmx>Azqc@);ZC6Ufku7q@14fPMzzEFbF=pwf@*rGiC9;G9fz z@pl5QNy5r0`*bX{uiAVRbisD*3xa`uzdVGnfy*iNLhw#3G`kn-&K!knfhEjy%lV(C>>1 zFZQh2s*22kql%tOPW&uFL62)y8L$Rxo+jnZk!8qn4eDS1#RtAT*bT}-(U#N)o~8w8 zSQYVKPi>O59BKE%#oJfb8#@xuSJ3C!WcnOUbARt_oTg8u{@oGagiKKbK=FA8<~iHZ zg=#_+%YJn+G5Oswf$OK>m)|--@%rFE@vWV72;%{q@d=^$pDF|IyFW>WQ&>RH)oI}k zNl`~j=rh?kPoBfZNoT1VtG?iZ(wxRl0r(;MGEx?$(n4gvy+?FdzIhsTzrtC9v+?hl z$RtHKXe977L~bBb4}j_noKF%qlWxU&Fck#XEG>K1#@yS+l<$vuF|uBppU@$~vy6T7 z5rHxkTM}b^Jo~9XZO?zTck7R0GrHXPkKMh!<7)iJ!8-r@N**izL%QEeKX!9Xk`5#g zW8O6kL`;*wO|To{1G974NZ_`2iat9Q?~$8N2LwXPW%bh+2C(l;B=M-pby|9)xJ|0G zAK`d_utN<+Y?ks$3`Y&7ZfhRK&Q;5@igm&AhD}z#I~s`>R$kRs*cTU}sQQizUIA03 z_;fM<6^t+qI^emr*M2-7@za(6n`nnFB48f>-#_&8zwMtKt@D4cB|47h*KOdm;WE{9C`Z`wAw00Ur`!2NB^y@tIG6nx)QvG{&9{L34IV1S^<&C8E6-DC8I zPz3k{X7bV}(<-FudRAEE)*pbo36^<7g^XacJSUW+WDw1b-D{Fb3j~8TNGTPiwV9&K zC-WBAtCf_h5zrL9Ig5PDjtHYMRI~X#tlRml;C|c$gq{qc9lFG8O%W8IW1*6YI(#OSTv;RK$BjFvj;N zGe&rGb68smQHrY%40L+i;yxxdSO^h$$3H0A6PERF=#Cn)ri%~#Ok$B zViba-9Uh4@4pIaeF9t%T2pfjRLJvXBB<)7Jk5_Il>**^0DVcG!-1~p`_N)89!-KW_ zU&+&E|0l=1JE zvh=A+ww=!*@`tnX8RXYCzEAJz%Kwdmvqbyf{@zj5{&%>(|7RsnZT?5*?8!QB$wHek z^-XWK%#Q%mzqJZBa(z~2Gu&_h0w?#9La8n5FIw08Ez`)7MSzXF-*Vm7$JA-u{dhz0 zbems6+24)P&k(xx{-zk2#kM$=fpy94>~4%LB)q}#lZ$mFl1m_8C|CMY;&@f&6%|T} zSxja|j>s%aLTRMda{l9fy2^i(U3+=?Uv~F*_mBPjFMIoI`M;89+4-M~`4Q3p3{0g0 z6p7jcDu7e6Q3ojS6oRy@=4%1wOKUZt1f}(W?`(9Js0cV6s5D-u3KX>(b%F1^(RjKt zP-6DG(FTexwN?j8A}pp4REM`gAt*-r88m|Rj{J}Qw3Yu9jj>EeStd4atpLoE{|6QS z|AT|wwg3N0p7|2J7;rNMY*A)K0$0izMgxjVW-%AS0cOA?_%L;JWV6seidP9iN|2!U zm^mr+cfJJQA&?OH^#Nw`)&t2oNd|Q66x$X&(gFB@(-go|<}e)!MF%mIdAa&!a!wP+ zb;(Tn3{NVM{6gTwn$y|2)VoI%j~+u8CPXCHY4-;*h3lYtUZu$A^hQ#JZL5BBA`kCz zHbefkraCimfpWy@3{@qvd*1fev?4EN6=RmF2zWhkC>elrsS%`)f|kW=K(e^8C-nlV z99(r($j&!;0y&bsF0ylb`TxsX^yNiGlC&Tyu8yr_NUJ_kBCp^#!@}dfp>SWN9|XYZ z%^YwZa2wpciajieqk|Ehq|7^C%G+xPJ{}5QAKaNE8fPxJYoh`{w_E@)zx6SXHFyp{ ze?R~PDwXgQ=IVw3d0qIB+#~Dy>Y|c7<(6x1hyZ$@!z@9Gn5hv}>q~a5FGY{~lgE8E z8txzmGRGEZL`5BYF09QEt)I5?U$L)6r2qW;|M!oND)#^5gSGr$#nVClt0{1nrt=g4 zRj{(tc5cJBrN5BVkjtC!1%DVy4uwb9_>oz1S58+7_6;Et=@tIk<~p zJQ>mKh$Fo@S28&msOZSnfIY!$LI|POd$dvu2{h;S|ApKTp5?iy?S6{fR8LWpyzM)& zCmra4y&Gm)ki=?eL8^osZBH0|ImJARSpL`@DB?SZx1fmC(1H{RH`<;eIVDrXCuqhB zg<%eLD*bmMdWeh=k0&U3n;R`{nF_P|!?_PSs4PD~wUv;^6g3*Mi)bXr-PemfsFAb3g9*GxnpKwCn{>YL zh++c_+`x1>^82lgce3}}-~j94s_*uN8Gk=-(L0s%QrE zyTER7{=j^M9Hv42?6#yij{Yco_fxH!t59{3O@b~ z+ZUm)_ALyuS_OH-WIr!;_zg4Xt9Uo*$Hn|90Ld#<%oOqayof3Bmu}b1R@S$D6sgv@ z$Ami^`EvW)83TZOxv4^-eE#P>Nz*vhI7*!jBOWaMNpQNh#&c=El}yBto5IYa44T{@Q-*Ji!RvbKM& zUUrY+`TS0o_*j>r+5Ii|a;C50KH9vsXu2YFp#2D_&YNx))-;$UU<&EGvPsCoYDCF^0=isCGF9tK9#x1P&0?};KHm~nr&93qu|!A$&!AR5vpId zujCp?Wp9v@_3K3KC7i~ha|t~#f4a~Iwd*H&eH#nWypt7&yL>gEf0cG+WB z%ot|}Bnh}}W;o_d@gc~RV(;5pw5HC9(9`XBmQf7 zf#ceOyP{{l{nxnZ?EDy0lKn)6w>gTJ>HmGOce3Z(e~*vW@jokh^p2Hee-{<3CDz<^`6c2Rj`wHJvZl8YD?BD z>z(!hU_wC7QlzSxUt%L8Iw?fc6!LAr5Gpb*qipbi-{Bl37!C*>?}%SJqWGXEuc3-( zl%gztH2H(i(v&=GgI9zOak32v1ve;9VT=Yq--aYF$&|$e2$fs&Z)C{+ip9q2@im@e zt}xWMc$1MXRitVLKarsXLy=H>UC?_1tiFe3G)w1!E=#rpe;~o@8ysFDn4~yE#g#2@ zb7flxiTHq$ zE;qZr1w)0fDXW2dqc`IuKeK!koOT?I=$A5at03aPOOpQb3)tj&3N~$g3L2LP`K{mm z`<7+?_!ay-BU~oDEmxoc?ex^F$Y9;TV*BM6r+%e`g<_;uWF#QftvL@|xR?cVPj;zc zrFj7Bi&{VrB+$C`R{YCbc63M2m& zh>cyw!Qnbx@JIP{(f<;NrX*vCchmsq`v2{n`2K(UyX*X4D|w`%_fih*E#k}50G+wA zVjYm8do1?ZO)3#d6REY~7~UdoX+q*Jd66cdBu$4fey5Zn3OO1-DlkRoiua<{j3EU^ z>VnFqB($KMBux2BW#|Er46#8Mb;P6OvK1230be6A?=A6qL*y-Z>R?Ms*)XL&0TwFc z3&WX&d26WLGnb4?QD#uFl_41!FC7~LID43Gx#-y6EUig~R}fl;Sk%^urttkY8N7!$ zg~L?9Z&&AbM#m`H+EN{HzMr~=%+4s7>s#E{)uFI~4BWz?*8J2BE!9g4A^BoHDzaET z673EkKQuf2{g8@{|MVw;9fV%xmy7Q>h3C!g2guX7-IZ8NIXFu{%TX}Pv7U>LA zlmw4f(#P^}Mapt>`k_5&hX~MFCMA5}Feir;rYTA>o2sU!@I9W+rhz6yzy)N;JQ#17Xw>)f73u{6iz%@y1o+49da0=shk|Z3&Fcbaz#}&ygvjn|I z$v?oR)(f}9Wcr7B-Dzv^T!)z!&uXdFTQxkz-iGDs_V$-0srPPU0S(`kCZ4`#f3)=W zBXxl3PKV0rr87IMJySX4kqf7KAZX8^5<-SkQPGhjqN3f`-+t@WGDEMCI=*C`jPCE2 z`w+Qrwd)53jVNCufqwY~48Yp7xALcp{-2XhX}^kRj{bjqyzkrp_V!NJ@xLp1lxsRk zmZ$&cBnb!Y)hYdp>HM;&&P}FbS)^_-V=9JETydv}sFJHAH%e7V#90 z(e*49GLRy^pz8~#cq$wAz_HT(1`NQjAk#iF`@q*jCWP@T#KqKXK_{#9q9hU^t}kD< zZ0!2-<)RI-38d(n60v!{a;{OIvo=EY7DYno_rclbC@-tODuj$Ymr!w@|B4sXo@Wf?F?B9BdU z04t(QyE^M%ZJcoh+C`1q96n^|DICVZyUC~$=myR(KXSXr`C$P)Mi58lXNzH zI#<+S%#5r|F{*W|L$Rm6S+MrQUQEhylPSg=lOr{9r^KJ$NPJ0|L>JNPW*p4oXgAt zP(m$qz-LhS{F8T4**k96)m6Qqf0uo5K@`maimagoDlLjPbuh7Q&@~?q}?B(+`;` zYvpSDa|PI6^r0Zh`X2BK{c*)3P`3TMP>zJA8mu1wgw z4Mkn{66i^pS?XfA`S0{~RCfuk-(`EU?Y;x}0LR z#5Qm`3TnI20+)^wx}8;HLwx!s_i0?MVABd_Nl|fA67C(&l1m1nsm}f@K5Z>RFsETd zH7HZ#Vv<4nSRtEe`t2ytXakkj68jJHEGqwtXww!7z3de=l1B z2+Wh;y9N;K@<*!zl)>81t^$;^Y^?*d(*eR1TPp$UXIamJ^1rq1|9`ZQ|N95Kp8P*L z*xy~t|5ZFi{P&Ut|Jv@~A}VvKHh-tfp26SwR*Io7AjAu1|b{?Kqjiur_PcK_*9IJm8l>ge*tla^?-2MNNfB*aO$>Cc5ujHxt ze=b=MuzV8#FcyHCK7X_(fYqG>*b{AS188Lfs3Y0h2(W&Z@GL0*&C6CsfO+!&aR1Pk z{|6`Q^Z%7RQoMhsM-zMn8IG5&0^}4=A$_z(;f7==U2-y1Vb~5(ml@_*W~(xuO_o>F z#sso!RX=z)>;$q4eLuJJ*}ve>AY;SUw-;t`inhT)@dYzrE(mvS zMibJhpn!daxP5CRf6N_WUfPT!M|ecmk#Z#Wd{NMe(^IZ~c^QeHRa;?U+sRcm0advNSKInT1h83sMg0+*U@_*2pAytx@1ORbS2m2!+C zm^=bl!1bq)+k`bwZQ%A+-J0?phkGfc&;c2=41^E}|0CU#=;r`)~zy1&R*6V*Ik6iz+2~3#0 zz?-Q&46NmnSF6(1#AQadc*Z!H0-mQ}gj2+}0c09f0&u3a^uZ&XrtO?2 zr;(FQVb^K@B4aaZrJV&iqEpP6Jf^WSa6qA=NnAY@q;@|u<2aQW(F8;`_(>?x8&2DA z;5!6l^GXF2Z3y*6XglAZy?G4~rG&Ei&1veGh>gf>COkb$X1FUZN8e;y?MYeO*4;!) z(*mL#kK`@io!VeAOp#T&MN=w2TDMkohPJt|FQ;&f!1XLmbu+9}JC&4hEjlAZw}H-@ z*R44>2VjfVZoWD@@6-Yv!ng(8i}xJS45r{RHqtCCu{wG6^~;+ho$}8K4NdT8Bkk#M;}IXY(QwRf=O`Ya5p8H z{+5_qO4=&M73;yym*5&whCqrLSFONY-ha(W;6$L&)F46l(DkBKn!njZ{eojFS8G9f!Ve;qzp`^{Os*p!nK8{ot%3wQ^M=jPw zg2XI9S&R`INH_zv>m#(O#VMp1Cc`DPsUfv%m1JYGoK_X2R;|VU18AJWE?Mcz64(z9WaAa zl*ncofGj9|T`wz9)b_BFzdc7~S;+C3vOHeIH+`UT`a;7C6uE*^87x&VS(O92K#L7V zvouxr6l_%7j2NnJay>s`<>yjjCZWE)N0j0OZGp{9_rEE7x!OjGju)OT8(UQ`t&JZ= zuLMpuB_g}QNH^9d-lz`gYP$tdUjXAH_W6DP^ZUs9)B;)^DnYu$DP+u@gjODEc`=n9 zwE~66Dt*b=OsKeO0LDN$zdltyfM`Obd{p1%4-j^&{z(0*+w%V`A3u}+x3_zA;Pe08 z!?pj!>lWZp>4zw4Z2gIrYi-*laEinDQ4cFmKJWsiBDmOrb)?@ZlfoTmWu;znNx6#Q-F zAOVJiq`qV{A-V>1#OVxGy;^NdjQ6TXavzYKAdQgRDKv+Aj^dEzV_Ub-^VBP`xN70T zvLt!gZp0>p>T3fxOpf@r>PQVpS2@@O_H<{(WSCQQ zkI77aObK~6%RzL%7lFvQ`D_esP>LW!gW|eDYyN-E`ZJ~!M0XB@E#S%@LM}bila`X;4DG!?ZSgZ-^Z;??-AGnzk=cMVS?hON#R3w zhF8O~Zm`%CVmvuZ^9j6~O~LU#*s32o4V!T(!#6D=m*-5UJ3F7>pMHM-e?GtO(}&Ze z!-M^uf|qDK#CQ}aR))oXQJ7a{?|+^Vj(h|+GQwEe6`}vlSUM#MdZEqP&xv48C>Q$< zAIHy`K`1ym>%i55>ICJdWElHU#Jf|Eak{fIs%N1@-Rgnj~-3J5Y(1 z+fcfK_N)_l&YSzXXrW~2>92n3i)QC>#H|W%@X@MHXMQcbLC@Q{(Eb1>{ z8!Q$_I|HF#yt|dK2>R(@DlA%Eg1vBUFnp515Y(8bY$}|~tjqv{nB+zJs&bb4W;-{d zluX?45~2KDR4!-SRwYM*s%K1eo0iP}TrbFQPG z4}FR_6dUdiz(EwlRO*5ybBeYqQ@y*EK#8c5l)3^|!`p`_sqxYtLH@YqddRl}22(a6_Vibl4AC|9%<{Jt*~mV5uSMiXqy z?N_5ne-44(YZQN4x^M#gtG(M$Ff0sv-G$mbk)~r}&p3ziWQsEWQY>5S^uLRcdq$bI ze%e3n<-bh5v5*hgJpccr6W{-T?_hVG|9K@(8v(47uJnE9EX>i=7C@$`ck(UwZ?deb zr>o>`7ow8f?T0VGH9-FY1c<1zq5kc+UccXOG)Ty{ou;J)LcZQ`LLF_`6>kVpX;anu z6>#!BoTgh1^&70i9}$;px&9|b;)ZLIlxZ8%StrBB!_ju0FxYA{(1s_$a`PgR;5>qidN>h$d^i9iPvJD`STszFS+Pxxuc|Gn&2-PFK& z_Mel(6OaGzADyiE|4JU^bXZA^Chb2x`|1)z)qh6L3%~z7Wnc?zg1~&y;b%Hf-N(W^P~@q#5<-nshK#4hlGyY|EaIsm zLxSFe>SPnMqi8S?RA2Syd17pT1wnU8nXYVwL;sslE#m*nLVgke;5nA*aV#qod9vk5 z7Ou|Ylnh}y!0%Ex&{6pO?MXFvhiq*o8kQ%FG07OGGx0v4M}Zb6!*f+9oJ7Ft zQU%-R+2QCR+^XO?f1lGl$DX>^nGfAhlfK}FXMRIZ^y;#fS$Gm&Q|%~6Ox-8Mj=ZWClLwNPIhw?LJgICZT#ZgLB?*t7wfQ?+Rm1Qyr` zHP6r`Y=*#G&(820n>!b3W1))%4lN6oWt8PU__L|^IkWG?9wP9Af%JFDjANK-&+9VR zq31HYN^^S4{htZ=d5-oa#q+HDzap`H{r*oEX}kZk0{Z-rFn|AN zrfkjrPk*-de>R|n_G=Evh4*VkY+cL!n%j}*IxH-P(rqu`=Z}8&DIsNMl#@h60E37XDJFG?uVhQk8c0CPfPi)y+5zzjVN8UfO-Bu2m8MK-#<7!Ud#VgJQe>R zXQY?o1LR$&Q?Cp-1=}eEF1nUl;C}Fx19v{xs0dCWOHrtT?&>b&cC^WHD1bw27orgU z&!rzYZAHPhyBI>fDYJGpdakD>|5q0^Etmncng8z{?(bLfzn`3}_kSySl;uuc@3pL$ zFLSF`Ctn{^$zJF#tJjy1Sv+39scb=X(U3P!lRu9JSGk+L*_}t#3T)AcVbMZnSg}2% zmUVMT$B5seR9B`_Jn6lO7^ z;PRTuJG`fe!!#XMNu#&SUYGQy`89#bR~l3lFc&{yKB?ACty-7YUNw7ay#Sot%Fqmb zUxQo7(>`pa3Qcn&?;~fNP&h`ik8&zXEk*_;63PQJL5=aXnYDqbXS(B+aj|%Xcsx;U zxR;8#+{c?yvV6^2m(9IsS0$Ji#Dz1*w4^7J1aBFbOs2Q{SX=x3u`P2ci9%-DR#rsd z%+pJe8zS}#Fcx~H-=@UT>0V$~a6*xu0ki4QNUkcYdf~QNL*D?hjZ@D!jI^75m!<1U z(*&#*3(Y~(bcbnJb#DoxSDlP?6`ST`39X4W*7&D1O{7Me>8a#<26;Hu%_GU31WPXm zwq{ZZ>iTVmoE*F|fqkaMQ8#sxR=<++C)nNcGNjoIRh9|TtkTu5_3l(oRWXTGP`By> z$~b+@2{!kXdF194q7i;q=D`(nl*fJc$ehqTn*?SoirdUIkkH9>LveNbp2OHbzidFQ zJFx0eVg0+%_-Z*~rb8mJzxTOR{d3|9>= zV9nSoqzcWmBI|RdxJv$PqvbOfM|3^`&@YXt6+`br#exETvs5G1tBNClx<@a41ZKlk zBPY%0K{56L7YS=#%&Aa2#htb)9NXpS4F%i5uV^@)I#gece*+`@9x*VSjTwk3WD_yVzW(MCkWA&v3u<~h zU;1bh3O2RBpX`A_(sX|dm@g&awxkzeU8PDLL60pEbac`~9Z)uXu52fkcPo2qEMRje zJPNRX<^>~v@6b9VYUlcKEXvsw-cgt98MQ$mB#!=QsegL6eYHysqYX1+ElPi><-5S%Rvh z2W?Vc@xNV%mc4vu`%p#&{K#%=nG7O`mozBoJMqhTP<(XpZ#YvNm~+IUZe%y&og3C= zKn3fQyN~2)d;WJHFMR#q{P_P}-~U6rTc7`};!*PU+w9`!W62$8Hh*Hq=fr{Z_?lM1NB(z@~G;_n0H=jI7|(BbcT`7{7a|PxkEI-#z9H zvHfG|V3RHu<8PBOppUe6&R?qH6AVtdE-?)x9e$gok3h~gIn(h7VEzRIW@d=JmZUrx zfk;lq8Yf@$v;OXn*_L(yc9K+M#&I@2Pa&QL)Uj10-u{r zHixk+U*DB8WZ?`BjalP=S$@vUmhztt;o=IwJo$fo=*R!>9`3IFKUeao_>Zs7&X<+( zN6eIt3V^E8xAG-lYoCsi-^jBn!?8sLHn5#S>)Dr_x%zDJTZ?^d)T|$o0x8{FU-+ymcfakKIho>{uX<+H ztn${@Z2mpZCTV@!OP+OmOSs|LqQm-v=ha>CT$9|qQK@7f;vxZOrL3=ZUZx)Wv0i)N z+;uQdgIj0m|L9Ep!KbzUrz6ClA^+pyUgiGhy}g6={XZ*t^a54^+)Hu+(37RJ0;p?s za0D>ZvYjhH5&quE8-SJh9!kZt%n{+pdeg!x+yZo4Rd#%tVQx5FD7BQQ7=&4;b~OY_ zBFnOzD0RvQXB9aOYFu~}KJl%n2*FhGHEMW+))0(_vaoy+s2%hu3xvmpbaXu#nv`@8 z!v(bU)|!phI_r8RuY1p>&tpYotBwfWxU5YPBk4V2q2Ui{WKZ=(3HL|fYxk+*Z>iUG z!2R*k>z#5|Fy1XXBm#4t#(@)HaGTfDwd>2%HA=i-DdJ21Ue4$-}pmK z5c)19Fj>d|IM4ofaB|?={|@#K*YbZAk6dEk>Cs)5;5W0SqsT9-brAN&%xov*i{jnH zyQyXi_TpVdq!*2J66OWGPO{w8s@E5ix4!HlU_Os5>JjKQM1!)=l6GP%uB3>X2J%ZR1y3$E7{pm#2H@H`Ljj*-|m60|L^V} zt?&O>$s=XU8$`z@wohjiHwT1jO6YHHNSsQbIYA)O>p3#w-qtQsJfy|-4BfXB_a>D$ zmIlQ6n+c~vzuXaw3cX!-$#&e^Q18mPKu5=JtSAUmQ*V<@F$YD)G)*M;p4W}3pnc*( zkmK?89?=JiIr6Y`nsh)FO40yCMMR&wTd-T(vdFVe#r6k%+VOwA4S62_uf3zA!;1gc z-rk!3ui}v$SsOtl+c$Uqsr{PXEy+z#Ofn8}1|}$-0z_%CPt$?`GcaQ_n5K^)h8dVh z*9riov$xF;hJPgF@QO6E6h$KbD?|VeKpw;(h zZ(fUz{q6ScRb;~}nZ7cQWrft{1h5HtFhAwJ5<&qg8J zG2&zN9!w#RCrG}PljZ@^gju<%tFBivi!JB_O&2pkVWzQ_(`pJI#YBOCA~s98&`b1e z9C#H4(TlF0g8#_=BLkn`tAB5iApsncd!#8mu*W4NPd|Er+KT_Dm~poAV}kB+j9z2b zaW62B{~zr8@n8E#hwJ#Sl|1uUTRG+qbJKftX$}uq&2jR68*He$PO=SI%jnZ3Y(Gc~ z{p{A(<^}c2x0Wf>pB>_&$|>V@3$&v-Rd$kr>$T}iE8A9b7fh*yP{(=bbAe= zyppWaX~<6XQD0Fp(Yd(PLUR(Rs?NFN<-|2rL!Vqm{8H8gYA98{%^wuBzpLnBp%4s9 zr&yeUa`2Tr850hE_?-Pc3XJ?#Fv@DZb6LXEh5uVqrjrnu&;L(6{(o?Mus;7?$up1t zdt=^R2v`8>C4tw9FAg#kfYVVX==yyzmpe#?YO{Y>@lYMfHZsD_&1?jO9JxY3u!-Ds z)QJbV=cuNGT1$YXJe~MIp}f2HKcD{}A5`@J{gZY6r-Vz_VKHJwfe_O(%0IV;G^`wPWye9L4SE$x2#ltn6PN3BlC)KW9 zD(TqRvx+P%h~kPiLc?-Rx3jfXaZxfCh+QV{E4lfM-;US&21#V~A}aD2cA!9TNT%&=v>#N4MJ(1xnq5fU`MaV?4xa#@4wE*X{_eR#P z{jVk{ekUMDMHt-#G5|rL6}595tjN`h*NY*od)K=8yNxZRLTn{$+R(Zxa`ad^5{KQ# zL4l*1s*yM9V+(Q9Bx-E7{B%iEPLhzIF+J}rXZ)QRtBG@M*vu7^Y`)Za&UqFRZ8eLu zAlF7v@mufGKFTK~{|6J4PVqP+6fLEVIr4w^$lw3%9qpg2{l8Z7dwQPdY6pT|cREM`ReH%q75lxrc`+I9i2s?N>^|Em0S#gNZkB@)P7&*UIbaWY@5{ju zzUzHC;8XE8p?KW;^8e|52EK(9lNke-FE3bckW=y#ig|B<69jiuaY}yb4enV?614Lv z@VC(Ve|>p=admsKv^JX8|K8q_pZ{s^aPM$!|6j@T)r{c`F$QkQj7ke_j53D6-e9lS zyM`1_5l58udg=qAr@(&hCJ5Zo8IqnD3|y-fv8^uHBQlmuIeL7dyeudl&N!h=gF}go zJv*%d7oBUr(!Zi~3gpY)S(0GEKwt{KVF-LpVa89v_hcp=J!TAPuTu^FfzWpVXCS8} znZ=^wHh>JIBpdfY@PQ0q4lonU1;spl1Wb}9(Oye7f;lDkI6+AbC^8!17{e4$loN(I zp^w`jh8(733<%YL2L<*pWduy&I|Ooy?;%GuaHk|u*^vb!h`4p*XzBKPG%!Qr>Z?TBr^_RDulVx2~<(pYbv*=QP%!>IbNYNOk|3~cfl&l&MI_~wZ2*)w%^~AKS<7At%%L$2RqOEP9oBHqn z{4ZVNzyI_9Zke=DFavLMl=UdNq;2ckcweffU1+Ux9N% zb3zr-&xYIJEKR|UD9XSM5*sv>40`|lpZ`@uqyPTT|0@Up0jDrQQ%K*5sS*Z0==J)` ze0se`5p;*>l&JwW5(rEXMZ-rh7ObCvM>12Fqe;?mBI&fPc%)#rDpD>%lB42#)DsJu z2|YEzObH|;wNu4;Gm`barKTepoM9gbR#*r{$-QNDn1PUl+E#9Z+d`$CVlEeSil>69 z_1xA5z23!Wgkrf|beN>IN{jhBA~VV-0A?A!N0dQY#1W4$WgO(QVT$AQu~*DPQ1n;x z0ti@+Vj)R@08wxVe}=31E2d_zn6(cR98biO04ja6Y}8&J!EvH$PD+41d9{ETUel_} zYPO3Q6kSWgG0Q}35-1!~m`{4jBU6CF8RUY3mm|>}tsOnvsd<{Gk0rC#*HB5e)Qe|S zFz)nGw29=XNdHyDVv2{=6}v4vIh{%J(|95{80-nH8d0eSXnvwJ37b~iG6NkPjc|%3 zFF+Z`g00K(hBH1P6#o+?J&G7gQ$*E=qB)926yi()o-rfv+$r1Z3BC}MT!;%z7O}U% zVyemoAoU8Axb@UPlnY2oMAi$@bz3L{fX%cAIdS=!+C7@(4f8z3i1io}Bgs+vsN(uz zJZYYeW?ERQLax7iNFRIcKu{#bi@es%48fq+``(ZufJ{m2;>5N#KvYmo} zf(sb>2^JJ2&;Y2Z2`Gw@pk);|oY^pY1xy*Iu2s-d@;|CIr`D06OiVJxeweh@jfmh9 zdY<-d+RN}`ca=ac$5u>~?6H3F;4Gk17|>E2!Wkz*2Z)74>=i3hHD@ycx2{nG^tzM% zfoTe)BG%I*%EJ6u$OsEmvA`wQkR*rMqZSgSR^E^op0&D(D;UtYWfZ?Af1S3=7wq|jdF+|;^(WHCf=RWU`03UV+^wH)b2jcU86_nBhw1x~)GIVblhlNggxDKv*D zB@aR~4}IUT<#z?ugb*9tG{Hs)2m<_4RA;t!DE3gIy^nvqz9Z zj;P`Oa&IO+6p~j(H8D9DkYk}1$pHyL3&461Q%z8?tS^W*MKEIuHq%>}vU`TnReBLa zxn&!oA~HvECQ)-t;Zz}32QP%Mfac&l0FH)Q5Vh1$U6fSF5SeiaN$96gn*;Xcs30uH z_Y`cxtrA#f!&B^*j0~4AW+W^l$pmmb&57WfnS%{QLPJ%$u-1Lm#CCK)Tj7FCKobQ+ zYWM#VWZ4{U0h}>J^=(#SE&TU?{?`@B#Mljby#sf~*^0%W*E<}5DMGJt6z=&BfWvHy49xvZOZV`Ty-5pZNCQ!~M1Y$4Z{!6y&vv)9>{@`wU#c zsStLz@dQm#uh%yTLUrQ2(;fhQlb7oh{A1(QEKRTA6#YYfcq`Tdv)}hOTmY(UAKZL( zcD?{GQO$tRfEP!}0JOrL8KKM${BONL_nOk;*%OGw?t$mxoVAS?_&T8e1J=6>1}M3J@8z9?7kGq&Di? zz0ZKzQrp|;8*5Jv-o657SKotwy}Ww4t(9|QXOQ*_K}M7an%yGD)>N2U3JY)wv+)d$ z5g3zuL}e^|xrt`ld!yVEuxh6UJ<*QbP@Xzd$Z{wy7)cN2SkIJG0CSAqbCk)Z2JimF z2AJ&J@Acl{EI9?|GsemE2C0M1muQ4Dsp$7imP8@8g%mmkaXMohQOwv3Q8sXR7$!Zj zI~t;tsdGe_=cnKcyUZ8n{ovhfh-ij5lBg))t%~A|aWQd&#Xl=@awZy+8YuUMGSU6s zU~g}*8}-CM3B1RY%yO5$s%tV2rRtfcn=gWBoG8n!qfCQ==s8Je)6A;U2R|{AT|+)O1p`%oP?|`8_}`oVN5&DpcoE$om^?;X zf7hj~!&HTv{BFG!)lT)Ll}~AIiWq}qRB7+lMv#s` zu3oXxA(HlLY!b(?{t%4_MSxIwdKy#07%+zgfaKZ$#s=U#RkkK0R+!BCiJ3~$VVW#( zR%V2oSLX)@2me!<)uoRL6R*FyJ0Dbr;>;NyMe(F`&tPJo1j{)`a+IB2Uw(UV>wWOZ zeC9605<@|3`wDEa*5sMFItSv9>iEq>)k`y_^7Vi+&x$m_{6nqK8#MX{7-5tq%us^i zDNdm@Y{Cqv#<#&l9dT>t7rn~+a^WV%c1YEbRNEasf?~az%>ZU{IKPD1JlBF|@JO)=Kj7jMA-$KKm7H*RBz;{WF+6x8rKN zXJ#|KdkvA0gfT^M2+(e2@4m}@miuJC!Z`;ZNKq2?;f^~Y{z=CoLEzxve1Dvu=_>mv zr~sR*f`%6}l)Sr3F6*mJtMm)Y%`o4<%$j^}@{ zlh_-K&bae4+>`xymO}^@d!PtyxF&YVT0{k~%!eYeviC?P5Lf}8ct3-sq?J!WAVZOA zK|w8gu8o*gwnbo(;Ei+bc+lp@pcY;OSZ?3k*r!rKVV2E@vGh8Z1B2{N*=W8bN;H<* z>Z@dNeJ$psdNgplMjUtrnRS|?DDmGDn!<`AEESJTLU-EEB?pe69D zRGF_FWuV50ZmP(TW;&QPfb=E&>t{`yLg&HG|F( zJ~D9)5}G&Tb!6Pe(Dg(Gt_<_9KEIJtiQvsqnPSFe((WAWldiBXyk@l?(C`r&Tx%6! z(2zHlgj=Do8xR5QJSszt3Ck{_w5Lt3(g}nnK(rEsx_Y4;dM-wkRLH$Dl8dd2uSeKNT4IRm`KZ$ zM7;Ga!{pM70&mTC0-~BXx;%vCcww%TVP~*tAO|X~0K^q5G|`k~%ebhz_=BejE~H3N zJ`S0xk|d<8nkDjHus6c=G<%gs`8>l50!k9KbR~_gLXyh}8k!zZh46raDt)0v^40!m zRki)z6Y^XT8T+$LEylDvgT_};uJoD<=s@iJ%zvoF*YP5gLa_B&k*SmrjE<;6V=x5D z7%|HL#{P!Fj1&1F(#7vZxrnW>#}ge!BRV9mUg?$aTq=gJwW0_EA>&@mFE3XAzFJOM zFOJx8FXm^-#Okxt+486A%E5&d?d=_iPb)JJkpNzR0p(Mvjml-j6CdqidA}tMT$4@H zsbEg9*H)^(wKT=g3zzJXO?e)pIAj$2;pXd?-&(RaQ3+2c#~+X3VyR;*s}AeZc{p0I zb_S%USP2t*46ul`&wTT{e_i{`%agBHozmq+>*Il^9k;r?@cO|SvTsY`?Eia*a+Ed&8U(0v61*sIijvu~zhtd3*GVN7~RghPb%;ff^d#(g_e=h}7is8pxb9 z-P7#O0)?!5B(5O^yHPVxOu!YPy-}(nM^Q5e3vQWW025@s(a#Q0t6kuPh5e+V44#c?8?oxH9#46IqkxCs zqIjXjDLb&gzEjFre(<+%4lHRoxV(AyJ^t};CkI~TO2wn7&(Csvm4sh33T868*FoA# zqkv+Xy#3$D77YTSf-hjRgcd@N_Y zD4mSV8%q_d^)L=iyX`=Id3E#Z{QbLE&6d!h8SSE>0Ij^CwZ>aT1BcSWTR@#GA)E4t zz*@XuNOuP1c)8Ww*|qm;Fo!ckqZmmJ04yrkD-xB>?2ICPkhw}{=zeNcSo)n{ zIxhOaC`t>`8N*~7NH2^lp00`+(zWKP7{0!PNl-=KFT8NU8)&i0|EiD%VMB;cg z7gskJ{t%QuQe*bR?d|o86H9U~u5MnOEF9x<4%ZeK5o6dE@Q}yTeX~)Mu7JE zJ9?ilu5Q*nRs+R*N>b|qYF%92^w?n#6EH1C!${4J|Dn`WN#ve!s*l*&^(AB)0pu0{ zkc&v=aia%%OE|FBCJ`J1C+x2?09Rj{D!qOk?aze4xm4HD=ADK3tC}Cct0295G4DAQ zgg2-jDbp2kxnHUxyo?+M*?IkGu}x2mZFp*|jY+EKUd{^3?m|EB3*9m3 z?ml<-`PXot8-@D)D|kN_`3|PJw=&9=R%64?>_njJJ%8QKAOs+C&|9?iS1FeT(Yst zi#=|tV=f(YSq7?vr%UfK`G=K}z{a`+J=)#8Jr)wyoe4eNxK6(mb({s%~*1{AQu-P4!kw z%@P$+=Y*%Y&sC{;i`ADWgsdi<@F^DT?)4T+g%m(4feN8wUS6$B<;ItH@hPRyw5s!U>*S)RCE*w{#k7r?Gza8Y}Rxal)4u4p;&Y$HC711iuLH+Az{0lWh`~R&2XxH%X;FpggF8 zI8iItmT6ffOrSQqIHmY@o)V1iMY`}N<#8i=l~pcg!c0|6UH^EJs7K8vz<6@(Sf~<< zl|e1cmHFLUf|+$BuOoTC5|YP|5bW;G^;g*^Ijy1u-KDIK?ow_AsbBG>Tv>E#1xT<2 z6@i4}?)yxoVJjJzTg}JO*C*e6y9G^r_uaXD zlN}yh%u_y-5ql4X4Yk7`jGAHqw;RZdJ~%3q2rVj^oJaQ}A4*}ym|(A>V_MPi(K9Em za3;&D*;dD9H@cj73!-W-^yRg$u&Ht|ocjtYsV~8fC1flgqwIaEQeg4f9W5OsRG5bp zC;I>v1DFc<3z^X`uOGhk-?Vp{vVBDwC5oE!>wgwJ7iq@b6{A!N!r0xNT~5vWeRl^AE&T1Zm_sA0I|$0cvhJ1|`*NCCLmhrSjJOs9nQD=0 zY0v)Xl-=F^@b>Kd?ZwNxJ0Cf6)Tck+{BU-1cNhHM*Dt@lyR#VO|MK$W>$|&+tVtW4 z1Z{82TL8!KT2Ozl##6u&JWIeVwS#EC<}G}36x=<0?=~o#WXdvjRC&VXrvr#wkBRXD zQtcN4op99&SIZ#vYZb0kVZ_UCwoT#v>kWH{GkgZRW-caefrl;KEcUV9f`pKyraNv@zzVC%mD_mnye#js7kk9zfDuucnI=&x_RX&)g zjnMJ^aB61Bmu2kCAXv$hF!$hCcXGAedP3?CY2_Ka^4D1b z4L$LSQQ@(BJT$Bx1pnvl4+~WX8?mLsleT!$NdlcDunbbaQb~YSBG|Tz#U$co0pl(D z5Isgx0cehZ5ExyWdg;MxjJ`Nu3{BG#rS6N2NDRQ5WR*8kn=({R{~444#xuzxo+MAA z@}TIjjRiS*pH2 z@~Op%j=L`$UB}%!?!F9Czf$i0C`MDI?l<+`JCh`~0Hcl+G#3RQ)HQu9xcbaZ0h7&A zyJ1VM9^Wvn8{oT*SmB#8SJT((X?Pje6xU_Z*&Q6uq^pN)1(BdCt7QdQt}K_pE`W67XNK6Hc zUe=MbEP=vxa0WfiVigts|JzZzkAsqW44{u={vZZLdY`Jtbb!r;Poctfi|Hmiq=SJ) z>iUwh!N5Y_klTrvbN%DZEo3q|47%p?MDaLmRJ;WB2)W8xeeN9fC-y0AbsSoI08gR; zlr&%;z79_#3oZI~$K=ImyF&yX$k=9{QBn>8G5nBwzt7-C^~zBB-d>?(Ip8l^$C!#a z*9sX2ozOF-wH#qx_Qsmr3Urn@;(1I3ztPQ2#OUs;Ayx9Xa_ikupqDOudnTeOPo+ZBOEwjsZ_c=|m~0W<&`M9aw_6~@Xf%r{s@b3e3GRIy03Bg>4Qgf@U_ zXqPN&GvfyaJd;B$C)zb{J{nfOPj@8jh3K~xwC^j4L&8UPA#{V9o1XhKa^wd;A~keF z%_ZEh1iOAC&1J`IB&Pg9ssd|~+oPTMjyL1N6m0^dpD-Z=_q_#GIxn?ZR}4xp3zv3(NEcE?|GV>q-^7#KC6H#gGSSM@EZjx}8jRvgvAwc9_* zjF|2}mUtSL=u!Lo!veup0_O;?5OwUf0;A=;B4(VR>Sao=RtA#*l!yd^ne<+!F=R#I zyFr6zGi4tR&Q&fx9F&b?b$LcW+3ZqD<+h4j8kfQa(ky7rKyQ~fsq9fw`>yUYT|`q$ zNCVvYka~HM;Ns${pjn9fVuZcx|4<5cKw)3oExH$iKCIQZs8s~OEeOVS-xwZjbmcdo zFPmF`HnRV0V*w)3zWw8M{6^qYb0ZY-y{!Y=WegdRt0E10eSJ8f3p*^?J6-k<2iOxD zEh9sAtGuy0QhBIK96J0#UGBrd4T=mO4iMMf0*?BGB0fZqti{RPbyWUv@Zo?RVyZgQ z@FT!Q3M;eXWiHy{1>4TXgs=r$*C|^Ho((1o`qh2?@|z7_%&f$mr>E?{{^kGt*WdZz z=NE(D|L5V~2lTJ6+@FsA?eN2J)d?WtT91M5f04n2(xf4ZzF zMFSt4fA}LlZGtn3Cw)OP|<;vZU2`I5(avrVERo-EE%a{nu3 ze4kU13-l$qdzcpqY1Y@JXo|8bG%yV&hR)PHhaPC>_P0U#TPTU0n5P_X91Uh z6m!&5w3-PsC2h0{5&tHd^+7ULm7ab6GGoCME9l_Nqz{p8(26o%V*Ebm(54gYE>?7g zMxHWab{eBxZ#SOK(Kq5LV6<%4zclK9dYZJ9KeeYu0IaR=(KU(G*d`ZEA0Q~h6@k-d zhUXIj-S@oAFH|DU$O3!SP=SUpoGyyrSDs0hqiYX z%{2YX;<7Vmd;17&fE%nO{a=|L(k64d=4!-Oo(=8}O?7xf)hW3CseYq?2Wx!!pr4!BGp8bcb zn-r*CNCfK2)^OqNAR7Z;0R_8BQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^QHVuW z^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZG zZHdnIV&%e8ugJCfceW_MD&kc$OYRY$EH?K`O5YE2jKJ}9Vz>8o!}oBJ;dUXqB;cG8 z*(S-}Hi5WGF6HhIW>=nneVPVISrXQ63a&(rP#%T|ar8Xt zrZ*=#f?yO8#*m1Pk>R-p|6JoWnlGo3E1+7k=s;|)nIVWdgB?9ES7FSJ%tg)jyc@-p zW5x|j1lIs!*q+ya=lE~` z@l(&f*Q+n9$1)X@vyy_99;B8kZE#E4uLw)1e0Yj0dP-phErJlA&~F_B} z@?G0QFnGLLgax9GeWQnA20f4xdyt!k@?FmbS~xtStTYNsP&o@8hNUDtLocXI2ctqJ zE`ks_H4$pCMgk3UtEYumUfDDXc_Z)Pb`Cxk?st>d7TWWdP^$&-@i;DnLS0Y?;5(gQ z71`SZiERrgwqrO)_2V0hO`C+!xKRQ2n;?d!gY&{@?;BbfHYsZ?tpe{UU*K#$<|aqo zMW$Nh*vr5uCQU^|SxUknoWg35KG3qDdNGko|52o+5?``qENYveMfTpWd@!+E5$aPj zE+M8`GtN#je2e72UTW{gFU(bc{Xn)V*Ov6>TE#b+h$!zsHxQv^c7aUAA@Rv_sd8!N z=TiJmxE*fpO42fm1b`LU2VPrZy@C|DiL{&a)GJY+hC$1M~~`|omuh& z=3aWzMJ~%ps!MiB@v2D+eZQHhO+qQOWduGSB?b-2;ZQI7%=YP&UH}1Fh zLw00lRYyf+XLM9m{+=fpK3NaL`|F2N+woT9ZZe~Ma2nJ0i5oyfiMyoI*B^Q2})oEp1BjiG%DR3j0n~zedg2-tb{h(^$C| z4YunV?HEJNpdR}rPzUvU){7n4mO9trf-RUJxxHmA+Lks`5uJVtx#Q$Z2E$V|8+B%^ zNfCzS$i`l?aG?#&r)kRbpwfR1zIB194)yP4O2(Rp>l+Y(TJAt%tjsnd>-v$)vhtpX zY&9}skh{kgaV0}gk`F(gRA%hTiwYCg9$V-T+hD748$q^rfR2e>xnjwLeSl)-&e2D4 zU~;Qabwl@cQ?EQj{-A`Ka2m=VnVuW|mD;Y$8#wlew@ZXpB*Zm?Sd@^1DpuDbQwKkB z5aoYR1VbATbx5kUQ2hpp59%=t4>X;BWc~FiXeJ@zJ~}_R)1gKvnVO$Z{>R_Rzn0FU z8?|Go!3)aI4-N{1ICdRknL{qPe%m>COR_C{=*swm3*$U_$Zd&#OY5+S|3JG+GFbDH z!So4(gtm1Arj>BY&?lG%w9g`y_KJN2Bn7pCsIm~|3MP?odT%9^L zVWI)$4n$FLzFb0TJW|>8-1!)c(jYvsX>Nb6k?F;eKH)EJrIs<_`eJFl?IpCG)200S z1XI1v)+8@N29H8(U00+@(K=hzXmA9~3;ai>oF1ZnxL?MY_0htXQ@EW2v=;lO79X(b zHZ&!%krb+KYu;$IS;c{>IhrL+V0FiCRiB_@j}DskPP$dT9+k<@!+Fu7`mbI^VFN1A zA0E>k-0m?4_kD_^Rh9@R2L+(rCbSBcQ9Ggczz`C({1;O>Yxhj;urMHOEEOl1^s}@| zS0H7x13ahz9tBSjno=G9r5B{`d-Jo&UD-X^N!KLLut6{S?urr|$8i-*XlZ`b97Jd7 z#!v}jbEa}0cjHSaQWAF5H_`g3`y0RgS$-^vIKBo2JRcEzB+uTVO2)o|>X6Yk`QLy#)M){#r(_H!GH7i~TtukdShtVcryY=$SnASW@Izu0p;V*Rf4!22M zNvqmJ`6V#SPDzIWTL~>(u9S3c?3`}ThOQv{hsEmmRd%(>ShKu1iU)0E@Y}eQsKd_T zyU-SjR3jE6EDm&$t{mtaOFEg9cZ?$}+poA~Ur@jRq= z8mp5=ia9(E(*+j{i2N3;(3NuC`BQX%c@6@*1LI!BoLc^umsdy@=YE7!=z~U_RC`^< zRgLFX{N=c8$KyYmAfcBqH}=~h{&k+!cNNPRB0Dv^k{xo<`FRX z=qAI)vZOd_{zVC$&}|PcalN>I4!_1MC)o0;Xu|7hk0{%}+lceO%vs{>3mLF}!7awq zCW07YCSz(3uc$?Y{cX&t`_YQ~^nDE*daV~e%yxEE zxK$#AXru05!qt}J__GzSsT*m}*zeC{)D7gdZ+Jc1n`cpV$h5xTHx+EmJpzr(=vnN| zk7l|??)tx!6a)3onVL8OLQRA|APa;WZEx{cxQIfcUQJ?KwZ{#V--=QUhAS)x(~v(K z&Sw3=KStQ;9j#eVT2VtgdNl?&TA6Ty69%!!$dAl)CmbmatE_zvHy;d1^4Nj3y{+S>4walOD9EJkK z{k_%ZMujKXZ~Y7F^;EB&&P>Go!!}VmmHR<~G1H+#3D$uEO}(N3L+MUffYsYQLa3#r zIBE2WapN9-PR~5JEDN6#*NegO!kv-!;_ww4@#iBTj=IHZ0-9&K@#&OxGFQAziylAM zykiK^a4%Y*O^=svx@4WC1N6IR9kl{_@3X`fq`lch$L`>!LDpXO{MoO8ji8yl|FG=H!0*HgCh=LU zU|u3rA%Q$X<*x(^4x&a!rLJ`#^f@``l)h{z);LUMlay<@B1&UrP+mdH4(>@%2X%Av zj5B7dhBUoEaTjt$36~jFk>*gR8etF;dC}fcSxtO2AZ*kKeA*jE!L?Qyd;j`%ALrS0 zGLIFHn?71D*6Etc)H#90qc$2yc;|f6Bl_E6E#Ji8P%9BDGnMIjk()w@&P*1$TFtl3 z;NV|#+zTV&@UYD<3N*5bi84XJx`%&$!>83u*bQ1FG~(%s%IF8 zps249N8u?^{)py7l<@b{aVZg>BYlNIzi%wZNP(6;fqJ6ZAnDuG&yxp)qfI_)2g2pv z99=Yxs__^+FjNDiDA^)sACMC+Y z=;GwNE}FYAiWaW9uWGMOo4a}}JwB@Xcf^YMghbcy4@XHqiK~tNK}4`nfp&aeMk% zk3YGg@^XJ4s~h5(SBtO|=!8L*k}H`EzrrG3hUOeh7i`cUOv$Aex4 z7->}T=HvD_+o7lh6yAKX;UyQSOZ)k^-H!8ZFu`7<=P7cre;?28oTLuImGQ^^&wBUk zn5KLb-tdP>ZA(sZi0p`B-$i>Ha&hZ%*2iw5&c0ZhOsWivfI|DShA+9hVBDmWmyO?? zwgQ8{3Crh>vxW8{A~TAGQgPHG@4w|!l9&Sx{*m4oX|O*Rzd7fvMFuW6a^{bxTxp&= z6x$I`0c)9U{$GN*F?))gvlHyE(W%+(Pia(SRqWn_S zh&EAoaJNaXW)<+z?j@8d8jovisw%WUAi{^Kg9Y306>xF6qz!cN9_R_Z^wX|T*-@Fb z-MQ#i{^+(hBi*c33CKvKxBiiRaTZ0Xhlpq&rRF4=`(uvQ9vO^XJV~s-f5K*ctpjh2 z;j0C|#^7xO^m!aw-@!|JHGXJ4nN2Z`r=o{}K2H@M=YrYxl*pZiAFvMbiv?t9cmra1 zVm;5Pw7e!X8&b@8Ihd(Y@>qNbDX8-U?pdgm9>qneW80KtD<6CKO+2OhJ4ETJNHu0e zzy9Er)YsvCy&)>M0JVhMJO|?&cX#JZi_&%= z|NVr*uczPl{}|fg_al+qczrhD@F#5TVj2AeU+jUw7K5+2;by5h+RWsDp3|M68tB13d`ew)wqIGWRrbGM;8! zLQ+m03xh#cE6J*BIO6MVHZcHYpK9{%9(sycJn7dyXSlZ@e#<5vwH$2Y!^9>p#AQ3c zNNw@@J0|~ocw#CUN7Kkdd@ny79UbZj3&nvJQc=wMNTIL1e~KvRVjDK?h!~|ol4Oq= zdSCSiEkhWcpj|<2@QD+9I-i)8|CW%r)j$Z=8%a9C=P5*%gt^9(YSTQ|4Ms^`QV=2< zJP=g$jXK}Sops!r z%YBWq(*L^yFZOm@eWz8TWZ*`&8H+qyhjq>c;2Ym)Wri7*o5G6zNU0$AqV?|D+B9T2 zWj2nDjTza^#MWaCEF0Z*O6eHgiC_O)3X-VJ{5`aR2ZSyTDNYuD5f))^Vhklw6*!|a z5@~CCxVntdiBgX2ko5y6@~_M5$oIwPRAn@Fy85FE z7xx5b7qSw4Oga{2!7t7*C8CQ-vl%!rh+}IV1zngC$^1 z&{Ct^G+;K~`nWI&FJ~gULx}`5-l{ z`H}JB#oFFwF)?D+a}-g^N}>0BT-KMEzcR7%f9rbODSC|?d))$8nZ<)emlAh+43AZ~ zqq91qfh&Tm+^8AhycCTnJ9+S>YKiD9E2E*GU5X#3*|+g$5Y9T(3Y}tdCC#o!rj!9e z;eO;8pTzn9T*G6L8xl(oVQ_(mEPtO0e$NUYrb%#@qT!{mZ=zYAN#gg143+1hr0_w> zH}4f_Ru1y*LpR*0Ubma<_)~@set0-&9u|LvR4}cb-8Fz;DVCbw-ensR$6#2c%(Aek zzL{2dyq_U zhtJp7PVk2fG8Qg^RR(@q!Ka3x8le}1=EpdHT{`78=%RvG!%N&nx3AZfgkUSWSxIp# z@!(-lHvKc@u0(){XcMIA>O`C9UdyPI=(Y5`f%vmu7DEajl)MJS==X(AEFlf}KlWpo zJhL0s#`#V4EfoHpW@lYDspy%;m^X_xSy7cdX}*i}k16!GjtI)|d2_?2D%d=l<#lCV z2h5>95T6N&O9J`>HpIQ}?Z~^RlXaZ*%dF+Bd}=59l}%Zyb;~{7Q#iW6MIVuJFwrR> zhu^{cz)U$gji7mE?tPFK#!}igVNgA>ttRRIUP}5j`M+E24dQnb&{yl5#_JpBP>|+& zSI$CeUe1sWn`)vO#s@M$oZffu;8+{1ljOj`*r+JFYX;23&YrIIr*6g-4y!=bVj>$P z(RE#RQ;6B#@XU$&SFX!6p#L6DHo-Y?(^ull>R7E_sW?IW0A1X1L9QP|(3I6#` zwcBlR{+wnrOJzDFhJ;x@j99Q%h7y8gaXUQ3vi}#O<>3D^KQns zYCbLpF4CD$m2gROy5hQ!Bg2cqc5|T0w#bt|io~=h@A%vp$F%*~Tto>{7^e)1)N`1i zbKvv+{IEPE*F*V+kzEyTnge;09+#Y#3L8~#b{q?6f7qvX_xN;lw%rjRpmAG~_$r(m zuig_$rHDgiOFY|>Zj8&Ds5FR^1o3<6SJ3)%DKtV@&#|3em&kw_w>xE$LUSC>J5wk? zfOyLV3sw`I32;iElai$kwUhCw7a)Q6GfFwMDv>dV@45>V=C48+F@4>zzcgFg0)8&& z?zbBzH1-aC;KAC)EJ&!7hyLgWwoajLJq!@eux&eC#+m$BbFnkdX0x}oV2q>pwr07Q z_+skoy>3z*cG%D>ZNM(>-}@e8mOYhNxft;`O*XpUApf`|j!v$5n)L-7Yx{oGfhLMm zV=&Y)NMCDu#|}}n;;T+5}R0**JkLI>6Tt&6q@C=uf|&mo7;1d4=o_JwXJX% zKB-$tD{Xk9))31uCG_K8C0|oXA{#ouYIMDrq@Zc@Cn&o4|L%HO>DeFf=xbCxijEJi zNdJ6|&ch3a*Ncg=nq&UdC4>G-o>V<7Y-$0i-QeIDP;Yfs-*rTeFY2%&$3;M0R-RJ( z4fh8KJ+m~JoWP5=Gt~GwWSr`}h%Rl{2iUn<;N--=`_!{v)Yh2}MYIH==#H8&^y1hR zs7RAxe~6N!2mf;N!fQ_Yd*Sy>^&U??)2!8q!}49$Y{YE!R-HnuotP4JHn@X2*Fb_^ zD)bsNR46{IeLu3us0=AmoibptWh}x=KC&juAMGq;N-c^FI>uQ#QLLO8^U^L6i;I!? z$cmLPDV2AL0usuUUpWkVVd!rd6j7$7x+BHy>nmrdpJ@k3d^Hc`Ub=^_d^6m zAz1aUE5qT44MizA?DzxSQ)W62*0>J*c9CFEm?CI}fS0FeOr7gpp<-X!6&|C#hMMmB z$MdTvHkFQ#z6VisCLG>lq|`Ss1TCH`b|O%BtC~1e4yCksz}qXq0fkguOAEIJQszoD zNyq{46XN-+wG-3_vAn;PFdfN=ZR{F84%bg+a*1Tl(3|tjDum8wbrKO`7Axtw;vaY= zu*+7>7ccsUQWx3x-&?q2JmR{ruRl()mToLXAvW>@QSX)V!3 zoxKQ>hj#jwL$xku5qEkNo0@(%YYP+ooIMjPto4wcpxAmAhlYKDg`mxSHki#FoBMa+ z;0q93L3z3yVPZGcr_J@e{m5#Jg-=4c8u}sx>2)kpf?t$$&QJtLR&WHX5~=BT-FpL@ zX@w<7B0{K44^UB^*G+lZ)sRh3o31i!j?cDU7GsRswqDp{Kw)ab+`TVRNg9>XUR#k+ zexBj1ae}B!S{UaYvoHLKfEO`oP6!POC4E9Hv)45kf3Ti$wR<1=ATyckz=Jc1=MS)nxx}c=Vg)kykl>F0vxvtGJu3pjxf+OpcyvI@G?_fqp&@0Ee8IrKx$bDH(9gp(r$wZht zE?Bg?0q1%Y4c%GD>oCvPe4ET_lEQbq@lG$~C;xiP!p}rgR`I)~9oYOMe)ZH46_4Xy zLBR@o{#?)7bxIxyz#3duz@^RV4TMLO#ZYL6{gI)Ur5_P_)24+>j~o^BZb!4&xFk}h zGM`{0@HSDV*>ia#H~gh`Gawt!JXT6{XEd%~cFsgc5r}SV`Mt$6aPYR}e5r?#)<;a* zr`-S}|FIdc4(XIu)gU`3E&9BJG?iE@E2c$5S&fPe0ajNcu))BZjkY2U|2(sO%)3gu&yaA3UtvVsReB$z6aT{>pkXIg*^B1 z>XWE^l$eIwh1X@u-l6zt&WZYaZ1Z++SV0FPiuz`lMB>@{s3HSBQ<|x>7A@_t-HX}h zS}ZSmk<`Wg-Yq{CCdW5IlKGMF?PKf*kKTS>{`SM)j!T(E4Tveq4=7Je%$a9s=v7Hj zi~*=lp2|k2wN%athxay(;t_#BdeYtFaBGI;9}sm0A8m+>q_3k7l$y0Ng)%OstliU|SzZX4uDKKO=Y5RDBkT66 zO8L_Hw<#dXh2h(d5zF_EtP6PQq1pJBlifHisN4hZsDWVSjrJ|r;+}zc1&A?EDqpue z{G|_6?s4xh+9z|g?6P}Ke0n=k9rh{$_>Tdnu;~j7wTqUYAYu)aK(*?BOAv$a$qjsv?RTS33)>%vbn@66{X>mq1{U!c0O!mAhf_Sa!%8K4pU>q?a>h13LmhND0EwCt8+A9x}7iWfD z05s2EBY#9ll#L*^tZ@kfE2F2Vl!cxQ?DDJPYi-{T95FjJKG3(W@$`|F_Lj@w5g6X} zmIE0TsONbXcz0pg>)iQtEtaM?5F%Bw1d*777Bexc_})Swn|=wcp5Zl#O4SN#8gTao zD|kl?Z|*p4hC^F|YK7+#wP>qeJU4`2!y3r0r`M@<}{jLq- zrDC(DZ{YykZo5lWxP}%i0t#1;q!k`xA^4CZEPz+X`X`?sjiqhg(cWU`nOy?j)GWU-tJL zHTs)g7(P4?#m#?56gy#kwr~vbp*BRvpy_*_Kn6)(mT+w+aGeoNsYQ3qw8b5YVPfY= zF5ZgslMN`8y->DisYlc(882F$qO$ZA?~+TRh;m%Y%S|%p|8@#5lg$k#;*gDHcoQ#dBg=K0ncM;#@@@B=H zN^J+ehtl5Rq(Kk>2B}T zYPdxnj$y=Paef$D15i=3&Ww(twIS{dWI{P~&fSz@^v&-p4AObLWN9&LoZQhW8XaH- zeS>huYB?b?uB$4HlS(0pmh+)h?_#${O*Ke!i4)_Tb4-dW5XDKyP3g-Rr5Ici^UMlE zL$RE>1awO0Xm9!B8Y6gIiu1b)nIBOWCnvWBey}*@`JjPS@RwDiUx*6P$fCrbA{7-$ zWA4vFIp-uWC}aVzgW|~O8sz#nTu{G#(=Uh}whmNEH2hlZrewdWa4m*422;Cr`T&7J zeCe}uibW6e+wF{p%?eNYlu*=DO*i-50{Of8%ST=g2#`LhD+2{frk{DUuk#7f;Edc8 zUJ!L*NA+}4p}(tU6C`13bV?}OHReWx6&#*t#PbW6;s4v`!#O21}?q@hnvUVEDwg% z7K&tlt4(WcSy1|*6_pC3?>rYcU-sAgmv>A1wWioq$OV&& zLPwESfb&VNI9G)--SIR4X`XsUq1a%z3W%oy;UsdT)KnMGHCa}sV8k%c>0`t#zl0zd zF?h4lv^+P>Tzd@;cKc~jjB(6-RprN+G(W3Z+_z*nNT_8^W+R1sN=l+utjP)jHtNi%2(~mni>{IneEd*W!B}BV zoGl(jn{;3D=1y8nES^muZIF|3rw1zP4xYsA2Ipw+lHD?UXEPvgsDx4_0jmE*1@6~y z2?o*BXGeI4;EaoOlc?k)dHEA4ib2Uiej+Zrj@d2H_aA|;cEh3rk!sQ5ozO6zd*n1x zcu&%OWs12;mqwOev9hZ@&T2Dj(X-{*Uz>Fy79Q_gR()9iSg0vqycZb-W^jgUm-0w| zdqj9OIXf?GxDFxNT2g-1MbIEmRTCFy#TFZ9Wd{`Qi|6NeKi!7=ufk&|cf(_KZ(xM? zhy}ahC84Gk-`-Fcs`PDZss*_zq=;E)><_dmCEA-J3=2V}uQ9NbtPK~xw>lW&Zcnv9 z7jAY+mEIQhU~E{lr`OeoNIBkA)l9>fO8TN%dm`egUV$&KHHtCQ0=`ayU4#|XGjRT} z&5tno%H&13!xu+Lj76e&YX4 z&lhNjIGM5!&2?#s@|NX|$(*xunk=nssg2)A^jaYx_GO3V$6qAe0q73IwlJG4l>waT z_^{Beu4aC2 zfA|-KQ_5`u=ue&n93tNe|DKGFkKzv{BLxBiV`gVn0%G+Qwwc@cp!Uqw!i<$yHY`XHmKtn2O>6 zHIholNf48w>>xQ0JBksajF8%SlDY0L@cE;Y> zYz}MRt=NYhTqb1EcfIrzUDcgG1a@Q*e|FWNAAFYcKjFX?r4xP1jVs<(c>A>*RsH8g zArN&MZ}`P>2jGI}Vb%WABe*l1X~%PLl&bREpT0PDwRaxD*pp8oIG9UMrofvEX@~G* zrZs9cuxf^t^b{%(jQvvY&_Ie6f$dFU^3b7l8-4|}cs|}IWl<7UYKtc=R@KaZ6rGDq z=5*~Z5Vd7(dTknRe0;I5nbI=SlZB{bQZX_Z{>7DAP{vdmCt6BKV)I!U z{aTo7R99~wMuhVu57(CW#my)(I{FBG3+zz6UvrR5|N5SQjk8nV>;ZC4=&U7)V-z*( zu_PsWMXsm;p>T$NAs^@kmZVu@!i}T~NT?hak}oE=oPpQNFm^LM%>!K?YGtQWK;Jm$ zeC;pn5C-O*M2V#31EMcMUAs_~Bg)dY`@59e!T?7N?)`FF2dgvKtRb*|LU{*J_I_J% zNdRS!LkJvL7R`9Nf+Gk@+Tw$@%Tvv79EN7-mL`(?Rj8{^axuJ24xC!(wR16;UPs7Nt=Q!mL9!rl-Fwe*Z)EG zK%lY!WUm#wyZ^_efULv8JTBG?fb7)-u?vxWwCFZp%xZeoFi7h{xjG%-G@dMBol4Pr zR)^33&0jZU9+}9AeVv!@(}ScfqF9u-FTpE`oF{XvA}7#|hD`$fW75B#*^G(BXYO5I|R%#JgidO zFA->g24gDLuhVPBjg#ZcalN}E>&e^{&|3#C_nX>@?X|oz0OpfdU`?S+2H3s z;QQjn_x2%r;O6Jy_6GEQMdMmQ;>Z2fsQvz>sP4OD1XF`eraX>1t|Lz9C6xdMq3e8X z7=h0Y4#4fpF+d4xeF5CwQtyD@?{RTVwrb;1vCqzyyY7DC`n zq%?r=OD9{!-iDz%-+48eyhal-J@*kccM*fbN~GN9pT7=gp*|82?9W{AeHw3#tw8C2 zbNdYdx9=hbaC@!xk7NM1&sr(jmFO8N%-83-lSH?ga-n)m$lch1IC3b=Nl#`KzQjvo z2^WA&!Bv)2npv?XpGs+Nr563nwsalcp0m6po?bDKq?IxRht0`+gl_cK`ZpkBxpTtH zHgj$Wu5!vmOJZKe6cvf~et7R1=kBf0@yD#|n=IjDK{2I-w+NmN*wNNWqE?C*-1OHI zVW_-d0H>C@CqJ@y2w&Kt#c6-~(cpP}1Kt6hwC*UTmKglgbj{yN$KZgGcM4;nz_g%u z;q-)F2V`uVJZ-f3M~3LK8K?_8ux4QU`qHT6A|vK-!}=DH=xQ9ezJcHIm-0TAoG_?O z@GzSHgYFAy0-J1zXoPF4*rntPzy>BN4<5AXkzn4lDri;cC6*kX6$u;0D&|25ntmiY zLA9xji47EmkPuQfZ=PeA{C^?#FEC(-|Hs_>{*SrOb3&DKdUw{SZP*WQCTFsIe!djY zT}l*;9e~x>(ESbT0Ev9@3R7MxCyn?l8I3aVV0sOI3W%kSKg!@*L~uk`|G?)uY9el{ zZ$&j>(Xjjuvu2nInZC)*D~ENIiH{!6Q~5I=$-=Rulp(PjY%(tx&TZv34nub3Bdz_% z1uXZ1&Myki3EZOWu8NqSwW%2I?ys>+U-AAI;|0hj8HKx#0f#RlCbs>GN3d%%hBL&a z#XDK{gWVYpkx2)h+Zd3TW9Q`jMvjEcAJ=W%*FDum1 zhT1M)&S3e69pA0Am2oX59)+q=Bt08MwDcDvc6e6mMzqy;!SNpU_yiJOZT#J7*qFdNAKs0+53_64=;sGLRK1%GieUKnov23ULCPF%MCvG%_!R6POK z9zX6$)$NgUmx^Y5dEyTsR5|R3Grrxihe9S+j^QI>E$q40$92$t|3`CK!jDhakjx=$PnIu&7t&>J zHCzI6<7u_A-9i-VLmY8ylP_V}J7FZmS$&r45#L?$8=+%FZ6-L}hzfdk&W2)PpgbWm znocB6N))}?OE75j+-fgXV_hPp_0iq#JjZzNdc8*x5e2S51@?U3N%uE+=Pq!+0e1!U zeJe1;2Hr2*i~68*NDd^qb#M~^yFbbPg>%3G_m@2{E*03haa5HWDfb?Hd%uXoIpxKy zQY`MND%N;jH8iN?@OYW+&ohx5xLQht>U%sf9r{iZlX1`}7+uPX|4~Tf5~(6&rjwLk z9v2T6pAk!*nI#Wvyf9edT>8o?TygJ5+G3wvXiSuciOYYPd#7LQU*fOX;L2kg?%Y_< zf4y{2g<2&)-c(FD{F!>6FMx~G_}NR*SEzgcii$FAcLo{KE(EclhldhRmQ0jn=Ibn- zPEd>aEz79U>e7dN1@IG0s%CY3d9;jkcL%ACmWv*;QG-G#JLpA3;raQBxSLCXV^N(+ zVOmgARIF1roS#X8+j-L*_TsI;5B&$-^8(O)HMepFd&kiMU^`{c1-T6)g&*6Y=_YO< z`rQC=;UQOo3?iTjLx^C7jgP6;5bzBYf>(m0e|my($FVyjWcxJVZ%Y!$=%r%nu70#o zwP55HO@p(bH)Vw5=EXqWaZ%1BPgo4CknOJ-S_6n%f40>HvNYyn#KWA{VtbcBb8x3V zeyM>B{56#LyC!?2Ux`pUHn)7w26%S0QW>1_BD`efrzMvT&yS zUD8vP<4&GKvg4%zk}^0q^WWxvo`OVgC)|Hoq2Yhcyj1z?-URbBU|d>5;hqC7X#-Wrs4Yj0HZ^%v<_7x-48kEyNmZrG0j`ZDqB2`4pDY>vCPGu#53uu++9h zkwWEuE2}vWU;92ZnRn%JY+(Dt`I@Q;H(v3=&dC--1bCoVq6hP44b}0 zINM6)1IT@DaIA`Rjs)vCk&J{e%P|_IaZnSC=59~9~~SVsv;wv=YJl@o#P*b z&;rtKC5LGtmImZw^nRHRn-k|lrD@G{656iCHtelt_JqN%L;DFGz9L*meG<<@WMyz$ z6(zG(l~IvG`|*7Hd!yzTif&iAej5y1lR;{Q6W9Q~ z5GSQlP(^$HwILNvf!sgjT6GZ<;@c}qT3OR{J7?KEKctEQ7_xmK@zEQ^;MWqNmo0bs zkebk*EAZ}t!C0#c4L1`^FWbG1jk%btMC)^Bc6v~{L=uv z2CAfCV(NE4435p+cp)TJddyCUf6(skZb4#X;9Y8&(u<}9d1$4Qug0DQeCQ-77ng4B zmH2iRA2+r?x$HCCcHLgC>z-w?3#ZL@^0*EH{(kG879ZjN8A~O?+~)sO{=20&$I|e1 zV^J$R;v-u;uG&o;AMBl8F7$`kzMLS~uSEG+f8-D1^buqGmN79_dPRL!6ynoA@t`R^ z0`c_lyQ;~d4CmOB^Q4;e5;HK&PxZs59ZB_3I@e_2$G~?xGMHb*#`o?~ubnXYjC4q- zd@PBGNF`{vldSfEu^}fGsd`FVFBU1rN_wvZyxfJjRf7Zk(V@|LZZp6vhtAqNz0F>i zwUoi!CwQ74O@o0+uK*F{GR{xGR9L`RWYde`M8__@rjO^tM0_c6v7JvCyR@gBk3+{j zvmeIj!0N^JDk!saB7d=w{-++3tq>VnfJ6mrBcChgYMONP*%-s*gE_W=FKcYoU)Hob z&iiFGZq=9B2799{DE#W5_2_xQ-3ny@H7d^LNEG^22e5|#2CF(GU1lC>Mm#^N&pLzg zrm+v3W5XAA$LcpDyl5B)?$VAGK{NM<||_raX$c^_R_sLMBDnp36?&1~`r%V%u0 z+#ahtL`9~V8X|8)H+B)4ltNq6%19pn6Lq~RdW%QJ+CWbR;Ugx}!!9$QAVF_nRNkIQ zcrxhg)ouk@2_NJ0RwZJM_GX-B+s&;t#`B4nH#)c%3wQjMhTGp(qHadRHU35vd*L;p z1%91k<&v38WZ7exo|VBUXg)RS@+-;iIf3vzd}An6Dv@F*KFUU4P}Y#l-3oKanf(pe zbs&7WNgN#i(V?I3{37YC80SHG0UfMd|JH%i$EFED0U+$zEb+2@HHor(xA(QEe`gke zqxP=vYwSg;2+zeCVe2U1!hy7w?TJd*TNfYhgMH6cC1E(4O>r3KPOv!Vj^3s2V2RW>`h~k1CZ| zlVH)NwgLD50ro2ZV4t0-OtGt{LO0QGHx13UaF~tp{Q)+_d>;FB?5~Q67uG2G?3mX2=`-w z^FI~vh(YjP^vc0?heY`*?c4NB+Fe?M&q&!%u%l*Q-ZnVAEIdC=2{!^B8~*9P+d1=W zaP}$Mb_8y0hiB)^e{!0Td3gLL?=ECeHk0*woBrO&Rjwrx-E3g|RL?7}eeV}_u9h2+ zvsW%8a^qJlB(~z@#;Fnl3U+RsXwiQ!&7PNc*->-?ac_ zeQsUYzoj>8rcQ2y?10v)2Q_@XTn0c8tbx6&*WpGCeSD61xP&a)%4 z@$V?H4KG)qbdtn@3vj9)?MBjn=GgL?MGK$;i0H^?i)R9tT1%tRxTrP zqPe>#^i7SAMe;|@n1BqRVA;OmkssomGWOnrnaN@5>{>$;bdV@y4` z(F12$d=#MO65Wsa3k!^%p*sh;_?PKO2yRVoC>zMZ`_IaPCu=9a5}h=J0wjfB)vrU7 zYWcOr4B31F!gN<}$|a|2Vn4hJR+P-3fS9A=aiM1ZW9>;P?r~MP7QZ+jI-_Rr@Qv7f zJKuXPdNum#Pu@LkgS*Vt^H+wkBf7@{8NMD)A06LqPs0BT=`a0ASosb(e^jmp%SC@p zwD3QuPa+;~U4pS2+2Jxbg@NcghSTA8JXL{98^eX8=&IND8&ppv&19ykz%Mz#!enLQ z{Tco~CA;j!iWf8e9)`KXiaep#r~WSbSjk^s*sK9ty^^JG51Ynv10Sq21R-D06yI+D zjWpar=L<|5M^o4?8p`n>M?V8wAIqs;AqNF;^q&=yen5iPQwIg7mR*6z(voIJ z#VcWe4ARM|LPbYN)wb)Se7j+iUX1m#u*Y}7neF<9rN`L*S>HlN*(x_B%HEl9w(xLg zY~c&y4E+pR@Pm7{HTkL;ejY%$)7N#d>$HP3Emr|D`CvD~G98N<18F}}cv}iB_@_wW z-SI-afmlH;z$oAzfRf~STdU?#sUwPiKfk{bWQR)K=SF2En#ZSG{=#3xICM>}yB&TFc#;Wi`OYjM}_OiAZb_-Vp5Z>-E)g+#jVwxJOBr@jA5@Nz@=@idryi zHwzF{iq%AG!GbJfFUl++T$Ug0y?tEX2Azs1eAxH30>2$PeHDlu0E}KC45MUISr~Zo z*E)=dmC+ZXvWO&vKa+6*_#W znz2#>0d`|H@uaH#xi1UG3N?qi7QX_Fov6PTydbTz;3MZRv+F&#InAzs9&zAm+vN+( zS9K(7z$P0m;OZn{=WiY8?xVk4Um5i(87^mW3s8LCrtaIR6ad-lPTTO@5ixtHcTjk7 z?JK`pBm&P8q(|3CT|gQz5r&kOMiIZdf1}d*`X-zpnI@L>@@8v;uht61NnkmnceW0 zV6%=0QQCRQcF!x$B>`}8{xHZ36&^=EdG-4;aIwCx@CYJ}xO{?8;V%7l3X&jMnpU?q zEsIp4MHCc-tvvP|Hl?}=i<~dXTi(P$+=Bk=cE*dS1*(F-4kH`|hZqRr3@myK z-db4outQRg*@92NAs%V3N)vi6rq9?Jf)wsc(F8+I%++Ba$Ejuj`pF~BHUVum9N_rs$TDfMv)IvTVfSyLtAJ(ycl2l zMT_ASxb{33u8g8;ES~_ZFIUqf1Dw@)AshLpb053a+dpO%{6nrPu^`Vu64=G*SsF}T z4vQ0wne$DtD%ogkg)1EeF&5dqswzo|=v~g-mQFS-gDk#=Fv4g{clsGX?Uec+3_f4zF>{Qju4qQ~kH z%gabj0zZ4?nnh?p1_6v*OOt}~Zi81u9%VUu<9_30~p(*3w zeL{~1cCtH9BzVtUIUJCz?DxryiJ$aq#vsXe-<^N+%{RXXZx7gDQF3{Idp=yeh?V0( zh{xP`b{9>>jF&_}Wg;`r`l;*kxCy#Za{^cr1ED!n|6@^3HEygZf8{+ zvb|cM+3S`IxZy<_%-|9|8X^NH(m0VVQnOi+N;5wOWk-$*qjG&5iwBV$YdIP4Jeo=) zB2(nzm}hbTi%s#)&*CpV!>$JnE)~#0%2^3(E9Ov?WstP8NbcUfy15OVZY8Y?4QCG6 z7Em%BJ6+eC`$QTelEU=`BF4}rpdG%Vm-pPGCl&*xd?u1}uA74}_X%nXQ9ZEW zYY*&D;9h*8!4%}=)upF%A+)`2RjsXoUbu6qD{m`|P|I@<2h7VF4ZnqwX*pJzv|=*9 zw6a*z^de?G_g;@oK#3d+OW2MY06~Tll~K3=7&<8U<5)e2JeP4SQcI1YDjn_+;L{k< zv{K_0A5Fe+$P2r9WuGc@VBjUj4I-n^ZWC4jqr6sfI5(g1kX@^+NVrc77ZoLdJ&Ms( zse7hU&$*DtJGQobn@imd?cEIP+&e2BJ1c<=x?JO{6=;7CkCott*Vs(VMk0qWujd2q zWl&lHqcsMYN}iC_T~{XxNqv5{7ND2<{0xO0Cr3bJV1Dmm;iU7x?`40Z7?>09LdP3I% z9P}jeN{B!OA9H0hrFp#xqg?3Hong45?B>LAb@D#iTN-{^ z7nXyzt0k0jk>t5Od*m1iY&1^&p_jXx*E-UhWXHyZfC%|?>qu8*U{uy|WpVCl)g_&(DCA(9>Jkp;} z`gbqB)B@ajgMS@1?>BU2BELqt}98@qdsLH4(KXslwjfFP;y?zGeU-={#qWqK9{u-Y20u23co&^8r9tZy{O(Pcm#8dhQnH_my zrZgLB(ZL^7?CA`BV#Z}+IgddA(oDxQIisD+OpC~B=M;Dz{?!y|Dw6Oo_WtAld;6&W zmWp&%{rXHsxzcKEn4U!Vr&Jgn@l4=f4z`hbSGgU*B!x>@`uhS3EPZkjE0#W5N0gNh zdfZvQ#yUDJU!%jYCg51vF1U%GHV{Pw`l1j;l*0|PmFWCK@4CsCVt7kIELIi!JH_B=(0 z<`AxGmO>Eb*1TXB@@S<1G#1;X##OC$0}I_MO(9xue%w*>RuuBH$Y)gL!WZ({7YyFhq$#_mI#Bc zCi}pc%f#x|-Wnc6D%szPT)03^$g;490#SR;tbbR!YMobV-*EOHSPN#CEkGfq<(n2S zT)J^B=#)3!#n*txegZV~f>d}1UT6}oFELDrURz;6+EtQXT;sW4o2QlKa>J8E_g%v# zS4d4O0?60Z92~HPxP|J^_6vWc>Gqm1`hdSZp6SW7a}O=q2-R>;?rnttVJXS4>}_5!m@p}8Eu&H z0P7Rsn2|pZBO-U&_wu01hRwW#hjA~XT#7N9@n|YjQSM26%o3iK7*FnfJRvC3QrXc? zYj5WEOV(cH`+iA%7l&|ocbgaDuFvki~l$5LhZox)x*1K0bE@iVHZc(#SuQYIKo<3$(}5e zJZd5IVj{MS-qv`yE+$Vgf;tdE2rc23V*l>t%a`oXzIxX}J58Q~?Vtyl{T$rXfNfx*|8h%`7Dv9`?i!@H!g+2V4Yw_*B`jCSWylD^l`qf)@ zex|Ej!>I|Nbvbid$aSKrg=fhw$@(59>a(|nYr6X}N(wC>=$vluWp?}K<}V_b`xymP6xS_P}$g3Jv51bZjl60yy16kyx2{Bok@D1Qt_2gC(JrPk~ZN z1&zw;S(R-OSOPyh+1*4QYEKog+`hT7Po-jM<|%8Z%da$$!huT7M~SOB`dZ9MC0Nl` zx*BYn+Sj2M08ORYgr|Rh)f!q}qSqw8v68073eV17ob{;pysBmcz zA2UI{mxJkjYzr0hevlmM&VQ5|7Nz0#z#_to;LyuM=LjF6?T96t@m8Zt3M&kwD`5WB z=eI0G&<^k-wmS##HZsk zQWhHJlIs3y*`*XBzP(2?O%4Itn50f=DbiW80^Vb>U}+q3(RsjkaNFUmN1CieW*A*4 zXe*|Oa*>rYucQZP(UTKO;YLXoW3HPem%wY|Tf-^AN>yR*)(6{C-5`$KeF9i+t~uZl z$!1(>CYzJU^l%3-$Ntfa&g}NzMW6$mn!a# ztxl7f5ku##O6j6haBg^dNSgn;FoH!A43nlB)IH})3&|szfU$yV4zzz|Ee)7{)yiIu zqxWvb)Q=07?19XwjFBDEf_#7d{M9!G?af3&)7jCdBe+=N$ndJ;wgl`w6Fqh*>LJgM znM7xs7vHw0-!yGrojh;brHk|4+XJl~wYoU>&JCxWLCb;>&PMAK!gs?RNSx=JS8+tq-pyin>-guY~4aviv`n?N94!TGk}PN zPX!(pTUi(PJGQ!YK;>!7J~@flB@|my5XL;-Fhk?)5HZ{NR1dt7n1G_!bk&L_QwSk2 z-wfL{P1kNeod}n34>>Xz6ig9uX+~dvy~vdQ`fK#j7%gcWv-prqKmdVcQ%(p0m1F18 z=*)B0uRva-uf2Qv=1K37)w|*r5}XT`YPl+b%yH9uirgBYxY!5l=mHq*8Y0rHi6GCU zRp6s+7=r;fPcf&VG6defc7WPCbE|vWobGF3vDef4e%g|@Oxl3LJ8d|#>V7rp5F|Uof)n&XDiJ=&#!L?sMZyqr63zT z0J_N(drh91w^u@FLl6G)0(0P9TwnbWfBehIGcR(b?17cXClb3_<`=brOCH@Jgr;07 zT`!;qGEoAU3-V|KNG;!ud33|h7TNg^Q3X-=s8TYsI(y%AJbGM-1^x7nr87N$O&Zc; z*XV?Lou5nJ&mA4-ELlgPiaC!fnNtnQMiHwJM>q4<#e&Rir;LgKmvA~+9TI9um_;pl zqE+(^psj@FX;~5J1;zlgfVezk;Kn^=EG1v24!eQ*=tUQ;_=4y}kId!uPUrJ#4Nt zoq>YJb~>zJbO%Qx_l#`w(f#rBFg^f% z_SLIb2N(n8)EkY0RX2=7)owpfU%bD5bN2D-O}!@6Ds=ATnOtAA6X~7@uI113AO$l%SSD-%WIK4?;QakH z`Z?I^Wqm+xvRNT*irVrvc6l#$$ie-@*Em(jC+#9zIgzL{zZUeNhCJokP#1CFoKSwY zCv~zSOD4_na)y0edVXD|iFjxiM|;;i>tE;09NP2u*WD#)%3({eggrP~=kKrg$bR4q zFwZ9ANGy*2F2r1Lq@HoA4j}UYWW_L$s{jC#6!$2YwN~x7eku`sMvmF%L&&rTA=62(6D2tN~I_Tg=%CG6p^LgUT8M(>uDLd_%l_3Z26m zF9sn4d;3M8Xr|PSxMS&hXd2z#u+JtvH~6HjHFhRal`WV&2X1!vq@n_kfn2md1GyN; z#Zx60wPQ_u$0`u|)7c32kL)|QA$WC} zO%fiRB_fLt9s}9*ar4ffQDsu=bv&E%ly1=Pk4!FTxuL!RUp=#9-`$TSprp_ z93R#bGpMM^Qfit!4zXFEBCN+jkTTS4w00hDPzGZ^z&SM86E0*kq@I6e!_|6hzU_J) z)E{fL6;^eF3*i@w>G%t`nk$kBhy)@%Oa>b)pvX0EF#CLmkko_&KE{OIz20D|SWyG? zB`a_h^ZaU=E7v|Biw`MrPGw_m)9o9VFH-USb9MHBD%9;(!KtI0|;=2lz#3*P5Od zOWr47sb$%FW|214N2U;QWrpR@L0DD}lQDTOG<$9R+i7ZHbjQ+4PaDUL$1Bfrv0!>G zVhryh6pDM084w=urPfj;=2R}3TyTXMBl{hc0p$%SuN_jqQj|v!5o~YH^;g*kIkjPe z;Zhc#;Zkk{sbBG>Y)v}V0uoF?WkF*7?hi4Wr>SgXX{+14!U8?Gxd zAiKusnjV*<7_ajF^v5@@ZF?v0B=JoKo9=x3fvO18} zFPyB(Y4rT$#Wx$^#H+VwrYG5dcD_pKf=A>dBsNs;{GitqmY}_cxaemGc@UvFN?OwB zj>){VWh|m2JENn6CyrcUPnxpX7N7NQbUyF~NYz~Ei%XwjQ%F#p`wS|n&zz1aWDFg% z(fc+_fjQ4^YwbotN_YryG7ZMAGPe1}s?jel@4xZiGRg^AJ1Ri-g?iGgG2lC_4lVIx3|Gx&tH9WduvXV z|K-)m^V{3Cv`K62gk9c-w*a=`2eu-v`eJn#Fa=Kon7MKgJuF!ZAN>e!@4k0asxfKP z*xAezEg5Ez)Nfw^je)UTDf5}9VNUThk|`{!$Ng(G|cvZiFSK29N< z1it>zmBBTCs?_*2AHt{Gf%=g}wN6kKLqXzGmfAa78bI0n?5Qn8s{J>R*a!*#w~o?~ z80dkKDNT~mghqF07Q&oV_vD^Rbx72ln)4kdP@eLH8B%M`z=gf~z6eGsag90hWBQ=R zbU}X>Ddgo)@!e=DVfG;S%j+L1SqE!R%WzKmo|AzS7&w6@Nc~DV z0aEZ_+sqepn%Bnm8h!8{vs?j4j&LB*yEOIOgOM10a=us?i9HeGE?Zg@1F*Kd$~&%f z?kcCg17U#BB_|P0l1CAFkagHZgPc6jm9q8im>s8J$q8^W4 z*viK6uhXmd*5eQggxP&8ZaWr;cT^&$GVIeb;Sn!ZWC$Q}R3@1&SzKzbSAoD7dKgBS z+*8RRh2;A5=yALa3v2n@?8HFbD_b{E_kp@MLF!jZ-5=OwF2vos)_bRt#1de(B845x zIvtGM|6p2NY`M>*Nx+d zmCsP;20V%ckmG<|*g8Cp%oIB`E4EgQzAHrF0gtU$OB@@O=3Gi-9F#6!3Z?i2^Rn0Ga#1WOTP56ywZi|d=zaHC6{)TV8JqYB| z%C{FRn$wi4#b?i?JfoUD(3P1HNMvi$dvi|zh(iDlz{=2kHcFW`d<*fFl~LUffQr^W4n%fe~HuvEno3sx}{t3*WbQB&>z#mlc%n%aKDuCuSnG)y*AJ z@q6UZ4}OFzsD>&z+^_`8eIw2#M`Xh0^qz|hbCH{^o%xD4(@bZ59HSpGAOzRF0aiN8 zloksIw?cw^YOB9$5dz%?3!3X!3=o_fDbVF%HyuXdedxjJtqmgcP|pNit}RNf8;wXM zOO4RJ37q%-41vEEJT$FB=&%S+gtKx@0s7-&6T>J0aW(vb)x+eItR>bkYKXJ!xF1!9 zC4_)rxG{3R$>0EcDGjd|2=q-inJ)PVN~j;1mY}vf`ig2zp`5}x1jiR zR557Ts%MvO{g!9MaQ`XC-7rYc*1g})5NtVc4)6-uirt1`G?bUcgj%S2p3;kz!5{!7 zivmGSddJfkqN1>GP~ch5$xqMDgk(QG%L~VG+r7$up~O#UHf>;S|5V3z1Q1a(-8y=%K95w$_zj1HY`V{aH)@vxx@CviAL(m(Mo>-xfDQ7T@bSuw2HN0J_T3pw`z< z&+LUA=j7d9_Me_%O=#4NjLD7g%I-+WP?Xqr=LcoEpPpSK%ka}PJnL=(2Z#2Eco#jZ zElyUhqViAAetJgsF;pFK_yL?n>sDsiOUe443$mGx31JJmuGgdyJZlUV)T?{`>ctuz zmxg1O>1*=8|HuFN-+!Z{pN~hs|BwB@jqJa^c0V2bul=9Kt?v)M{vW-+YxZpOa|lnX^{QVE0@xF4X>)>-91v}HtHvXG+_I<%q*Y9Mb<6<`c zbo5ty7EVWh^~b^f``~}|KM(8aT+8RdCA=sLu+3-UGwkWcH*%w$@xsb>P(*nr044s= z1Iy<$)~jt25z(YNN>2UX3+?NiGRe@E=Bz35s!+f*7#J#3QwcTD&dj?} z{x0N1rR9z+djZqI5@!LGfDm((QuMzMvoE6NCEv>(qr1em%V4Y0R@ZwmvO>S z9uSAmSB16=*vuk#qR5Y@|L*c81)>)sfwHhQuJjI~F|Z2=*mZ&$`SIiR4T%y)WwP?7 z2r?HBM|?`$(GJck%=WEyu~=r(z#6JlYN|7J2q8Hjyu&zLg|e;6z@=cCC1#%zk#p;Feilw@}ktAL&i`f7|`a~O2s-~cK5I2b1}m& zqvDHkmL+?)EAddGfu}RcR1eK@#lmZQTCt>Jy$%hpSi3oJ5SpxVI}#MEj%_mA3p;4ehK5zJ!Mc%G zW;amZI~qT*BpHE&3zp~g-#PlrzyEd5^xG>>YmY2NY>k!HS?QiDF47var1=Unh|0UC zxTL4nt)Pb!;v?E^qlEU^zSb>-Fna$rb zczw@FU7jL7iu;XS@C{om6WYhGp#nC4{~heK9m}Ua^8whX>L~!pdkWaj-s8G_eICo$ zy}qr;d0}tp2>Su%_9N4jhv|!tWj)-?z(>OM zuG6hjoCRF7_}XmKIxaNsDFFLj;6pRO zx$^Y44Yj&W@)AiazEhXSm17daf#)v%Bx?C z()9Oq67epG>{7&=5m;dFe&f{D0B@kItccDJd>E8?(<}v5wbR(dUGGNZ(j|o#Ss0VcjnA{!3!fie5K(>Jq z*$PhB+eV+BLp=1gU)Kemc>MXzCl+P8cdml+Q(?a?_?$ivCjoqkePQ)+0>JKYHPu{A z5kdHkV4s$TeMMuox1LN^g)qBGrd_PCFEIrB3FF>#k$_`7=%OT92wHjp0_Y z`52Y_1V7mO-3g_id>%j{^VS`5fk%X8iVO3pDodD_U&~p|_92zp_ z8cT*mUfY}{rqQ}Og{Egm#}=RMQCt3u%u;tUjsxb_gYD{W;Go%bY_17udfZ+;0%WcjB#|(v2`<~7!i#0Fl6~> zE$DJ&7p=vDM;nie8nB%y;{J?^+_L5kxHOk?r>KGpO{6!VwzE+i64FbZj82Y^w^z`u zADUHuHVxHsPm`tN(X3V$19(G9fpcvzJYnuhp~-@2LUlpW&KJxZTJsd;liV~G6Omdw zirLihW;2KwRn9-%%|a~9S9z)(GBHzN4pufXU7TTU%9LbK-0lEptDu}6SkeS0E;G~C z5`)n1S*kJf5WDA*_UnTn7Ov5Vx{Zlu3$}AxR&!LjTkF}u-LpMUSeeJ>_@>0~*c{4@ z;+i&JLpvz^6At)?t4+;rWJk1SYx+_a%(5gg#~UqiRS?uz$Pg%nD~aY?G*q6xKgYzk zjNFK&NW^Rv?jQyY`DC0R{bdu&TAEArzO?0ojivD!Y%G;$&^wf$LGQ4}Gw2;^owm-K;x`*{bOUw4;J`rs$ox|$$$X7ObaVqq{X22U@U9N{4o zWXjXH23iinUwGtD5fWc?_)u{vJF}vN#>4_u{NjR%b|XKJh_;5mzU8;;pIwQ&AdWhd z;;!{jAnN`jV{!!<0CEv7NHgmScScmP4U#HUpB*YqcBxa?wSAM6;a&a!YPOs%5ci^1 z8CYYp&TZ8@nB{IooE-`{wa4{~QxcM0D+(8u5B)eC1k)7)kNf}uF3d+Y)F2X%7=ogmQEXunL@^;lfRrbfG^a66dpiq49zYJA|Q}EwpNx4);60w@%@SWAYg~ON; zxFUuW-qXbJ0q6;9wG(FaGShWvYsMJ7j5-Uh$g?}PdUjYjw$CooXUH#94ytD^pc>UP zc=zn{@M$|^B6g9rtZkw@Ig^j${!hYsYoANFLJj~8|L)r=XAZz&HDC<9_b%L)ydbk_ zo26W&PW=-M=1Xpr+}rID7AdnOqT)(DG~0HJPPI9wlE!5>+q?(JE(=CeMV>hw`Cd@g z?b$fbljBF+|F8c(DCEY;2OK2J-p?ReZuJb3W#cnQmRmf7WZCZ-B+KS!kSqtua)W1( zEC1Vk=UL|#;7v8vJj#8_eFbUw*KXy@P#&jbw#nQvlrrOz^?9`BU=sg0p2=?UErNW;gZqR zh8v62`Y%C2_fp+cSP}PMACot5>cfFK7Sy&C>vwaIw>&pHPL1)fc4~~0r^}ETW5|rL zRb~u$iI;olDKdP?eu;IF7g?hDGWT(}rE?OLQl{2}wRqmm*Jv~^pL-Y&eBu?L6YC{P zlf>q9a3T%5!uGDbSbm<4hvT^|M&c!MK%n~u&qKKpgRxr(1Pb=|%rP-De$UdJO6;qH z1IG>RlzKf1_4((3O8jdd`U4B{6etH@PJg~^SI+Id@^+!^+nG1sFYbx=Tgoo-B<&+l zPU`q|*hGeq-2Ts(5R&@~**(6T$lNd1*72o8<_`9awVvNX!0b-#8G|ij$2`?ei2vi* zFrI9{HrcgD+~5uOOM1f%(%m546`w)6t2~2rx5hI_cg@cr-Bq7Kx*Mds9?u}%4bolT zXOQl8BHisS1OMQW_6QznyTPzKz^gks%{%fy8@$h+w)fc)*Q1koB+r8M6MhJVVyM zA?x3en_-J*$jwmm47nLLe}>!)y`CXA!;qVy_zc#q?Vcew!6TV z?EMUq4ozN2I+2)?)pB1bT{Px`}O;#4f+3Sp1}|8Y5SpV zcvj3RHd8hg4#eL3V4RZtY7>oF21?6}LEbgz&I7rybiOrXa$VCCcEGmS+f%q%sytB1 z{|WaC2mMiiGtX4KCUdQq>h;l4j^oE%9K|A1N0CS)w$$*CDW7E$*!v@@6rZJ|rHCPa z*U{cuklL7P?t(^ccrKQb3(58BETKxhrwg{l;kcOQx7ItY?WyWF);s?ju1qm`&m(pk zMIuY}BQ4E-gi!p-=UA5(3B%*M<{9a=pkVY(c4>WLx)J%TB<=&eV2IU?pFdzHttq7L zGrSGHF?>_HB8H#VHWOr!8c|E|Dg0+I2^_NNltubqNv0gR^0doy@Bi%n^{?w<_AMCg zZIn*9s7=^}0_5MoFodTukGvuhA&Xxya0hTXnux5NMe<2fXsoP{XK*epz09Q{M&1kS z%F7PPC1g{~e*q@)y+EhlHL(mnTXA9=D((s({UKM=A#4h2y8Lz)xcN5N-mz7#R_^Xq6fYDxZJec!}l!c+Vh4(&D*Mt571#_%V6=5qsl8*N|#>L1q7{dwuUUh5aA z`riB_qsf?@vnkCI4e+x+*+vy@!UIp@h{_oF9mGFG3EY45JB?`SFBsnk5m z5-N$gk24`xpM6jABYMpuk;WT|Mn(Ky9x>b{pj=FH>ypbCtb9@Si+rh=I^5(D#UUn_ ze&C9QvMpDHW30eIKs@}-9Fy->M)oj!dq}u;JicQ3&~dc(+Su*NFZEPNcF!c)j|KDr z$M=IV`74tGC1Ey04{LkP!1EutY6fBtRpglLqrW^~ELhB`X36RR4Y1DRe)G-WJbWVv z+xX_?+Wlda3dVsZ%26i0d=_#X9_fYN;BG_r0C7K_GeS$6okVb1f#Hr@2v9E?^qsrQUWWi zP7C~bTo8efkFo5Hp#UOF4gcvU6{tBlP~AI5mXbv*W@*G+Bte|2zXqyMfgA2am2f_e zNAtS~g%A9PEZHv{3)>J*@Qt&G~aN9)Lgy=A~PaHHFb%}*2VWZ%u>mzfzg4nZjpj2p(mLJcT#rUuUOATwGFaSU(}rP)5l$izL&YW3Ubd z!7fZPZbXe#Gilhc%O5T*h2#ou9~G#;=ZlPwroY&?oGZW~t)dD8plxYP5+W zR}>+CZw)o(3lL0gmL+?eVYuBS# zBfHy;Wjb(6Cq@yGT3$10@OJNw`EYi92~0neh(1d@lJ5c>*x1JuJ9G5Mt9PK7fPrin zHj~yFwDh9``9Cry4UKd}DcC5bsm@T-kvf0}n^D{)NP7_MXw62ERD^599U^aqbkyvD9#xfvH`}xYbMKh}Va9uP z2prT$lHZ#na>rJFi4jO(Wy$Xf3qV;ky8#*=Fll~AyRN6fqi5%rW7OuLk^v7*qoVn7 zuhqSg!8=dopG>QbSc&hcn)5Rumv)THA1=s*Mt3Z&WmLDM_%ze=hF444_zDr>1}EEm zuGc|6&GbA3-&{Ntm>(F)98yPstyF<9!}+zJk5)#skGg^`mscWbRkszFgzf8Qj7Ac3^W}vexGoCGT?a7|^^WkqfJ$VzehKsnP5w7ow zO~VOT6hgseUl+C1Lju#Tfw)*wJhqFNB`<@d{sK_R!S{1vu8ja8Hrjm}=_w1^vVf zRLA667|u3Tnx+veSJhn5m1$|U?2!K{MJ=3iXY!u2hoc7}?|3>JnKL`WlckQp74zsT_+KC2xL$C`r_-CF286DW zs7_X7NtLIp*9CVlqQ#xTY@T>JkteR)Ol$J*!(WiyQ&WQkJ|m$7B6hhhwY>50@%>TB zZDmRL6^O8bW~La@m5`96vjUDSNa2qDP-n#zQ851URzT3UwtxHc4btAJkZou3 zqXLAxM;8;$QcWVsKw74W+VjpI&NMzy?15tcYAH4l&+9(7wdBYZc5A2H=--7`7e4nH zX>P|Q>U)8DT%Ird;`F{WeJ;!wc3C>t9?|czG;Sv2h4p?%75nDph^3K;SxhF-)2#pU z&5z{l)QOR0--COa@YpG;3u@On<*B_eJZH8-DH#nbmUH<#C-^%iMry|(ct z8bQ|jKmv6%EnO=J5gBeS4qQywi6eTr;mV*vw(tEg;;2(byJpQ6e*w%3l|*AqHa$< zADJ%FB`=DQTiI|+WA(S@US5<0S&J@#S{h>NT`v9g2v5=J<;5V;K1J?=3=(bk+B2E- zz9}EC-Z|Pap^CxZ(-KlGhDUm$L6>}txPA<{>FEBXHPuV!-1TzV&yVWzGC+|xGEGqs|K5kjBX_l?3FEQcQyLC{1Iqz&;3>`}2kybCbK4f)9lqi0B6p z)YT!`bA#={XnStBMhToeS=u=ej2=sFq8K2svRK7;UQqHvRnD(F7U2;3ScxN$MD%hQ z${|NMVzVUDYmJ6&??qYuYN!G)u-%s^P{13jvBTARS!GO4lLU?`Q(BP)jdO0-^5rtd)oV$kJ3|N48Ox7#(AD;;{g8$9rW%k;)+!JxK=^od;TD~x{2!Um z@|1hYOPA>(qA8(?5+TnbnUzFh(7tZSB%E1+vd~TgD;rU zbg`_~!^DfLv_B$nCG$`Y2jXUis}~pGI90;}kIZx$S}vGUbk=vpKVoZSPUqQzrbIFt z(@Da@hK~5S`{(mODs2#v1=t~pgkcR9*6%ztsl(ndnP4Ib+RHS&kxBY!@;TWUR(3x=4OUm;6smDgYQ=avxQw#&_R>2zr0=yE~r7ugO`a zv{+nOaTe+j14Mu45Rq9c$jU|DxDfx&#qVr^SPL4uT)rlIVVgbo`?x3zgu-cZ8@&nDgc>%JJ_A zv2d`RMs|^onHGelDwCl3$RKYfuze7? ziZT12ULF6wpk3#x6pzy!&T3U!JSDfKJ9j%KKc%Qy#Z!`u}Pm$p|>KE!EMUY zU<6m^r$%W#(?Y7FnBBAFNb%W-%4p6ti*zR05nb{TOg6>) zwTQp+w4|)tZREj#(6++b5L|2P4{8=wQOnhv>zgn~V2)RENiGMr0TfTC%&L98ZpiDo zf$;={VTj~{YnAJRwHT8#ni?E3VI*6|7G1bV+Hj^~HUvXk!a`#F%2H{+M%mvtuM*4=JP zW?Lj&E^Te0mhSocYqzS?MBBW!UgoITkzHc4_Jw85n(W%RTn1&s_FTU`vJU`+KzqMQ ziW5F%M*2FaA=Y-|EK0YYQ}z&m|AORk%u;h66!->Ozh1+Mv?;HAViBGa!=b6X&tygZC_s1}Us9>qxf{bXcp{`(x32#H+6ayUOSWPd2K^(BRUO2XZyu}@FF_1UzqmwauEYr5E z@zXPNu?W&T7nRdy!a|G)cbhu}`Ba*a9v_T!xA>jg!`#503%Z_%pYeNUxd>Ow&-^eyn}sVc;3q>0zXYWQrMTy@Eg@L?24rzEzxxkZ9iY-Q{h5YtQ3L~= zP@VV)ksl2nhFu&nnhzQ{#lrFUqiNa0m9UNRZewffbSJeF0Ts&Q&7;l7vM`UHu9ch2 z)+`sE}2w;!&CbOn@A2R7)U8L5PKj@Kq#*qIZ8#)0(Q#1mgysI;`60cn0PJ?`B7<=1Fe8th zQHdE=H5!xC!mPE-lrGQPdEY(y2S#r}~oaEDh} zG$+)Wl^os!k4T_80ES}j^D((*EOe@vXA_7lEI7;-{s2v!I(qT^_{HHyJzu_j{<0ju zN5R0JuzQvi%;K6ikK>!!OnaGkoHtr{i@qDKwX;Soil?)FDJ@C|3pg7wlXN*>fwnuQGFD{Y@Hq#5 z=-NZIrwSt>wRgE3c-npDZh@J)#nWT{{p~GI!F|#E_SFfzhkt&1=%R%9Juu5*x)3)S zFBR2A*CcD(<#-Zw^|(R{3+Td~^TGKP!i8eN@b=S0G8(T4`vj%p3i3&flkP>( zonbZnNu~|!=SKu@l8}4{7*WD)H&cC}GQ~{Y){IZNE8y`!Ih6B|=%H$z7Q+RfCJ%I_ z$}9G@Nx^pIF`i{cF|D2ZToKv~%K(QE7g3Z+<;&)#?KWY5zt8do)s-<9u z9>SK^jmdjq>jnpNvG}+BFf~O^1}-k04A}SLfg~cGIUkrHm@`?`lxo~_E;2>V(PA<9 zayj=7DplhA5Ovn%ahLfI=Bsjv0;O8Yh)KMdtXeF?mCyxgQ`D4k^TwC5+rw zzj*7FTCRL#(B{x_sVI~cLURtC%NDpOTrXLKZy|y`9+NA-lHA2>A@1=*B8kmvr(7zZ zz$1rC4g~foVl1}#BeB8QhiBIU+npg-twc=8?Frz58O&P-9%}oyDNk+>4ucQET&+X@ zjLHd}8GMbS7@=8`X%37ILZV+hue@)sAG&_+&>$Xy=7qS6E;a5Pgb874 z&P3n^eUT5f6w55h^Muffb9)q?D(eny6Xam6uGr<=S@)vi5^ro=Y)^Q(=7A%4YS}#n z^R7`;CM@{FV2e4<&sfZZ0x6qjAU$>d?DQ} z8kbuY7GTIvj8cK&TmPP=m_W~L4wAzN<5t8ylMj+>TPz;ZKH1d6;ebU#!L+LJJQn`4NVc0rf5yK0%`O4QpHR-yHZsdsXhNoyhcQZf=O>;G$5y6UMt zeVZi-`OB;0-y;Ha*`$z9*l%DIP#Qn_^y>KcN6S0@>F6tiNo%tRY+GDdWT}=dU?>{o zT0@wtqVFhv0#f; zwM|M(#&oN{esx~Z$GPV}O@L>TcYDBoyt*hw9eljHc%tD3=*8c?Bn>LC+oY88=A7h%I1>vl?{6S+O+Y%Q=$^mg;`0@ZE&CKKp^KV6{QM zY*dF~7(^se%|2P<=^a}^%scChy(<}kpN~(*FE;3N@|^sXl0U(G{6s_Dn3)$8EqP6T zdS;_NetLFDetK2`HvSCjNi{@Ca&4fEznAwQ|CP=pWBE@ImRoJ<<45eDG70{2%|QWg zhhdeUXlnmqvzpLM&+TZKI3V~z#6GyiegdMgmOjV19qDMn7k1@*saQl<8WXirnk~X# zb(W?q34h5HllZq!zv90oBDE}jeZeCsl$dIwW)c3BGOZ%IWcW*cny*g0+NK5{xhXWh zuN;BKmeo_y*tC35S{wSa(>%xWacZ8UJ7LW&?4fIHP&kLpQ(}Eu(X{zpaDba9o1f{H zZOM;$^P);8zj;=085&=g??*>NyfPh)%q?nc5?-vvM&Vs+Y*e^@jjh5PS!lF&{^x3t z?`KK^{m4mk3%TmLljS1yzCa(NM@*d?fP3Bixt$#3kVJP#qB|tf{W6m1_7De$OuG0C znRH8Sez8othdG7(B9iLn&y@0n#TV8E=u~UASoTQebyKiG8#2w)Ok~QAN4!rFwIf1i zMYI<`6nuhb46?+bwR@ifB0L}>C6uTvikMQ=iLBigT{R7U$r8-nIsRT`l6*~`lmAWj>w!u}_5ULk35COCspg4IJ_Fmx61oI`Tg*miR%^DS5zLL( zubX8t$KuladSCZqBOKG_tHs>-5Tp=}=@QBcNdUXAy=$q^r&C?8Bd_cL_;FeG ziRYV9NTpK9S77}?Fxbs`clb@K&FK0l$4=;;&TTjTo*SUpdM{h9v9v_Ot?KkqmI_`{ zH0g!suJX1;9H$!=?(jI=AM1~0i>=%AF{vQgG7<|E2Vi(O`q7-lS<@)tzH%i*m(~V))PKTwUuy=QcWURpa(*d#C2xQrh>U;8P9|VzMT*51Ta1X#WHrE2brirf$RSEN;09X76i;s?&sW-tswX5z`QS9?O&hB$p9OLMPGV( z?Gv%%M906qqp?YbVV`12L6DU}aLFnxnq>A9j3X{ZFlvr+s5*TC@|$>00HQwgukGkV z!68EY&_THn?hQqj<8n{SzS5NJnd$7=-yv}^lTyfVfJ~+~>MY+|_j*C)9qzxidNl6M zkp8!GBENz3zp`h>__J!Raj&?VtTY2b$K!=kCUSR&K#H64lqURV$3qIdNM$@!^q|H@ zn=4+;42xV=t<`)(UoDFH^(^w|! zeJ8t}!lF4%5|%c&@z;R(%y$TU+<}(67uK~;Obt!+=HCF&WAY(&xJFew=8AX>@Ww0c z7z=x)J+Q4Yo-WN=B{y5)rx+&UFDAOwf-IQ?9g3e^J`cyaG(x01PNXwZqzSA6RB14! zW@tL+M9VFlcETc}=?+1$^8}At+_C2Dn55kcGH=p!CGhE+CK4vIUZP0T!`lhrj{*+K zm3ety7YFU!{nxXDVzJCDTHU*2tG!^bl7PCyjF9aPOm&M6YKv*>(v+VePq-|lE`Ndz?#Y)HF1uy^~UQ?5Bpz!1}S+CdjL zaXU=W@f5&Y_CqdJ0?9+Cr9!t5;jtwY0bK z3W3&Uwzgnv8>|4`(MC$q+@=-Lb)q;{I_dSy_%<8&z>_$lvV|!rO!CjRxj#HwW(++a z%Gk#&1~@bS4UfjGV#X3SNYW0-BFB4v_&FnAry?D>F}`-jC~U$WFU+2q-JVwi6|P>XW%#YGyVR5dJy4adr7Ww4YSsW)`!wUwB>!<&r-;mR(?`8=1IR-R51$RAx!)&)B5G=>C^BQc#mikq9; zkdIgIx>uXGEvT`pYZ4PEDqQfm@}~*GAt0Hk&d-U*P;0NVIas7FOau#VfM2XlG^@zM znJHZe8*+SAsp6rD{@)TqV;Gn&Yl#;K>ag71^^l&vNvZJRwWJ z2m8KuP1-if-A1$9sC7G??xfJ|w7H!sH`C(=N?f7AHP--8qh)0=3;$_&wtpmx zxjKsGRBCmER(o*9JkpY~DZd+Y@t-`MNv4z(kcxCg7s-0xI6gi;{^sRN`2X?oaq0gr zUOs>E%|D&IeEIU5SKqvNd2;ek$IqW1pS=7ha{O3}4xdbED*x$t>u;48_k}#*p1Wh8 z+e$9N9Nmm&ECsjLNyd{H9m~C6>;3WgoALAC5mIq7d`;3UNxVC6@j&J$wd@ZYys7bm zy}(hf%qZ}4?hG5gs`$hfz7B74*Vyn~4;R9={j!|=8n&R`!LPyYQg!ZYytR-YI=nV9Q&8O5bK_y_A`jJUL4n#>mu6dPj4Q>n z^CoXvn1`>54`sG+i>;rUsNv)$<_MaNeUrCWHmt~IR`s4ZE*#AufXKg~O)>H{Cm|M5 zfd3uSa&-TEd~$qburN<&M=*1o$WhI(Hj~+FLX%`%6elnK3Dd$KKi&u**@X1Hk5RtHCNOn43lx*n_|ck5 zJmxK0?eXmeR{I*syUPbw{mjCBOAC%?b{%oQHS}8t>2I1%9oM|(il9$rS@>&ZZ5<1$ zIhs3ITc2XMt+h3KxOsHB#rR0DUKjn+wr)UPZZN#Hjnm!+vAIvQBe%BfK#IwG-aBWo zZCs1i>`QOyw_4Q3b<=c3BC(k8)Qe$O2(u#@N#qDh7Zh+uo^QT!Xg8G|;4(Ltyx;@L zmP$)T7sw`90D_m26rWnl>q#@0B#j@7!f2d3k@@Aedl<~)fd zOTkbSbIBr|pcQN>Vnr@4yUrlyM!;+c$qL7FDz6&YMoFeLlNXm=?o&7Q{kc{wnPR9% zxN@s#>KN3lX-vLbxyoRNIf%I;)2944`O~jXIaVtFUMT%Nqj8&e7pW^$o_F+TJlwZh zWls4qV~{xxg6mr*X_=@XvP8&Odp^&wK5&1*Y)rZy^@XjH&J5OQQ zwuhHusYHX+1#Dzyj>_HY3GP1kTseQmiu8ghg3R#k!xXa5@l=n59O0@82E4ilgU%Ft zizlX~YHST8t}2~9T;}4ztGexJ>^gDQehMSzip`pn>#;+NRGSZp_op3zeVw2QnI@T< zUqHc7+UdDk=HuUnoeM{Z+aJ3SIsrbOEO?S|#Uhc$3Toq9T94CXUJu_3cMu>HJb|)H zD@SMiPE16+8k19!vKb&x)N1z_bHONPMTSWczF4rBQ_YfW9wFV|UZu zn^0#~Deip5?wM5VvV&Q6kGDRc8o{ofT6I37HboWw{s(iYdkhNxovxFi=VrB-$P%|I zUVEzoIF57e>B;f&q7o-xeb#e)?+#@EyU#lO9N5u{%p8tk;E*Zrb=#@xz+kv$@>UQN zEdlGqKmx^MJU=xE2QWQXV$$d6&yTFIl_sHZ~7 z?hSy_CEXIaDFJ1Oo?|*p<%k1KW3m#NbZZBjl&>gltJZXkxjy0TyC0fIca2IKe2OUk z8hRAZH~yrUQZ59sUDF>vo9bbmy5;CA{QSs$z8y#OCxnp@cf2z;rjn|{bgF|64!0g` z)|sw(3;;i*NymQHPW=0un@b3#spZgN?!5*jp4W@ejSIqV0QHX)j~O|=yikY4h6VH- z^55t^y@t7VLyWA!k-Mi`@8Oy{+p;j`Y|=*cDZXQ#BJn$6asIM=pIQB^KzOi)!~xK=l8Ptu&HgHvO2C9*WW5)(NdYlhJ_8~mNg|S9lF{~4S(PN7Vi_OTm3KrwGbPNf*)^YCpsY`x&lUdsgMqp;B zeF5$PHE&wy(>xPhSKqiuNN(O;7Y>>EyU5jS?`EKr8aA$-7mAqFS4@fIzDYk>T*g_@ zzR`#g#DFwxs&qp*3E~VL2l3Z-&!mPSYyFkhhAA{UqS1mKeO1h@Y^PRFYdf%0EEbeE zm9H%V_#B(oS~%@6g=+W>&?shCE*6^F`kdK$)PthcxLM2`2E$mlCu&!R2MHp@u20`L zrd8;};hW)lrOeUC9cY=ow;-qME0prSa%-V}QC)PJ5Gy!i}(7563TJbno z#M-9bnS`S^>FrMW(TVNbhrlSVUbpB2HZ3|v6qV>V@2;`cA>5}XtWwC}vZRtOn7ITF z)mb!d*-syejo*!%)V8MQtyMnV<}-2Obep0rogfhySxD7i(C(|#F4z?z-PfA!7uj|g zAIZB+Cki3bEGYFj<2}sORnY9pMxBH2DFbQ4q;;K`LA4fmsmh;0g^X<+ENpQYEi4*X zmAM;N*RCyXRU^0{c(~7cOuJ@GX0Z^oYDHy*ByeU;Fm91GxJ(#Tkh0TC7$DSnRMjxD z`+S&Sr5+@|818}j{W7Qr;QU2n9t7SK2GQf-oyM0^h|bns_T@s|AUKYnMiRQx9w9%p|1rK2N%{m;7bzdBm3 z9Rl1Q|NH#q%WqD~@xQO0KOf?MKgaXM$N$2C+(iiR&DkZqsgDA_IlF8P1UAz^+*lh6 ztfS>G6%KrJcG))~*fbpif`@?MAt3k(1O(rlU9J}sd~_!F}gh9oV4%JTln) zwWGk`rxzmopC_L!NOr9l*`T%KN9vwDOtzuPI&ohg07+eWO%ITZ8B3YuQAL%FpluQ2 zpLi&1_X7GYf_zy)M~=fAf>@tK5Nj9u`8;8)2E)72b{IfvhOLVs4L;W%Hvz$=I}9Ox zB2kmS8f5ZFuFgZe;%_Nlafr411!C<0vtCM}MI<_6$I7HL=vV;9<<*D3{JR+#UUjU0 zM{a0&XaOu}=>V*mT-ZDn=PaS? zI0E04x|UQIG)}m6C+%1kTr*$-6w~U^2I~ndRK&G%elX^`FeVk@X^eK|j)84P=qM3j znVvHUhckpCqDwmAiQx{5-{2zcq8VD?h?a`dxHKSD>0H+r2DHnhjy69DKj;x@4Uv0fH|Zzn4GksYNJ3Xkl9%L&)azX^ z>*7uvr|X2j!F76YogQ4LJ0~-^PH(rm!FBpK={mhT<#@OL_z|28cj{xM*1eY~4Y@N$m@VUWdt?~>mYlF+$;IbAxgUedOvxUpr;N4Mpeqry9 zjr=qQjp5UM`sn|Hh^Gyze|PBrPF}uv_3~v&|9A58_{E_A`y9^~ss9TPQcc5L z>zBW%DExx&mUMlKaJ0{+<_qd?_6_mRdxZ3AT@g9}1b8(ZiF-o?*~8J^pgJ5>hXv>l zs>9EqI?S(iAFW|M5@^#+&^W%7Y|1}%sS8hC!$6ZnMw2cqwR#c&5{t>lt9KAVV9_5>qa=%sWS3ZXeU(r(C;LYY&iOsGo3+xxgeo4L zX1d0usd#|Ca}9$71f2;rKW=k?Bs24lw6e7?3`l+97j6Ua?^5xQ8c|W!Dj2suKCl+E zl(ml!7T0^rS<)aM76JKv-aOZBx(aONUAD>DMd@oolKoz1Gs95Z%hI0Yl zPaWDKW4!r}YDLVM3qTFsp(s^QV9UXGLpUwOJ!`8DSq4|$9-^=;9tnO$|5ad zhD27ZEjppm9ZTa4A||S6$u05ds|EdJCo>W8YO>O0wwiRJ>jnLEg+qKN;?;MnTI*gF z_CHp;l_DNK@kM4aS)<*<%o@RJtJ!%zX`iPA)^h-U@Zl@=DPpX#NG9B0{3wikNI2X8 z!*f@vz1n+;f>ASdLFS&!41S^H<;e@OZx>JAq?+p$xe|H4VnC<&4`QVN-GFyX1vjK)u9quFAkn_TTy*k(PKOc?|l>{Y`;VRs+q zJen6StaA`Y#07Njr}*L zZknYL26sV_prMmg3#rKI`*X7YKmTXb&KPp>;fn14pZ{~PTY?VjVt&mV@X#%cRWz>+ zVk`ya&ht1*8`2*JA={u_XtZe1&)`$$saQ%U2@0>clSHyincu=)fnYeO6Th8rFu-BMgj~AVV@>f@EYVUg_7E7TT{a^eZ)N|hb!)A-$=BjEt|FNK$ zXbl4C<1^IdF|?7tP{~Nr^z_Lp*UOcmm#fetIts0^Cq38HWzlc7=Wi8?+lH^Wj54mj zlZ@WgsRN1?a|?|_1cooj#J=ee20Kz5%vp4I$s`vIplb20>Elz=!U=&9t+)#L z-Wfz?pho2P45#0OR2*)v!V8Hk*$1Z-o)V>L8c$ZJt8dW2Zs1G9)?p6<#(;ZDWhV-9 zxt4r3W72Y6k}sEyw+hy=QLN>ZCW#U4&+U175{Ke#X;KbAJ`;}-wsXGHZg`W3ZjS*l zoez|I6NZ*6tM8XAf)cd*z_3yW>|GxZ`Qbm*yDWS>=x;%9+ zoALTix1bGGiv?WAPVUmSD=?V$r)?B=ZV;xtn55i6RV;Pt+C{UkCTax^Nv2HO+0T6G z2i++7OO?yCqpi(ovQJ?AiqAxFDJseqB5Q=Rn4&TO zIB+ZIgL-t4DP4>}u}8gI@pN+h{AH_+p$QYV-gJMQx;V1DWl^4lqhmg?)s<(TIJ#6= z$AO&o&j zbf(3EY97(%#mzATr944P1k(4Ju>948kvq23HdPmRBM~8+N7TYqoks@& z=Yf%|h-3+HZH7^4aE5QUKDJC?D?>A^ymPs(*K2_J^xMaspM!C$&+4r ziVtZxQ^gvCr(8t31*-F`{CM?lvs_|0$3B?Xg-N!gNvuYrHLk)XB?T;90_|=O%2#%c znfwza}>IY#cgp;>?W(U|V;90)d{B1R1%vI2Bx45p*@<$9S-yozM zgT~tq!}{Um=IE`r2OXj07%bj0smtz}cdBxd-s_5(RxJy& z9Hd!F*@eqzyI3!#IRsU4ZLqg8+ZJA};r1P&_I<TQ5iS zJdIbCjvfwk@!(?&?FnlmHwCvVui$DqiQTy%tS4e)i++h$rb(ve7uM3dM%ID7w_(S^ z@o;wI!*vUF@SM)Vw3sS-U6O}62PdE9DwhQjrX3?sM7(OO`k@7Wj_}2T#hhxEtgr-2 z$EYZ%ORibfJCv)E!xLA8&r%^fQ?~#ayJGiDDh6eU@>tD+PM_LfMMf8W5<6h8KY)Ot zvS^;$Ob&4k3TPbyK5ozcL!9RjZc6~Sf;-^xq9NJ0AEOU0>XE|%RUds*AVK3|8hiW+ z%RZDn$lGppH$fp6+K~-7X&_~^b0TRSIslx@6?ysc#UTuWzHJY@n@qRD7nN7)M$%NZ zQ=m#7sjyouUtVt1vg|yf)|TG5&|dczi2c?D!+q3Zi#C#DQ8Z2CTzAW)g6LUf&zxio zy1aE{hwb35d34uOY^o#@L+j$1#h(Yi!+wPN=yF~@7X5I^%Ip<^LuM=TwEyf#-(9sQY2j?DQuLODVm zT{AsG2pzeJwNub_p~RxBDW!iSjIN>6_UG4OTfpB7uC+nB_e>I+5|&1CwKTuvl^A*q ziPhH(2(LSetC6+Ndav4neHarhsb;gjc>dZpFM8Jq8s`bT{E#j450q6oy}J@w8efSC z_nu|2AJ)F>(ss0rYAxOiv1k=LdYs0t6lXotn}J~*E&BFowah-($pME2cqynvPfMyS zm&RkCrfvMXweCq4am5b7?E^HGQz^YH_jDk%d z#|Au_J41nxXqGX|AO6(HN7;>&Ol64%=a{shn7`0YQ^2^b?Gjic8U_WCD9siVCdvM* z&w9H69AG1=YTEEcTbEz>5Nq|--*Nl~H{I%WBQ3A%ux%oF3=0TYN75{*r>@VLcIP+<=Q6eg@%sks8DZIw*rU{iDb)! z0@Fg%6}nkMfn1SJ6CT08?IfQB?6262^~qMWSF;1qw`8$4zi81|0+x6yg{q$a?%ilR z^}!zHyMaZe6~t7)o+L^BeZ#c0P1LVw2PX3nZGL6`>y~9_1K-)mX{ok6Ze{<<6>^Ju zT3>t&rJj~t4qi}c$5OT3yVVX6#qx`7TKPT#O+>F-e4Hx4IXhj`)2UTY1|tRDPM`re zHSoHp36H5}fshhbdTTc$!60FkJFW=(q$LISJh()6Y(;K$qQ()uHDus6qT@*F+pPo_ z^U3v~={r0gJgpKw1YVGxqDR?dg0bx-0D@NuTPX`gsc(S>z+ZQ4wH+XNir4G9b9bXJrSR4HJ{EgR@s z&5+wrIy?5!SLpg^XJCI_TVep+?-{zgoF<8QILqBe`|yoz{p)T~J9`J>xl5oH66gf;z>_$lGPdu@ zv#*~$Eg(vXLt`)ZYH`iboOM8_hb=?n}m%e&bT z$P~+_B(I+hxNkl!#agm{W9PQZiVeSTto9@QbUN$fFMe9>Rm_vc7gj4z^Hp}xwgm-C zRYaqC6EC=ZCMz1pf1+~Ln+H4%+t;$a=5_A**ra+6BQwn;SbSs?h@)*JKT-A9xrwJY zhiRiwK;qKxeJ@m9fxapvg64(2o@QoE|Hx>9wjPUanjm45{>5TJd5VtFpa0ZPq69s4ti73fmMt`}!9$oq{vsO(M+A&NwbdWpw16hce{mUc~ z(cNZSYlC>fh|Kls5)A4+)_7LeujERAfy=JR2-~zT5Z1MkhCGN@e=k(Zrw#77O`+?y zQ~O?p!Pp~I05#p?@{Xl;{LU4&>=lS9`RV$T8LH1J>-rV;YQ0m4OF(H(+%qY8Y{&Vo zbXjat=FK(~X8l&u1+$P|Z@rbCr4_^bew*05U>M|_rK{~%+Q+;@W6XR+lgmyG<(dhm zYUWS?m<0vaRBcvpTfW8In&mQCIo+$J+-=}#)W|sS^svM{K75)DJKF-Njjii|(3DY~ zN!A;A@13)yWDo=X8hmOmnOtym7qpn%<-FZU(LWV3V%Im6ArzDwU9fJ|x%I?=WA8Is8ax6drNw!q}KbiI9&f13^MFwC-wp#}rv6G-5Ud zmbny%kT3=u_3%p~C5eb=Vm7JC?Z$Kgr|qQ_afX)+d37-TuS7;3Ky#n)JBBUe9AZs? zNbk86DZupqXYYG^WD`?{ZkXkH`_;PKc=+CEPnEU>9_d+V)}JMg%@3oI5F9Elzi z(TKXF#_rrtzu-BfL}^Hh^T&>}72hNtQ51Pd9-i~#`2#du@yz`IY=um$s)E%F)+Pbz zmzT>>Kj-r+A{lxKs+N!j=RIj6&2U9%)U|GCcU65Znvz>*i}Sj>%Xzwk_>6*zvCmiF zJAzjFT3fUVjXgB>vq!1ci-KprvZNu}y7rO{UxqtCU>Qw8+eg&6HapRvjtOE$Bs_>Jo~|1)iVPpAk0+VFoX@Y4 zj%PH2R7zx=hEF0ZpF(5?lawpRYkZ0quy{^12X$);8fbB?*zLN&0}GEFT!SbGDDsN^ zK{W?>N4|5fJhe6|z6;UlJ3x}Z3k9+tGN)CAT>$$mp1+i}+{_>+pgmZ?PE*9#OHlB}C==3B3Mp;q41`hc|pqcG#X2OAYyRjhP8 z(dQ6fY|=Q$HBgq>R(r-Y($X|51WgJ1HNTmg%HCmC=GkpQm+lC{N9d!DYmSb@Y2z}L z`>AFoblF(o1Unj)f?T!)uG!_CGu`{$6Y#bsO7vA5vm zq`3hyw;%^tUO3sVj6uGe?`pv`m#(BR?reTE15=pmZ#QuVk6?btOB|+T|J>bb8v?JU z+)zM8f0iSBWG_J>>CkFj)U;$`9bzL}lY=&1-DrgsEO$7CAtu(_*Z+^)h>-d3M_O*k zwVe?T8$vQLh^B>PG~d{+Hq!?8gkmX~3ib2Vf*N1i){hPxdoLufnS`5KWSi#_~a zt@pvCkW;-rwycoWBx`==%9@7;h7Xyz9ZMr+F0#>G#6&g6tn;RuhL_wkNsByHIAuK5abj~N#lo7YED9yDwxXgy!zj4M`mW2SOt-QgX~M9acKLn(5gv6QLGCs2!HP=S5)8h`nL%s~g* zOvj|&>hGHI`OW$IoV}^qW$g{?JV@ZBS;nebktvbvc8&QXthDROL@nF*GwkQ_cB2M))_IT-gj6x(Aj(s1&Dm~t2<9fW%xg8LCGd;lgKaf8R( z4soo)$J!902t4+hmPtmD^R{+3vI*;Go|@dRtk-@dotImGu`wX)#pQ=&&f}{ zqDtLd%`bp=Trgiyt1d5_^}wZ00DW~cLHCJfsqNirBdtUxTcp-x$AbiJxpves*nL4jyce@ z!4gc(wGw4qlHMBlMe|b3SVhPsElo-QTKrZ96Pwwh7nxj{$cm+*1ClRAmm7`&l!V+i@s9CB_sz&y2gcaz!sCw_j7@mG%YTaMNhWIz)nnuTBx>@0AhxeN@J1~AofbUT+@PYd5Y;JTFGc+m zWVT5k7uFvd7}olNBU3bV%f2gr)kzP*m z2ARfg4qttygUr~XFNb1;T9Vf6im!aUua~0LR&?Nc{W2OK4&d;faj{attrM80H%WfM zm`bvYY0ZI>Tgs(l!)GsfPXacK#?=BMLkmNAG%JIK_%V`I>M_HRceiJ}XOgBx*}$6C z!^Rpj>QA4L#iq3zD;ttbg9(4^b&_?-Tk?D67{qlmrktIaAk&boC#X_8GtbK$|NC@+-`lJvOUOGS$-gz*dfKe=q)BMjtKWEHk34O=8|{uZyGb^?FBK%;4o3ep zLBmak_g7TuF14mWfqVVY^ma789ZheWGMe6Y%4mA~CosL0u7mTSs@Cy_cGNZVy9t+n zhyiXBfdP_aq6Zrqs+qQFo!wzFg50DgV4+k-hpS|!Gw|u@i$F;G_)$Pa*~PRLPPly?6!r;f|<%_Rj-4Wn#{&^*vcI8+x69+ z0UDZ>ku;8`b|*Ek9)igEE#?gW?fMFGf70L`Ch#}*Kx(ZN?%Vl<%{mWcO7-tnlPcA- zT}{T+L+l{i{o2UhM%c#2r-78ATKy=&!T%W0iR}b_^3SkE!&zR_vVPm8y6*;yCF@O0 z)O&C*qB{k4^o$NCxw>wvcJ>GcKdR_~Nv=#o)(pA6Yx71lEDlA?S_Ctd7+to&1~AXs ze@;x#^9lC-SjNMq$NE#dZzV6mw}=iM?kr3FgVA)Ta@n^*pW;H?qb{IC(WqNLw3PZ1 z(mov5v!Ey}BM_8A=XqFkI_i=^S!vgGbCARVQN&prMZ6<^gaDIPC}|1#jKmLT;lS_M zKY&L=cs%0kZbAn$z?|Gu$?2llE0$AqlX#6#`a7eRo6dI7e+OAAtanc@J39dE7afs< zn#+e47iYOt0Q7IfYFPA5J#Zs9UOsV!LFd4xxIp!njGPT_7ezjEBY*nR&^EOpG67-6e8#@=y zzQSBRq01UvBRqtk4xvfB;gNxSPFco9O* z+c_kBwPHD^HPd_PrU^He;aHFqo+Bijj9D0``|Ba!gq{Z!SYXZWhd`5 zFY|ZgyYJwSs#r@}m_PN|3HN>K9r>^S{uWzh`R`1s=ErZIagi+NYMR|qS*t1D>Q6J7 zt7*F#{?RV~I;+&_hOUa8zHxSTcJ{;DxA5=T*;)VJ@86ug`R4rX+qXY_|HGTN=jY#? zy?%XucJ>W9d$dtIWvyx|zd1YjTm8X(CFR@6Wb!SoxLL682(38#qh=*6-_y_kS7~;5 zfBr3QfhH>hT(f=9dRN5#AX8V|U$_0~?B`Z(0B)C}fB4-jBx1YX0JN@DG zwcb>c!Rt3#-KpuSdPmANNXR8!v3I1mAls$-t!4rGn{dskcXsmx-|g(@k4-Z-7Z?P) z;Hv(0`&pCa$!`5_2auca5*Tyuq2>sg(5wj9Nkucz9quiE_*OG69M%0fEvh?uj?HCv zY(*`@6BR4p&n|y|Gw=M|KZHA-wq|P=*B{z|-zd`q%w=!&b=9`Z?m=+KF)8kuyyxt} zIT`&YqOKulKj4U_wLKuJp>?xVD1MVF^dibR|8cxX^P>3e$Z6?Zl zCTk*DCYB}tSJSq#epp)n+mhlyODt)DIvEDNUr{a0f=k%CblSs+&t5TP$!ojkG&5e8 zyxvS<`|!oO7E(GsB_cDR zw*}@b#8-{-*$}$PMfjKb4Y8kw$>>ubo#dJqRXYWmV7$DADRLc*Nv&io7%}wiDK{&Cd*o}zq}`rr0~+*buO zl4q0fpr-})A8#pwTRrLNg8k=Dst)#hKco@%>$|5GI9k}@bXs)ovmED(e{U2b>&UV0 zxpCb1D*HYFtAXXMI-t)Io`pq)UG-Ke)>?g;S{KLZi~h9z<9t+OM>V!f{ZWm50yVbJ zl2SC;7#oXe5NqNm5kX!@lh__+{L8dvfy1ANfYYsuJ zA;I>@r!C}M(M7?2xw)CW9vJTjr>cDqle|t}Lyuj}6mD*ZEQUN5IVbr%9I_VAbGdBHA3Sw1JKUUvJ`_ais%-g@bw z!C^3fh#nlKF#60`HK7H+??6ZokAp&-+&}yw%aeK5GsM<~TET}(g z`(r6@wmYE^6%mQ9e@6~Byr!)v3qW2@_$|0r8H>YO012#Vi;0kNycI4P&Gm|UPBgym z_9;eZh{;_94T7>emVGwZS%q$~bj4bVQwb(;@DWf&@HxoHNa#SrCe4I7q}s_m;=H&i z>Yvx_czPD+?*SrWoDbyU;6QKIyh-V7Ci-?=6dUp&c_T%~EuLPXbv0UgDY6jx<^(oX z8FI5frWGMC70cF=%|G+%cP9Dmkp1=L)(fo+G@oB}Vm#jK=lZ|il@=3mR`d^hZm1cP zey7^*RnPVt7IEnwIB<--YLAfr;}aqUoH6=vn%oJWw{>itR*Xq46#sU8Ine1@TeE9E z$F!WFHCO$l=l-~)y!5W7`TI{$KVM6`^qPitnG)~Ll0wuM?-Nym>rQ2lHgNIYDg<_L zU~o&l0V(tWJyCpFc2jLXzEXf&-S4XIQP8%0(~ZCfF6wridQDPv{SWE`J50=Ym2r%c zg8$cr5*5M$JKKJJGmQVAe}CS$|2ltjHsb$JQoc(3-&v6R0{=Hx^S@OMsM;d_&F@=K zfBVrM#@{@6QgFZNXtJHx)tulPuBR1TUc;Fw+K?|q2@D8MSFG0Zo$;=MR6DH%?EsHX zi%F0>RGQX>n!czDH8F%8LG}@3?^1sR*`EMpZ&*nRy53Yyh1F?Ml`|=7k%?kRdVcx- zYWAtA-04b#rmw3?NC>-CRfUn~J@RCsNw2$Q+On}VH4nR^Wv=e%X9f`kh0M{@wUX?X zNmgbonACZPTSbS(X%bADu59~?99w$Ncy-6*e9dbg{M@DZg;RHc;MgotP}h%=19|O% zN7j|*gZiiQ)7QJZ-8dA)PfzgEPe4H68}HYHF)uEfiXQdnr6QFmc(!RMa}i2opBSROR7kmjTXs1H~07nxLfc~l~0#13XTn9o|Psk_HW*7`qF@eI8 z>T${5mz%+=2;H>RE^q(J@0ovyPQ!WsJ?{%cv0gy)chtpx>FL%@?XAFXj>o&EI;t$*Gi*Py| z#=G=~Chg(!1pI47|L_XR+f@75)b!dwJM0`?eT_EZ=_)|=h=`n$nNW%^3ge=#-VyVW zo2&Wx*@^qtdFQX!z9ayRne5=8;~ zVh0go7I@Da*b9$F-ywDmSYUwXOMCER$h zk}e7@Gp=i~qWV~atBN~TI*Wn`>FgY^ZDZbWh##~*0WxuZXhPSdaw2pu3#A z0reX+zy{{%B_V!f>ijgQGw_&1&>0z6BIfMw@*QlrarN}Ee)8LSWIpveA}_Gw>iN6U`9dHMGaG&Y8d=bNj6qdiw;=PM0Q! zxla$w_9M;pfioSQ=kP2?=QuLMhU$N1C6k(C>)A=0$IdI>nOxc$?&y6`$sx0h8F>?C z7;^yI*~Qne+uTNmgeTj}bl)6F;f`%}?j!BzZG<1NlX@i{l+k3DyzTElb)jaHHk42& z!MfA0NUD{=+%-vgYld>x4CJfP$3<};O32!`FNUgq24J3nz;DdB1AVpzf`FFow50Y6 zw>*MRZArp^@W0kQc4rhQj{kiB=FRu7`~Ls0e>@-YpQk8aC;ro0kb9#*_;il#^s%7M z!)-*U+lM|b)Oq@}=uoHMsTh%|-f__HHYDt^2GJ#wJQXaB`uCfSo%AzJk5@+J7%%3GYZO z@qKCQB>%{tp7Ks43tZZIwZfX_&fvd_>l2$a3}<0zLdSpC2P2AR#6@9%;Ux`tH~yB~uN=^_@ruZ){s^!mnFIj1IFUaD<4553=U>?CPf-#)vO8UdAVA zNrh^gk+~f4pUF_7EiA5i*ws%j70K>+kxN!$u6W1;X)dNKkt+zaIgqm(gR0_%Hne8- zAP+^eVy$W>FK6-0(l`FMF^UGJx^l;CB=cyKdNilxr;P=GPg>GyQIi%bVRmD=jNv0x zsb7T6BAq{mg{3sj>#;T zcg{nymot2!myfYc6KWOST13Z&hu%R;+EXl%SQS`O zB35*34klbrOSnpRUMyg#VuBCRmiJYiSlKswIMv)uh~75ip`|>W7FbL!~JyvBvAv@ zFuKAl^!WS#hl@nD&hDC@ytyE|1;(jBK)?ygdlS@2mS>IQ2b(=VJ6n1DGrA>_n+;sF zVTomb#*&x=+NAuom$Gq%*K~0B3?`SgJ!fGD03afrJ(r%dQ7#+8oq8`|Js!)Run2I9>zm-LF2EASW<>qFlU-YX8(CdUINh6e5E_;gDZ_iY)1O1xCqf=tXz#!XTBT^u}9uqe7> zbMCVr8|dZBxp}j@!gSx2{uSMoQ~K-Qa_pWJddZ!x#J_k^&{H9oQ&vuXo9peUrhjLP zDMaE!RZUIjtezmHrnYNCr|<66f~ajf(`pW{MOL+5u}PG&ycziYiq~4B6PWp$uriaI z3QWEludAd+U-46R3Y%{p2$t6^yX=7^$t6|5sU@x1GW}$jn-{vMwV*j^E|Z%^lMc?- z>rkDNYq2i#Yq4kz+hBGYw}xnoD5#r+w=1z45U!I}DPEo@Q|Iq^*Y48BT)%6%z}y#` z1s5Gl3!8$(2K>u$p6=hh4X*}5Ug<8>0uxNLj4O6RM9I(ujI9<7jFoW&EXS!JFc;Ak zoB}h%ta%Bs<`tm}rJ;2kH>nGs7mov~?+2$_$UJ-nwlk1Eu)YVt^GAWr_Xo@e2NMIy z9|<1c4;VM#cc9H3A@LsUJ+LGP!0-s*9bT3Z7<@37cLMZ%0O)Oi?MT;mfxBI@gl;-_ z0J;Zh6V#KRI!^aaI4@vT0rKpN@E#EKc?i`#1ka6Z;(d_ZC>l7dDJCMc`(U$O>@^|@ zq@l82)HTv-43CZAt&tXkNNgNwjkFlUU{f&GNYftlbvJZ1(smP+WB^x9j3E>h(PAj- zW8kOzBBwBq>7vWdnCW2nsT7>_(Gb$Tu+af?keyJ`9gxoG2 zN5M1Gkjyj;b651z$Q1*a$#HSZRJ3Lot2`1)nTWWhA(Q)HlA(y4Zh3MvGLhphKPS@tjVS$#_4)rM2t!h>^6+r$Kwk z-elLJ1KgZo8b2h}p~l|!8%k9O0e-SlWTJ=#rgmCUZa*tMOOroD-TTz6=%Rwh}x737|`J@~5ZnUu&Z7fC`i_ym7 fnc7&45t7F;ma&ZGPh0*c00960GJrkj0QwLB (value at the top of the values.yaml). +default_redirection_url: "" +# default_redirection_url: https://example.com + +theme: light + +## +## TOTP Configuration +## +## Parameters used for TOTP generation +totp: + ## The issuer name displayed in the Authenticator application of your choice + ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names + ## Defaults to . + issuer: "" + ## The period in seconds a one-time password is current for. Changing this will require all users to register + ## their TOTP applications again. Warning: before changing period read the docs link below. + period: 30 + ## The skew controls number of one-time passwords either side of the current one that are valid. + ## Warning: before changing skew read the docs link below. + ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation. + skew: 1 + +## +## Duo Push API Configuration +## +## Parameters used to contact the Duo API. Those are generated when you protect an application of type +## "Partner Auth API" in the management panel. +duo_api: + enabled: false + hostname: api-123456789.example.com + integration_key: ABCDEF + plain_api_key: "" + +## NTP settings + +ntp: + address: "time.cloudflare.com:123" + version: 4 + max_desync: 3s + disable_startup_check: false + disable_failure: true + +## +## Authentication Backend Provider Configuration +## +## Used for verifying user passwords and retrieve information such as email address and groups users belong to. +## +## The available providers are: `file`, `ldap`. You must use one and only one of these providers. +authentication_backend: + ## Disable both the HTML element and the API for reset password functionality + disable_reset_password: false + + ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation. + ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will + ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP. + ## To force update on every request you can set this to '0' or 'always', this will increase processor demand. + ## See the below documentation for more information. + ## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval + refresh_interval: 5m + + ## LDAP backend configuration. + ## + ## This backend allows Authelia to be scaled to more + ## than one instance and therefore is recommended for + ## production. + ldap: + ## Enable LDAP Backend. + enabled: false + + ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. + ## Acceptable options are as follows: + ## - 'activedirectory' - For Microsoft Active Directory. + ## - 'custom' - For custom specifications of attributes and filters. + ## This currently defaults to 'custom' to maintain existing behaviour. + ## + ## Depending on the option here certain other values in this section have a default value, notably all of the + ## attribute mappings have a default value that this config overrides, you can read more about these default values + ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults + implementation: activedirectory + + ## The url to the ldap server. Format: ://
[:]. + ## Scheme can be ldap or ldaps in the format (port optional). + url: ldap://openldap.default.svc.cluster.local + + ## Connection Timeout. + timeout: 5s + + ## Use StartTLS with the LDAP connection. + start_tls: false + + tls: + ## Server Name for certificate validation (in case it's not set correctly in the URL). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for either Secure LDAP or LDAP StartTLS. + minimum_version: TLS1.2 + + ## The base dn for every LDAP query. + base_dn: DC=example,DC=com + + ## The attribute holding the username of the user. This attribute is used to populate the username in the session + ## information. It was introduced due to #561 to handle case insensitive search queries. For you information, + ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this + ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. + ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user + ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also + ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above + ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. + username_attribute: "" + + ## An additional dn to define the scope to all users. + additional_users_dn: OU=Users + + ## The users filter used in search queries to find the user profile based on input filled in login form. + ## Various placeholders are available in the user filter: + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## + ## Recommended settings are as follows: + ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) + ## - OpenLDAP: + ## - (&({username_attribute}={input})(objectClass=person)) + ## - (&({username_attribute}={input})(objectClass=inetOrgPerson)) + ## + ## To allow sign in both with username and email, one can use a filter like + ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + users_filter: "" + + ## An additional dn to define the scope of groups. + additional_groups_dn: OU=Groups + + ## The groups filter used in search queries to find the groups of the user. + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`). + ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN. + ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in + ## later version, so please don't use it. + ## + ## If your groups use the `groupOfUniqueNames` structure use this instead: + ## (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) + groups_filter: "" + + ## The attribute holding the name of the group + group_name_attribute: "" + + ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the + ## first one returned by the LDAP server is used. + mail_attribute: "" + + ## The attribute holding the display name of the user. This will be used to greet an authenticated user. + display_name_attribute: "" + + ## The username of the admin user. + user: CN=Authelia,DC=example,DC=com + plain_password: "" + + ## + ## File (Authentication Provider) + ## + ## With this backend, the users database is stored in a file which is updated when users reset their passwords. + ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia + ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security + ## implications it is highly recommended you leave the default values. Before considering changing these settings + ## please read the docs page below: + ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + file: + enabled: true + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + key_length: 32 + salt_length: 16 + memory: 1024 + parallelism: 8 + +## +## Access Control Configuration +## +## Access control is a list of rules defining the authorizations applied for one resource to users or group of users. +## +## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed +## to anyone. Otherwise restrictions follow the rules defined. +## +## Note: One can use the wildcard * to match any subdomain. +## It must stand at the beginning of the pattern. (example: *.mydomain.com) +## +## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct. +## +## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'. +## +## - 'domain' defines which domain or set of domains the rule applies to. +## +## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not +## provided. If provided, the parameter represents either a user or a group. It should be of the form +## 'user:' or 'group:'. +## +## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'. +## +## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter +## is optional and matches any resource if not provided. +## +## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies. +access_control: + ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any + ## resource if there is no policy to be applied to the user. + default_policy: deny + + networks: [] + # networks: + # - name: private + # networks: + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # - name: vpn + # networks: + # - 10.9.0.0/16 + + rules: [] + # rules: + # - domain: public.example.com + # policy: bypass + # - domain: "*.example.com" + # policy: bypass + # methods: + # - OPTIONS + # - domain: secure.example.com + # policy: one_factor + # networks: + # - private + # - vpn + # - 192.168.1.0/24 + # - 10.0.0.1 + # - domain: + # - secure.example.com + # - private.example.com + # policy: two_factor + # - domain: singlefactor.example.com + # policy: one_factor + # - domain: "mx2.mail.example.com" + # subject: "group:admins" + # policy: deny + # - domain: "*.example.com" + # subject: + # - "group:admins" + # - "group:moderators" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/groups/dev/.*$" + # subject: "group:dev" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/users/john/.*$" + # subject: + # - ["group:dev", "user:john"] + # - "group:admins" + # policy: two_factor + # - domain: "{user}.example.com" + # policy: bypass + +## +## Session Provider Configuration +## +## The session cookies identify the user once logged in. +## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined. +session: + ## The name of the session cookie. (default: authelia_session). + name: authelia_session + + ## Sets the Cookie SameSite value. Possible options are none, lax, or strict. + ## Please read https://www.authelia.com/docs/configuration/session.html#same_site + same_site: lax + + ## The time in seconds before the cookie expires and session is reset. + expiration: 1h + + ## The inactivity time in seconds before the session is reset. + inactivity: 5m + + ## The remember me duration. + ## Value is in seconds, or duration notation. Value of 0 disables remember me. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to + ## spy or attack. Currently the default is 1M or 1 month. + remember_me_duration: 1M + +## +## Redis Provider +## +## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html +## +## The redis connection details +redisProvider: + port: 6379 + + ## Optional username to be used with authentication. + # username: authelia + username: "" + + ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). + database_index: 0 + + ## The maximum number of concurrent active connections to Redis. + maximum_active_connections: 8 + + ## The target number of idle connections to have open ready for work. Useful when opening connections is slow. + minimum_idle_connections: 0 + + ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). + tls: + enabled: false + + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for the connection. + minimum_version: TLS1.2 + + ## The Redis HA configuration options. + ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). + high_availability: + enabled: false + enabledSecret: false + ## Sentinel Name / Master Name + sentinel_name: mysentinel + + ## The additional nodes to pre-seed the redis provider with (for sentinel). + ## If the host in the above section is defined, it will be combined with this list to connect to sentinel. + ## For high availability to be used you must have either defined; the host above or at least one node below. + nodes: [] + # nodes: + # - host: sentinel-0.databases.svc.cluster.local + # port: 26379 + # - host: sentinel-1.databases.svc.cluster.local + # port: 26379 + + ## Choose the host with the lowest latency. + route_by_latency: false + + ## Choose the host randomly. + route_randomly: false + +## +## Regulation Configuration +## +## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done +## in a short period of time. +regulation: + ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation. + max_retries: 3 + + ## The time range during which the user can attempt login before being banned. The user is banned if the + ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + find_time: 2m + + ## The length of time before a banned user can login again. Ban Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ban_time: 5m + +## +## Storage Provider Configuration +## +## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. +storage: + ## + ## PostgreSQL (Storage Provider) + ## + postgres: + port: 5432 + database: authelia + username: authelia + sslmode: disable + timeout: 5s + +## +## Notification Provider +## +## +## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration. +## The available providers are: filesystem, smtp. You must use one and only one of these providers. +notifier: + ## You can disable the notifier startup check by setting this to true. + disable_startup_check: false + + ## + ## File System (Notification Provider) + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + filesystem: + enabled: true + filename: /config/notification.txt + + ## + ## SMTP (Notification Provider) + ## + ## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate. + ## [Security] By default Authelia will: + ## - force all SMTP connections over TLS including unauthenticated connections + ## - use the disable_require_tls boolean value to disable this requirement + ## (only works for unauthenticated connections) + ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates + ## (configure in tls section) + smtp: + enabled: false + enabledSecret: false + host: smtp.mail.svc.cluster.local + port: 25 + timeout: 5s + username: test + plain_password: test + sender: admin@example.com + ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. + identifier: localhost + ## Subject configuration of the emails sent. + ## {title} is replaced by the text from the notifier + subject: "[Authelia] {title}" + ## This address is used during the startup check to verify the email configuration is correct. + ## It's not important what it is except if your email server only allows local delivery. + startup_check_address: test@authelia.com + disable_require_tls: false + disable_html_emails: false + + tls: + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for either StartTLS or SMTPS. + minimum_version: TLS1.2 + +identity_providers: + oidc: + ## Enables this in the config map. Currently in beta stage. + ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap + enabled: false + + access_token_lifespan: 1h + authorize_code_lifespan: 1m + id_token_lifespan: 1h + refresh_token_lifespan: 90m + + enable_client_debug_messages: false + + ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for + ## security reasons. + minimum_parameter_entropy: 8 + + clients: [] + # clients: + # - + ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration. + # id: myapp + + ## The description to show to users when they end up on the consent screen. Defaults to the ID above. + # description: My Application + + ## The client secret is a shared secret between Authelia and the consumer of this client. + # secret: apple123 + + ## Sets the client to public. This should typically not be set, please see the documentation for usage. + # public: false + + ## The policy to require for this client; one_factor or two_factor. + # authorization_policy: two_factor + + ## Configures the consent mode; auto, explicit or implicit + # consent_mode: auto + + ## Audience this client is allowed to request. + # audience: [] + + ## Scopes this client is allowed to request. + # scopes: + # - openid + # - profile + # - email + # - groups + + ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. + # redirect_uris: + # - https://oidc.example.com/oauth2/callback + + ## Grant Types configures which grants this client can obtain. + ## It's not recommended to configure this unless you know what you're doing. + # grant_types: + # - refresh_token + # - authorization_code + + ## Response Types configures which responses this client can be sent. + ## It's not recommended to configure this unless you know what you're doing. + # response_types: + # - code + + ## Response Modes configures which response modes this client supports. + ## It's not recommended to configure this unless you know what you're doing. + # response_modes: + # - form_post + # - query + # - fragment + + ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256. + # userinfo_signing_algorithm: none + +portal: + open: + enabled: true diff --git a/enterprise/authelia/16.0.0/questions.yaml b/enterprise/authelia/16.0.0/questions.yaml new file mode 100644 index 00000000000..7d7fdded130 --- /dev/null +++ b/enterprise/authelia/16.0.0/questions.yaml @@ -0,0 +1,2969 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 2 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: domain + group: "App Configuration" + label: "Domain" + description: "The highest domain level possible, for example: domain.com when using app.domain.com" + schema: + type: string + default: "" + required: true + - variable: default_redirection_url + group: "App Configuration" + label: "Default Redirection URL" + description: "If user tries to authenticate without any referrer, this is used" + schema: + type: string + default: "" + valid_chars: '^https?:\/\/(.*)' + - variable: theme + group: "App Configuration" + label: "Theme" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "light" + description: "light" + - value: "grey" + description: "grey" + - value: "dark" + description: "dark" + - variable: log + group: "App Configuration" + label: "Log Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "info" + enum: + - value: "info" + description: "info" + - value: "debug" + description: "debug" + - value: "trace" + description: "trace" + - variable: format + label: "Log Format" + schema: + type: string + default: "text" + enum: + - value: "json" + description: "json" + - value: "text" + description: "text" + - variable: totp + group: "App Configuration" + label: "TOTP Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: issuer + label: "Issuer" + description: "The issuer name displayed in the Authenticator application of your choice" + schema: + type: string + default: "" + - variable: period + label: "Period" + description: "The period in seconds a one-time password is current for" + schema: + type: int + default: 30 + - variable: skew + label: "skew" + description: "Controls number of one-time passwords either side of the current one that are valid." + schema: + type: int + default: 1 + - variable: duo_api + group: "App Configuration" + label: "DUO API Configuration" + description: "Parameters used to contact the Duo API." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostname + label: "Hostname" + schema: + type: string + required: true + default: "" + - variable: integration_key + label: "integration_key" + schema: + type: string + default: "" + required: true + - variable: plain_api_key + label: "plain_api_key" + schema: + type: string + default: "" + required: true + - variable: session + group: "App Configuration" + label: "Session Provider" + description: "The session cookies identify the user once logged in." + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Cookie Name" + description: "The name of the session cookie." + schema: + type: string + required: true + default: "authelia_session" + - variable: same_site + label: "SameSite Value" + description: "Sets the Cookie SameSite value" + schema: + type: string + default: "lax" + enum: + - value: "lax" + description: "lax" + - value: "strict" + description: "strict" + - variable: expiration + label: "Expiration Time" + description: "The time in seconds before the cookie expires and session is reset." + schema: + type: string + default: "1h" + required: true + - variable: inactivity + label: "Inactivity Time" + description: "The inactivity time in seconds before the session is reset." + schema: + type: string + default: "5m" + required: true + - variable: remember_me_duration + label: "Remember-Me duration" + description: "The remember me duration" + schema: + type: string + default: "5M" + required: true + - variable: regulation + group: "App Configuration" + label: "Regulation Configuration" + description: "This mechanism prevents attackers from brute forcing the first factor." + schema: + additional_attrs: true + type: dict + attrs: + - variable: max_retries + label: "Maximum Retries" + description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." + schema: + type: int + default: 3 + - variable: find_time + label: "Find Time" + description: "The time range during which the user can attempt login before being banned." + schema: + type: string + default: "2m" + required: true + - variable: ban_time + label: "Ban Duration" + description: "The length of time before a banned user can login again" + schema: + type: string + default: "5m" + required: true + - variable: authentication_backend + group: "App Configuration" + label: "Authentication Backend Provider" + description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_reset_password + label: "Disable Reset Password" + description: "Disable both the HTML element and the API for reset password functionality" + schema: + type: boolean + default: false + - variable: refresh_interval + label: "Reset Interval" + description: "The amount of time to wait before we refresh data from the authentication backend" + schema: + type: string + default: "5m" + required: true + - variable: ldap + label: "LDAP backend configuration" + description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: implementation + label: "Implementation" + description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password" + schema: + type: string + default: "custom" + enum: + - value: "activedirectory" + description: "Active Directory" + - value: "custom" + description: "Custom" + - variable: url + label: "URL" + description: "The url to the ldap server. Format: ://
[:]" + schema: + type: string + default: "ldap://openldap.default.svc.cluster.local" + required: true + - variable: timeout + label: "Connection Timeout" + schema: + type: string + default: "5s" + required: true + - variable: start_tls + label: "Start TLS" + description: "Use StartTLS with the LDAP connection" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: base_dn + label: "Base DN" + description: "The base dn for every LDAP query." + schema: + type: string + default: "DC=example,DC=com" + required: true + - variable: username_attribute + label: "Username Attribute" + description: "The attribute holding the username of the user" + schema: + type: string + default: "" + required: true + - variable: additional_users_dn + label: "Additional Users DN" + description: "An additional dn to define the scope to all users." + schema: + type: string + default: "OU=Users" + required: true + - variable: users_filter + label: "Users Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: additional_groups_dn + label: "Additional Groups DN" + description: "An additional dn to define the scope of groups." + schema: + type: string + default: "OU=Groups" + required: true + - variable: groups_filter + label: "Groups Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: group_name_attribute + label: "Group name Attribute" + description: "The attribute holding the name of the group" + schema: + type: string + default: "" + required: true + - variable: mail_attribute + label: "Mail Attribute" + description: "The attribute holding the primary mail address of the user" + schema: + type: string + default: "" + required: true + - variable: display_name_attribute + label: "Display Name Attribute" + description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." + schema: + type: string + default: "" + - variable: user + label: "Admin User" + description: "The username of the admin user used to connect to LDAP." + schema: + type: string + default: "CN=Authelia,DC=example,DC=com" + required: true + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + required: true + - variable: file + label: "File backend configuration" + description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: path + label: "Path" + schema: + type: string + default: "/config/users_database.yml" + required: true + - variable: password + label: "Password Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: algorithm + label: "Algorithm" + schema: + type: string + default: "argon2id" + enum: + - value: "argon2id" + description: "argon2id" + - value: "sha512" + description: "sha512" + - variable: iterations + label: "Iterations" + schema: + type: int + default: 1 + required: true + - variable: key_length + label: "Key Length" + schema: + type: int + default: 32 + required: true + - variable: salt_length + label: "Salt Length" + schema: + type: int + default: 16 + required: true + - variable: memory + label: "Memory" + schema: + type: int + default: 1024 + required: true + - variable: parallelism + label: "Parallelism" + schema: + type: int + default: 8 + required: true + - variable: notifier + group: "App Configuration" + label: "Notifier Configuration" + description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_startup_check + label: "Disable Startup Check" + schema: + type: boolean + default: false + - variable: filesystem + label: "Filesystem Provider" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filename + label: "File Path" + schema: + type: string + default: "/config/notification.txt" + required: true + - variable: smtp + label: "SMTP Provider" + description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: host + label: "Host" + schema: + type: string + default: "smtp.mail.svc.cluster.local" + required: true + - variable: port + label: "Port" + schema: + type: int + default: 25 + required: true + - variable: timeout + label: "Timeout" + schema: + type: string + default: "5s" + required: true + - variable: username + label: "Username" + schema: + type: string + default: "" + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + - variable: sender + label: "Sender" + schema: + type: string + default: "" + required: true + - variable: identifier + label: "Identifier" + description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." + schema: + type: string + default: "localhost" + required: true + - variable: subject + label: "Subject" + description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" + schema: + type: string + default: "[Authelia] {title}" + required: true + - variable: startup_check_address + label: "Startup Check Address" + description: "This address is used during the startup check to verify the email configuration is correct." + schema: + type: string + default: "test@authelia.com" + required: true + - variable: disable_require_tls + label: "Disable Require TLS" + schema: + type: boolean + default: false + - variable: disable_html_emails + label: "Disable HTML emails" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: access_control + group: "App Configuration" + label: "Access Control Configuration" + description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_policy + label: "Default Policy" + description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'." + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: networkItem + label: "Network Item" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "network" + schema: + type: string + default: "" + required: true + - variable: rules + label: "Rules" + schema: + type: list + default: [] + items: + - variable: rulesItem + label: "Rule" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: "Domains" + description: "defines which domain or set of domains the rule applies to." + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "Domain" + schema: + type: string + default: "" + required: true + - variable: policy + label: "Policy" + description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'." + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: subject + label: "Subject" + description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided" + schema: + type: list + default: [] + items: + - variable: subjectitem + label: "Subject" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "Network" + schema: + type: string + default: "" + required: true + - variable: resources + label: "Resources" + description: "is a list of regular expressions that matches a set of resources to apply the policy to" + schema: + type: list + default: [] + items: + - variable: resource + label: "Resource" + schema: + type: string + default: "" + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9091 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: identity_providers + group: "Advanced" + label: "Authelia Identity Providers (BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: oidc + label: "OpenID Connect(BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: access_token_lifespan + label: "Access Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: authorize_code_lifespan + label: "Authorize Code Lifespan" + schema: + type: string + default: "1m" + required: true + - variable: id_token_lifespan + label: "ID Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: refresh_token_lifespan + label: "Refresh Token Lifespan" + schema: + type: string + default: "90m" + required: true + - variable: enable_client_debug_messages + label: "Enable Client Debug Messages" + schema: + type: boolean + default: false + - variable: clients + label: "Clients" + schema: + type: list + default: [] + items: + - variable: clientEntry + label: "Client" + schema: + additional_attrs: true + type: dict + attrs: + - variable: id + label: "ID/Name" + description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." + schema: + type: string + default: "myapp" + required: true + - variable: description + label: "Description" + description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." + schema: + type: string + default: "My Application" + required: true + - variable: secret + label: "Secret" + description: "The client secret is a shared secret between Authelia and the consumer of this client." + schema: + type: string + default: "" + required: true + - variable: public + label: "public" + description: "Sets the client to public. This should typically not be set, please see the documentation for usage." + schema: + type: boolean + default: false + - variable: authorization_policy + label: "Authorization Policy" + description: "The policy to require for this client; one_factor or two_factor." + schema: + type: string + default: "two_factor" + enum: + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - variable: consent_mode + label: "Consent Mode" + description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "explicit" + description: "explicit" + - value: "implicit" + description: "implicit" + - variable: userinfo_signing_algorithm + label: "Userinfo Signing Algorithm" + description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." + schema: + type: string + default: "none" + enum: + - value: "none" + description: "none" + - value: "RS256" + description: "RS256" + - variable: audience + label: "Audience" + description: "Audience this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: audienceEntry + label: "" + schema: + type: string + default: "" + required: true + - variable: scopes + label: "Scopes" + description: "Scopes this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: ScopeEntry + label: "Scope" + schema: + type: string + default: "openid" + required: true + - variable: redirect_uris + label: "redirect_uris" + description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." + schema: + type: list + default: [] + items: + - variable: uriEntry + label: "Url" + schema: + type: string + default: "https://oidc.example.com/oauth2/callback" + required: true + - variable: grant_types + description: "Grant Types configures which grants this client can obtain." + label: "grant_types" + schema: + type: list + default: [] + items: + - variable: grantEntry + label: "Grant" + schema: + type: string + default: "refresh_token" + required: true + - variable: response_types + description: "Response Types configures which responses this client can be sent." + label: "response_types" + schema: + type: list + default: [] + items: + - variable: responseEntry + label: "type" + schema: + type: string + default: "code" + required: true + - variable: response_modes + description: "Response Modes configures which response modes this client supports." + label: "response_modes" + schema: + type: list + default: [] + items: + - variable: modeEntry + label: "Mode" + schema: + type: string + default: "form_post" + required: true + - variable: cnpg + group: Postgresql + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walsize + label: Walsize + schema: + type: string + default: "256Gi" + - variable: pooler + label: "Pooler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: Monitoring + label: "Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/authelia/16.0.0/templates/NOTES.txt b/enterprise/authelia/16.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/authelia/16.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/authelia/16.0.0/templates/_configmap.tpl b/enterprise/authelia/16.0.0/templates/_configmap.tpl new file mode 100644 index 00000000000..eb6f8b19ac3 --- /dev/null +++ b/enterprise/authelia/16.0.0/templates/_configmap.tpl @@ -0,0 +1,349 @@ +{{/* Define the configmap */}} +{{- define "authelia.configmap.paths" -}} +enabled: true +data: + AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" + AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN" + AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_ENCRYPTION_KEY" + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/ENCRYPTION_KEY" + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: "/secrets/STORAGE_PASSWORD" + {{- if .Values.authentication_backend.ldap.enabled }} + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: "/secrets/LDAP_PASSWORD" + {{- end }} + {{- if .Values.notifier.smtp.enabled }} + AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: "/secrets/SMTP_PASSWORD" + {{- end }} + AUTHELIA_SESSION_REDIS_PASSWORD_FILE: "/secrets/REDIS_PASSWORD" + {{- if .Values.redisProvider.high_availability.enabled }} + AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE: "/secrets/REDIS_SENTINEL_PASSWORD" + {{- end }} + {{- if .Values.duo_api.enabled }} + AUTHELIA_DUO_API_SECRET_KEY_FILE: "/secrets/DUO_API_KEY" + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: "/secrets/OIDC_HMAC_SECRET" + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY" + {{- end }} + +{{- end -}} + +{{- define "authelia.configmap.configfile" -}} +enabled: true +data: + configuration.yaml: | + --- + theme: {{ .Values.theme | default "light" }} + default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.default_redirection_url }} + ntp: + address: {{ .Values.ntp.address | default "time.cloudflare.com:123" }} + version: {{ .Values.ntp.version | default 4 }} + max_desync: {{ .Values.ntp.max_desync | default "3s" }} + disable_startup_check: {{ .Values.ntp.disable_startup_check | default false }} + disable_failure: {{ .Values.ntp.disable_failure | default true }} + server: + host: 0.0.0.0 + port: {{ .Values.server.port | default 9091 }} + {{- if ne "" (.Values.server.path | default "") }} + path: {{ .Values.server.path }} + {{- end }} + buffers: + write: {{ .Values.server.write_buffer_size | default 4096 }} + read: {{ .Values.server.read_buffer_size | default 4096 }} + enable_pprof: {{ .Values.server.enable_pprof | default false }} + enable_expvars: {{ .Values.server.enable_expvars | default false }} + log: + level: {{ .Values.log.level | default "info" }} + format: {{ .Values.log.format | default "text" }} + {{- if ne "" (.Values.log.file_path | default "") }} + file_path: {{ .Values.log.file_path }} + keep_stdout: true + {{- end }} + totp: + issuer: {{ .Values.totp.issuer | default .Values.domain }} + period: {{ .Values.totp.period | default 30 }} + skew: {{ .Values.totp.skew | default 1 }} + {{- if .Values.duo_api.enabled }} + duo_api: + hostname: {{ .Values.duo_api.hostname }} + integration_key: {{ .Values.duo_api.integration_key }} + {{- end -}} + {{- with $auth := .Values.authentication_backend }} + authentication_backend: + password_reset: + disable: {{ $auth.disable_reset_password }} + {{- if $auth.file.enabled }} + file: + path: {{ $auth.file.path }} + password: + {{- $p := $auth.file.password -}} + {{- if $p.algorithm }} + algorithm: {{ $p.algorithm }} + {{- end -}} + {{- if $p.iterations }} + iterations: {{ $p.iterations }} + {{- end -}} + {{- if $p.key_length }} + key_length: {{ $p.key_length }} + {{- end -}} + {{- if $p.salt_length }} + salt_length: {{ $p.salt_length }} + {{- end -}} + {{- if $p.memory }} + memory: {{ $p.memory }} + {{- end -}} + {{- if $p.parallelism }} + parallelism: {{ $p.parallelism }} + {{- end -}} + {{- end -}} + {{- if $auth.ldap.enabled }} + ldap: + implementation: {{ $auth.ldap.implementation | default "custom" }} + url: {{ $auth.ldap.url }} + timeout: {{ $auth.ldap.timeout | default "5s" }} + start_tls: {{ $auth.ldap.start_tls }} + tls: + {{- if hasKey $auth.ldap.tls "server_name" }} + server_name: {{ $auth.ldap.tls.server_name | default $auth.ldap.host }} + {{- end }} + minimum_version: {{ $auth.ldap.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $auth.ldap.tls.skip_verify | default false }} + {{- if $auth.ldap.base_dn }} + base_dn: {{ $auth.ldap.base_dn }} + {{- end -}} + {{- if $auth.ldap.username_attribute }} + username_attribute: {{ $auth.ldap.username_attribute }} + {{- end -}} + {{- if $auth.ldap.additional_users_dn }} + additional_users_dn: {{ $auth.ldap.additional_users_dn }} + {{- end -}} + {{- if $auth.ldap.users_filter }} + users_filter: {{ $auth.ldap.users_filter }} + {{- end -}} + {{- if $auth.ldap.additional_groups_dn }} + additional_groups_dn: {{ $auth.ldap.additional_groups_dn }} + {{- end -}} + {{- if $auth.ldap.groups_filter }} + groups_filter: {{ $auth.ldap.groups_filter }} + {{- end -}} + {{- if $auth.ldap.group_name_attribute }} + group_name_attribute: {{ $auth.ldap.group_name_attribute }} + {{- end -}} + {{- if $auth.ldap.mail_attribute }} + mail_attribute: {{ $auth.ldap.mail_attribute }} + {{- end -}} + {{- if $auth.ldap.display_name_attribute }} + display_name_attribute: {{ $auth.ldap.display_name_attribute }} + {{- end }} + user: {{ $auth.ldap.user }} + {{- end -}} + {{- end -}} + {{- with $session := .Values.session }} + session: + name: {{ $session.name | default "authelia_session" }} + domain: {{ required "A valid .Values.domain entry required!" $.Values.domain }} + same_site: {{ $session.same_site | default "lax" }} + expiration: {{ $session.expiration | default "1M" }} + inactivity: {{ $session.inactivity | default "5m" }} + remember_me_duration: {{ $session.remember_me_duration | default "1M" }} + {{- end }} + redis: + host: {{ .Values.redis.creds.plain }} + {{- with $redis := .Values.redisProvider }} + port: {{ $redis.port | default 6379 }} + {{- if not (eq $redis.username "") }} + username: {{ $redis.username }} + {{- end }} + maximum_active_connections: {{ $redis.maximum_active_connections | default 8 }} + minimum_idle_connections: {{ $redis.minimum_idle_connections | default 0 }} + {{- if $redis.tls.enabled }} + tls: + server_name: {{ $redis.tls.server_name }} + minimum_version: {{ $redis.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $redis.tls.skip_verify }} + {{- end }} + {{- if $redis.high_availability.enabled }} + high_availability: + sentinel_name: {{ $redis.high_availability.sentinel_name }} + {{- if $redis.high_availability.nodes }} + nodes: + {{- range $node := $redis.high_availability.nodes }} + - host: {{ $node.host }} + port: {{ $node.port | default 26379 }} + {{- end -}} + {{- end }} + route_by_latency: {{ $redis.high_availability.route_by_latency }} + route_randomly: {{ $redis.high_availability.route_randomly }} + {{- end }} + {{- end }} + regulation: + max_retries: {{ .Values.regulation.max_retries | default 3 }} + find_time: {{ .Values.regulation.find_time | default "1m" }} + ban_time: {{ .Values.regulation.ban_time | default "5m" }} + storage: + postgres: + host: {{ $.Values.cnpg.main.creds.host }} + {{- with $storage := .Values.storage }} + port: {{ $storage.postgres.port | default 5432 }} + database: {{ $storage.postgres.database | default "authelia" }} + username: {{ $storage.postgres.username | default "authelia" }} + timeout: {{ $storage.postgres.timeout | default "5s" }} + ssl: + mode: {{ $storage.postgres.sslmode | default "disable" }} + {{- end }} + {{- with $notifier := .Values.notifier }} + notifier: + disable_startup_check: {{ $.Values.notifier.disable_startup_check }} + {{- if $notifier.filesystem.enabled }} + filesystem: + filename: {{ $notifier.filesystem.filename }} + {{- end }} + {{- if $notifier.smtp.enabled }} + smtp: + host: {{ $notifier.smtp.host }} + port: {{ $notifier.smtp.port | default 25 }} + timeout: {{ $notifier.smtp.timeout | default "5s" }} + {{- with $notifier.smtp.username }} + username: {{ . }} + {{- end }} + sender: {{ $notifier.smtp.sender }} + identifier: {{ $notifier.smtp.identifier }} + subject: {{ $notifier.smtp.subject | quote }} + startup_check_address: {{ $notifier.smtp.startup_check_address }} + disable_require_tls: {{ $notifier.smtp.disable_require_tls }} + disable_html_emails: {{ $notifier.smtp.disable_html_emails }} + tls: + server_name: {{ $notifier.smtp.tls.server_name | default $notifier.smtp.host }} + minimum_version: {{ $notifier.smtp.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $notifier.smtp.tls.skip_verify | default false }} + {{- end }} + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + identity_providers: + oidc: + access_token_lifespan: {{ .Values.identity_providers.oidc.access_token_lifespan | default "1h" }} + authorize_code_lifespan: {{ .Values.identity_providers.oidc.authorize_code_lifespan | default "1m" }} + id_token_lifespan: {{ .Values.identity_providers.oidc.id_token_lifespan | default "1h" }} + refresh_token_lifespan: {{ .Values.identity_providers.oidc.refresh_token_lifespan | default "90m" }} + enable_client_debug_messages: {{ .Values.identity_providers.oidc.enable_client_debug_messages | default false }} + minimum_parameter_entropy: {{ .Values.identity_providers.oidc.minimum_parameter_entropy | default 8 }} + {{- if .Values.identity_providers.oidc.clients }} + clients: + {{- range $client := .Values.identity_providers.oidc.clients }} + - id: {{ $client.id }} + description: {{ $client.description | default $client.id }} + secret: {{ $client.secret | default (randAlphaNum 128) }} + {{- if $client.public }} + public: {{ $client.public }} + {{- end }} + authorization_policy: {{ $client.authorization_policy | default "two_factor" }} + consent_mode: {{ $client.consent_mode | default "auto" }} + redirect_uris: + {{- range $client.redirect_uris }} + - {{ . }} + {{- end }} + {{- if $client.audience }} + audience: + {{- range $client.audience }} + - {{ . }} + {{- end }} + {{- end }} + scopes: + {{- range ($client.scopes | default (list "openid" "profile" "email" "groups")) }} + - {{ . }} + {{- end }} + grant_types: + {{- range ($client.grant_types | default (list "refresh_token" "authorization_code")) }} + - {{ . }} + {{- end }} + response_types: + {{- range ($client.response_types | default (list "code")) }} + - {{ . }} + {{- end }} + {{- if $client.response_modes }} + response_modes: + {{- range $client.response_modes }} + - {{ . }} + {{- end }} + {{- end }} + userinfo_signing_algorithm: {{ $client.userinfo_signing_algorithm | default "none" }} + {{- end }} + {{- end }} + {{- end }} + access_control: + {{- if not .Values.access_control.rules }} + {{- if (eq .Values.access_control.default_policy "bypass") }} + default_policy: one_factor + {{- else if (eq .Values.access_control.default_policy "deny") }} + default_policy: two_factor + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + + {{- if not .Values.access_control.networks }} + networks: [] + {{- else }} + networks: + {{- range $net := .Values.access_control.networks }} + - name: {{ $net.name }} + networks: + {{- range $net.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if not .Values.access_control.rules }} + rules: [] + {{- else }} + rules: + {{- range $rule := .Values.access_control.rules }} + {{- if $rule.domain }} + - domain: + {{- if kindIs "string" $rule.domain }} + - {{ $rule.domain | squote }} + {{- else -}} + {{- range $rule.domain }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end -}} + {{- with $rule.policy }} + policy: {{ . }} + {{- end -}} + {{- if $rule.networks }} + networks: + {{- if kindIs "string" $rule.networks }} + - {{ $rule.networks | squote }} + {{- else -}} + {{- range $rule.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.subject }} + subject: + {{- if kindIs "string" $rule.subject }} + - {{ $rule.subject | squote }} + {{- else -}} + {{- range $rule.subject }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.resources }} + resources: + {{- if kindIs "string" $rule.resources }} + - {{ $rule.resources | squote }} + {{- else -}} + {{- range $rule.resources }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + ... +{{- end -}} diff --git a/enterprise/authelia/16.0.0/templates/_secrets.tpl b/enterprise/authelia/16.0.0/templates/_secrets.tpl new file mode 100644 index 00000000000..14ed88d973d --- /dev/null +++ b/enterprise/authelia/16.0.0/templates/_secrets.tpl @@ -0,0 +1,53 @@ +{{/* Define the secrets */}} +{{- define "authelia.secrets" -}} +{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}} +{{- $fetchname := printf "%s-authelia-secrets" $basename -}} + +{{/* Initialize all keys */}} +{{- $oidckey := genPrivateKey "rsa" }} +{{- $oidcsecret := randAlphaNum 32 }} +{{- $jwtsecret := randAlphaNum 50 }} +{{- $sessionsecret := randAlphaNum 50 }} +{{- $encryptionkey := randAlphaNum 100 }} + +enabled: true +data: + {{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }} + {{/* Get previous values and decode */}} + {{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }} + {{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }} + {{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }} + + {{/* Check if those keys ever existed. as OIDC is optional */}} + {{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }} + {{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }} + {{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }} + {{ end }} + {{ end }} + SESSION_ENCRYPTION_KEY: {{ $sessionsecret }} + JWT_TOKEN: {{ $jwtsecret }} + ENCRYPTION_KEY: {{ $encryptionkey }} + + {{- if .Values.authentication_backend.ldap.enabled }} + LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} + {{- end }} + + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} + {{- end }} + + {{- if .Values.duo_api.enabled }} + DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} + {{- end }} + + STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} + + REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + {{- if .Values.redisProvider.high_availability.enabled }} + REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }} + {{- end }} + + OIDC_PRIVATE_KEY: | + {{- $oidckey | nindent 4 }} + OIDC_HMAC_SECRET: {{ $oidcsecret }} +{{- end -}} diff --git a/enterprise/authelia/16.0.0/templates/common.yaml b/enterprise/authelia/16.0.0/templates/common.yaml new file mode 100644 index 00000000000..54e288e852c --- /dev/null +++ b/enterprise/authelia/16.0.0/templates/common.yaml @@ -0,0 +1,77 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for authelia */}} +{{- $configmapPaths := include "authelia.configmap.paths" . | fromYaml -}} +{{- if $configmapPaths -}} + {{- $_ := set .Values.configmap "authelia-paths" $configmapPaths -}} +{{- end -}} + +{{- $configmapFile := include "authelia.configmap.configfile" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "authelia-configfile" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for authelia */}} +{{- $secret := include "authelia.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "authelia-secrets" $secret -}} +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "authelia.configmapVolume" -}} +enabled: true +mountPath: /configuration.yaml +subPath: configuration.yaml +readOnly: true +type: "configmap" +objectName: authelia-configfile +{{- end -}} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "authelia.secretVolumes" -}} +enabled: true +mountPath: "/secrets" +readOnly: true +type: "secret" +objectName: authelia-secrets +items: + - key: "JWT_TOKEN" + path: JWT_TOKEN + - key: "SESSION_ENCRYPTION_KEY" + path: SESSION_ENCRYPTION_KEY + - key: "ENCRYPTION_KEY" + path: ENCRYPTION_KEY + - key: "STORAGE_PASSWORD" + path: STORAGE_PASSWORD + {{- if .Values.authentication_backend.ldap.enabled }} + - key: "LDAP_PASSWORD" + path: LDAP_PASSWORD + {{- end }} + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + - key: "SMTP_PASSWORD" + path: SMTP_PASSWORD + {{- end }} + - key: "REDIS_PASSWORD" + path: REDIS_PASSWORD + {{- if .Values.redisProvider.high_availability.enabled}} + - key: "REDIS_SENTINEL_PASSWORD" + path: REDIS_SENTINEL_PASSWORD + {{- end }} + {{- if .Values.duo_api.enabled }} + - key: "DUO_API_KEY" + path: DUO_API_KEY + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + - key: "OIDC_PRIVATE_KEY" + path: OIDC_PRIVATE_KEY + - key: "OIDC_HMAC_SECRET" + path: OIDC_HMAC_SECRET + {{- end }} +{{- end -}} + +{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}} +{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/authelia/16.0.0/values.yaml b/enterprise/authelia/16.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/blocky/6.0.0/CHANGELOG.md b/enterprise/blocky/6.0.0/CHANGELOG.md new file mode 100644 index 00000000000..7d5e0dc6fff --- /dev/null +++ b/enterprise/blocky/6.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [blocky-6.0.0](https://github.com/truecharts/charts/compare/blocky-5.0.44...blocky-6.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [blocky-5.0.44](https://github.com/truecharts/charts/compare/blocky-5.0.43...blocky-5.0.44) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + ### Docs + +- fix lines breaks ([#9736](https://github.com/truecharts/charts/issues/9736)) + + + + +## [blocky-5.0.43](https://github.com/truecharts/charts/compare/blocky-5.0.42...blocky-5.0.43) (2023-06-16) + +### Docs + +- fix setup guide line breaks ([#9645](https://github.com/truecharts/charts/issues/9645)) + + ### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + + + + +## [blocky-5.0.43](https://github.com/truecharts/charts/compare/blocky-5.0.42...blocky-5.0.43) (2023-06-16) + +### Docs + +- fix setup guide line breaks ([#9645](https://github.com/truecharts/charts/issues/9645)) + + ### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + + + + +## [blocky-5.0.43](https://github.com/truecharts/charts/compare/blocky-5.0.42...blocky-5.0.43) (2023-06-16) + +### Docs + +- fix setup guide line breaks ([#9645](https://github.com/truecharts/charts/issues/9645)) + + ### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + + + + +## [blocky-5.0.43](https://github.com/truecharts/charts/compare/blocky-5.0.42...blocky-5.0.43) (2023-06-16) + +### Docs + +- fix setup guide line breaks ([#9645](https://github.com/truecharts/charts/issues/9645)) + + ### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + + + + +## [blocky-5.0.43](https://github.com/truecharts/charts/compare/blocky-5.0.42...blocky-5.0.43) (2023-06-16) + +### Docs + +- fix setup guide line breaks ([#9645](https://github.com/truecharts/charts/issues/9645)) + + ### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + + + + +## [blocky-5.0.42](https://github.com/truecharts/charts/compare/blocky-5.0.41...blocky-5.0.42) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + diff --git a/enterprise/blocky/6.0.0/Chart.yaml b/enterprise/blocky/6.0.0/Chart.yaml new file mode 100644 index 00000000000..d12f5eb07eb --- /dev/null +++ b/enterprise/blocky/6.0.0/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +appVersion: "0.21.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 6.0.62 +description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go +home: https://truecharts.org/charts/enterprise/blocky +icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +keywords: + - dns + - blocky +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: blocky +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/blocky + - https://0xerr0r.github.io/blocky/ + - https://github.com/0xERR0R/blocky + - https://github.com/Mozart409/blocky-frontend +version: 6.0.0 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/blocky/6.0.0/LICENSE b/enterprise/blocky/6.0.0/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/enterprise/blocky/6.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/blocky/6.0.0/README.md b/enterprise/blocky/6.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/blocky/6.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/blocky/6.0.0/app-changelog.md b/enterprise/blocky/6.0.0/app-changelog.md new file mode 100644 index 00000000000..8622f492873 --- /dev/null +++ b/enterprise/blocky/6.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [blocky-6.0.0](https://github.com/truecharts/charts/compare/blocky-5.0.44...blocky-6.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/blocky/6.0.0/app-readme.md b/enterprise/blocky/6.0.0/app-readme.md new file mode 100644 index 00000000000..8e6562892e4 --- /dev/null +++ b/enterprise/blocky/6.0.0/app-readme.md @@ -0,0 +1,8 @@ +Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/blocky](https://truecharts.org/charts/enterprise/blocky) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/blocky/6.0.0/charts/common-13.2.0.tgz b/enterprise/blocky/6.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/blocky/6.0.0/charts/redis-6.0.62.tgz b/enterprise/blocky/6.0.0/charts/redis-6.0.62.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7cf04c3e372563dd314b9097c47790f0ba02f611 GIT binary patch literal 136825 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5x5D7ruEufQi~&&E>`P3kRuC*NI)e(b^hYC+wE?r+iE+`Uu>t@a+-eu_H!VUeddJ1_%HU8+sbzC z5Awhu2q~mE49Kts0FCF!Wz0aVFrFOUoE*PBYmj*qg)tq1I{RGD7jq$nlQ71J48iX; z003wJ4^lXS1j(N+bf+j^a}q-j4Z-^wjPM5(6C4IZuxQp`6zQKm%eEY+=Aj4$9tvF6 zOsxR|I736=hO=21)BuQ46cS9s_;CoPltyHDbmZev4CBX!Y%tw+4SNaa%dvfmJG3CD>y7$k~#tQjwx7v1A{x^Gj`M;BACsGwp z5TQdrrm)%R4sCA)(YQZqxBIQZpx+&J$Gv9PbGn`Os5Q2s)3bYSx7lskUAHrG-R_`e zLuZWK)~M;V-Ck{i0u)1vydkJJ?PjZCcN@*#tbfyoB8|matfBx!bKk!Tee6CC z!TI~M-c5vD0S*8+OjIEtpQJhQpkQJC1mODY^!(=T z`t0iM`N{F^`Q^pkyUWwFArQ(-s_60Cx0fI9&fZ=aA7&3UQ@!{-n1qop~DERV)amwe<0Qm%gFJH#cC;VsN<ars5!{2g!xJQpeS-cTRtj(TAaX3OGOP=E-@5*!6^8!V$b4jE&@T@4Uw90D1@#vSzdHD@*PwoN zdGV$W{`KFC1x?mQ?lc7TF~mOd01erQ2FRsgPH->*N|p^lh77v*Ly$CNg8hW4T#nf@ z#^%W7M9Y5QRt_BNXa3{c%j47Yi#On!AqX%5Ogmx&#{>9hzP!nfUoyA~q08&ryNmblemuK=wmJHQdA1*- zEf3MRI~%z?x`TmNGU&pkedpo$b^XOl561!5bYIx@!=yFV)*Ydc&dF0L9Ds8t2 zTkK_tDfT;1dT>1m=@bW(IymGuQB5e+!psU|tvl2Xz-53yIA+XF5D58>3ZEY_`fZM5 z}*y8H8dIS9`v99HZ+9LGlGj!rZJiA4+$cI$ecnNLubf1OufL=j59fG>vq~Lw1 z*J=@p2__T;uJppNaapbw3#&lu(fnO#nChZ-zG?AZu(}-4ccI5@d%M@^i1(PHnWj%e z7`Y|$J|P^3zr2(QDmQhCAe9v=#z{}1b@41UosS{;V-XH zV~h`dHt1o5f(+LQJFYf^0Ujel-@yP*gzc9p^0ghA`)8v^`2VSrWk(m6w`VsN{Y1Ce z#;W~4yPNg@w{5$-_y6zW`TV&7aNzoL4}m&$t%YNW%|FY>BTFo}K}Zp)gBPIj<;#Aa ze_u~_{>#DN>Q3Ow`QK?}=YOZQ-~ZpqQ~Uh6Z2pJPL$L*YzYZ+0pZVYCBj&#~Mg9y= zf-pwU(8j9y-|gk%KReC#e*W*`IRICXQWOUS&=3d~01s0XfYBWLp4bs^@8JXyt9Afx zrr0x_4lUE={KBRboxCLUohk;i+00Elttv2v7iqRN*JLPx2*tq10kUe=>CN2@4P#V004H2Nfe$A)z{4@ASrbf;_u>D`YZB5~(Hup0(Ec$CM0Zejdo{NK;V z7jMqqUcRwr-WGsnp5^nu+io^{x%j`m{=b{&0Gv!=FhPDesnu$=g9GrZ@IkdL+p_=l zvQo&d8_psaBjMC)v@F|lnk~z+3`mFIWz%jp8;;X(>_gTNYnjc)S_2%)DfoA>AZy{swXeSwG$^g$2?jTx`;^4EiQ ztJ|&E8BE9=kt0^)@UWI9is)K;!Z21DnG7`6n5wEOFFNV{LcAx{tq&LGn} zQz+QI^?T=t-n9nn_O3N3?wwN=Qc>^v>E1bmC-%;kz3Z*ryIx7}s&YY5?|PZu^{e!5 zx!h`1oheDr9NDv6*Q$!ZqOP?wUF(`%>uk7Its39H8ehA!E*0#~;bEmVdX_VIQX@r_ ze!}ACWEMZiT>R|zGf}!{Ih|sr*=Q}n0l||gZP=D=wK|y&rB;;Ix^uo~IfYA#^MobE z$t)>OYDsaPkLF_OX?E9LdYavmrN?=~(qm_q9>?Ay6_!f5X16NZ2?6Y40@zPjo$So& zWGAbW-Dqv9kXK-XW?@gBuoBssmB{WJJ!$6j%~u>MW%~(Ao1IbGY{w)(^Vzt(CyB7`66bWwmblGzwn0W^vu%?G z&!@O{3;HqGT=N>F6|ccyH@#?!k!-K)JaF2*v~jt7x~%PbaY|e-gLO4RIv*hzyHmWt zgo+#w|0ZD|Bx8E|4EjrHzM7a#Nz8SHztb)j{)5dGzd>5>8<=XJ^Tg$E`A}E(jp^Py zB}2Wr);CBieFIbHbDqmn)3cnSUQ}Hu%GdAoDmUnuoyj>vs*I7{uc}$8F|zyZ;xXD> zMH{5ml7Xq9InQZn+r4!S6T4Szm<*n-n`I=BshXAU@+{#%;VZPe>q;QITOxrr*UknR zwl#ILyd!u!<6G2&jnpf1jGAc$W8f_9$f_~wDhGjGc>_ofQqw6Oq>YrPR2MVKhp9s4 zJ=-MmF$K``_)(1jkQwxS6eqz6tbeURZ_R~()mTHPuq*rdH2oaA8vFtpS2lR^6QQ3b zZr{}Gp3|k+8uZpQQdo^b4(o63hwG=^aQ*%kd%t9o^^1D3xjNNPt5bcgPT7O!^Cfnz zju^-Gnj815M)3w%|H;}&Gee1vNr^IN!jdkwMHee?7wIlK#TrRv)uv#O(;7*?ZFcRs zw8pO3oo@9jD-((W{Xy}X-QPSoqo0n==(n~=fu*9V-(PbvWHpL=zq!WJPirjwrrG=F z+I8$&c2O_Z)moOBxy|&(b>A`jwW*hEn}gq3b0udrDsF9eig%X!oBNx3X?3t~o78+R zms?3UDyvup-AJ3ry}>rRu`l)qDi)(LbZHoa8*u=d0G`EnooLBcud?l-rfzRgQ3)5K zp}D4GlGUg#8syTu?p7_Uu|_9)y>;RDdc}V7=bG=E>f!rh-$Jp96ZspM2;aW6*wsYd z+!W1D<&4b(xU!tlH96y%Bi+BjA^+xwWYcpLyWed3_Gy{hMBfu>dqny^dY{{h-*LCr zjUrjPJDrZY=yjHMG)A*eLJeJ=Wk-pR3@3>o= zNBi{B(LOyh+9w}>zItX3iqPBqY*#NG8QwF4cGiy!?}&qmtzL6&(b!xgD7V#Hdk3!9 zEY3nwIY>WGx^6l`r)Ng!e6>nc2E-BzY&iGtIA zzKjYTt1F1mS~mu~+p3y2rembuGCR1g(zJ|N?WM$83qv&HcZ+*s_N>jT>FS(aGZ3qw zx}0Mx=T*~#)il?|ERIj>VmseOlXdf9@2f{c1bcU#wY%vo>E_z(mag8)ceDM(Znk7M z*OotyZHDb~RwkJZ&d`3}_sRbDE)gD+s)9 z@&{IfvVFsJN{e;7TeO5)LfmPBSW$78jhsq z>bw~l=u2e&O09BDI=7b6dFS0*IT@FAuRxD%n%!GljciNDQgd}+NVK=Fi124JZ9K>jhVidTD0B_Dy&QIqP1aRQS2oiq5 zWsIVbU>e4c)#t!!CqB_L(n5XRmtH@4UMZHAvmbzh#5*CIO`k~-q$%krvFT?do?9(qm z)n0oV^ z1a>;>O<BozXq{E@C-a z?Imb!tQp$Uhn|I(MeD#AxgUhM7JQ2X8uClYxhxj93W;G^ox?9ZEGmOvS^ry0`oFQp zX6H3FJEO6!7?$P|w4S!WEYh|n0p8P`4J7*=Df zWDMKO$Ivl|mHlLN%~oCe2|>zx=6NQj3^#lAc3lcLn{U>A?Q4<#G!Nf+J`()*ESG<+ zzW=Xjx9!aRUrx8x+28-Qi|0Vf96lt~ zWfCQv$KcoB=GeV&u=zm2WR5*V_|=7}!6+ro3PGbKQ5;;QyiPH3!`Mqod*X#PnH-U_In60uPUT1kiXK#uS8O-WfvScx=@a@xy>%rism@ zp$vZY!hkbzDWQqL>5xq`?)}H3Ic1ecka4$YKVh;*@BkmdV>oBn{#UK`!?Ev!Ydo1! z03D&=}5rIt2B)d=sPJ<~T;)5HMB8K$(aW z=htCKzsRy_%x4e>`a^;jqoz8pUN^pb$>!z|)R`f872_F-S=-)v~V6>!WzG%!LVu4$!A4B!~!)mkzk#pQK-o*`?6!J? z6=hdV&$CYvim8~SB_9huyu~E-df`%Yo-gH#92aE9+#F#KQdl4&m}EPJ6oMNX#&EJk zOt1oS_>Lnk*16}ERkn6003s9U>E|KTgynJQl&QC!&7M@{(V%9>Syx%Y(XdYTQ$1me@&Dou9e^o!^U0`Kk8Bf0aJl8V_Gan! z9_jzlKD}8O9PvGXEn0%B{6F1RGh_dC>~4E+|Lx*|5&po|NhV+x%^Hj%{gWRIptY0? z`e`1B!!14@#mqz)r+3Gu;S3Eyg>VlVBXl%_grYdjeKqW|h7<_6fE32W5}??!!L&sb zP!4r|)a$lwyVvQ|?$IMNx5%*807+xDhQhSLU(_1X&0M>mkC5)_-~Q*dV>w;RZrFdT z>Al;S14A>2{UP69{(E{Wt_FDY%+MqN0Q1;S(9cv5#U%zp_)7F@3x$hxe(y-g70v%` zJAs$ae>UlJ^S{;F@Bi%NIRK3Yc*DIrK#Y4$_WeSZkX&?l%?8$;h8LHGVtC~QQJ+$kF4 z00F2}!xJA8asg*Z=#LNB_rZwk;vSdd(D%XBhZDlQ8`+;*=pB_jh5_qv~b05Mf*(Qs}CpO2LA_%qU^6BaBTYx&KCS|a;pk1 zT)L#-)rXTKR`}R;5h36mQ=l2!@}K;dQ0p7~w8F<2Q*;@)ImG0k;28?%e323ZBYz7J zK3<>z5$!O*0j3!Gr^ttoH^>bGk1!z8^#E&tr5ujS-oKzL$I< zbKV)_i^IRf2zvP2K&UBvxD>{89&Ln9rv#g3DK=eu34NG7)@Xq98Jr*`wlVvmr=$3k zI-QjKV6)1NEgYI^*~2u1Gn}qZArng!PKLm-2A2JIGKI}fcQ_vRz43V5a+}>Q9CzCg z_F%W$X}R{OH*UHeXY6%dyKDDbtLe zl+!K&ph|F=jXqH=Boi54E-H1I8c6;YyrX?Zi906osu=GO^ezMc@j49YPuNEy0@84n zLEjG_u425vKANC2;zAKgnMfx#(dB2)d`pn)hO_7@4#(I>>1~PYdBC_-iVptCg%KQK zA5)CFV3!Cfz#uYyUPz}*VpH#XS$w=Cb+zK`%mz| znl{e!%>x1;0oRw8w+eAg*kXOtJ%JH1NyK^K>izj?@u*iCcfbK8Bg$dEe|LQI%aed| z2t!b}?PjyC*!C*)${AK_4kgf|&=V6#jNmxSi1Nh=4-ivR^D62)U5LxR+hGi_Pzw@D43hCYgw zhRq8RcZ$5ZkKzm7fRN)c4!KxX%Bp-H3$c`a%_T@U52z&QvFoy5x8Xf9)HZfXAc1DlBZVO~!=(OjQdVF)d^QMo%FZ<`LoVZ zA{BItb-;?km=gJ?RPw=>FIlH`#EmKjrE}Q`7JofLj|059{d}*6nP@AlsIuU!=C4( z2Np>?0mrIK!6qQ(N|=h0 zDFWrIT#a}HU0#m;k^8#f-8}Ijp53Z+QitH>4TThq=l%_%{EXCLt*BrgI~V#WH|7G% z!cRF$@nXhcCUuRM#qGYidY_bjbM;=qzPP+SyRqmeS_?udbfhVQ9y8#7muA~XZ8qUO0 zOT&M{nXgw|xx%Xw614;Hz6>E=;PdAOz+=4t$1PElARQu;K&GR;`uk^w6SW2-%>z(&+5?-V7}P!bE4rx zz^D;J8pdD-13X5A$}}D#{g8V34hC={CQnwkAQVn;FiD6grHwAYIo?oHd_=V)p*Hd7 zh|Ys^7EJ=(k%=*G7)pMNPLq>UEIU?{@l4 zchDM)x(@8Sw$mJYE#!9GeshE%8jO}YhE)VnRa8}ZjVn(RrM=sz3!B|$zujp$qh{Og zcRSD?wH(iJ`~6l2^$~LV-DYnvaQjZzcG{@zb_TA~wjDS^j@wy^D}~tS>q}K+bp?&B zW3}4}wobD>Zn>V*bw(|_)pbX`p3`l*y|LZ*+RcH}ZZ(nDL_NFRMP9E1TW;GPdtR^O zIV0EcTFYJTI%2CTx~xV+RM7~xEyqB(+w0iEV9zmII&?ZFo6jRq~`GetwxYz1;M{c(_9=kmk+KdgluswD=O{duz zIOFE1)kDiU;C?M-DvKMu+UzDn-)gqts0SI5T-0y7cC+n`djroNx4P|Szv((o ztJ59~nuGqh(;lHF^iaFovHQ?*x^8>96nL1R$`XK;O?I|yV>b1=?U6GY^#-Gk*J>dT zjk=wYJ@Pv3PIF|#LATi)_q%p;+-bpH4|QS3={CELJ4UQu-ck&skWjYNocI_8m2ve( zjR%NnL)A|3He?obx-GZYZ*{%iXw+_XVY}HMcf3w#G#Wu0je4z->x~8@w`n)+b`Lc> z&DLl%>a+%o=BT?A?-`6S^hTSZEh`sd-5xaIpxYUA9LH-l`~49djJlmxcRX@>p5u<} zR&P9N^?TiM+irT}G3g4{h2EXI`}s<31dZq22F#_MkT!wEN?3 zb7Z$$Ew5*f+f8Qxn@!|4*%F5s&-4bZfz$5}T5V_Kjk>M=ayp9}GB%{Ms9cD3$7TW+ zb~`ONushIewmQ8oYTA9zMxAEcK?B$ALxj9;Ycv`(Td3>7ey7_Sd2Y*f&~i~G_e41&8QAS2|54>hJgEuuun5Xu#YA=0ME0>I@o(N60XG?BF$ zqE=P7=5}{l!aC!A%R{a=?mBIEG;a4%v)vpFn$D;@w$T{csNd|2+wI=C<8~aIi41pO zkGoyF+3a=u{mK|r-3sT>KH?a?nZwvym+B8VMiW-CobCziiX_)CD?l>|z2K>7?WSW7 zoVKF(VBG1VPPc2LzBlfBZLihuG#%viTCnZ9&A}Kp+oN%(*SGE7XgosQRtwp-({H0D z8jVM86&$LPx~8H6IAM`Y@4_txnII?0+A~ElvT6t5I0=7CipnHP(DOuAAn17_=ZlAV zOf8Hb!998e1kbP!W0lI~Z!?I4zbQCY>7XhrCgsOA;?a0sCb`{B%w81PTS?`2@LpQ> zBCm`%87QlQm)zvRf!sZM1-OIc6+qOrEbGvcaL&2?FA{z7Y)y0u1K=nyufUA8LIioC za2O?@c`X>Lx5ueQ^P0PgL4|b z#ld~P7jnqCeJQf7!r)QwyKrCT0~Bh7VuPRXC*-};UQUuDFOTM!B5;CY+K>h)aK)xF zPs0)C$Rc*(Wpo}dA`D;+^DQPkOH$%p7-&LO6DH5d6-6lU1bp^eg^=pDh?4QAv4DYNlF8f!CO;18L*zc7wGL@u?^TSi3a*L61rr3upqVkn!pAj(k33(SlqXge4H*U@fHFHN z4iH6zt)prxyF8>81QQ&5Dk(~R(ts|He_)eR&L9zm{q&CBASz+0W4N9UTsR`qrB4t& z@*tXp0YP*rktC=k^x3?o5qO@)-;j+wTBM4&J^vS*0gCVwZ~*Fj zpp+0h$S4WZkkCXyFvTGMl1x&8`p+TZaq}E0kxx;j?^dcq1PM{y*B(!ydNj}{IE#E_ z`JoGaT_T561nD$EiUCMAqS+@i8bD!o1?kiR)lf=Yu1BeNVl$1eKOVqi9^-Bt!2$pC znprIEhMj{XLbI=8G{&FO@e9eueXb?7^b+$ZxmZ1ueLBqwteFfHK69!==HUs|APd)Y z!m`Qu+`hfZvWo?NWJ-Y8%H!KMOgswCVj~cVC@=uiqobJm4WdM@`koAiG*@6YDaP3M z)qcNE4Cw(HMza|%YfztPX(GZ3*?^7^aKqV%r@iE|UT?c4h4U&v1vsfnNd*l)4ab;X z2a1!6CW+AOe>}TA9%g3A1XA<>A3+?>X%!`3mV26p&w((&ayyDa;tL&@UqWW_6&1nQ zX9AHzv9ZQR5kWeS(W~^Xl{`zr%rY2IB=uqF(m7kI!9y6|bA#eX#L#4f5G7m~9P#*E zkrPlU1mihtL+d3$NU@9b4we`4#(0M6z-LVP7|y{140zx#6=npaAjagrb^w0;HAdrq z8L8a_$r~`j7Qqu@-S_!=m)yZ|#H`$-16j}tM4TiJCbH;Xo8yH8{b&lChox2$C-NFL z5-(r2Bb8cmcu8=N15bYY0DbJKU`n32_RaOx$u%qX3jBO~dnNz8J<)%?y^(*tKNasd zCP0lh|JeWry;Fn-=$?jK8Dpcej|YCs$BY(RjuV$4N*gA$`z`KAl|~()P-_v;wjynZ)D~$ zmnAPW8ad4ZB^pSeLuU#GEuQ;Q@UhWilvIa_NRneVl_f}8)2v=rwMoE^pnK0XeG#q4 zW5=27QNh|q-eZCSn&=g>V!|B)zDmhth9ipMlkvc{@+Cb-b&%RP7S991lPOhal0a6a za>GE(6GOYyox*_|&dlCfNwkoj%}GQxuZJ=k7}upT8iWWKV_I2(R;0E2qgri-XpCJ_ z655zLB$5eCJkUYlYItX1fN2=N0#WG6ziSCH^>it<7<&fG5S64!og4-Fm6jYR@S+e0 zS~+gWeRnex6W>W+Kz|52ns&sEVWiHpnIAH$=rjxz0_pyTGeoCoPOj(4ahL)^Nl9ax za;%%okP@6|yk!6PrFG3`Me3WFC&>YtR1HQg5eA}E2r(TO81k7X90_mUpX;?aT%hzQ!L4*f;dP`{WVOTQHDSV^C`iq<37ZtJD91yQZeHSDCAn8D#cy% zqEO~o>IW3#F=je6WA0cl+6hjHp&}v2C{YiMZ2$b~F3|?J6&4KgV_86}_8Sv^1<*L0 z2WFd77<-K|#JX4WQ#0p&oXK@_HIkgLF_Te|98t`c-Be}*>L?vT; zsR~KnI^dwVmdn=VxuHi~IuCY{A)kc~1%jOH!R635d+%j*$@03d*% z1;4TadR`+8h{cK$?VV8DVaNmXz*Dp69zB+Cqlm0UdXAR2tc|-5R~NE*3!KvmO*7Eh z#*GL)Hoqd%HZgaxSYvF-wF=A&X}EZ=fQ-d@r8XH~0lhuPB$F9Z#M)4sw``t&)CFOj zge4*mcqodI%LDd+k)cgAY4|g474WiMNl~(x`r;e=tuOURtnUISMVV$)`^H}*KO7w~ zCE|z&``-7-Q9KVUB78HtT%vx9oti1P)|osJ@vlliGg_tfOE{;~d-P~%q6grZ%>qU} z7smX^t4i3#bie?KkiU2yF!Op&P|S5vSzG^39Ts7&+=W5*t?QzQ-gyB@t17}NVW8w8 zLhrDtE|bu`@7#%KE#ozpsCO`)q-t}I?_J@ya85^T65p}$xQpWO)8n1bj~}Ec!l-K4 zr(=^96{S?CG6rhGUn?RFR&ke{5vid*iIIl_ilI-IkG9Oab^ zJsRQ&jIl3Id;oE7bBrg+c#70nB*kq@q0S>wB>@RQ%ECR6x2N(_waRe4@FB=UW^b3n zPCJF<*#i6@u6t9LR}gTfX_gOW;!kHpr3H`FC9GR+ibZ(_uTgsDvuyd(tgP8lfz zad3di7U7TQoSzUyrQ;E-FN>;EL@AKM+!m>b7}hut#N{dvprI^z?0KM`1pe0fKCe&2 zX0PCU^^L(|pFdn($d$AxzP=&scctrVABdr91fG)X(&Op-HxHP)Q)8t=pLj|nPacpb zcjs4&ww~lgU%SGLE70Xs`ntR}XT&c{t&aC!nC3MU=qIGW6G(t%#3+V?G zsT-Dr@9<|0y!wV3UnRy;1*pC4P!nMyrfh7-#xC zi&i}0DC!O46MbSwxC20g2V^vu-P7=JETVe!IZT=oSNyi)c!5&XSAfK>i|83wwDde` zG?)sge+FTIjQ(a2Fuv5~`N1P=L0F5XR4}az=`{x&eKSWG)0*@aqKPt<2h(Jf7vFBe z3lzLkS$zcvH4ju22a~oDoa%#NI40C!Dsfcs9V^9QOT11olafbjZB6h0nzJW~rb>*5 z?6kJBZoXV9Z8Mjc*nP*uLH1Patz|Z^vp2c5nO1auS z8qQE7ijmT=!WfMC#z#O^Fr2E` z3q4Uqy+k=jVlbbLP|PF|cX$S_Bm=pXzV(?PR z%tPI@*>J2Pu*6lO`kPuZQOsm)VY7UflvB^a5d6#Y!2~u58=#F#(PnX9r zN*A*pe|g>?dfb&GbVIRPb63puWsb?Djt&U^PqHS_hY&;y_iuz}icQTW>=f$L-U zei|~MYf~YqTa6G&`EQdJB=qC;slaL#_Md$?33&v(BYz6D@pw+BY=*irCr>>H>qYcp zHNH(sy-jcQiu4m)58|=u$+3bM@leDXFL)dITtENX8P>n;rzrowiXtXQVl&h{(|>fA zSh5z4DqRq;;{K0zv)M}L|8KTf@qPaP9Xy{uAN^2M>6k>o3HM`WJOW`*JD1)dm6`rX zr7ICLPllFg-jR7`LNc-5#ZNrLNPNAW%4QI>q{A@n?L#i9P{%}Iaf@| zi=g~-eh57RI0+^4NwMK;Jv_^4YUw(4V1eIxb~Bz!DxnD@WdhmEt@J{n!P=W3nh;BW z$PzSF{f^aRMui4s$@Hg|aXUh43nGV!NpVGoDJ1gdO0``(d@U9dqmoE1^@1$i3phis z_+K)8*6?*U4P^>%Mi5;%Gm6D!l*ycwDaG_PH;yvU%9C2Bg+?Q=1e!R-UumI zY}FA`KGnhzk{_##kZQMNgwl}e=5gkFy7#h!vWurki^p=f2PWssrmV!?O#QXPT|Ttuo)N@quG%!jsbD?iF}3 z4G9OECY2@5W|i^cOB{IUlc;Qovv~HQj-IZAmmYShAa^~XN}b_R*PS`6$h0p&UF2#L zsA=dD;d%!3G}vNtb5FjN04QjA9u&5npA}_)e{GfMPxWk~|I3xQs`|f5|8KTi-K_rK z?m2t?e;1F?|Fc>{cDr5%x!{1Hm?Cdo4c^o?*$hu_dnSqJ)9L05a&YrqP9xR&x}sbP zE147Wh~F!aPWrx^MpLQRchO`f_kTT;*RP)BA67|ljMg)Stt3|tYpCEJ9pi!epJu)_G?S$=YJ}#|0*J2lf{4a`tNjmx%J;^?(hHH$@7fszv7zZtG^7gW6MSZ z9F1^r#7|{3K*Qz#5Feok;9!gcOdnS(3+8fCw65#@lENiee9f+wsr15=8v)8lt@_!f4H@p9%IBm_{pYn)^&&E8)A@8Z$=zdSHE#uKjf$%Bhp@fU}ys)_DJ z6j+*DigbPtQaCL2Td?Y~d21dCrE4BpWI6=DH?&A&A~e8($MnB;Rxhdq+Y2880iFG| z7X0r==vANpGN-`F`W}E4^S@>1?f>@P{@=}`=f51@E!qBTo=J$y&Hs$4ZQePgZT*tK z9@d6(0$j18Vltb40ajC9l4j25rk>B*0$u7&Fs!eqITk8<4%YS*Ku2`RC2uyUWw}Z_jGNy8yuH#m(I>XJ=P;7sv0;ZqBYhoLvt=Jq+sX+vP3$dpxc$ z8@%L{uNsdR>J+cc;KySaUK$|*ul~BIC$PBKlC)&{?8*7*b;(zT%Wf79OLYC3EVaui|)pl0PxfK_1VYcw{P_zsuy>c?{9y+e1CCzck}+o zi?iDs>D4f<@vjViQ=-<)WEvuKcUrUK09O@pv`Xba^q& zY!h$Sa@s0ilR98rjl|!T?z4Z^(f?%PoM+JgdYxSScYAOD?dEw#{ZBH?TKb=PAJm^$ z|1)-uo?DOG=K7mkM+-nIrcl|imKM^vv^eAsR~L83?{9zREA7if$@%Y;PWaTe4ng6f zT3v<3(W31yQ#%T^OSN8`?G&oFxn^F=+f$5Jl^__)d1<3cYu>!k3 zs-fCPtgmV-_^$Hv{*B6OXlwUD_`pU|WlH237w3fEJcWsxhaL~Rsxcf?T3nTm`q*{D zc_7l#^4KgNL7u8(4E=eG+Csg9mhFHeT9(a}39Ki}S7-CbQ@{^Or_Z_jUT&o0El zo4gOAa_jOcI@J=l+iso=Ri=*DU{B9(Ztu>oo($JaK(B!_j=bsIsXfIfHjyN(*A1Ng zLqy9R zW{d!U1Cf(cWVd!vb*n%!k_2qTcaI=JSCCG5(8scnY6FU@!!tkREDMpxS;r#QMD8$g zq3t4)nfXZ#eTrb(y(RqFG{#tPEXj0DdhDk6)~*6S?A7 z!4^Y>XhjK7hAe83>bD_j^2zu=mz~uVYf377TnRWP>V$r6+?vAkcVF>_ndH+0w@Toy z;59K&+h;Wacgvi{0ck?;Rn(+Ih7;ughw&00SD{DV%+kk4m9w<4GL|tYvwb+Hs0NG^ z;rdlM+vOWJ=T81`ZE>BliDep%nK>zFQBYHpF~wUFNMjqhSh`LAVf<-MSck~#|bE&%m2N_Sa30b0fUq#IKPtRDdf> z8ki)Xxny{UIbxd!Wve?Q!KvykF%<^mv9h`Y+pSw=f~L+47;iE`^vPMLp8 z36}s~mu?Dt0f-e;JNf~f1!NxUytmp2k=_C#u2H}Nzc&-Hr4f&1!c;T2L_X04k9{?= zU6e)vtjcy?+`_u~&Wk&r7fb0x8b+oGqqlNzWqHbH^qXN(6z+&AEx;J+$|*WZPOH8s zVz6bII@ZY6VdX1T%+bLWq{7BO7o`kOOtrdUbXOwb(GTFK^MAZM8&gDs_b8|rrAA+Ga0>&GzRlq^2WgW*mggCsX_ge6 z>G?LvxcMwGd?L?6LJj}BBjO5uVqFoGT~mrZkE?ZzB#H^Iqh=VWF4Z(r;MY<%bWI*K zRWAXxgtTRj$u;c%>i!?ix7&{YZME~~KYOix{Qpj#XFUH|DCky3|LR(Q&NHB5D=44O zV^xqW^!@PRD#i=!qX{}=QbgYOCU=@v1kN76KRv&_`*?kRd$uH)_U7#N{rRc+^Ue7# z50~DYT^(N^-(Fr1LH)n$H2}`9ZjXO_dvU_zF=vwxhteSdm(dU1C9@$&kY zo4fO?5AEV4Ad7Z34aiz&Esd?6Kipx<6$I;+1|AoaVntfn{rSmnr56s^q=h3dF$pyKXcNEuvX5_G6<S(ik6+==NITNAVt5RN2xvflQ70~Ivawslhd1H{!&~>-|TexuQ(JJ zs;etyj>WMj0JxtpzD8pKO81RnQZOV1r~x3!<j|Fn~5mGBLsiRFr+PsOf@kPh?uB~~=!@tZ>O3wi`r@m+w% z87Is9odB_)i3rEN&W?^5vDK35-1X9eU>OkYQ zQE`e#C=U30Zq9_`ab`m=j5Q2Z*syUXemH`@MQ9iu`)OZf3ifNB#4&HCY`BOSTu{1j ziO(gAR(2>7iujt`FK2T?-=TPdz{`RGNn)-&?9#)sKwlq^EQNyweP7g0d)NH1O5d}|maP-|iM3t#6&m7?LuP%%cym!W6E?uMG&T6e}DM3Ii7rBgGN1 z^jm|hO&JI@3PVb045i}_2bg*z^6dp3iFpy^k@b=rVATd>iK9;pMGEkr-7KtZ|6PTlznS^B z(*M`%*;)Iq+1lrS+R0PJ{)_m~fA8jBwv2w4DJLdEwse%d{R(DfqLk)PDp6RsWOF9K zUjuuq=BC8H#M%^tP;6`_TX+q=g_q@n41IXak)ifWJ2&H+EVf`XCPG3D{#Be~G?nOd zivUEEQ8*7=)f)RQ&TEJYK^1Ss<_%j&kquw%)<0#KD(#vAZo)hF5C)rtD z*+Hw~x~lrHl~vWSv`VF@K7}Eh{s4XKaS^Bqxr}((ReJ=fJ3UI)ZqfVw%DrE?zpa(q zu)5cqA2$(lmmyp_S$+rU1)4oHvk?M-IZ=|Q;+#+isfy=D3S#-Qg&DNPmZH$xQA2-QJ73cb2|CHAAt5h2qs=C2Qn=1O{icP4ApW6B&85p&u&O;CWUdH&9P zUsWI}MqMJ9DvoUR@vS1nw%#cEL{S_-|2&{59zz#hgQ z)}33dS!*>rsrw*Sgr-z$-Rj9*w(Yy`>#^U`9hXb2{qGSvKMIcK4Ug6xg6y>a&K z8E5kmK~&x@3q3DJgrJIckzPb}y)7=3fS;a>>AJY^I)A7Id&|#S>;H|9-3>B;u2}zD zO* zrBEfcQb+gA53fb)P4m@@d>2&um8|mOVd91h6hB(`ePZG8D5uSEYW-m~8soYY*`%zY4wMISu(GMccanr`^o?f7-UaKmWUvXRZA22_Nta zETQIv^5pMxf`iG%x!l%@8Pd=EK5W6bFpA7(R3BED>d9?K(?Foc$+HK?lsU1|2;!i z&M1S1`pkfy)jz%z*XvSdmK8OZGLIP`rKi`{Dr z=>4{Y&r{&dRH=se=9OkRxJHqWU6{_XY`izBJF*h|R9q=}Z&Yf@N{GhTHR#K%_ z>4jZ+hh|~?xXs?oIK)jlQ~{UIf2RAEzO|>4{*MEmH28V)|2VCdllA}FonB|J|L@{i z`~IhM!3)oJ-IL_C`m^Zj68M_>x~#Pwo!tcXM7>>ts-nBgqU-7JDRLDg&s7P|-XO|{ z+f2VG?+Z{a`B%aicr-8me<90AKfD^0C0f^o9+o}MEyqQ%{s6q<`ESm;& z6~qW6Z7@-)_Ft%t6(HP(7RJO8$M$*EJjL4wzdMy~`(xjGCBjvo;H!)}+g&mOjq4B2^ z-HY2WO z_$gZ>DJ$>YW7gcKS2@_GAkHb22IutHjYLweAwf zqN%5?bS|c~#=V0vN13m1b(*G_zI>wS23pqB%)O>Z^0tD8xKcH_xJX@jWARIGN-E1c zT^sl4v7s(&ZA97IS~EfMb){n{mQBY(#NnKx*g^q~ALXub$}N<9FoReg(1;*+9;5nt z%^0&)He=4;Kg?BgtMo5kFZ(ugEnQKS`~)ysDd90{PO8k3$gd9mpbcbwX-IOTFaQm} ze<~NEzGB#{%xk3Y#S*16mlVX>DqCH$3h(kH8XOMRoS`KoG9 z(%1fkms!K97`+UIQf=!t(?m^C(kh}{-Zz{KcmlLkuH;CcH33bk>pthT4m<{8u{Rp! zn-nJ~X7Y2n)sR0r#IJ*9wB-{q`!Na3;>GINtAnD3S5{1!&jtM}BMxa$pKt;#yDF{F zG4}l+q~S@d(l>$)NKk~=L1}uyy^7Hof2xbhxB5b&v zDw^boAVT!>RRIX*vyr;xl+z(qcZpTE-!OXOQ)&O_33osIr9%FfW-pWf#p(6zeg2o7 zJlqw&rMn-#y?Y<3-}&&B?t9q!T@U+v9`@1k-(qz9nrU6OdB?*(AId%-%03^;Q&@7J z4`rVZ1^hYkq5RpNO7>rXC>zjYN})TQp@5z;MH(|ss$v(e%Ky@Cb+hMxy6wIFx08q4 zdKY4RK{CJ~8R2bMhD#Xe>)sN)wCBrj4qjQc%5B0cfrvYPMSbzNs*2U}Sk1s)Is{uW zd<%@z`#!PU09$V0j#CH2FUqlbiuw9<4LhSs{c)|+EopW;p~nvFPBo7*tR$z@?|^9E z`JYS2SZDpe;*kN{&i~@HI(F{<|6XsO|7|A^kN^KM73FWNOJc;OueDP6zGM{Lv{6`piiA~y`%@LZ(h=SKpyZ>-^JS_Z+fAtr0>TDSb}35b zW9^DHk38BdUFStZxR10eq0jzMZ(3D}Lhr^%L7s`)GQK7dc*viO_$w%Q$Z1m4ayBfA zpV>^qFVy=5VbaCxRlo?RF!HWKkHJynRC?@~jms4I5sHbWVe;xqJg;Fs9+sh^R}te~ z;%Zj4o-q~tY9Dw8TVtD}pBc}cW1B&>UN1o|8x)>!DiZ@q5Q_Yaek&?b*9Qc7+2jiu zf?w-0PP+cD41<@zLQ6oMDM-~oNwgZvKq~BBfdqPmLks3v6LENumlS^&2W*+;8i0n` z7)OhSnf04+DLsbf(E5DaG(>VpOH0Z_@DcCN%-$#oRTr z8S9r6?2Qy{;*e!KIC+J1zfd&2@2#Uf%i_VK4;1O49l28-^WnE73(Ud)%3qO zoFO_zb8wmj=R_T9w4GWr zD(Qo%8edB%%nwO{UYIZRth!;Uxl;WwC92AF#60G!^~9o)-0O-Z^x5l+X?<}Lhw~_( zX^64pEAWDUO;Qb6qIBA6y@YccJW4H~YpI6wbbOwCWfJLoACd3IBl_ohs_Fj= z_ZjoQw0hl6F8@n&AOF9Tho9)X`f#$1Q-0B+C}G16PxD=UI9YyXPZp?hGLILnbh3_j zduypmW;uMvef;CjCVqpY4W^!*WZ?@xtd#c`0Ojr22P@RBLT=LFP8Vd$q5Da5>Z zCf#lV=5;~g^0*FG@dp0~RmGK;%_woHEDy=|Oare~2E@|qX-luxzhZ9)MFIT~`tun& z@gbh=ljZ!WlI1Y9E<0Bw#z{&@6RG=Z$TOwDsIozp2T*sR@3Vf_uRfgA3z9xaWEJHlUNQP@j*JAVgoZJk zD2-kUigMwy;Ilum`jg*7Bg3jfe#4=aIH`YiUf%7INe+0nfuRxXRUu-blKvNu;8PU9 zRr&wgcGmxE+pWF+x08qKde=W5Z$$xQeDZZQK+dU4RX|muiVmpC$|UO_v4@7>;}p@U z%rD3a08CT?@PIu8!WaZ0wRA>Z(JyXqXW){#xI{}7QNPlqDyg7?@XwXSfg=LvlwbeL zDU`eDpUF)W2QYpF^%Fsi>(EDaP#6EC&fF)|EI)Kvs(|6K2n#F+2$CRA0ZS>Q*T_eZ zAS=1xqQuX+*YWq=$YE=QKnJzjQ;m+x*|W>rFD;LB1k56KX%=49?&hyqH3*6WVhJve!qf0 z)$G4;PS+3n(a#F|uiIAZD41;b7Eq=j)XA*%eb>?MY zKi}S7T_=oC+w79z&tLJ1;ip_MT!8nw*9(8He7SHDpFI6);j;F(bFpyNtNBN}R5)vW zO&~=N@KGhF!oei5zMvmXVKX&M0Wzmi{mu2&iI^;hxo^ot%742(DgX5LrtH)EQ(a4s z^cZ44xz6_@qyRF0#~u(;mQU}OeO07lB!z*n#Q%L_Qg7qre zYq>RP*B4!WgO@NyFh&8rM&pt^1j+X#l58RjIrC<%(&=26fqh9lm1cTf`HiSt2Vzmw zB{lEI=(jnJk(W$3jh0v%F-giWo$ap+aZzqEt@QLc1Xem~FzrZL)s*n5tlysDivh+t zWP)5ag1HOt)Jw6kWtJ+v?5^0)QzAf@2tq^JnK$9_P6)XAXW=cbnZl(Zc4Yy#Rj%eU z0{I&1(l*7zW_io_wv>N0n@aL7;a0i2m2<1U>aJj&U&?#BVu2U0h>7^ca!XoF?*6mV z_scyXJej7eI=~Wdm&BdoF?fl7D_v|;94X8Xek3X31o<-^5L&<*-4gCD=N9A73ie+m z`(Io!xv>La)%l-hx0$v7+s@wp-^s%*l^Z_3+t>jXobq+|fF-vs-33m{RM`hkN>hH3 zCM(AN%76Ft{dD|dy4-g|$|Jd*G@L$gWx{+7>glty{Jvzv{bJ-?%(Z}LaDuMpzJFtMzEUe* z=-#7Pmv1_-k=x!qR_*L!17IZfa18EHl7l?Ery2dDBxJ))W*^%NI3Uu5*=-&YmM%ZT>rug|XZ)p? zXFRW2gDQH}UU_6)dXBula%Ml5)_P|bUc(jq%qAn<1|rPQCYyM`$9FJ}^$AaAle&!< zQEaMFEZ3VdiU3KT9?;scpzew4yt*tjZH;%!X!sLPTTW zP~qxToXXtFsIw2p0y!eAN(n^geyrdDCRbZN2(2di+7!d9nA_!QGCGG=9(6_5G`Mp4 z{&{tAhrqx_zXWiVs!oKFrS-a5ivw$lv`6P5FnQWJ92R-n=>NI%SJ&}>clHj={0}?Z zgO&b&DUYWA=L6i~JwUm?;8G2OwCP)87-W`hW*}tMn&#*Y`QsYh!bFK0fxv{)ShN2SAA=|uhw3{<{-dq$QXU1R!Obte|NTb2dndc8BeqG20)(|F2gz3{$^<{C^$2Cf>q& zjqeoy-!UY%@1~>BL&pEtn=6a|f2D0zCH#p4^I8_gIg@cmi+(oMuN5=DbLYD9 z)8r0iw=wcVwfR5%I0`BAA&FW=NR!9*(-arc92G*WRCp^D-Vdk3(+q7|Et9JhxCbO5*6rPM>aNG6$-}b?db^kZm z*hx)&6967d{N#Z(_5*mg z@ZJM!xA4Bl!m2-@x}d*hz$V} zH-}^pob{-icZ7i-XV4Gtg@c>`#U_X(l)#iz%jJbq<=&=IK}Lbq=OrhO29m|RIDdJ5 z1i-r_%E2|nIR^ePhZ%s$Yzro{*AdRQhS6sj5=zopw%qmKaQ`1c>P&d)C!_XZAZqsi z-2*HB`_ACtV731*<6-%~U_Q+f3|^xCqH2L?>x&VcIq=y7p{YsQ`spEh0htY#nxz{5}sWt5Hx10K4e-|yRg%fcf^4ey{j zn4i%>%P1Vbhy!4|f=fuog|z~ZgFH?`I&-P3I`4)8PxBBd0qWG$XyUI)Co8mr!?VNb zL{ZQoK}G)y7jbYi%|&-alzCTgG}Q_(*Ac?i?(Jf9I9%PtN}q*f3Kt&lwc?=IlwypZ}-sR z|8@_ySNz{H9?kz}lSZ2n15LxubimMc6iA0H>ncV~cgAVV`_&i%)OV#T){Pfp@q%ap z{!`yJTyeD&6|v^WYI8rp6&GnT#raDJ(-V~5b1i_u_X*WD=-a`I_^#~=U}S0pe!^h0 zm|%oaVJZL?ONuiwo}@v)SIbN2jh6%lYl8%b&=d(8uP2HjxP#y}L3eBlN-l7ip$X83 zVFSc4{}YRh6y*SZPU9$u^7x)YyprLNK;S1JgF~3n;8t|$g;55BJigzcj%0owjA?r} zaO}?_G|kA=_T>s7@W`A%)7-#8@{8*}#?uMJz?)*3n8-6@XsKtX7-mm)Qn%-q9IGY( zB*?@-jcarV0mDOGz@)?!N6ARbnIxr53H><6h`>)Elh6Wsj1N%;Cet{N(pXfEAd5M= z0U|Fh#@Q>JP>4Fp+A<%Ic|C8?nh!R4X^5Ppd+f;59PVI2*~uEd>Fag+?! z>N3iF+Vg)`t%JeV@qhc<=Kas^&dUF5IZqY;Cti2U1J)V$KQcbh=+07kL9DjDC_ktJ zYr+$XGo*|q)FC$K$OPO@SVIkoIoLxNGAkCbibd3i{X4OVSlzoGgjG~hdscCZxbWa< zr&+JoiknQMk+RgS%&l19Yj*Pw%0QM+5|v^<1|zBC`m~tIYW^>dZni$=!AH#zx3vdQ z9sjqpZN~rKJ{;_=_`hX5>Y|`GyJ?!CG>iP4{1*Nrbc?(|A$O|=HL1MS*^;8r<+5EI z1T4L{#|uTts2`vVB21ud&9*&DEB>qn&bm8z8@wyr&6kAxMTRCYAHylWoW`&f&1KDO z8pH2_`&lx|VBtsB1nG!Xsm9ioBY81Qc~I{Q6i2~*3v@XqDXq6`q<=?Q^e>d;etdz# z<7tj?;1fR7zxBcI7soBSF;4wzcICt4*%_*dj5}o+xo~t z_{^07s)qmDIovkye+P$$EBo)IJWQ>}O!+VvPLqK7R*@ZI1QVF~IT5W{7Hgp)Q%nYP zBi7;xnJqOth#40ukwLKep3$dJ`aH>ZjP77Yy-}t~01kG!W6ITZIE+36Z__KYy;X4( zv8NWnvxr}%D&dk=F|gG5SA{KgAO?Uz(~@56TDpYAVse$R%*E6Sg>q~2C+r#ZS)p>P z=%mYm_!K4!4Z^1|(FUOCS)cT*!b8e24n5#VF#Z)}FpbGC@4r0Yee~w(GxyhrSY11f zdpT3Q{aur-FGtJ~Nc<9x;O93~^XL8Vdw=s^gU!EuSQkGw|N3?Fui}s1m%+xt_BZk8 zn#Y>Z)tS0_l+GAc8%lBQgEv#01G1Si17boAs(dfsdKq-46)w z1I}`)NaE`N{Au$~eQKFWx&v+?@N+OhI41)jYvI0utuYAZh@51QutAi}Y|kQi&Nxft zV`k!eb6?yEFc;UBLq~s?%uu%Wl--U07JS))GjERlzxnx(@&`Kqw+DOMrv7IzSjB%? z%F|?8qg>o<)rMqXHOA1V4!r#~m4YeG(WGUiAws#*lC=ZWbWI>y>>tzySE%IKoM(l! zU|9oG`P-y1(ZR~bSfRxm6NIU3j1{VG?0Zkp)$^cFgZ)2AM_V76jQ@s3M(x)Acd$D! z8l+S`AIHvxT1e^^_N zh-HQIkcV{6dAt_dGIGrYO*F^j~{e~K?kjQ&|+`RC#o^f1^rK8}J-f0~cw>LzU# zAt`zMV)BwNY9He}l<^%vN8<@D)dzVRtbdwpeB!5D9}BHyt4*Lz|Fg4a#s4|jU&Vh| z$|LT7*bsw13}eRmtiI)x(e&7LQELse?#eV>MGFlxbZHerX*RCfiz`JMn1Z|e*x0^X zSKF&L+F@Y=uBhKVHb!s!6l{Xi&nYubPEfK5Cux2Uej(Lfc;%Nk;(|bUsZadWv)ZlF z`#TX}&GHZ#KD9rOP~vCz8#EHZ2<71YPqPmmYxjI;w^*yZ|K2O)X+Mqje-`Iu>!Y8I z=D7l>+y8e5mi_1cU?u-8<)_+_y~fc|ZJYL_4cBLf@9R)7GY6|7&$fbnvv=|H*ehX&e5dp8p@1_rE*a`z!nZ zr99gH&&RjJBY;DE5~qOdOUDO+D|D2?C5u7P_EpDs_cmLxmAim!+74_rsFa^0tDXB1 zJgxSBn9Lp^|I^{Yo^}7TyT9`PU&^EH|1t*cqT4=9W=~?vr~P;!zJCL((V)vlq+x9f z?k2o;T||W21ri;1=HFUJq>dSOi6C z1pK>?m9O9{7)BY+dkhsvc8-e3-BQ^Hli3Sy)C)2=Bx`K!&mf>)@k449tm^&n2M?_O z6GaK|Hh{-lR^Mp&VU*>^aXR*UJ+sq}Fr(5En$Mt94$aWO4@< zE#JKeawZTPhK=KMcU5QWR(#-AV@8ff5$1zX{k_>Hjn2=zI7{p<;rj@wA)4)uXp1XoFo-#<$df-oB zOr2bKPYk!3nqlBQ9inOC2&%4@vAD_5xD54 zAJLJV^~HDg%gL~mw+?hrSS&%dCE{sa(Lv!pG*~ok`!}lD9E_Eln8Ul?39X%8o}A9 zGa1HOk+_&j*l7%^#PTLWxgnDG8_468(s%<&+?J^7Wbjf6ymR@RkBv(Pw}#2hnwJh< zEBSkV>3cERyPf3SNba6P>TV`;x21j!wfVWGhxgS=6bT_c6K6%_BU_Gfz&QKI+jC3i zh25*V=u6fT$LqObJnF(v9R!MGaqP{5A*Cu;o0PXB?aW&Ogou!^l-HPdDL!rp0)J%d-YH?do zi0ukqZVS9+Si!ZG|6WJ9wFg+8{ny^%fhqs(3|8{rQXWhGd)=As7oROpMgC)bc^G2= zn7B*<=um9hSM8*@$@I5UvC&1$xqQbC!&tS`;))$am_>OqGIo9k>jX9m{1^~)unZL> zfwYaaxZ5}E0!VTCu~%h9_au$iTJ8TLQFXWRKMwbIE&Jcyot6LZQXXyp|BZ}qcUE9x zx;%*!py*7eM*xwDXDA9m62*YVJAs*!e4tQhD5eQ=W0W}QIwxlqd!@9QCdLZ)IE%u_ zKk-xS%2Odpa-LET%l_Lx&R(7!e>^$9xKhCwS%&4_VHTHIE6qM{TGfHRAXo@tdirVV z#~Ng68}%-UKB;eeHGYo{ZJ`UN7rN4Lnna(bkQ=F0*+n@JaScnr2Sm6E#j!`^`AIs> z$>BK7qd3a%J>ZQpKOIK__JB8wLWo?-}0S@4!%t+W^NK=XU~HhY@v0u#lZ|iYa(;xrUA@ZCG^Lr?eN4_Fmgs2= z)f|?rxmPv?Z9w+iVL5z`)07~=-|<;_>jCfjf5;BtkqM>l0L?1XVdnMe?>RwyygI#h zgW38ST%W%@KLY2&A0A;`Mj5VO5sE#k zneO#WO?GoC^F8(D<=G#nmt<=_{`Ktj+4b4!6(hUYKPwIzuEJLAtnUaZqXb-?9KSv_ zq`tyf#8}Lu7~S|W@JuS}2S%%2{c(16_Ur4@k1tREI6DzN@(9D^H8}x*Oe~g7lZ426 zK4uIhnM8CYM=Z1 zDKA2oH7U~r>m$euxi_RnG$U2{Qe#lsgLrp!diim2C<{X%JE8#bYCaIJF3;axd|Vui z6GF)(Ln#04icF~t`XOCN=a(QvkOj)-bB`wX1NfkjL@?okcxFI92SY4CP(D(hc_`B- z5^v~|G#$kd-{Txk?78+9C8Wq41h_i*czJsK^5gm2*Z=q9<@q_^&An}}f>|~6S`6ss z_tYH~(vPA%vRz#0+cLEgQxrWZ)le(_Pc-pIP-JFot^}&l|Lh#@?3ww0cXwC*-%EL{ z{0wxAl|Vk-sDiYa^Ca{^MvuC-3!~uAnLCkG*AxOR&#`&*9C);(ihz~%S3^}l0VJg7 zrZabye#OoIDbTbwWLLOjR81|*rlzTuL9n6RN=9CsbMO_XmAF?CnD#T6A{^yNNu=7| zqN>10f%jrgjB6jRUb%RxZ3{6YVvA3JnW@FY5JI#r#$^Sp^<0Jgd}zlEyL- z?INs4tMfmOhA_Af;x@_u8{~f-9GdaJcJ{Yd_diQ{wDVt%Z#Rd&1otEke5E&CANFH} zZq-dM&EQpzQjeugyvqG7*S5MfmZG|-06)XP1Kv2#Q~n>;Dp)K*G1BTb$fY)d&IbGM zk0O|_p~kVcTT+~NWj^n6iPH=43jxz$Z&i0x-ZK5afdjcX-HKlJ302*g*B-Dc?gY#W zQ|ncZflfgc6*kO^6O$s;j+ne<6D1d2=?db*U%138cBf{y_-r+M)hMDM%TCy55E`lj zlzHq0eoT{Cc*Sb&aradv3C@n$O>UrCI#PTYI@jNPJtQz*L6`B=gLTsMR4BPrdyHC+ z)l>Gg;{Q^V<=yB1KiE0gwetV3?0=T?X#5`?-wvbyQFu>+`Qtr#80$|Avso0txBdif z$iE8C%f2(G1#}raMIqDhKu5p;aX%qyMi}sX4E=uJy4}+;=<|{~_rl=iW0+BBK9EAL z;H-~Y_NugNG=WQCR?T2-7RxS{&t+pim$#zM30yLhD`;C4 zdB*KGQ{vZHJHNF~J7;;>Om|N6Zu`{CD^E_2k`d(R2^lQ+1hjE=tX)~?g1{l`#u|P4 zMX{bz3ed)Fs4izty&)I5j3Up$I`!(*-xi)vcC%%^S9y?LWGF`gidB6@9;9XJ3axs| z>k6mhb&UezW4U?R(2wIAKe&C#zRR;y;N*-4sE|?$e6lUQM^0MGvd?)(-Q+SZp2cp; zZk094vjX~H&{Co$4xymOG)+a4B(+(l22w~kMmR6PiN9DjM!P!Q5sZ?_G>+RZvZ_PK zsG#4kZ~Y9erx~^6AvnB+`5nq`0ZKMNl!Jhp?_h}@@TWPN_<2Mm;(Kbelk?h94#>m+ zXgDkkGzz1!NgrInJQwXyVDNJqM?sXw)M%A-9Na~5tkt5uxu&OzpFx0gQXud##LToq z0*llZ!wqWW20#0gG=>{w=G~(yGbQ%H^~nWA{oTt8w&l=aB)bzP^Cg*1ZeZ5u@iE7c zlvhYVQM`eoC5GW~jHw$rWLROdtD=8Cy>6kjrEuP!Uju(QBy6@q{te(`S%i0)xp=rN2_%$RdYK4x~N4lI#6rWrX}&~V6E_U|n+J*lUi{LfD4KU$^%tF!;u z-8KC`_jdMH`M;L(i2Pr|5bakVM?rUKz=Zg0PMmqH=jjp9N@%xRZ7iYJNcqy}FNyNV zkE4G+A0a(a;aR&YH9{95L0=$!>SBBDN=j=P8a}hPD02}xTIfq4igh3-mT#WqC9o}x! z3YnuI;UaG1*m7cmUBXY(h_EU-h@p>jim^qI4K@__=B!W#NgZ|;OR7NCVQHa}>R4@D zG*OU^u;6ucD`gnJ_wM@RKP}IHbOYO8092p<+k>5L)Bba3u(JPL&ZFu7FX;Gob>tIR zPeb|7yVAAU2Zc*yepNLRM>Ci}j6L9yBP!y*$t=yMscr^B0bColAevT1s9Hu@8hHHX zz2`FW)AVq37F6%rE+Yt5u__6v9+_Vyz^2Y&_?1{|&~qgXj@gOr9!?58XAU+$Sefhh}nF6$pY z7YL~K6M{Ee{83@_Q%v4(-{|3CnE$vs=d_hsuCWZGPhls+H~1EoK=iIgcF9)rw(UV4 zq*o}o{hobbN5mqXU=Y3+{!6whTL6E@UeJ`Gx{f9gO`S#+m1xR^>S;TD39dEApdoIV z3?vXpcF0Ip^!t(WlSPlZVk=Fql9nm{QaR6DjL;Et{(K2xdVcRIX^xm4?FK71Mk5M%WfZ@#FO!Yo3e_}dYDMex5A3C)a$UFOIf zQbo_yL>(^fLFU(I5PG6x!x;Jb!JbFDn6rNm_B<=YR&)OO1^A`lpnZP(WM=!P=t@)? zGuFn9E1$TwU}OqI1xbV#y&zoQ9IqbOUZm?LI6;VQfD#tRl@|4C`Du-na?CzekN7S9vD^3&!mbz!Ho*~M^apy{zhr-8+e>9(@*MYrT;4epLFQ|wY{^u zzhn7-9c-`kf6I6@_U%%}-06gKlhfr%aBWI&x>f`hv5riB%w)xilI5J1UPiJO#cMYg zReY}k<~p@og-n_`?tlx*7FcjzGJ~I{5a;;l82~{#J>v1S1vK%wAEZ-enlynEl--w> zW1oR~fu$6Sqe+z0bBX;rdZz1w%#yrW#?xN-7)Qwn3^tf0472Z{(=N(4zy$i#@@SgS zy2U-3=vLpIIK8rc*`38uP>5EE#WJE}RY=gygwR(P?_~6_jyJNoyY!>)X{=*iSx3kn zM?^VeC5k`Q&2N-W#kr#eL)1m4R~PRpJR$-=hGf_s5>io<^wGup*WPOg@C1N6Vz#0l z$K}@Se2HclD#p`8Dg0W-76s-Gi}Rur(i}g0YuJG>Vl@DxQ_L_E0l-o}*O814;*=Xn zvz!)^h&mD_sr@Y52Vo7ujO2NynG*kwo}zblTFomxbebLGhAtKEHx3*54gRaJVnE@R z!{S6$Z&JGowaB(n(;WUO|K#np; zdi!VyMmbk>%z9uTZeytbHA_*scsfdDG8(&T#V|O6ST->0X6G|E(}P$E{h1>$@$+B| ze31Hi4zrHz5$9n?TO8rC7B4CL!`AJbNA%2X$EXPp4t||b>f+rIpf_ztTU!|%!OzXibG(FqeF08t?eg&@2RL|d;2WTRBHbrEe{M_aF=tvAuu z-y&HyB87F7qXgXClO@E<40iTNq0`SPN(dv(U+?b0gPv{&BBzmQPQpmT`_OZ6W`Uo> z5n?8;ypE8zSa~+3{?6j^`Y}ep4@2NF3C07=By$MvAh`3BoG}0lLG!-0%r24o1ek15 zVH%=HtOAKS^xDd{U97dA@C(lc)p>k!LgdomKqKX*Y1Jw_P|=GuGupV%PuEoaUq?AxLMht`=K$)NA?DP^G zzHTCJfRoobmt-$}Ln{iL$mYrsQJ561{hm7=T$9@kbDo$PTgk~bL~)GnNV7wfP5d0Y zW1Z1^9~KgYB`_8HFUQ`%*}-5{d5_s|THI8BZ%ylu`Lxpio6-6k-U8I<{||Te&G>J- zhleZs-=#d7=B(HruJ}j;kvO9hw%eFLPvTm@>Qkqe1GE}B z@RZ2)R06X=log~G;^K8^RVzNxyLlJ{Xp&xJXc)!RmXe&BRwca{Gfh=5G+1Di%HrN@ z6!`HN;oM_YWAV3Wyr$8V{SQo2hQLq#n<$R*2-4e=LcJ6ebE+uPC!zp_;fLXo$x+u< z0${V^&f<&avrZZS?>{(#_g7;WW+-J4$gjpY7S-AyNt>{-w6!HCVqq?Q*RI?X9{v8U z_O9z|Uc%g86bs(r5-L>rFvAhfVIqS{4nl?E^<4JoL)l3w z>75OM5BN)(v4h1bpz#tW&`)^K2R)F?*vG(6fRAxBB0?b}sY@s{C(N9;5lvO_4Ks6T zkejK)YhjlA3@y$8RoYWj_flYRK7&~nh1^(GxgK-0ZiU)4n$XoD3aW0a45dK7f<}dp zJEqY%?jV>%qj63OPE&>yjp)Hu5dJWS8JLj99RB2nPDij_9{)|*D^syE)Ac9{-cEIn z+jx~H;qBgb)g0%-g!O%tKjCwzF;REMJsP`6B$jLUd1Mtv&0Y zvF>#mK~c6JcMnTg+d>IEh6zwU5OyS+!VOT$KGSWLYJ-gn@)Cs005w70*lrt;r|61j zU$ZWP;haNTUyZHfLF4jlt;-5c^}s4&Dtc^m#d8Z{U2HXmQ{v22KX$N@5YUE3^r3bV zdSI6dXH8FNt1~(n%T2ZvqctuKs`o~h(4Xm6me5%h;)2U~g;yRYM{H(3m9vC49z9Og}U-2q^7`Dpk)tvsEB1 z<~5O(&o$YOizU*Q$SaRBE5p>3nDOYY{3y#W=}y{EXU9_I*&Hm78cAU_R@&+P>=|p4 zS|UjV`!Tu$>#^{((cbsim9rrs6-@P=pXAi4<0eW%;InXczdWb4=&kVE)9a7Fp1pnf z@#^&QkFyga_2`-(h9^96b(Ll1Y>lUPylSVzJWuOL4fa~ zJQzpGh?MaYl#gKsrWj@{V&7|+V>&o`G({qYo&0|O_qQPMQ&Q5EOt+lT1*Qd>>zFQ8 zu0`0tiQ(13$($Li3a@fcdHiK^qG0^v5xg3bslc%f<>lGSk`>cBwMXG~zNQpDne@kPIUrXCMWLD14eh<##>NbU+@H&!hBSc5N^jgj)?RfN`<5D` zNlQ#DA&4vP@$@OF)i3vpqqSA!Oo~4bbQwJpjR~~w%%lsNLFn%Wv`E( zyJ1^J^=z@fMKSb%_Ztsba*bZ25k5~&vkYaPc{bVsxJq-xwqb+RO;YP?TcuKwAvV>L z!aC{OY|!|e5j`y#Ew?750Jl1wpU%_j{8#Sk+k}9qvH#rPA6V!A&cWg8{9neSo&U=C zc9;cDf%+tv0Ife=GXXOcv-RcjgX#&WY9<) zY=phij9zr5FZ^Vxty!48tK84wa2j7h;|hYo*3~HVmB$En68q8QT5K)NgTz`vvf3F* zxgwf5L&!F@k^<6YQ+jMp=!%iF-@-5pAoXM-1BU5FfZ6() zu$yGsm<~k-4=5pdbcQNCyZqFbUrM-mCpbL4aRTG-+kj&2XDIbYLQZrcSQKzc1gcKk z(X%R@*iX2`XiZjs;eqwQpTIcqu`)b;I`x{V>}WOwIE+36Z_9I`Sgp6yaa1s)?&7&G zazgoFh_X9B3jvOOJO=N#KFp8%T3XQDJZ9dagveRHBb;9&DF%7K`!x!q4AOY2er(6* z^VRibkLE5KSbrGAf#e06JO~ooG09Ov4ocPMFHH>bR(+U1~u; zY13V4w_;&p_sGa`C#xhf(Vd*jMu}qa(qf_wqm+0JG!if!h_xxvGW-uS#hrWiHUL@E zQ0YPOwi@)8iXaGWxlirjRc#53qn5^jHQu?47i?4Ce%qLrE%-tDRfI0BvgZ{E934rN z)Z>sc7fKVZ10`|u8#T2gH(_(Z4Q%0s<1aVn#zfjElHZZZ=VRH&XvpSFO5XE4fX)~| zwI{g)wPM|F{Jj2d3U(SlgpW$>L4#jfE7Dfg5DCN;6F z1?%8sN@=2OA~x!J{4Co~gr}!f;wT-*F-uU(gS=rt#Pt+~cuTPoA(M+$H|xp_m=pgN z0t^!jX-3Lfkh`)yIaY)La6RD?oLl&_f&$QvTA_-zeg;=C2f-BQXaeYZK?yZONntjL zFs8=$C2^G0h*56I$^hi`Ts)k)eyB9qEk+ASFUcyxYR6cl<8~pY*?PB|BDgM zyUa+^wM80jeg(Ji-m>yq6MZsOJ+<)4!^Tyckx;Fg(QMrnk->lKnDo^^>hB3}Q^|)@ z_Pd;rg;kk`V1rwu!WvAYXq%oXaju(2fE=zggL4XlXcz@m=_l8QFb~EsyegUSMhBcYJN+43DIVzz zabn_BExK_oLAhiQz*jJgGMqcSF_t zr&$SR=8jK>tB5{HHWji}`!%^&zbqbqvXpWTg(nN5M2o5x<5B*nVpVT&w^~X{^@2(l zmE_=Rm(#i|qfm&$^b^2#Eh<=Q5a}Biu%{JTsLlN^O=+WT{=bYz+yBWpKFI!GmEQ6R9Rg|! z&4)h(%1#05RJq_0Kwz-_pY*9_|5tU^v~e>JvOuUfxlGrbH4AC>hNabIzt?OE^3#Xl zNRAv*jNK5@3agW#{^?}@=lOTbj)0o|e|KR6HF^Ecqw1@TheJt=a$g4h~HDe}AyI+W(jG@Q`BH z>dp>EFo7A3E$Adw7~i3cnGnDPPcw)?lml*Ug@GSr2xBl!X%4?F7)C78o7|0S zHdA$)^@~~7=U$8j{}~N|h~BIe)BW^JJM)>JMdZ6~Sx(JB5^f=1*fnhyV1o>X*aQ7b z7(*Y!zG+Dw-lQ3vMQF<0H4(aIYD5*a-{8VHbDjZ4sI^Z4Sj@>lO|3o{J2ogjN)cI;X;$ z--(c`PN>=DPcw54DJ|=+8z{?d07rk`-r4meaJ4*<=#;WVYCPK7`f0Y67RRYsX`02( zI!8av{=c7Q)bP}?!it~oFwE%e6+|vtsjNqMfE!|0;~2w z(4YHiVl;u$$PNLuRk9K`07k%1Qw*jwEjsfwNjGRFLhhoW&ELXE*VPdM5_oCsN7S~T zj|P{X-R=Q3U|1m6ML`vBF2p3JFzMJVf*v6~^U9pveR#Im?Ba#{NA$XHg6Zn;oDmBQgq0 zvzJH7sK;g~KjDt3P2Dp{9e`QP*0)pxM14e_kqwC&V%R$yzbAu0-%Ycay(09aZ|HKSuPA*gt?1hG1`%gLbsaLJ^3n4W;k1s?=!37+ zFYW*OlURYvquUeE+BsuQ5i!atNAZ)zMA(OR&w#%iW5c%me|YnEKWd!$k3H4=|IY6I zzN!D&+1nkg`2S@*mCB6}rnrCSN17@_;lJtRu|i}pU4_&wlrBWA1qRClYxe3Z)}Nh& zMpe)YtnN^D8zbK~5Ld2c{s!*>bv#I60K6!Pa;Xf#&b;r+IxnlHdZ(6Is=Gn;bx6RY z#Moq%FYR^PEI)!i6Cwoov8KLgRjzL?E9UnVJj)xk%Qf7uSPkaO$kDO0rvnbbPl8#Kemt;p2 zFfC8@`spL8F1X~AbhOZnS$hmqruk}5(or{)rkNn>WLY;Y;hbgdWy!0aMH7Dng{$Ea zpp{PI2qyU%`SQ$&x=w_5B@Oca!Jowop75BzDamY1+vgQz)@A;(Jee`m9RQ$aDi-hT zq{JdEv7X}T831PTUp48jnm!kRO>q4B^)r~v$cxL`tqel=%&Qy^7glHf8w=o;r&se3y}z29A91i{rvLfcSMTG0YZUOV0M0a zeFVIN-NV0l&lH!NP2g?aM9CH&d+e{xfc^MNfzod`J|2T#e)-es`ERT#7>p6{PCvt7 znn%e9y!;iA*^T@CzDEnZe-Abj;H~LY@xX@<;6MM9&;VsQL+s@B*~jB|*S|lv3jg;r zPA^jS_1Pb%&nczYYch>u;H{DOykv+t88V1dlwkOLZC%-G$h1S#9Bg8+3wFRiluwLg zK^$ps0oWYNE|8h#nV-|5hv%2p=QK)2@Q1ASZb#I+$XzTlz<7GpzPiQAO4$sNo32Ea(p%ODM&}JXvX-! z8oH!kLl|z5J&v?THqv6l^plVo7LrdBKS~N4h;`hP69LeRmv&8)qlA?p?e_b9a1}#H zRfa>9f$afVSV{{3VDcSo5BQ5=BxXdynm#@MZLZx~3aah)YhG=&W78cwgBVS-fECW* zrzylauNb7$Bd|S~&_CD&J_7rLH_xqvW4oMdCbob9{Mr{PNeOoCth) z>(2y%)aCj4_0o=pO6-KHAwwuH&WHy;4(M*p@tEA>Pq80Pq6BPCsU6nl*jxLe4&XNr zY^KUPjeg%ey0gm7_CNo#3y?VX^C|vs4l_i2OWEmaBN1AYmKzDHw%SORxRIQ{eRaO9 zjf4$vgN=kE_44@o_}AmB(<9)0`C=*f`2X_C{M)xBaC+*}{{8&T>GLfX)0*;mv~qaU z&!))$8*N>$CH>C6!O<1U#M+nLCdH5#(9I zI)3@)?Cr;QSErY6kKde@0Fl;lR>fsW4dtYyN_HtKJp9JSH6-N&!PFx65SzLVwj~DB zEC!pK)NNsNbBft6=opJ{-jV)65eLKvCORDb`7eLo-6Dk85+CS%`sQs>se>9$D%+~) zJKff00Ye>ja}9vfakq5z~> zY}1P+YJM!gYwooS$Cof?PE(hE2Pr}^%r-y{F~wTG0{+a8Vm8Y6PEm^iyXF-`A@ZSw z8C2?Me*3nW-HD}|jy^`1OzeBG`HtotpnK%EZ(uW|e};wp2sXzKNT#&4ud{&aFfrcm z^1O@&=Qa(_AC3m7Ga8_J8Ym9eRe!0~%}w%q8~T+zZS6m~(y_VoSH1t&!S4QnVgI?e zyS?)NTFOKHzkV?9FJYiq<@)6|VqDDcOV_sl;7(sUvW-2y6nEsu;}|AxI?8>t%x*OR zrd^vnu%B5s9kAgw=|gkRwQ(cQHSHd?+HGxjcW~fI$Vz$Pd!v@epW-qvG_lzE{|)@l zj2bS_vuPG52;;aChrePRPf!S-hY=d%^t2S>7)lPq+W>+468az4O=k=^}L%Zb5TtJk|ejb>LL*lrxPn`=!;f=T$ zocY`a%OK6?GiX3lo&DtIGY=rKYjCeYwu8(AsN8R`1pvBm1r)Zn=LRLV^>uA2|2Q6v z<{4_cGdfR2R!lB1-A_?Y1@W4Wr}SZDqubCQ()6V)f}OdXAjz*yw(rU>Yyg$deA_Gv z@ImRqjZ#d3#eFDEcD*YH$`+f^45<6A4>j{XRZRI~&zLoS>AOCZEZ_kwf2CMtuCTc{wrC}uY{=nG|quH@P0t~O?P8nQiM&#JHJ{=p>EW!;F^Xc zK>?P@5z4Ss$PjWsl~%|>E2e^i6>Xv+dS?;afPtoZ+BJU=4;&s?c0 z*ndX|w#B%A#bc_J`6p$%WB*lXZLfY5Yz>IZzS7ZXqMa@hn?fv53vgE1-A zrn%zgq)CfiOCp7bYqcQq=fC{f9p%3!VE;6WHCe=VMJ(uJ-)9)Ell4Lbtoqe#K5=rt5>B zb8=qCXBXP$!aTyo7+u9t080|~6#!m%WeiOb;MGdK=R}1L17ioyllUHxgFc4f>;gm> z;Au(@HW-3nnq@G_<9l+*(76&vH{$45`XM*O(*CHu;7J;N@SY+0VFTPub1*_Vc>fdr z;IU4e56f^j6BN=vHbIoiytpOwR}&IHX;ns>{hthV+r9rk>i7Shz5QKd|KHx<-(T(j z%XrNF|ALHhCwo7gEsu5I=g4=w=da~KdXb?V1&G;ut;Z402_C5@GTzhwis;&3to-8y zHO6GR(yQuXIAK?d@?}BIQ;rga$NMJu*r6ZCH-2!-Lsk&RmQqu6qc|OS39@C2NMcAN@b(1Xy`Zv2`D|b zd4bk*ux_WJ?HTlRgumyN$r4+$Q5A{l)&3~tHSiE$oay+rve6Jsra1rI$4WJQ4yxeo z2H3hWd~SE<%K-g6}o%{F}gFMHcTb(q|g5U zXm$QmMs4e(__GBgP$&QG4@~)QclU6W|7$6acK!=qT#j)Ui~uG;i@zQzM_~10B@R9b zaZu5Cu&`JEW^!Tc{eKQ2uvY#%H1ogj?C-Ahe@l6s`+sLbAlo$`vm~hXU?mQ&#KDy~ zxDp2+_mQtX4bFeT{UkZehCbl|W_}!nG!SYR{{MSByLSA)gO&gPQXalDvLOa?jKLpr zh!^4m%(>GqrjBF?Do_8aQ$0t3gM%O+`?<(kh3R20+9um9?-a{sG0jN(DCsxi11ftk zhm=Q-AoY}H$B_tl4Aym7jBp=bMfqOOmJJJ;${to#u+kwZ!WH2{8i`gVxReW-YUMG) zxq_H2;Z|a=h`Ab|29mCdM3nlIMcO9y=V-E@-=_=pSpunQe2o-P8Ov}?IZK@Tc@$_o zrBDJ$2EmCi1GvDHE70b%4JD8;=VXdm6YifVN`SWkJlU=jtLj-tmfJeY?5d0iXBQ{R zo{%^?&dOb)X-+U$PhbgcOsX~?R&_|-SiPX#_{GBK1-Ki-L?bH?_x_$0`%pbK;isC; zn9_rDE|*YJ=LzST-(|#bb=vH()n%1?tQunjZ=NdH;(9qT`XP;2%??VNdv4il1=tG^ zC9V-K=f9okjr<(m`S**X#sRfQYsF*#&`&-8PZKg+OyiiDq;Gu;sL3f~0J`x1-r3vR zHt&B92P^xJr96zUryK0VPdj4!jVaSFW=tK^&(wpSp-h=W1^5h58G%(%b$}*rO@x4| z{xlW=Y7~d^I~+wg&+f0J>9S0iF3s|%`Iww}HwSw#2~Y@`UrtVrMbgE)F^Z)*xL!`R z#rFvq%@5}2C+u;RmU2WA>d~AE%#}cnjJu$86)FmT>Pv%r9Sf?|4H;@&%x2oOyHVYoO5e2zYDq zj}5hmBr7Q*|Imss%8~Evm-dko?g)7668@0{(*rj?h6j5^aw5S}e0%nduU)<@E@3{+ z*a|Qx>tpbLu-MYv>+CDY5iRr32KPVMGspSgQu|kL|8a0&#s3^^Z?De(Wjsqc{})jD zJp&;2Z(xksNzQ(kp5*}eNrG}FD6$&Li;8Lw$15zTE;J=>>nLP$98HV{NV9-%XeAP+ zpZjf$K_-6cS?yOTfGQDT%}YfinF$d}{On%U{me>~jkM*8gOy*4-okrD<5h44%HgjZ zt^8o>xfC7iBj}(#X~4YVYe52KEPf(lvkq?gVsZWcKY_VVdcO71kK^NFHFakHH`w1c zH6hM z;hufT-wKy|Qru6|{_XSzW(mw8?nh`#+P5@on=vANH>@bZxt|13$Ac%Sbd;aLtU&vO zwsM@Nf3UaJXixmaAHi_*=3Z~?irI4UN^=r5W5C?qXtmpl;qE^fW7{9_X|w-Zwh#@u z!CL#Dff@hlU}qKobvX|YBjUIRtY!*R6keq;=;Tze=G6rXHCD^A90nd~e~dC3oP=6w z7Jv3Yab*A^W(-t%X`tvDNLg-P#0`mLOdCZfkfN~7u~pl*uI~>b(g+PQ%1l3~9Bhlp zG)U40FYdDR#epBgQxkhdQstqf6ceE1m|F5;m;;|h4x&mF8jeYG{fLI3Z&ox+WVLQQ zr-rLM8j=2qbwo$&G{(@x4P_FwBqW2#{*0MaUX88@K}Bj>_F68B87!uvS=>|{bkfa) z8_^K#{TnocOq;^{m}b$$&+Z#`QL`WCHM>H&RJEZ3reV&sd0UvS8#6TeY)wzBnTlv_ zvrDD6AQ(C>laK;kx)crjhpnH%E0`KEp0FMaSoy!PMAj)WCSj2hmGrNQb!p_ z9sJo)>0g9Fq`*Z(_MSxyyWt1NhB^!B<($>NVx+!K?c*t!o-wx^cIwLPaZF0~p_Evb z6^+wgCB|?*t0rmUWluMIw!LthFgex?8-qIt#{P_~UeV7Db`|W0jL@nEoQGs2dqd#I zF`JBP@JA!SpF+HE-=5w68PjtviTXhj45j#aQ>eREaoPe01XZHf1!2XfVW>0+&pcqOEtlorWg>rPQz_SG@{(Tak?Bm2V4SC zKdL$tQbPT^#SI>YFnKN8G44U=*JHgQ^NNpMb!hnMCbAn~ZD!tDsNo52$@dbE*W$wK zRz+2e-P$eq_N|DnJyYYZNM=me+$;UnHTTMgwcG9-OjRP;L-c@@IyUCw{Nz$6fK4;? zYnOyuox4x(X>){dY2soVee_pSJ^dxtCg&!s$cPk+OQxFh#Z zxhppJ`vhL#$1xGM*4U4Bj-Y{XU~TFGs#S11e=0@V2#s_3d-6i8>$Cv>X$P}XE%Z1M z)~j7Mxo}rc6Ll*{*Ok%3v z|5Frhee|a}dV{7(&V59VgMj>Xjc#H6VNkdKAMBd?zy0mQRs8RzJlg#~8RbdIC@*p# z5XQR-wo{K+8X=&gnBZ*bQ&A^Jfa&^Z-3t`<8}R=1ooXut)P)O|t&u`BAFFN)T4cW- zW@y5sAZ9M%0hAV}y4-x_-g<*j>{-^)DGJY1cGq9kQGM@Ku(X{D8bYivcs-xNEQ>_Hw#B+MQkLLD$weZ0C%&i2B)RzT7SvmITT?D5{gVKYYlY zohdfpVuDqJZbZ~L8p7Z{h~eUtm7pGM2F#z{M?;i?c`zhrD4tFr6=4@gRRPu(<35Qt~&``mVFhn%? ztFVx8X-d=Tt7mW#3{=&H!esVxnnKSR z7`4#=!esVah9-*-9|zQY@L)143O7M@7=4D}X)^0-th7jO%}Dhfn|>YP&St4Ouck@) z%v#w|uAcvxL;k-?{kyhmfI9on!+p#D>)>!D|1aec@n6~KE@bGTiOqbTJbw9KcBEr9 zKr=>=M&S6vzD8}EL{ks`B3pRNa!AU*%MwX4C1+4f6C+%z385^tq%1~5v`(fte+glF zg3@~ngcT|!;npwBY)yvKI5zA}EDKH=Ti2qtWiQEER^#MvQXK?~F0auNlo(d3{U}(z zf*Kx2HPJ&;l$TeGn+yz^)HZ@AIV0CJgmb}&<~4~NQwBpb^kP~UH9Z#B{4>5gEbcbQ zGBx=94YulU?t$Pct$dp=s*AFtCc5b82p-sCyO58V+`E(7nE4 z@&H+%Q%2#V=fFFOr#Oe%Z&601K-Ch6k=~X4rR6oRGwzjg4;vX$&oBPA4**) zDnaupq=Dvrs{q~jp4ZA0BX;VAd*y~XcXxR1Y2Ln?heVO7GsCJ{$RiqNA$bw#6D-{cc_olCqM84zHkbet8ap0^MM@Ha72Rw_G zqa3WqFaiA@*lkWhFhLp3znp;gyB}0SDviCcGJLRxTqL9~l)6Wbbey!zrX#z1(*beN zM$)m0FbDGy=0GEiXsI<-M8##1L`*eWf&Wq3Hfdd6=u;fD{A<9V8*QjRBV0rAiT>%% z+Hbi-n%!x<2v@rA;%O-VF+PJEx4n*%+cx50t^db?ng4%xduNsZe<_b9|JkFwsPJb) ze6+Hlt1DfLhK>PPx~Z>?gTYxlkgT-yb(CL@eeaw-X#}Z4cql3SW1ct-_kSW|9mkQ6 z;T(Fvy8FMu!LA+uWwrk=<J}ovi>a-Rt<2ei&{I z{N;n{;udLLY6^S@051ObBl8}nUfPe+7fjXwC;`7H7{2Ix?sSY+tE5umNDoloIH^e^ zz4KW44KSeA(otGSMp0@ARuY{fL&>5bS|=hdbd$7t9^=#E{O5|`&d>kty2j_qJ)xqOA|79P#KL3?VnB@w1O0NugNT5_H&Z#$0%aP+6AzWRrLR=Ft z{ymSm7W@Cj*~|HCK#CI2nuvG@OrvzJ}${TF91AN9UZ@qdUtpV0Ta z?D-dGFCE(_L8o@VCxu$<^^0xwm3WrdsoCO1iGRN>zVd0Y{}UOK9008kfx7*FXJG07 z4)<64|56?Y|1b0MEp`AfljcW!0JB|OidyUPEwlt*o(Wbzx;`4B$*2HdmApG)Zd<&(D|@$rt6>^Djbjl@c-`=7 zs`4(cbg$|$w0hQMi9plo6IPl;JkO@k^xaW`m8TDP6Vu2EtbZ&hvZ*?2i5%OJE0wr! zB~bpNdj2O-elo8Qc+L5LxVvZifA8*Zui`&1 z<&m1F4xPYVljZTA`p(XDe)OxYFt-y*F5uyNoWqGnPa9=>cRwD1)4VLs{Wxw~e436j zKZLBf=2gCy-=~_djKGilsXq{I( zKd>!-rV{UW@tO(j^3OFR36wlzkB2##uW1aT9NfSFO(5YrSTh^+{Pn>NLa}+63I`m~ z0`sJ@&rt;-!ftIkPh<@c)mm3VD)id+SzCJcl7n9*n#0G(8VoY&N*sN>Gj*b<(Z3Zd z98&*4w9{(I;W-5KCzy(a|Poq>WGy2Gj$!oK@&L^ zmO2bt+R+eJ!58KXzM$?!mvDk+kh%TQJV7C18&I0Y_W&h;?9CuBc!;|8l{kk=sIwZJ zd2~Fh!q(5=nlmW?(#3%RE6mEWV?G3M1{1om@eQW|raUAcL3joehzpZe4#Z>oo;BsG zU}ew`qppAvE;gU0m7pF)G!5+lWFlRTxS`}wonSXU&r(I_tBDw4R}F@WdWjk=MD+%! zbg!}=+X#gKYBa4z@o*i2rJ8y(`Oz6ZV|ZL*xuf; z{C{?Lc6L_h|1uu!{J%gU5W@`kI4{Zu)JNoh9GrmFkB*rEae5f1o6#&mMLRs1zMBl3 zTgzPm=S67*wD!!$8is+GFh}e@zR(Ld>{2&uh5_B=G$fV`$u}??LDJw|7UfVYP{E0; zjne6H7_wU;^}<8p7hYYwQ!brM5(It>UtPRYu;Z36W0*l^ULx2Gzyb$`EDBr9Mp&x5 zgz`i-XPAZ9JW927$$B}YuT=YMUsDv+aNi?omp?`~*&P2EsIHmZ6n}eCSI$j&Ni#308V5Kl z)vL;dplyYPYFpX!JUmU)7*1f4`!QPp9#{`h68KudzFm&5lD$2!JvgjM`mA;QVX@K{ zbCr4e1JPsu;Lp9D%nlIT-S!O9%i27~a6U7cPakNp`DL*sie zO`=az$OKbdb(7o-Cl|$2l;xLndu*6}a13Lzv@Hf=1oI04Yq6||>~!*rYbJ2#Cpo4J zWR!%!r&-FtFVDgDU}ul8o&imi)K*_M=<E#O*2@Pzq3JI*DaR*UExWD69wq#PuYg-|&X)L=d_n2U#-Ius_A6ycQ zUFw9c6GuSqh8DR^=0n( z&D98+yY9Dd&v+>obJ#JCMG+NHS#gaThD=s{ntl8B%zkTyEK(vB^(%rCaZRlQAb9`b znX8J8BHvvI81}OS8EvNY9kxPsbD30m0ip!_!W&YI&s=<+Xo~5E+qFgO)HTLwTotm{ zh`MV;=Vh3c6|NXBPH20OR{H2=KTY+&S%fId75f;!<&NM@+o+HKVcGu=whvbN-(@_y z{+Ew3pu^mWC%83n9<2h{(UY$4g98EDbPn(SHrVQoE{7MGH1#fDJWgciC~1{e$BXl6 zxc_I6id2l_Yij^hXaBRiYsUZB+1cJ+?f=VowEh2*jk3rAw&2#U&6!8L?Hj%5ddpXm zfeA^qcGnMCh9T^=+3>Y~=sT-SmDGNxSIx(zvM?G-Tl*&aes`F;H2`nn3}&9D3HZ&A z;%W9E$(i)tSn_=*>6siZcQ0WYqkAF)d#be)@UC({hr?;iY@aqwZR9$c_<}OBU8f6r z?($V?ON#fbtq(LKzJnlkgY~pXig503ZFB$M z-QHQ{|5?hT@BeI+0UzdWP62D?Jl>vIMDk}_;?p94P(xAk|M4;7rYqBC>GsBHnU8G%}ms6sgX{-JBTng=Catd$+3AsFR4 zxa}sFIerc%2$RBB`nJI~R$r)IP(qF5LwcRl2ft2p@cyUS2XF_oqEuPfGZn3>3m;Cz z6`!~G)0F=k`x(5*Pym?*1gCz`m<6np{||NtCjWP^^8a4Wqw{}clmQ=RAjf%O7SJ_$ z9xoT@?oH>6psShXCk}I>VWj7Bqgt6%%w460u3`QZV+-}DDZHw~tF-+0ILjLD|2fPi zQ9^V7yvqClUcfA(Awf_Q;<|I7cK_cu?f>?7cUJb_OL?^Y|GF4uK!+KyaRz*#7d;3n zXVIfQ5NdkW^}#SI+IV=Kab@51JyXT2WgM|~isJ{t>GX5zCn41~mz*dvy1N3jSJfPi z#ihP#pu|>-FXc#Ry8ojXW*t*L8{wWKYb-Mx)~BLmO;qlU76nPQvO=@QJUvaiG)BFqr1hBfo{IiU+)l3=UzY zys~B~4ZFfu&bmHj`CHMRdt__oE34Zwn1g6g{AxH=DfV^%l47a%dPWy%>GPphM$j}$ zSbC=XV9x{IFh)N4)tie7*7hO@;)7&5xq+EVjoAksX{+-zwVs$$EDVL5%t}#q(vY2) zzPyDzWQBa=Hm_sV_}J6;>^G~dzOSm!RuX+(L`EoyS7G0r%`+|xwnb@%wzA#3XVRBd zq=nUEJPqZ)8H%S9IEU=_ANBIz!OotQ|9`Nzvj17iqsf1Nuu)!A_T!V~(aL=i|Bhuo z-9Tq)0YKG)j;w7Kn2Ib&DkLopTH;E!CjAy%4k*GDgL8{{Hia8vSl9r#%x)9}8ra;3 z_7y)9)8eOaHXuL!X->F|NrbT?(wc@IrH&k)ULV&+Rqc}s7exh!$qS1)S5>JWjL}_E zS7d_Relboe=|!qs7%D8Nm?;v5`34BaFt{aMsqkp|QW6-p%EP9aHPSlGT2}$H=e9_y zAWWrgk(&ypfzfds+k|oWue3KYD#g13Ytnw%s4#ms{!MRg>u2zity!{s__{64%qH{_ zJdftOJ|yIAq1P~X!l56>H-2#YlKVZXTVs*C&72wV6Y$bmz%yRDmREz5tWO~{41}qm z)dOEao<$Sz6(ms-!X)Pgo7yZYHWe@W%ue71(JjC%0p~Ho`Gud47sR;$vjm(m&ELKt z#sbI^@C{Hhj7HRJaUqlyI7`5qYL8w<*@8$HV3vS$GQ92I(EFtX#+-yqo1VnyluzyW1+<=S`|PIz~hp1&jusPa2ul)(}7>^;GIOubS4C zaqMY-G3wF#azC!VWGNZm0tieY zrdDYbW{6T&z$>m_FX0G&e&grC7hA^janL>g@W7P=BOH9c@?bJWbk*8IAZsG`->&&LZl zOMsNL%U^BE`*9jn;Z_NZ1!OG(rYJ)(vkSSmt(EZh_@0*XA5$2#yauj||8QXCf8W_T zJY30t%Xl>TkBu%^7s}XPw{l>qw&}46fqKrw&LqG!LHBEZL1J=n>N%&C)%Y6ii_P3< zpBr&ErT`-#%q5hH%1k6>lq{D=jV`%_QTfe`JE4jKV;^5+a2S0C-j-LubEe-a;kydN za|BqNbjp1AgzdWXvk>6e$7Aq*>qDci$rJ@+KYK~bs@9Hqe(#D-y;eHx+_->1qlN@3 z*iG{~uONqHH@8AK+oJi=NX?!?bL)c9m|)(CY|6~})-J5wO^kwDn-n#1LVEKa#4|0gcvI*tE57+Co~4t7@j-%=ip{}ZFzE!$Udf&17PzoIK$vwjm8 zM$?JK^sV9OUp6afDLr^?jSb}Q8bnYm0ZNAcSJA)V5g6xrijTIo zGB|>tw+EEqTiMpzw-VKa zTi4Ont7z*@wDq@0mW@c^i`b76aF*n71TzpN;O0Ijyay{Y*x4h6PCut8fk`f2@9x2a zp2;(mpQTD-=jdNhP2~*5S{b4^Mt6h`qQkC}RZ@cyt2v7zxCK7z))OdydvD-`uqAUa z2Jab&4+cx{5APq|24G-~E>PB6EK|XJb4+?*UcTT6{weAw$H4F`n+js!%gVlD^*EoF{GVWGyX60N_V?`kFS{%M z|D`+{|0l(qPWitI)6U1n{}o+Xss0vK{VDpir>Fd@@7zkYvr_H+08h*FU$_=@dH(P1 z4GygHe}5JKb19E@{)^G=_WZAKM|o`Lf602tWh;z+8qQV1kj8x@1nYQ4#_lO#D0;Z?Iw3Lqu^}=png`%fwpRny{V&!c`roDWqnC;x(hSgRm}@ zP(#~5b$L;Bm@ov^rX_wsJI8o0+D(zvE-aL2<{Z}NiNdCd4pmuYcE^er(}*&0EEt*E zvt|r>^A);c&{qul(|ua<|H-iX_@CPc`-f)ymxJ9^{=cO>8vpkqWFM3PE~9%_OMOr3RayB^=`c!0C$S$H7DNKY8jGLCyP^yqk+Vrg zn`HZBKz_cJFht8MHvOTWmis>odeg1{&;HKAwyFQ$UD@T z(UFH21Ue4;zz|=>e3&EV10!8|4287-X8CyyjKGiK3C!|n7zKU~=L#QDw9|D!3Est3 zG>KI-iB&X-RWylZN0VUN&kTJnmQ-U$ri_p6C-)qo38-aNEmq$wXA3!`wG}*`@9RX>x?3iZwRpGuyM(UUa8bxK%#~G4!cj8#E@TNIOQU4#Pe;X7nc|r#MPR;Jsu0 ztP`;t`blrYn(Nf?tM{QocgD9*vm%v($T~OzdUMZ|xOrSuNkl4mCYp%-_7akA!hVq{ z-ojxa?zk!cmrdh&(?8Yv{~aEf_Wy&G|KE}xjsLqOgWMg%N9W9n&ok-q@D~WQp$40% zBJvjqzNp{lDw`5I2tSQpWoVk3cF`?RDPX*CCp|UW%pgY7%nt3;rcDW>VVg6U-7L}` ztzXg>C;QgVpr9t5Y@5Z4Bf~yjAv}e+DRnQ!eESMMO;KJEL}2S@P|%VyCGv&UVj0;5 zi7dXMjy^ESvwM0CQ8O@xN~%F$OM1&jk@uATVfE5A(B1aXoC@uGSHW?)*@UL&Kc3Px zKNky7XaBW#XrBMuyF07=k4t%U{SP1H4s|{p;))A!kfdWqz&@NsQ>q}sw~+M=ews!Z z4C{|6x%3Hu7apMh_e!=PDb~!}2mwGEVQLh2BjSWxs38G_G$wwRHTZNdBbx62G|@QC zIo-Ye@8OPV|FwOvv$xv+m+`RupRAb+t}OaPj`YI2Ki5AM5XrVr)(r*RV6SulkQ?6C z&)_VH^8d%)-*-1|BZ`KgQYE`C0P2J=b@7?seSmjAy&uKDLu=HajN+k&uKm zMKAzlw)n?EP~4NuGl@5&%Jplx1~yBA%SIMFNFF0jMezstQ;J1DfDlt-wj9 zDdQDXp8`H0;`4|MLHQOlV9e8g5<3Z|?v`E)pPKt> z&$6UwqUNGd<3eQITV(M_7ml{T=7vqz%AJ`zUxHUcam7-kQ6$a0DMc`O1h8n+w^Ww> zvq)Zd`mFi$+bn&Q7C8wlhM5r62G4nR*y;d>DAvswDb*k;L|ogV-RW&b-$#FdZNCj` z7?q<|iDf8SMw8>rZqh)Pq?yhb574HCYTxRa&;Nb@HF*{+)r+=*V4nT&__%Wa+ri2D z{C6dfocLcO4r~uasaZaO`TJ95pl3|$ize;OKz~WQ0aLO>tA+n>eNS3z=W{gtp5;k; z`BHk3mKjTJH>70CVODS8I|SH_Iz3Wun#|)%g)nf=a6yFMTRmezug7Y#1G`Gl>Sa%) zy0jTKkb2XX>wg*Ug^!V@W3ww}4T?4)r5o6vaq<`G=vJmtz*zwQN~3cRzGTt_G1wsF zG92zxKsy$3Jjgc4)Di5 z>^sgy?j*? zTEeLt4rJ_UBMpVrkCn- zRl4YbtIxIg7eFZZa|xxRsF8Th5ip`mqgbgTsZld>M9dCMGDsh7VRBy=xn;Lk-;K>s zgr5w74Mb3KD{)z47hcJ{gMa2SSK2$I5yt!reR)pwsmZoB{9m4m?)(Uo1gm(dvvQ%e zkp*-3|H1A_MgKoKTIc^-$)owdI{5B`H;BXZ^;f_e;it(033xD7U@fQ%m;ylr?fM(m zucccFHR8QS8FLRQhQkyAibjZ{EJoXcr$OaJEx;IZTD97VntHM=%V|Itvil=S*}rXj z6`Mecl7CfZnWx5esM9PE&lo3Dpg;?5YR-X79D0su;go^yk@&_R5X!)GmU5h@dPE(2 zXZ0GZ0`tBTrBb}^cA=GLsvDvz)(max5oDK)G4BsQl(14G2 zV49MLzQVANg}n7UQRk4*^Vahng=mD|Eqgt41-9jSUedCC;#xGMSa2nL8}R-5g*`eOc7&)ce5d)8RCcyFfr0y=bd9Lo*=PeBY8htNLl=db(!_k{pq0p z<%B+q|L5VszJLC^cW|=1*8f)Vc=F)eiVjZ!GecO*0u7{7a|vTGD! zzor|YNWia42$5?l0Rwqk8Ow{`0JB2F^W2vtz7i7)arw@}T3M8@1EsAmUY(32C{&|( z@B3R_$fQv~wqNzLs;0LQ1*@^Fs!uP#rpyZ?f0WU}RZo9^cvNMaas77Q z%>?r$xaIJ@>52g8qMFM>svdTB1B$QIInudrylg#LnX!{lednm0d+METL%%mI{t9Nf z*ssYlgglALJa4S-!T(5=nX?v@QV6dvzeH!GdBx~QzQ z6Fi>C=n0rf+pKS?b$ZgUGK*j)Q$$ZWQ?+(gHh4~~w|GnLV!^-{t z2W$K9Y92@bU)BMjQlp=C0@!v70D!*z8oQ*9`@tt zk~Oi7BZslC-p6;|%}M9!jB!LSuOkq>CNTL5rZ9^UjVzfBqKo$&(F~?n(sW$>yu1$H zkmO5$?~)|{bAeWO;)SnAYPcP#XsY(8F+{gAe!wUNf$XIj3g|s9;q2a3_mIuIM|b}i z*g1xAtp;JZVh*{tM+ zs@GL39`)X$2{THRPB$w516%XV$4G}D-e-R~UKt4mDphj)p z9KKe3qA~|Vnyq6<-m2pi%ZN(UEj>eEVmS!G*hDiRUBeSSZX-D0%2-bGCM2*25xWVc z8M%iEUG@}p^QPPWVWkW%pdc>B*=n@MXJu;=d55Rv)(9*Z@$B0lpUTc8JlnhF69|C* zV5~+G3ugxLO63&wBRm1H-9njbC zgeJvqK8sk&`oE)aG{W&UNpbvGJVkJEHR1*qoS8X?PlurmP*e&tNY zHsKeoYlN!#HGcc87i`HmGnFL#gKrz3#Q$;r3QlnvVEN87hyU*%9r^y>M~D0C{2wcM zJpOM+bQvt)!1~mfsz6z&ND!6`$if*er+jo1~k>8s}OGJVU-)%#2`V#dHQSTa%5S5;LLiH-6 zvTSFMlCo+U3NHq*Bn516#R)VV=w02E6MZX5h66eMT~EvnS+Z#=)=kFC>-)n<{&O7p z^QJP>R4aj5wm40@&M^rg@)C;#h4bSWpYHLyQ5{h+=d%iRcW=!QfC!Bbm1D5iQVc^#VG z4fb{;FIoX;a9*^5eJULAkNrG}|1-oGCfV6&gfq-*w}Er`zu@-X{_kY>U>*OvlE>r! zw`xRz8Pa9&eQ%b0YV5v({&VjNy#`%&4b9s*#y(xnH}_$bap`}5MKUyR-&eF{LF>Nt z^SaYfFSlDR5DISpymr+7ujqo?PxQ0($s&u}w|OI@*kEOsBC8Ez4b*kp(WArh6p@*9 zvKr{WZ&6ILBox(&N1z(Ns{w@Er;Cp!cvt@ngud3g7gZps_}yTu_Ac6#D80eW)>VJm zGIMd163CCm)(~gKzfr}>zW`6Dig7e8>~4Y0vGw~;$A`PS)!GZrQZ=;2AbNvj=CDae z^usRbD+H=>kww2l{R&TA)wtM^oA%Z2+(kl1*6Qwea$66-Y3VQip(WP(S?05l{&$3V|s*e`2`&mVJiT2i}L zx7U_Te#NGhUje6hS{lryKC}7!&OWN$E&J^D^4c;?55TV=!&!nd4)&||{FZSXOWBTS z5|#Muf({rwZ8bct?I#_|g_~Y02cPis6!~AS(q;uRoiP*}^kC&{@_O3Z!8o$W^}Vn6EVDe^zHa(F#K{vYgC<^S%<+W&hck0<}_v~0_j z|EZJk?Gu#$ZU>fY2)4=IgK0`)$dUchgr;P_-6|F@FIk^g#(pC==$2EL43&<&tIOvY3fuRvyK z^QAV8D%1s9B#Jh@UrJ(CtKDvSqfL)O>7%{zSup9UkK$AFuNGraO)G7h_;k{+8kCOwJ0QzT>g2l`Jtc;0H+zn;hb z9Llts)_@3&zl@^fnUtPcoa$`sw;~kpKFR^As{R&*js3=E(oUgMDBA9~>U9 z{XbUnSn~f?jW3V`45T05Q+E9d+Q6SRAC)@LY;36QL07pyM|WsY3wFMgEc$W;Y%J^> z)JZ10Wc6ALm@ff{`VpXr&uGR#6m5ft363XVieSb7ML*9F<2V}w2(G`CmVPqhAQlZ+ zAa2jkUSIV8{nc#=O0*{pDu5xeCj{RQ=Iu-J1*qdK&70_?re6=w2>G0NT z0Bl~ohtoVoU___{H=6MoMO$UBz(vZCZc&ks;xW!(T9DPoTJ76q6+8kD2tbMe&H&7S zi_JEG=>vRZHe|p1{=m5q+@?z7h&%iS1TKhEy{X?Szg^;kb!RR!X*3|B1rS4qiZU7D z6P%5EKrQ}aju!Zzz5tQE1hAWz&_UGEqnt0N=0g0ss_q^6Uh)nxu{VM(RnUC_qW_5g zBl51r(*zcvtO?!((&)gRZrg6o&&g!yYJQdRj}iVFj`B zHi)q^9P9nbB2NeX|C#Q8-`zhxIjY?MezL#T|5x!8`u}py`f@}WW*lW7@c#GwKJIe& zdmYM4PV=_Gy=$2B`#1uT6b&yijX;!*SOlU8Vf-5MNdzMN{#%mHfhm&%o>-=5zsX${`T{DZB%`~1pfhI){J)F* zmjsagFS_4K6PP3ak9I5a|M1{sZ!P~<@o0wwWqPTZ;!CgshUQMd64=0{mSh1`OLE3g zBL1W(OOUb=U6W+c!6+E+(2{iq*U9KU=4$ICPY1o-R0yAn<)j2r=R73%w@^`p{_ql^ z{G8;ER<+7q<{L~hE8j`VD)6KD!Vp)mBQ_zFD=Vt(mk;o1V(mWWl{+SC0jk*|kYFLe znL<)DTOi#Y_!My{CR`hoL8SKkQJs*9wkkecmm}awI?M!_w?RBX@jEfvIZ4z@JwjE# zF4;K`jBlyJqp&tv&;)G0Lys&3tCGysoiUcLRD+L|>1{^B9R`FtAI{RWN`o5LHqRy% zv}fkE-es+OGPiF6%cfx}zWFT(qTk|wq7X-@*jG$hABYMyl=IyG?6p#R1`hmVWHbHM zVMJz8q#6rZ-n{mI9JE%~O`JHI(O zD+j^;0AP7woVH^6i+VnF>Pu)KC}J|~x4=`M?iIg_o)^ndF6i0=fqEy^wVCyI^~~S@ z%{WeXeuOhlazv*cT|ed1y#L$VJKXp0f80AdTE~B`>%&jxB4J1d6J!uq+T`Hs?+9?4AX^TftTZbWm) zC)@I^bU@diFb6ZawbNFMH)NJ^Id=gkr0C7Y5HchXkf+)^Q&}pqta6tb<^X0uo#07s z&Iy>1G*R2h5|XMb;1qIPf%uvLa*rsm?99?=HHPx=Jwqr#J~VgZH}!)`Y*77*yZ_XQ z4$(iw$Xr{4S~7Y?R{wh$hcXxp{74i+YrqcT33O_`uh9=_Hdv8d2>`+r4++i?t~gNV5*D-t3Tv3{f`0x$Ni^ax7Gy zN7EgpG8T>N*%!6!z|NQ8EJ*+(Q>4}sMPo=4oQ=W51abglrEV(e8n?D}K!K zF@*{8i}oK79#4353ZjFk@-aav;;64K!j4XXe92~UEV6rT3rFvHsY26PcE+wqc0&k1Rn{)|+cyl+Q?OgS zjA0IkIF;8Iom!jf1T%r_?eRIxnS-3{Uy|5`0qBGCzrOwM%6s?n?EJ^K-(K9@T)w>U zKD~PT-POfSu@&(41^}dZin)VPoX<|d{_gJX)OtBZQzD4B|1~b?Nro<DPtMn^|+bNY`(S5?vmG|E-tjPZN_6JgPbIT5&K$}YeI4yEa5csqN!vvo^8lP1?CLj`xZe9$O{nl zH^NYA+TQunQ5l?&ULOIaE>_x}GfnLkAe1T<&|)UnZ@+m^z1Y}f9CFZ)LG(F{ zDiyc9S_(Z;ih|#MQ)U$l>q>p_>#rL3S5k%wRilFOjEOfAMgUP&-6kL$aUpVk*ie1= zdxsixdRqf3>M+u83yv{ooW-7@>o}L}Xz@{=oqj%^KhPz%W>I@?rN8|qyL*`M0FSZ@-;ZI?`%w_{hmN>T%Qg zt3wm1oQ!HB%w05Ph0v0znL3?UO|S!g^;bBG2ab1LZ!z+q9X*`9SEql)wZ;-bNv^aafzQ)zjAg zD@$m1i>@Z%IriV({UbmB-~RsLI{t4ZkK_L%W8?IB_jhI)Y44eq7GQgxl+0x3OK?sR zp)xg#4xkhY3C_k8F~!u>hDl&) zcUn0uTMqTJg(krI}9=hiN+WGS;AjfZO(9@N0SLm_56* zoK!CWC$}t?a4LVwY4HZ50Y zku#D|&IU!M9zBTcKGvRDJ}FC=4N=I9yQ)Xct#1L! z1Z#$8k!ZNu@sNL~Ug(v=19_5WVH9-e)J%9$D9uZt`n$r@OB4!WzEQ}4f{VfobIedc z+mK~#<|3DH#5C~WE11%KZYAkQ>S0v@)uVn# zXXxte7RbnW>7R&4I0i9E{Ao~U+4H4mxY*#`Y=~%vIATAl_&lFim`%rv_8?5A=pSR8 zP#>Pzo^*kybw3wgU}?GIP}ntJ;Vc0%xdkTxPxBN_QO1EpBS9R+W!PHX#4d1++tAo9 zG&sAy{^sVjPX;wZTGa?B^$pFL@tQx3jn%p}Y6f-wST|Oi&n>GqGiN{|MY>4Q*V1L@ z)zjUNNua@u+Y}G-clC$zgVt#yN5{OH-3Ps9ivosG%aTq<4P5-|xX3e~T!? zBs&E|$m7Y*{a)`K&JyJ}Wrv)U0VhSvzx~!XSTbEg>i8-G;0C1#GBmgcY-;sAHbG(q;G~QQpi7B2WV`>jo zx~q`f2_pg0gGCKZmXM;RdZZ!d6hwPb;V9!eklEGeAp?w`ml|C?ONCAp^HlnJ4JgV9 z!<^7ZeL5K|#o^dJkgIhL1FjR;(ea(^NiDH?xf6DbjAbPLVpl zH=w=Szz=`--X@gfen~OhXRlxPY(iCB*+4MZMWd0=PQjkz(grNIwxiuQ*!fg-iz}cU zdaiLcoIibSgE1~~*OUxB%Axn=S}dT4T**StWVKFf;=$^sgO@0UkGCi$S;9omoic(= z%qY5>P{bxAO-{kFTR`#}#;gK+&UZ1|WX22lNA83|6q6*}c;UbIdmzgGl8B<64Sx?L zX`UzhO(e1DRpV9}Y5&N`f8US&SHF6s&^5uI|NOd}N_*d=EU_FAK=x*2KN3}Bw8kD%WdiVC8Ah7$z( z{Sl!t>c=D-r8wpc^!sB9W7Jnu4jk-)e*gZ(A?UvY(wKI-vopqgG8+mdbVrC&y$>pe zZbv8@npDb5=|7f@(W1DBU**8mc|Ga53r5<5sAk?SG)gMSzQ%8_a7%uGm@|1YD$9pf zj-jE_fMqm%zdyn#P5Mmx>Azqc@);ZC6Ufku7q@14fPMzzEFbF=pwf@*rGiC9;G9fz z@pl5QNy5r0`*bX{uiAVRbisD*3xa`uzdVGnfy*iNLhw#3G`kn-&K!knfhEjy%lV(C>>1 zFZQh2s*22kql%tOPW&uFL62)y8L$Rxo+jnZk!8qn4eDS1#RtAT*bT}-(U#N)o~8w8 zSQYVKPi>O59BKE%#oJfb8#@xuSJ3C!WcnOUbARt_oTg8u{@oGagiKKbK=FA8<~iHZ zg=#_+%YJn+G5Oswf$OK>m)|--@%rFE@vWV72;%{q@d=^$pDF|IyFW>WQ&>RH)oI}k zNl`~j=rh?kPoBfZNoT1VtG?iZ(wxRl0r(;MGEx?$(n4gvy+?FdzIhsTzrtC9v+?hl z$RtHKXe977L~bBb4}j_noKF%qlWxU&Fck#XEG>K1#@yS+l<$vuF|uBppU@$~vy6T7 z5rHxkTM}b^Jo~9XZO?zTck7R0GrHXPkKMh!<7)iJ!8-r@N**izL%QEeKX!9Xk`5#g zW8O6kL`;*wO|To{1G974NZ_`2iat9Q?~$8N2LwXPW%bh+2C(l;B=M-pby|9)xJ|0G zAK`d_utN<+Y?ks$3`Y&7ZfhRK&Q;5@igm&AhD}z#I~s`>R$kRs*cTU}sQQizUIA03 z_;fM<6^t+qI^emr*M2-7@za(6n`nnFB48f>-#_&8zwMtKt@D4cB|47h*KOdm;WE{9C`Z`wAw00Ur`!2NB^y@tIG6nx)QvG{&9{L34IV1S^<&C8E6-DC8I zPz3k{X7bV}(<-FudRAEE)*pbo36^<7g^XacJSUW+WDw1b-D{Fb3j~8TNGTPiwV9&K zC-WBAtCf_h5zrL9Ig5PDjtHYMRI~X#tlRml;C|c$gq{qc9lFG8O%W8IW1*6YI(#OSTv;RK$BjFvj;N zGe&rGb68smQHrY%40L+i;yxxdSO^h$$3H0A6PERF=#Cn)ri%~#Ok$B zViba-9Uh4@4pIaeF9t%T2pfjRLJvXBB<)7Jk5_Il>**^0DVcG!-1~p`_N)89!-KW_ zU&+&E|0l=1JE zvh=A+ww=!*@`tnX8RXYCzEAJz%Kwdmvqbyf{@zj5{&%>(|7RsnZT?5*?8!QB$wHek z^-XWK%#Q%mzqJZBa(z~2Gu&_h0w?#9La8n5FIw08Ez`)7MSzXF-*Vm7$JA-u{dhz0 zbems6+24)P&k(xx{-zk2#kM$=fpy94>~4%LB)q}#lZ$mFl1m_8C|CMY;&@f&6%|T} zSxja|j>s%aLTRMda{l9fy2^i(U3+=?Uv~F*_mBPjFMIoI`M;89+4-M~`4Q3p3{0g0 z6p7jcDu7e6Q3ojS6oRy@=4%1wOKUZt1f}(W?`(9Js0cV6s5D-u3KX>(b%F1^(RjKt zP-6DG(FTexwN?j8A}pp4REM`gAt*-r88m|Rj{J}Qw3Yu9jj>EeStd4atpLoE{|6QS z|AT|wwg3N0p7|2J7;rNMY*A)K0$0izMgxjVW-%AS0cOA?_%L;JWV6seidP9iN|2!U zm^mr+cfJJQA&?OH^#Nw`)&t2oNd|Q66x$X&(gFB@(-go|<}e)!MF%mIdAa&!a!wP+ zb;(Tn3{NVM{6gTwn$y|2)VoI%j~+u8CPXCHY4-;*h3lYtUZu$A^hQ#JZL5BBA`kCz zHbefkraCimfpWy@3{@qvd*1fev?4EN6=RmF2zWhkC>elrsS%`)f|kW=K(e^8C-nlV z99(r($j&!;0y&bsF0ylb`TxsX^yNiGlC&Tyu8yr_NUJ_kBCp^#!@}dfp>SWN9|XYZ z%^YwZa2wpciajieqk|Ehq|7^C%G+xPJ{}5QAKaNE8fPxJYoh`{w_E@)zx6SXHFyp{ ze?R~PDwXgQ=IVw3d0qIB+#~Dy>Y|c7<(6x1hyZ$@!z@9Gn5hv}>q~a5FGY{~lgE8E z8txzmGRGEZL`5BYF09QEt)I5?U$L)6r2qW;|M!oND)#^5gSGr$#nVClt0{1nrt=g4 zRj{(tc5cJBrN5BVkjtC!1%DVy4uwb9_>oz1S58+7_6;Et=@tIk<~p zJQ>mKh$Fo@S28&msOZSnfIY!$LI|POd$dvu2{h;S|ApKTp5?iy?S6{fR8LWpyzM)& zCmra4y&Gm)ki=?eL8^osZBH0|ImJARSpL`@DB?SZx1fmC(1H{RH`<;eIVDrXCuqhB zg<%eLD*bmMdWeh=k0&U3n;R`{nF_P|!?_PSs4PD~wUv;^6g3*Mi)bXr-PemfsFAb3g9*GxnpKwCn{>YL zh++c_+`x1>^82lgce3}}-~j94s_*uN8Gk=-(L0s%QrE zyTER7{=j^M9Hv42?6#yij{Yco_fxH!t59{3O@b~ z+ZUm)_ALyuS_OH-WIr!;_zg4Xt9Uo*$Hn|90Ld#<%oOqayof3Bmu}b1R@S$D6sgv@ z$Ami^`EvW)83TZOxv4^-eE#P>Nz*vhI7*!jBOWaMNpQNh#&c=El}yBto5IYa44T{@Q-*Ji!RvbKM& zUUrY+`TS0o_*j>r+5Ii|a;C50KH9vsXu2YFp#2D_&YNx))-;$UU<&EGvPsCoYDCF^0=isCGF9tK9#x1P&0?};KHm~nr&93qu|!A$&!AR5vpId zujCp?Wp9v@_3K3KC7i~ha|t~#f4a~Iwd*H&eH#nWypt7&yL>gEf0cG+WB z%ot|}Bnh}}W;o_d@gc~RV(;5pw5HC9(9`XBmQf7 zf#ceOyP{{l{nxnZ?EDy0lKn)6w>gTJ>HmGOce3Z(e~*vW@jokh^p2Hee-{<3CDz<^`6c2Rj`wHJvZl8YD?BD z>z(!hU_wC7QlzSxUt%L8Iw?fc6!LAr5Gpb*qipbi-{Bl37!C*>?}%SJqWGXEuc3-( zl%gztH2H(i(v&=GgI9zOak32v1ve;9VT=Yq--aYF$&|$e2$fs&Z)C{+ip9q2@im@e zt}xWMc$1MXRitVLKarsXLy=H>UC?_1tiFe3G)w1!E=#rpe;~o@8ysFDn4~yE#g#2@ zb7flxiTHq$ zE;qZr1w)0fDXW2dqc`IuKeK!koOT?I=$A5at03aPOOpQb3)tj&3N~$g3L2LP`K{mm z`<7+?_!ay-BU~oDEmxoc?ex^F$Y9;TV*BM6r+%e`g<_;uWF#QftvL@|xR?cVPj;zc zrFj7Bi&{VrB+$C`R{YCbc63M2m& zh>cyw!Qnbx@JIP{(f<;NrX*vCchmsq`v2{n`2K(UyX*X4D|w`%_fih*E#k}50G+wA zVjYm8do1?ZO)3#d6REY~7~UdoX+q*Jd66cdBu$4fey5Zn3OO1-DlkRoiua<{j3EU^ z>VnFqB($KMBux2BW#|Er46#8Mb;P6OvK1230be6A?=A6qL*y-Z>R?Ms*)XL&0TwFc z3&WX&d26WLGnb4?QD#uFl_41!FC7~LID43Gx#-y6EUig~R}fl;Sk%^urttkY8N7!$ zg~L?9Z&&AbM#m`H+EN{HzMr~=%+4s7>s#E{)uFI~4BWz?*8J2BE!9g4A^BoHDzaET z673EkKQuf2{g8@{|MVw;9fV%xmy7Q>h3C!g2guX7-IZ8NIXFu{%TX}Pv7U>LA zlmw4f(#P^}Mapt>`k_5&hX~MFCMA5}Feir;rYTA>o2sU!@I9W+rhz6yzy)N;JQ#17Xw>)f73u{6iz%@y1o+49da0=shk|Z3&Fcbaz#}&ygvjn|I z$v?oR)(f}9Wcr7B-Dzv^T!)z!&uXdFTQxkz-iGDs_V$-0srPPU0S(`kCZ4`#f3)=W zBXxl3PKV0rr87IMJySX4kqf7KAZX8^5<-SkQPGhjqN3f`-+t@WGDEMCI=*C`jPCE2 z`w+Qrwd)53jVNCufqwY~48Yp7xALcp{-2XhX}^kRj{bjqyzkrp_V!NJ@xLp1lxsRk zmZ$&cBnb!Y)hYdp>HM;&&P}FbS)^_-V=9JETydv}sFJHAH%e7V#90 z(e*49GLRy^pz8~#cq$wAz_HT(1`NQjAk#iF`@q*jCWP@T#KqKXK_{#9q9hU^t}kD< zZ0!2-<)RI-38d(n60v!{a;{OIvo=EY7DYno_rclbC@-tODuj$Ymr!w@|B4sXo@Wf?F?B9BdU z04t(QyE^M%ZJcoh+C`1q96n^|DICVZyUC~$=myR(KXSXr`C$P)Mi58lXNzH zI#<+S%#5r|F{*W|L$Rm6S+MrQUQEhylPSg=lOr{9r^KJ$NPJ0|L>JNPW*p4oXgAt zP(m$qz-LhS{F8T4**k96)m6Qqf0uo5K@`maimagoDlLjPbuh7Q&@~?q}?B(+`;` zYvpSDa|PI6^r0Zh`X2BK{c*)3P`3TMP>zJA8mu1wgw z4Mkn{66i^pS?XfA`S0{~RCfuk-(`EU?Y;x}0LR z#5Qm`3TnI20+)^wx}8;HLwx!s_i0?MVABd_Nl|fA67C(&l1m1nsm}f@K5Z>RFsETd zH7HZ#Vv<4nSRtEe`t2ytXakkj68jJHEGqwtXww!7z3de=l1B z2+Wh;y9N;K@<*!zl)>81t^$;^Y^?*d(*eR1TPp$UXIamJ^1rq1|9`ZQ|N95Kp8P*L z*xy~t|5ZFi{P&Ut|Jv@~A}VvKHh-tfp26SwR*Io7AjAu1|b{?Kqjiur_PcK_*9IJm8l>ge*tla^?-2MNNfB*aO$>Cc5ujHxt ze=b=MuzV8#FcyHCK7X_(fYqG>*b{AS188Lfs3Y0h2(W&Z@GL0*&C6CsfO+!&aR1Pk z{|6`Q^Z%7RQoMhsM-zMn8IG5&0^}4=A$_z(;f7==U2-y1Vb~5(ml@_*W~(xuO_o>F z#sso!RX=z)>;$q4eLuJJ*}ve>AY;SUw-;t`inhT)@dYzrE(mvS zMibJhpn!daxP5CRf6N_WUfPT!M|ecmk#Z#Wd{NMe(^IZ~c^QeHRa;?U+sRcm0advNSKInT1h83sMg0+*U@_*2pAytx@1ORbS2m2!+C zm^=bl!1bq)+k`bwZQ%A+-J0?phkGfc&;c2=41^E}|0CU#=;r`)~zy1&R*6V*Ik6iz+2~3#0 zz?-Q&46NmnSF6(1#AQadc*Z!H0-mQ}gj2+}0c09f0&u3a^uZ&XrtO?2 zr;(FQVb^K@B4aaZrJV&iqEpP6Jf^WSa6qA=NnAY@q;@|u<2aQW(F8;`_(>?x8&2DA z;5!6l^GXF2Z3y*6XglAZy?G4~rG&Ei&1veGh>gf>COkb$X1FUZN8e;y?MYeO*4;!) z(*mL#kK`@io!VeAOp#T&MN=w2TDMkohPJt|FQ;&f!1XLmbu+9}JC&4hEjlAZw}H-@ z*R44>2VjfVZoWD@@6-Yv!ng(8i}xJS45r{RHqtCCu{wG6^~;+ho$}8K4NdT8Bkk#M;}IXY(QwRf=O`Ya5p8H z{+5_qO4=&M73;yym*5&whCqrLSFONY-ha(W;6$L&)F46l(DkBKn!njZ{eojFS8G9f!Ve;qzp`^{Os*p!nK8{ot%3wQ^M=jPw zg2XI9S&R`INH_zv>m#(O#VMp1Cc`DPsUfv%m1JYGoK_X2R;|VU18AJWE?Mcz64(z9WaAa zl*ncofGj9|T`wz9)b_BFzdc7~S;+C3vOHeIH+`UT`a;7C6uE*^87x&VS(O92K#L7V zvouxr6l_%7j2NnJay>s`<>yjjCZWE)N0j0OZGp{9_rEE7x!OjGju)OT8(UQ`t&JZ= zuLMpuB_g}QNH^9d-lz`gYP$tdUjXAH_W6DP^ZUs9)B;)^DnYu$DP+u@gjODEc`=n9 zwE~66Dt*b=OsKeO0LDN$zdltyfM`Obd{p1%4-j^&{z(0*+w%V`A3u}+x3_zA;Pe08 z!?pj!>lWZp>4zw4Z2gIrYi-*laEinDQ4cFmKJWsiBDmOrb)?@ZlfoTmWu;znNx6#Q-F zAOVJiq`qV{A-V>1#OVxGy;^NdjQ6TXavzYKAdQgRDKv+Aj^dEzV_Ub-^VBP`xN70T zvLt!gZp0>p>T3fxOpf@r>PQVpS2@@O_H<{(WSCQQ zkI77aObK~6%RzL%7lFvQ`D_esP>LW!gW|eDYyN-E`ZJ~!M0XB@E#S%@LM}bila`X;4DG!?ZSgZ-^Z;??-AGnzk=cMVS?hON#R3w zhF8O~Zm`%CVmvuZ^9j6~O~LU#*s32o4V!T(!#6D=m*-5UJ3F7>pMHM-e?GtO(}&Ze z!-M^uf|qDK#CQ}aR))oXQJ7a{?|+^Vj(h|+GQwEe6`}vlSUM#MdZEqP&xv48C>Q$< zAIHy`K`1ym>%i55>ICJdWElHU#Jf|Eak{fIs%N1@-Rgnj~-3J5Y(1 z+fcfK_N)_l&YSzXXrW~2>92n3i)QC>#H|W%@X@MHXMQcbLC@Q{(Eb1>{ z8!Q$_I|HF#yt|dK2>R(@DlA%Eg1vBUFnp515Y(8bY$}|~tjqv{nB+zJs&bb4W;-{d zluX?45~2KDR4!-SRwYM*s%K1eo0iP}TrbFQPG z4}FR_6dUdiz(EwlRO*5ybBeYqQ@y*EK#8c5l)3^|!`p`_sqxYtLH@YqddRl}22(a6_Vibl4AC|9%<{Jt*~mV5uSMiXqy z?N_5ne-44(YZQN4x^M#gtG(M$Ff0sv-G$mbk)~r}&p3ziWQsEWQY>5S^uLRcdq$bI ze%e3n<-bh5v5*hgJpccr6W{-T?_hVG|9K@(8v(47uJnE9EX>i=7C@$`ck(UwZ?deb zr>o>`7ow8f?T0VGH9-FY1c<1zq5kc+UccXOG)Ty{ou;J)LcZQ`LLF_`6>kVpX;anu z6>#!BoTgh1^&70i9}$;px&9|b;)ZLIlxZ8%StrBB!_ju0FxYA{(1s_$a`PgR;5>qidN>h$d^i9iPvJD`STszFS+Pxxuc|Gn&2-PFK& z_Mel(6OaGzADyiE|4JU^bXZA^Chb2x`|1)z)qh6L3%~z7Wnc?zg1~&y;b%Hf-N(W^P~@q#5<-nshK#4hlGyY|EaIsm zLxSFe>SPnMqi8S?RA2Syd17pT1wnU8nXYVwL;sslE#m*nLVgke;5nA*aV#qod9vk5 z7Ou|Ylnh}y!0%Ex&{6pO?MXFvhiq*o8kQ%FG07OGGx0v4M}Zb6!*f+9oJ7Ft zQU%-R+2QCR+^XO?f1lGl$DX>^nGfAhlfK}FXMRIZ^y;#fS$Gm&Q|%~6Ox-8Mj=ZWClLwNPIhw?LJgICZT#ZgLB?*t7wfQ?+Rm1Qyr` zHP6r`Y=*#G&(820n>!b3W1))%4lN6oWt8PU__L|^IkWG?9wP9Af%JFDjANK-&+9VR zq31HYN^^S4{htZ=d5-oa#q+HDzap`H{r*oEX}kZk0{Z-rFn|AN zrfkjrPk*-de>R|n_G=Evh4*VkY+cL!n%j}*IxH-P(rqu`=Z}8&DIsNMl#@h60E37XDJFG?uVhQk8c0CPfPi)y+5zzjVN8UfO-Bu2m8MK-#<7!Ud#VgJQe>R zXQY?o1LR$&Q?Cp-1=}eEF1nUl;C}Fx19v{xs0dCWOHrtT?&>b&cC^WHD1bw27orgU z&!rzYZAHPhyBI>fDYJGpdakD>|5q0^Etmncng8z{?(bLfzn`3}_kSySl;uuc@3pL$ zFLSF`Ctn{^$zJF#tJjy1Sv+39scb=X(U3P!lRu9JSGk+L*_}t#3T)AcVbMZnSg}2% zmUVMT$B5seR9B`_Jn6lO7^ z;PRTuJG`fe!!#XMNu#&SUYGQy`89#bR~l3lFc&{yKB?ACty-7YUNw7ay#Sot%Fqmb zUxQo7(>`pa3Qcn&?;~fNP&h`ik8&zXEk*_;63PQJL5=aXnYDqbXS(B+aj|%Xcsx;U zxR;8#+{c?yvV6^2m(9IsS0$Ji#Dz1*w4^7J1aBFbOs2Q{SX=x3u`P2ci9%-DR#rsd z%+pJe8zS}#Fcx~H-=@UT>0V$~a6*xu0ki4QNUkcYdf~QNL*D?hjZ@D!jI^75m!<1U z(*&#*3(Y~(bcbnJb#DoxSDlP?6`ST`39X4W*7&D1O{7Me>8a#<26;Hu%_GU31WPXm zwq{ZZ>iTVmoE*F|fqkaMQ8#sxR=<++C)nNcGNjoIRh9|TtkTu5_3l(oRWXTGP`By> z$~b+@2{!kXdF194q7i;q=D`(nl*fJc$ehqTn*?SoirdUIkkH9>LveNbp2OHbzidFQ zJFx0eVg0+%_-Z*~rb8mJzxTOR{d3|9>= zV9nSoqzcWmBI|RdxJv$PqvbOfM|3^`&@YXt6+`br#exETvs5G1tBNClx<@a41ZKlk zBPY%0K{56L7YS=#%&Aa2#htb)9NXpS4F%i5uV^@)I#gece*+`@9x*VSjTwk3WD_yVzW(MCkWA&v3u<~h zU;1bh3O2RBpX`A_(sX|dm@g&awxkzeU8PDLL60pEbac`~9Z)uXu52fkcPo2qEMRje zJPNRX<^>~v@6b9VYUlcKEXvsw-cgt98MQ$mB#!=QsegL6eYHysqYX1+ElPi><-5S%Rvh z2W?Vc@xNV%mc4vu`%p#&{K#%=nG7O`mozBoJMqhTP<(XpZ#YvNm~+IUZe%y&og3C= zKn3fQyN~2)d;WJHFMR#q{P_P}-~U6rTc7`};!*PU+w9`!W62$8Hh*Hq=fr{Z_?lM1NB(z@~G;_n0H=jI7|(BbcT`7{7a|PxkEI-#z9H zvHfG|V3RHu<8PBOppUe6&R?qH6AVtdE-?)x9e$gok3h~gIn(h7VEzRIW@d=JmZUrx zfk;lq8Yf@$v;OXn*_L(yc9K+M#&I@2Pa&QL)Uj10-u{r zHixk+U*DB8WZ?`BjalP=S$@vUmhztt;o=IwJo$fo=*R!>9`3IFKUeao_>Zs7&X<+( zN6eIt3V^E8xAG-lYoCsi-^jBn!?8sLHn5#S>)Dr_x%zDJTZ?^d)T|$o0x8{FU-+ymcfakKIho>{uX<+H ztn${@Z2mpZCTV@!OP+OmOSs|LqQm-v=ha>CT$9|qQK@7f;vxZOrL3=ZUZx)Wv0i)N z+;uQdgIj0m|L9Ep!KbzUrz6ClA^+pyUgiGhy}g6={XZ*t^a54^+)Hu+(37RJ0;p?s za0D>ZvYjhH5&quE8-SJh9!kZt%n{+pdeg!x+yZo4Rd#%tVQx5FD7BQQ7=&4;b~OY_ zBFnOzD0RvQXB9aOYFu~}KJl%n2*FhGHEMW+))0(_vaoy+s2%hu3xvmpbaXu#nv`@8 z!v(bU)|!phI_r8RuY1p>&tpYotBwfWxU5YPBk4V2q2Ui{WKZ=(3HL|fYxk+*Z>iUG z!2R*k>z#5|Fy1XXBm#4t#(@)HaGTfDwd>2%HA=i-DdJ21Ue4$-}pmK z5c)19Fj>d|IM4ofaB|?={|@#K*YbZAk6dEk>Cs)5;5W0SqsT9-brAN&%xov*i{jnH zyQyXi_TpVdq!*2J66OWGPO{w8s@E5ix4!HlU_Os5>JjKQM1!)=l6GP%uB3>X2J%ZR1y3$E7{pm#2H@H`Ljj*-|m60|L^V} zt?&O>$s=XU8$`z@wohjiHwT1jO6YHHNSsQbIYA)O>p3#w-qtQsJfy|-4BfXB_a>D$ zmIlQ6n+c~vzuXaw3cX!-$#&e^Q18mPKu5=JtSAUmQ*V<@F$YD)G)*M;p4W}3pnc*( zkmK?89?=JiIr6Y`nsh)FO40yCMMR&wTd-T(vdFVe#r6k%+VOwA4S62_uf3zA!;1gc z-rk!3ui}v$SsOtl+c$Uqsr{PXEy+z#Ofn8}1|}$-0z_%CPt$?`GcaQ_n5K^)h8dVh z*9riov$xF;hJPgF@QO6E6h$KbD?|VeKpw;(h zZ(fUz{q6ScRb;~}nZ7cQWrft{1h5HtFhAwJ5<&qg8J zG2&zN9!w#RCrG}PljZ@^gju<%tFBivi!JB_O&2pkVWzQ_(`pJI#YBOCA~s98&`b1e z9C#H4(TlF0g8#_=BLkn`tAB5iApsncd!#8mu*W4NPd|Er+KT_Dm~poAV}kB+j9z2b zaW62B{~zr8@n8E#hwJ#Sl|1uUTRG+qbJKftX$}uq&2jR68*He$PO=SI%jnZ3Y(Gc~ z{p{A(<^}c2x0Wf>pB>_&$|>V@3$&v-Rd$kr>$T}iE8A9b7fh*yP{(=bbAe= zyppWaX~<6XQD0Fp(Yd(PLUR(Rs?NFN<-|2rL!Vqm{8H8gYA98{%^wuBzpLnBp%4s9 zr&yeUa`2Tr850hE_?-Pc3XJ?#Fv@DZb6LXEh5uVqrjrnu&;L(6{(o?Mus;7?$up1t zdt=^R2v`8>C4tw9FAg#kfYVVX==yyzmpe#?YO{Y>@lYMfHZsD_&1?jO9JxY3u!-Ds z)QJbV=cuNGT1$YXJe~MIp}f2HKcD{}A5`@J{gZY6r-Vz_VKHJwfe_O(%0IV;G^`wPWye9L4SE$x2#ltn6PN3BlC)KW9 zD(TqRvx+P%h~kPiLc?-Rx3jfXaZxfCh+QV{E4lfM-;US&21#V~A}aD2cA!9TNT%&=v>#N4MJ(1xnq5fU`MaV?4xa#@4wE*X{_eR#P z{jVk{ekUMDMHt-#G5|rL6}595tjN`h*NY*od)K=8yNxZRLTn{$+R(Zxa`ad^5{KQ# zL4l*1s*yM9V+(Q9Bx-E7{B%iEPLhzIF+J}rXZ)QRtBG@M*vu7^Y`)Za&UqFRZ8eLu zAlF7v@mufGKFTK~{|6J4PVqP+6fLEVIr4w^$lw3%9qpg2{l8Z7dwQPdY6pT|cREM`ReH%q75lxrc`+I9i2s?N>^|Em0S#gNZkB@)P7&*UIbaWY@5{ju zzUzHC;8XE8p?KW;^8e|52EK(9lNke-FE3bckW=y#ig|B<69jiuaY}yb4enV?614Lv z@VC(Ve|>p=admsKv^JX8|K8q_pZ{s^aPM$!|6j@T)r{c`F$QkQj7ke_j53D6-e9lS zyM`1_5l58udg=qAr@(&hCJ5Zo8IqnD3|y-fv8^uHBQlmuIeL7dyeudl&N!h=gF}go zJv*%d7oBUr(!Zi~3gpY)S(0GEKwt{KVF-LpVa89v_hcp=J!TAPuTu^FfzWpVXCS8} znZ=^wHh>JIBpdfY@PQ0q4lonU1;spl1Wb}9(Oye7f;lDkI6+AbC^8!17{e4$loN(I zp^w`jh8(733<%YL2L<*pWduy&I|Ooy?;%GuaHk|u*^vb!h`4p*XzBKPG%!Qr>Z?TBr^_RDulVx2~<(pYbv*=QP%!>IbNYNOk|3~cfl&l&MI_~wZ2*)w%^~AKS<7At%%L$2RqOEP9oBHqn z{4ZVNzyI_9Zke=DFavLMl=UdNq;2ckcweffU1+Ux9N% zb3zr-&xYIJEKR|UD9XSM5*sv>40`|lpZ`@uqyPTT|0@Up0jDrQQ%K*5sS*Z0==J)` ze0se`5p;*>l&JwW5(rEXMZ-rh7ObCvM>12Fqe;?mBI&fPc%)#rDpD>%lB42#)DsJu z2|YEzObH|;wNu4;Gm`barKTepoM9gbR#*r{$-QNDn1PUl+E#9Z+d`$CVlEeSil>69 z_1xA5z23!Wgkrf|beN>IN{jhBA~VV-0A?A!N0dQY#1W4$WgO(QVT$AQu~*DPQ1n;x z0ti@+Vj)R@08wxVe}=31E2d_zn6(cR98biO04ja6Y}8&J!EvH$PD+41d9{ETUel_} zYPO3Q6kSWgG0Q}35-1!~m`{4jBU6CF8RUY3mm|>}tsOnvsd<{Gk0rC#*HB5e)Qe|S zFz)nGw29=XNdHyDVv2{=6}v4vIh{%J(|95{80-nH8d0eSXnvwJ37b~iG6NkPjc|%3 zFF+Z`g00K(hBH1P6#o+?J&G7gQ$*E=qB)926yi()o-rfv+$r1Z3BC}MT!;%z7O}U% zVyemoAoU8Axb@UPlnY2oMAi$@bz3L{fX%cAIdS=!+C7@(4f8z3i1io}Bgs+vsN(uz zJZYYeW?ERQLax7iNFRIcKu{#bi@es%48fq+``(ZufJ{m2;>5N#KvYmo} zf(sb>2^JJ2&;Y2Z2`Gw@pk);|oY^pY1xy*Iu2s-d@;|CIr`D06OiVJxeweh@jfmh9 zdY<-d+RN}`ca=ac$5u>~?6H3F;4Gk17|>E2!Wkz*2Z)74>=i3hHD@ycx2{nG^tzM% zfoTe)BG%I*%EJ6u$OsEmvA`wQkR*rMqZSgSR^E^op0&D(D;UtYWfZ?Af1S3=7wq|jdF+|;^(WHCf=RWU`03UV+^wH)b2jcU86_nBhw1x~)GIVblhlNggxDKv*D zB@aR~4}IUT<#z?ugb*9tG{Hs)2m<_4RA;t!DE3gIy^nvqz9Z zj;P`Oa&IO+6p~j(H8D9DkYk}1$pHyL3&461Q%z8?tS^W*MKEIuHq%>}vU`TnReBLa zxn&!oA~HvECQ)-t;Zz}32QP%Mfac&l0FH)Q5Vh1$U6fSF5SeiaN$96gn*;Xcs30uH z_Y`cxtrA#f!&B^*j0~4AW+W^l$pmmb&57WfnS%{QLPJ%$u-1Lm#CCK)Tj7FCKobQ+ zYWM#VWZ4{U0h}>J^=(#SE&TU?{?`@B#Mljby#sf~*^0%W*E<}5DMGJt6z=&BfWvHy49xvZOZV`Ty-5pZNCQ!~M1Y$4Z{!6y&vv)9>{@`wU#c zsStLz@dQm#uh%yTLUrQ2(;fhQlb7oh{A1(QEKRTA6#YYfcq`Tdv)}hOTmY(UAKZL( zcD?{GQO$tRfEP!}0JOrL8KKM${BONL_nOk;*%OGw?t$mxoVAS?_&T8e1J=6>1}M3J@8z9?7kGq&Di? zz0ZKzQrp|;8*5Jv-o657SKotwy}Ww4t(9|QXOQ*_K}M7an%yGD)>N2U3JY)wv+)d$ z5g3zuL}e^|xrt`ld!yVEuxh6UJ<*QbP@Xzd$Z{wy7)cN2SkIJG0CSAqbCk)Z2JimF z2AJ&J@Acl{EI9?|GsemE2C0M1muQ4Dsp$7imP8@8g%mmkaXMohQOwv3Q8sXR7$!Zj zI~t;tsdGe_=cnKcyUZ8n{ovhfh-ij5lBg))t%~A|aWQd&#Xl=@awZy+8YuUMGSU6s zU~g}*8}-CM3B1RY%yO5$s%tV2rRtfcn=gWBoG8n!qfCQ==s8Je)6A;U2R|{AT|+)O1p`%oP?|`8_}`oVN5&DpcoE$om^?;X zf7hj~!&HTv{BFG!)lT)Ll}~AIiWq}qRB7+lMv#s` zu3oXxA(HlLY!b(?{t%4_MSxIwdKy#07%+zgfaKZ$#s=U#RkkK0R+!BCiJ3~$VVW#( zR%V2oSLX)@2me!<)uoRL6R*FyJ0Dbr;>;NyMe(F`&tPJo1j{)`a+IB2Uw(UV>wWOZ zeC9605<@|3`wDEa*5sMFItSv9>iEq>)k`y_^7Vi+&x$m_{6nqK8#MX{7-5tq%us^i zDNdm@Y{Cqv#<#&l9dT>t7rn~+a^WV%c1YEbRNEasf?~az%>ZU{IKPD1JlBF|@JO)=Kj7jMA-$KKm7H*RBz;{WF+6x8rKN zXJ#|KdkvA0gfT^M2+(e2@4m}@miuJC!Z`;ZNKq2?;f^~Y{z=CoLEzxve1Dvu=_>mv zr~sR*f`%6}l)Sr3F6*mJtMm)Y%`o4<%$j^}@{ zlh_-K&bae4+>`xymO}^@d!PtyxF&YVT0{k~%!eYeviC?P5Lf}8ct3-sq?J!WAVZOA zK|w8gu8o*gwnbo(;Ei+bc+lp@pcY;OSZ?3k*r!rKVV2E@vGh8Z1B2{N*=W8bN;H<* z>Z@dNeJ$psdNgplMjUtrnRS|?DDmGDn!<`AEESJTLU-EEB?pe69D zRGF_FWuV50ZmP(TW;&QPfb=E&>t{`yLg&HG|F( zJ~D9)5}G&Tb!6Pe(Dg(Gt_<_9KEIJtiQvsqnPSFe((WAWldiBXyk@l?(C`r&Tx%6! z(2zHlgj=Do8xR5QJSszt3Ck{_w5Lt3(g}nnK(rEsx_Y4;dM-wkRLH$Dl8dd2uSeKNT4IRm`KZ$ zM7;Ga!{pM70&mTC0-~BXx;%vCcww%TVP~*tAO|X~0K^q5G|`k~%ebhz_=BejE~H3N zJ`S0xk|d<8nkDjHus6c=G<%gs`8>l50!k9KbR~_gLXyh}8k!zZh46raDt)0v^40!m zRki)z6Y^XT8T+$LEylDvgT_};uJoD<=s@iJ%zvoF*YP5gLa_B&k*SmrjE<;6V=x5D z7%|HL#{P!Fj1&1F(#7vZxrnW>#}ge!BRV9mUg?$aTq=gJwW0_EA>&@mFE3XAzFJOM zFOJx8FXm^-#Okxt+486A%E5&d?d=_iPb)JJkpNzR0p(Mvjml-j6CdqidA}tMT$4@H zsbEg9*H)^(wKT=g3zzJXO?e)pIAj$2;pXd?-&(RaQ3+2c#~+X3VyR;*s}AeZc{p0I zb_S%USP2t*46ul`&wTT{e_i{`%agBHozmq+>*Il^9k;r?@cO|SvTsY`?Eia*a+Ed&8U(0v61*sIijvu~zhtd3*GVN7~RghPb%;ff^d#(g_e=h}7is8pxb9 z-P7#O0)?!5B(5O^yHPVxOu!YPy-}(nM^Q5e3vQWW025@s(a#Q0t6kuPh5e+V44#c?8?oxH9#46IqkxCs zqIjXjDLb&gzEjFre(<+%4lHRoxV(AyJ^t};CkI~TO2wn7&(Csvm4sh33T868*FoA# zqkv+Xy#3$D77YTSf-hjRgcd@N_Y zD4mSV8%q_d^)L=iyX`=Id3E#Z{QbLE&6d!h8SSE>0Ij^CwZ>aT1BcSWTR@#GA)E4t zz*@XuNOuP1c)8Ww*|qm;Fo!ckqZmmJ04yrkD-xB>?2ICPkhw}{=zeNcSo)n{ zIxhOaC`t>`8N*~7NH2^lp00`+(zWKP7{0!PNl-=KFT8NU8)&i0|EiD%VMB;cg z7gskJ{t%QuQe*bR?d|o86H9U~u5MnOEF9x<4%ZeK5o6dE@Q}yTeX~)Mu7JE zJ9?ilu5Q*nRs+R*N>b|qYF%92^w?n#6EH1C!${4J|Dn`WN#ve!s*l*&^(AB)0pu0{ zkc&v=aia%%OE|FBCJ`J1C+x2?09Rj{D!qOk?aze4xm4HD=ADK3tC}Cct0295G4DAQ zgg2-jDbp2kxnHUxyo?+M*?IkGu}x2mZFp*|jY+EKUd{^3?m|EB3*9m3 z?ml<-`PXot8-@D)D|kN_`3|PJw=&9=R%64?>_njJJ%8QKAOs+C&|9?iS1FeT(Yst zi#=|tV=f(YSq7?vr%UfK`G=K}z{a`+J=)#8Jr)wyoe4eNxK6(mb({s%~*1{AQu-P4!kw z%@P$+=Y*%Y&sC{;i`ADWgsdi<@F^DT?)4T+g%m(4feN8wUS6$B<;ItH@hPRyw5s!U>*S)RCE*w{#k7r?Gza8Y}Rxal)4u4p;&Y$HC711iuLH+Az{0lWh`~R&2XxH%X;FpggF8 zI8iItmT6ffOrSQqIHmY@o)V1iMY`}N<#8i=l~pcg!c0|6UH^EJs7K8vz<6@(Sf~<< zl|e1cmHFLUf|+$BuOoTC5|YP|5bW;G^;g*^Ijy1u-KDIK?ow_AsbBG>Tv>E#1xT<2 z6@i4}?)yxoVJjJzTg}JO*C*e6y9G^r_uaXD zlN}yh%u_y-5ql4X4Yk7`jGAHqw;RZdJ~%3q2rVj^oJaQ}A4*}ym|(A>V_MPi(K9Em za3;&D*;dD9H@cj73!-W-^yRg$u&Ht|ocjtYsV~8fC1flgqwIaEQeg4f9W5OsRG5bp zC;I>v1DFc<3z^X`uOGhk-?Vp{vVBDwC5oE!>wgwJ7iq@b6{A!N!r0xNT~5vWeRl^AE&T1Zm_sA0I|$0cvhJ1|`*NCCLmhrSjJOs9nQD=0 zY0v)Xl-=F^@b>Kd?ZwNxJ0Cf6)Tck+{BU-1cNhHM*Dt@lyR#VO|MK$W>$|&+tVtW4 z1Z{82TL8!KT2Ozl##6u&JWIeVwS#EC<}G}36x=<0?=~o#WXdvjRC&VXrvr#wkBRXD zQtcN4op99&SIZ#vYZb0kVZ_UCwoT#v>kWH{GkgZRW-caefrl;KEcUV9f`pKyraNv@zzVC%mD_mnye#js7kk9zfDuucnI=&x_RX&)g zjnMJ^aB61Bmu2kCAXv$hF!$hCcXGAedP3?CY2_Ka^4D1b z4L$LSQQ@(BJT$Bx1pnvl4+~WX8?mLsleT!$NdlcDunbbaQb~YSBG|Tz#U$co0pl(D z5Isgx0cehZ5ExyWdg;MxjJ`Nu3{BG#rS6N2NDRQ5WR*8kn=({R{~444#xuzxo+MAA z@}TIjjRiS*pH2 z@~Op%j=L`$UB}%!?!F9Czf$i0C`MDI?l<+`JCh`~0Hcl+G#3RQ)HQu9xcbaZ0h7&A zyJ1VM9^Wvn8{oT*SmB#8SJT((X?Pje6xU_Z*&Q6uq^pN)1(BdCt7QdQt}K_pE`W67XNK6Hc zUe=MbEP=vxa0WfiVigts|JzZzkAsqW44{u={vZZLdY`Jtbb!r;Poctfi|Hmiq=SJ) z>iUwh!N5Y_klTrvbN%DZEo3q|47%p?MDaLmRJ;WB2)W8xeeN9fC-y0AbsSoI08gR; zlr&%;z79_#3oZI~$K=ImyF&yX$k=9{QBn>8G5nBwzt7-C^~zBB-d>?(Ip8l^$C!#a z*9sX2ozOF-wH#qx_Qsmr3Urn@;(1I3ztPQ2#OUs;Ayx9Xa_ikupqDOudnTeOPo+ZBOEwjsZ_c=|m~0W<&`M9aw_6~@Xf%r{s@b3e3GRIy03Bg>4Qgf@U_ zXqPN&GvfyaJd;B$C)zb{J{nfOPj@8jh3K~xwC^j4L&8UPA#{V9o1XhKa^wd;A~keF z%_ZEh1iOAC&1J`IB&Pg9ssd|~+oPTMjyL1N6m0^dpD-Z=_q_#GIxn?ZR}4xp3zv3(NEcE?|GV>q-^7#KC6H#gGSSM@EZjx}8jRvgvAwc9_* zjF|2}mUtSL=u!Lo!veup0_O;?5OwUf0;A=;B4(VR>Sao=RtA#*l!yd^ne<+!F=R#I zyFr6zGi4tR&Q&fx9F&b?b$LcW+3ZqD<+h4j8kfQa(ky7rKyQ~fsq9fw`>yUYT|`q$ zNCVvYka~HM;Ns${pjn9fVuZcx|4<5cKw)3oExH$iKCIQZs8s~OEeOVS-xwZjbmcdo zFPmF`HnRV0V*w)3zWw8M{6^qYb0ZY-y{!Y=WegdRt0E10eSJ8f3p*^?J6-k<2iOxD zEh9sAtGuy0QhBIK96J0#UGBrd4T=mO4iMMf0*?BGB0fZqti{RPbyWUv@Zo?RVyZgQ z@FT!Q3M;eXWiHy{1>4TXgs=r$*C|^Ho((1o`qh2?@|z7_%&f$mr>E?{{^kGt*WdZz z=NE(D|L5V~2lTJ6+@FsA?eN2J)d?WtT91M5f04n2(xf4ZzF zMFSt4fA}LlZGtn3Cw)OP|<;vZU2`I5(avrVERo-EE%a{nu3 ze4kU13-l$qdzcpqY1Y@JXo|8bG%yV&hR)PHhaPC>_P0U#TPTU0n5P_X91Uh z6m!&5w3-PsC2h0{5&tHd^+7ULm7ab6GGoCME9l_Nqz{p8(26o%V*Ebm(54gYE>?7g zMxHWab{eBxZ#SOK(Kq5LV6<%4zclK9dYZJ9KeeYu0IaR=(KU(G*d`ZEA0Q~h6@k-d zhUXIj-S@oAFH|DU$O3!SP=SUpoGyyrSDs0hqiYX z%{2YX;<7Vmd;17&fE%nO{a=|L(k64d=4!-Oo(=8}O?7xf)hW3CseYq?2Wx!!pr4!BGp8bcb zn-r*CNCfK2)^OqNAR7Z;0R_8BQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^QHVuW z^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZG zZHdnIV&%e8ugJCfceW_MD&kc$OYRY$EH?K`O5YE2jKJ}9Vz>8o!}oBJ;dUXqB;cG8 z*(S-}Hi5WGF6HhIW>=nneVPVISrXQ63a&(rP#%T|ar8Xt zrZ*=#f?yO8#*m1Pk>R-p|6JoWnlGo3E1+7k=s;|)nIVWdgB?9ES7FSJ%tg)jyc@-p zW5x|j1lIs!*q+ya=lE~` z@l(&f*Q+n9$1)X@vyy_99;B8kZE#E4uLw)1e0Yj0dP-phErJlA&~F_B} z@?G0QFnGLLgax9GeWQnA20f4xdyt!k@?FmbS~xtStTYNsP&o@8hNUDtLocXI2ctqJ zE`ks_H4$pCMgk3UtEYumUfDDXc_Z)Pb`Cxk?st>d7TWWdP^$&-@i;DnLS0Y?;5(gQ z71`SZiERrgwqrO)_2V0hO`C+!xKRQ2n;?d!gY&{@?;BbfHYsZ?tpe{UU*K#$<|aqo zMW$Nh*vr5uCQU^|SxUknoWg35KG3qDdNGko|52o+5?``qENYveMfTpWd@!+E5$aPj zE+M8`GtN#je2e72UTW{gFU(bc{Xn)V*Ov6>TE#b+h$!zsHxQv^c7aUAA@Rv_sd8!N z=TiJmxE*fpO42fm1b`LU2VPrZy@C|DiL{&a)GJY+hC$1M~~`|omuh& z=3aWzMJ~%ps!MiB@v2D+eZQHhO+qQOWduGSB?b-2;ZQI7%=YP&UH}1Fh zLw00lRYyf+XLM9m{+=fpK3NaL`|F2N+woT9ZZe~Ma2nJ0i5oyfiMyoI*B^Q2})oEp1BjiG%DR3j0n~zedg2-tb{h(^$C| z4YunV?HEJNpdR}rPzUvU){7n4mO9trf-RUJxxHmA+Lks`5uJVtx#Q$Z2E$V|8+B%^ zNfCzS$i`l?aG?#&r)kRbpwfR1zIB194)yP4O2(Rp>l+Y(TJAt%tjsnd>-v$)vhtpX zY&9}skh{kgaV0}gk`F(gRA%hTiwYCg9$V-T+hD748$q^rfR2e>xnjwLeSl)-&e2D4 zU~;Qabwl@cQ?EQj{-A`Ka2m=VnVuW|mD;Y$8#wlew@ZXpB*Zm?Sd@^1DpuDbQwKkB z5aoYR1VbATbx5kUQ2hpp59%=t4>X;BWc~FiXeJ@zJ~}_R)1gKvnVO$Z{>R_Rzn0FU z8?|Go!3)aI4-N{1ICdRknL{qPe%m>COR_C{=*swm3*$U_$Zd&#OY5+S|3JG+GFbDH z!So4(gtm1Arj>BY&?lG%w9g`y_KJN2Bn7pCsIm~|3MP?odT%9^L zVWI)$4n$FLzFb0TJW|>8-1!)c(jYvsX>Nb6k?F;eKH)EJrIs<_`eJFl?IpCG)200S z1XI1v)+8@N29H8(U00+@(K=hzXmA9~3;ai>oF1ZnxL?MY_0htXQ@EW2v=;lO79X(b zHZ&!%krb+KYu;$IS;c{>IhrL+V0FiCRiB_@j}DskPP$dT9+k<@!+Fu7`mbI^VFN1A zA0E>k-0m?4_kD_^Rh9@R2L+(rCbSBcQ9Ggczz`C({1;O>Yxhj;urMHOEEOl1^s}@| zS0H7x13ahz9tBSjno=G9r5B{`d-Jo&UD-X^N!KLLut6{S?urr|$8i-*XlZ`b97Jd7 z#!v}jbEa}0cjHSaQWAF5H_`g3`y0RgS$-^vIKBo2JRcEzB+uTVO2)o|>X6Yk`QLy#)M){#r(_H!GH7i~TtukdShtVcryY=$SnASW@Izu0p;V*Rf4!22M zNvqmJ`6V#SPDzIWTL~>(u9S3c?3`}ThOQv{hsEmmRd%(>ShKu1iU)0E@Y}eQsKd_T zyU-SjR3jE6EDm&$t{mtaOFEg9cZ?$}+poA~Ur@jRq= z8mp5=ia9(E(*+j{i2N3;(3NuC`BQX%c@6@*1LI!BoLc^umsdy@=YE7!=z~U_RC`^< zRgLFX{N=c8$KyYmAfcBqH}=~h{&k+!cNNPRB0Dv^k{xo<`FRX z=qAI)vZOd_{zVC$&}|PcalN>I4!_1MC)o0;Xu|7hk0{%}+lceO%vs{>3mLF}!7awq zCW07YCSz(3uc$?Y{cX&t`_YQ~^nDE*daV~e%yxEE zxK$#AXru05!qt}J__GzSsT*m}*zeC{)D7gdZ+Jc1n`cpV$h5xTHx+EmJpzr(=vnN| zk7l|??)tx!6a)3onVL8OLQRA|APa;WZEx{cxQIfcUQJ?KwZ{#V--=QUhAS)x(~v(K z&Sw3=KStQ;9j#eVT2VtgdNl?&TA6Ty69%!!$dAl)CmbmatE_zvHy;d1^4Nj3y{+S>4walOD9EJkK z{k_%ZMujKXZ~Y7F^;EB&&P>Go!!}VmmHR<~G1H+#3D$uEO}(N3L+MUffYsYQLa3#r zIBE2WapN9-PR~5JEDN6#*NegO!kv-!;_ww4@#iBTj=IHZ0-9&K@#&OxGFQAziylAM zykiK^a4%Y*O^=svx@4WC1N6IR9kl{_@3X`fq`lch$L`>!LDpXO{MoO8ji8yl|FG=H!0*HgCh=LU zU|u3rA%Q$X<*x(^4x&a!rLJ`#^f@``l)h{z);LUMlay<@B1&UrP+mdH4(>@%2X%Av zj5B7dhBUoEaTjt$36~jFk>*gR8etF;dC}fcSxtO2AZ*kKeA*jE!L?Qyd;j`%ALrS0 zGLIFHn?71D*6Etc)H#90qc$2yc;|f6Bl_E6E#Ji8P%9BDGnMIjk()w@&P*1$TFtl3 z;NV|#+zTV&@UYD<3N*5bi84XJx`%&$!>83u*bQ1FG~(%s%IF8 zps249N8u?^{)py7l<@b{aVZg>BYlNIzi%wZNP(6;fqJ6ZAnDuG&yxp)qfI_)2g2pv z99=Yxs__^+FjNDiDA^)sACMC+Y z=;GwNE}FYAiWaW9uWGMOo4a}}JwB@Xcf^YMghbcy4@XHqiK~tNK}4`nfp&aeMk% zk3YGg@^XJ4s~h5(SBtO|=!8L*k}H`EzrrG3hUOeh7i`cUOv$Aex4 z7->}T=HvD_+o7lh6yAKX;UyQSOZ)k^-H!8ZFu`7<=P7cre;?28oTLuImGQ^^&wBUk zn5KLb-tdP>ZA(sZi0p`B-$i>Ha&hZ%*2iw5&c0ZhOsWivfI|DShA+9hVBDmWmyO?? zwgQ8{3Crh>vxW8{A~TAGQgPHG@4w|!l9&Sx{*m4oX|O*Rzd7fvMFuW6a^{bxTxp&= z6x$I`0c)9U{$GN*F?))gvlHyE(W%+(Pia(SRqWn_S zh&EAoaJNaXW)<+z?j@8d8jovisw%WUAi{^Kg9Y306>xF6qz!cN9_R_Z^wX|T*-@Fb z-MQ#i{^+(hBi*c33CKvKxBiiRaTZ0Xhlpq&rRF4=`(uvQ9vO^XJV~s-f5K*ctpjh2 z;j0C|#^7xO^m!aw-@!|JHGXJ4nN2Z`r=o{}K2H@M=YrYxl*pZiAFvMbiv?t9cmra1 zVm;5Pw7e!X8&b@8Ihd(Y@>qNbDX8-U?pdgm9>qneW80KtD<6CKO+2OhJ4ETJNHu0e zzy9Er)YsvCy&)>M0JVhMJO|?&cX#JZi_&%= z|NVr*uczPl{}|fg_al+qczrhD@F#5TVj2AeU+jUw7K5+2;by5h+RWsDp3|M68tB13d`ew)wqIGWRrbGM;8! zLQ+m03xh#cE6J*BIO6MVHZcHYpK9{%9(sycJn7dyXSlZ@e#<5vwH$2Y!^9>p#AQ3c zNNw@@J0|~ocw#CUN7Kkdd@ny79UbZj3&nvJQc=wMNTIL1e~KvRVjDK?h!~|ol4Oq= zdSCSiEkhWcpj|<2@QD+9I-i)8|CW%r)j$Z=8%a9C=P5*%gt^9(YSTQ|4Ms^`QV=2< zJP=g$jXK}Sops!r z%YBWq(*L^yFZOm@eWz8TWZ*`&8H+qyhjq>c;2Ym)Wri7*o5G6zNU0$AqV?|D+B9T2 zWj2nDjTza^#MWaCEF0Z*O6eHgiC_O)3X-VJ{5`aR2ZSyTDNYuD5f))^Vhklw6*!|a z5@~CCxVntdiBgX2ko5y6@~_M5$oIwPRAn@Fy85FE z7xx5b7qSw4Oga{2!7t7*C8CQ-vl%!rh+}IV1zngC$^1 z&{Ct^G+;K~`nWI&FJ~gULx}`5-l{ z`H}JB#oFFwF)?D+a}-g^N}>0BT-KMEzcR7%f9rbODSC|?d))$8nZ<)emlAh+43AZ~ zqq91qfh&Tm+^8AhycCTnJ9+S>YKiD9E2E*GU5X#3*|+g$5Y9T(3Y}tdCC#o!rj!9e z;eO;8pTzn9T*G6L8xl(oVQ_(mEPtO0e$NUYrb%#@qT!{mZ=zYAN#gg143+1hr0_w> zH}4f_Ru1y*LpR*0Ubma<_)~@set0-&9u|LvR4}cb-8Fz;DVCbw-ensR$6#2c%(Aek zzL{2dyq_U zhtJp7PVk2fG8Qg^RR(@q!Ka3x8le}1=EpdHT{`78=%RvG!%N&nx3AZfgkUSWSxIp# z@!(-lHvKc@u0(){XcMIA>O`C9UdyPI=(Y5`f%vmu7DEajl)MJS==X(AEFlf}KlWpo zJhL0s#`#V4EfoHpW@lYDspy%;m^X_xSy7cdX}*i}k16!GjtI)|d2_?2D%d=l<#lCV z2h5>95T6N&O9J`>HpIQ}?Z~^RlXaZ*%dF+Bd}=59l}%Zyb;~{7Q#iW6MIVuJFwrR> zhu^{cz)U$gji7mE?tPFK#!}igVNgA>ttRRIUP}5j`M+E24dQnb&{yl5#_JpBP>|+& zSI$CeUe1sWn`)vO#s@M$oZffu;8+{1ljOj`*r+JFYX;23&YrIIr*6g-4y!=bVj>$P z(RE#RQ;6B#@XU$&SFX!6p#L6DHo-Y?(^ull>R7E_sW?IW0A1X1L9QP|(3I6#` zwcBlR{+wnrOJzDFhJ;x@j99Q%h7y8gaXUQ3vi}#O<>3D^KQns zYCbLpF4CD$m2gROy5hQ!Bg2cqc5|T0w#bt|io~=h@A%vp$F%*~Tto>{7^e)1)N`1i zbKvv+{IEPE*F*V+kzEyTnge;09+#Y#3L8~#b{q?6f7qvX_xN;lw%rjRpmAG~_$r(m zuig_$rHDgiOFY|>Zj8&Ds5FR^1o3<6SJ3)%DKtV@&#|3em&kw_w>xE$LUSC>J5wk? zfOyLV3sw`I32;iElai$kwUhCw7a)Q6GfFwMDv>dV@45>V=C48+F@4>zzcgFg0)8&& z?zbBzH1-aC;KAC)EJ&!7hyLgWwoajLJq!@eux&eC#+m$BbFnkdX0x}oV2q>pwr07Q z_+skoy>3z*cG%D>ZNM(>-}@e8mOYhNxft;`O*XpUApf`|j!v$5n)L-7Yx{oGfhLMm zV=&Y)NMCDu#|}}n;;T+5}R0**JkLI>6Tt&6q@C=uf|&mo7;1d4=o_JwXJX% zKB-$tD{Xk9))31uCG_K8C0|oXA{#ouYIMDrq@Zc@Cn&o4|L%HO>DeFf=xbCxijEJi zNdJ6|&ch3a*Ncg=nq&UdC4>G-o>V<7Y-$0i-QeIDP;Yfs-*rTeFY2%&$3;M0R-RJ( z4fh8KJ+m~JoWP5=Gt~GwWSr`}h%Rl{2iUn<;N--=`_!{v)Yh2}MYIH==#H8&^y1hR zs7RAxe~6N!2mf;N!fQ_Yd*Sy>^&U??)2!8q!}49$Y{YE!R-HnuotP4JHn@X2*Fb_^ zD)bsNR46{IeLu3us0=AmoibptWh}x=KC&juAMGq;N-c^FI>uQ#QLLO8^U^L6i;I!? z$cmLPDV2AL0usuUUpWkVVd!rd6j7$7x+BHy>nmrdpJ@k3d^Hc`Ub=^_d^6m zAz1aUE5qT44MizA?DzxSQ)W62*0>J*c9CFEm?CI}fS0FeOr7gpp<-X!6&|C#hMMmB z$MdTvHkFQ#z6VisCLG>lq|`Ss1TCH`b|O%BtC~1e4yCksz}qXq0fkguOAEIJQszoD zNyq{46XN-+wG-3_vAn;PFdfN=ZR{F84%bg+a*1Tl(3|tjDum8wbrKO`7Axtw;vaY= zu*+7>7ccsUQWx3x-&?q2JmR{ruRl()mToLXAvW>@QSX)V!3 zoxKQ>hj#jwL$xku5qEkNo0@(%YYP+ooIMjPto4wcpxAmAhlYKDg`mxSHki#FoBMa+ z;0q93L3z3yVPZGcr_J@e{m5#Jg-=4c8u}sx>2)kpf?t$$&QJtLR&WHX5~=BT-FpL@ zX@w<7B0{K44^UB^*G+lZ)sRh3o31i!j?cDU7GsRswqDp{Kw)ab+`TVRNg9>XUR#k+ zexBj1ae}B!S{UaYvoHLKfEO`oP6!POC4E9Hv)45kf3Ti$wR<1=ATyckz=Jc1=MS)nxx}c=Vg)kykl>F0vxvtGJu3pjxf+OpcyvI@G?_fqp&@0Ee8IrKx$bDH(9gp(r$wZht zE?Bg?0q1%Y4c%GD>oCvPe4ET_lEQbq@lG$~C;xiP!p}rgR`I)~9oYOMe)ZH46_4Xy zLBR@o{#?)7bxIxyz#3duz@^RV4TMLO#ZYL6{gI)Ur5_P_)24+>j~o^BZb!4&xFk}h zGM`{0@HSDV*>ia#H~gh`Gawt!JXT6{XEd%~cFsgc5r}SV`Mt$6aPYR}e5r?#)<;a* zr`-S}|FIdc4(XIu)gU`3E&9BJG?iE@E2c$5S&fPe0ajNcu))BZjkY2U|2(sO%)3gu&yaA3UtvVsReB$z6aT{>pkXIg*^B1 z>XWE^l$eIwh1X@u-l6zt&WZYaZ1Z++SV0FPiuz`lMB>@{s3HSBQ<|x>7A@_t-HX}h zS}ZSmk<`Wg-Yq{CCdW5IlKGMF?PKf*kKTS>{`SM)j!T(E4Tveq4=7Je%$a9s=v7Hj zi~*=lp2|k2wN%athxay(;t_#BdeYtFaBGI;9}sm0A8m+>q_3k7l$y0Ng)%OstliU|SzZX4uDKKO=Y5RDBkT66 zO8L_Hw<#dXh2h(d5zF_EtP6PQq1pJBlifHisN4hZsDWVSjrJ|r;+}zc1&A?EDqpue z{G|_6?s4xh+9z|g?6P}Ke0n=k9rh{$_>Tdnu;~j7wTqUYAYu)aK(*?BOAv$a$qjsv?RTS33)>%vbn@66{X>mq1{U!c0O!mAhf_Sa!%8K4pU>q?a>h13LmhND0EwCt8+A9x}7iWfD z05s2EBY#9ll#L*^tZ@kfE2F2Vl!cxQ?DDJPYi-{T95FjJKG3(W@$`|F_Lj@w5g6X} zmIE0TsONbXcz0pg>)iQtEtaM?5F%Bw1d*777Bexc_})Swn|=wcp5Zl#O4SN#8gTao zD|kl?Z|*p4hC^F|YK7+#wP>qeJU4`2!y3r0r`M@<}{jLq- zrDC(DZ{YykZo5lWxP}%i0t#1;q!k`xA^4CZEPz+X`X`?sjiqhg(cWU`nOy?j)GWU-tJL zHTs)g7(P4?#m#?56gy#kwr~vbp*BRvpy_*_Kn6)(mT+w+aGeoNsYQ3qw8b5YVPfY= zF5ZgslMN`8y->DisYlc(882F$qO$ZA?~+TRh;m%Y%S|%p|8@#5lg$k#;*gDHcoQ#dBg=K0ncM;#@@@B=H zN^J+ehtl5Rq(Kk>2B}T zYPdxnj$y=Paef$D15i=3&Ww(twIS{dWI{P~&fSz@^v&-p4AObLWN9&LoZQhW8XaH- zeS>huYB?b?uB$4HlS(0pmh+)h?_#${O*Ke!i4)_Tb4-dW5XDKyP3g-Rr5Ici^UMlE zL$RE>1awO0Xm9!B8Y6gIiu1b)nIBOWCnvWBey}*@`JjPS@RwDiUx*6P$fCrbA{7-$ zWA4vFIp-uWC}aVzgW|~O8sz#nTu{G#(=Uh}whmNEH2hlZrewdWa4m*422;Cr`T&7J zeCe}uibW6e+wF{p%?eNYlu*=DO*i-50{Of8%ST=g2#`LhD+2{frk{DUuk#7f;Edc8 zUJ!L*NA+}4p}(tU6C`13bV?}OHReWx6&#*t#PbW6;s4v`!#O21}?q@hnvUVEDwg% z7K&tlt4(WcSy1|*6_pC3?>rYcU-sAgmv>A1wWioq$OV&& zLPwESfb&VNI9G)--SIR4X`XsUq1a%z3W%oy;UsdT)KnMGHCa}sV8k%c>0`t#zl0zd zF?h4lv^+P>Tzd@;cKc~jjB(6-RprN+G(W3Z+_z*nNT_8^W+R1sN=l+utjP)jHtNi%2(~mni>{IneEd*W!B}BV zoGl(jn{;3D=1y8nES^muZIF|3rw1zP4xYsA2Ipw+lHD?UXEPvgsDx4_0jmE*1@6~y z2?o*BXGeI4;EaoOlc?k)dHEA4ib2Uiej+Zrj@d2H_aA|;cEh3rk!sQ5ozO6zd*n1x zcu&%OWs12;mqwOev9hZ@&T2Dj(X-{*Uz>Fy79Q_gR()9iSg0vqycZb-W^jgUm-0w| zdqj9OIXf?GxDFxNT2g-1MbIEmRTCFy#TFZ9Wd{`Qi|6NeKi!7=ufk&|cf(_KZ(xM? zhy}ahC84Gk-`-Fcs`PDZss*_zq=;E)><_dmCEA-J3=2V}uQ9NbtPK~xw>lW&Zcnv9 z7jAY+mEIQhU~E{lr`OeoNIBkA)l9>fO8TN%dm`egUV$&KHHtCQ0=`ayU4#|XGjRT} z&5tno%H&13!xu+Lj76e&YX4 z&lhNjIGM5!&2?#s@|NX|$(*xunk=nssg2)A^jaYx_GO3V$6qAe0q73IwlJG4l>waT z_^{Beu4aC2 zfA|-KQ_5`u=ue&n93tNe|DKGFkKzv{BLxBiV`gVn0%G+Qwwc@cp!Uqw!i<$yHY`XHmKtn2O>6 zHIholNf48w>>xQ0JBksajF8%SlDY0L@cE;Y> zYz}MRt=NYhTqb1EcfIrzUDcgG1a@Q*e|FWNAAFYcKjFX?r4xP1jVs<(c>A>*RsH8g zArN&MZ}`P>2jGI}Vb%WABe*l1X~%PLl&bREpT0PDwRaxD*pp8oIG9UMrofvEX@~G* zrZs9cuxf^t^b{%(jQvvY&_Ie6f$dFU^3b7l8-4|}cs|}IWl<7UYKtc=R@KaZ6rGDq z=5*~Z5Vd7(dTknRe0;I5nbI=SlZB{bQZX_Z{>7DAP{vdmCt6BKV)I!U z{aTo7R99~wMuhVu57(CW#my)(I{FBG3+zz6UvrR5|N5SQjk8nV>;ZC4=&U7)V-z*( zu_PsWMXsm;p>T$NAs^@kmZVu@!i}T~NT?hak}oE=oPpQNFm^LM%>!K?YGtQWK;Jm$ zeC;pn5C-O*M2V#31EMcMUAs_~Bg)dY`@59e!T?7N?)`FF2dgvKtRb*|LU{*J_I_J% zNdRS!LkJvL7R`9Nf+Gk@+Tw$@%Tvv79EN7-mL`(?Rj8{^axuJ24xC!(wR16;UPs7Nt=Q!mL9!rl-Fwe*Z)EG zK%lY!WUm#wyZ^_efULv8JTBG?fb7)-u?vxWwCFZp%xZeoFi7h{xjG%-G@dMBol4Pr zR)^33&0jZU9+}9AeVv!@(}ScfqF9u-FTpE`oF{XvA}7#|hD`$fW75B#*^G(BXYO5I|R%#JgidO zFA->g24gDLuhVPBjg#ZcalN}E>&e^{&|3#C_nX>@?X|oz0OpfdU`?S+2H3s z;QQjn_x2%r;O6Jy_6GEQMdMmQ;>Z2fsQvz>sP4OD1XF`eraX>1t|Lz9C6xdMq3e8X z7=h0Y4#4fpF+d4xeF5CwQtyD@?{RTVwrb;1vCqzyyY7DC`n zq%?r=OD9{!-iDz%-+48eyhal-J@*kccM*fbN~GN9pT7=gp*|82?9W{AeHw3#tw8C2 zbNdYdx9=hbaC@!xk7NM1&sr(jmFO8N%-83-lSH?ga-n)m$lch1IC3b=Nl#`KzQjvo z2^WA&!Bv)2npv?XpGs+Nr563nwsalcp0m6po?bDKq?IxRht0`+gl_cK`ZpkBxpTtH zHgj$Wu5!vmOJZKe6cvf~et7R1=kBf0@yD#|n=IjDK{2I-w+NmN*wNNWqE?C*-1OHI zVW_-d0H>C@CqJ@y2w&Kt#c6-~(cpP}1Kt6hwC*UTmKglgbj{yN$KZgGcM4;nz_g%u z;q-)F2V`uVJZ-f3M~3LK8K?_8ux4QU`qHT6A|vK-!}=DH=xQ9ezJcHIm-0TAoG_?O z@GzSHgYFAy0-J1zXoPF4*rntPzy>BN4<5AXkzn4lDri;cC6*kX6$u;0D&|25ntmiY zLA9xji47EmkPuQfZ=PeA{C^?#FEC(-|Hs_>{*SrOb3&DKdUw{SZP*WQCTFsIe!djY zT}l*;9e~x>(ESbT0Ev9@3R7MxCyn?l8I3aVV0sOI3W%kSKg!@*L~uk`|G?)uY9el{ zZ$&j>(Xjjuvu2nInZC)*D~ENIiH{!6Q~5I=$-=Rulp(PjY%(tx&TZv34nub3Bdz_% z1uXZ1&Myki3EZOWu8NqSwW%2I?ys>+U-AAI;|0hj8HKx#0f#RlCbs>GN3d%%hBL&a z#XDK{gWVYpkx2)h+Zd3TW9Q`jMvjEcAJ=W%*FDum1 zhT1M)&S3e69pA0Am2oX59)+q=Bt08MwDcDvc6e6mMzqy;!SNpU_yiJOZT#J7*qFdNAKs0+53_64=;sGLRK1%GieUKnov23ULCPF%MCvG%_!R6POK z9zX6$)$NgUmx^Y5dEyTsR5|R3Grrxihe9S+j^QI>E$q40$92$t|3`CK!jDhakjx=$PnIu&7t&>J zHCzI6<7u_A-9i-VLmY8ylP_V}J7FZmS$&r45#L?$8=+%FZ6-L}hzfdk&W2)PpgbWm znocB6N))}?OE75j+-fgXV_hPp_0iq#JjZzNdc8*x5e2S51@?U3N%uE+=Pq!+0e1!U zeJe1;2Hr2*i~68*NDd^qb#M~^yFbbPg>%3G_m@2{E*03haa5HWDfb?Hd%uXoIpxKy zQY`MND%N;jH8iN?@OYW+&ohx5xLQht>U%sf9r{iZlX1`}7+uPX|4~Tf5~(6&rjwLk z9v2T6pAk!*nI#Wvyf9edT>8o?TygJ5+G3wvXiSuciOYYPd#7LQU*fOX;L2kg?%Y_< zf4y{2g<2&)-c(FD{F!>6FMx~G_}NR*SEzgcii$FAcLo{KE(EclhldhRmQ0jn=Ibn- zPEd>aEz79U>e7dN1@IG0s%CY3d9;jkcL%ACmWv*;QG-G#JLpA3;raQBxSLCXV^N(+ zVOmgARIF1roS#X8+j-L*_TsI;5B&$-^8(O)HMepFd&kiMU^`{c1-T6)g&*6Y=_YO< z`rQC=;UQOo3?iTjLx^C7jgP6;5bzBYf>(m0e|my($FVyjWcxJVZ%Y!$=%r%nu70#o zwP55HO@p(bH)Vw5=EXqWaZ%1BPgo4CknOJ-S_6n%f40>HvNYyn#KWA{VtbcBb8x3V zeyM>B{56#LyC!?2Ux`pUHn)7w26%S0QW>1_BD`efrzMvT&yS zUD8vP<4&GKvg4%zk}^0q^WWxvo`OVgC)|Hoq2Yhcyj1z?-URbBU|d>5;hqC7X#-Wrs4Yj0HZ^%v<_7x-48kEyNmZrG0j`ZDqB2`4pDY>vCPGu#53uu++9h zkwWEuE2}vWU;92ZnRn%JY+(Dt`I@Q;H(v3=&dC--1bCoVq6hP44b}0 zINM6)1IT@DaIA`Rjs)vCk&J{e%P|_IaZnSC=59~9~~SVsv;wv=YJl@o#P*b z&;rtKC5LGtmImZw^nRHRn-k|lrD@G{656iCHtelt_JqN%L;DFGz9L*meG<<@WMyz$ z6(zG(l~IvG`|*7Hd!yzTif&iAej5y1lR;{Q6W9Q~ z5GSQlP(^$HwILNvf!sgjT6GZ<;@c}qT3OR{J7?KEKctEQ7_xmK@zEQ^;MWqNmo0bs zkebk*EAZ}t!C0#c4L1`^FWbG1jk%btMC)^Bc6v~{L=uv z2CAfCV(NE4435p+cp)TJddyCUf6(skZb4#X;9Y8&(u<}9d1$4Qug0DQeCQ-77ng4B zmH2iRA2+r?x$HCCcHLgC>z-w?3#ZL@^0*EH{(kG879ZjN8A~O?+~)sO{=20&$I|e1 zV^J$R;v-u;uG&o;AMBl8F7$`kzMLS~uSEG+f8-D1^buqGmN79_dPRL!6ynoA@t`R^ z0`c_lyQ;~d4CmOB^Q4;e5;HK&PxZs59ZB_3I@e_2$G~?xGMHb*#`o?~ubnXYjC4q- zd@PBGNF`{vldSfEu^}fGsd`FVFBU1rN_wvZyxfJjRf7Zk(V@|LZZp6vhtAqNz0F>i zwUoi!CwQ74O@o0+uK*F{GR{xGR9L`RWYde`M8__@rjO^tM0_c6v7JvCyR@gBk3+{j zvmeIj!0N^JDk!saB7d=w{-++3tq>VnfJ6mrBcChgYMONP*%-s*gE_W=FKcYoU)Hob z&iiFGZq=9B2799{DE#W5_2_xQ-3ny@H7d^LNEG^22e5|#2CF(GU1lC>Mm#^N&pLzg zrm+v3W5XAA$LcpDyl5B)?$VAGK{NM<||_raX$c^_R_sLMBDnp36?&1~`r%V%u0 z+#ahtL`9~V8X|8)H+B)4ltNq6%19pn6Lq~RdW%QJ+CWbR;Ugx}!!9$QAVF_nRNkIQ zcrxhg)ouk@2_NJ0RwZJM_GX-B+s&;t#`B4nH#)c%3wQjMhTGp(qHadRHU35vd*L;p z1%91k<&v38WZ7exo|VBUXg)RS@+-;iIf3vzd}An6Dv@F*KFUU4P}Y#l-3oKanf(pe zbs&7WNgN#i(V?I3{37YC80SHG0UfMd|JH%i$EFED0U+$zEb+2@HHor(xA(QEe`gke zqxP=vYwSg;2+zeCVe2U1!hy7w?TJd*TNfYhgMH6cC1E(4O>r3KPOv!Vj^3s2V2RW>`h~k1CZ| zlVH)NwgLD50ro2ZV4t0-OtGt{LO0QGHx13UaF~tp{Q)+_d>;FB?5~Q67uG2G?3mX2=`-w z^FI~vh(YjP^vc0?heY`*?c4NB+Fe?M&q&!%u%l*Q-ZnVAEIdC=2{!^B8~*9P+d1=W zaP}$Mb_8y0hiB)^e{!0Td3gLL?=ECeHk0*woBrO&Rjwrx-E3g|RL?7}eeV}_u9h2+ zvsW%8a^qJlB(~z@#;Fnl3U+RsXwiQ!&7PNc*->-?ac_ zeQsUYzoj>8rcQ2y?10v)2Q_@XTn0c8tbx6&*WpGCeSD61xP&a)%4 z@$V?H4KG)qbdtn@3vj9)?MBjn=GgL?MGK$;i0H^?i)R9tT1%tRxTrP zqPe>#^i7SAMe;|@n1BqRVA;OmkssomGWOnrnaN@5>{>$;bdV@y4` z(F12$d=#MO65Wsa3k!^%p*sh;_?PKO2yRVoC>zMZ`_IaPCu=9a5}h=J0wjfB)vrU7 zYWcOr4B31F!gN<}$|a|2Vn4hJR+P-3fS9A=aiM1ZW9>;P?r~MP7QZ+jI-_Rr@Qv7f zJKuXPdNum#Pu@LkgS*Vt^H+wkBf7@{8NMD)A06LqPs0BT=`a0ASosb(e^jmp%SC@p zwD3QuPa+;~U4pS2+2Jxbg@NcghSTA8JXL{98^eX8=&IND8&ppv&19ykz%Mz#!enLQ z{Tco~CA;j!iWf8e9)`KXiaep#r~WSbSjk^s*sK9ty^^JG51Ynv10Sq21R-D06yI+D zjWpar=L<|5M^o4?8p`n>M?V8wAIqs;AqNF;^q&=yen5iPQwIg7mR*6z(voIJ z#VcWe4ARM|LPbYN)wb)Se7j+iUX1m#u*Y}7neF<9rN`L*S>HlN*(x_B%HEl9w(xLg zY~c&y4E+pR@Pm7{HTkL;ejY%$)7N#d>$HP3Emr|D`CvD~G98N<18F}}cv}iB_@_wW z-SI-afmlH;z$oAzfRf~STdU?#sUwPiKfk{bWQR)K=SF2En#ZSG{=#3xICM>}yB&TFc#;Wi`OYjM}_OiAZb_-Vp5Z>-E)g+#jVwxJOBr@jA5@Nz@=@idryi zHwzF{iq%AG!GbJfFUl++T$Ug0y?tEX2Azs1eAxH30>2$PeHDlu0E}KC45MUISr~Zo z*E)=dmC+ZXvWO&vKa+6*_#W znz2#>0d`|H@uaH#xi1UG3N?qi7QX_Fov6PTydbTz;3MZRv+F&#InAzs9&zAm+vN+( zS9K(7z$P0m;OZn{=WiY8?xVk4Um5i(87^mW3s8LCrtaIR6ad-lPTTO@5ixtHcTjk7 z?JK`pBm&P8q(|3CT|gQz5r&kOMiIZdf1}d*`X-zpnI@L>@@8v;uht61NnkmnceW0 zV6%=0QQCRQcF!x$B>`}8{xHZ36&^=EdG-4;aIwCx@CYJ}xO{?8;V%7l3X&jMnpU?q zEsIp4MHCc-tvvP|Hl?}=i<~dXTi(P$+=Bk=cE*dS1*(F-4kH`|hZqRr3@myK z-db4outQRg*@92NAs%V3N)vi6rq9?Jf)wsc(F8+I%++Ba$Ejuj`pF~BHUVum9N_rs$TDfMv)IvTVfSyLtAJ(ycl2l zMT_ASxb{33u8g8;ES~_ZFIUqf1Dw@)AshLpb053a+dpO%{6nrPu^`Vu64=G*SsF}T z4vQ0wne$DtD%ogkg)1EeF&5dqswzo|=v~g-mQFS-gDk#=Fv4g{clsGX?Uec+3_f4zF>{Qju4qQ~kH z%gabj0zZ4?nnh?p1_6v*OOt}~Zi81u9%VUu<9_30~p(*3w zeL{~1cCtH9BzVtUIUJCz?DxryiJ$aq#vsXe-<^N+%{RXXZx7gDQF3{Idp=yeh?V0( zh{xP`b{9>>jF&_}Wg;`r`l;*kxCy#Za{^cr1ED!n|6@^3HEygZf8{+ zvb|cM+3S`IxZy<_%-|9|8X^NH(m0VVQnOi+N;5wOWk-$*qjG&5iwBV$YdIP4Jeo=) zB2(nzm}hbTi%s#)&*CpV!>$JnE)~#0%2^3(E9Ov?WstP8NbcUfy15OVZY8Y?4QCG6 z7Em%BJ6+eC`$QTelEU=`BF4}rpdG%Vm-pPGCl&*xd?u1}uA74}_X%nXQ9ZEW zYY*&D;9h*8!4%}=)upF%A+)`2RjsXoUbu6qD{m`|P|I@<2h7VF4ZnqwX*pJzv|=*9 zw6a*z^de?G_g;@oK#3d+OW2MY06~Tll~K3=7&<8U<5)e2JeP4SQcI1YDjn_+;L{k< zv{K_0A5Fe+$P2r9WuGc@VBjUj4I-n^ZWC4jqr6sfI5(g1kX@^+NVrc77ZoLdJ&Ms( zse7hU&$*DtJGQobn@imd?cEIP+&e2BJ1c<=x?JO{6=;7CkCott*Vs(VMk0qWujd2q zWl&lHqcsMYN}iC_T~{XxNqv5{7ND2<{0xO0Cr3bJV1Dmm;iU7x?`40Z7?>09LdP3I% z9P}jeN{B!OA9H0hrFp#xqg?3Hong45?B>LAb@D#iTN-{^ z7nXyzt0k0jk>t5Od*m1iY&1^&p_jXx*E-UhWXHyZfC%|?>qu8*U{uy|WpVCl)g_&(DCA(9>Jkp;} z`gbqB)B@ajgMS@1?>BU2BELqt}98@qdsLH4(KXslwjfFP;y?zGeU-={#qWqK9{u-Y20u23co&^8r9tZy{O(Pcm#8dhQnH_my zrZgLB(ZL^7?CA`BV#Z}+IgddA(oDxQIisD+OpC~B=M;Dz{?!y|Dw6Oo_WtAld;6&W zmWp&%{rXHsxzcKEn4U!Vr&Jgn@l4=f4z`hbSGgU*B!x>@`uhS3EPZkjE0#W5N0gNh zdfZvQ#yUDJU!%jYCg51vF1U%GHV{Pw`l1j;l*0|PmFWCK@4CsCVt7kIELIi!JH_B=(0 z<`AxGmO>Eb*1TXB@@S<1G#1;X##OC$0}I_MO(9xue%w*>RuuBH$Y)gL!WZ({7YyFhq$#_mI#Bc zCi}pc%f#x|-Wnc6D%szPT)03^$g;490#SR;tbbR!YMobV-*EOHSPN#CEkGfq<(n2S zT)J^B=#)3!#n*txegZV~f>d}1UT6}oFELDrURz;6+EtQXT;sW4o2QlKa>J8E_g%v# zS4d4O0?60Z92~HPxP|J^_6vWc>Gqm1`hdSZp6SW7a}O=q2-R>;?rnttVJXS4>}_5!m@p}8Eu&H z0P7Rsn2|pZBO-U&_wu01hRwW#hjA~XT#7N9@n|YjQSM26%o3iK7*FnfJRvC3QrXc? zYj5WEOV(cH`+iA%7l&|ocbgaDuFvki~l$5LhZox)x*1K0bE@iVHZc(#SuQYIKo<3$(}5e zJZd5IVj{MS-qv`yE+$Vgf;tdE2rc23V*l>t%a`oXzIxX}J58Q~?Vtyl{T$rXfNfx*|8h%`7Dv9`?i!@H!g+2V4Yw_*B`jCSWylD^l`qf)@ zex|Ej!>I|Nbvbid$aSKrg=fhw$@(59>a(|nYr6X}N(wC>=$vluWp?}K<}V_b`xymP6xS_P}$g3Jv51bZjl60yy16kyx2{Bok@D1Qt_2gC(JrPk~ZN z1&zw;S(R-OSOPyh+1*4QYEKog+`hT7Po-jM<|%8Z%da$$!huT7M~SOB`dZ9MC0Nl` zx*BYn+Sj2M08ORYgr|Rh)f!q}qSqw8v68073eV17ob{;pysBmcz zA2UI{mxJkjYzr0hevlmM&VQ5|7Nz0#z#_to;LyuM=LjF6?T96t@m8Zt3M&kwD`5WB z=eI0G&<^k-wmS##HZsk zQWhHJlIs3y*`*XBzP(2?O%4Itn50f=DbiW80^Vb>U}+q3(RsjkaNFUmN1CieW*A*4 zXe*|Oa*>rYucQZP(UTKO;YLXoW3HPem%wY|Tf-^AN>yR*)(6{C-5`$KeF9i+t~uZl z$!1(>CYzJU^l%3-$Ntfa&g}NzMW6$mn!a# ztxl7f5ku##O6j6haBg^dNSgn;FoH!A43nlB)IH})3&|szfU$yV4zzz|Ee)7{)yiIu zqxWvb)Q=07?19XwjFBDEf_#7d{M9!G?af3&)7jCdBe+=N$ndJ;wgl`w6Fqh*>LJgM znM7xs7vHw0-!yGrojh;brHk|4+XJl~wYoU>&JCxWLCb;>&PMAK!gs?RNSx=JS8+tq-pyin>-guY~4aviv`n?N94!TGk}PN zPX!(pTUi(PJGQ!YK;>!7J~@flB@|my5XL;-Fhk?)5HZ{NR1dt7n1G_!bk&L_QwSk2 z-wfL{P1kNeod}n34>>Xz6ig9uX+~dvy~vdQ`fK#j7%gcWv-prqKmdVcQ%(p0m1F18 z=*)B0uRva-uf2Qv=1K37)w|*r5}XT`YPl+b%yH9uirgBYxY!5l=mHq*8Y0rHi6GCU zRp6s+7=r;fPcf&VG6defc7WPCbE|vWobGF3vDef4e%g|@Oxl3LJ8d|#>V7rp5F|Uof)n&XDiJ=&#!L?sMZyqr63zT z0J_N(drh91w^u@FLl6G)0(0P9TwnbWfBehIGcR(b?17cXClb3_<`=brOCH@Jgr;07 zT`!;qGEoAU3-V|KNG;!ud33|h7TNg^Q3X-=s8TYsI(y%AJbGM-1^x7nr87N$O&Zc; z*XV?Lou5nJ&mA4-ELlgPiaC!fnNtnQMiHwJM>q4<#e&Rir;LgKmvA~+9TI9um_;pl zqE+(^psj@FX;~5J1;zlgfVezk;Kn^=EG1v24!eQ*=tUQ;_=4y}kId!uPUrJ#4Nt zoq>YJb~>zJbO%Qx_l#`w(f#rBFg^f% z_SLIb2N(n8)EkY0RX2=7)owpfU%bD5bN2D-O}!@6Ds=ATnOtAA6X~7@uI113AO$l%SSD-%WIK4?;QakH z`Z?I^Wqm+xvRNT*irVrvc6l#$$ie-@*Em(jC+#9zIgzL{zZUeNhCJokP#1CFoKSwY zCv~zSOD4_na)y0edVXD|iFjxiM|;;i>tE;09NP2u*WD#)%3({eggrP~=kKrg$bR4q zFwZ9ANGy*2F2r1Lq@HoA4j}UYWW_L$s{jC#6!$2YwN~x7eku`sMvmF%L&&rTA=62(6D2tN~I_Tg=%CG6p^LgUT8M(>uDLd_%l_3Z26m zF9sn4d;3M8Xr|PSxMS&hXd2z#u+JtvH~6HjHFhRal`WV&2X1!vq@n_kfn2md1GyN; z#Zx60wPQ_u$0`u|)7c32kL)|QA$WC} zO%fiRB_fLt9s}9*ar4ffQDsu=bv&E%ly1=Pk4!FTxuL!RUp=#9-`$TSprp_ z93R#bGpMM^Qfit!4zXFEBCN+jkTTS4w00hDPzGZ^z&SM86E0*kq@I6e!_|6hzU_J) z)E{fL6;^eF3*i@w>G%t`nk$kBhy)@%Oa>b)pvX0EF#CLmkko_&KE{OIz20D|SWyG? zB`a_h^ZaU=E7v|Biw`MrPGw_m)9o9VFH-USb9MHBD%9;(!KtI0|;=2lz#3*P5Od zOWr47sb$%FW|214N2U;QWrpR@L0DD}lQDTOG<$9R+i7ZHbjQ+4PaDUL$1Bfrv0!>G zVhryh6pDM084w=urPfj;=2R}3TyTXMBl{hc0p$%SuN_jqQj|v!5o~YH^;g*kIkjPe z;Zhc#;Zkk{sbBG>Y)v}V0uoF?WkF*7?hi4Wr>SgXX{+14!U8?Gxd zAiKusnjV*<7_ajF^v5@@ZF?v0B=JoKo9=x3fvO18} zFPyB(Y4rT$#Wx$^#H+VwrYG5dcD_pKf=A>dBsNs;{GitqmY}_cxaemGc@UvFN?OwB zj>){VWh|m2JENn6CyrcUPnxpX7N7NQbUyF~NYz~Ei%XwjQ%F#p`wS|n&zz1aWDFg% z(fc+_fjQ4^YwbotN_YryG7ZMAGPe1}s?jel@4xZiGRg^AJ1Ri-g?iGgG2lC_4lVIx3|Gx&tH9WduvXV z|K-)m^V{3Cv`K62gk9c-w*a=`2eu-v`eJn#Fa=Kon7MKgJuF!ZAN>e!@4k0asxfKP z*xAezEg5Ez)Nfw^je)UTDf5}9VNUThk|`{!$Ng(G|cvZiFSK29N< z1it>zmBBTCs?_*2AHt{Gf%=g}wN6kKLqXzGmfAa78bI0n?5Qn8s{J>R*a!*#w~o?~ z80dkKDNT~mghqF07Q&oV_vD^Rbx72ln)4kdP@eLH8B%M`z=gf~z6eGsag90hWBQ=R zbU}X>Ddgo)@!e=DVfG;S%j+L1SqE!R%WzKmo|AzS7&w6@Nc~DV z0aEZ_+sqepn%Bnm8h!8{vs?j4j&LB*yEOIOgOM10a=us?i9HeGE?Zg@1F*Kd$~&%f z?kcCg17U#BB_|P0l1CAFkagHZgPc6jm9q8im>s8J$q8^W4 z*viK6uhXmd*5eQggxP&8ZaWr;cT^&$GVIeb;Sn!ZWC$Q}R3@1&SzKzbSAoD7dKgBS z+*8RRh2;A5=yALa3v2n@?8HFbD_b{E_kp@MLF!jZ-5=OwF2vos)_bRt#1de(B845x zIvtGM|6p2NY`M>*Nx+d zmCsP;20V%ckmG<|*g8Cp%oIB`E4EgQzAHrF0gtU$OB@@O=3Gi-9F#6!3Z?i2^Rn0Ga#1WOTP56ywZi|d=zaHC6{)TV8JqYB| z%C{FRn$wi4#b?i?JfoUD(3P1HNMvi$dvi|zh(iDlz{=2kHcFW`d<*fFl~LUffQr^W4n%fe~HuvEno3sx}{t3*WbQB&>z#mlc%n%aKDuCuSnG)y*AJ z@q6UZ4}OFzsD>&z+^_`8eIw2#M`Xh0^qz|hbCH{^o%xD4(@bZ59HSpGAOzRF0aiN8 zloksIw?cw^YOB9$5dz%?3!3X!3=o_fDbVF%HyuXdedxjJtqmgcP|pNit}RNf8;wXM zOO4RJ37q%-41vEEJT$FB=&%S+gtKx@0s7-&6T>J0aW(vb)x+eItR>bkYKXJ!xF1!9 zC4_)rxG{3R$>0EcDGjd|2=q-inJ)PVN~j;1mY}vf`ig2zp`5}x1jiR zR557Ts%MvO{g!9MaQ`XC-7rYc*1g})5NtVc4)6-uirt1`G?bUcgj%S2p3;kz!5{!7 zivmGSddJfkqN1>GP~ch5$xqMDgk(QG%L~VG+r7$up~O#UHf>;S|5V3z1Q1a(-8y=%K95w$_zj1HY`V{aH)@vxx@CviAL(m(Mo>-xfDQ7T@bSuw2HN0J_T3pw`z< z&+LUA=j7d9_Me_%O=#4NjLD7g%I-+WP?Xqr=LcoEpPpSK%ka}PJnL=(2Z#2Eco#jZ zElyUhqViAAetJgsF;pFK_yL?n>sDsiOUe443$mGx31JJmuGgdyJZlUV)T?{`>ctuz zmxg1O>1*=8|HuFN-+!Z{pN~hs|BwB@jqJa^c0V2bul=9Kt?v)M{vW-+YxZpOa|lnX^{QVE0@xF4X>)>-91v}HtHvXG+_I<%q*Y9Mb<6<`c zbo5ty7EVWh^~b^f``~}|KM(8aT+8RdCA=sLu+3-UGwkWcH*%w$@xsb>P(*nr044s= z1Iy<$)~jt25z(YNN>2UX3+?NiGRe@E=Bz35s!+f*7#J#3QwcTD&dj?} z{x0N1rR9z+djZqI5@!LGfDm((QuMzMvoE6NCEv>(qr1em%V4Y0R@ZwmvO>S z9uSAmSB16=*vuk#qR5Y@|L*c81)>)sfwHhQuJjI~F|Z2=*mZ&$`SIiR4T%y)WwP?7 z2r?HBM|?`$(GJck%=WEyu~=r(z#6JlYN|7J2q8Hjyu&zLg|e;6z@=cCC1#%zk#p;Feilw@}ktAL&i`f7|`a~O2s-~cK5I2b1}m& zqvDHkmL+?)EAddGfu}RcR1eK@#lmZQTCt>Jy$%hpSi3oJ5SpxVI}#MEj%_mA3p;4ehK5zJ!Mc%G zW;amZI~qT*BpHE&3zp~g-#PlrzyEd5^xG>>YmY2NY>k!HS?QiDF47var1=Unh|0UC zxTL4nt)Pb!;v?E^qlEU^zSb>-Fna$rb zczw@FU7jL7iu;XS@C{om6WYhGp#nC4{~heK9m}Ua^8whX>L~!pdkWaj-s8G_eICo$ zy}qr;d0}tp2>Su%_9N4jhv|!tWj)-?z(>OM zuG6hjoCRF7_}XmKIxaNsDFFLj;6pRO zx$^Y44Yj&W@)AiazEhXSm17daf#)v%Bx?C z()9Oq67epG>{7&=5m;dFe&f{D0B@kItccDJd>E8?(<}v5wbR(dUGGNZ(j|o#Ss0VcjnA{!3!fie5K(>Jq z*$PhB+eV+BLp=1gU)Kemc>MXzCl+P8cdml+Q(?a?_?$ivCjoqkePQ)+0>JKYHPu{A z5kdHkV4s$TeMMuox1LN^g)qBGrd_PCFEIrB3FF>#k$_`7=%OT92wHjp0_Y z`52Y_1V7mO-3g_id>%j{^VS`5fk%X8iVO3pDodD_U&~p|_92zp_ z8cT*mUfY}{rqQ}Og{Egm#}=RMQCt3u%u;tUjsxb_gYD{W;Go%bY_17udfZ+;0%WcjB#|(v2`<~7!i#0Fl6~> zE$DJ&7p=vDM;nie8nB%y;{J?^+_L5kxHOk?r>KGpO{6!VwzE+i64FbZj82Y^w^z`u zADUHuHVxHsPm`tN(X3V$19(G9fpcvzJYnuhp~-@2LUlpW&KJxZTJsd;liV~G6Omdw zirLihW;2KwRn9-%%|a~9S9z)(GBHzN4pufXU7TTU%9LbK-0lEptDu}6SkeS0E;G~C z5`)n1S*kJf5WDA*_UnTn7Ov5Vx{Zlu3$}AxR&!LjTkF}u-LpMUSeeJ>_@>0~*c{4@ z;+i&JLpvz^6At)?t4+;rWJk1SYx+_a%(5gg#~UqiRS?uz$Pg%nD~aY?G*q6xKgYzk zjNFK&NW^Rv?jQyY`DC0R{bdu&TAEArzO?0ojivD!Y%G;$&^wf$LGQ4}Gw2;^owm-K;x`*{bOUw4;J`rs$ox|$$$X7ObaVqq{X22U@U9N{4o zWXjXH23iinUwGtD5fWc?_)u{vJF}vN#>4_u{NjR%b|XKJh_;5mzU8;;pIwQ&AdWhd z;;!{jAnN`jV{!!<0CEv7NHgmScScmP4U#HUpB*YqcBxa?wSAM6;a&a!YPOs%5ci^1 z8CYYp&TZ8@nB{IooE-`{wa4{~QxcM0D+(8u5B)eC1k)7)kNf}uF3d+Y)F2X%7=ogmQEXunL@^;lfRrbfG^a66dpiq49zYJA|Q}EwpNx4);60w@%@SWAYg~ON; zxFUuW-qXbJ0q6;9wG(FaGShWvYsMJ7j5-Uh$g?}PdUjYjw$CooXUH#94ytD^pc>UP zc=zn{@M$|^B6g9rtZkw@Ig^j${!hYsYoANFLJj~8|L)r=XAZz&HDC<9_b%L)ydbk_ zo26W&PW=-M=1Xpr+}rID7AdnOqT)(DG~0HJPPI9wlE!5>+q?(JE(=CeMV>hw`Cd@g z?b$fbljBF+|F8c(DCEY;2OK2J-p?ReZuJb3W#cnQmRmf7WZCZ-B+KS!kSqtua)W1( zEC1Vk=UL|#;7v8vJj#8_eFbUw*KXy@P#&jbw#nQvlrrOz^?9`BU=sg0p2=?UErNW;gZqR zh8v62`Y%C2_fp+cSP}PMACot5>cfFK7Sy&C>vwaIw>&pHPL1)fc4~~0r^}ETW5|rL zRb~u$iI;olDKdP?eu;IF7g?hDGWT(}rE?OLQl{2}wRqmm*Jv~^pL-Y&eBu?L6YC{P zlf>q9a3T%5!uGDbSbm<4hvT^|M&c!MK%n~u&qKKpgRxr(1Pb=|%rP-De$UdJO6;qH z1IG>RlzKf1_4((3O8jdd`U4B{6etH@PJg~^SI+Id@^+!^+nG1sFYbx=Tgoo-B<&+l zPU`q|*hGeq-2Ts(5R&@~**(6T$lNd1*72o8<_`9awVvNX!0b-#8G|ij$2`?ei2vi* zFrI9{HrcgD+~5uOOM1f%(%m546`w)6t2~2rx5hI_cg@cr-Bq7Kx*Mds9?u}%4bolT zXOQl8BHisS1OMQW_6QznyTPzKz^gks%{%fy8@$h+w)fc)*Q1koB+r8M6MhJVVyM zA?x3en_-J*$jwmm47nLLe}>!)y`CXA!;qVy_zc#q?Vcew!6TV z?EMUq4ozN2I+2)?)pB1bT{Px`}O;#4f+3Sp1}|8Y5SpV zcvj3RHd8hg4#eL3V4RZtY7>oF21?6}LEbgz&I7rybiOrXa$VCCcEGmS+f%q%sytB1 z{|WaC2mMiiGtX4KCUdQq>h;l4j^oE%9K|A1N0CS)w$$*CDW7E$*!v@@6rZJ|rHCPa z*U{cuklL7P?t(^ccrKQb3(58BETKxhrwg{l;kcOQx7ItY?WyWF);s?ju1qm`&m(pk zMIuY}BQ4E-gi!p-=UA5(3B%*M<{9a=pkVY(c4>WLx)J%TB<=&eV2IU?pFdzHttq7L zGrSGHF?>_HB8H#VHWOr!8c|E|Dg0+I2^_NNltubqNv0gR^0doy@Bi%n^{?w<_AMCg zZIn*9s7=^}0_5MoFodTukGvuhA&Xxya0hTXnux5NMe<2fXsoP{XK*epz09Q{M&1kS z%F7PPC1g{~e*q@)y+EhlHL(mnTXA9=D((s({UKM=A#4h2y8Lz)xcN5N-mz7#R_^Xq6fYDxZJec!}l!c+Vh4(&D*Mt571#_%V6=5qsl8*N|#>L1q7{dwuUUh5aA z`riB_qsf?@vnkCI4e+x+*+vy@!UIp@h{_oF9mGFG3EY45JB?`SFBsnk5m z5-N$gk24`xpM6jABYMpuk;WT|Mn(Ky9x>b{pj=FH>ypbCtb9@Si+rh=I^5(D#UUn_ ze&C9QvMpDHW30eIKs@}-9Fy->M)oj!dq}u;JicQ3&~dc(+Su*NFZEPNcF!c)j|KDr z$M=IV`74tGC1Ey04{LkP!1EutY6fBtRpglLqrW^~ELhB`X36RR4Y1DRe)G-WJbWVv z+xX_?+Wlda3dVsZ%26i0d=_#X9_fYN;BG_r0C7K_GeS$6okVb1f#Hr@2v9E?^qsrQUWWi zP7C~bTo8efkFo5Hp#UOF4gcvU6{tBlP~AI5mXbv*W@*G+Bte|2zXqyMfgA2am2f_e zNAtS~g%A9PEZHv{3)>J*@Qt&G~aN9)Lgy=A~PaHHFb%}*2VWZ%u>mzfzg4nZjpj2p(mLJcT#rUuUOATwGFaSU(}rP)5l$izL&YW3Ubd z!7fZPZbXe#Gilhc%O5T*h2#ou9~G#;=ZlPwroY&?oGZW~t)dD8plxYP5+W zR}>+CZw)o(3lL0gmL+?eVYuBS# zBfHy;Wjb(6Cq@yGT3$10@OJNw`EYi92~0neh(1d@lJ5c>*x1JuJ9G5Mt9PK7fPrin zHj~yFwDh9``9Cry4UKd}DcC5bsm@T-kvf0}n^D{)NP7_MXw62ERD^599U^aqbkyvD9#xfvH`}xYbMKh}Va9uP z2prT$lHZ#na>rJFi4jO(Wy$Xf3qV;ky8#*=Fll~AyRN6fqi5%rW7OuLk^v7*qoVn7 zuhqSg!8=dopG>QbSc&hcn)5Rumv)THA1=s*Mt3Z&WmLDM_%ze=hF444_zDr>1}EEm zuGc|6&GbA3-&{Ntm>(F)98yPstyF<9!}+zJk5)#skGg^`mscWbRkszFgzf8Qj7Ac3^W}vexGoCGT?a7|^^WkqfJ$VzehKsnP5w7ow zO~VOT6hgseUl+C1Lju#Tfw)*wJhqFNB`<@d{sK_R!S{1vu8ja8Hrjm}=_w1^vVf zRLA667|u3Tnx+veSJhn5m1$|U?2!K{MJ=3iXY!u2hoc7}?|3>JnKL`WlckQp74zsT_+KC2xL$C`r_-CF286DW zs7_X7NtLIp*9CVlqQ#xTY@T>JkteR)Ol$J*!(WiyQ&WQkJ|m$7B6hhhwY>50@%>TB zZDmRL6^O8bW~La@m5`96vjUDSNa2qDP-n#zQ851URzT3UwtxHc4btAJkZou3 zqXLAxM;8;$QcWVsKw74W+VjpI&NMzy?15tcYAH4l&+9(7wdBYZc5A2H=--7`7e4nH zX>P|Q>U)8DT%Ird;`F{WeJ;!wc3C>t9?|czG;Sv2h4p?%75nDph^3K;SxhF-)2#pU z&5z{l)QOR0--COa@YpG;3u@On<*B_eJZH8-DH#nbmUH<#C-^%iMry|(ct z8bQ|jKmv6%EnO=J5gBeS4qQywi6eTr;mV*vw(tEg;;2(byJpQ6e*w%3l|*AqHa$< zADJ%FB`=DQTiI|+WA(S@US5<0S&J@#S{h>NT`v9g2v5=J<;5V;K1J?=3=(bk+B2E- zz9}EC-Z|Pap^CxZ(-KlGhDUm$L6>}txPA<{>FEBXHPuV!-1TzV&yVWzGC+|xGEGqs|K5kjBX_l?3FEQcQyLC{1Iqz&;3>`}2kybCbK4f)9lqi0B6p z)YT!`bA#={XnStBMhToeS=u=ej2=sFq8K2svRK7;UQqHvRnD(F7U2;3ScxN$MD%hQ z${|NMVzVUDYmJ6&??qYuYN!G)u-%s^P{13jvBTARS!GO4lLU?`Q(BP)jdO0-^5rtd)oV$kJ3|N48Ox7#(AD;;{g8$9rW%k;)+!JxK=^od;TD~x{2!Um z@|1hYOPA>(qA8(?5+TnbnUzFh(7tZSB%E1+vd~TgD;rU zbg`_~!^DfLv_B$nCG$`Y2jXUis}~pGI90;}kIZx$S}vGUbk=vpKVoZSPUqQzrbIFt z(@Da@hK~5S`{(mODs2#v1=t~pgkcR9*6%ztsl(ndnP4Ib+RHS&kxBY!@;TWUR(3x=4OUm;6smDgYQ=avxQw#&_R>2zr0=yE~r7ugO`a zv{+nOaTe+j14Mu45Rq9c$jU|DxDfx&#qVr^SPL4uT)rlIVVgbo`?x3zgu-cZ8@&nDgc>%JJ_A zv2d`RMs|^onHGelDwCl3$RKYfuze7? ziZT12ULF6wpk3#x6pzy!&T3U!JSDfKJ9j%KKc%Qy#Z!`u}Pm$p|>KE!EMUY zU<6m^r$%W#(?Y7FnBBAFNb%W-%4p6ti*zR05nb{TOg6>) zwTQp+w4|)tZREj#(6++b5L|2P4{8=wQOnhv>zgn~V2)RENiGMr0TfTC%&L98ZpiDo zf$;={VTj~{YnAJRwHT8#ni?E3VI*6|7G1bV+Hj^~HUvXk!a`#F%2H{+M%mvtuM*4=JP zW?Lj&E^Te0mhSocYqzS?MBBW!UgoITkzHc4_Jw85n(W%RTn1&s_FTU`vJU`+KzqMQ ziW5F%M*2FaA=Y-|EK0YYQ}z&m|AORk%u;h66!->Ozh1+Mv?;HAViBGa!=b6X&tygZC_s1}Us9>qxf{bXcp{`(x32#H+6ayUOSWPd2K^(BRUO2XZyu}@FF_1UzqmwauEYr5E z@zXPNu?W&T7nRdy!a|G)cbhu}`Ba*a9v_T!xA>jg!`#503%Z_%pYeNUxd>Ow&-^eyn}sVc;3q>0zXYWQrMTy@Eg@L?24rzEzxxkZ9iY-Q{h5YtQ3L~= zP@VV)ksl2nhFu&nnhzQ{#lrFUqiNa0m9UNRZewffbSJeF0Ts&Q&7;l7vM`UHu9ch2 z)+`sE}2w;!&CbOn@A2R7)U8L5PKj@Kq#*qIZ8#)0(Q#1mgysI;`60cn0PJ?`B7<=1Fe8th zQHdE=H5!xC!mPE-lrGQPdEY(y2S#r}~oaEDh} zG$+)Wl^os!k4T_80ES}j^D((*EOe@vXA_7lEI7;-{s2v!I(qT^_{HHyJzu_j{<0ju zN5R0JuzQvi%;K6ikK>!!OnaGkoHtr{i@qDKwX;Soil?)FDJ@C|3pg7wlXN*>fwnuQGFD{Y@Hq#5 z=-NZIrwSt>wRgE3c-npDZh@J)#nWT{{p~GI!F|#E_SFfzhkt&1=%R%9Juu5*x)3)S zFBR2A*CcD(<#-Zw^|(R{3+Td~^TGKP!i8eN@b=S0G8(T4`vj%p3i3&flkP>( zonbZnNu~|!=SKu@l8}4{7*WD)H&cC}GQ~{Y){IZNE8y`!Ih6B|=%H$z7Q+RfCJ%I_ z$}9G@Nx^pIF`i{cF|D2ZToKv~%K(QE7g3Z+<;&)#?KWY5zt8do)s-<9u z9>SK^jmdjq>jnpNvG}+BFf~O^1}-k04A}SLfg~cGIUkrHm@`?`lxo~_E;2>V(PA<9 zayj=7DplhA5Ovn%ahLfI=Bsjv0;O8Yh)KMdtXeF?mCyxgQ`D4k^TwC5+rw zzj*7FTCRL#(B{x_sVI~cLURtC%NDpOTrXLKZy|y`9+NA-lHA2>A@1=*B8kmvr(7zZ zz$1rC4g~foVl1}#BeB8QhiBIU+npg-twc=8?Frz58O&P-9%}oyDNk+>4ucQET&+X@ zjLHd}8GMbS7@=8`X%37ILZV+hue@)sAG&_+&>$Xy=7qS6E;a5Pgb874 z&P3n^eUT5f6w55h^Muffb9)q?D(eny6Xam6uGr<=S@)vi5^ro=Y)^Q(=7A%4YS}#n z^R7`;CM@{FV2e4<&sfZZ0x6qjAU$>d?DQ} z8kbuY7GTIvj8cK&TmPP=m_W~L4wAzN<5t8ylMj+>TPz;ZKH1d6;ebU#!L+LJJQn`4NVc0rf5yK0%`O4QpHR-yHZsdsXhNoyhcQZf=O>;G$5y6UMt zeVZi-`OB;0-y;Ha*`$z9*l%DIP#Qn_^y>KcN6S0@>F6tiNo%tRY+GDdWT}=dU?>{o zT0@wtqVFhv0#f; zwM|M(#&oN{esx~Z$GPV}O@L>TcYDBoyt*hw9eljHc%tD3=*8c?Bn>LC+oY88=A7h%I1>vl?{6S+O+Y%Q=$^mg;`0@ZE&CKKp^KV6{QM zY*dF~7(^se%|2P<=^a}^%scChy(<}kpN~(*FE;3N@|^sXl0U(G{6s_Dn3)$8EqP6T zdS;_NetLFDetK2`HvSCjNi{@Ca&4fEznAwQ|CP=pWBE@ImRoJ<<45eDG70{2%|QWg zhhdeUXlnmqvzpLM&+TZKI3V~z#6GyiegdMgmOjV19qDMn7k1@*saQl<8WXirnk~X# zb(W?q34h5HllZq!zv90oBDE}jeZeCsl$dIwW)c3BGOZ%IWcW*cny*g0+NK5{xhXWh zuN;BKmeo_y*tC35S{wSa(>%xWacZ8UJ7LW&?4fIHP&kLpQ(}Eu(X{zpaDba9o1f{H zZOM;$^P);8zj;=085&=g??*>NyfPh)%q?nc5?-vvM&Vs+Y*e^@jjh5PS!lF&{^x3t z?`KK^{m4mk3%TmLljS1yzCa(NM@*d?fP3Bixt$#3kVJP#qB|tf{W6m1_7De$OuG0C znRH8Sez8othdG7(B9iLn&y@0n#TV8E=u~UASoTQebyKiG8#2w)Ok~QAN4!rFwIf1i zMYI<`6nuhb46?+bwR@ifB0L}>C6uTvikMQ=iLBigT{R7U$r8-nIsRT`l6*~`lmAWj>w!u}_5ULk35COCspg4IJ_Fmx61oI`Tg*miR%^DS5zLL( zubX8t$KuladSCZqBOKG_tHs>-5Tp=}=@QBcNdUXAy=$q^r&C?8Bd_cL_;FeG ziRYV9NTpK9S77}?Fxbs`clb@K&FK0l$4=;;&TTjTo*SUpdM{h9v9v_Ot?KkqmI_`{ zH0g!suJX1;9H$!=?(jI=AM1~0i>=%AF{vQgG7<|E2Vi(O`q7-lS<@)tzH%i*m(~V))PKTwUuy=QcWURpa(*d#C2xQrh>U;8P9|VzMT*51Ta1X#WHrE2brirf$RSEN;09X76i;s?&sW-tswX5z`QS9?O&hB$p9OLMPGV( z?Gv%%M906qqp?YbVV`12L6DU}aLFnxnq>A9j3X{ZFlvr+s5*TC@|$>00HQwgukGkV z!68EY&_THn?hQqj<8n{SzS5NJnd$7=-yv}^lTyfVfJ~+~>MY+|_j*C)9qzxidNl6M zkp8!GBENz3zp`h>__J!Raj&?VtTY2b$K!=kCUSR&K#H64lqURV$3qIdNM$@!^q|H@ zn=4+;42xV=t<`)(UoDFH^(^w|! zeJ8t}!lF4%5|%c&@z;R(%y$TU+<}(67uK~;Obt!+=HCF&WAY(&xJFew=8AX>@Ww0c z7z=x)J+Q4Yo-WN=B{y5)rx+&UFDAOwf-IQ?9g3e^J`cyaG(x01PNXwZqzSA6RB14! zW@tL+M9VFlcETc}=?+1$^8}At+_C2Dn55kcGH=p!CGhE+CK4vIUZP0T!`lhrj{*+K zm3ety7YFU!{nxXDVzJCDTHU*2tG!^bl7PCyjF9aPOm&M6YKv*>(v+VePq-|lE`Ndz?#Y)HF1uy^~UQ?5Bpz!1}S+CdjL zaXU=W@f5&Y_CqdJ0?9+Cr9!t5;jtwY0bK z3W3&Uwzgnv8>|4`(MC$q+@=-Lb)q;{I_dSy_%<8&z>_$lvV|!rO!CjRxj#HwW(++a z%Gk#&1~@bS4UfjGV#X3SNYW0-BFB4v_&FnAry?D>F}`-jC~U$WFU+2q-JVwi6|P>XW%#YGyVR5dJy4adr7Ww4YSsW)`!wUwB>!<&r-;mR(?`8=1IR-R51$RAx!)&)B5G=>C^BQc#mikq9; zkdIgIx>uXGEvT`pYZ4PEDqQfm@}~*GAt0Hk&d-U*P;0NVIas7FOau#VfM2XlG^@zM znJHZe8*+SAsp6rD{@)TqV;Gn&Yl#;K>ag71^^l&vNvZJRwWJ z2m8KuP1-if-A1$9sC7G??xfJ|w7H!sH`C(=N?f7AHP--8qh)0=3;$_&wtpmx zxjKsGRBCmER(o*9JkpY~DZd+Y@t-`MNv4z(kcxCg7s-0xI6gi;{^sRN`2X?oaq0gr zUOs>E%|D&IeEIU5SKqvNd2;ek$IqW1pS=7ha{O3}4xdbED*x$t>u;48_k}#*p1Wh8 z+e$9N9Nmm&ECsjLNyd{H9m~C6>;3WgoALAC5mIq7d`;3UNxVC6@j&J$wd@ZYys7bm zy}(hf%qZ}4?hG5gs`$hfz7B74*Vyn~4;R9={j!|=8n&R`!LPyYQg!ZYytR-YI=nV9Q&8O5bK_y_A`jJUL4n#>mu6dPj4Q>n z^CoXvn1`>54`sG+i>;rUsNv)$<_MaNeUrCWHmt~IR`s4ZE*#AufXKg~O)>H{Cm|M5 zfd3uSa&-TEd~$qburN<&M=*1o$WhI(Hj~+FLX%`%6elnK3Dd$KKi&u**@X1Hk5RtHCNOn43lx*n_|ck5 zJmxK0?eXmeR{I*syUPbw{mjCBOAC%?b{%oQHS}8t>2I1%9oM|(il9$rS@>&ZZ5<1$ zIhs3ITc2XMt+h3KxOsHB#rR0DUKjn+wr)UPZZN#Hjnm!+vAIvQBe%BfK#IwG-aBWo zZCs1i>`QOyw_4Q3b<=c3BC(k8)Qe$O2(u#@N#qDh7Zh+uo^QT!Xg8G|;4(Ltyx;@L zmP$)T7sw`90D_m26rWnl>q#@0B#j@7!f2d3k@@Aedl<~)fd zOTkbSbIBr|pcQN>Vnr@4yUrlyM!;+c$qL7FDz6&YMoFeLlNXm=?o&7Q{kc{wnPR9% zxN@s#>KN3lX-vLbxyoRNIf%I;)2944`O~jXIaVtFUMT%Nqj8&e7pW^$o_F+TJlwZh zWls4qV~{xxg6mr*X_=@XvP8&Odp^&wK5&1*Y)rZy^@XjH&J5OQQ zwuhHusYHX+1#Dzyj>_HY3GP1kTseQmiu8ghg3R#k!xXa5@l=n59O0@82E4ilgU%Ft zizlX~YHST8t}2~9T;}4ztGexJ>^gDQehMSzip`pn>#;+NRGSZp_op3zeVw2QnI@T< zUqHc7+UdDk=HuUnoeM{Z+aJ3SIsrbOEO?S|#Uhc$3Toq9T94CXUJu_3cMu>HJb|)H zD@SMiPE16+8k19!vKb&x)N1z_bHONPMTSWczF4rBQ_YfW9wFV|UZu zn^0#~Deip5?wM5VvV&Q6kGDRc8o{ofT6I37HboWw{s(iYdkhNxovxFi=VrB-$P%|I zUVEzoIF57e>B;f&q7o-xeb#e)?+#@EyU#lO9N5u{%p8tk;E*Zrb=#@xz+kv$@>UQN zEdlGqKmx^MJU=xE2QWQXV$$d6&yTFIl_sHZ~7 z?hSy_CEXIaDFJ1Oo?|*p<%k1KW3m#NbZZBjl&>gltJZXkxjy0TyC0fIca2IKe2OUk z8hRAZH~yrUQZ59sUDF>vo9bbmy5;CA{QSs$z8y#OCxnp@cf2z;rjn|{bgF|64!0g` z)|sw(3;;i*NymQHPW=0un@b3#spZgN?!5*jp4W@ejSIqV0QHX)j~O|=yikY4h6VH- z^55t^y@t7VLyWA!k-Mi`@8Oy{+p;j`Y|=*cDZXQ#BJn$6asIM=pIQB^KzOi)!~xK=l8Ptu&HgHvO2C9*WW5)(NdYlhJ_8~mNg|S9lF{~4S(PN7Vi_OTm3KrwGbPNf*)^YCpsY`x&lUdsgMqp;B zeF5$PHE&wy(>xPhSKqiuNN(O;7Y>>EyU5jS?`EKr8aA$-7mAqFS4@fIzDYk>T*g_@ zzR`#g#DFwxs&qp*3E~VL2l3Z-&!mPSYyFkhhAA{UqS1mKeO1h@Y^PRFYdf%0EEbeE zm9H%V_#B(oS~%@6g=+W>&?shCE*6^F`kdK$)PthcxLM2`2E$mlCu&!R2MHp@u20`L zrd8;};hW)lrOeUC9cY=ow;-qME0prSa%-V}QC)PJ5Gy!i}(7563TJbno z#M-9bnS`S^>FrMW(TVNbhrlSVUbpB2HZ3|v6qV>V@2;`cA>5}XtWwC}vZRtOn7ITF z)mb!d*-syejo*!%)V8MQtyMnV<}-2Obep0rogfhySxD7i(C(|#F4z?z-PfA!7uj|g zAIZB+Cki3bEGYFj<2}sORnY9pMxBH2DFbQ4q;;K`LA4fmsmh;0g^X<+ENpQYEi4*X zmAM;N*RCyXRU^0{c(~7cOuJ@GX0Z^oYDHy*ByeU;Fm91GxJ(#Tkh0TC7$DSnRMjxD z`+S&Sr5+@|818}j{W7Qr;QU2n9t7SK2GQf-oyM0^h|bns_T@s|AUKYnMiRQx9w9%p|1rK2N%{m;7bzdBm3 z9Rl1Q|NH#q%WqD~@xQO0KOf?MKgaXM$N$2C+(iiR&DkZqsgDA_IlF8P1UAz^+*lh6 ztfS>G6%KrJcG))~*fbpif`@?MAt3k(1O(rlU9J}sd~_!F}gh9oV4%JTln) zwWGk`rxzmopC_L!NOr9l*`T%KN9vwDOtzuPI&ohg07+eWO%ITZ8B3YuQAL%FpluQ2 zpLi&1_X7GYf_zy)M~=fAf>@tK5Nj9u`8;8)2E)72b{IfvhOLVs4L;W%Hvz$=I}9Ox zB2kmS8f5ZFuFgZe;%_Nlafr411!C<0vtCM}MI<_6$I7HL=vV;9<<*D3{JR+#UUjU0 zM{a0&XaOu}=>V*mT-ZDn=PaS? zI0E04x|UQIG)}m6C+%1kTr*$-6w~U^2I~ndRK&G%elX^`FeVk@X^eK|j)84P=qM3j znVvHUhckpCqDwmAiQx{5-{2zcq8VD?h?a`dxHKSD>0H+r2DHnhjy69DKj;x@4Uv0fH|Zzn4GksYNJ3Xkl9%L&)azX^ z>*7uvr|X2j!F76YogQ4LJ0~-^PH(rm!FBpK={mhT<#@OL_z|28cj{xM*1eY~4Y@N$m@VUWdt?~>mYlF+$;IbAxgUedOvxUpr;N4Mpeqry9 zjr=qQjp5UM`sn|Hh^Gyze|PBrPF}uv_3~v&|9A58_{E_A`y9^~ss9TPQcc5L z>zBW%DExx&mUMlKaJ0{+<_qd?_6_mRdxZ3AT@g9}1b8(ZiF-o?*~8J^pgJ5>hXv>l zs>9EqI?S(iAFW|M5@^#+&^W%7Y|1}%sS8hC!$6ZnMw2cqwR#c&5{t>lt9KAVV9_5>qa=%sWS3ZXeU(r(C;LYY&iOsGo3+xxgeo4L zX1d0usd#|Ca}9$71f2;rKW=k?Bs24lw6e7?3`l+97j6Ua?^5xQ8c|W!Dj2suKCl+E zl(ml!7T0^rS<)aM76JKv-aOZBx(aONUAD>DMd@oolKoz1Gs95Z%hI0Yl zPaWDKW4!r}YDLVM3qTFsp(s^QV9UXGLpUwOJ!`8DSq4|$9-^=;9tnO$|5ad zhD27ZEjppm9ZTa4A||S6$u05ds|EdJCo>W8YO>O0wwiRJ>jnLEg+qKN;?;MnTI*gF z_CHp;l_DNK@kM4aS)<*<%o@RJtJ!%zX`iPA)^h-U@Zl@=DPpX#NG9B0{3wikNI2X8 z!*f@vz1n+;f>ASdLFS&!41S^H<;e@OZx>JAq?+p$xe|H4VnC<&4`QVN-GFyX1vjK)u9quFAkn_TTy*k(PKOc?|l>{Y`;VRs+q zJen6StaA`Y#07Njr}*L zZknYL26sV_prMmg3#rKI`*X7YKmTXb&KPp>;fn14pZ{~PTY?VjVt&mV@X#%cRWz>+ zVk`ya&ht1*8`2*JA={u_XtZe1&)`$$saQ%U2@0>clSHyincu=)fnYeO6Th8rFu-BMgj~AVV@>f@EYVUg_7E7TT{a^eZ)N|hb!)A-$=BjEt|FNK$ zXbl4C<1^IdF|?7tP{~Nr^z_Lp*UOcmm#fetIts0^Cq38HWzlc7=Wi8?+lH^Wj54mj zlZ@WgsRN1?a|?|_1cooj#J=ee20Kz5%vp4I$s`vIplb20>Elz=!U=&9t+)#L z-Wfz?pho2P45#0OR2*)v!V8Hk*$1Z-o)V>L8c$ZJt8dW2Zs1G9)?p6<#(;ZDWhV-9 zxt4r3W72Y6k}sEyw+hy=QLN>ZCW#U4&+U175{Ke#X;KbAJ`;}-wsXGHZg`W3ZjS*l zoez|I6NZ*6tM8XAf)cd*z_3yW>|GxZ`Qbm*yDWS>=x;%9+ zoALTix1bGGiv?WAPVUmSD=?V$r)?B=ZV;xtn55i6RV;Pt+C{UkCTax^Nv2HO+0T6G z2i++7OO?yCqpi(ovQJ?AiqAxFDJseqB5Q=Rn4&TO zIB+ZIgL-t4DP4>}u}8gI@pN+h{AH_+p$QYV-gJMQx;V1DWl^4lqhmg?)s<(TIJ#6= z$AO&o&j zbf(3EY97(%#mzATr944P1k(4Ju>948kvq23HdPmRBM~8+N7TYqoks@& z=Yf%|h-3+HZH7^4aE5QUKDJC?D?>A^ymPs(*K2_J^xMaspM!C$&+4r ziVtZxQ^gvCr(8t31*-F`{CM?lvs_|0$3B?Xg-N!gNvuYrHLk)XB?T;90_|=O%2#%c znfwza}>IY#cgp;>?W(U|V;90)d{B1R1%vI2Bx45p*@<$9S-yozM zgT~tq!}{Um=IE`r2OXj07%bj0smtz}cdBxd-s_5(RxJy& z9Hd!F*@eqzyI3!#IRsU4ZLqg8+ZJA};r1P&_I<TQ5iS zJdIbCjvfwk@!(?&?FnlmHwCvVui$DqiQTy%tS4e)i++h$rb(ve7uM3dM%ID7w_(S^ z@o;wI!*vUF@SM)Vw3sS-U6O}62PdE9DwhQjrX3?sM7(OO`k@7Wj_}2T#hhxEtgr-2 z$EYZ%ORibfJCv)E!xLA8&r%^fQ?~#ayJGiDDh6eU@>tD+PM_LfMMf8W5<6h8KY)Ot zvS^;$Ob&4k3TPbyK5ozcL!9RjZc6~Sf;-^xq9NJ0AEOU0>XE|%RUds*AVK3|8hiW+ z%RZDn$lGppH$fp6+K~-7X&_~^b0TRSIslx@6?ysc#UTuWzHJY@n@qRD7nN7)M$%NZ zQ=m#7sjyouUtVt1vg|yf)|TG5&|dczi2c?D!+q3Zi#C#DQ8Z2CTzAW)g6LUf&zxio zy1aE{hwb35d34uOY^o#@L+j$1#h(Yi!+wPN=yF~@7X5I^%Ip<^LuM=TwEyf#-(9sQY2j?DQuLODVm zT{AsG2pzeJwNub_p~RxBDW!iSjIN>6_UG4OTfpB7uC+nB_e>I+5|&1CwKTuvl^A*q ziPhH(2(LSetC6+Ndav4neHarhsb;gjc>dZpFM8Jq8s`bT{E#j450q6oy}J@w8efSC z_nu|2AJ)F>(ss0rYAxOiv1k=LdYs0t6lXotn}J~*E&BFowah-($pME2cqynvPfMyS zm&RkCrfvMXweCq4am5b7?E^HGQz^YH_jDk%d z#|Au_J41nxXqGX|AO6(HN7;>&Ol64%=a{shn7`0YQ^2^b?Gjic8U_WCD9siVCdvM* z&w9H69AG1=YTEEcTbEz>5Nq|--*Nl~H{I%WBQ3A%ux%oF3=0TYN75{*r>@VLcIP+<=Q6eg@%sks8DZIw*rU{iDb)! z0@Fg%6}nkMfn1SJ6CT08?IfQB?6262^~qMWSF;1qw`8$4zi81|0+x6yg{q$a?%ilR z^}!zHyMaZe6~t7)o+L^BeZ#c0P1LVw2PX3nZGL6`>y~9_1K-)mX{ok6Ze{<<6>^Ju zT3>t&rJj~t4qi}c$5OT3yVVX6#qx`7TKPT#O+>F-e4Hx4IXhj`)2UTY1|tRDPM`re zHSoHp36H5}fshhbdTTc$!60FkJFW=(q$LISJh()6Y(;K$qQ()uHDus6qT@*F+pPo_ z^U3v~={r0gJgpKw1YVGxqDR?dg0bx-0D@NuTPX`gsc(S>z+ZQ4wH+XNir4G9b9bXJrSR4HJ{EgR@s z&5+wrIy?5!SLpg^XJCI_TVep+?-{zgoF<8QILqBe`|yoz{p)T~J9`J>xl5oH66gf;z>_$lGPdu@ zv#*~$Eg(vXLt`)ZYH`iboOM8_hb=?n}m%e&bT z$P~+_B(I+hxNkl!#agm{W9PQZiVeSTto9@QbUN$fFMe9>Rm_vc7gj4z^Hp}xwgm-C zRYaqC6EC=ZCMz1pf1+~Ln+H4%+t;$a=5_A**ra+6BQwn;SbSs?h@)*JKT-A9xrwJY zhiRiwK;qKxeJ@m9fxapvg64(2o@QoE|Hx>9wjPUanjm45{>5TJd5VtFpa0ZPq69s4ti73fmMt`}!9$oq{vsO(M+A&NwbdWpw16hce{mUc~ z(cNZSYlC>fh|Kls5)A4+)_7LeujERAfy=JR2-~zT5Z1MkhCGN@e=k(Zrw#77O`+?y zQ~O?p!Pp~I05#p?@{Xl;{LU4&>=lS9`RV$T8LH1J>-rV;YQ0m4OF(H(+%qY8Y{&Vo zbXjat=FK(~X8l&u1+$P|Z@rbCr4_^bew*05U>M|_rK{~%+Q+;@W6XR+lgmyG<(dhm zYUWS?m<0vaRBcvpTfW8In&mQCIo+$J+-=}#)W|sS^svM{K75)DJKF-Njjii|(3DY~ zN!A;A@13)yWDo=X8hmOmnOtym7qpn%<-FZU(LWV3V%Im6ArzDwU9fJ|x%I?=WA8Is8ax6drNw!q}KbiI9&f13^MFwC-wp#}rv6G-5Ud zmbny%kT3=u_3%p~C5eb=Vm7JC?Z$Kgr|qQ_afX)+d37-TuS7;3Ky#n)JBBUe9AZs? zNbk86DZupqXYYG^WD`?{ZkXkH`_;PKc=+CEPnEU>9_d+V)}JMg%@3oI5F9Elzi z(TKXF#_rrtzu-BfL}^Hh^T&>}72hNtQ51Pd9-i~#`2#du@yz`IY=um$s)E%F)+Pbz zmzT>>Kj-r+A{lxKs+N!j=RIj6&2U9%)U|GCcU65Znvz>*i}Sj>%Xzwk_>6*zvCmiF zJAzjFT3fUVjXgB>vq!1ci-KprvZNu}y7rO{UxqtCU>Qw8+eg&6HapRvjtOE$Bs_>Jo~|1)iVPpAk0+VFoX@Y4 zj%PH2R7zx=hEF0ZpF(5?lawpRYkZ0quy{^12X$);8fbB?*zLN&0}GEFT!SbGDDsN^ zK{W?>N4|5fJhe6|z6;UlJ3x}Z3k9+tGN)CAT>$$mp1+i}+{_>+pgmZ?PE*9#OHlB}C==3B3Mp;q41`hc|pqcG#X2OAYyRjhP8 z(dQ6fY|=Q$HBgq>R(r-Y($X|51WgJ1HNTmg%HCmC=GkpQm+lC{N9d!DYmSb@Y2z}L z`>AFoblF(o1Unj)f?T!)uG!_CGu`{$6Y#bsO7vA5vm zq`3hyw;%^tUO3sVj6uGe?`pv`m#(BR?reTE15=pmZ#QuVk6?btOB|+T|J>bb8v?JU z+)zM8f0iSBWG_J>>CkFj)U;$`9bzL}lY=&1-DrgsEO$7CAtu(_*Z+^)h>-d3M_O*k zwVe?T8$vQLh^B>PG~d{+Hq!?8gkmX~3ib2Vf*N1i){hPxdoLufnS`5KWSi#_~a zt@pvCkW;-rwycoWBx`==%9@7;h7Xyz9ZMr+F0#>G#6&g6tn;RuhL_wkNsByHIAuK5abj~N#lo7YED9yDwxXgy!zj4M`mW2SOt-QgX~M9acKLn(5gv6QLGCs2!HP=S5)8h`nL%s~g* zOvj|&>hGHI`OW$IoV}^qW$g{?JV@ZBS;nebktvbvc8&QXthDROL@nF*GwkQ_cB2M))_IT-gj6x(Aj(s1&Dm~t2<9fW%xg8LCGd;lgKaf8R( z4soo)$J!902t4+hmPtmD^R{+3vI*;Go|@dRtk-@dotImGu`wX)#pQ=&&f}{ zqDtLd%`bp=Trgiyt1d5_^}wZ00DW~cLHCJfsqNirBdtUxTcp-x$AbiJxpves*nL4jyce@ z!4gc(wGw4qlHMBlMe|b3SVhPsElo-QTKrZ96Pwwh7nxj{$cm+*1ClRAmm7`&l!V+i@s9CB_sz&y2gcaz!sCw_j7@mG%YTaMNhWIz)nnuTBx>@0AhxeN@J1~AofbUT+@PYd5Y;JTFGc+m zWVT5k7uFvd7}olNBU3bV%f2gr)kzP*m z2ARfg4qttygUr~XFNb1;T9Vf6im!aUua~0LR&?Nc{W2OK4&d;faj{attrM80H%WfM zm`bvYY0ZI>Tgs(l!)GsfPXacK#?=BMLkmNAG%JIK_%V`I>M_HRceiJ}XOgBx*}$6C z!^Rpj>QA4L#iq3zD;ttbg9(4^b&_?-Tk?D67{qlmrktIaAk&boC#X_8GtbK$|NC@+-`lJvOUOGS$-gz*dfKe=q)BMjtKWEHk34O=8|{uZyGb^?FBK%;4o3ep zLBmak_g7TuF14mWfqVVY^ma789ZheWGMe6Y%4mA~CosL0u7mTSs@Cy_cGNZVy9t+n zhyiXBfdP_aq6Zrqs+qQFo!wzFg50DgV4+k-hpS|!Gw|u@i$F;G_)$Pa*~PRLPPly?6!r;f|<%_Rj-4Wn#{&^*vcI8+x69+ z0UDZ>ku;8`b|*Ek9)igEE#?gW?fMFGf70L`Ch#}*Kx(ZN?%Vl<%{mWcO7-tnlPcA- zT}{T+L+l{i{o2UhM%c#2r-78ATKy=&!T%W0iR}b_^3SkE!&zR_vVPm8y6*;yCF@O0 z)O&C*qB{k4^o$NCxw>wvcJ>GcKdR_~Nv=#o)(pA6Yx71lEDlA?S_Ctd7+to&1~AXs ze@;x#^9lC-SjNMq$NE#dZzV6mw}=iM?kr3FgVA)Ta@n^*pW;H?qb{IC(WqNLw3PZ1 z(mov5v!Ey}BM_8A=XqFkI_i=^S!vgGbCARVQN&prMZ6<^gaDIPC}|1#jKmLT;lS_M zKY&L=cs%0kZbAn$z?|Gu$?2llE0$AqlX#6#`a7eRo6dI7e+OAAtanc@J39dE7afs< zn#+e47iYOt0Q7IfYFPA5J#Zs9UOsV!LFd4xxIp!njGPT_7ezjEBY*nR&^EOpG67-6e8#@=y zzQSBRq01UvBRqtk4xvfB;gNxSPFco9O* z+c_kBwPHD^HPd_PrU^He;aHFqo+Bijj9D0``|Ba!gq{Z!SYXZWhd`5 zFY|ZgyYJwSs#r@}m_PN|3HN>K9r>^S{uWzh`R`1s=ErZIagi+NYMR|qS*t1D>Q6J7 zt7*F#{?RV~I;+&_hOUa8zHxSTcJ{;DxA5=T*;)VJ@86ug`R4rX+qXY_|HGTN=jY#? zy?%XucJ>W9d$dtIWvyx|zd1YjTm8X(CFR@6Wb!SoxLL682(38#qh=*6-_y_kS7~;5 zfBr3QfhH>hT(f=9dRN5#AX8V|U$_0~?B`Z(0B)C}fB4-jBx1YX0JN@DG zwcb>c!Rt3#-KpuSdPmANNXR8!v3I1mAls$-t!4rGn{dskcXsmx-|g(@k4-Z-7Z?P) z;Hv(0`&pCa$!`5_2auca5*Tyuq2>sg(5wj9Nkucz9quiE_*OG69M%0fEvh?uj?HCv zY(*`@6BR4p&n|y|Gw=M|KZHA-wq|P=*B{z|-zd`q%w=!&b=9`Z?m=+KF)8kuyyxt} zIT`&YqOKulKj4U_wLKuJp>?xVD1MVF^dibR|8cxX^P>3e$Z6?Zl zCTk*DCYB}tSJSq#epp)n+mhlyODt)DIvEDNUr{a0f=k%CblSs+&t5TP$!ojkG&5e8 zyxvS<`|!oO7E(GsB_cDR zw*}@b#8-{-*$}$PMfjKb4Y8kw$>>ubo#dJqRXYWmV7$DADRLc*Nv&io7%}wiDK{&Cd*o}zq}`rr0~+*buO zl4q0fpr-})A8#pwTRrLNg8k=Dst)#hKco@%>$|5GI9k}@bXs)ovmED(e{U2b>&UV0 zxpCb1D*HYFtAXXMI-t)Io`pq)UG-Ke)>?g;S{KLZi~h9z<9t+OM>V!f{ZWm50yVbJ zl2SC;7#oXe5NqNm5kX!@lh__+{L8dvfy1ANfYYsuJ zA;I>@r!C}M(M7?2xw)CW9vJTjr>cDqle|t}Lyuj}6mD*ZEQUN5IVbr%9I_VAbGdBHA3Sw1JKUUvJ`_ais%-g@bw z!C^3fh#nlKF#60`HK7H+??6ZokAp&-+&}yw%aeK5GsM<~TET}(g z`(r6@wmYE^6%mQ9e@6~Byr!)v3qW2@_$|0r8H>YO012#Vi;0kNycI4P&Gm|UPBgym z_9;eZh{;_94T7>emVGwZS%q$~bj4bVQwb(;@DWf&@HxoHNa#SrCe4I7q}s_m;=H&i z>Yvx_czPD+?*SrWoDbyU;6QKIyh-V7Ci-?=6dUp&c_T%~EuLPXbv0UgDY6jx<^(oX z8FI5frWGMC70cF=%|G+%cP9Dmkp1=L)(fo+G@oB}Vm#jK=lZ|il@=3mR`d^hZm1cP zey7^*RnPVt7IEnwIB<--YLAfr;}aqUoH6=vn%oJWw{>itR*Xq46#sU8Ine1@TeE9E z$F!WFHCO$l=l-~)y!5W7`TI{$KVM6`^qPitnG)~Ll0wuM?-Nym>rQ2lHgNIYDg<_L zU~o&l0V(tWJyCpFc2jLXzEXf&-S4XIQP8%0(~ZCfF6wridQDPv{SWE`J50=Ym2r%c zg8$cr5*5M$JKKJJGmQVAe}CS$|2ltjHsb$JQoc(3-&v6R0{=Hx^S@OMsM;d_&F@=K zfBVrM#@{@6QgFZNXtJHx)tulPuBR1TUc;Fw+K?|q2@D8MSFG0Zo$;=MR6DH%?EsHX zi%F0>RGQX>n!czDH8F%8LG}@3?^1sR*`EMpZ&*nRy53Yyh1F?Ml`|=7k%?kRdVcx- zYWAtA-04b#rmw3?NC>-CRfUn~J@RCsNw2$Q+On}VH4nR^Wv=e%X9f`kh0M{@wUX?X zNmgbonACZPTSbS(X%bADu59~?99w$Ncy-6*e9dbg{M@DZg;RHc;MgotP}h%=19|O% zN7j|*gZiiQ)7QJZ-8dA)PfzgEPe4H68}HYHF)uEfiXQdnr6QFmc(!RMa}i2opBSROR7kmjTXs1H~07nxLfc~l~0#13XTn9o|Psk_HW*7`qF@eI8 z>T${5mz%+=2;H>RE^q(J@0ovyPQ!WsJ?{%cv0gy)chtpx>FL%@?XAFXj>o&EI;t$*Gi*Py| z#=G=~Chg(!1pI47|L_XR+f@75)b!dwJM0`?eT_EZ=_)|=h=`n$nNW%^3ge=#-VyVW zo2&Wx*@^qtdFQX!z9ayRne5=8;~ zVh0go7I@Da*b9$F-ywDmSYUwXOMCER$h zk}e7@Gp=i~qWV~atBN~TI*Wn`>FgY^ZDZbWh##~*0WxuZXhPSdaw2pu3#A z0reX+zy{{%B_V!f>ijgQGw_&1&>0z6BIfMw@*QlrarN}Ee)8LSWIpveA}_Gw>iN6U`9dHMGaG&Y8d=bNj6qdiw;=PM0Q! zxla$w_9M;pfioSQ=kP2?=QuLMhU$N1C6k(C>)A=0$IdI>nOxc$?&y6`$sx0h8F>?C z7;^yI*~Qne+uTNmgeTj}bl)6F;f`%}?j!BzZG<1NlX@i{l+k3DyzTElb)jaHHk42& z!MfA0NUD{=+%-vgYld>x4CJfP$3<};O32!`FNUgq24J3nz;DdB1AVpzf`FFow50Y6 zw>*MRZArp^@W0kQc4rhQj{kiB=FRu7`~Ls0e>@-YpQk8aC;ro0kb9#*_;il#^s%7M z!)-*U+lM|b)Oq@}=uoHMsTh%|-f__HHYDt^2GJ#wJQXaB`uCfSo%AzJk5@+J7%%3GYZO z@qKCQB>%{tp7Ks43tZZIwZfX_&fvd_>l2$a3}<0zLdSpC2P2AR#6@9%;Ux`tH~yB~uN=^_@ruZ){s^!mnFIj1IFUaD<4553=U>?CPf-#)vO8UdAVA zNrh^gk+~f4pUF_7EiA5i*ws%j70K>+kxN!$u6W1;X)dNKkt+zaIgqm(gR0_%Hne8- zAP+^eVy$W>FK6-0(l`FMF^UGJx^l;CB=cyKdNilxr;P=GPg>GyQIi%bVRmD=jNv0x zsb7T6BAq{mg{3sj>#;T zcg{nymot2!myfYc6KWOST13Z&hu%R;+EXl%SQS`O zB35*34klbrOSnpRUMyg#VuBCRmiJYiSlKswIMv)uh~75ip`|>W7FbL!~JyvBvAv@ zFuKAl^!WS#hl@nD&hDC@ytyE|1;(jBK)?ygdlS@2mS>IQ2b(=VJ6n1DGrA>_n+;sF zVTomb#*&x=+NAuom$Gq%*K~0B3?`SgJ!fGD03afrJ(r%dQ7#+8oq8`|Js!)Run2I9>zm-LF2EASW<>qFlU-YX8(CdUINh6e5E_;gDZ_iY)1O1xCqf=tXz#!XTBT^u}9uqe7> zbMCVr8|dZBxp}j@!gSx2{uSMoQ~K-Qa_pWJddZ!x#J_k^&{H9oQ&vuXo9peUrhjLP zDMaE!RZUIjtezmHrnYNCr|<66f~ajf(`pW{MOL+5u}PG&ycziYiq~4B6PWp$uriaI z3QWEludAd+U-46R3Y%{p2$t6^yX=7^$t6|5sU@x1GW}$jn-{vMwV*j^E|Z%^lMc?- z>rkDNYq2i#Yq4kz+hBGYw}xnoD5#r+w=1z45U!I}DPEo@Q|Iq^*Y48BT)%6%z}y#` z1s5Gl3!8$(2K>u$p6=hh4X*}5Ug<8>0uxNLj4O6RM9I(ujI9<7jFoW&EXS!JFc;Ak zoB}h%ta%Bs<`tm}rJ;2kH>nGs7mov~?+2$_$UJ-nwlk1Eu)YVt^GAWr_Xo@e2NMIy z9|<1c4;VM#cc9H3A@LsUJ+LGP!0-s*9bT3Z7<@37cLMZ%0O)Oi?MT;mfxBI@gl;-_ z0J;Zh6V#KRI!^aaI4@vT0rKpN@E#EKc?i`#1ka6Z;(d_ZC>l7dDJCMc`(U$O>@^|@ zq@l82)HTv-43CZAt&tXkNNgNwjkFlUU{f&GNYftlbvJZ1(smP+WB^x9j3E>h(PAj- zW8kOzBBwBq>7vWdnCW2nsT7>_(Gb$Tu+af?keyJ`9gxoG2 zN5M1Gkjyj;b651z$Q1*a$#HSZRJ3Lot2`1)nTWWhA(Q)HlA(y4Zh3MvGLhphKPS@tjVS$#_4)rM2t!h>^6+r$Kwk z-elLJ1KgZo8b2h}p~l|!8%k9O0e-SlWTJ=#rgmCUZa*tMOOroD-TTz6=%Rwh}x737|`J@~5ZnUu&Z7fC`i_ym7 fnc7&45t7F;ma&ZGPh0*c00960GJrkj0QwLB 0, deletes log files which are older than ... days + logRetentionDays: 0 + # optional: Max attempts to create specific query log writer, default: 3 + creationAttempts: 3 + # optional: Time between the creation attempts, default: 2s + creationCooldown: 2s + +cnpg: + main: + enabled: false + user: blocky + database: blocky diff --git a/enterprise/blocky/6.0.0/questions.yaml b/enterprise/blocky/6.0.0/questions.yaml new file mode 100644 index 00000000000..e61e5be7b21 --- /dev/null +++ b/enterprise/blocky/6.0.0/questions.yaml @@ -0,0 +1,2786 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: webUI + group: App Configuration + label: WebUI Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Web UI + description: Enables Web UI + schema: + type: boolean + default: true + - variable: apiURL + label: API URL + description: API URL for webUI, including port. Only used when not using ingress + schema: + type: string + default: "http://127.0.0.1:4000" + - variable: overrideDefaults + group: App Configuration + label: Override Default Upstreams + description: Overrides the predefined DNS server upstream list + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: defaultUpstreams + label: Default Upstreams + schema: + type: list + default: [] + items: + - variable: upstreamEntry + label: Upstream Entry + schema: + type: string + required: true + default: "" + - variable: upstreams + group: App Configuration + label: Upstreams Groups + description: Refer to +
https://0xerr0r.github.io/blocky/configuration/#upstream-configuration + schema: + type: list + default: [] + items: + - variable: upstreamsGroupEntry + label: Upstreams Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: upstreams + label: Upstreams + schema: + type: list + required: true + default: [] + items: + - variable: upstreamEntry + label: upstream Entry + schema: + type: string + required: true + default: "" + - variable: bootstrapDns + group: App Configuration + label: Bootstrap DNS + description: Used to resolve upstream DoH and DoT servers that are specified as hostnames. +
Refer to https://0xerr0r.github.io/blocky/configuration/#bootstrap-dns-configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: additionalBootstrapDns + group: App Configuration + label: Additional Bootstrap DNS + schema: + type: list + show_if: [[ "bootstrapDns", "!=", {"upstream": "", "ips": []} ]] + default: [] + items: + - variable: additionalBootstrapDnsEntry + label: Additional Bootstrap DNS Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: filtering + group: App Configuration + label: Filtering + description: Define one or more DNS query types; all queries with these types will be dropped +
Refer to https://0xerr0r.github.io/blocky/configuration/#filtering + schema: + additional_attrs: true + type: dict + attrs: + - variable: queryTypes + label: Query Types + schema: + type: list + default: [] + items: + - variable: queryTypeEntry + label: Query Type Entry + schema: + type: string + required: true + default: "" + - variable: customDNS + group: App Configuration + label: Custom DNS + description: Define your own domain name to IP mappings. +
Refer to https://0xerr0r.github.io/blocky/configuration/#custom-dns + schema: + additional_attrs: true + type: dict + attrs: + - variable: customTTL + label: Custom TTL + schema: + type: string + default: 1h + - variable: filterUnmappedTypes + label: Filter Unmapped Types + schema: + type: boolean + default: true + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: clientLookup + group: App Configuration + label: Client Lookup + description: Blocky can try to resolve a user-friendly client name from the IP address or server URL (DoT and DoH) +
Refer to https://0xerr0r.github.io/blocky/configuration/#client-name-lookup + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: singleNameOrder + label: Single Name Order + schema: + type: list + default: [] + items: + - variable: singleNameEntry + label: Single Name Entry + schema: + type: string + required: true + default: "" + - variable: clients + label: Clients + schema: + type: list + default: [] + items: + - variable: clientEntry + label: Client Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: caching + group: App Configuration + label: Caching + description: Refer to +
https://0xerr0r.github.io/blocky/configuration/#caching + schema: + additional_attrs: true + type: dict + attrs: + - variable: minTime + label: Min Time + schema: + type: string + default: 5m + - variable: maxTime + label: Max Time + schema: + type: string + default: 30m + - variable: maxItemsCount + label: Max Items Count + schema: + type: int + default: 0 + - variable: prefetching + label: Prefetching + schema: + type: boolean + default: false + - variable: prefetchExpires + label: Prefetch Expires + schema: + type: string + default: 2h + - variable: prefetchThreshold + label: Prefetch Threshold + schema: + type: int + default: 5 + - variable: prefetchMaxItemsCount + label: Prefetch Max Items Count + schema: + type: int + default: 0 + - variable: cacheTimeNegative + label: Cache Time Negative + schema: + type: string + default: 30m + - variable: conditional + group: App Configuration + label: Conditional + description: Define which DNS resolver(s) should be used for queries for the particular domain +
Refer to https://0xerr0r.github.io/blocky/configuration/#conditional-dns-resolution + schema: + additional_attrs: true + type: dict + attrs: + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: blocking + group: App Configuration + label: Blocking + description: Each black or whitelist can be either a path to the local file or a URL to download. All Urls must be grouped to a group name. +
Refer to https://0xerr0r.github.io/blocky/configuration/#blocking-and-whitelisting + schema: + additional_attrs: true + type: dict + attrs: + - variable: blockType + label: Block Type + description: Set the response should be sent to the client, if a requested query is blocked + schema: + type: string + default: nxDomain + - variable: blockTTL + label: Block TTL + description: Set the TTL for answers to blocked domains + schema: + type: string + default: 6h + - variable: refreshPeriod + label: Refresh Period + description: Set how often blocky should refresh list cache + schema: + type: string + default: 4h + - variable: downloadTimeout + label: Download Timeout + description: Download attempt timeout + schema: + type: string + default: 60s + - variable: downloadAttempts + label: Download Attempts + description: How many download attempts should be performed + schema: + type: int + default: 3 + - variable: downloadCooldown + label: Download Cooldown + description: Time between the download attempts + schema: + type: string + default: 2s + - variable: startStrategy + label: Start Strategy + description: | + blocking: all blocking lists will be loaded before DNS resolution starts.
+ failOnError: like blocking but blocky will shut down if any download fails.
+ fast: DNS resolution starts immediately without blocking which will be enabled after list load is completed + schema: + type: string + default: blocking + enum: + - value: blocking + description: Blocking + - value: failOnError + description: Fail On Error + - value: fast + description: Fast + - variable: processingConcurrency + label: Processing Concurrency + description: Sets how many list-groups can be processed at the same time + schema: + type: int + default: 4 + - variable: whitelist + label: Whitelist + description: Define whitelists, either URL or file + schema: + type: list + default: [] + items: + - variable: whitelistEntry + label: Whitelist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: blacklist + label: Blacklist + description: Define blacklists, either URL or file + schema: + type: list + default: [] + items: + - variable: blacklistEntry + label: Blacklist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: clientGroupsBlock + label: Client Groups Block + description: Define, which blocking group(s) should be used for which client in your network. + schema: + type: list + default: [] + items: + - variable: clientGroupBlockEntry + label: Client Group Block Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Client Group Name + schema: + type: string + required: true + default: "" + - variable: groups + label: Groups + schema: + type: list + required: true + default: [] + items: + - variable: groupEntry + label: Group Entry + schema: + type: string + required: true + default: "" + - variable: hostsFile + group: App Configuration + label: Hosts File + description: You can enable resolving of entries, located in local hosts file. +
Refer to https://0xerr0r.github.io/blocky/configuration/#hosts-file + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filePath + label: File Path + schema: + type: string + default: /etc/hosts + - variable: hostsTTL + label: Hosts TTL + schema: + type: string + default: 60m + - variable: refreshPeriod + label: Refresh Period + schema: + type: string + default: 30m + - variable: queryLog + group: App Configuration + label: Query Logging configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: "" + enum: + - value: "" + description: Console + - value: postgresql + description: postgresql + - value: csv + description: csv + - value: csv-client + description: csv-client + - variable: target + label: Target + schema: + type: string + show_if: [["type", "!=", "postgresql"]] + default: "/var/log/something" + - variable: logRetentionDays + label: Log Retention Days + schema: + type: int + default: 0 + - variable: creationAttempts + label: Creation Attempts + schema: + type: int + default: 3 + - variable: creationCooldown + label: Creation Cooldown + schema: + type: string + default: 2s + - variable: k8sgateway + group: App Configuration + label: k8s-Gateway Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable k8s-Gateway + description: Enables k8s-Gateway + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: domains + label: Domains + description: Please refer to CoreDNS docs for options + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: Domain name + schema: + type: string + required: true + default: example.com + - variable: dnsChallenge + label: Forward dnsChallenge + description: Optional configuration option for DNS01 challenge that will redirect all acme + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: domain + label: Forward to Domain + schema: + type: string + required: true + default: dns01.clouddns.com + - variable: advancedOptions + label: Advanced Options + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + show_subquestions_if: true + subquestions: + - variable: ttl + label: ttl + description: TTL for non-apex responses (in seconds) + schema: + type: int + default: 300 + - variable: watchedResources + label: Watched Resources + description: imit what kind of resources to watch, e.g. Ingress + schema: + type: list + default: [] + items: + - variable: watchedResource + label: Watched Resource + schema: + type: string + default: "" + - variable: secondary + label: Secondary DNS Server Service + description: Service name of a secondary DNS server (should be serviceName.namespace) + schema: + type: string + default: "" + - variable: apex + label: Apex + description: Override the default `serviceName.namespace` domain apex + schema: + type: string + default: "" + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 4000 + required: true + - variable: dnstcp + label: DNS TCP Service + description: The DNS TCP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dnstcp + label: DNS TCP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: dnsudp + label: DNS UDP Service + description: The DNS UDP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dnsudp + label: DNS UDP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: dot + label: DoT Service + description: "DNS-over-TLS service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dot + label: DoT Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 853 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/blocky/6.0.0/templates/NOTES.txt b/enterprise/blocky/6.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/blocky/6.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/blocky/6.0.0/templates/_blockyConfig.tpl b/enterprise/blocky/6.0.0/templates/_blockyConfig.tpl new file mode 100644 index 00000000000..66f8f78e96d --- /dev/null +++ b/enterprise/blocky/6.0.0/templates/_blockyConfig.tpl @@ -0,0 +1,231 @@ +{{/* Define the config */}} +{{- define "blocky.configmap" -}} +{{- $config := mustMerge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }} +enabled: true +data: + config.yml: | +{{ $config | toYaml | indent 4 }} +{{- end -}} + +{{- define "blocky.config" -}} +redis: + address: {{ printf "%v-%v" .Release.Name "redis" }}:6379 + password: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + database: 0 + required: true + connectionAttempts: 10 + connectionCooldown: 3s +prometheus: + enable: true + path: /metrics +queryLog: + # optional one of: postgresql, csv, csv-client. If empty, log to console + type: {{ .Values.queryLog.type }} + # directory (should be mounted as volume in docker) for csv, db connection string for mysql/postgresql + #postgresql target: postgres://user:password@db_host_or_ip:5432/db_name + {{- if eq .Values.queryLog.type "postgresql" }} + target: {{ .Values.cnpg.main.creds.std }} + {{- else }} + target: {{ .Values.queryLog.target }} + {{- end }} + # if > 0, deletes log files which are older than ... days + logRetentionDays: {{ .Values.queryLog.logRetentionDays | default 0 }} + # optional: Max attempts to create specific query log writer + creationAttempts: {{ .Values.queryLog.creationAttempts | default 3 }} + # optional: Time between the creation attempts + creationCooldown: {{ .Values.queryLog.creationAttempts | default "2s" }} + +upstream: + default: +{{- .Values.defaultUpstreams | toYaml | nindent 8 }} +{{- range $id, $value := .Values.upstreams }} + {{ $value.name }}: +{{- $value.dnsservers | toYaml | nindent 8 }} +{{- end }} + +ports: + {{- if .Values.service.dnsudp.enabled }} + dns: {{ .Values.service.dnsudp.ports.dnsudp.targetPort }} + {{- end }} + {{- if .Values.service.dot.enabled }} + tls: {{ .Values.service.dot.ports.dot.targetPort }} + {{- end }} + {{- if .Values.service.main.enabled }} + http: {{ .Values.service.main.ports.main.targetPort }} + {{- end }} + {{- if .Values.service.https.enabled }} + https: {{ .Values.service.https.ports.https.targetPort }} + {{- end }} + +{{- if .Values.certFile }} +certFile: {{ .Values.certFile }} +{{- end }} + +{{- if .Values.keyFile }} +keyFile: {{ .Values.keyFile }} +{{- end }} + +log: + {{- if .Values.logLevel }} + level: {{ .Values.logLevel }} + {{- end }} + {{- if .Values.logTimestamp }} + timestamp: {{ .Values.logTimestamp }} + {{- end }} + {{- if .Values.logPrivacy }} + privacy: {{ .Values.logPrivacy }} + {{- end }} + +{{- if .Values.dohUserAgent }} +dohUserAgent: {{ .Values.dohUserAgent }} +{{- end }} + +{{- if .Values.minTlsServeVersion }} +minTlsServeVersion: {{ .Values.minTlsServeVersion }} +{{- end }} + +caching: +{{ toYaml .Values.caching | indent 2 }} + +{{- if .Values.hostsFile.enabled }} +{{ $hostsfile := omit .Values.hostsFile "enabled" }} +hostsFile: +{{ toYaml $hostsfile | indent 2 }} +{{- end }} + +{{- if or .Values.bootstrapDns.upstream .Values.bootstrapDns.ips }} +bootstrapDns: + {{- if .Values.bootstrapDns.upstream }} + - upstream: {{ .Values.bootstrapDns.upstream }} + {{- end }} + {{- if .Values.bootstrapDns.ips }} + ips: + {{- range $id, $value := .Values.bootstrapDns.ips }} + - {{ $value }} + {{- end }} + {{- end }} + {{/* Add additional Bootstrap DNS */}} + {{- range .Values.additionalBootstrapDns }} + {{- with .upstream }} + - upstream: {{ . }} + {{- end }} + {{- if .ips }} + ips: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{- if or .Values.filtering.filtering }} +filtering: +{{- if .Values.filtering.ips }} + queryTypes: +{{- range $id, $value := .Values.filtering.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.customDNS.filterUnmappedTypes .Values.customDNS.customTTL .Values.customDNS.rewrite .Values.customDNS.mapping }} +customDNS: +{{- if .Values.customDNS.upstream }} + upstream: {{ .Values.customDNS.upstream }} +{{- end }} +{{- if .Values.customDNS.customTTL }} + customTTL: {{ .Values.customDNS.customTTL }} +{{- end }} +{{- if .Values.customDNS.rewrite }} + rewrite: +{{- range $id, $value := .Values.customDNS.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if .Values.customDNS.mapping }} + mapping: +{{- range $id, $value := .Values.customDNS.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.clientLookup.upstream .Values.clientLookup.ips }} +clientLookup: +{{- if .Values.clientLookup.upstream }} + upstream: {{ .Values.clientLookup.upstream }} +{{- end }} +{{- if .Values.clientLookup.ips }} + singleNameOrder: +{{- range $id, $value := .Values.clientLookup.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.clientLookup.clients }} + clients: +{{- range $id, $value := .Values.clientLookup.clients }} + {{ $value.domain }}: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.rewrite .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} +conditional: +{{- if .Values.conditional.rewrite }} + rewrite: +{{- range $id, $value := .Values.conditional.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} + mapping: +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains }} +{{- range $id, $value := .Values.k8sgateway.domains }} + {{ .domain }}: 127.0.0.1:{{ $.Values.service.k8sgateway.ports.k8sgateway.targetPort }} +{{- end }} +{{- end }} +{{- range $id, $value := .Values.conditional.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +blocking: + blockType: {{ .Values.blocking.blockType }} + blockTTL: {{ .Values.blocking.blockTTL }} + refreshPeriod: {{ .Values.blocking.refreshPeriod }} + downloadTimeout: {{ .Values.blocking.downloadTimeout }} + downloadAttempts: {{ .Values.blocking.downloadAttempts }} + downloadCooldown: {{ .Values.blocking.downloadCooldown }} + startStrategy: {{ .Values.blocking.startStrategy }} + processingConcurrency: {{ .Values.blocking.processingConcurrency }} +{{- if .Values.blocking.whitelist }} + whiteLists: +{{- range $id, $value := .Values.blocking.whitelist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.blacklist }} + blackLists: +{{- range $id, $value := .Values.blocking.blacklist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.clientGroupsBlock }} + clientGroupsBlock: +{{- range $id, $value := .Values.blocking.clientGroupsBlock }} + {{ $value.name }}: +{{- $value.groups | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- end -}} diff --git a/enterprise/blocky/6.0.0/templates/_k8sgateway.tpl b/enterprise/blocky/6.0.0/templates/_k8sgateway.tpl new file mode 100644 index 00000000000..463923f85da --- /dev/null +++ b/enterprise/blocky/6.0.0/templates/_k8sgateway.tpl @@ -0,0 +1,90 @@ +{{- define "k8sgateway.container" -}} +enabled: true +imageSelector: k8sgatewayImage +securityContext: + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: true +args: ["-conf", "/etc/coredns/Corefile"] +probes: + readiness: + enabled: true + path: /ready + port: 8181 + liveness: + enabled: true + path: /health + port: 8080 + startup: + enabled: true + path: /ready + port: 8181 +{{- end -}} + +{{/* +Create the matchable regex from domain +*/}} +{{- define "k8sgateway.configmap.regex" -}} +{{- if .dnsChallenge.domain }} +{{- .dnsChallenge.domain | replace "." "[.]" -}} +{{- else -}} + {{ "unset" }} +{{- end }} +{{- end -}} + +{{/* Define the configmap */}} +{{- define "k8sgateway.configmap" -}} +{{- $values := .Values.k8sgateway }} +{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }} +enabled: true +data: + Corefile: | + .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} { + errors + log + health { + lameduck 5s + } + ready + {{- range .Values.k8sgateway.domains }} + {{- if .dnsChallenge.enabled }} + {{- if not .dnsChallenge.domain -}} + {{- fail "DNS01 challenge domain is mandatory" -}} + {{- end }} + + template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} { + match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}" + {{- $name := "{{ \"{{ .Name }}\" }}" }} + {{- $index := "{{ \"{{ index .Match 1 }}\" }}" }} + answer "{{ $name }} 5 IN CNAME {{ $index }}.{{ .dnsChallenge.domain }}" + fallthrough + } + {{- end }} + {{- end }} + k8s_gateway {{ range .Values.k8sgateway.domains }}"{{ required "Delegated domain ('domain') is mandatory " .domain }}"{{ end }} { + apex {{ $values.apex | default $fqdn }} + ttl {{ $values.ttl }} + {{- if $values.secondary }} + secondary {{ $values.secondary }} + {{- end }} + {{- if $values.watchedResources }} + resources {{ join " " $values.watchedResources }} + {{- end }} + fallthrough + } + + prometheus 0.0.0.0:9153 + {{- if .Values.k8sgateway.forward.enabled }} + forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} { + {{- range .Values.k8sgateway.forward.options }} + {{ .name }} {{ .value }} + {{- end }} + } + {{- else }} + forward . 1.1.1.1 + {{- end }} + loop + reload + loadbalance + } +{{- end -}} diff --git a/enterprise/blocky/6.0.0/templates/common.yaml b/enterprise/blocky/6.0.0/templates/common.yaml new file mode 100644 index 00000000000..310ef64af8f --- /dev/null +++ b/enterprise/blocky/6.0.0/templates/common.yaml @@ -0,0 +1,106 @@ +{{/* Make sure all variables are set properly */}} +{{- if eq .Values.queryLog.type "postgresql" -}} + {{- $_ := set .Values.cnpg.main "enabled" true -}} +{{- end }} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for blocky */}} +{{- $configmapFile := include "blocky.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "config" $configmapFile -}} +{{- end -}} + +{{- $gatewayconfig := include "k8sgateway.configmap" . | fromYaml -}} +{{- if $gatewayconfig -}} + {{- $_ := set .Values.configmap "corefile" $gatewayconfig -}} +{{- end -}} + +{{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}} +{{- define "blocky.configmap.mount" -}} +enabled: true +type: configmap +mountPath: /app/config.yml +objectName: config +readOnly: true +subPath: config.yml +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "k8sgateway.configvolume" -}} +enabled: true +type: configmap +objectName: corefile +items: + - key: Corefile + path: Corefile +targetSelector: + main: + k8sgateway: + mountPath: "/etc/coredns" + readOnly: true + +{{- end -}} + +{{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}} + +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}} +{{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}} +{{- $_ := set .Values.workload.main.podSpec.containers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}} +{{- end -}} + +{{/* Define path for api */}} +{{- define "blocky.api" -}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}} +path: "/api" +# -- Ignored if not kubeVersion >= 1.14-0 +pathType: Prefix +service: + # -- Overrides the service name reference for this path + name: {{ printf "%s-main" $fullname }} + port: {{ .Values.service.main.ports.main.port }} +{{- end -}} + +{{/* inject websocket path to all main ingress hosts*/}} +{{- define "blocky.apiinjector" -}} +{{- $path := list (include "blocky.api" . | fromYaml) -}} +{{- if .Values.ingress.main.enabled }} +{{- range .Values.ingress.main.hosts }} +{{- $newpaths := list }} +{{- $newpaths := concat .paths $path }} +{{- $_ := set . "paths" ( deepCopy $newpaths ) -}} +{{- end }} +{{- end }} +{{- end -}} + +{{/* inject api paths in ingress */}} +{{- include "blocky.apiinjector" . }} + +{{/* Define path for DoH */}} +{{- define "blocky.doh" -}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}} +path: "/dns-query" +# -- Ignored if not kubeVersion >= 1.14-0 +pathType: Prefix +service: + # -- Overrides the service name reference for this path + name: {{ printf "%s-main" $fullname }} + port: {{ .Values.service.main.ports.main.port }} +{{- end -}} + +{{/* inject websocket path to all main ingress hosts*/}} +{{- define "blocky.dohinjector" -}} +{{- $path := list (include "blocky.doh" . | fromYaml) -}} +{{- if .Values.ingress.main.enabled }} +{{- range .Values.ingress.main.hosts }} +{{- $newpaths := list }} +{{- $newpaths := concat .paths $path }} +{{- $_ := set . "paths" ( deepCopy $newpaths ) -}} +{{- end }} +{{- end }} +{{- end -}} + +{{/* inject api paths in ingress */}} +{{- include "blocky.dohinjector" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/blocky/6.0.0/values.yaml b/enterprise/blocky/6.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/clusterissuer/2.0.0/CHANGELOG.md b/enterprise/clusterissuer/2.0.0/CHANGELOG.md new file mode 100644 index 00000000000..ea9b1921ae6 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [clusterissuer-2.0.0](https://github.com/truecharts/charts/compare/clusterissuer-1.0.13...clusterissuer-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [clusterissuer-1.0.13](https://github.com/truecharts/charts/compare/clusterissuer-1.0.12...clusterissuer-1.0.13) (2023-07-19) + +### Fix + +- try to deal with the fact cert-manager contains a dash + + + + +## [clusterissuer-1.0.12](https://github.com/truecharts/charts/compare/clusterissuer-1.0.11...clusterissuer-1.0.12) (2023-07-19) + +### Fix + +- ensure clusterissuer is compatible with new cert-manager operator + + + + +## [clusterissuer-1.0.11](https://github.com/truecharts/charts/compare/clusterissuer-1.0.10...clusterissuer-1.0.11) (2023-07-14) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#10451](https://github.com/truecharts/charts/issues/10451)) + + + + +## [clusterissuer-1.0.10](https://github.com/truecharts/charts/compare/clusterissuer-1.0.9...clusterissuer-1.0.10) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [clusterissuer-1.0.9](https://github.com/truecharts/charts/compare/clusterissuer-1.0.8...clusterissuer-1.0.9) (2023-06-28) + +### Feat + +- add detail to clusterissuer how-to ([#9863](https://github.com/truecharts/charts/issues/9863)) + + ### Fix + +- cluster issuer http01 ([#10005](https://github.com/truecharts/charts/issues/10005)) + + + + +## [clusterissuer-1.0.8](https://github.com/truecharts/charts/compare/clusterissuer-1.0.7...clusterissuer-1.0.8) (2023-06-24) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#9868](https://github.com/truecharts/charts/issues/9868)) + + + + +## [clusterissuer-1.0.7](https://github.com/truecharts/charts/compare/clusterissuer-1.0.6...clusterissuer-1.0.7) (2023-06-17) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#9729](https://github.com/truecharts/charts/issues/9729)) + + ### Docs + +- Add more details API tokens ([#9650](https://github.com/truecharts/charts/issues/9650)) + + + + +## [clusterissuer-1.0.6](https://github.com/truecharts/charts/compare/clusterissuer-1.0.5...clusterissuer-1.0.6) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [clusterissuer-1.0.5](https://github.com/truecharts/charts/compare/clusterissuer-1.0.4...clusterissuer-1.0.5) (2023-06-11) + +### Chore + diff --git a/enterprise/clusterissuer/2.0.0/Chart.yaml b/enterprise/clusterissuer/2.0.0/Chart.yaml new file mode 100644 index 00000000000..d7caf12cf9e --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +appVersion: "latest" +deprecated: false +description: Certificate management for Kubernetes +home: https://truecharts.org/charts/enterprise/clusterissuer +icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png +keywords: + - cert-manager + - certificates +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: clusterissuer +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer + - https://cert-manager.io/ +type: application +version: 2.0.0 +annotations: + truecharts.org/catagories: | + - core + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/clusterissuer/2.0.0/LICENSE b/enterprise/clusterissuer/2.0.0/LICENSE new file mode 100644 index 00000000000..80e4ab93f92 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/clusterissuer/2.0.0/README.md b/enterprise/clusterissuer/2.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/clusterissuer/2.0.0/app-changelog.md b/enterprise/clusterissuer/2.0.0/app-changelog.md new file mode 100644 index 00000000000..25d1075db45 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [clusterissuer-2.0.0](https://github.com/truecharts/charts/compare/clusterissuer-1.0.13...clusterissuer-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/clusterissuer/2.0.0/app-readme.md b/enterprise/clusterissuer/2.0.0/app-readme.md new file mode 100644 index 00000000000..1b0cc5e4cb6 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/app-readme.md @@ -0,0 +1,8 @@ +Certificate management for Kubernetes + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/clusterissuer](https://truecharts.org/charts/enterprise/clusterissuer) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/clusterissuer/2.0.0/charts/common-13.2.0.tgz b/enterprise/clusterissuer/2.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/clusterissuer/2.0.0/ix_values.yaml b/enterprise/clusterissuer/2.0.0/ix_values.yaml new file mode 100644 index 00000000000..b45e3722b63 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/ix_values.yaml @@ -0,0 +1,80 @@ +image: + repository: tccr.io/truecharts/scratch + tag: latest@sha256:1a9a10a0a5f5cb5fe4b30ac6d9c56ff87ad47f3f3490bafb6938fc155230131b + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +service: + main: + enabled: false + ports: + main: + enabled: false + port: 9999 + +portal: + open: + enabled: false + +clusterIssuer: + selfSigned: + enabled: true + name: "selfsigned" + CA: [] + # - name: myca + # selfSigned: true + # selfSignedCommonName: "my-selfsigned-ca" + # # Used to manually define a CA-crt not used when selfSigned is enabled + # crt: "" + # key: "" + # # TODO: Add option to use SCALE CA certs + + ACME: [] +# - name: letsencrypt +# # Used for both logging in to the DNS provider AND ACME registration +# email: "" +# server: 'https://acme-staging-v02.api.letsencrypt.org/directory' +# # Used primarily for the SCALE GUI +# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory' +# email: "" +# # Options: HTTP01, cloudflare, route53 +# type: "" +# # for cloudflare +# cfapikey: "" +# cfapitoken: "" +# # for route53 +# region: "" +# accessKeyID: "" +# route53SecretAccessKey: "" +# # optional for route53 +# role: "" +# # for akamai +# serviceConsumerDomain: "" +# akclientToken: "" +# akclientSecret: "" +# akaccessToken: "" +# # for digitalocean +# doaccessToken: "" +# # for rfc2136 +# nameserver: "" +# tsigKeyName: "" +# tsigAlgorithm: "" +# rfctsigSecret: "" + +customMetrics: + enabled: true diff --git a/enterprise/clusterissuer/2.0.0/questions.yaml b/enterprise/clusterissuer/2.0.0/questions.yaml new file mode 100644 index 00000000000..29c9f3a5a8e --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/questions.yaml @@ -0,0 +1,327 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: clusterIssuer + group: App Configuration + label: Cluster Certificate Issuer + schema: + additional_attrs: true + type: dict + attrs: + - variable: ACME + label: 'ACME Issuer' + schema: + type: list + default: [] + items: + - variable: ACMEEntry + label: 'ACME Issuer Entry' + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "" + - variable: type + label: Type or DNS-Provider + description: DNS Provider + schema: + type: string + default: cloudflare + enum: + - value: cloudflare + description: Cloudflare + - value: route53 + description: Route53 + - value: akamai + description: Akamai + - value: digitalocean + description: Digitalocean + - value: rfc2136 + description: rfc2136 (Advanced) + - value: HTTP01 + description: HTTP01 (Experimental) + - variable: server + label: Server + description: "Server for ACME, for example: letsencrypt" + schema: + type: string + default: 'Letsencrypt-Production' + enum: + - value: 'https://acme-v02.api.letsencrypt.org/directory' + description: Letsencrypt-Production + - value: 'https://acme-staging-v02.api.letsencrypt.org/directory' + description: Letsencrypt-Staging + - value: 'https://api.buypass.no/acme-v02/directory' + description: BuyPass-Production + - value: 'https://api.test4.buypass.no/acme-v02/directory' + description: BuyPass-Staging + - value: custom + description: Custom + - variable: customServer + label: Custom ACME Server (Advanced) + description: "This can be used to enter your own custom ACME server" + schema: + type: string + show_if: [["server", "=", "custom"]] + default: 'https://acme-staging-v02.api.letsencrypt.org/directory' + - variable: email + label: Email + description: "Email adress to use for certificate issuing must match your DNS provider email when required" + schema: + type: string + required: true + default: "something@example.com" + - variable: cfapikey + label: CloudFlare API key + description: "CloudFlare API Key" + schema: + show_if: [["type", "=", "cloudflare"]] + type: string + default: "" + - variable: cfapitoken + label: CloudFlare API Token + description: "CloudFlare API Token" + schema: + show_if: [["type", "=", "cloudflare"]] + type: string + default: "" + - variable: region + label: Route53 Region + description: "Route 53 Region" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "us-west-1" + - variable: accessKeyID + label: Route53 accessKeyID + description: "Route53 accessKeyID" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "" + - variable: route53SecretAccessKey + label: Route53 Secret Access Key + description: "Route53 Secret Access Key" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "" + - variable: role + label: Route53 Role (optional) + description: "Route53 Role" + schema: + show_if: [["type", "=", "route53"]] + type: string + default: "" + - variable: serviceConsumerDomain + label: Akamai Service Consumer Domain + description: "Akamai Service Consumer Domain" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akclientToken + label: Akamai Client Token + description: "Client Token" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akclientSecret + label: Akamai Client Secret + description: "Akamai Client Secret" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akaccessToken + label: Akamai Access Token + description: "Akamai Access Token" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: doaccessToken + label: Digitalocean Access Token + description: "Digitalocean Access Token" + schema: + show_if: [["type", "=", "digitalocean"]] + type: string + required: true + default: "" + - variable: nameserver + label: rfc2136 Namesever + description: "rfc2136 Namesever" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: tsigKeyName + label: rfc2136 tsig Key Name + description: "rfc2136 tsig Key Name" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: tsigAlgorithm + label: rfc2136 tsig Algorithm + description: "rfc2136 tsig Algorithm" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: rfctsigSecret + label: rfc2136 sig Secret + description: "rfc2136 sig Secret" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + + - variable: CA + label: Certificate Authority Issuer + schema: + type: list + default: [] + items: + - variable: CAEntry + label: 'CA Issuer Entry' + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "" + - variable: selfSigned + label: selfSigned + description: "Create Self Signed CA cert" + schema: + type: boolean + default: true + - variable: selfSignedCommonName + label: selfSigned CommonName + description: "Common name for selfSigned Certiticate Authority" + schema: + type: string + required: true + show_if: [["selfSigned", "=", true]] + default: "my-selfsigned-ca" + - variable: crt + label: "Custom CA cert (experimental)" + description: "certificate for Certiticate Authority" + schema: + type: string + required: true + max_length: 10240 + show_if: [["selfSigned", "=", false]] + default: "" + - variable: key + label: "Custom CA key (experimental)" + description: "key Certiticate Authority" + schema: + type: string + required: true + max_length: 10240 + show_if: [["selfSigned", "=", false]] + default: "" + + - variable: selfSigned + label: 'SelfSigned Issuer' + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + description: "Enable self-signed issuer" + schema: + type: boolean + default: true + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "selfsigned" + + - variable: customMetrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: true diff --git a/enterprise/clusterissuer/2.0.0/templates/NOTES.txt b/enterprise/clusterissuer/2.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_ACME.tpl b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_ACME.tpl new file mode 100644 index 00000000000..1d5c4865c16 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_ACME.tpl @@ -0,0 +1,98 @@ +{{- define "certmanager.clusterissuer.acme" -}} +{{- $operator := index $.Values.operator "cert-manager" -}} +{{- $namespace := $operator.namespace | default "cert-manager" -}} +{{- range .Values.clusterIssuer.ACME }} + {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}} + {{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end -}} + {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" -}} + {{- if not (mustHas .type $validTypes) -}} + {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}} + {{- end -}} + {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }} +spec: + acme: + email: {{ .email }} + server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }} + privateKeySecretRef: + name: {{ .name }}-acme-clusterissuer-account-key + solvers: + {{- if eq .type "HTTP01" }} + - http01: + ingress: + {{- else }} + - dns01: + {{- if eq .type "cloudflare" }} + cloudflare: + email: {{ .email }} + {{- if .cfapitoken }} + apiTokenSecretRef: + name: {{ $issuerSecretName }} + key: cf-api-token + {{- else if .cfapikey }} + apiKeySecretRef: + name: {{ $issuerSecretName }} + key: cf-api-key + {{- else -}} + {{- fail "A cloudflare API key or token is required" -}} + {{- end -}} + {{- else if eq .type "route53" }} + route53: + region: {{ .region }} + accessKeyID: {{ .accessKeyID }} + {{- if .role }} + role: {{ .role }} + {{- end }} + secretAccessKeySecretRef: + name: {{ $issuerSecretName }} + key: route53-secret-access-key + {{- else if eq .type "akamai" }} + akamai: + serviceConsumerDomain: {{ .serviceConsumerDomain }} + clientTokenSecretRef: + name: {{ $issuerSecretName }} + key: akclientToken + clientSecretSecretRef: + name: {{ $issuerSecretName }} + key: akclientSecret + accessTokenSecretRef: + name: {{ $issuerSecretName }} + key: akaccessToken + {{- else if eq .type "digitalocean" }} + digitalocean: + tokenSecretRef: + name: {{ $issuerSecretName }} + key: doaccessToken + {{- else if eq .type "rfc2136" }} + rfc2136: + nameserver: {{ .nameserver }} + tsigKeyName: {{ .tsigKeyName }} + tsigAlgorithm: {{ .tsigAlgorithm }} + tsigSecretSecretRef: + name: {{ $issuerSecretName }} + key: rfctsigSecret + {{- end -}} + {{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ $namespace }} + name: {{ $issuerSecretName }} +type: Opaque +stringData: + cf-api-token: {{ .cfapitoken | default "" }} + cf-api-key: {{ .cfapikey | default "" }} + route53-secret-access-key: {{ .route53SecretAccessKey | default "" }} + akclientToken: {{ .akclientToken | default "" }} + akclientSecret: {{ .akclientSecret | default "" }} + akaccessToken: {{ .akaccessToken | default "" }} + doaccessToken: {{ .doaccessToken | default "" }} + rfctsigSecret: {{ .rfctsigSecret | default "" }} +{{- end }} +{{- end -}} diff --git a/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_CA.tpl b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_CA.tpl new file mode 100644 index 00000000000..29e7c61099b --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_CA.tpl @@ -0,0 +1,54 @@ +{{- define "certmanager.clusterissuer.ca" -}} +{{- $operator := index $.Values.operator "cert-manager" -}} +{{- $namespace := $operator.namespace | default "cert-manager" -}} + +{{- range .Values.clusterIssuer.CA }} + {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}} + {{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end -}} +{{- if .selfSigned }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }}-selfsigned-ca-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .name }}-selfsigned-ca + namespace: {{ $namespace }} +spec: + isCA: true + commonName: {{ .selfSignedCommonName }} + secretName: {{ .name }}-ca + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-ca-issuer + kind: ClusterIssuer + group: cert-manager.io +{{- else }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }}-ca + namespace: {{ $namespace }} +data: + tls.crt: {{ .crt | b64enc }} + tls.key: {{ .key | b64enc }} +{{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }} +spec: + ca: + secretName: {{ .name }}-ca +{{- end }} +{{- end -}} diff --git a/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_selfSigned.tpl b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_selfSigned.tpl new file mode 100644 index 00000000000..235c03452c9 --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/templates/clusterissuer/_selfSigned.tpl @@ -0,0 +1,14 @@ +{{- define "certmanager.clusterissuer.selfsigned" -}} +{{- if .Values.clusterIssuer.selfSigned.enabled -}} + {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}} + {{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.clusterIssuer.selfSigned.name }} +spec: + selfSigned: {} +{{- end }} +{{- end -}} diff --git a/enterprise/clusterissuer/2.0.0/templates/common.yaml b/enterprise/clusterissuer/2.0.0/templates/common.yaml new file mode 100644 index 00000000000..874f41f5c4e --- /dev/null +++ b/enterprise/clusterissuer/2.0.0/templates/common.yaml @@ -0,0 +1,9 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} + +{{- include "certmanager.clusterissuer.acme" . }} +{{- include "certmanager.clusterissuer.selfsigned" . }} +{{- include "certmanager.clusterissuer.ca" . }} diff --git a/enterprise/clusterissuer/2.0.0/values.yaml b/enterprise/clusterissuer/2.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/grafana/8.0.0/CHANGELOG.md b/enterprise/grafana/8.0.0/CHANGELOG.md new file mode 100644 index 00000000000..c22412004c8 --- /dev/null +++ b/enterprise/grafana/8.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [grafana-8.0.0](https://github.com/truecharts/charts/compare/grafana-7.0.59...grafana-8.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [grafana-7.0.59](https://github.com/truecharts/charts/compare/grafana-7.0.58...grafana-7.0.59) (2023-07-18) + +### Chore + +- update container image tccr.io/truecharts/grafana to v10.0.2 ([#10578](https://github.com/truecharts/charts/issues/10578)) + - update container image tccr.io/truecharts/grafana to v10.0.1 ([#10329](https://github.com/truecharts/charts/issues/10329)) + + + + +## [grafana-7.0.58](https://github.com/truecharts/charts/compare/grafana-7.0.57...grafana-7.0.58) (2023-07-12) + + + + +## [grafana-7.0.57](https://github.com/truecharts/charts/compare/grafana-7.0.56...grafana-7.0.57) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [grafana-7.0.56](https://github.com/truecharts/charts/compare/grafana-7.0.55...grafana-7.0.56) (2023-06-29) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.5 ([#10025](https://github.com/truecharts/charts/issues/10025)) + + + + +## [grafana-7.0.55](https://github.com/truecharts/charts/compare/grafana-7.0.54...grafana-7.0.55) (2023-06-26) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.5 ([#9922](https://github.com/truecharts/charts/issues/9922)) + + + + +## [grafana-7.0.54](https://github.com/truecharts/charts/compare/grafana-7.0.53...grafana-7.0.54) (2023-06-21) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.3 ([#9811](https://github.com/truecharts/charts/issues/9811)) + + + + +## [grafana-7.0.53](https://github.com/truecharts/charts/compare/grafana-7.0.52...grafana-7.0.53) (2023-06-18) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.3 ([#9746](https://github.com/truecharts/charts/issues/9746)) + + + + +## [grafana-7.0.52](https://github.com/truecharts/charts/compare/grafana-7.0.50...grafana-7.0.52) (2023-06-16) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.3 ([#9681](https://github.com/truecharts/charts/issues/9681)) + - update container image tccr.io/truecharts/grafana to v9.5.3 ([#9617](https://github.com/truecharts/charts/issues/9617)) + + + + +## [grafana-7.0.52](https://github.com/truecharts/charts/compare/grafana-7.0.50...grafana-7.0.52) (2023-06-16) + +### Chore + +- update container image tccr.io/truecharts/grafana to v9.5.3 ([#9681](https://github.com/truecharts/charts/issues/9681)) + - update container image tccr.io/truecharts/grafana to v9.5.3 ([#9617](https://github.com/truecharts/charts/issues/9617)) + + + + +## [grafana-7.0.52](https://github.com/truecharts/charts/compare/grafana-7.0.50...grafana-7.0.52) (2023-06-16) + +### Chore + diff --git a/enterprise/grafana/8.0.0/Chart.yaml b/enterprise/grafana/8.0.0/Chart.yaml new file mode 100644 index 00000000000..e24718e862d --- /dev/null +++ b/enterprise/grafana/8.0.0/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +appVersion: "10.0.2" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +deprecated: false +description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. +home: https://truecharts.org/charts/enterprise/grafana +icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png +keywords: + - analytics + - monitoring + - metrics + - logs +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: grafana +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/grafana + - https://github.com/bitnami/bitnami-docker-grafana + - https://grafana.com/ +type: application +version: 8.0.0 +annotations: + truecharts.org/catagories: | + - metrics + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/grafana/8.0.0/LICENSE b/enterprise/grafana/8.0.0/LICENSE new file mode 100644 index 00000000000..93c3f61c61e --- /dev/null +++ b/enterprise/grafana/8.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Grafana" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/grafana/8.0.0/README.md b/enterprise/grafana/8.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/grafana/8.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/grafana/8.0.0/app-changelog.md b/enterprise/grafana/8.0.0/app-changelog.md new file mode 100644 index 00000000000..1e0983e3b3e --- /dev/null +++ b/enterprise/grafana/8.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [grafana-8.0.0](https://github.com/truecharts/charts/compare/grafana-7.0.59...grafana-8.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/grafana/8.0.0/app-readme.md b/enterprise/grafana/8.0.0/app-readme.md new file mode 100644 index 00000000000..c4893171943 --- /dev/null +++ b/enterprise/grafana/8.0.0/app-readme.md @@ -0,0 +1,8 @@ +Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/grafana](https://truecharts.org/charts/enterprise/grafana) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/grafana/8.0.0/charts/common-13.2.0.tgz b/enterprise/grafana/8.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/grafana/8.0.0/ix_values.yaml b/enterprise/grafana/8.0.0/ix_values.yaml new file mode 100644 index 00000000000..258806a3d32 --- /dev/null +++ b/enterprise/grafana/8.0.0/ix_values.yaml @@ -0,0 +1,87 @@ +image: + repository: tccr.io/truecharts/grafana + pullPolicy: IfNotPresent + tag: v10.0.2@sha256:bb4f23972e032404b296f6b5c727858fc78c6313c540bc5101ee1e7f2348922d +manifestManager: + enabled: true +securityContext: + container: + readOnlyRootFilesystem: false + +service: + main: + ports: + main: + protocol: http + targetPort: 3000 + port: 10038 + +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + env: + GF_SECURITY_ADMIN_USER: "admin" + GF_SECURITY_ADMIN_PASSWORD: "testpassword" + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" + probes: + liveness: + path: "/api/health" + + readiness: + path: "/api/health" + + startup: + path: "/api/health" + +persistence: + config: + enabled: true + mountPath: "/opt/bitnami/grafana/data" + grafana-tmp: + enabled: true + type: emptyDir + mountPath: /opt/bitnami/grafana/tmp + +metrics: + main: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: true + type: "servicemonitor" + endpoints: + - port: main + path: /metrics + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: + [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical + +portal: + open: + enabled: true diff --git a/enterprise/grafana/8.0.0/questions.yaml b/enterprise/grafana/8.0.0/questions.yaml new file mode 100644 index 00000000000..69dc3fcd860 --- /dev/null +++ b/enterprise/grafana/8.0.0/questions.yaml @@ -0,0 +1,2080 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: env + group: "App Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: GF_SECURITY_ADMIN_USER + label: "Admin User" + schema: + type: string + required: true + default: "admin" + - variable: GF_SECURITY_ADMIN_PASSWORD + label: "Admin Password" + schema: + type: string + required: true + private: true + default: "REPLACETHIS" + - variable: GF_INSTALL_PLUGINS + label: "Extra Plugins to Install" + description: "comma seperated" + schema: + type: string + default: "" + - variable: GF_AUTH_LDAP_ENABLED + label: "enable LDAP" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP + label: "Allow LDAP Signup" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_CONFIG_FILE + label: "LDAP Config Path" + schema: + type: string + default: "/opt/bitnami/grafana/conf/ldap.toml" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10038 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/grafana/8.0.0/templates/NOTES.txt b/enterprise/grafana/8.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/grafana/8.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/grafana/8.0.0/templates/common.yaml b/enterprise/grafana/8.0.0/templates/common.yaml new file mode 100644 index 00000000000..b51394e00a4 --- /dev/null +++ b/enterprise/grafana/8.0.0/templates/common.yaml @@ -0,0 +1 @@ +{{ include "tc.v1.common.loader.all" . }} diff --git a/enterprise/grafana/8.0.0/values.yaml b/enterprise/grafana/8.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/metallb-config/2.0.0/CHANGELOG.md b/enterprise/metallb-config/2.0.0/CHANGELOG.md new file mode 100644 index 00000000000..6172c89887f --- /dev/null +++ b/enterprise/metallb-config/2.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [metallb-config-2.0.0](https://github.com/truecharts/charts/compare/metallb-config-1.1.12...metallb-config-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [metallb-config-1.1.12](https://github.com/truecharts/charts/compare/metallb-config-1.1.11...metallb-config-1.1.12) (2023-07-14) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#10451](https://github.com/truecharts/charts/issues/10451)) + + + + +## [metallb-config-1.1.11](https://github.com/truecharts/charts/compare/metallb-config-1.1.10...metallb-config-1.1.11) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + ### Feat + +- metallb docs add kubectl cmd to first step ([#9879](https://github.com/truecharts/charts/issues/9879)) + + + + +## [metallb-config-1.1.10](https://github.com/truecharts/charts/compare/metallb-config-1.1.9...metallb-config-1.1.10) (2023-06-24) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#9868](https://github.com/truecharts/charts/issues/9868)) + + + + +## [metallb-config-1.1.9](https://github.com/truecharts/charts/compare/metallb-config-1.1.8...metallb-config-1.1.9) (2023-06-17) + +### Chore + +- update container image tccr.io/truecharts/scratch to latest ([#9729](https://github.com/truecharts/charts/issues/9729)) + - update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [metallb-config-1.1.8](https://github.com/truecharts/charts/compare/metallb-config-1.1.7...metallb-config-1.1.8) (2023-06-13) + +### Feat + +- update metallb docs for operator-based version ([#9587](https://github.com/truecharts/charts/issues/9587)) + + + + +## [metallb-config-1.1.7](https://github.com/truecharts/charts/compare/metallb-config-1.1.6...metallb-config-1.1.7) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + + + + +## [metallb-config-1.1.6](https://github.com/truecharts/charts/compare/metallb-config-1.1.5...metallb-config-1.1.6) (2023-06-07) + +### Chore + +- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457)) + + + + +## [metallb-config-1.1.5](https://github.com/truecharts/charts/compare/metallb-config-1.1.4...metallb-config-1.1.5) (2023-06-07) + +### Chore + +- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423)) + + + + +## [metallb-config-1.1.4](https://github.com/truecharts/charts/compare/metallb-config-1.1.3...metallb-config-1.1.4) (2023-06-04) + +### Chore + +- update helm general non-major ([#9393](https://github.com/truecharts/charts/issues/9393)) + + diff --git a/enterprise/metallb-config/2.0.0/Chart.yaml b/enterprise/metallb-config/2.0.0/Chart.yaml new file mode 100644 index 00000000000..a6f4266b815 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "latest" +deprecated: false +description: A network load-balancer implementation for Kubernetes using standard routing protocols +home: https://truecharts.org/charts/enterprise/metallb-config +icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png +keywords: + - metallb + - loadbalancer +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: metallb-config +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/metallb-config + - https://github.com/metallb/metallb + - https://metallb.universe.tf +type: application +version: 2.0.0 +annotations: + truecharts.org/catagories: | + - core + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/metallb-config/2.0.0/LICENSE b/enterprise/metallb-config/2.0.0/LICENSE new file mode 100644 index 00000000000..4dfe12ac30e --- /dev/null +++ b/enterprise/metallb-config/2.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/metallb-config/2.0.0/README.md b/enterprise/metallb-config/2.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/metallb-config/2.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/metallb-config/2.0.0/app-changelog.md b/enterprise/metallb-config/2.0.0/app-changelog.md new file mode 100644 index 00000000000..d996ed835c1 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [metallb-config-2.0.0](https://github.com/truecharts/charts/compare/metallb-config-1.1.12...metallb-config-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/metallb-config/2.0.0/app-readme.md b/enterprise/metallb-config/2.0.0/app-readme.md new file mode 100644 index 00000000000..2e933902c5e --- /dev/null +++ b/enterprise/metallb-config/2.0.0/app-readme.md @@ -0,0 +1,8 @@ +A network load-balancer implementation for Kubernetes using standard routing protocols + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/metallb-config](https://truecharts.org/charts/enterprise/metallb-config) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/metallb-config/2.0.0/charts/common-13.2.0.tgz b/enterprise/metallb-config/2.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/metallb-config/2.0.0/ix_values.yaml b/enterprise/metallb-config/2.0.0/ix_values.yaml new file mode 100644 index 00000000000..54a2571f22b --- /dev/null +++ b/enterprise/metallb-config/2.0.0/ix_values.yaml @@ -0,0 +1,77 @@ +image: + repository: tccr.io/truecharts/scratch + tag: latest@sha256:1a9a10a0a5f5cb5fe4b30ac6d9c56ff87ad47f3f3490bafb6938fc155230131b + pullPolicy: IfNotPresent +manifestManager: + enabled: false +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +service: + main: + enabled: false + ports: + main: + enabled: false + port: 9999 + +operator: + verify: + enabled: true + additionalOperators: ["metallb"] + +portal: + open: + enabled: false + +ipAddressPools: [] +# - name: example +# autoAssign: true +# avoidBuggyIPs: true +# addresses: +# - 192.168.1.1-192.168.1.100 +L2Advertisements: [] +# - name: l2adv +# addressPools: +# - pool1 +# nodeSelectors: +# - nodeA +BGPAdvertisements: [] +# - name: bgpadv +# addressPools: +# - pool1 +# aggregationLength: 24 +# localpref: 100 +# communities: +# - 1234:1 +# peers: +# - peer1 +Communities: [] +# - name: community1 +# value: 1234:1 +Peers: [] +# - name: peer1 +# myASN: 1234 +# password: pass +# routerID: 1234 +# bfdProfile: profile +# ebgpMultiHop: false +# holdTime: 10 +# keepaliveTime: 10 +# peerAddress: 172.30.0.2 +# peerPort: 179 +# sourceAddress: 172.30.0.3 +# nodeSelectors: +# - nodeA diff --git a/enterprise/metallb-config/2.0.0/questions.yaml b/enterprise/metallb-config/2.0.0/questions.yaml new file mode 100644 index 00000000000..2e5c638416d --- /dev/null +++ b/enterprise/metallb-config/2.0.0/questions.yaml @@ -0,0 +1,364 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: ipAddressPools + group: App Configuration + label: IP Address Pools Object + schema: + type: list + default: [] + items: + - variable: ipAddressPoolsEntry + label: IP Address Pool Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the IP address pool + schema: + type: string + required: true + default: "" + - variable: autoAssign + label: Auto Assign + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + schema: + type: boolean + default: true + - variable: avoidBuggyIPs + label: Avoid Buggy IPs + description: AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. + schema: + type: boolean + default: false + - variable: addresses + label: Addresses Pools + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: L2Advertisements + group: App Configuration + label: L2 Advertisements + description: L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. + schema: + type: list + default: [] + items: + - variable: L2AdvertisementEntry + label: L2 Advertisement Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the L2 Advertisement + schema: + type: string + required: true + default: "" + - variable: addressPools + label: Address Pools + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: nodeSelectors + label: Node Selectors + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + schema: + type: list + default: [] + items: + - variable: nodeSelectorEntry + label: Node Selector Entry + schema: + type: string + default: "" + required: true + - variable: Communities + group: App Configuration + label: Communities + description: Community is a collection of aliases for communities. Users can + define named aliases to be used in the BGPPeer CRD. + schema: + type: list + default: [] + items: + - variable: CommunityEntry + label: Community Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: The name of the alias for the community. + schema: + type: string + required: true + default: "" + - variable: value + label: Value + description: The BGP community value corresponding to the given name. + schema: + type: string + required: true + default: "" + - variable: Peers + group: App Configuration + label: Peers + description: BGPPeer is the Schema for the peers API. + schema: + type: list + default: [] + items: + - variable: PeerEntry + label: Peer Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: The name of the peer. + schema: + type: string + required: true + default: "" + - variable: bfdProfile + label: BFD Profile + description: The name of the BFD Profile to be used for the BFD session + associated to the BGP session. If not set, the BFD session won't + be set up. + schema: + type: string + default: "" + - variable: ebgpMultiHop + label: EBGP MultiHop + description: TTo set if the BGPPeer is multi-hops away. Needed for + FRR mode only. + schema: + type: boolean + default: false + - variable: holdTime + label: Hold Time + description: Requested BGP hold time, per RFC4271. + schema: + type: int + - variable: keepaliveTime + label: Keep Alive Time + description: Requested BGP keep alive time, per RFC4271. + schema: + type: int + - variable: myASN + label: My ASN + description: AS number to use for the local end of the session. + schema: + type: int + - variable: password + label: Password + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + schema: + type: string + private: true + default: "" + - variable: peerASN + label: Peer ASN + description: AS number to expect from the remote end of the session. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: peerAddress + label: Peer Address + description: Address to dial when establishing the session. + schema: + type: string + default: "" + - variable: peerPort + label: Peer Port + description: Port to dial when establishing the session. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: routerID + label: Router ID + description: BGP router ID to advertise to the peer + schema: + type: string + default: "" + - variable: sourceAddress + label: Source Address + description: Source address to use when establishing the session. + schema: + type: string + default: "" + - variable: nodeSelectors + label: Node Selectors + description: Only connect to this peer on nodes that match one of + these selectors. + schema: + type: list + default: [] + items: + - variable: nodeSelectorEntry + label: Node Selector Entry + schema: + type: string + default: "" + required: true + - variable: BGPAdvertisements + group: App Configuration + label: BGP Advertisements + description: BGPAdvertisement allows to advertise the IPs coming from the + selected IPAddressPools via BGP. + schema: + type: list + default: [] + items: + - variable: BGPAdvertisementEntry + label: BGP Advertisement Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the BGP Advertisement + schema: + type: string + required: true + default: "" + - variable: addressPools + label: Address Pools + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: aggregationLength + label: Aggregation Length + description: The aggregation-length advertisement option lets you + "roll up" the /32s into a larger prefix. Defaults to 32. Works for + IPv4 addresses. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: localpref + label: Local Pref + description: The BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over one + with lower localpref. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: communities + label: Communities + description: The BGP communities to be associated with the announcement. + Each item can be a community of the form 1234:1234 or the name of + an alias defined in the Community CRD. + schema: + type: list + default: [] + items: + - variable: communityEntry + label: Community Entry + schema: + type: string + default: "" + required: true + - variable: peers + label: Peers + description: Peers limits the BGPpeer to advertise the ips of the + selected pools to. When empty, the loadbalancer IP is announced + to all the BGPPeers configured. + schema: + type: list + default: [] + items: + - variable: peerEntry + label: Peer Entry + schema: + type: string + default: "" + required: true diff --git a/enterprise/metallb-config/2.0.0/templates/NOTES.txt b/enterprise/metallb-config/2.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/metallb-config/2.0.0/templates/_bgpadvertisement.tpl b/enterprise/metallb-config/2.0.0/templates/_bgpadvertisement.tpl new file mode 100644 index 00000000000..27790c0e17d --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/_bgpadvertisement.tpl @@ -0,0 +1,33 @@ +{{- define "metallb.bgpadv" -}} +{{- range .Values.BGPAdvertisements }} +--- +apiVersion: metallb.io/v1beta1 +kind: BGPAdvertisement +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + ipAddressPools: + {{- range .addressPools }} + - {{ . }} + {{- end }} + {{- with .aggregationLength }} + aggregationLength: {{ . | int }} + {{- end }} + {{- with .localpref }} + localpref: {{ . | int }} + {{- end }} + {{- if .communities }} + communities: + {{- range .communities }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .peers }} + peers: + {{- range .peers }} + - {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/metallb-config/2.0.0/templates/_community.tpl b/enterprise/metallb-config/2.0.0/templates/_community.tpl new file mode 100644 index 00000000000..3cd66f96e98 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/_community.tpl @@ -0,0 +1,16 @@ +{{- define "metallb.comm" -}} +{{- if .Values.Communities }} +--- +apiVersion: metallb.io/v1beta1 +kind: Community +metadata: + name: communities + namespace: {{ $.Values.operatorNamespace }} +spec: + communities: + {{- range .Values.Communities }} + - name: {{ .name }} + value: {{ .value }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/metallb-config/2.0.0/templates/_ipaddresspool.tpl b/enterprise/metallb-config/2.0.0/templates/_ipaddresspool.tpl new file mode 100644 index 00000000000..f4c020920f0 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/_ipaddresspool.tpl @@ -0,0 +1,17 @@ +{{- define "metallb.pool" -}} +{{- range .Values.ipAddressPools }} +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + addresses: + {{- range .addresses }} + - {{ . }} + {{- end }} + autoAssign: {{ .autoAssign | default true }} + avoidBuggyIPs: {{ .avoidBuggyIPs | default false }} +{{- end }} +{{- end -}} diff --git a/enterprise/metallb-config/2.0.0/templates/_l2advertisement.tpl b/enterprise/metallb-config/2.0.0/templates/_l2advertisement.tpl new file mode 100644 index 00000000000..beef850b9a6 --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/_l2advertisement.tpl @@ -0,0 +1,22 @@ +{{- define "metallb.l2adv" -}} +{{- range .Values.L2Advertisements }} +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + ipAddressPools: + {{- range .addressPools }} + - {{ . }} + {{- end }} + {{- if .nodeSelectors }} + {{- range .nodeSelectors }} + nodeSelectors: + - matchLabels: + kubernetes.io/hostname: {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/metallb-config/2.0.0/templates/_peers.tpl b/enterprise/metallb-config/2.0.0/templates/_peers.tpl new file mode 100644 index 00000000000..848e72462ae --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/_peers.tpl @@ -0,0 +1,51 @@ +{{- define "metallb.peers" -}} +{{- range .Values.Peers }} +--- +apiVersion: metallb.io/v1beta2 +kind: BGPPeer +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + {{- with .password }} + password: {{ . }} + {{- end }} + {{- with .routerID }} + routerID: {{ . }} + {{- end }} + {{- with .bfdProfile }} + bfdProfile: {{ . }} + {{- end }} + {{- with .ebgpMultiHop }} + ebgpMultiHop: {{ . }} + {{- end }} + {{- with .holdTime }} + holdTime: {{ . }} + {{- end }} + {{- with .keepaliveTime }} + keepaliveTime: {{ . }} + {{- end }} + {{- with .myASN }} + myASN: {{ . }} + {{- end }} + {{- with .peerASN }} + peerASN: {{ . | int }} + {{- end }} + {{- with .peerAddress }} + peerAddress: {{ . }} + {{- end }} + {{- with .peerPort }} + peerPort: {{ . | int }} + {{- end }} + {{- with .sourceAddress }} + sourceAddress: {{ . }} + {{- end }} + {{- if .nodeSelectors }} + nodeSelectors: + {{- range .nodeSelectors }} + - matchLabels: + kubernetes.io/hostname: {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/metallb-config/2.0.0/templates/common.yaml b/enterprise/metallb-config/2.0.0/templates/common.yaml new file mode 100644 index 00000000000..05373874e9e --- /dev/null +++ b/enterprise/metallb-config/2.0.0/templates/common.yaml @@ -0,0 +1,21 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $operatorNamespace := "metallb-system" -}} +{{- if .Values.operator.metallb -}} +{{ $operatorNamespace = ( $.Values.operator.metallb.namespace | default "metallb-system") }} +{{- end -}} +{{- $_ := set $.Values "operatorNamespace" $operatorNamespace -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} + +{{- include "metallb.l2adv" . }} + +{{- include "metallb.peers" . }} + +{{- include "metallb.bgpadv" . }} + +{{- include "metallb.comm" . }} + +{{- include "metallb.pool" . }} diff --git a/enterprise/metallb-config/2.0.0/values.yaml b/enterprise/metallb-config/2.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/prometheus/10.0.0/CHANGELOG.md b/enterprise/prometheus/10.0.0/CHANGELOG.md new file mode 100644 index 00000000000..798fd1463f0 --- /dev/null +++ b/enterprise/prometheus/10.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [prometheus-10.0.0](https://github.com/truecharts/charts/compare/prometheus-9.1.2...prometheus-10.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [prometheus-9.1.2](https://github.com/truecharts/charts/compare/prometheus-9.1.1...prometheus-9.1.2) (2023-07-17) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.45.0 ([#10551](https://github.com/truecharts/charts/issues/10551)) + + + + +## [prometheus-9.1.1](https://github.com/truecharts/charts/compare/prometheus-9.1.0...prometheus-9.1.1) (2023-07-14) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.45.0 ([#10467](https://github.com/truecharts/charts/issues/10467)) + + + + +## [prometheus-9.1.0](https://github.com/truecharts/charts/compare/prometheus-9.0.31...prometheus-9.1.0) (2023-07-14) + +### Feat + +- Enable ScrapeConfig ([#10440](https://github.com/truecharts/charts/issues/10440)) + + + + +## [prometheus-9.0.31](https://github.com/truecharts/charts/compare/prometheus-9.0.30...prometheus-9.0.31) (2023-07-11) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.45.0 ([#10397](https://github.com/truecharts/charts/issues/10397)) + + + + +## [prometheus-9.0.30](https://github.com/truecharts/charts/compare/prometheus-9.0.29...prometheus-9.0.30) (2023-07-09) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.45.0 ([#10340](https://github.com/truecharts/charts/issues/10340)) + + + + +## [prometheus-9.0.29](https://github.com/truecharts/charts/compare/prometheus-9.0.28...prometheus-9.0.29) (2023-07-08) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.45.0 ([#10265](https://github.com/truecharts/charts/issues/10265)) + + + + +## [prometheus-9.0.28](https://github.com/truecharts/charts/compare/prometheus-9.0.27...prometheus-9.0.28) (2023-07-04) + +### Chore + +- update helm general non-major ([#10135](https://github.com/truecharts/charts/issues/10135)) + + + + +## [prometheus-9.0.27](https://github.com/truecharts/charts/compare/prometheus-9.0.26...prometheus-9.0.27) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [prometheus-9.0.26](https://github.com/truecharts/charts/compare/prometheus-9.0.25...prometheus-9.0.26) (2023-06-27) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.44.0 ([#9968](https://github.com/truecharts/charts/issues/9968)) + + + + +## [prometheus-9.0.25](https://github.com/truecharts/charts/compare/prometheus-9.0.24...prometheus-9.0.25) (2023-06-23) + +### Chore diff --git a/enterprise/prometheus/10.0.0/Chart.yaml b/enterprise/prometheus/10.0.0/Chart.yaml new file mode 100644 index 00000000000..1a2688ee699 --- /dev/null +++ b/enterprise/prometheus/10.0.0/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +appVersion: "2.45.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 + - condition: exporters.enabled,exporters.node-exporter.enabled + name: node-exporter + repository: https://deps.truecharts.org + version: 1.0.35 + - condition: exporters.enabled,exporters.kube-state-metrics.enabled + name: kube-state-metrics + repository: https://deps.truecharts.org + version: 1.0.31 +deprecated: false +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +home: https://truecharts.org/charts/enterprise/prometheus +keywords: + - metrics +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: prometheus +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/prometheus + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus +type: application +version: 10.0.0 +annotations: + truecharts.org/catagories: | + - metrics + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/prometheus/10.0.0/LICENSE b/enterprise/prometheus/10.0.0/LICENSE new file mode 100644 index 00000000000..c30fceb4a5b --- /dev/null +++ b/enterprise/prometheus/10.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Prometheus" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/prometheus/10.0.0/README.md b/enterprise/prometheus/10.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/prometheus/10.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/prometheus/10.0.0/app-changelog.md b/enterprise/prometheus/10.0.0/app-changelog.md new file mode 100644 index 00000000000..4fc9b64f5b1 --- /dev/null +++ b/enterprise/prometheus/10.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [prometheus-10.0.0](https://github.com/truecharts/charts/compare/prometheus-9.1.2...prometheus-10.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/prometheus/10.0.0/app-readme.md b/enterprise/prometheus/10.0.0/app-readme.md new file mode 100644 index 00000000000..93f59634eaa --- /dev/null +++ b/enterprise/prometheus/10.0.0/app-readme.md @@ -0,0 +1,8 @@ +kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/prometheus](https://truecharts.org/charts/enterprise/prometheus) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/prometheus/10.0.0/charts/common-13.2.0.tgz b/enterprise/prometheus/10.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/prometheus/10.0.0/charts/kube-state-metrics-1.0.31.tgz b/enterprise/prometheus/10.0.0/charts/kube-state-metrics-1.0.31.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c41db52d7884321ac4904466e4753b1ed3d54271 GIT binary patch literal 135528 zcmV)XK&`(YiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ(avM3aAUeP6DX?_U9jim6_)SUYdgI8F+O2I_Vo0<-v%M!2 zU=>JWR4h~%P?XgkZ=Bb-5xXyUp5z8T3-v`7Ws0`DSuxWVtAGTMNF*{7iOla7U=R=n872Web^u^ej9fndv_Ycj!R_hE<$0aPVMro& z3~KyyEnm!q3{FXe5j_U~asU9J4iq)z3r{2Hp=0pQfgyg6B8o|H3>Iw%hN1b{ZX7k* zj)y`Ncqni=V5bfOI7i38CG$B68~`E|5{em#9*@C{v5+1g9Qb$~!RWEB+DkX>0I<+4 zwAzhUx6yYzMBNC7OuWo527oDmfZ}=RBS2BKz%Bx81{v@%WhkJ45x`~${1T5*6d;E9 zh);$WqA-d83_LJJ0g50)R3inzF^QR|Ct3q!B7TtZKatC5!U%|@r?eC-9Fc}n@ePu%+rwXuT#H#^;CmjCzrJO00wXDd7wPZ4FufX-mM*FSE0 zV~8e)<8Jq`b98jrANMDNcHe9Dd);wo(uA!+bKv&d{Z6y*_QtN;Kk77LYl7U)xb1b_ zfus4UcMNLnX1h~w_UrA#QEPDA?H+dqjrQT;(crM#>i^H$x3=8Axu;qkapv4v!|Su6N|2qt>|V zPP!A=88`b!UgxND)I_arA3BZ_z<77L^l&UhO)i>J`KSF_e2NGoE>VI)@>&S9ht0#L z0{}(-M9C|%A`0Nx=e&iFKHoyFd~uyB&9@xqfkgK{fnIh<-ff6n4c{e+prnDM2MPd; zrquq;Meuq(LQ3L!<)Vn;2^UHb#nS)>(+K?*BPwL6(n=(l;OQKOOAAFL_$L`JE8;;k zCjmuE8}m@;lgBv9PnH7Wd@f@=V z2GgZL<}uf{g6RVq&j`7f7>*;Ufi0=W_hlMFcPa1yF-}k+Uy^uvN#ZU29`Ze$D>!UH z{CJLBAL98s6_%DIo`-1^3$1G$d(-8F5fX3N=LiX5dj)l=QoKdJoFd|{pa}ifZ!uwT zSwV{2XnEU;Z7nUrIqM|$SB!!(62U2-jU27M$P``h1@Er01QyW8-jirk&NyTYx-+?c zt-@hM#wf#@e7rybqM5eTJ zZny+YNWAONSW-CB=Ohl;t(^T6*X6%Pco_B_jLHN6yxf19HiZ;mOSoCr-Z zWpYcdI3d*}&Mji9K$P8B>uZy1naI3Ne57RYEjGMD$p4Bxd4^7i8Gc;Zk!7mMHW6a$ zJm11@T%=`f5g#kmx2^W1P%qqK53&m9R-4XfvYXrCD$rn|lDx4VDBZf^zEPryKZlH1 zu}3Qu{%=ASscK{RN|Ty5WUSvIN14ads`(30uY+@;p9_}&J#GXb7@G5Ry}sT``!bl2 zNcaT^8$5^u5Aolaf_wDXP;mdAoJj|&NLtolK zDs-@@i%FLRl%%g2^9lgJ{)hSV1t(n}ag4qT@B|OV#&$ARrzpA*02x1>B8t^7-{dH1OOBx zc^QYF{z=BK{&%hMW6UAdLjkGrW9>6|^$N81Qq?9TItIOY>YbX!Z2!;#MVLJv12@8g z`#BD$Pw4ZKBt%)um?Vs^edzWLJq72#49!CyGDHuqu1Dv$4fc_JSsSbTKbkrJzkavb z*`5Dxx8l>(6P(WwM z_rcUBV=(8+FAk>rAVNN5c!9+EyY(Ihp7R0(XezWA@G^|h1b;*xc))B1{@Y#yTnGLm zAc3gKy97cM0Urmb;WW-}?`|21kn;kZ3I+wPV1j)_ogW+YA#{FhjN!fWV}s2@=g0r;ya4ZEgh@=n#o0M^ z8ev5KiCpG1u!rD*EEkb~I*kQ&iHA7s>kn7wH@5<)&?l|?0rHdc0`PTK_lQe@*>as9 z8&ksOq3^r^;>(2i9*Ud;{=<0zuuB5r+b_KGH!%MN>;LlN^!)1fd;`GMv%>$g)oXV$ z>%TMT@Am(#Jg;LaoM*tTFo=Om?4p1o&}y_CX9y!WM+`;OapVWCncL53hOBEDU?>;H zKEUj66p)8N-GC84h2b8LV@4vXz#$KOAkqDC3Aoyu2u@%CYv5<(&w+UBoG5z@^uard zz?%pL>=^um#9$5|K}?ab-S`^*1Bvbd4nP zAdQ8}egf?th7nm{4|ye^$Yg?DVOTQWwfn$@4EkgWNTdKaOz)vj37Ers1i}a}AVVc^ z=fsmG8%Vj{3KX~s1^XqC1gnoZqEa|&I3?xz3{8mdlLx*vxR4?WV1)L87bDdZ z9Dx9`n7`!XDFNi62@a6QvHiECUEY521o?b{Vhc;-`9AnFbrXY z0;YffG656lVjs(cc|P0&Wk$_EVMOLc6ic@X#*cu_aO8myMhqhgjEy$?EHLpUsfc@K zm})#U9OrZfgDC=MkRfYjx0}6Yz1gZaTc(6su)0vE?)s2-HF-mW8kAH^s_g^oGZexiyViO zWf?1bDTeG3H|A~a1J%@j{pbHtCI0I_|L-1O?*U-|2H-kGfumq(M1h~l16rVHUsO#o zFYthUAD{&aSPXst5sVR-Lk|JCfY^s)A34&5tUzbFC%BQ=fW;CNeZ4f(qsPF|M+RIH zK1O&tW8kH`2incn0KA0}hG(zADTzWNPf@_hcpsejKDgmUDY!x6Dx%kL{_8*gPYI6x z>p%amyy?gy=%G1`?m4Lx18+D^eUp#lEZu`fD4J6_!FmeDC&Kb3U0MS1cFK-e(9{tJKi%gv1e>0T={$ zfg%c{N8Qf}jwl0RJod5cKRSjEff=vj1rX2>xqK(lm$nLrY8`<%hH4*X*q!ku0bDXi zR5ofakHUG1Buxr{4lm32^y*gAtVYg>nOQ2~=w-sSga}R}7|tAlS^)|NkZ}xNOn7rq z>FfcIAi3aOG7tU7gjq-Ew-`r~Ejex+amMXG@-~r}6~0{MiOV>@V)w-$=dnP4p zSi4;Wd@?0~OcIvPWf^--Qt(oX`w~@;md*iJ0E1MVkRrGjpw#pvSt>UQ5b|NHRf{Pq@H-++s^!^?~Fvwd)Jb$a>k?BePT zc=_RC^z-$*5xBf~doeoUb@ps%*FQOL&u>nDKDip5yuP@+82w`({B$w8;t+qjz5yp- zcycqkIDL0{as!6%Zid&l=lkI5`l^0$_0!G8)tmFT=U1bB-YaKxF}gf&IF6Q3@*9oV zW`&yyr*f$kCW!v8|NQ@`l&Kgo(yO3NB^wA9LpWFEBucnKm@w63rk6@o`;O8x`Q-CH zWw)ABvOt08F_|Qr<{0_pflKB^UmfQn5X=dCD6-a{CH<6-Rr5`&*G^sz4B%Y4aF}84 zC!KRmrx?-lp}`jPeMhQH5pr>ek?MS2A7_M1$!0ZKO!(MwS`9EFN-}xmxXX(M;?#R2!R6fn$rl*Wyi|k6?NDVo)T7{8z3d28l)x?YPw5Q zv`J#&d?MsisLTOvF)Il3`8@_N;a&nPu;EE|OD3Aj8;XR?@MI1g&qKobW{~Plgt&w% zWnm@zO2SUbezw3ReK2{!BC-45I9gtg_W%wkikR9eKQcapS0vzb*KnLpn&NE1qTx8* z2Dl<(X-SnLy=AGbM41ZUW8?ceC@Zl4-khJDy*+Qty-l^T;{2!G%*X#|ciKDq?>3$n zKu)*gym$fLh`<^?xCkc1aV#^Z3j@ieD1*K)t#)I=X5hzwM04o>Xc=fJkmAls7*f85 zIhd=HTOeXdH5_F~0VEJwl>jLH+N>QmRYyXikCdUgQZK~$6Y?6;;xs1_Dlj{VWqJ~Z z`#{^0X2`vlwo>9!&0nlx{`!E%6f^W6FDr*$+H;&Ae-whJ^cGZRBoo|7$#@9FA!QMQ zbD$27q-+~J0!(SF_^#!3NM|JWJ&yDUV!m(w$~T^*V@typNstEtdN^=rgiy5ihxqG<<#^t6>fki#*BPcRiM*t=CtozC(*yRN4o5$K7_o>~681F+eiaCKGO~n$ zOQI_zV(+vfPi2>dpkwqAQ)ZdK`FPN!c{Q7Bl5ve1}Bq-Gc?vsA<2O`ycaf6 z@T*4xLByqqrm|0aK!{`NNQGA(L-$^{pAgw2-;|{I34{OUI6oGc20^{#Am_*LYctzD zYd;11KMcdVDdLT7)9b3}px+@bcFet!A^;U2jhi zRrdBA02~0m_Dns`Q?UL;d!VM`(En_`(UGf)-kq7y4WAwBv%W*xvg@c=SN1Ej*xy1N6n=OODK4&Z;w@m{ zBJZ=~6n&Q0elqQ=s4ezebu;FM5cb(gybKmF!f@=P)RicpucsV?8t*Ys5npPK?d@RQ z(W!A^YbZmrm^(NmkVk4le3LP2q-Y++0o?~=!jRNg9?3*NDWVat9fU zXeKflFxS95?6P!CQ9O@|TjV2`k?2$gkhvHZpi7rI|HvXpKNq?qEJ33E6d@E0xgdRN zUm2{GR4>BGn)s=Js{*{0eNGQt=wRhVli~9bmyJ9fF?qKLN;XmhU>FFg;foWPe6wISqQ|8UhfMc{zt0~JN8j8sU`Uva3VQ+}#h z%o4IFBB)G}A@Q=Ch>g$53S>^!#H2b>mBw)L5C|6q9n|4j5SY?eRFnuCA4*G3v8Yrq z0{aUrKq&OQjI!YpPa0xVa}yv&XBp9C2#>5 zjA%oG;_Q^mN+@6gYJ4#0cbm;Yub0YDk~HSjK`LE=Q`fl-zG7k$)dR_rRQH@*)`acM z|H}2hfouTF*MG0y>E_n|pwrx~|7|=X7|t7E-BUq!9BJ$0o9GJ}+lHn5dt_M|kHyJ^ z*I81*3Si@;!`WC>PdrZ~NrL|6Yr70!#Ev}%J@2h7bYjC%l6eA&Nzr*ZBqd*$LVAk> zJdfuhOry|m1)3ZH<~X=g?~cJyv)OdgVUT!BjD%oLC=&tww0o{%F4j#YHwdSqw((lk zm+~otfmesVxE3pe0&<`yzORGXI1}jmW9Z&1#e$ldI}=x|0Mr80sShc=f^+4KB^-6f zNZ$V9d>r~d7`{KHqW-CL`5+4vMX`@OaT#~`{#16rfU_GD(U3&EZy|0uD){$E@Hv$N zAyw9x4OF58k&Z#U8k*DzGUj$+wUKN@RgujYTS%^7i5_Wsm%Ngd!-bozc7ynAsey+J zSN={SOr;7B-=Bh8{5z6G`CrGN)oi}O*@Ev+N4ns`WlIVU-=7}v!Y8haCPL`Rh#dMwiH4d2~d9?Q6uA@NQx&TiB%x^T@eN9{^dj|B>VlTmC9=8U2Y zbP2(;(MM*OWWvMCS*0oCSP5Jt?HJQZVx35g4AwgYz3ae#ydi}BgncAE;4A|a^nLO$ zjPL^cXo}9M3#BKW9se%WpHorsC~{pg4~G$%;3RyW6i9F4fK#br9paMKj98dr$xVgR_>5gN{H|yK} zDGaHNB0&qocNb^HvtDW5fdG)qsDSzI?aA#gUj$S@I0m(5v)!&~vK@LA=Ix&chMR=>N-NC&@b~8fRm5fN9emUf1q+ie(jJSlvw}mSm zOg;G=A+b~Gi8}Eg;3J=XFQEFJl9GPHk%(dH1yml|$gz?z6=zZ>1q?i5M?~ej&M~O9 zYO0GTK86(ODd*C%K6_FUJ|n)mv!V-8cZR&!N70pNK=Sbj6Tz0Xu&Ulik}YLlFHf_g zQKB!PVG_KFpo@m--MQaXGyBpbE^Dj8QKS4~_Z#7l4d0b-WQF}8Nf zui~U*MO{z=3*T&$IT1fo)v71zDQh|zZ|&13(0DIx2TDM1@BuVL1%GQJkPDToF28e~ zSSYV(fucuwGfSPXjD6&c{^v1xH#$u%Z3W(5*@a03t1Rp#i3iK_0TwOHOqM{$ItR73 zOWA!(W3`81y*}3agI6{XIfrN-vd1$l1q#7HhcaE3tSn24iIN;c7#tLg1&n;6(+#fO zzyd}Gy!xspqPTP}Dzp&Af!gXl9M6xzTe0OYZIjKzCpO6D;Zn#RTF}}2iNHOyIH0rn zdZTeN$L5lfJXAng7r{S~%XD-jdE;h|JBW}YA0}5Yi4*q!lQ3Q7J zF9L?533L%n`F@B-p1BPn|7@h8Q!7>3MgYE-sZ4TWZ;RNVyWWpk%W^orf-4BN{_jloKiEvR`G;{8Jy|`ACPc+XF9eRkDU# z#Kaw$J*TK(zIQJ4QEtv#jJMg8!FG1oH4ym|Q=9{_iqi`e+7&dvPIWBBCXU8*tJ+!2Tfa zBJtO$!=)F%jVU8@xz#fA4>{QNj`047 z$WTkVR0n)8K>gx1P~e%b>E9DVm^D)`z?pq&F17UZRXCQt7nnL{2Sn{l1!sINnM<#l z>ktL%YJKLCn7HRBMmR!0fqDnGau!Cj~<_Tq(VRvtD;cQyrF(6RKOlne_52zgZ9 z{x@0Nt3>SQuY_WaJ!7sif|L5ql~D7Ii=$FX6T7HNZDVhiN&aT#Gj*IKz|k^c@Wz%phyQPHoj@M%ZV6oYVdxGR4;Mj;D6Ib^G zJVBHRFhuS`j(+(T25>4DPgb^|3{G({O^~R#jVT}~-V#%M#Ec=qnfftead1&FL%1q# za({Okoo=IJl7F||cE8gf^xM6o!)~Y5Z=#mlM{W0TJm?|su-`juyGNa)alZu*-Dayj z@jA%uxrgmBg6L?x)G(}FWvX^nmp6TFHd?L3x{dm<-ESXud!5#}-EAKBd$2j~w7iyk zc-ZNoLxfs~{r2GK$USWJo2@SDy1gT})or%m7`5Eq(!Mf?eX+k(?X0O_dfRGryGd_b z?e3)GdaZtI+-Y|D?szb0_1o@X(meFK?W0z=(?(t!4Vv9P@&-NFal6fl=M8#ZYwWhX z&T^BxaZRe)U0$OutC$XV8!fBD{XwsJ*y~QlM~6qvPPg0YwYu%epy_s+?%3@gdT`Kb zw!F>+9u7J^Z{i-hosQS;bPfl-4(fK7b{P604l3hTmbOT?b(rL5onH6osC{%e>2=4b4L#KD_nL>W)#|(5 z?Pj~#9iVov-5HO^z0MKGIqEO%_Z&tTdgG^cTU9RXb@!+ZkNUl%UaRGG+J}c@cr@vzVU+i_cHIV)3VA}Dx2yh;K}rZT%Z`E*$#%$39Cr$v~^7*e=Wfp|oCLRkQ~0w>03 zy#gnyR$bPr3fDgFPIK7S@;#4z&K#rgw|(3Dp!$9n?1BFYWS3eaps zFF5;cH`}e|QLC%*eKhIyQLo=`qC;DEz;<^$=?xB>&B1sw zM*U6)HJh!&E^4FkWb9VyLse8enS60FyoXA1oyiq9LlJ5?FYHiMNl_I<2YM>x8T33E z^TU$?uVC~D?$INlc#eG-=};bjn?oG@O~YxFPO8>o%JL3U6%SkfZH=Nx-%2XKh4)Ic zmvKep6**NEytG1xj}hGm!a%YQ5OW)i#-2{+cOmru2mwrGv>rBt0cdG3`!aMcmFR`i zV3d3owP18F;|{4VGzzTp_K+1YOl>GooQ3MaHk6x%zQ&Xt`n6Ix#mGfiJQ`0X_@jv- zXY@V09SM~ezcvbM0`nwh#K*zCJpm$ip1E}h1F4n*JV;uepKzrOQhI;OsFFr%}Vz*VG%DW5}H2ROLa#@ z;*%Ez)%~HlZXE?)J=XWLCfWHiC-?3Q;-Ef;6uUMNCT;&Aus*j*Re79PKELL`Lm@!< zGf*-|{4e#|xHRzh+Q(Nr*T~R|_N3W9#nQ$#ha&d7<|mD8H&Q7`?@c}!zK`mqEYb-d zgJ6n-k0nK!PwUVX{ttXnsud)?u)lnuw}>fN`Vy*V92X9({L2R(L~{~Q#FipSfm(u} zr`NO`&(r<4c%$$Zslu*bfEx*%TA6x)xD|5bST;h-{RF%KH8D||iM_}O2{S^i%my|a z6kn1>D!cwOp~7!obV|n4(`kXU=nz6m_3(|wQ;HsS^byWOA2od9Lf@3gbt;5xmUM~( zNDiX;r*w{EH9e5c8lYO25|ise>YY4H6Z?+`@I?5yTUT(ve}Ba_mTtY7gCt$Ehay{4 z+J7NAxX-nuw_a*rq?Ws9a!zMRfj5(ZB34dy$ih9L8f0mjPDnPHpV8%QmRuU(H5UTp zQQnn~%quC2&p;@>zyM6ojwb3ih*7ocd&(Ko-hug|m|)-6=lwplxQEF!FUdVcWp(CL z!%d`HA)nAO0xp@4Mc6|byH+2&C57`MKm|CdN=XF+J`KlOUN1By7cCMg*}py?og8OY z$rLj503Sg_Vpc`SSLMD;!WTd|V09eDA&HGn@Gr@;#Eyz!B+`s9Xo9a#kjl7|IKLX-G@BY~N!g8PP z13TqgdJgL#b#N@72ZX0Hrtc(ytVm@g+c46l859m&GPg(9NW6v2YEC?=MLm>}z=SN7 zkszeQ7?;Wlq#`5TA2^P>(Ocr$n7SmAaZG$+oWS+;s!%`sAS9k0AV|4{rc3F~*t1B6 zs#Et%eRC9;SB7(-zzYcujBs36=k9hO7jcrlfc`P)8Qf7ff}y_8W`D?tqB9cc4y4C# z2XN5nEw*?ZiPH{nv5ojxq$snNKrT*o~=3rZypQV7EDgkyoEU>|>RJ^Ti7=x<0!;)|bQ#AYSM?IFBL{<-{&%$OnC7 z5wzelqCB}KibW-Jd#wv8+Ik^C3C_)t3OvXlWhMnOly}knaWW-b*5>1B2qde|`U?9h zXxgk*0!@9c3N7JUWdM^BRbje5i9MOBu^vv#;HFDehK(XtpDSZ=8Dy)B<)b+gG15e~ zW)&Xaq@YF%k+J}KUY!I~WaXpAI-!rltRyU$auuxn7)6HXF>AEEWux4^A6}{E8{mRf zXqto0Hg0+7@%0tjx`};?#T(;WZlgfGP>PGU50o#~zCL8!2j+NAqz|-Qig+9P@RqOh z52hfD61PO;0S|={a)rYlu%e#HCM|o$NCPiBm6Romu`j>z-zKR;qJ0-YDT*|s+qeE2 z`(%8;g$R*H`{4eN9z=1_pwc#D$|d5rJgJ!pZCzxP6#lQ8L33QCs#r)^$f&E>q&(_wJ;(mi1b2)H@hWQ?-S~_pb08iP@Mh;yXSccVR?6KHmA_`audK z9IKXoIV)t zA*Bx_@;GBd0g0zGYf6LU;vx{zsVtj02|Mw96H?8H9mo@gClj?p8ktlV7h$0Bm$@ta z!X(|uI5AJm*yM4zbs>3zr#h&B+~60fqYHDd>KpEG>Let47J`C>d7nQEvBsscW>~4U zEl#Z36&e1;jSnF2ZBFnsnNJxyi>9b;DbzTWRT7W@q%>TqZ79G_Ww;)B2=b8m+vTv+ zMj>^#0RN6WF@>q6CsE;(BrUlPE;BZJSHr^6PuNEp%CFiG@%fILX(~lvoKCWYHOkDI z?Ts#OTpRUu9kW$^2p@?{|aUhW^L>|D1DtY30pq4oP)?{iwDi3=l z0!`r4OjT!Ad7!`J1dIm>@pNp)iUGX4%H8@e$mFTrEZ5N%?HraNS%!B9DniC1LQ zv1CUilK`P$fg=)dermC5anZ&tU7Y-S9uJ_bE97(Spa}SfH*i{(GMpD?=} z1|&e%crzWazSPwH!Gp$v@)m8bU~3o3Y7RvA?HFNPYBEQNc9)sDn5MkE#Bmc|pkQA| zyOkjHI?!GmoZE(Qmd;q75S6?t_?DLvuvNd#Fz1p7dT&ji|Jti3@uo_YhwQR$WX*h* zNX>Gw#1y^SJF1SYMIvTrpVP9PeLFnA*2~)lOF}qg?uuIgu~I28CT7`u7K2SL#2x-JN%P6#HPjfG*k z^GTbYV$>|zH&gp;ZnG47wF7{@oV09D&}E)wLomSeyMeg#C$qTgLn+soN68%3!w6{! zi$q`|4n9Qwd?5##yonfz>w}IPgwrRTPH+J!W-54o5Kgs+07t_Na~hPac1}E5MZZKj zLt+rm$0*{QNEkc=SD`_8U+Oy-(kpYym0VZtUZ%8;;>P*z7*a0N!cZBzV-e*m`TZi% z`P6S3hbVeSQ8dhasMq!JyEJ%nhNkWbYM0J9u-?l|S(+E0%f%wh>qOo!R;jcoH5wTqJ@afyBSUdUTQ>FoO%OccTEr;WUC=FnFnW=ALQVZaC5& zSTdEQ`KGr_6mcF~*sM4u74jlk$how7Y!lHtF{E3Kg4ECxydx99(-nS<%EWBuU)}eI zo-pM|*--A*!W46Jog*?OqXUY6Pxd7CKtQ-~|3*cmC{0gtZ?MpOPEVHvZUlb+P$sZ1;>GQK8 z@!rZ$*#&GkhijQ%_&SRtp8^uIFcz0=)kR@t%;$wOt_B8>Uai0R=8Q&_iqIqp%A7V| z^NlJce;%|Nt)qhk)*a_)2QSzR)svTX#s3r%^=r#!eSy1` zdPl4{f$*CbEVnr0l!rvweTpzplGs1zcjfJFc zHAE!kzfD|F;z#Raf!8V=KmTw_ga>>}{gh(kNz7(^g}N#xPc0y|B7E^0-zKIm(+9mW z{DhE$gl~Fstsp|e710p|N1-p|^RFFY{o8(4#{btY#q>a)jM^9c5AG7Rw!y-(1OY4Z ze{|dJPCEX7yWj5a@_%gQ`Sj`FM@NTak`5=rj+wCtkifZ6)*v03{y>K-ktkYt z@Fa;pDCxCflW4lSj1N=<_|=+F?1)2|cuM*DipQDe4}JtE;{H?46qB+dX#1Q`phtl~ zq3V26?D&CvkJsv({s8EYBYZtAJ~SO1T+n5*$>(vr)OHy=hgU=vXL z>!NNq^Rk$+2`BExB=&v&R}D1wGBmqzMWop()T-jmS|3DDZFq`%-0g!OW`qi`X;d}j z-K;WNe2D`OeUz0O@-AL;&v;MQz)KIiOrpD%V5P?UQ8R!s}9#P zT~C88Mz^r!Hxd8^EyqD&+xb;d_V?EoiT+g27t8-@TV5jmuaf`U-A+F%|2O;no&3Lz zN6PP~z==E(hnTh>h%f$7oCGm%K5FD%ZOyNcnD~C5!kVnT#aMN_s$!*N1~fq`eL3-KZOCG=CE3TFy^{(PKzDa-x~{1y{t z>eK<^+J?0!P9XL{P2K3#4tX4)Osr@;aMa2xI+d-mcM22OQbd@d3W4|g;D?1kUozl( zGs=ZMvZ97Re|Ds6N$P|JKezHcc9y$8%(FiKUxa}W z{Z%@m6}k53<)TWkJ@ODp==`s>;Qw)$ z-V@iq3NUb5$pWxq{dbx<{lDMb>Hph#%=%X|x*^@4uQLU4x%!_`we6fkM%OQK?BQ)_ zBfyXsm5bT73-FpMNt(T$+h#o*4RonB!P36I%&<_=a-*yF7QKbpe30tJ}L@&d-N;S0``JZ_jVupWhsV8VPFr+x3Y5J(<*&O;3s?-URo{z`+r^35?F#$DO_@S_VnWHrsOMKxZ>+xR=qFiSK&ot+gmKx z%c4%^3N@_8EnR-Se)O01W6^(dPXPGo;^zFr$>pV)ME&CK`rYXD^}DOHyW4lKug*ue z%D9t-nl)FLwPi!rB%zuuH^~SD1dGI4#22ty%S9{M-uYLXy%hAXV)3f4Y4YNd*;A}t z%Wi9$!iT3X1&(h`v053lY{-i>}1JMGIv$oaRFO!%d3?SaBgwYmt4 z!$sF$CUz7`mwLap+bI-pbIrU`*;A}nl^|H#d1<3sYJPg783b7oT)!Kg-+lTdA}h$!pp_iSmB?Pj<6S9lFBP|sUx8XJf4g8!rJ|}h z|8Irj{Gx9J`qW5QpmaS12$c7~0OtkL<4#t8R$0B0q4J6HpS%KI#rR*r{@-b4<-g9L zyF35g%46g|9ad8Zm6M_7o@)M=)yr-FBE+pYBuE?G^R%z}v&0zxwNdz8KTll$CTwdJ z4RFQ!@Ad{+|BpUr3A^>bg~zP_Q8p0o1~foJC2Q$`wRDR7+8YRLJ3 zO{%tn?>av3-)Z$AfzPCllqe!D##CgU!c?zAPq zIJ!H#x~8N%itz=%zd7MCIqvXm~fgx&He~clu263!6v+)|&>-|311oxjVUe zqY+c6xUPqwY;=6n*y!ZqQlz9gdyaNh;(>(F`J(&f{2xVV+o{~uRc`GFo-(4W;R;^d z?zgA8JW>9a0eUy1|MxoWLDv7T*=+CR|7|=*{+BZfUg~_CTw)PvHl(-QUPcK3IFK

?I^&OfA<(tG=yv>oIaMhR9jGV9TE8ls+-5f~2LEv5Y{u?jtBgH(=ceH?PXcF5j@d zcJh~Ni|dpvEL&;JtVxNBf|>@6DcVv%GL!MjIv*4}mKbg=nW4P|l`}#`B}e~JHoPQj zN$S$@A`Ha6VO?E@3a{~UH3!Cw3{f=4lwy@u%$hynetUH-=X)a09cFDV4>9*3U9hO-Bu9_cyx_Vk`k?%Ymi53cQq=Yv<&tE#oYIdIaDS{z8C!gw zs{iqMuB7~}*8c{BcJ}>+rRg#*`St9c`==3v{uS)tT3R(@~jd` z5@wXX0BomIGbi6F_kM&J&4w$KWmeq$wGYAzZv0viLnXMfpn*y7Nl~n3q~uzzYMw_X z9#>0M5KC)arGzfSVH_TaGS>CMBv;}bhFL@=xvwkW(z;W)6rBmsRTxc5))I3-tq8)C z5o>7;U!wU{AY6rOOR_FRcDVY=dV%U(0pX!_XT1#JcIQ%boCi^i@%r{?IYYzccvS`0 zL#!dT<(we_y)J4KYAyg$1-YyAoMpIE89G;@PL^8_b6Wjdins*ux_Hyz3qY*E+QEB(<&*r)AMbj@#(9?vWYwk3Jv@} z91>T^6YH{|?4D9=d0Z`HBwkE-9Wle|>QYG~1%54I!_*Y^ms$y^C8#YkOs=8-KhgeU zhuM);W&Hp?(AZ8_u=MZbiTxy_V#@A?&8e;`Q~DqmrHNYhbK2DqwAYvQ2V!< z1Hi>_bn^Q0{Pynk$>}fWS7*nd7EIV0QAYsy<>K=4_QS>K^ygzxk zX2OwxXSh4qt#)^?TXuIaLCf9w-%l^!ot>XuosT|T-~4iWcQJh5Ee-;*=w`!!taaDY zI@lY}{A5?*MoK<*#YlWkw-Gln{Z&S;!@0iP5qf{33z= z0y6XqdQ{S*KP3@nv-vSNKRvrW5ieyz`gX4`enmtkRM#nGPUN*G0EC?|xc_}qbLyXg*rnflgxo0i3|)~ z*wS&PJ{d#5K^X~8{Io4H1^bl<;+R)cp16rwR8YEc$34&=z zv`TZ*cgp119bK7=u(C;@^m1TkTb|&&2(MW1bdnmEM#SX+P7xyEylcnu8SyrOFV5vm6p#N1icRt zX6QO_k$N8?O5(`13r6U-7*S@uNpPg)-A41IDcQh@*LYT?uLzab%hW%X~R{ckX6X8r&Bon8E=tvprq zzfjEfA6@;+mND-#6(PZf_$u!)+Cp@?MF7I-n8bmrTjSs5U2clR zjZt-HJA!k>P-H}vIsAC%`WOZ5&Lu%`3~H@rvsu%MhMeR(4((1_WNWQvt$3?@0{>qp z^_O^7@c%Yv_8I=)-Q|DW&Lf=cPR(@}A$$XMEW^J*-KimO=>}F9^K7f)3T38V&8}zR z3U1o2w>_*?wbA9wij|Ql9Y8XqXhp%a)?)hHllLzxyJ#9Ws-;pQZTOyGT^0^gjwH&3 zS)8tOl<^Okf*Fd$Oc96dadmK-|7u^ z`~Nl`xywf+_#b4vk=*s=jw$l2o9w)<8epU1zN*KtkzLi&v`V?C zxrL#ceh+=@2^MG&xeR&PU3(0fJ3C1BZaMnh&b`~Yzpb6y(z@4MAGaZLmvy*wvHT09 zH)#H_%s~hM_CiUXifck&q$*w;DTw9I23F7pTMCJ{rIx6=2cnx>HN~UH5Y<2}BwkIw zlIKzOjL;d0#OuAHwUVCTt??TD*gVJXh`nrDZBWov`~IE%zA8h~gt~+=Rh-%C^IL_9 zZM;$Rk)bGn{zbr0G=VM}5--(@Coz)e>u;Fp-ZD;~JYR|D>nF$i?S54wX6v=y7VIJw zwgL!dQC3s~4WWMxMbI?@p>uFYnnFwU~^!qLOr`HQBrtyDbfNJKF1ZG}muhYu&oWn$=dbi~0~`dY4sF zzm|f!b>;MXQcRymDgBBHX`wP&iB{DsTmRg)?%Cg_>iGoy&&c;1^8f7hd+l8Q-<|%q zok!|_W=j9q3SdIH6*WL>Bws-VG_7w|2Q*-JO5jcj{O*-NL(MxaaHj?Cw7{JfxB-&f zX@NT}5d1l`!1eV%6nG)Q)wRFX_dk01`yZWdYp4Hh<55`)8GWknuwK z+n3?TM8cwCB~S&JR~lnQMKBqZCFVcNJqtY*bf=u{l(TP7Ig7^>F_m2wdR~MmMHTfT zvu~Js8{8;?xIG!Mb^9Xfd{-OxhM%YJ|F=GNt3?1^vHy44&8+`Vx6|6)|J=%x+W*Cr zZc+#k0RNDZfEwAxtion{lFV`R7|QSh_LgLQvH~w%3>V#OQmB$zsjK_;hgUN6rv2)N z{19~bm8|gMVd|0viXI#HhqQsoK~9KiLCRA*$8 z2^jQ;#5;)@5gCiVApcLdowNV+JA>W*->p1r#eYwxUL>%DX7bB}zsD2@(5n;vav$(t6Xd+{bdP^PhT32 zY8Jw>FjPMm^THBIS9f-$gquvrW`iDYQl#3x1e&40XNYRNS^PX_yc3iBfz#Vaa7B|& zp~&?In2ZTlI5Npif5CxgA@gO)l8`)*>){dceH6*l>jp6AZ3&&Hz}ulxE%q%c&2eyp zLLa*@9b?&gZ&h!pO7LTGrR2R;siP`M*(Sj+*OF8HJRQD!$FPromnkbyoJ#KO|a{=)w1FF!M zPk*L-OW)eFzWk2^5kYuk@qb#KPAhl+vo&b%7EpM)t*IGSHRbl z*Hx{}$m}+-FO=IAs4B9%D!QKho>L;L%R}|AQ){ z?C^S0mPlPO!+t|S)ENnk=%wD%nwd9!93Z5!8faJ&p6azOp|JntzU$=M*_MljXw8Ze zQZfigQ)P)Rm1#exQ>DKz(X9&lkXN$`3RP&KfMnBvh9qJpZ+Qluuzgl123|T(5(`(a z${fPz!d2du1#_e*MfZB{c@HA$uZ$&l{EBy{E>rMkk6tthkPtpEF$JjmDv(S>frZAK{iQ4l8nLt)PeY^O^7DNuw7ZyNaw|pr8CKlGn|ZV}e1*ZFjHON}6K++BoUc)uUy;HP(DpeJ1G}d&0}C;#Azd42Du|n>N!(O<}T8 zgt@$JIGOMSXenRGp+2hu+E_PZ&PyG50_0|IH7X7%PEo}9=W?wfe|1QtgXXvu3o-jK zam*6MYS^oRqJ~#iOsUTW<10fBtuvnr1T9OIR%n>|VNVlAAr>1+lcn7d#9);xAd8{{ zgS><+enhdK%N1U}z>^M?t>qbGVM5~}WHXu#=_p%ih;PNQOle|ZDY8No)(Mqap}^W8 z3nx`N52?CK zw7T7a(HB1JpZ~0v`{6GY;=i;9+4wK*_FxzPWh;*`g>NYL!?&0Bp?c1Tuaxg$3>^!gsyibrxYY}3X)0Pgl4#eX1;Eg;H4v9 zo;i4B)hgM9R|1haer0|6x2}ry_E=59T{;CDQG5%O)B8i(a0A?M19y_T7=BgWn=esc zzg)u3h*ICLcDflP*MY^LEC%KZ{C>Eg92V5CtPc|+oH zIC`E+uO0JwnIS(!5p5WlqPk|!Yp9QVWnD45i1jWpHS1c>7z%#14Ls9Z>zLy(GoM@U zZKkWWT1n@!PT>iqayF1Sp{UR3x1tg?b3ss)O}@}$@M}%^N!R`(L*ON_&=OGR8d5b- zs$2DCAa(EdK?1$Pr3L%0iM%{0O3J^B9k%Rpb-+m0$FadkX8)#wOHZJEbwGT<;W+;# z@tMNmYoECH8gBUn&uV77MuoE+7SBaqA=wB#>8?-_?L_?W;N9ih4P^`Oysa?m%_^7L(dZ){m|b`O9el5#3ru*i%IiOz$cg0 z?Xf8I@;b$@l^8C<@p+ZNy|K_SMh{rHH;6$T2)SQ@(OS<0 z`u-TY_h(YD5`9pmt?)Aw@RAF~7ZlXSg!t(|3Xv$D3AdYoc~wxj+^>UIyv4txs(lq@ zGeTS{%0u!!)4(eo0kJeaZE0%#A%8;|3fOz%$8&V*Lp8m3;==a*6&q-$YRWqeoCXmB_duKB|G5 z{3mtiKEY=BrOQ$Q3{Rw6U^zgLIC)A~S|GhaK7tfAk^~necFvuQ_dUya--pzdind+e zS+Vv+*$pP&-`oO!jROw{Q?<^`uibLrE%)7WPc3)iBbA{UhWJfH;&92jbF6I5Pu*8n zEH5K_RAWIZsQZcQk~m-+{be{cBoKU?-+L0mOsuqbf&5hYB4l}s8d(a(mLY6J36TNf<*Ip@7|>Nl6@nt zHkFE;oms1NIoFh9U*bEyfY@k_BhFCAUUQlQLXp`|Cm` z%1xG)Sw4H9k@gx)8&Xy^C2cC}w`bX6fOQXnQl-i6itRil40H)2 zw78v}2~P|{!Zkk&v$$pom%7-MIowuB&1X6C)pgP~O~ZEihV^YJ{Teb==v_jsYIiHA zR+H+kV4q(~d!}N66|abhL}IxmEhf4D8tMFU4+u|Z>8dTzkZ+gxo#F|2iGC~HY*Q2| z)emtcDWL@QGwl#sKpOoL>Mo}i>(2`M-}?H$%s07?0bterpLRc+|E<$(?)3kyJVH~s z6;ry26JSXkU-t}H5$MuW;G|5IbKs;j6Nxl=G5%NnyJzy#iNtid?-rNS-IkmzT@t*! z4yB*=UbO>YjrWbYA)1?)9Il9Pc>D^~u0!}+jB1%XN1PE_7G{B&nw4odec{T6`3lt1 zcV|VuWXt?w#azs_fah?EhOzJ8T7$3Dibvdg6v^1{|D-wrLb}OZd*#qeidOMSlwEh2 z&d+KCUjMLccapU`$$H+CtR+6X8L2ES&sB4(<5Cr$i=QFQFRGV5rYyr(ay&q)ok@Pb z${b4cf%&xIDnZgNFOY5(PmYwv{VodJr1m{}EUq0!cmWx@M~}sopTh4%#YUEy6}G>$ z(R`+St`)Ng2h+0@CR3NuGcD}dI%Se`M=ffHV0YxztwN=y0P?$|SI@Jka_q zg!7<%c^>(IeZM3jv>vI1QqjB8jA`SSeCWc}vUQH%ClbfX8#StfBQ1M6is4=an1Kb1 zFdX}c+Klyw8KggtM#EcuT4F~-H3bM|<=+WqI(u2s_fW@uF+pgofh!YMsKU1FtE~SS zG|1DMdfMzFN;Xiyhm;KsD0j}6Vw;lX!iX^965l>vtR-939;nS23$2h4M#4`aNJSB? z9LmxhrSZzOnZlzuJmbC6FN#~$AD1>-vUz9DsA-5?41E!RUP!u9hB{XnR#m)y{qtg2 zOT^KGAAx=kguU({`F$}29zj%i=0(VV1SAmWmm%@=NvB0?%7rhH>@?McK_6*sEXyoJQu z2NM#BoksYoT@3dDC7Op*@IV3vSoA0|`s2Wp)6J<*@&W~jH<2B-3JEKgU*^`M)uX-4 zuXK4S^JZ%ZL$5um8ef;Sg1o+lvR@f*y^CS3;tF>1XcTM!Q?)nckq01sK)#DBRmIAW3{SHj!t@b%B zfj^<&Cj;!h%@ArClv~54XFX)V7CsR;n$ZgtZ9$hnS*UU-{*xbaVx+ zJnD+6nUTuP`&Y}07bpyJ_DcXSGu7!ZvZCH*)?zb9BI|eOIePNP&f)MS&y(%{>L%C* z;{Ue0gKYkXZm+qs|8M0<+5gp?ZtxtS{J!8;9fDF6yTUOjTeg~mP_90% zCFOLxi~s+p$`@tbS$}HIC1Kxt3ugoKbwx2y}_k8cq6Xbth zcoO@x@+H7k@qb$VW>)@h_Paaze;bdq|EVdx-OMFG4~0H?oTDw-{X|juTi&{3q|Ey_ z8D~}dT0-m_zg$>){-Y3wrn|}{|>g{B^)N)TJ+yqCFhN zWcp@9603O=ZY+IJ-J4Bi99bmEjYe8``*P>DBB)h&^PN@U+kMv1|COQc;0^_gvp7Vj zGvwZH;QX)EZ|Bbcy6xsp|KG+Vb$mXP;5=A}2ySO_=!-B1Pc{QcN@;M-9pV5*4Vz-t zu?c{hO#D;>Kgd5o?H)bWzz_H6aZiR-e@1gb(*G5)i&u=-(h4_oYgnR!mr#FNAeg#O zoQ*`oQ6}E=e{E=993npTT=<%%FLvp1D14_+8cjv}~3jW{e=i5Ts^@7+R5 z@idUDQ(U+X9uw{eu({s*)D6Qv2c*c2Bg`I8|9|%0w7YE_Ss1>b^DA(8+_$a1mb}|D zzMahLcHC({o!EYDch7llCO3yBA&Fy(UtLm8zb!hnZv7z_rs-?H$?QNuf^4(4Zc(lQFiFX8~$uHX`q zabc|h zUa~pVdTeH?hpZBRMJYi3>^X)?@%oWb1k{G~8V*dJv$!SNyCO`Nl7B7ev;D735!xdLcQ4wo?tTy)p zTyc>mQ=GqqFg-!(1J?o=e4kKlgMl5qh*ND>03%Z)@B;?@Vu2Axg{c5oEGf>!cybH| zy;@#EZ@eThSQ{ibgr-Q)cs)@J!94_b3A$%XP;!C83{8MO4I3ba`Hw6zQj`PuF^!`j z%HszL@mhvM0)d}^3=UyNgIm$97e*Nj^7vtcI+FQ$FsAL@!m&S#&@>}U+m}0lz$0q{ zO>+YW$uF+^7*8h<18<6DVj|Csp{1UkVwyeKN!^}ba;%yFkRTHSHLlS;1Pl*#1CtU{ z93>+yXOfgMCG_JMBLY8xOhOCjF+M~Ym`vk5N@Gzuf-L6f28hV`OXU$tpolCbm-$SZ z+vr0fBiDs8a9!whGkPMNCl zG7!U3DksdxEJ+Q82rd^TfbdIn6QmiW3F~M;b|vndilbz(R+mxcvmpO>-6R-n9sjq# zZQlRvAFTYpmh)8cf8uqwJYb!1{}bZ_jqWU!7sP7Yi}HgyuqHgAI77-JI#8vR@`J7jg+NsWp2d= zU$dKkR0gtqk*Fi~Z7`BLuHP3k*@FLzqub5*dGKEI%5CBSRLB4AY@6}__jb3oSNz{H z9(7aDo82_cP?|-4PW~4DBa}p5qL8~)gPK&{>H}B@4YuqpSiz2#OmH@+{>Bb?eAJ_136=kK;l<$ z1V6r^nm_M<-}?Q3ZT0{9Ze9G*|J&#O-^7pJr>%{H?Jwfzn#Y>Z)tS0_l&%<68%l8< zfHzZ|142xh0Wld3s(geAk zE0pa$g}U*-1z)z{%A14!&w2i%yu0&%duwmoJpcE$R`Fk!@-$i2C>J+dwILZ;jWP78 z1Mi?srC^G4G-+9Bh)}MyWKn>ct_eg7`ax}Qg-V_+b5=+TmbGOnf15NWI#}5lE3|lH zVqhv8V}+_4``Qb1^*rj+mi{N{X!AW2_}{Sd3)}y0?QU7|zYcd+_PC=ilE&R;2|EF1uSrYm#?*F#-4lMisoxRomU&>Rz|1q0rGUtW9b`9qtb3o5!h>x`d zVH`8*l>Q~&lg&$0wvtcshxjVLXm9@+-Ujq7{lg+TB9;}-LmtvO=kZ!-)9jtZg5~BS z@Q1wU6;V$~Xnk(fAIx z>Z3eu_dm@%KJnAd_l1hGjtJE0e|GjP`|q9oRs4sgJmUU`%_{iQFlL<3>RYZ7O^;m{ zwbn4}u1wQaw9qg^msTN^X5*^8xKgBnDY(0jjqSU2wY_Si9Tq0wiu&DSbM(efK_8rc zOqp?Vf|5R*r1=B*nN)k>m0#kB3j*P#KJin}YPU-7??iw#%R^-N)c!m|iJv`e&`1O$ zl!LcF%-(sd-HV~!Vy*K2YwwWn`)N=AS+)z>PT0vJ$lF;9+qvL4!g%%^5Dlj^N-2jIz?tNK#eGE zN^~~OC%}wHGN5tc39p=|F&L;(TR%)u4uNi0&r^U)C@f3xz%t3_{qVC9?X1=aeOum6 zTbq9U*Xoey;F+KPlka}gApA!?|G#D4|L*PYuk8Pq@@Vv*Picoo0EhTpoC2~h9Ula) z&`}DPEG9*xtB&t(GFw5)T|oM_16vI$<>$zXazBA*e){NHY_mjCN>Zph z7m0T(mS(0v!qoSq!=7i$DjI|+p(-^Ag?a8?B=G}1aSEjuzhAHdT=KS_i~NVz^jM|f z*7RuuX1WJjQ@L+&9%{yU%6qH;_%%ZlHD$zF28UP?^8%qu`yD=9!6D598Dub*KZg;F zL-MCXuA_kxAy|)L0@l}N;4`>`54hI@+dURRks1O2=40h6_zZ?ohVvdn#gUz(B67D> z_Q7QKf*bXM3=YX28~ZZ|s8{@u8U?F*Km5)E>;FVi0=y02@s`y$8h#jM`Ei_%{a(-P zv?I)@w1noX>6slyRF|x4hTI;IB7gMSi~*BNK>R#1{oB#)KS`5RKIa+%{FOtempD|eusQ|rDPV~gM<#znXL2?W-`O9Rem-{KE^o1GIR_iu z3(w-tw4sm%IpglasAPO-j{Ty%;v+8$s%dl$@JjK8FE_r9j%*?Q4-s<~*Z=R^{@;81 z2P^&0QXWhHL*}$IB@hAjy(ofMUpiI>l_~~Q5ml8>l{25?$ze)>cUT*1d3#F z?9GEAtKAAc=FH;6txk~TxXdld3Mo}dVObnSIRfxwg!3Z*X>G6Es-BWdC%2;DYur5P z(U*w;?d)-JHPu+1rJhaQis@xjp~$DyOoA?Iaa&M`?FwFQ3%q4m!7U{Jy^e4b53oA> zuf4+qOa41t$$v|EEcx$sXSQE_fqXCWAM4BG7z4n>WePy2qHkZdlj0`R-%7P}{0i0yY!>)2AjZKmRFDIt5!T{v->?fH#p%ahl@;B0X}mT+ z{TErQ7mojNxW8-J{~m6y{C}77X!QSAGNs*Ffr%CJU7P?#XF5Fsh)g^~Q3#SK1~lFY z%#`EH!c{1aJtEIf(rHc($7vqLQU2foZXrV+%5d0Qt|YWpxi6h5^sHPVdq)G@}PjB2{Hh%&)7cVc4z{PL~GcZc007L3O z4x$8Pkg@$N6m{a~(F}qyj3;y*_~AdNIA?qb-^LqcXcKTRl44EJjOB^)q9KS99EA`> zA8EW*zS=zFoMj88o+e1t2BUO3mqe3MhU*uEVvlO3dp%Q=-F%ceO?`QF_UGvpA+5*1 zoV`A~IXk^(!!GD&#X-YW*ovL?JsHX<0oNzTuTKrBuP_!dHuES(w|)#fbCmT1qgAi| zJi9*o<@M?Nm#2T8oroTJgkkcUoB%*37R#ndLS#K3Glr5ZBD#|!mSt^y3!n^)Xo%pf zw?W@!knTSKlbOkqQCfsDg}4-l%pjX4$M_EnGfG&>i_mRN%Jjhc2=YR1g4AftNL9Yo z7?k!P{d57mQ)7)kZz=lD-a^c z0%h~HN0a*jd{9Utm~cTnGoYV?Ar>GgAE~cAl<5nJH*`gsj$()(a1JN-T02JxDKf_Z zTpzr@Iz4{*{^I=g|9yXTalxs%x9wFhtA<{S0quWH-BBU^D9R(-#f82tQyVcw(RZa9 znqU7DP5coQX&Nh)KsEZGox`0yGyc=z?#lmrDUX$(fljLu$fp}skhWO93w@B$qpt13 zDEJHJP9)Veg+R-5Y#u!a9xbUNU}gQ)P}NTW3F*1%%w45lar1u)G_4KU748^SQ_Hfc zX{u!qY$&&qkr(G2e8p)c?o|Y)gAAq!M>$dwskXPMD)3R@y_gfD+#hv=O74&5#UY)> zG0T%zrf!r|?G?y~a-&!vf%odi_!n&kft^1p5! zn(@E(x3^aJKTCPE^IuMBH;29i_gx(LN^iP8?8gY*sYEZ$;B}5tkEKn#&iyRcNZlGs zQC(DkA7S7DZ=B~T{|{>wES8{{X_X9esg0ns!T$TR2eX?m7?;N>HiHJ$i?Ya^m0H()s1=W0juIpz`QWEUga3*BdDUnrg`zfqzJVeOy07I zl51S)4&u{axWp@Vr)IbKYBhV+D54r?8ma@7b?gOxOp{o6#cu9#_f;hc&W_nl zZlGE^Q+yjb_uqUyBrskEmo{R!NVzY5OFzB8uHB`d@e=PfEhs|+t0pE1hHoVc{{EAd8iuyB^|ml&A@6(bU1>D)mWF5a~?izZUN zYV^!N{E`>#4()Om^a2MJw9YB;Wt;Nh++cqy3s#>MMpaC-*5u}LuUl(KYZkALx{;>|I&tlE5MR#+rTlMX{bz3ed)Fs4izty&>0d8AYCh zb?Virzb!nU>}Jb+uks+h%utR36s!7*JV?vb6)Hs2kLBiNLqCph{ow8; z`!3H;fs->HpfZ$F;FE3XJ#vnvEc={y)ID6r#j~KM>{eMDc~(H53|dOG#32;pF-=pE zBuQQqq`Wc&6vbO8T4ER;$C$d2LxvSL zyDIwU)9V&GwiM3!#SQR>L&9b&!@mK1EQ|0ivs~*09RU=xrq6O_9X*C|iWze*hmV<^ zsS``2j%h}Y7Bn1kmi=psOyAYBfc(#n>p$z$fYsT5?CzTWp9cqftNdR}c|`s%VTksN zkE5WwG+;t}HrL8L*7NiTXeG4Utu~g>YovT>^p`|=KacnuUz^>qjX+&6+ z9K_JaImOr-kPS8!59X>+CP|%k7E7u?)nRF&4b`#QxM-pnHo}6}jawo?a zLaImRR|lZ4GaA$|!pL(c5ObxwYhn_?2^KdG)j|Sm5G#}sy8c^Wzrp{u*sfwA%N=Va z6m>Y}=pMtMm63(&oVGzqLnZdp75XptN}#}$jXjt34_^xeRQmuug(VQZtC3x@)x2$ckO%2C3husUAJ`GGNGBMCuZ91T zt;!a_-$4tSGE_Iw1fr?asG<^0xluih(wE>`a|{~dmdQW@fnBs4KS8 zI;+M*K=3<79nDggL2-6dkKDYyFmYkRZhRHg(gS#f`y zYb!?{v+^~=_6^KNuz*l}cC}aHMM0BJ6-;x)^ms2}>_1$?03{*eoyk!<&EU;AgLsVM zknrKtAb=RFuXyuCwG?I%3dL_n@D;)TQY17p9(I`{b4V3EQxkQ#xCfbEpF!w}jtyhv z=LdTp>0-|QJ=pWC3|r0l=NI7Tf`j(??UR}9pQ0;KY0Ov~H?Dl)+JccO3>8Bnyy(Ti z4b1uKf$c@QZh{j7u?Ss<7o?M;`1O#r_3~I0w*YYC@sf61N8z+DHcbQD5vKV`|IeL zt_w0t@@5%Nd+B2wB_pu4!7O2zeGgrBQN95t(5IG1(}dP7?$JcI2JXb^mF>&!EQW$I zXq8wjBRW=v1l>#seRcVVj2_l8A)C8P-#SfW9qY=et2%!fv~}907f4%!%PGKOZ{9oWONdz+(??`w2*_SBTxa)X#I6b!3k?4?Ei82$!{Z zN!cH^Z|6LsXKp)2O?Ytd>tv)Z|2P8lrtN5RGlL`eaeIq4x0!9e-1`kp&o;LUtFFzT zz?;)Ir4`Q4FaO+msaBv!j3DI$=olLAI{BINz;nuYy z3>i0nx_P;Iv-xWC&F1f-tycuHQ7YQJj5cqg%~#Rpn`ra*NS2LAVIAct0k;oi3-K~r zJA0(i>Bkf$gpua2clY2yPqzb+%g8h*VMD|F&~tERfuF+>VkWMFBi$u>lBjP6OZLzGSY9J^zk(R&{j5``r&74(;5Z{X};u&TVr z>^CiLs=v0T_1k>r*Z-TL`^#?uYV`kyJNst*w}aiomHqEh9!+yrkcVqNxj-b&=!ESy zmdtl?EnxMj)5`(f#YiTQ@K~sQ4!u?&XnlmOgJqIO)d)mfnnw@NxsNp zG(7={^2 z83giIV;qZWZIGl**jU=yk`u8pmrk`SX~L7I-)ir=zUC#&{bjM?9WJ3ll@Bu<;T$G1 zD3tQ1{2D|lWJymJfD(&*VOMJvXJjLUvnYVJHgj!;;wdvZTyJ;cu!?WcG|2}M7V%Q# z(lUm^vj#^i!f^Fm<5iv_f~JE|p?E!)J^D~~Qc8MfL*N7cl4k5+u?lFsgbDN$9`r#E zBs2Cg@Dt!;9F2%j$cEG<6q*ZW&fAElD)@$(xirYl)Zw)-%YB9xXMig0DXM!ZFu0h( zEQ>;Jtg2j(Ia;?u?HWz!>JSB0w^fExU{Eneg^xR?(KzlQm_(y-P6|#_h7^tH!Br6c zFozkKkj5PTKwQ6Do?`Oz3r+w&xHx=+bGH3>GrGi zG$Q0qRcf&Q8JM=SZS5>yls@uB_4WR+@zjSKP;gv$UmLEa#@4Th)aif3Q5E`s5lQ(Iq+?c=S+<=I}B6`JaS z)q$z#vC$RJEr@kNY7D2unW=v4fRGT-hDP+UC<#5VONFzhC$!ZW9gO8BTZ+*dmj=~) zqpN9>M-#|>Mm$a8^!`W!lrX53DLiVVSlMp-Y#zHX{(dy-lrNdyNmx(DmA@U+q1_t=%QAt4n^ z^}V0u)T-k)N-?p zJ++CmKTl3Q0oFVYL~FX$6MyNMn3gT_iX&EE+MXYV5|?sTpMrdYaIU3~Bw}VZO^Otg z5eBy~@TV9OVU)<6IRe2L-6s?Pqt>@@h%yN9eUt~|C>fD5euDBb%)k`Gj798w4RcH< zM~|jR#ITd!F8+QF0zV}sUCDII8C_snpt+9eQsr8N{o5E`ADqmYk-UmN=+N67?~Twc zPX1=StBc3bVoy{Z7ZnJ%*%ov~SSf!it6ZPn(1fuq>%3}P=hutBpPyc}tMl^sjqS}*i0NHmwoB354WG+r#{$=i;C zHwkefthM=?pPh+`xiIcczl0IZL(mCze}~ueUos-mwU49wx@OlVfv~WEt|ekHMj}h?TGKe8rk+<($TG-9n0a8b;(I`|>_coS&0bV>k^_+qJ zv^9csr;ATOtfkGrsw81|y}#>~|0}z=`0DwHEbk7*@g#dYKQl^p+qEAdS6fMZq`!jB z^eqi%)W!(iPs`o>LK!dGa!FhB>Fx9najVw18N7D~97%Ma-uqx$ zzEd8ez1TzU3AN)an_|-7DsEXvVqUqDSbdWXrnDH8hKh8YWr3b4y7)T6xrO94HwOtM z*Q$lrci&?%P+IJJHUwZ2UdlyPT!(#u&wY8|3k5QMK3yqsT~6-*ej zmhSc{Q3uNqzQX>i|I#tF03|ZL4NW0(&UU|y?3Nvc)0PH}cfi)G-iGEV#`YM6a$`{eNiIYAtU;hq zNG9QvE>aJof*w1IU5S43Y()MQ{cPp(QR@i_Bkz3G(7aHqQHtdT!>K{UsEJkZ=k)Y< zf7a#Roj(M)=VU7jK^#Kig7CvR+{)X_ z`vvhJ#=ZUA-P^}y#JFA;=$MxL!bNgKfw>4%^*&n6azQ8AnMx0Hv0bcU9=*>9`2R$g zgTB%6N0iffhtkI4HH=;MH-s+bnF#ZiZIw~={*C&lw_37ahXd4KPZZ_HhF_ z(7M64R9R{9MRo`U#aeUGk&2_-hM2qI6-reJu?p)Yc#kQ(TWMa*cywNgaU|Z23RKuz zV=a!U47_ZtbnEO2(JSJ_P^HifKd@K_0hx@~n~NI|maLK`@WUJSv-wP+6wODXEnzw> zwCoA`MDWW#Ctr-~m7(9AER0)s;m>q1JDSJybZA^XXw)?lCC3dJl-to#ho)Q>7n3)` zr(pT&Bk&V?H#3Q`?TY1sWbyJ7t;mZh4Y(M6XC5E~Eg+Wi4$&540*gygTVmw9Vl?vT zAioj*_!1sB7uU*R?}I9fZ0?fL?=6AzZ4gysJ{5|Nr=c45V%Jh(REm;{_uTJ;WkWT* ztW0a4fpnBZQEeiu%S?ReA5MgiW&;*wY^)aF#W+ePHV6$01slaqW?V0+vr$CAD;&~Q zWDhIH;H4=PYBoW?Fb3S)USWst$2qZuIt}`Y$RjCl#v9FEI`T~WJ$3Piy7SmL#Nj_f z5$cF9Y0E5ym{zEjsO4wMO`+J9ig>h=i$3m1L8d7^L%+l(9kJH-B|5mJIeiP!t2%?R5-ml_#+EzrNsLt_74(v`+ z8;?pqe_e^Tp31PcCRnD`4!sSJ)FHyQJ3nRDwHjNb<&+Tq{$i-)wR_3JGh+$VZA+Sm zaBH7OnPx;OGQ;^+l5a>nAWSfL+hN&HOzOIS`Do)<;`5t%C^}lR<#gl^%u%vDM1DW} zxa;-ph=<({QpdShNlLzAl7rIhFSTu3gd&m$==nuRK4IkCiE0?Gl>L-5rXp3WA_=(` zlNA4d3;TEUin7y%x0YX1ZPk~|g~tIbUjN{{t4bs*jMdJHl5-5N-1IZ7QZe`0KVjG_ zrC}9OsR9q6o&qEAvfqIj$8D#ha~N>wUs2wLqvwzPUohd`0$t-jSDvo7TZ2HIoh^X+ z7*H=53;@w;!mmnsx&Jdr(W~0`l096~w*Uk*W%T=@cXpuSt#mivG(&)zOtSu@n4S{D zYj!4ugj0WJh53GUUr$N^Pl7=kw>&+(oyf5Hje|NjQ;DapkzI{tT=7fy&VL8p$#`Tz ztl{5Ta_!ISwa*}=5) zdBMgA4Gp5wSIbOGnhZ%Xp&@%Ca#%Fk!udGH&bI!sMYVQmVR%6VL~kWB2Dv;AiYf(q zzneM?gIJH|J^{mvHK`B}55Wq2y==yu*)*jz+lQ0U}qnkx)=vq_~ue zcFb9jUuo{^@da#WigoDF6+r?+zW zbt&Vm^#<8(t-!XvQO+CWH)5{=iSMg$IW~J$U%MYUh7*(y|HC03&R{NG1e6505I#_# z)@XSjeW29>tWHm9U?@=pf#5eP^uTG&!|#;yOwPHgsQxEtVx%XWT;s{CpUjnzhy8vD^ppCZ1a+?3f( zbs)bpd!=MDcURF|hfe*wt-VzhWM6Q4Xm2 zY|M3ix2?*u;2MoOm^((JrC!|H^VE-Co!x~z6@=x4*J$M`bmkFxK^dDiOJ6Evh*2gb>y>V3_^OBWf5l4X3BC&Kp1SFk7YH{Y=Axx!vuKS}bOwU|| z8wH}n&#>Mf_`-V}0L|pJ%+?v^zts~TR=%7Tr9u$mQ{Py&*W{z6_02_w7q}oM4}0zB zjd%jTKm@vey#3?KoctSGwUA-6as%jW?=j2IBKQyrXb+WCFI3v;@8KlQBo_;;#OyfR zb@zRr$RPK<5_)m{b}B(5kukcm0_bh`d&T`}?iQ@Ji<4<&xJ3eaWBPnsx6L(tREpj; zwZX79WRduJ4u6?AgTwIYb#cJ)@_It9$`)j$+;18e?EQubw*daX?H;iOS33(6pa|>l zUKz})2DgIN#T<;Sz(I(Kyk#`4zUm9F&|bIq9CuW_Y%eMmO9gE;#+IwTYT6Zo(wpjq3KSMhqK9LkAz9Pf>`7sR6q( z5~Z+axDSre#1e;W(`R&lRF+{;E*Qk}dCJOOw? zVx0tu4uhu5B7dZ$=GG!a&t^B%&{VI-B(eNVGR*1i(8Z%PTi6Ira{X;gwnGAP3kdXs z=~B&Sfh7l-7-s=q8(~ybx7K@&xy#?19KMH98rT;SKZ1oTbFDRY-{%5O-o6vjy0%zlG+3z` z=jVO^H-^bq%5K&0hQ z4Qx#~X>B`6)4Du|70E_1NQtVe?UBC&s512rAc`sK{or_5(>G}|JA05OEP9+SiPH*%nY zAJF^I*rW--`<32H=j4!89P(4Yw|ys#iZCJ-CQGfyd!k{&a&6mogenz%t$qE;s;w0l zY^%bUtY6T@8TeNWfibS4xarHoz)8SKf4?b z^6e|e%T%k25S&f+!ezGl5CnbLb4EB4QR^twA?8_H&xWyh#L{-yt7C z1-|eM@gMiFkCJa(EQhkQXiB&M&`!1Xmdq{u#TU6execF_geUjN~BKKxU< zRjl1vb9L=Z>Vws&Vf?aPesmYrK8dXC=mi8ogSd(#CmtNLhY<((Ylrq+2u87S22RYv z5h;Bwb8@y_UnD1sf;)5e^`QU{uAiXZR{a8RXCra?d=sGgpv}^;Q{noV>f+`2fod3i z#(P(ur?ah2z%S$=wF6?F-1^Z_vrT znD^v`4Dh5coeAVU4@tbO^An`?FlzsrPvkFv3!(BgL$VeJTXFKhf-sma=_{CyO4e#D1m=dPt<3@6l9+o?cmm21o`7qXxM&J%U z@w<=r(U`W&|bV|p;U^+ zyYD*r?i75Kc5<*W4wUZany{9r@!9LRDoZ98KujDWSm`raA_x>JFdr7+Dt_&c;hn?i z3H57<>nre}rDT|WIh|xCwM{w(4~&q^q;D-nwGt)UMzs+|+uq`8%tB!K-pwzpm1;Jn5^nNyBfD+Yn zmYP5x(CP;YNz}8Bd@_@1mQ0Eiiy zH+)J<;H6tXqiSFrf@)#MN8tuEXA2Ry53O_SZ02y=H8{xszICm^llpIcYA^m+fw|1L zZlH@@t^G0lvieLId12X&@s-(wRuZRgmA?WjT&e@prAi`OF}xmPlKQKy_={TG$*UH_ z4$ZGxC+a*8^+|0~$!!54Wm$*s&iX=L>4Qr6sUHq^^Q^C8nc<8v$pH`D;T^F?`#W}Y}@{+&Ko77 zxgB89_?9MK)Mp|opbgTwOn{(}r0Wy1_d%EbOQco%FGQrXMA07_S@><1A4}mwJ1tBW z&Tp#6-H=zHM8CJ*rndj;@2k(;|LSjxd5|J!P3~+^hj<>-*2!OQrH7UOkLwIwb}t_w zoWLY5ViVq+0i->yRJDQMLy0Unjn1?@IdbZ&q+c5gju~aaCZ#~^fXms$0|T-414?ED z3q@H?k79mOA4G{pX<7;jmwHKAAe{~Tukd<)YMi}H^CF78{{SdUCnoP)dq|!pmN2Pw z9$fQajWt_lB0-g}Pzs4o#s&XKsyFOx{YQKR2X-FDEn{oe%43Ee?E$HKJhvDoIcF~| zjdK`ErTn0&Q3akr)XLo}xYYq}_4@bGL~ZXcel}2mZ8!j%{vy^>MnZi4I9h%3II?do z^T9pg(CK#gI(u55ciQ_9tHouunZV`yWMxw?=*#B zht&V@DI$^c6hdDMOVUy~9)4J~U19_#U)usJ7$h8y*i zxaLI_;No9`$H^uskA70iiIl8;r-331^EASv-i*>w?^$WG8k8t)EYrfR_K=Hlm2OXx zDbhmxawJiz?;Gb@OJS|pp0>(tUJF+q^1F%(vjk}QvsM06Ae-b6{Y)Y-T^wxur-uDD z!bzezot*T}FzcgG2$O^oifsnx8bYg6Fr`DRKw&mLhSh|(DW;wZ;R5Z`Xhg5QRF&Y^ z=9#*twMLO+l*hnL`Q0NYty5wl$Fx4LFS&t3w&k_CQuBP|9QJBt22Yf&?~{OTz5d?y z#zn8edr1*HsQfIBQG|cRZA|W5cu)AE(~;dUmsiNqQ}2kZ>Ug#9R~b@kyRj%iSdvV& zHGIjGNZVx#)Ftc>td+QohaHtinIN>A&!}PbgW&bzmi>m_GqBxFwTa76@65o3a4BEK3Iy4Htf($zo17MLF1Yuwa)eHhtKM(%EcZ^^++<;Yb{3q@-B< z^tcO(Gq*#l&CqnZ3xtw+2ordN^fxRiA^BPmT865$TXYH?6WlKgbgA5A`7#Q9k$L4R=8U{-$Vi-Ca*RPBdsmztFC@^=Mw?D6j3_lL>i%# zP#ir6VTb1$s!e6~_Gf2=z;eGVZz(7ZsvHY*x$7HuavDbA&8%?<|8y9UC;b60P;b&vpVH zun0a;rm2)PJA&T6wcD87wGABQ;XE&Rh_@=H_mS*>4d*QhRBUP`q~>%TjKRuzmxu5a z_DNQdeI=YkYF4#n9<_U;_cw@t8dCkhM0syR_p?};Opn#cc30zqo7{@mUes24-tFXQ z{e;W^bJlA`pgxVdybf|Cyvz4$Lj!vcGahc)sS^DA>`U3D_dJopR8(Lc7>$b5ELvD5 z%yxf1jWQJX%a^BF-!;Lt{hG|{^F5=44ef&SF{ zLY5l_x~a&Fs><^~fXDD??#H8QHMO9A8Al|YGeb%_EoGL}6PLAyFHZ**3~q(pn!_I! z>w4W7>+hQ1XXW{@ouwq}pIzoqIGvDgEV8As#r$norKf^&RxXi_G?pTfG9v{RmYvKx zoU3O~i(7;nteJ{hroN=Dhnk+YD@h=EoN04kl7pp=I@8*?rz_|_JCeB{ikJWDir)Ml z8vvefZ;vl;&48efllM9KBycCHg@R~qRK=s6(pAe`D9F_~rT_4qC7qM^> zxLizII?zqMlsq%l)8YQBkY3edd3uZy zyk|BBZulM_gIMENH=h9ponFA+?kla2l@j6cDS?C3wJv+9V%W}$*_6sQ#ea?Ba48tp zD(O2b&2=9zHmGQ+F5PK_X0bN?pF47}hMgd9rT5;?t*fO^kVanP=M3ArflHv4?8aDa zVg#Pr&h6zt`#QF_$!?IQa$>{m=S{6As0q*x)^&}>7j}VdidrW2w!Q1yP+9-7JY7j1 z{0T&^|M(#{Qej@({QTUR`@C7MtpJ&9fxcW-^nk8>E@u3ntG*eXp?3rxZ-e5j9B?37 ztwA@Ar26jw8~+xt>ChFJKS_H`mj!`}`UEHp+zDhs!`5|cJ=%*m> z^8UwQ$rlL!$;CP&w9WI)Phj4k8Ng&+Gcf`r&k5-1Ivp2uv+G&{G8jKN1eFm)LePp& ze&>q|?lC_570x(IhBgDJE`rk`bUw}2G z1vKjt{nNXzx^-S_hXbBzE63=%?hBSY+5GlMsYYnOWICN)G@BI94VNAjajy(KR4Q6+ z(Txa%Iif3QKULM+U$^s*Pf@e!1iT3Z(4g)w;I_V=n1Ow-=w8a7;9Q73CLq|$eg(`| zy8LZvjxT_La9{+xQ8CIKk1?yRUc;DQ+=G9f4^y(c|h`&=bhxnK;dxKU9+IfN9p z5=%JQ$Plgs$SAs%-K=)eH}&wV;_)ui53OYPW$O#7@vrec6?;yw^Lf`)1fjRKD!=vm zw>PyEfhK&o-vCr}Uh3v-I)772E)~!_=nl9gCWo)Y7;$H2!y|L`>(mPWUdcEhnH2eA z+1u)kx@Rg&oz5?pGo+nJ4#{B@%q~*tKwPnXIuDhnSn&Tfjd4vazWnN&^-c}jcf_5* zrcMGox%G!3eH^{oBTr2C@8N4$vPCFqM>G5MAVWjULfbXc{d~pTOL9gK)^r-r5!c@) z+j)yAH*wi}7UJL;is)nvI)T-uT&{JhbDQEmi=cY4?4c1#(LsxV%`EOjf1(tDgmDMr8qWNiDZnUVOudJ+VN@7Zx)*w;48IZs8NGxL554&>Ho zxEm>_+^4lP78{Cy8p=Naxo^*?ix8eq`BCrbpq1%81+crFdcU_3(dh52B=)b@d7roY z-b=Yr`(W!hiuk^}vcULt-sn=Y59wCdX*ap?9jj=XtYj{R^k~d4OW|ti`Wkq}l=}4l z7eNvRJAjmy?0S)5-AXrTM?(BWmkvuGU*izpYQ;9DuYGX%T!9uUov|{4l}eyp`N^Q$ zW6mv{U|$qf%D`4fz(+{HUEu_y>Lycbhj5aNn!Q5frbLJ`H5+SZwD_oN_%QQwUEjVz zv9Y-O%(q(G8we3v)qEc<_!HrSKNAZJAL#eVB)PB{Xl9DbwX(RWp#JAkc{B08iI_F zBK!9(rx8=s53MW3C&oSVlgLU6=^Jav>TG9YZ*$kN=Sa84wb>xd1LMjUVS(g`6Uho> zXey`hEB+Cr`4gVnjB-+@UFDV zmQ(d`hW4Gaq?>Fb_zdl{+g`C>g!I%%#K;6VWP?4TWg>dQ&@n3E7q}sWgOX?jK|Gry|FDtVv2`}ux zA}jEp-5gG&ej@;;AI6FsN5OXY`! z;~~E`>STWaw0i++oNdLw@*go1L|6@rwy?nBW~cd%uGunv+t-y~4(H~={y10EVfwd) z+?E};DDKV$AM9F>onfxTkI_st=d&k4g=_nvetl3PG#3a21Wq&kXVO;&Hqm>j@6ANM zSXzD6(docLCB?4y&@>^24{P$G(6c+cVCW@z-xlznN6?74RnvIc5dMB#2$I?rOrRzo zwD#-kc<-$VGhzl#!~oe&=1#>h%^~yGq#1h~j@R^Dd+@WGSYFb69>3yPMIM;br_ zUdub$rS&tip>`mHV?kkmyP_&Go{Aq~Q+Oa0`eu+K+2FwVZSfLQMJoS1^dg^%{k+_b zuyznMN_mS%DqgaBDp6>f)X879Mus2D(La#4XlnAxUMBs4?lrFX;79Xz?HQ;Syiw7c zx5x+WdliN~^nRT0p5=fV(T(y!XSUs9`9_u_J)Z@56viqa%>sc<~&Fi?bnklEqXL*?5Ac z;ei}(#Lc(SCUhyWHZjtclc`UK_C_Uh1CQ-yeA{W)K66CnKz9hsn6E3lvTK5QtI7|h zCeKrkYS!Z|JdF->riqa|(EFR|(b?cunB5`FvKSuqyiRV5RKnHYG=g@c6jpJP!bo<5zIWV*SZ^SR_Z%0>XZ+h@2OXUT$63e;pMZ+3wI8;6ZX(3Xhq7Kr6&?iw(yju7(A zjjbG3LuV{y33!@&s(+z*xMC<#K;FXq7N`~?qbOFO?JSPmYGR4Z)$v!xGT1$pY?K3; z(n5i2TajEv%?)+z&*RYqSK>LOs0@E%@=xy}T$*Om(&u_Yv@9h3uPcm4LRb)AwDAP^X9MuLt6mdi8 z`yX4N4vMp6QhSk`oJJ6PRS@$I20ObEVJSu)5@*I!*xiCnSmn6oyHd+CXOH|SYpg&0 z_6l#2>%M^0zT{3)B76|^bbLtmCm0OGnZafGMw@a$Ad?U@GB|SlGOM`88pmGCF~c)| zU|3qFy*Nq|)x4?;R926Rd?%Cd{NU&qyRNUdW*K;AdR*1l`IQy@&0MSMmmcyS3lfEv zJX2ftyQx3&rDI602x}}Jvtb*NM&=&E2|FT1FF1fJwGO)^$@k0_ngOwcHS|tzn9yeO zwyo}QQ~6t#kpSF~KE?=(HeW%_HXd_3UZn#q-|&v{Vw!`d@%*IFw|MBBv~#T^nOQlr z!gX!iyr?oeqCrF@H!*ACKIjWb1t=3{{`!eKqsBJ));2VUWKjoFfMIp>l%Z7~Q0|}s zaGPN~^L@H53Zt})yfnxVIf~_3EcsMYxqqBw6)xuH}nFfD3+<=ePw#% zeKRxtPs`I}W+I4h;e6S2c6d`o1PP`uc{qNmE{7=S{FS{)pJYR)WYwcdj{Qr!+s6t0c-v^YQm*tOxI$agJ}1rY zsMLkrIv7$k75y>4woRe1lM&YqFWeCzGW^%~IO|~3!CNt+aiEn?peg}+S)Dn3>b?H!NT_; z%%o1UsHL}~T<=jQ(S(~%_)Ewesy`A80PH=m+3DcCeUit>7N>5F=1*X2!;D>8#gW0k5+V8m|Cr6x&Q;djwjX;-S+3Qq_ammLvztp@eO z#fV@tKsrTnO=`%XcDXZa3KN@nYH+@6^KmSCvxq!%;A3O{pT}Oka0U?WJ3+p?>}?G1`2j%pb?2$oTjy=ZO1J}_b)*&?aeI zC+^e16ylo=sHqc7dt|{Ccn>Kb8Kd}U{<-e7OQ*9v7WiuTKS%26eYRJmTzK~ zgpu_tk-H9`vy4?rX^VODRmTS!dIYE?HG$Y2JEYdmsC@!C{gVsakiBo}!c%0l0x8?X ziaj?pA}NDM*R)C&kK&f5sx4knU`G6E&~DN(|E-kQEte&LgR{}74B7AcUdvtx$3@TJ z##Sa^GE72&h+_OVJ7)G5`#ABk)j4YC%Y&Ulr_iB8>s@Jb)xY-~jvX=n z_H7jn#tyqtd$0e6kSO$<>=s@mJ6r{)j=&dtC~P-{1Rd;r4K5>uQCIPU4d5LQ>lgnQ zxKM4vo*)x#mu`;3UGq!2D%}W%Fd++>ycG6$<>z)fyqXMNeMl-cN11QLM&CfTDK;Oj zGa~SQ-x^;V*4Hy@)8de9c3!yCta;rhwc_U0Dn&>)gsvp%HX zsC}7#{#u@yV%@5b$5M4r#BKHs`w(G(JI0!Q4MH^6M`Dw;xM7sIBwexf!^okSY%Laz zf7|y(j3myCKR#>beg7^0YDRN5vU<_LEFQ6nxKW1f|s}ePx2dOPSEFUi&0Hj@|WfDggJ~jH_}b7lnD|scfR_;dMm5YR0iH7MI>uqSejcn;fwGiUOXn|B^yfhIwRqfc8Ob z`Vk2Oo^4HfBF_4`!*>NjLkGv(?I`+!yDXYY;5!+4brDLmEtU)>4f$k@41uTn{LPdA z*Gaf%y1mgwaO&HgJ)vxM?*5CqtKetmo4j1h6fJ#B+;uI)l@^bz#rKLjB8G;geMJGR z<0244WY!G+-~HE}=eE}B_uj4l_~!BA1(3NpKHWdq@-oHMB~cIM5!_v`(mGj+Lk0Ja zQk~b?BuD(0-wZ6WBhnrCLlR7Xwt|rar&(qnSK%EPXgx7v4VB6t-o$&}P})0k1&{F0 zV7XatcEdC>KJ356>&fBbuHDFJ?YYXOd#Gph+I|y|ZQ#ePC`l&a`d8f?CCkGs_DQfu z;@?+Xs4!VDT{_%FG6j`R*xWd&Z78BCWfkQg5b@eI|NEm8=oY-*r#ZnA(s_987{sgzwQcwqm90uW4cR+# zGbe~P_owsPNptT?>TV(S-16|DdHhH2k@y|Dm{smW-f)IVW-``QYbgxY-sU#dvgrY} zn@{rAvj2^rx1tmR|j%iGZR5O3ON4rnLy^r7MO3*rR zSKVpq)wB8+s1?|na(Y3!#JWU!=4bg2q4ZY|=-d)m2rXp6##TL3 zrbdd2q-Jj0Xy&!-M*~-Z0t8KzY1ZR49OoZ)X4t!&o$462rtZ}1Iv+|(vH1gQ!5?R; z?gLgzRB^aJm$@GqJP&Ul-`aUA&x60UvoP^18S75|sZ` z>UuhQS3|zpeHfI;WXIyxmc@%Xc@?`ItjLHxm8N!a+?6>=0rw~dsj7C8s z^KjEt(?A+l{jMnS62=%~3u+R}m5e&atyDK2 zzJy*#6HIl*)2US|>kkh|Year}$u5cxoB=F$-0vIs650^HECE+A1E@7xI_J@}BJO`d zhQjLsY-3~QcjV7)&r0tzpId`kA9W?d*&hH2`p5WuH)V0YnBZ}X6J~oDey^HTD0>sZ zWi$kM!iZt;xJlqo;kUX?$o?1sgA6#N#h6O9$v;SOW#Cs{|L_dczhrM+=w{}bnv7ipSjbaXgPMi%j?=#otJ zTLV>_?TY1-pn)w?5MIkL?25sBaNrvKwYT9_IxQ)C)c&6)zhR0<*B7`5dz?ZEMTxqv zxUPnarAPl_rR^?`zc|q;+wwXhK?t~27s^@|&tF1jM*UU3aVvy=V z*0l$9hf=@X#s6nD|Ge3#0h;UtuD>@Pj}_&jP*1J7AtNFZ6gloMG~Hc^b=3?G4g!4E zXM=ponw>m;7`Kn>-a1PY)nFjdg}{#URpG!cy<%7liZKMbnq=SSoA<{eoA!LL-XgWC zqtV|(r2_dic-s-qZq%seP2as|)5LK&X?a!6;uymxgb68jgRqDE-d%p8S_u z{g>2+Zs(&u4W|W7Y^Z-Z(Yf-$4(6LKFR;;L{S_xU+S&&W&1}5x#evR4TbWRC!R#4o zOiWxqQ{yfF2-|y%(Z-FtSZ^X~;SjvPaEARCSIgTCmB;m|jku#l0cI}te`_8O(mSqn z=SM({ijsx3{kkFYR4!#8cwbZ0*KYBee1O;SIB%J^I~jq6A>yG?>wlWM=rZT0>HI@D zutqnPC}aPW%F*_PARhKO_iyQBj?2}+`ql_Tds7rt6xr>_VZJ5r_mRt5Qe31gwAf{t z&hLd<2B?#4(iXAtaky7P#h3VyF>_68Z` z+*5tzw`Un}1D}`E?ZBzbO-=h?+1vIbKXcZ3ttSR~vuxxA*XS(!->*LQY!#ML7gSkL zquy7=vwjB$M+(3SMW{KV+Illwa*rJ@z<&y&@fEv00SKGe$3LSP(EKN>AM>NVTN*xq zYeQJ9_rv|<=(shvWw}Ok;~MmjRIB>48Tj;gf4uZ-XGa?Fj&fE7I{$QQ6Hv^ZVB7QWlY4(TzWp@CTObdlL3`SlZh98g+z;AC3F|O475(V>< zQxi4iBa~rd!Xkc|XG;>PC?onR5>#H@DLtHi)?2N%Jn`4IXE+rE15S90+w>40n|c_~ zEpX2X0&e*f%Bp*q7k83x^f&zR5wa+5WM-G9quD}YQ495yU`ED)h;^?n*Bd@Q7Xu#} zKo%H8s!VmAUlin~gfi1uK>;UPbIGio_@EaK!rr_J{n(iX=H-H{ypR5~V;z8gXD%>; zbj;RY7higdn3M~F`$)0~d1X5hsRb$)_m+{b;6Gj;IC zkJ_OZLY>MSjprgQ_Rky-K$2ToB7>EtcOhmVk=T^=>sq)>G!j6Qg6D$H+e$0S`Ez-6 z7S_|$U709P#bmI^dxqJpRfB8J&N9C8bsnrjQwCcH_~VPvv@2DU8elKGi?>%Ea7QdEsdZUfToLGID3ljE6?Al$3n~#nIZR;n z7UWuV;a`=?+2i9WaJ!>kTu7NMNJUjvb9Pz`$685c@#DoQUFmVbb-$t+ahx*4eZB|c z?SWFv=)trl`V+eHdvETR7O=NOmhSf7IzDoOyjqh0tS}N@-p<$_a}eCDfNvT&JsUa zBtUvFIT4?LCvP;cUI=J!1Q||S90F*u*RL?ui0IBLa-oW-6WI_vNS;C{dtzSMWhdcz zJ&rhVmZ36_@Ojvw#3Je0CyLE*UIcQO1El6uRv>A8@O9>BwEyo&CshvpnNMAdM+wNU zgHoslAGP-BkIku|Mgy_c096ZuD!sm{n~?Jl(0?i6`JZ9nDPl*$ksq@3xIZ?p>!@>5 zEFhBXOr*$Y{#Dp_>T>R+OZohpxQkAO=L0}x1VvK9ky!0MSoM6Ju_kIJ#x_^1Y@pU0 z8GTBDPnd;SoXD6CIn!S%AN2nHi%S#x6xR?=S_Uy5dw=aUF;9o(hdrH12955^_ZAV> zxqhyT7cRvNS%qivufp=&Ykw(8A?=zDM;pG%+EGDK34^IqX5r}KqAh{qVCM+SAY2PG zbKh}Ev|mTmC;_c83KC2Bn}ErE9O4W^r24$rL`D=NTj%JJCH(8|SW1rLcoxo?JZSU+ z6dyQ87w8uP+2Zh{>|Mn<3YJtNc_IgN>jm5`3hBP$IMuNqJiI4d8%;~bsq;*mmHA-= zZ;Q34M6sH`NsEio1|j*a4^$OYzNg0Z8H@t;=*{^aQ??^pmMivjZj2(X<5EZE#DCmoc{7>k+V8a=pU!?2Y^{ZUSJkB`t(Ugn;rj7S=uFY{l9rE=#fUO5iC zaeGQ$wv#nRv7L34m;FL%_+0%I;iNOZUE(sET`cwf1a4hwps1czLQUjYO z+pym|il~yhF{YI11HD=tt&PGVa@BC78NQ_D9jfO6bc(Ql!3qWswnh1GqQ{osZH{=p zs%Pj`8MV>Ztx?AswmY3j2@_Lvlb*l>Mp_7Ez2N_%Qzb7x#5VPg0EXkm7l4;8ukwdI z3?0K@3pqh+n9D&u?h+)bobYO}dxd-4R2QH$wxt5mbqn#?t0NKmTbIj)8V15Hyh435 z{s*>mVI&O3eCA7Mb^pyXr}>vR)ux06n8n;x5ZSfvlZlYf2J>5QT+|$((dNsa##2>+ zKggPZS^yITR-@_@D(q&kwjhLDD0mOduUI5pG#xzfn$G2#YO4W&U8avhMR*MuU;1ku zq;Ej2f-WiH_Xqe3sQqZD#3r{RLxAwFnQ$l}lyPFdYF9J4?uj4K3Y#`sA_DOzyG!A) zi1F(G0M$S$zw3eZHFaFAoSBedhG} zB8eZUMvejt{Dd6U0?#@- z3?GhTwMhY;4$WkWbH~^;VC@?{E$P2$%tr5mDX&p+5Y*}a4i2pRZ-)n~``@KJbm6~( zIZ!PWDQCF=@i$k=fG?89i6&KHpx==+AW9Z!HL(9J?@43syoSSnrdX1my`)y8MZ{9o z3@Pks#OjTI2LYaDT925SCN}7jJPfouT;N3?m7Zaz)uSEkK&|4`dZ`PkENq4fq+Io- z+h4kSVPeF`vDy@~1VwcqsTtVMQTT!yx)os*qQrr})oAU-7Y&*~CL6d+hTVN~a3{mq zA1R>;GB`tbF!X>2Kc+++@+<>mW}-}6r?uxAC^DBn;EM6`IBM+&hIi}^J}CWC8uBPN zGxKwJ2hEVOVx=fuyn_#O_mHhtY8V|QRg1&DCa5)Bi~egX<1@(7|G_AEbcu7}^S^;C zSSSDO?3n(a2m5=g`@f|;?0{F+b~oamb#BfS5sotfl_!3?lYG!bqO8QJgIl-A5wWMq zX&6@BxCyaBX(#tHYJeHjkTZs@JxdZ_TDsCkyad;ubr8bZ-Un|de%i>`z66J^WSG@6 z|I?QKQxpA`8o)aGzi<109&D}je@l5-N(S!t*$wGuUcn0x{AU2f{w<6#BmL}eLG?NK zX8`y~f^ymdFQ~k*ONa6(QO^+Zy~*)m_iK(rgKFoTVHH8o@qu|Xy=0&5(}ho5d91}3 z0A=9k0!quHhT>Ioz>qSP$BK<4M@^g~WOYO+@v{f@FqxHkZmI2+cVpe<;YVFy9Uhdq z61c3g3%}C1gFojqR@xop2uJykJb8}y)Xuin^q*dlZoc=!Fk;SA$HlHIISXp&|L)eI z$^Rd2@2}#2E#=|#pIvuy`=V$^LXhKcJJ&^E2PhlpFGT;o7Z}~lh37AadJW69eqnf_cPGco8 z?`vKv@^!m}R)(r>6r)=|9{6GS#+od>!S`h3FwFHa_vjqQw}WXC&0vP%ARlh}ag6T! z48wjz&Req+Wd;e)jQxC*`EVHBb-kZ+2DagT?r7UCxEIAx%()j`U2eV?8*a181$JX$ z&}e~i#0OC_${@xAa^hzR%po2`NF3-q?i|L!7?K_9(fn*KX7L;5WmZr7XI}mmB?;O-@ht|8riMK^#9 zz|TvNBUe-c0`dk^mdoED!ji)?%$F#>6cYt;`p&?bX_PM=rIjy6odku@RYSfv?X6B} z&?rFLx9zO#@HV8N?aRvg^c<|yxG?lb;Vo=i`kT|kDo07q|1LpN>2?!Ti{cK16<9o) zjq=9ek}FWxz|amDbK~fSoQo!%5QQCGkZ^bha!~M_ykMlPEb?$P!&>ZUI0o>FCyataeL<>vE4bwVPIFl`b+Z?Km2ZsrQ7R zP~EJlsnvQ?u`{JJlPJQMoTys5D=RD~RwBv#&%FG9n+w2d{(pOGchAiKzjwIO|1Rgz z`2Vgh02v#-*bQJ)5dZ*F2oQ9by>EE8XQSLP``^}(!xc2Kg)N7Rrn~Jp+C)ukV#p!% ztFz$7$eeT%Px1d_@86f(xUofH{QS+Qz^|k1NdAe`U7n*oo^upg&S=J#Rg#iSc6KTO zyFn6hv(W=IC2Nv=wO`|_I_Kr~lYE7118DSx6h+$!yQU@^h-NUo6s}|Q=fzd?rmNbc z#t_}g`~j^L1ge*2D4_SagtJFiwIQ3WN7sG~SdL*_t4SE{TnS*^7JcB;t;H0X0Hn?< zza5KO%}#5Y0z}@RYBnKn-|?d1{3W2)hILD=n)};OIvi$6t=l261cEk=8+EJqTxsW) zt*r7`4p#n@&NZnT(tNwp>)%B*w8TPnHY;_Z>UGshM7_6Z0>R0lA?rP8j0{z()y-8B z9CS{N**!8^ZWf^Ns68SPumMK@gX9A0DX`K3^-q02BT&C+N($5id{kbb)ltXPK;6R0 z4)loabA)dBfg19nDT3wlH(7!jljO8>NApskNTN6?0L0pWp)o71T z%GLz(4o}Oi8CWpm+4ny_mYoTBc67@pkO2L`SdAbS&K71lAKJz8Q9ld%|I~lE5`9Lp z5gzaS7)$H^N1Xc}!Ity?-RHYr{qKX_!}a}7t9iWh|5&?dmLY=U(%-Yhx3Ne45PB>aP$jmzWz zIDZAFIDM$bgS7B}!R$T#Z+CxP|6?VO$N%*tE`#N3Sf3h~FY$hAwNLk?Sh~ZlM{s)8 z#MZ4$wgSfQY_5KTvvG=U_|FlDu0%%E%Nb1dFUrkV{uC~wWVn8bit1~Aw(pK~PJXXD zEfEPae76tD=}Xk-$a+_RxTy5P6RKAkmEX=CQBpQ7Q{njpmZX3Up*Vq#1EZ^3a(rwh z$#9^izZ;3UA--%{igk5sEX8U$qpW>A`Cqph zmU1Fn1N&3c59-IUTtjd}b;LUep4!?;G1Xhi>(KOWu(vyT(Fs69@S+XuQ{jMr>}PrQ zA47~`lAVr5IKzc)2Db43gWY4F|L+~{uk(Lb@_79JMouEov$zbt?=6f^jonw!e`>4H z>(FJ_Q2*NE>{H+Q?mmpNLd4%+k_@%keWou9+We-UH=H^3a=T}PP|*DI`jPgZ8G<`b z^iS)RMHY8#Z8IY|U&Trh%?7ao>W1y8*(vZ8k(mgx8mNEYpqOMyD612XKsA3?0SJXp zo0mFySN$1CeXR{Isz8$YyTM*BvfXt8va~i>)~HI#*2SwiM4)~`8;0#yU9_^O!ybyEA#sQ_x39BU%LnE{Lhs< zp8jW2^Z=jMrD%USia*^*FdzG6S@^|6j!sHy_v&nI!Q@x$TKN?e6i-WsxzJ}epFY?} z_Pb@D-CkT-j_CpT6=XO|P*#Bbsz1MD9>-G55k;aBpItBq29MhfkL&wUhjQVr*UG^s z{47oWms_@?0JQo4pYI>|@_+C7+W)hX$CLkMw*7JyfO2(wk{W=G{<2hnwaEViiTve- zKQ37YFP;Bi!YP_B{(t}Q__z}PzpnqYnx}^U^I3cv2_UPJe8MuoF0Znzqu#)6Qg(NZ zIg_DkA$DU?q|TXFyHMT0PoFHUQ@c&ihG^20YVox*6xMR?QF88+5_2EYvi)d9>_`19 zP5!4=L9hAb|G{om{vSSH$A7Qn@#Mc*J|YKTGa5er;9TmC<8sdAvNkvl1R)uMnBh?f%j&t-Ay88#1FYx`x?UhH=-us|o5} zD3$b6PywF6x&5(dA0J)^{C(;_fAnW*`k$`g9mpGK^Zy+9{{Q{w&)4-IR`YoJpDE$K zRNXH#)qOufy{|-mxjLUF^;#kOBOL^+)uXj@=3{ymlmDl2OlDcvd*EB+|DJpKAN$Aq z&)4-|R`NLVUrp=NRAg1amr)D40n~@7nCjvcs0^*&)Rs|&>Vpo2qV?#PQdrgMcfPvO zdPJe}(cb(lSaj7#@v-$+%^XzAO6x8@oieN%$8ZU3 zeiwI9FDjTXE7end6vH${BA0)l{%I%ATRr>N^VqN40sxiFK>t%CrR*0vBh>z}p^A(S zPw5D|^%~hKoKP_VVOyNKL{Z6u*9a!xQe2?7S&Sn2Hy7$}VD=DMul>LI=T{^t>)ctY zTN)vtmZkRyitg zo-(9*l;op$j5C-Tvf5ZnyInNFBXExZqzK>)zzn$9Yy+6y!v|(V_J{9JoD0G2s&tOH z)2~5bL!9bO{nq!}B|caU<{}eL1HyX%F=WVmlaXSAvvCi|&2QGI!T;n1i0mzZ-MWMh zqK+QrygAVq;@35G@5uLxckqS15$vgg?h6q8XY`+ucP*YGFb8EV@FtL22ljN^Zfm}! zlA){lS#jLmpo<9a@69-Va2AVE3PUvw8>l8GXR*NsRb*89SL^!=u7F^Hik>@>oiGil z?2n$$<P3bUNfv9R-S;vBap5Mju-2GmM@{-HEZ4}-$%=uj$fk=pkmzYK% z%0?^#(S)$#3Ko+HMELzTB%O&{&>4y;Dk2cYqBhhN<`IYzbcbW)UyI&y0ea!yyId7t zS0z2VT!7wGysen~`tx~j$rprJ@QVD}frc*&=PP(=m*oFaxf1o8v)d)@!MnKlV0-T_ zF6P;LKC1I>s#Pu*xfj7%3h@-&YN_}^SI!dn|HATLP(u*I(4tNgXp#R%yA}C={QUTM zE&o^XsDK0MdZ}6BOYj1QmP^1B*ubThh`?|4C7nAn7BzBFSJ5r(k$MOV%0O zAfvmukfxJ39rUcJ5Iz;pNeQAZc!=|FuA*@L;Uz-(8Oa~4W|h0lH<(~nevp*)!H@h6 zLxqGLu?eAt^rDJ!`2Zg$*6!k>a>qn1K)G5t5-bEblSuMz4bt6#Pf-E+g6o1Zh@`zA z)d`tss}jR?F#?{X!;F)88^jY7zvHu=lSKZgW~dt1B?jk#@jX>|6xJpUO~B?m^uR)} zD#cvg6=TIpHN;ry(Pkt(U_hwz;xtXGG^hz}^L$c4e`a1AUDkOdtz+X@HcgXx=l8&g zeuMvoLL8yuU(w(CKxC?+Sm*w0ub0|0aNr*!>*X&GBQjky!re{I9d;=kqExar{*n5# z%wH8-$JWl;QWMM$luW+q+(~v8X(XI<1m2ze`NWzPJ0IaVoII&RBeIMXV*i(evwvI7 z2(2C?2dBzdt#_RVEdFFUicdP@{^;Yuj(pP_o!^~Um4o1T0I(u3PC7CDMI)c)8cS#* zC}JY**Wjs6_srjBhacC-Gjo;mHmS%K4?AK|PZIik~!mqaz&e|vj} z`@6pXckgJO|GAP!nsp>AAXaDZd~*AIcCpBnW8h~p1nq_qUl{|lFrv~~vB7^hO;d7@ zl3ULQYB@VAj!@(M+){i;>Pin}#_c?A7zsl(hs9)D{3-&_)hk?pnK12?qv8#jWrbL- zpdiGIW@88$;s}US?VYLkDzdzC7a1-9%z!+>6WqKYU_#PFnv*3Y*_OjGa$JJ=iU4wl zD6ss@!f7>z;_y8~C_z3n*YKPANhLO@ekI(0>STwgKl#jDS(92adP!FQeVK3~gkCWO3;PC!mkA7`w9+|K2H%H8FM30mk|S1-{WqCFs7 za}e_xmpbTYA?7U^TzBRz)p8|d)J$j<*QKZYO&RabZ+HsFNIMZu08De7p$q<_`hcN$ zM&&gu1$tkUDm0yCr|gns*Mt-&(%a>}`{%D7@!c)#ov(|l)w zU|LKbO5!4z;1%>E7V<2A(q1ZU`(S5?vmG|Ee(CGpARRON(_gI)P&^?Zy5TsBC{AB` z{7i;}!632+LuT>BMXCbt)ZxuBp%ldezQw+?#O_FR;<=1G&oxPfh%cF+O{P+P(wbNq zN_DsM`CVkGX_hdk!k94`MH@w)6U%aVl5`+G^FOdbylD6?AbhOmV@hVZqs@5CWRR0& zFk)Yc@0ySt2fuK-dC~M`GoD?@L^~ezE9|n_c()b3i=R8n)JUC$jKe9mJ|iQ0yS;96UXB2V zrbqk;W1zGHJflr-&U-@Nr35A*@(hK@#$oN!md`@|U-5;Cz3AWqZt?%_?jQN}{|=82 z*ZF@dd7StkksGJZyT8@jNJY7e@1)z&j-7M-NByoIww@VK0G{dUd(7($yVCPNpg1a@>;@szCYMI<{)?Wj-9XA zUF?4K-1$lmiZdR*K?oJ4SyTcgS4eO+rie+VCJiQzr9EgFv~Z!mtKg~6{Hq`6&c8y1 zF2b^H4w1QhaDyEjXu7t`$%~RrH}LlfN^?Znz(iLV2$I=`Lb$fJ94xu*4){VE>ayY& zS5h;dq5`Jr(5qO3{#n6RdTpcEfdbri1cTqoE642loyDSh0Sa;>Dkp$JU7AtrREwDn z&a*SqS9+PcxEr*C?{}VoSEz_560BRrstWx@!`Zahou+0ap#>Y5NSwQ0hsOvSh~>(+Y{^+1g7~3AHY5-TB~tHe;sAB@MuOf~ zn{ZSZ@bB8THS62^DRJ_Ou)`h?9y(?n&awz#&RK$JuzzQ_= z?{BwFHm(T5g3v)hAsXR#!LYBoj|XLkf#|66<%_vNbPN*<&z&MweU_;`rsj;un&B8n z9Dd*b+}`nZC{&NcDlv8;s?9wz-+XE&-iDe4zR+MgA>O_`hQil}LaVU4>rC6qfu;2>K$&36@G9aRR|g)7?^GMT^6@~N zq*)jR13DEGUKC367O4JR;prs`Mwo9H8DO|5%y5Aj3TPYRTU&YbwbGDMTFqN3LH%jB z1yVC0Lcyk}xF{g%rV52E^|QfwYpeEa_v1h9MqYl4CRG2Pj+@bXD5Pn7~G_k*zm=)%_r(%RRPtbeoJTQ^7ICX%yh(|aEF-iPo zQ0Lk6rDyoF0XL#)h6==fl=*o+uh2%vi|!zFrRX1HoKPR0Hc#e(r*uCTUSMmv^I-g% zuW*(CQQV>+08jH2O;J_=fkuJ~6qjjhbqm|z8h4?w{n6m`>gwz3*FG8K3hC4$pwu^X zr{}AE8XKF<*QuV=_PK6s*3K=fJ~L-RB1yVP($~^u+uEt&M`2xyXIE% zEad;2!VHfPEBHU)xN_f{|Fro3j`sHa`rk)~2Zw9_-zuJVkDi|Fft>8f>`Oc{0g3vX zH)=g-t5OF?j%I19iwAW}$l@(z29}7<@AvyXnB#8{Wte0qUG`+c`Wj27z7RUT%mBDXDS`|QE{*ChI9DYZVvcC6`gpAVaTIv}*pMupe^F*; z@;=I}3>i2jPOEO5GTpc29myAJpk&@T&rj-2=JW;4t6@ zfgK(HsrpKUeFWaAn8#~EidQ&A(wk9<3-bfeDz9OhlKU%)?{JF7=$yqc70bkrRRc0I zPJWhz-ZB)&WSU=5GQuf3@y;}5Ow{!(EASMlFkR=9y0|x>qT9gtKX|_;l;r-Ge7a9x zzwX(Ds)VwEV6uxsBcGjsJtw3MSYd5PyKk`bsu~t&pd5OkaWH?UMFkuF9!S!>PWGEfV$-W8tTIyZk&*v< zKlXq6)gy&!3I6=&FV5e-`oia9)o@7n0~vjBA>}*H#=yv#KnRLZbcPgWvCJkh-&OeEms6+B;n=->X$ zLQ|?9O*n=_a$2xg8dWvSNXcdZ^E`b3{XSPz5bZOZAkgoR2#rxcCfO*(alt^pKc+B7 zeYxbo!7k|c?_L~&{yQL?X(u~7V_ZyTL#~AGaB-?kA2W43T+vXZl2J zPE1|YlUloAq#}rF*6l*GB$MoG;`U5f@;$@_6DOnM`_RtOG?W^!$cFFtM;N6^pQ$+g z7u-ahu|Yn8483@9qqhg>XCThQr8LD6p|`UhdR+oqeF$Yscbo6X?P3I)^WGfW*fzQ!%1NU%7ie*e+|q z;gQ?ShQ8oF6M`#?(F+e)aQ>WcT4pbva-1c{g*gWOK5y`1&sweWlNLDg(=)+|pF}9A zd95k~)?~G5Qr;R_h8$O*{_Wp<;LC&Epd6UKgg)>%EkMDli2r(OldR)RyD!e)zOsI? zGx2-{y~QWfFVHmiZD$=ceIoSlIRQ?{6g2?kuXkXcvmNzOO^RYUu6bNc{%~~S`U&{u zw>hAAV{oAO-cCA%@c_<>38DC3vgq!+KM96oJfLUtwD6jwXiiV)6ZtrwKZTEz&Qdv7 zea;1iJB^(H@O|_wk{+efLuCJYhv=~U<#E*g5@!j{#=mDGlN4Q}5yw*#xq(PM0IDmn zog{1~!iv>oN(io7T8ylVySIxg-=A|cvtFN{&>_N;%zg6_fpipG5@UTl`>8(*o&Ty( z*B`lM`snZ*3a-duzt+dCn62Bs|W>0c}XcE;6L$f5?lAu4ZToiNASt`mItCfk>YoYio1ZO)u6Q>185oCp#2w5U* z7@7+;1vQIwKGJ=>a(h|NqvSs&vjRQ({@=a*s{OZnu$KQTdAittVw&f){^ZgK$z<`y z^Zdyk0%F(txY6{J0OT!LvV|{jB|=>#u7>hN-o6rDufHZwpKN6N`5YpDI4_?@e(mG? z^qxoYf3592&i}W+cNFmdt?&O?$x~bZkvTTm+$LGb7?bamv8DeAF#Q|r!$z*p%4&ui z4nW}4UXmzvW&NgiWpC+DmMj8n-2I;GOds8*(faYG;PE~`L)qVr(@zt+vwdS`W-$|| zGO;eX9qUH>Lc#`)UtDZnBDnq#qC61S6T~V%-=*^^8VS-Th-<{vYkH<^M{aW!HZ;OCqEJXqZw3FooI!DuDB4qYhy32WC^7rpXail$p7fiLh_%YF&4Ec%PPlB3P79uKd8k2A00nm$N#V7X_x3`j`ghDqRh$! zu6(B%4KSC?;(`kYm;qhjL$^_x&0PO5KP3c7L4w|6=9JXmc?P~kAR*%IJU*Fp8XN|MhRji3tKmg6pnIK0Q%4EfiZs>;L$<*1-DRF%l?dD~mv zi@2DT&si!n;MK&TWB|^DMvy*mTAH5$$>PS5)C;I`a^+PaJ74DsERYzrsm|@y|1WRR z7Z()?(t^lb9b2i8R(+yGT*0rWrHK2Q!hKnO5CCU1E#N%hHn=;Pdsq@jB_ldTnRlLv z+iM3t9ui(3-0CA5XDzsUqXIznYyjxL)iIAXc@98-LI4D^l<*Yh@`eC$UHFjPA?x~T z(@30hi#<0)0KLy)mY{^M)QHOcB?i_P(nkKXi2HIj+(`~pjx}gRrj5N8)^3Q-&qDHF z^0JQ7zy1FI{o|vG|NnS*E&o^X%pw2fte>W7n*ty|tXSI4ZTPnI=W-er;wF5~ABKWM z;SttxWR~2O4PImB+=uV?3=>(l1*UIJ7k#@1w@Jnm8O@G3QpUNI$-zWLN45t130@am z2z9p6N-ZSNojd*)!XP}&bKcs06}hFJq9%FUcXChWpa=GDnCUS??Utt8KEMcpyX|?wX|g_ z%<>=3eb7N=`5sDBLL5`nXvi+2k(hU1Pu_VZicCqpm$!SLr#Qw%`T!t%hZ6Uy*I(+c z6;f=9>)da%b4rPS&vc_k&VB$Bc!w0LEVVZgeBlwr1{k=3>0;!MTRHE<=(oW=0&GHN zX(D_4+s)fcPt^;$yUZFinz`4Dyd?B*jAT_b1NxqsN4@AY=)PT_O5QF_Q4Xopj|HYW zcr}J`*pMh0HvfWy{gz@GouihXV^3&{L80K|-(bFQeYJ04kku;48@l>=sl#vRHDATM zNk2C0#{d#nsOTl)k9iSS;xF@EH(S}?_EDtVbpSDu85%ERGeC}C*y>hLjJ4ts70C?4F-dNFwKxYGP8DR zC$g6`F6nMCP}wQ&auxn5-q`@$2t7uWoJCmy?kUN}gYGjR2d{@|ylF5?z!cJVWtWhJ z)rgV-1$4QPWU96oJj#e2#bUB%uTy09Qe@4!u47g1v?dUxYfAlVtLqVxXVDo3!MqE$ z#AY-E3TV^f^0;lV5l&AQJ-m2`ccsk$CYT8|my7>Z;UH06W72{Yyf`Hq4h2w%rJ_MOm?0sL0($ovW z^>n*$rCWtNF=m$Oh>1HHr9Ve1W`0i!@n6de9M>M)6+LtMe|5~x&W|xA+0SHnlcV^N z@!tn~&-Z-)@BYy`|7RtSvRFy>H!=i#GOg6zGcM9ahHrVN)Gxm@IB-nxm$f(o4jgUT zMdgu=bABWFqx$MZ99i){gi?my7y8^vnqcgsiRkH!@^@#oVxZc#WsHkQl04yvay?WlA-JpUF^wp@^%!F6ccD zR^7ugnx$=^%P+fuKM>&64Gu36Oj4X7b7jlhT>92QqTa}?OYv67e%(^c($8eb#S<>T z6pKngdQK8?QH;z3&mI6pkP#1$45u6u{@uSwrsh=trPO}=d+q17M(kE{$E^gCSGcq}RZ`(VG<{Keb{MoPHdQ z=$Eo^D<|TA2$KHt3)n336l~h~7#f!d`Mux%$Cl;(_!azfMha2zw%malv@=q@BZF-N zo9&lhoc5J3EEFTTBO?x}ZqIq(!k<|%_r#DIcA5vU{!!zkG<{?<{b~ySoxg zG3OG1UI4%S*87>84%Nqg3x@u?Uk74A$0&du41vp%n3;rmdh4sG#qAAH3D%v%` z*7(1@=au;X=j-}kD|v*X_fpK|4JwwW0XoZL#X2BGcbMDRO)3#d6QQ-?7~Y`5(uDZG z#6_Bbk~AH{_?=XSC@j$UL4q-ZGr#jzGlnD>p$kf%64!!qk}w%Bm7#k;GQ@&7zu$N#V9k@DZn=Y-Ieo64@H@I9W+rhzU)z&T`Ch=UYaQn$eV;fUx4#s$7Z6_+!gFg(I4nk1P~ zDC_x_=Qj01l(_hJ zAgT?U1oxaUEZXC&Kx0G);9?{KT;-9_c6qMEK!)xREukeKnMoYwjl1Ibs7Td7Pe%o! zuhb-+fZN;Gp%)MYjrHWCQ4q%#3 zU_V87C>1IbW-^Lj4G9co$up$0kz~-fK;`!KwL3W@1dAC(E{k|W5_F=cUi~c&Tja)? zkb7`N5}T)p5*h`C@jF410>m)m5 zYV}qNPqDXQxw^gmW=ZP3+gU)vccqD^uh}mxz5PfYV7kkpa(d~k4$EdLr#y1uR1XC0 z6;wjVaLOAxa)dXu$NJlEy;^4IbyCNdtdr6G-O>&bcB|b!C}{ZiH4^BTU%&vYU3)8k z7S{iB(pL7%JT3bF@$tUz|2sH(zRv$$$sa!Fw){!25lSR9>L{&qk7w-{I;TT=bQZ552Di#cVDJY(bjy-U!48H*b z@GHnvjLbgp^^gf+#U(2E((FJd>+3~H#6etLyzJQ7)y2z2J7N<^(G?}!c)oP5QE%BB zp>~TRA$5GUxL@P!9qWKWwb8;`0SPPGigat)2ln?*zX^1x9$j?LZQ0>~)NJ;Ep4T0z zoMJ+8@$e{SAP}oSdOUI&Nze^SQ7n?^AICFnSS7z`U>EbD%D3-niXlUbEnf>$3)B-K znmuNoHGt;nZAK!=7NgR9L)Bg^OtP;ijL{XMm?X+XT6p}8P#?eM3z8z~E`0PtvOslO zNJ77gXJQjeb@8OrYlu{V_D;iRl1${@-+4S*TQGwAbva*an5;w=f_P=N|nx!2g zfZOuFb}RP(@!rwF+Wud~BaHnUHJ3|`0QMHhA29;RBEc#`fGQOKcw&Xufk2A}0+n~K zR@#e%{*NPgy8py6Lph{{DCzh64jL+lsll0FT97f{ts|({&m7O9`rjQ)aUyIrQwrc4 z^OL6xw#9$%9eMd*2fN3+>-g`LJWl?9IfKir0#HIVI^Yv1eE!KhZ|ohntLCy@Fuuz^ zTCaRv3DL5T*1fOiPdB%z)LCx}Tk6#uX-B82zV`IFaC<9!g8zu+{d}9Ls3IzA9YkdY zcBCpIL|eX+kdXpxPG_w6D`X*D40OL@ms@^FFIlTr+n+1I{-O>ANhT)$`_I`A+h8~= zz?c-OK-=ce1ZN=H29e!!6|Znbtmf-yZ0$;?z1vXaWiNq|l$GWFtQ-C%bh(-?!KFbc z4-o@UhR0&4Y9?gd2qy!l;>t3Zi$yR zZ;UIn)z7Zjew)1%v9wXu>TeX=rVk5jv%D^sm@Tn2oH+%x-KoK4P6^%3tFggfeVzL> zt~Rh~1+&C7+!Ta+hqL5@foQ6#|MFK`ixAA|SW^v((zuvpkUmt%#=Cwy3Ut~)rM1NV z!#qoo|0eY`tN^sj|6^bN9~`XXKUebj`QOV{00K+n_pSj1hy2m10A;fFldAybDqHIS z-E@F3#nwu|`dQYq4Ef*W`~M#u?fPICyeQRX#kUPS>^chEv@QAD< zL4+$LHP^#%>zo$9oD%b_c|%&M}*7H`=i<(VhtRc9^^U2ashCf2$K$G(&E zG)tUmP|GZEsp*El6urUgo58Wr8Yz+`$0&ly1Aqpuzl7W_taWMww@r16rf;+KL6Fb@ zRprA}Xa3#gftwcn-4UWvck^A5;TrvOhA9HD5ZL)c-x>=v#S!Dn7 zxtNCowCw-G{lg=_{@d=}djGHF5&Qo&fe8~Acr#gtfpy&Sa#y;VxTwe$&sagGpvY4& z!YN|g05SzC0XS1y`rrXh)Aj@eh13AOFDSgt)5xi&uW0nLPo*SWhrx){ZJ?^=&DWh<1F%DH*I%BV&D8@P!ngz6^Y;a! z8BD=NRvrFB=pH_R)2j<`O=ffMbjn+F>E^G5;(u`_oQj&Gr?Y|xEI#Z<(MONR# zT<|lyWtSPJWQvLjnlbQ3Dp7NFrxdS_thoOMW^nBC<@x%H=i$jaH>dzPp?uDa)Yvxe zE&Puw@s0`0{q*YU>+9EZEPc^7h{RgQU&*t8{?BccIGXAOBEAvehcF0scbLzMTD6IO5qG*g(J;NUM*~rXHt|Vwen< z(5Hgbtyhwb$#Qy?kUI4mr#OB$Av1=S&~XW@Q{RlFbP2t3Fm?T1qcLU$qTp@L`y_Op zUd$FDs_}p-a9%IpAc{v195j{39|_P+q^}{Ti1F>TK$mv{_Gy}Weaa&e5R(M;<<&I+ zCP|-jAPWumctxviFiA+p2E46oYR(t!^T!~9qN&v~3e}JGaQx=#vK==rSQ5+x8j+9b zU7pFa$9_iy@A9k*W*I8jgpgux(&>it5>B^kMDA1yuLKrw2pIzR5Er)hsvxpfV5ilT zpqvdjga~W^U$tI9{}TdoiT>Z+gF|2cJJ{V@$A7HkY18VIHq?4fqcpP|QO5aW7Nggg zbvxowO%o&w>d)7T={o#Yv$g5i{h4F`D|Kz>N6UZEi4C;u|GneggUbD%N9+B+lE?D& z$Quu>$yKq>tdxkuht5`E(AlH|FLs`Rue1)B!6`~aw+uiQl)i4175~(Zuo8cJfy&|| zCuYiuc;WBVfy&7X1uyW)C7g<6sd~vO1JF5IY%rRosl2CPqY`GsP}Ruw;)G?KONp6) z`t}Y{iW9U2HZwK;rt0O=jN}71kuDos)hMlvANi;_PBtYXyTeFz)+OJl4(V#YhNv%q zjuHF(uK)R6WWDMDtqzqSUE&ln<}O034z;+LO3j)XFO?+a7F1=IeJ>Pp-`OfYqaBL-W>i-TEzof#|JZcM_n{47f! zeHo`S=_%akGLS(|NXj*e;vq*7i0FL;f+^@$6Bx%RFRtItiJ0uEvYNzJSqh|X10?Cr5_|`#Xl0C_MOl7!)hhV*g;=t77#3oRI?g z2ySGAv2x|sKW7@D;Nq+UR|{$`C_g8|*oVS@JMk!2 zJBi&%VRy?ZEB9@SaOK=Y?y7;@zKZAHDG}fZ7&%jsnKF*Rh?41daGF+Fw2ec(-L2JF zi9R>C}NzHzm(R6N-(6khTtVklcDFZRb9>+#p-(YdvI2>JHE>JJ=#?j#X3@5zkL#7kuJolU^W-ENLOn4WU#nE?N1GQ zrt`-~lPE!?K-q0_-^h4Yu|nkomE{m|M`aU%)qL_Cq%Zq5t{(UP6=fGl#3t^tuFp;o4#N zD2E}aaZlM)I1^Qw0R%D0P5G*FmHKWwx1y9N-0%{i{ERm)SKL;mMuKdoU38n4%>JC) z0CPJix56u_=5kN;K8IQI*5FVjaiE}~-zZQl!5-F&%2{T0c4`h4cbRmfKF+O?ZiyyBG|#|52mH*)qUtD;*a;JQt_a#xmOta9sd%lx#K*;uZM zxrqK($?0p+16%aJ{r&xYPyahQI#{3ouH=!iu$3Ior741e{Li@*!a)0~Vu%IGmNqDo z3eWwf9b$($_p2`NHZ~~w-wKtLQLN>X+=F`rCh)Gjhc5wGcfhs*l?i?&yD8oM_CT`) zz2D~l)kCrdjo(*B%p@ZI$Acj>Es7?bZdlo4tvw|yWI0NqWks~~IOIg+M zWcg|2>no;{tsu%3Z3VyYbAfK}0zz8{>03pBL_kp9#=`4;w@_}10aW%0Ii-bh&c;R|pz(7ylS9SuRCy0?yjppzWh z9H(X_Rrk*W>U*(fi7`DxzAP5VeAccf6gev$^cg^wJU{Un+SeUW-NM zw+Fb1sVV#E<{pyDpltdn#ksGa@Usa2_ex>4s)23(AI|JO|Igm>n*XolkwJ%*(rCi} zvjq1~rE1z-&Yw!_+A~2s9hcuZP7xPG_58(Y8LqOu!q0ol^i?(lrrKeeOtj^^&G?dJn>Kl}jM;0}rlCxmM{bj=BO z3A1=wcs=&j-fbFJ6UFSe-N3fn#DP(IJs#JcduU!)9dflUxt zFDm^^C93;acn69_YVCwjCzUBHQnMvC{TYjjRFWYWmX#t>+Y>QiF_t4M(I5;}o zUE6=Fc%Ib$GllKz?LYNNSNqRO=<`#;eEUzY(i;0uy|(N>8_+`bngeoSd(Gt5b+p&q zfjre=p_xjzzd)Qn`ln9`Av2?#Br1h75ar(>66|)qS!5?`g!)v~As6b`ZyW5}1-SDJ z+`fJJ_C(a{7S}<>kX6ovYwTqg|ME(S>sea0m>UUZn$lT{0*L!*DC?u!Kkl=L{8yo% zSK@k<4q8B4{LjIDCI9pJ;lWz|ui~l1|2UJooERYQI-PoD!1=J7Lg1onsRix}Upa7> zaE*%Kd}JvKRnYT>3%LVr3LFaH&^d%Cg#T0N2Tos6uEXJ z0NTv|_YU{>EAih4&)4?fN*?LClh=DKE9Xn!>NQuak8WgdbeGkuOUNu9uYReRAnMal zG*44Jj{;Y@o4q-lN45%>XhgGUE;Fp$9#YG?3rNSPxIwA7$i#2wy{#Qo$W~PyBgzJ* z69d8%p|#FVYaCl!pfc?g!33lPCPSFQEJhSuTrqKn_Y@T{O@~#|D3jS6k}{fK6PSFd zKt%y}@jWgk)wZeC>f*|4W-qN5pddFQHACIk;C|$3AGT73ra2M!k+XtOI7VWOVkrtO zMkFK>S_D>toZ~CKY6DA856An)#o`qz;)(3Ty;RKQKHiEF-`DJQ(cOz~O@ehnTsSSR zCAE+Qc+0`0E4|&t%G>YHZCOi+f25afWk&?gJiQXRA!5G(W3E^FeF_|%;RRMjK`2ry zU^X3U$yH@lFWf$B=o>(`ap~!Rk#4K+q6}SWT7cEhLTgZWJ;ySvhPMRKt1ia6hE40S zgx16wYvNOy7E&Y4)Kc;zgFKw-){)>&oTZl&TeGM*b^X3WK@Q$G0Xx&;sGF)ttKUe* z6YOqz71C^mD!vKQtTNQElyxeWDqqAhsauW#Wd(i63D) z19MXIY!c|XFt?d0Afc1%hR@~cdk$m&{IUVH`GHlB3hRFh&99>488=~dE$aF)h66mh z4bM-0kJ^z59fnu7a8r-%!<~xh(!{qvbOfM|3^{ z&@YXp6+^#;J_`!;%~Fk&KUD$&9NXpS z4Ig%cU(s+pb*TQs1|=M3xWEk6+7kj+)h6t|wd%%I0{_!)C)k}po8!7`BqcMrpP&rj ze}EBwj~E!v#tg(1vI$>hUwwT6NG9v$1vR~$XFl45f=w0gCq|%=)WhEb`b|l=EfED+ z*QnBl(_;$+1D(`V2b4{pE8B(T-NxP?3-}yNMB&%huY=nwZ2oXl--`5QCp$Zzvy;!6 z5M^e}ayv*6(yP!-2@OIIgAM`>t`!yBRAzk%z8AJQVCs4ubhnW+p?0lo-YU|w%CU+R za?y63#;buIhMy9Bs7>F`+qQ~stRiK?k zr0SqrBR1=g4;~+{*#f(B;XOmOdBAs$(JberweVh5^K4K#=MU;@JIa}(7M@2k7b*M? zxn@Fs%^5?NBtaKf)jF@hl_GMpHMllQP?hqaP3kND$5m+Ci{I=R%E-Wv?7o)CAcA-a zhl08jzg!3ArHg;Vnc_g7Bbv66-HCT@SXTiRtWWMfl4qgwzq@#z>;KyG|9AcPkNxB0 zb^WK6JW}3%bGE$0zq@$elRw^~Uzgc$-6-uG{aHWv{hWU5<$M|aHq^Ot`mKi5jQ*xv zfKBIw?;%Il8JXeJBbcT`7{7a|PWJ54-#+9Gx&31iV3RJE<8PBOppSG8&R?qH6HHFI zDlrWd9e$go4?wIovC{Df;NlAg^vdA2mY_Ttfk-UInjl~FPxaoPvn>?>>=dcStiaj$ zEQNR)P{&qLc>6l%jX0~)9Gf>_ z13M_Ro_&eMs?HX_vDnu}y~@Fx*t&-JyP{+Wz^kYi#5-y$6SP=W0!PI85=_U{RO6cL zyA_`7#)wboGKRg)0+RWd*sXi z{r$E5zmlht|9QdRQ$y!7OmICA0X!%k7ZMvnHoQytHyT zBm|#BbWZuSz%88cDe>)^?r9I;sggNFACc47Jjolnxls&HT*zV@qN5j)RO8TJ*BBuTLY=F{?RWVy!KIp0X0wI*QRB^ zP`#shYaM+6d-r!!=(XlqNd9*#`)-~V`G0V{SF!&Nj`!E{e-)3~g5oGbR&xXb=#|(l6u_jv&lL^8%6bo_;#t;+aAdvi zVHIHks;??LzQ}N)Ib5i;l&2VkS*Hp$1X3c4Zwn&TDIc8m$w^S-!lUqsZ$(82mWr=Y z!yB}QU^bM6<%>Y;U_@CUJvOAHtHscyqCL4p2}RGY3rL`K*c z>T(@h{Ciih^v3S&yZe1BK!&HR^`M31|2?7aQUa5%4!}15-@)?(-~ab~e{U`SSMi7~ z_N|)GWeI-0K;{(rWwSYiy;+RiguMBDKJl)b*@E5tRuSo@levVsfj5^d*R86o-Go~E z{Jo{44=(qYCHDWQQeSW9j^e&{Im{#HolYjECNGvr1tjCE5EjNOO0qJYU>nSs{E4ZO zqm?;WRCl;B)h?5p9L0bUfD4halzmZ1KQ75YhEpKQ*SWPme`!frQa}SgoJLLcE9{BqI{_)ZJ{*RSBLbkj?bgXmxR7G)pKqyy%dgrFZ z$pV@a1R}McBQ5T2?IOiPYOZIP-=w(HrM$6lAhsJ5PJ@1F5sZx9u7+d>?rq55%Dg~F z$8K!M2~*QVdr$|fHF$b07NFE&$Slp z-nK0AtV^-|L7xTqzp_b|7XP((baYsW|JprX^Z!*mf+H&@h+zBr&Od3dDQig>K{3e+ zh%+!j=@cMJjh&_h0cK#vW-v`3Knyc55up_TiePWfcW^e=(nZ{|05ik$rEQ24(GL~b z=pZJPqBylB$7zY(Jx)_FL?DNZ8;=D6Q9-_g(=>Xdq|vK80s|v$+JsHnrsSv_FilIY zzA2FdgDqPv#Uo8r1|mUG{`VcC1*g?_r*B^Kf&J~~?PX-cE1AA@k7Y(`7X+{gxz~S+ zdnLFKmax^hOIMkWkV%l3wR;5a$t+F4JBBY{&P3ckoN-g2C}-V_ ziuVT^MLz*zFHgz@hN>s50 zeW2)~7bwgWwqjXL;R9bN5KzQsX~FdpwHgOrLr!!v)D!TZ*?(r>^E>(98>C49hvW_^ z3J>gg3CYusUZBp;|5MBgw)10x?r@A=W7cj9wDJFgeLw%}Xzy^H|Fx2*jkT52>@YWF zqYHO$Kl$D=>H4!%T;zAsd0bYo$I1Jx z%2~I(%*^R4m{KA;dEs1HRv)hD_zc}qgD9^Qt8_ZDOMTQgluWc0ms)5}0aZCTcfOpw zrfTYw%ZOi!mOxIWthf2Sg!Y5X9_9+cundaD87L=T%9AlE!1tfCAELm_Zw0fg)|Sf> zo`w0pwSL-!Ks*0`?(zTQ{e$)S?@FFF{_jom{6fG2P%jC*UVL$op#YpYWrAwo=gW5v z$x!X~4=Wz3GucH(*tMCpfDkih1O%H1qoYnd2%Do?4r(m{mhvpl{|PNRY5(o~|MsZ{*7k;-*Q|*lhXnlBQfFAwi=@ zKDV6lEi+b==h|S*nMKwvb)Isag+yD;CN<>R2r7PSEA69vTIK&>g3>7-XN00f`)HB> zyGOqLxA*+``8xhO^!P$XSx`Kj6@)Sc4kaS@?4$-W5$q*I#uBB34I4}269T0S^7jr|>}s_BgAejv~02Y~pMSz>E|VMD+?PP?qpDKqzqWttG7vzJhrU zDar~31dtIJ!5F8wfFjNdX2}krHBfR&rbK+^_9`!A!88FmqyPHsVWIAZugq?;h>;clY|cd*%zZU-d@^{WuljUtiw5)Zlu(S0c!4MCerZ z2Zv-<0GM)NE_DL=sTegC=IIn=1rt=|q`D!a;-0UkUY;Vzkc`ZVixZHdF--qAxAdfV z8W1|}^)5+)W7O;MWm(6`HpP$=63=*F+dy^o-~aW0)EEE#U;lSYmxY2Ec$=fFr(kG8 zfxnV_bcg7+XzK7T8HtGQP*%t&xFG^lm>>Y}AWq>hMZKAbXH=j)^aM8&@>gs@f$M8C zJ$ek{n)aCF4-}6l1=x(Y!2a&ubMOXI3}1c;&Irv3l|(-sZiCY_1=svj2Cfk|&`>hy z{r7+UpBftd_kaCgP5=lB3KKMi^c`O+Vc>&aufNQv*J~6(w}?)eoM0`1zywh=d;nw4 z`Wbj2GkH0hAWcC8owg;9o#D-4slry!S+uNYmJ0FcuEVheEleBiJS-&GP zqs0WkEW>w*GDuAx@d#5^fP6MgahyK%%sK>Syowh z?8sVkk`! zl`l+p6pbjvnFKszTHv`$w%6l)AtpH&7m6(0w!wUqpx66OlQSk6%W*s-GnPJREy5WL-V#OtK#)ymceOxrAD$J)8C-{n*_lun=?07fSX}zj<&L z&?z)%Ar9fJAY2ECxkT)lohiGsnSk3?s{v}?iSfWR1ws+)sTpNqe#~Wr1}4E%|JDIdky}2etrJsci`p4&DrbI zi#Ipm^!01-?dkRP>E-Rk`3*R|d|b2Iy1uyl>io_5uC+8Drkh5WlY&e(kd(o{onuf|1zml6~t(-Vr?qjK(H9Xxhh|xL?$_C zrdrN)qeiveQ+6hwe2$YZYRbGC``5?GMPDoGx3&V3a1jWI(Q+3IW!07 z0dO=_L)213by1QjLu6J6NL)XK${nyTW(8qBzb9Z5Zk50?8=hphWTd&gS&^{JB;&yG zG$)*IW)3zKaSc`K!bm9f&&Q>f2z24yfToSRhq)Fk5EG0^ms{lR>J_V<*^|bnbug_0kzBwOElg0aJ zi~rj@e(s@#o)r(D?G#1k|{y_JbzQC# z@YBYtS(;wLDf&sgc+2+!vw!bzxB%q0eQ^Ed>DdCncry(`0bU#>4d{v_Yyl`&B+(Gg zWEP?N#QbHw9^vsDn7aVX&*g|>iV7cB{+szChAFZy?erib>V10tUU=YAaFG>=j$q7N z;P?HFYiS3`b~sDW`=5HfzW@$PDgyn#fS=s2gy&m=|BFb-m1Wa8e@E|Qgc1gh4@A8P z7#G4$6&67;q2%6VW`1H!@^}2S^8c77Y$ryv=ucq=$A}L2FM|g-?OXt+iU02%93Ssj z>ObzUgj_X>*rK?P(6sEy3|fQY2^NSNx8G}O0yp8;)B+h+8&Ws`%qufXZ$ci`_AmoK-K za<2Uh!hgZZh!Re-8|3(!jH|_XfK!-_XK;+bnA{;Ma^XuOnyKiG(j;KjK@EDmA7N0Q zI7`TiAvV0D2Xm}e$_aouM(+!hiLM6k{=^2D?A-13-r+1c0cSH-km)s&2b(X^2xmgk z@98RuTx@eGbOPdZ#tK9+V>3kAz+qdM^tg32L@AT!h%nDjz!&y6U+CWloGsD}6-b~W zfp_{8XRP20H~9HyrY2{iFsXrZrzsQN?G5(!2D?#@PZY;{Ovx;F=_`jO>QKs&DY{8w zTnJ)_-&4$rzgOSA#!T2`AWvr$ral?PD~7Z2EQQp2Dc*4vWK1a5-E&>Z#;*qei%E`5 zw>_W@RMn!d=I?G#0bsKsRTIw2Q(rEpX6yv~qJt<)(@~VcK=h2HvuS2E>4Tpc$*y2A zIROLNeo(qdzyDvG|6Ak{zIYK`BbYoyTR*6;tix1^n|N>i%A1|2ODiAK-4rnf$EecZ zjgLl7F`>A4I01Wep<#-NilZ=0vRgbwtbo(p0wd2f@K*HV_1KPMuZ|js5m{1DPaug z!va8Z9Nc&>JTjlU+pxrt6WhK5o9{JoW-iZxiU)c8rnBmW zn^MMlKv8E!IADH~JM@C{c^R9EX^>G+tVmDdY#j zXhoFi%vV+O2T&A~afbh8pfMfXBZQ|6AQ5()SlIf|nv-7avsq?AQ1Rd34WBTajmU}6 zgV@Q=&KMV3$Z{ormf_-I$Bxe0NzfficNiY`A&n=vKyfjnXb0xFFObdT&YLEmnOXnB zBVUj&0WF*wY0X8H`8T z)XvUJ#DrEXY({f(@9{Ae*w(ev`t2#UXgo!s$S;?dp1nC&*P+a)*qof7OMFC3h#Drj;e zS>h|6KoMQ2rLQ>lL~_dHfCk{rOodOO_gwUdFathMH}7zM`}*b^MDgh1-#HMzgXLk| z*{K{8?>wg>1Pk1$2yL-VILZvgGa)kXW+~Ubhd33172+h`K;WFz=}H7L%rb^lPz!rt z1)4g;Qe?s6G)`Z~BYl2A)WQpp<@WUr|0+W&%rZO~wcELTWRTqn7(UcQi6)qFdsTT{ z|BfD%=@F20!8LF$GV7R%qLlw0D-c{20U5fNQ>d?rd50bZQ47jt6CbU|52PpXSw@Oy znzJf68pLp>D*GW(FkOaEmf*FXI1`~G3An>hxD>gn!I4rIYH}n*;^DSgipHCv=23Jq z))yp%2V-nxIgEk66IDoM0l#_vhJ>UDhNCjk6ymhoJn%1dVO`OTTRppo#)bb3tRXLj}Y!zC&5HznG$gD|;|yb~K`1#O{`Eq-U)f0$NoOAe4-E=;7jJ z^ZRB!rClB2&pY&RnvS_WJDJvhVoGMlaT0vrUgUkNQ4>lKJ9Pn&{fkf;;|*_QX>;U`DQGmw-rXuo=s=0c=k+e zzO0|aBtgkG7zzUfe0}{IXd^^;Fk6>KBku#9_#ZI-=!Q?a@HZgWV)F;yGQ3qYpw#yXG|JaL+$(5mds}( z6L1`s&jFuMr}cAX+WEJ!gd~*ZJ%v>pPq1uhV%Y)x#&CAEQjM~71iV#dX8N!Vpb}w< zwWu>^)rXL+b}o`+dYt}h=J)^-A7i178_6i_6b+VlsJNRr2q{uF5Fgs(dtx2BL4I`9 zjXSF@pO(z%Brn=z#U~^uTE{CHcsJP~&ocDJ=IW8&sxXd)OUM-qoKJo6g-i`6^x=yy z=Huq9fa2B;-DtbQ(KQ{p-P2c}_wRQ12QbHj6cr39mjj{W9fL>o|FQS3+i}}iqVWGb z1(q^vm6TOgvYc^Nx4KWyr&VKjm)vF^)CnNL5QpIXL zj6>6IJ5XO<-Ml`3|L*l-OK8xHwrMCpD{pA6@mA5mq11Q_sFNjRQ~nTGiyMY?XHbrp zTg{zad%p&AI5RYgk>mitqH?_=QQ6GSDAEU+t8|9$w`X8wUto}0jY+F4Qd%VsB40|n zYxfl&MujqgV#Z^8ib*2UiEwi*VZQc9@@u&_%1n7zSBJ%FX2lpwzY|QyMIRVNX+b(; zm}~>-g>l8xRWU=l);tx%*SC<|NYs+d&#xKD9;F&O1 zUYbanynNu|>ITCfg7Qad%)Y<9y?$|GNzTR9&5M)9F)rt@t@Pk_>T8_p7bmM#wrbc= z>3*%)LoItMt)URyDU9%0&4j6=Im@scv-9uc*30WMhRnEC%V}u@Xs^Gc_xa-LX5C{o zP`sxkwH~0>#nnxZ9R@K0(_%D?)a>{lN==nS?ir{0h@D+uLZ%Twt^t5tL@JLLdZ4$2 z18Z#(!7*^c{yGD2^`)uO>(|l#OcD`NY6Mf$EVmT@jc2 zr7FV9$YGG3*Pj;K^u*YPr^ectw92vBL9ljau5x_F%1d>$Hhq<&jS*}Kq@K5$vlC=2 zd1wcf4JPLIe8%OLbo&fm2JZZ`Wywg8LA?DeNVL%UR^5wqGct|QZ}`qOZ*K8Psvdi; zQeDhMegV?#{#iu>9v!<_Jvw&Lv5V)*E*6rh?n18~-G%Nh^z**Z9fR)fb9bMA4flDW zP``f#@8=@l!8G?)M!C{zY}lEd2z0&YuiH69`7T!llniO7Wfdb2ffb>hZfr&{kb18U z5-dmMEaaGtl#8?AX-uh{E?g}aED>Xa9wPSk=Ca}>**8A1J&Kk~Hgb z`q^u&z`w=`UtTz12|OGJJNFa(BD`zENQ+FiNmyF3?VjBvmHL44pbFwdtz28CWtA|2 z+U(+#;@f#jFuE6M<4wxrM)WGHT+D=-s+hX|@gz}?noWT5quTl@_r>Gk0Bx0-JR>NvQKhaMG3k~SsmS_+zL{^;!C-*=+p|3U$(;px z${`~S-gZ(K?tcs=Ol0ac+}6@q%QI~2FBq^Zm9}#Ye+%7w*E|}_i8MS>k>D--_zUIO z3!LIdJH=;Wi7}gnGjB%EO&9IdvDJ>Pe&%d7A4e}wzW!zln)vS9bNePcJh+&rd?q9I z9ts<3hd&rK#Q<(MkQaS$R3;HxR5Ce_?nOS7!i+J&UPZ^WqT{1yPF&$kmQ}N@j?Hd# zIq?=m)n4e!YhPhgeB-}q?=)rmiZn_THRsp=EO;*12+rJSb|{7u_V<@BUYwl9qu-sLp8V(0|NFmx zU|6ZKtnyi}{<#^Q*wp`|<)l?fza`M`S@7T9Tz<#OvVLAH^QFT8=nZHO?X8MYDg|Ne z?#?c!=Ka3A1BVv=_Jf#1Bda?I%EGelmKytVnpi^}em#u176X}Tk!oqr{^*q5-F^S| z?ELM;tGhcNIdaseKi_V&Ih zkovU>SE?}L)z{mm@c#9Ny~7zk16?y0lQuyi+a$jJu&#n@Ihx$~tenD^+Zn68Zq^B! zV`wORDpIps&{ zZt*)TpbY)wR1P?BNmt+Z!l)Ilu_!;}k9x>w{AZOyT@D@J55_7VOw{qi$uSi-68T_K z$XNKQHugs7_(&0&4Jn1BXP7+uKsb8riz$y`J+r?rM@v?yN7JY~wBdGv1M?eUS zE=|4kU^PZxoG*r^X^B$zMMfkBU`?{h8>vkhDyRPp$^he;WD!r2CsBD&blAp%oILWm zrgnLP=Bapc0-6l9`>M?1Nj9UF_b6Jim3Jz^m_+>7*}E%>ID|f7bdJ?y=UNvt;kZP} zWyHrUk&&!+WC$Q}TxXfCSX@fitHNL`KMXTW9(XRHgyiP@=xL%2D|`9W;zY;Y8%Ni1 z_l~$1~~bAzMKtsLEeL*r3M_4GE zzE(go0xkr2EESJ6D)8VhaMORQauy52Wuje!ty+^=ply8%09_=e0!A02@Th$siTR$}P+{SVnU{v{O{ENVFr%jGlxxfN5x#ENe642L?Qo zLoFxTHE%u|R=!VnBQ~{3 zaMtcofc~)hh!vE8xmx*v>@ejb7cy&@HKbWI?|WTf3n5?_ZjMrJvNV7$rIqypg?`yh z=9wHoC-r0dB$(}vzvRYnXs0kRYCvypq_wZ=TTmTqx)`iDs)K8{f07w7-G40cG%V4h z_V9RlwPe2CIKiB2?R6gy-Z`sio$n;2G3^7J{+8@ zTzohv8^`MMjDWJ)rIN~R6}L1lg$txv(3*kXE^kuVqonp--DkRprk0Qfxbq?P@*=^- z#Z^JG5ckChd)NP=6zqV){$RK0UI_ZIR^Osl5dgO!7}tGcc(Box-+;bsZvENF{Jy6i5IwRMCv(?P`NP4719ph1>PW+n02e8&%!-$} zXp0wYI~xfwmlxg)tA~+xhe+MkCGjF8XNv}Sy74xJ~;pIN3eLm zbENC&Q=$T`bi0H9W|MQD$<)1fvK6}6gFhSmM7VG^_{pOK{rl+O+T+7!HrF~nxPljT z1$H@3e1bFG`bKVbGG1BP4T`Am1faw}w4m}OkM(AoL`6Jl&Qfy!D`kA2Q;`ewCAoW; z7YS+B*QIERvMMw%4JL-p)I5hCXy^8~LHS!KiRL67k$3^i!4_u$mw*&=)Kj#Y2{R>a zvVJBgw3I)!r$zv*t?$t_iPYF87fl}^D8m(j(`Sa~69L`#yv#3C zBl0X4R!8>j#}b#NN%m!XAPeMcIOV@$-6zoy`emSm(M6^2TV#i}cNWbw{mbIAGiQ7I z2yK8HtR>}Sf0)c6A#CjsdYEI+*mA>1cBefwriH~F3<`XA7G`&>NE6p1Gq41a1tr&2 zTP`P1f}qE`*z;Ol6sJ`RRVMhx&*;PL&q$nEgM}chEu;6N!Twv2dUiUSZD| zBSvz;D&&t?k9`il>?6}HC`9bPj0=YLfH-}*EA(Z+VOFIR&EB5dMxz z@ph1nfvRMONe%*3hNWa8u|$ zq~w6|4)aJI>bAOokb-fM*mFu$I&r49Itud$9HC4aX!9qn-dpRC>Zomr&h}#E!cwou zwfc9qD8DM=RWnQO5uYqJ_e)CO4|9yb@pNLh_j1AaaFOA5A-W{soDt;1*w6G!R)`?4 zYW*c-EJuO~sm@laHuV3;2+-Ka$pR8rnYpv^jIJs5EJj zV^$7qa0zdI{cb{qWV$NVk56o2AV6p| zFa1c+usWtaXpd@E*I!rR0(G{ENXzk{8jxqRs} zpMZ^~o(hnBqyW9_Bd+V$=c%0CoBN7f6!w;Zus_1u-U`E+dJuUI<}BZ}Jp_Ztt0pWE zb?h5G3^V9~l-PsZG?edpF3`f^5oM)OSc1w~@GvYT;Td{CWjYuYGI0@v$f=1?gEbOp zm|Hz9yzmU14sD^>VGm#q24!yoY2GG6_EUusBLU8q&FwyX+4|dDKSeV!~j^<1npqLQT zpQ~bmI}r(exSF4BiL7N*>4Y8N<_;VewbNlN748pQbV9o*-dyNRrSK;F^158xAN)%Y zj^Thgm6NH1B`0~mdIp={J+?(AKz(eK8BiZJA&^>Sl~@&=zY+P&LlIB}6TL~go>BP= zJO=iH9RiX`)6;O*%?aTnuz+v`MI{-@lNCp$L1mQ^)Vm_h%{;& zSifizg!Psa>_)oX9Bvoe&(Ww)4%b!tbZ3#z`iyI>A_-!#zmU~ijIh`iE7*Q8gY5~f z4E&x|vb5W54Jap4LsUZ*+7%){n!~R>O={0Bz-4=&bmiEI=9Ob5;sv0fq*0HOkQ1fI z)aA?xP`(Z$XQ9QRWn=E)Tp*J-RI|iBw5d&D+1L}>;@F+Em1AJHx|ewzFn6A8Uw0G7 zMzw2JjfRK{_YM1*O({-U%ooVM!BQww}g|WvSy- zW)x^EfULRTtG_@{y;~G&-sIJ5>{0=pwxZvmIq^ z)DDw69G#}n3`REEujVcb*2Z-aIm7nba8>bDN|NJbGsv4 zt%i1X;7L*SLp79_s%yr64gH|-PeAY=-)-x5V|(H?JM)*iVpb%HMQ`-PH9@ezLxw=9 zTuF4_qNDQc>H-Vj3U;e9m8i))JV8tv^2Ino`zuByTG~r=RXg&|$Fg*EK9<;zO z*&Q|*o!w!<=lXcpUPS$CTPS)vUole&2WSwot zv-Pp;bH+@?druO|RJ(9pLP0Bbt`-GqJ_@H3RnE>l8N@CKM$B8jNM~! zY|XnU@Yv2yCbn(cwr$%^c5Lj}$&PK?+Ocgr*|ARE_nh;ud%xVeA9`xKtJbWluBX<_ zbpQH!M)cPo*P}+d7jzZGv!xxk-6#}Xzcj;r5YT|6(C8?b&#~OabfRb@saQtvV#wYa zDKFN0#?Ef4{eft;r_jUA>t--od(CxU%b#k;Kgv10RUFWNpPQSLn7pz5sOQCoUB!bB zwdoNPZgw9aTrateUrhLmhkchRZzFE<#_m$rwT`NZtMLhQByXw{?5$Hr&u8v%J>NWf z)=O591vao|Ze;lmKIwM>E#q&qeZ=2v&jW^hIEn7sfgV@^(Q+V~H=>DFg+G>vOZk zl@dpw*NOn+`9!ys)>PQ+%_c!And@GjA>F=B5!Rmkhgw-4x}swNJ{B+cVBVUNlH|Tu zn(Yh32_18v@+3l5Oedhxl^Y|))#*Jt?CXPHJb8`dFgV+6)ypO0P_AH}CN);BVZ+cR z!?a`8GG#)%MAI$f5dC|cd(vtBdqn=X<`ugg&%!-LE4YdBKuq*_n$xx*)@PIc2h##B zz&bS_Vr`~2%vwdV#)fT6r^@tm&1nBA^zbLOcTK6sImq64{X3r)omm)N=*}pfYq`wB z$ik@LOK==jfI*(rP;lh=`pDKxYc+~D%_*9vDZG-ht#>%-WYhxdP_Y4h;i7;pZcc#) z{5kMyd$2B2_TcWX+oZV|RjFI)nVGJoryp)4AIo7EtOmXub%UX63w3_{;hn@=7i}!V z`@=vrqR_*!*a=tJK~)i-t-B(+K?xrb81!+uWFl)5!%ViIi zs(s!+kc_ujqtK!ecO>~42y#Vz3M)(5fb;zq5e_{CW|W!)P+;Ch7reC?jmWM*!91fc zf-EHF1Vkd*w!wTpE~mK}y|(2KdRP4LV$0lTKmZad#%&+3tH16?&*T1! zw^UB{=k57TtP2{^T3ofz;M}Zg_z9JWOHQn*Z1tx;0MO#(^8Yub z-*@?VHJ<;z4XhX-?6Gryrg;#pBkD3*7A^Qh7yN$VuR0Zr7)a6>EU@dc4hP~wKhxnX z-0EZ?`!3i?gr5Aq;pwYL(=#~_eb(QqK!cn*E>mS=CSNZfow?_Hm65v0zmA1-5+)Fz zj46pkkhh;{*0kiO1j>vH*IZY&U}aTpM|>U!DIN)jN{4fQrctXO&~hVi1auVkX$1;zGgB2^MH$k(uZgB{<;OIA`9BLrMFk;JuZDbjp1mDjS;?S}ZU zL*4@DG|XJjmk}4nFc6B~Ds6&#G}{#8@~7e|*kbgZMJyMUB2kpsm$W zPj__w{S<$y;kT7qbw_G+XXM%~Zbn9>iuZ?~XGkArx(k&Ert$0R$L&4zAc}MnIY=zL zt1ZTu2BMG9Pg#pMP>&Sy6wTEYW*xetClJx2gge`eAKzJ#L|LD6PzOFmEJ{Z(RA!t{ zZfPKztO>mAN=r3EV*&{T+oHc+zO`xm{zquEyV+$ybHBtJmVy>9(X~WL4U(6LyqGd zOOWMxNvY*AsZ;8skHy49`<>0M_eBox<^9M=Be%jOif+})6_dM{&Ee#sIZ{VSLk`B% zOZAfm%5}^a)%SM>(nTtyo;P3PyZDpdVeU0eyJsqn4Ga7$lEDp%uPX>ty)+gf9!&YyoP{A2B@>E8we{~ z#B#L!Ucwl}!KaX8o#&MU$}*y-)WYLB{N8kj{zw7k36M}RwGX@r)VA}#L_YC4bT*N$ zn?qJf76Xq$Q76Hot2N^5VmdScYZ+(sv|17;e;HaQJCP6 z4(3?y4Jh5w9*yk3(B&I?64*!3z{jGV64`NOVZiYtVIoP;1~ z2&5PIw@>mk2Y1GfCs7Fd;7`|P#_yCsYa;kIRiJhP*qe$rak3u2Z0k;!vg3O6zNcYk zG%&VfkhRv3PMo;2WwGT_(ej2Hl{R$j2p#^f4&snF-vkO{^g^Yh3X3IGe`-G<%a&G+ znNIof`I)0~vJDxXc!i5bkKK}*W^0tUo$F?lb>6`v6Ev^?q__0Iu?y+;TnBE~0&T{# zf+Ha&8fSe?NF9WAFRHk-_xwGYQ=4JKi~7S_S7G`Gr=;+Wh0z_3U)>iMf5Vy4a1q*v zN^C6Cl$}Tt>^><33&p^8L>RiW5{8eGTc?k@sF&T5`R)W0RGafmlx_o7Jpp!=*!p*4E%IlMl& zLb(xfVue~>CDGBMRx{+0N{YdEyqs1S0D^Rk+)y3&TLsTiBhMS)3ez~SsA8ga_rZ}e zH#8Q9AK(h$%Gauf=vU%VMSE9XR1Klcl|>X(bE`36p|nmg5LF+uKfixLjnc-s$WU@n*tSy6%q4IIK!z#ul2Ujh zWt{{D8I{32g_93UtQ1rz_az?Ixt*XpamGd9O%^PZPNj)wXQ}hNYo53JAv+p ziu=KHC&N4`zp2luyaZHBugzPVTDXr|nk7_snO7wgKSQFZ(nx@0g+SWwtJ?mElwe~_ zTcG(WcXB05i)u^oG`$vQb$g+xx#sYDgUx?$y*y0#9!0+Eh$IPHGS{vyf={Da+fwGV zMD6PT&cTBfFm!t2ry6IyzXn)__d@(C}dx7xl*LBm$W=yVpz4lOw3^d&UQh=R7uka2G)4( z`f70Q>jk!AQ(;8o#851d#pl5TDqERhq6{o3I}UAc?VzdX)ztyG=e|RIITJuLHlk4i zU&i4ml92t*B?ooW^meK$#Po7UGmse@Wd%8}hUNCAk_9{(V2!s<0+V0l-$}TxH5l1cNE&;+{eKPyGYofs8%oAv};Lnrps#XW0y-p&As3+H49Us%RQeE*Jy{< z*^+=rZi|_r0y_wM;2bAP{PR+}Y@|>Tdt{&tGJ#*>*5keO&O2QW0^J-kT=Nw}h%v4w z_^UA@#u_}#iL;8+s`n&?X>m5oRL6VDOBou{SZq^!{3yLd*>i7rk|fn1`z7!)H&ct~ z1{#x;q3&F^?XW5=&L2N!qfokE|0lGz1-cf2J~XBzSJ});B>L4eqPw2X&{ZtHTp*?wT_11y_6bk1s@*W;+tviFynNV_30UZdAdRLuCpn0p4%N4@#_l+8>JxQ8J+~U$ zs+t6|di*|8vU53E>+!sAdQmaCgD{GjDYDT%jR$ zza)q|M^Kyb=w_~8q=b1jYNuj)wr z*>K2cNHeNqGKGVvm}J0YcpTK7phT`B5|xz3HERT3gOApIX63%!{@w>hts85SKuYF{ z9sCu&b1X>xB9Fb*5PI!1%u|Baqd8*DN6gpY*2Blzj3!!U zgWjom2qx^NN@g-afaFHg3M>wXNuMClDHk)^fJ1!5N!o1ns#u7~q)xd+!Z1!Lik=^- zQ`;hHbkG}~R5I%$p?0T|i$f6qB7sIGgGde_3O4zz*_YkBzrT<4m~aTgQ-6gMtiR>R zIm;wb6LLp&-3L-5IDaBYVBh-S^(be_DS4eHVSKa1Rnuql+0)?t(qs6`_-*vohHq4r z2*OPma-fPm2))v6y)PWOCI43j6W&PMjH#BL1&%YfLl_w34>8o7&#S{IfcDjnV4)Aq zGPmJwT~%l8-?PgHR^_(0o_i5AMl7Bqq~sSc1WoQsHbPK0%c@vZcEyyq@6{`TKKW!F z3v<_b5~lJW5|Dl1$3%0NtH-GKqB&#bFl~v5Eo|!E_E!(4vI(S4&>M41%J@#FHR9o- z=F6$sVsAJ_uuGPW=TCYElINLs-(M0V++sSg&tHx)rE2rUyz@KhI7C(WAhuk79GaSE zrk887DNRuY?cE3x2ex_^1J%x^;kUZv8yddXtMlW%99`qgEVYpBpqRSm2L?R>`JjzG z)_}&gjlJ8jP|Kh!0r~38{@?CuE?OFRJK+MQTQ>%F6EjNT`FRm(o?xQ7Pny%ROF^q%cI`!29Nx{H4aOL>&7IN40sT})xZB>M zW7MieomV2ke4WBr;@{WMz&^wqXF0Z!%~{2%+1L+h`qk?QstsOQt5EC!>Q{E{x~iE> z%q2lesTyZ(hWD8WfR9IU#GOc(0d7r-0&tAgz`w>6Lh@ODDF46xm!7+qL9;Dsd!cdvH*>!Vi=P9DkGqU}G=PZiq8(4c6Y<({$QwZJ_u0P$X z<3(OE7C-rf0|EP->$NONQ)3p~9N6WJ*dl}WOMz$Fc%y5~)5U((kPDgA4YFoV8YZ;3Z9_T-~E(Lx9~1Eg#J+lV&b@ZM|e_rL12Eoe|VgQj0M zy>#YdiOl(|xs98*+CEsO3zm%gloQ}_FBHhTL9vi+Z^sjYR>siCz?IWPrli4`A@~P@ z=eSQ*VglFu*CJBM;#zhWP8YvcO$tsX9mwF~+I9yba+_&>sBT4w$6hRsD>G6vB^$Zu zQqqjw?u}iv0X*rH6924@P4Ho(al9ZUn4Iw6J;i--+Stv>-MsnPaw;*a0x?GV0_BK` zI&lvSJSz%_(gW4VQCe#^7t1{h32)NYXu@-KM@V4)gP^C;VTf#Pvp=mKJ)e|AbA^k|? z`4DsZ#Im!lM4@8wW2|&TN$-8#fZ=&h+6}b)*m7vc(PoeaRPmZ)+?Y4(Uh@uo`aoZ# z8rXm*k*`ew@!B6U<78kA@Wd1&zv`JElhH+7g}#OiD$?T+JbHzua#a5sfTxA*r!f|s zdIoESCOxyO={D}Q%gp=qWT;9#ysFK6W^vd*(qkfW2lmjtByHyDkjLr4ftiy9r;p=f zc$%a8M4~S0HlA`pPg}8v^cP2B$Ntg6zw~nx#^**mJ8|7cKI;4 z(O90-8SEEF?ZjswBQ9l>-c}rre;>wWdNH<2Ik&)UkaO~n28CeUT7QdVA*gn9mR@KO zxRHX6vJcnYu5!852n&f2H>`PGftSR|qk%)h5eu2;>Q8g^;?tz;$}gEsjFD`XFcchz zETz2r{+|u~obdCJ{&6duoAr9}u7YH}aK|2_biRk}l6}rOScEudATOLW&wxUtd!j9ZDS)pEco^OIyfMT8O*b|Wfd0qB__LfB4FC5M^V5|E8!&46TL(=--ek zm(C$wK90`^3){_JE-(9|Z$6*~T*RBF&nkYeVCFz&`d6FYq6Ku09vTykRC@nlIB z6Db}YVw^qzLeC_co8F`M1-)$-bfg@Cbm~S~N~ui@;Lew!+J>Uwqx z)Ed}TlXc;77JO0T3$6B?h9T5K{33N}dKvi}k=p}|BY;=^rDYj02z#r$r_D7wEg-4f zWoH7+c#Q2eOO@`r8-^FhU14MPkbFC&#|Dl*F4&sz2sCxq14#durv+TgF7fSn4}GxazvE75(0|@&bcx7PReTGreuov~P@b=nKAc=DJc=K* zjSoOa@}QaaWd4fl5I5uL8F{~COdT`QACE;glIBS`w}~j#X=HTuH_x@%b=p`u=nmhc z)q!&8D$yRH(zh|irPZxnuQZmVQB8i^<|@}vN@EJ_67uLSLJ9?t|EykiuO7?`W^Cpm z__cFp&sh^mv`_8{dWPCQ3TZCZ@n)>SeY*Yi3d%fh#5P`O^;EKpZ&;?*SPS!eUgBcy zBiO%P*!bYv zm1&-^=;^M)c-*~m1smGJP>osYH*u)LbCs*&S1%A(6^xW~F>rGM_EmZ~ECB&pq5En^ z=FvtQ7>pA#;Good!J(A`3EB(JO!n~BD;(cvV0B-~Ga{lYG9L*Yl71n;4b!!bAb@&$ zXhjpC?EWM9d72v#_f+r|<0)PSu(3r|bkaS#jtMaCbgQE}UE}1F^&S?R8JQny?6Q#c zq1Er~KDN5jo^<#I0glGvojF!2IuRhM$o9W| zerl)=OYaHAF=i)v%0M#-GFCO8FcD>=UGnc8Jwa?(zOGenY~N5V_N)pO0CNJn%;rNK z@K3voR^mAhE}~83Q+d%sz^{ZWqP-J3BX?x}OVJCAz2CE&16O!{<=(9dJDYJ>_s$9S zrXXI_1v-|jY!`pzfUzc>=M6Ucf`|#J6FQZ#u>3GC1B!L zJnngr!U(A7ziqzn$;x`>gp}JZpF`lKD42GA%tTa|O+N7vF5{O>gr|bMSph6sGlO6T z_MbrnT|@Hc({>C}ra+a;0^fw-2gfN6h#1mF-$NfNikKZ1Lge-2L5SH@IH4Z#JSSww{ng*lJ~C$b?GLU#CU(RCSx&7 z#(|&$*>cY61ArN^*a<@Q*B_~+aW>-H%$bAcjaFb>7~GCdhY?Lkb#5TexhA(S8|8Yf zsm|Li9^Oq?cZBx04Q=6ob*QqBB?6Pe@7#OCb^=J19W~e*$@uJA*3iBrm%A!&S~(rQ z*tBrkW=U0S(v;P7=~(!wm&|p9o-AlYTZqX)Yn1C0)c>0NWIE5-3>a0P^`P-O(1F+P zJF16OrRpL!=nN!Mif@tsmq2%-3T1fkS_HIq=Jp5a5|fR8G!-xlk-kE6{V$>E-(^Z# z4Bd?$njBi&h+M&4CySK}YtvjUU;VSEI@wbXlrD5TSo^`pmlIr^-HuoKA0{{jO*LGJ z{NXQdB1Pux#&tPo9yAxkN>{$4)k(-D)x{=SOYhd5(2S#T!7K?GlVHKdQ^Dy};bbY@ zt!H2oJ@l-mj!;L29pcsc}I$Jxmt$mxOXLR#5FH8}t zqIu{bKok7PKt8PG6aj~(`+4>O`)L~Pg=@@C^e_@8Kb?%7>;?;c``+#=8d_>LwIBEz zOcgv+Dj+eVHZ<`{aH#nE*X7*$HjOl$(!JoTLu48reU{c^ATO*OyH0Kr?30smQuu!S z55cGQEr2EMg7tY3f4ggFL`rK0{$)#P^;RujsVr4dV5}7-HqyuzAj}u5m*ev>Dduvv z*>e1d>*nFWDE}fOcEM{>VI78z0SL78V|TV4yx1v~nW?h?LHn*H`0en+sB$#~aOSmQ z<8sjYKt1Tsr>};|4z1K%A{`1Gk?CuE{h^YBJQq11JdBf zujSHL1rrx&VUjH6{KTqYZt^&WjU(PZ+xTE+#>1*Wlwl3`d`kNQu_L%wz?M@Ba9uB7P$Hq}ziyRw>B;QT@Oo2GNI`e)Z z-uUbFRJ#DT=xc{#VnZswJ&3}pVNIn*05x{Q$iB12<-FxK( znw4sNfR0Mz&xU2v01#dz1-Z=y5nSG@Xl7Zs;T zL~Kbl$i4F9m>r`yXio+Eu4})hPtf(fX}>0y z(BJn*L7CFi0((sACeNwWg=L zJxynrRdh@v$z`OES#rtC;Kj6ykKm7r$NZK;ZMygd`>7!hzGULP&(!C~(Fiq!X~$+V zc?YBK#;H-YJlPy%MF?ij=O4*?SpCNB;doDmGsFs&?Ru1(bx$vAJ!G1t(16b;9!O0i1429$d4+lt&++Z;2vPfYCs=dIBS-LZ zyeNMoQzbXN(qNVUIYHGu!)QR?@J=k4;O@#a-BfN8it66PU;VRw1t|z#Uy*M9<5`{n zmj7U@q`t3MJ1VxJi3rV%>GuL_t&K&e9797vM#ecF|PU3s^dcLPDV)9&DSOuOnKopbpyk~oDCC$HIH5U ztY%`3H`G}4e544{+2PVndM>?Yv_`iWoVA;S21$aHBKAf~qt6A*&)fDTFT5@$z(F>| zG~E+N4upYl4m`BmyIe```qe$a$d`jdz3tgyCy<`z@Rl6p#~5Amg5pUMT52VpCA^Ar zam$1@NbVwRcg33wV0Hne7f6|}P*07xwepz-Pm}GKS>BpL5yNhPYw3TSF^%C z8GMY|F!l<2K$Uk*D9cimo~_QSvC-Sc>_tOav4^X?H7cN}{wUF^$rmUKlZk*w^sG%c z*Ow!&f}KW_PInyeElsVWcY|3u(&UmAHIm_ zh&9me`QbnF#+$o)tEUKjXVJCEC5hCC=Ec+VB0o$uBs`u$E^+at4ua;0Ch zhb3Qt1u@vg*HYN}Rg!!;qB59xL_^xrr8L|^jnXEN8`8n=nGj#>sSD$`z>V{Inv5E! zk}%AZDulS&_F=2=i9YVhDM>syWytCL>@3hm81m!Lr^>8fM$)=MXs{*rMbqiCU}qTpy&3 zA6`^*oOx{q1!x4_{UBpdSpY)mOYj8jZ&;$~H@P=tSy7ho3q|nJq^tbIm|)!cJ!tBa zpt_*&osOguhWuH*(w_(mq!Dfb&>sBPH)?d|X5n{yvA-sdtC)s8aUQ%w5UXky4tydf zSWp$NmdT>QGd!D*iTj%HfMQyjtwL{m14DvKHRPIyfWzZ>k)rxB+LFJG;+Y6X0 zKX}lL{Ki|Fx~Et1HpH{>yZ$Sp8=&o_L-Lq~k}Q|iRu{UJ z-K?E1;wwFh&tb?3zisET8RDF`PlOSluzWpCGL*Upp&>|GXeubn%_#O;YB#a=^j614;2g7~g<`wqem^N6 z;iSigno%=^!?8J-_${7tu%lb10R*qY$t})(dB|#jsFHBSjSV}4{dA+3wa1iwAXL*> z$mWyq7l9HH-rwqkXb>Vy@Mg?H?^RM|%8aUbF6tj{Pcxphwu~L}_+DSt6ykX8@l5f{ z1c>m*O6;`%@w5Hct@3pDas_?G2oqXjM+}G|9!Zl>4foQ8dN3)cDWoRVg?Q{$GNGmS zBZC;UzOM{*9L$y*T3z{8IoXb{@wgSYav;{iLb+R|$PB`2oFx-vO5SiKWbVbP@Rg?2 zhBH_Ev7tBYS)S}xq-M&^qTd5V{5!5&JQIub>dK0ESGrl4`f*uts_&ppLDxB6c5UV} zf69ZRJ|aM4Oxut{8IfqZ4~OM(cec-sx0&TB8p?3{BtNqQa!w1e-a}#Pj5Dlz0AYNa zu%-1s?*7u`Uw2<;I?5PP8pw)B5&y5dmwF4IOWCTH%~qz_(Cq-62?heYSPAO##7@)- z0C<3&rO8!Ax7d0OGC_lFaoH3;b|8LBb{N31Q||Ud1?H_iJp&?~wr%P;wucWRZ8X-~iMKPyzON&X2ZXq)xmm!=^L z;u?>cx^SG{kT{RZwyzo5EPPKPf&}C188azx)?qLCu`V)N>cP&ITIRux4rw%RAKar! z;M!?h5@eX0)j~@&if+m8Z*?(DKfLV6YtT48GTgYQHN>7CPBE-aPk=GuvLiD@m_O=N z=45$vtj5}2FQu6Kpo9jSI$`jY8#ls~Y-abROIwd%Pms(=h3pwK9`JKP8}OS*9Dh4L zTT=;GOv-C+D1BVAoK33Ii%Ur`a|@=8e#CXap?EJRlqRlKf~F!?rCiqTrPYs%XUk>Y zZDpQ+-Qm6xA>eyMAz_9g8`2CafGO?g&io@^!=*uAb1-DLxTgyszQA+e-7(@h@_*2M z0-7#9d|z_!fsNX;=g!Ap(ADT40n3Vtc7=HRLytfJd}iwBeC>txGx2+=jM-8Kx{lcv zuK?#DPy9kD0uIaz3eL>34e7LT& z03{gg&L@d)MekGYrn$J}rI$J`J6$J}2&x3O)Vr-;CfkQx4YV9fi7WYNOk=sa-^ zJ{_*HllI$Ox0_t={C?8Fs>{74$^Ngo7b@vdSnIg_9}dAu68VQ+E? zHjgIA5%CygwI=@+@-hDr>!H4mnQ3n&1n!&Mvp4UsP_?`8*xxJt|H^#5hiLy#UTW-17f01h4npL+)f z$=q~OAn%fSyO6?s%U#AVYTi2vL3x$JeBLH}o7&O!X&^14AK3zmd|RdFm{uyx$8ZD% zUPrJ}Azei!DqA(R3h@WgHh3SP)ajNlp93DXfjt(mSoak2s7bSXQP~!>=+7*o50cDf zrk$7E3vo8*e>w`aD#ei3O~TW>a^wr&n?}KlNE^!IT8XHG4US%sIY8}Wn$Ua-qU~U0 z!{KgdaS-Irrw_;3HsX!Y7g-ZPRVKG}nS+RtTPux|TkD;b#Ae~LEJ$Qy!&0`y62$#+=#DJB(T-(wWz;3aT*6gRs?v^luwY?Q;wor&z&e*Q9 z$@s{9;u_=+a`*Xc=S+^co({MW_&Sf2O&~#6oV}jkxB>Bp3(RwBn_&%?t8J)&rJCBj}kA5abM$zk;A@jynWnX z{_ZvVV`Mje&*;N<`}fViFN@&3sOw*TN8i4FL?lvXi29DA)I9==glaGJjBrJr%JfQ= z=5rlRaw0pIq==*FR;izh};J5My_vPU)Ds+Xpgm_whvDBoL*iRp$A zJEj0)>9*Q$AR#I;`;zdQiW}&85XM<%)E6K{sk%CueehbxoA=6k>hibGXeF9**zF*3 zau;J&jurC+hq{U>PJ>V#x%2f@I=t`W@p)66kV~JH40$A<4M;CI^>Na!6cm3>GHOJ> zOYA8%XByLs1%Fs$J_1JP z+Mh8w>!B?PcK*aqaZI+wv3 zFx*cX({Pq*NYNDg05b+up2dq^O&@PT?7SdDP2quQkLT?#XO*%{MY)wz^O)IF^Y242 z{1xBrTVa3L%%1#hIQwpL{Mz5$%K7P~7&-oRv!wC9obO#e?cV}W@!;_6OjHHlzT0xo z%YIFb3ZUAR1tDHK!os-Kild$5OCHWm)sLRyl-IyPpysDJ@s~>>g2|-CzR@aw5VF}{ zNAb-5BkZ5#g)JmVojdl79+1`f#!Chfr8z|PG=mmYhA{U)?ulICB`NskRLN>LNYh zx66vxkBT|DyIqc>!{0vp-p1*y_m=71_IFW~iCF_ro78Q5!1aZ|D zK@LS@B76}orB`8JmjjcOE~h;5T>^hNijUm28>E%^VBFf~HJT8^k)z z9s`}FnwH`|=7xKI*q2Y|mP>cb@X1@9c_jX}k55l?V!u$fx8tmsmDN-2SbhCpJ2@A3 z*|L82N|Uj0p4-jO-|KqeRg;R;_*v7>Zm%`WYHh$tlg7xoU6Symv zQVDU}?fPuOccGv5DET#OpSkM4j^yR7#Kl)QaSKC4yvrJeRSd-c()#WwuMqQ&%6fpm z0+X4hVd<8l`sO*O%2Rokj{07OYDA4G!}*yHtC;$6#n8!_kL~Ab^_04+i);7$cdu>s zFu|U=oyQ4F7w_fuyF-tmi|3gtzV)KF7E2e`d3f^9_&qQ&yZCZuw3_lAcIW>DTg7*j z{lDVx`_psWad5rqIO%k=Yv`J*hmhS}yU+I7)s8Drjvpq_-qw6Db%$!I_te#ID=MCw zOkB`<+HD@`GC!Pa@7z}}CTC3>=1=NZJ8T}OjP&t!+1`H5Y94?0NDC^S7eyt(3+5BJ zaLeWsn!hJa1^>HYX2**B_h56LocNgw3A-ORmy-JJ`Kl-UG37Mf!uH!_;7B->jB zmf`qcQ>En>e<_X;qL|C*L6!C%1oGv{#Zn>~joP7iLf;gVd-2AI7o4Lm{x-RBahPj? z5#k#@OOlNl`+IupC|MGwggZhtH5F-Uq ztbRyu(eh)sHY2ZvwqB1-XSgJv%h+xE#a?or8@vmc&<}z24V^!&)rLZt_ z3P*V>NUeP{;z3V%L8WdqCdsMrD0_~(()YKLcWyy3Xkl*KL1!~wK!fTDg-(+(#`N6B z5<)s|z5%c0s1DvkLEa)M5##J4m7R0Y$l9&-=5{W-h zwmI8(aRoGo@d@C&r|j*>KCA%Q$7io~_MCLB3!!GP?)o(EOC;<-GS(x3$P@Md9fpi*{`G>)^`WzH&nDg_Tk3;E^flRIcSB}l2l?k2wp0R5DO^h# z9-K#BjT$ch=Pt7XE-vO@s5`_c@vK85kQNyGVbo2^Uk`Sd_txDC#CjAh-iEV&$P}Z9 zdb0*vr0C$M34|S#^)iRWQ|!i$RZhmqhxdguVh5?qK!Zf!B5|NfM|gUWF->pZ1qph` z&AMVk?ZNYp{&n=MN~Jlu+J@$ELScyWMX&vzoxoIesnaxZnRg_}r@?*`hEEQ&6?e3K z&V8~?J&#ZdU3Z-Iv>KY=R`tIFg`j~@&^#-NWNTzN(_E@vCAMRcntr~wA_A~%wAP@y zRV?iZ>6(!d_J639B@cEvso9TK9?KU;Z`S-obTj<%>8YVeu8>2(IG|*$TBvq*KLP#2 z5BmK^ua*Xo5H5-Z4XD8_c`fN3Ex9r9wSuf38I$^K%sXlMLSj4^znu?KuvmtDG9ih# z9BRH|JFjF4*AnW_U!M`dvrVO3W;BN$J&mKEAKf33f)&4g-cZ>yHd28G5*nXTFXt1&r zNJTBWii#fUcSyGw7BA0(!WxiOd_<)vS^Xg=r>xh(T%(lwJ7baP3|3&aUkc_E95ZTR zOC#Z_&J`5Jbm@(%aJuVI8lN&5Do4#v9B4tkYmcnv*B>ZIz(}xa-cByu34;cXltnlY zMj8Nu;hRKwd-xeNWzj_@?9;W}$0h|QJYyL1zM&!v>Am_eT5bD_o3p9=9 z-$_b;BpVWuaj$la$-=tC@4Dg4uyGq_J$=8;h%)X}&M>*b9M||f9bNDDf;T@eQx1ug zJmIonj~=YAm@^jjDgfk_d)}0}?*8bv{Zn)k(;2b!D7D|YRsQDC$xPHF9lSnl$cFY&2}q{b58Dbd$2ZxT4Qub zBf3a^Y$(p!bZWqj>1KXSt!f1Rwz_!H+?hz%^)r-EMyz7oO?_*UoQO+FKO>mdq=gwo z#na5Q^V4hF@%k=xb67d0+c@5scDvAxcCQ#1+wBty1%{^?yy7WgCPDREJGgfx?Xyq& zG8NOW7V`QLrwUP`P1zNEC}fs%u`CG9dG1Yxw>scj?c(w$Ig{R9Citz9r9&?hu;$Z* z--Eit7$}qOgW)Y>Vw=XRbxy^ddc5qOa;xQ)yx5@+(Lbl=_#9hT;5*^leqk#~o?p)Q$y zWw(E_6kVU}$5$iP?*f<&J^sMAOh~>&cT3$-HQ~$+IFJgLb?2E_uYpb1D=)$3p0@QM zR`A)s3ss1lmcz>z48{46b)!oH9Pfll`gjNKfVJn!wmRwS&t$~&o=s1oci z&CRU{_EHnxArOM_Ydsu=ks@j&qvMVLB03%uD(%1aDtA(5tbx-=g8V8RF@Z@L6-Dg> zHF-)+_6)4@?MsVI>dIHAvlt?x?+eqzLW1GRY82IY7cR9FNRIl)yUmpF7<|o8bsd>` zjfXyeGAL1Y7k_=)hkb3&%*A~@^dL;pl=vgv_Radw1@*xX9=3@G;-jPFKH_&FmFc`l z`WX1*`rX7iA^{Z+G8Aoa6DCILEAplz!sO)FTMt0c$&O_c|FX$d?;Fq#w`-3 zq$Xs5`8|%ZM$H7kfncM%En zTNc;v^5k7VvUD`0?jTq{|1k>zjzBck3*!=Qc9Z;r0i#?zL2XQxvzd4|2{bIz0vraSSkn4P zy=cPWvLyCJnk6R9M5!j~dB_0*iHkeSDJ z)uv|fzx~=o``b&Q_wQAFN2{ zaynI?+%ZRU2JeCd3L4NoaJ{Kn7u2oGv|Z2ML|?37YkB2dP2pym{w#HseMs$G;g}%o zr&xKHN-#~Pj>uH}p1vkdU?vL+n%vT0k7*Hc0y*{k}lpr>(=^Ig}_v?u# zgAj2gNpp|l%;Mt*RT7f7H%xR#&Ms)PG%_Sy?f`6mpMu)>!BG;Oi;SvU?|1-4`|k9} z2*?$f#c@#M01h!f&gVIMPgbOG)r;N4el%?C59jQ7`5bw&rz3bzLJ}<28phyp^1DYM z`I7qaqDwUeE-T81S_Yh<8lksQQK;Co^iFUDR8BAe(B!={ zjKbe55UgQ3BG`aZq%sjJ6G1Fu*v}s)A5mtOj=gvMdvQ z4UcWxwv9WsZQHhO+rDGlwmo-j+uZqflg<9zADu$FQ=QY5PWP#|-iOPZlLyncdzhP? zemyK1==n=9Xim*`HHG9{A+G@*+&P60=W#tO2(0dIwk~gpp^{hf*UQ?kHc#M9jc+`J z;>WnT7gWv@F!Y;UF7U@GF32yn6fuVXF8N!)R7^LWaynGg`4$}2i%Tdk-62DL#t6Zm zW${jW#{7h7k*HyV6Eru>k5wcylH@b0`{(s%oA120geXU)moG`7rU?tXlpOJ!5>-@; z2l+KE$i{eE#a4_#Vh<_xd;3p7i5y$K;aQQ3u*O^dXwH#URng)-D;JE`HwfX@0yvd> zo3}*av=Wcbx0Zk3B)ZoAW26z~y!TtFWqPl-ialoPw{|bS72Xha<1wLER4N~mZdD0< zh?~usP|8K?WBIKp-EPGxi6!z45WFgB7)$(QZrN!aM{s3k2|{o?t!^E(N0TA|R@9Z^ zL4|5(K!|NhDMEECe*(osYGh$ep?`KU!da5}FagL=WsKP+gLFFw^%TmcgV^%4V9%Gh zIWxjR{RAww18p;Ji+Zep99xNBDPFvzFBn$y%J7ueFa^pHMg=;LeTFqDbPZx4u>2+5 z}L6GIm(J6L$4luJ7iI&A`S zV~sVTfWN$EE4|b@%`?=^b{rq@RiKTNX!-FA_cBrFbX#p`&J*a{!}tJkUm)hEpyju4 zU2`PbdWPu;-7N$DO_d~D+6V1=S!F3lj)O_UFI#~!HSw9MAn~=8oE-WwZ6W8g&(P3* z+IjZL_BOUoxt3?zSJaA0RN?dP^W?Ce;66oK(C_z6cc&~Ny25<&>jGXLJie9Mz+s<^ z?1uWO(1<9HbB?2ScNR@-D?~^^;JAox2J1Z=(QH%h{!bD1Q)78yhzZJcPeXVe9jfHKUiiIMu$`mRf z6>o$Jd%i&+FY7r`fQ>&RyH&UZ>&`J#?rd%752Po($vw0W^;7OE?wK4nOh9UY>#awP z2mjC*eo(<~B!=kWI3h;i58mOR@5^Q#tH8wBeo z2w&&Ib33j>RtOa8qV4Z6K>ivF=-Kky8^?2`T#28tbv`gtUyKK|75I0+0^uPuV8oMET{N+{Y zbNo0S;Y*1u$tbJJq3d1v0|idSiceZ|d zj7OM)Yw{A933XUgC(b-YBeA9y|Dt1RvgWagQZ!H^;5`NMqzhO2QctTq^&#N+m-|P- zQaw5JA8-@|bD$7Cd=9a9a0_v&^@vss9c2|mbdCR;THa0rf&h14)Y>&p-;Q{Tgfrhg z$4tlyNQ|eHi(j)jbxO1y{`^!D-yiI#C5xm==fo+2=k#e|tT09Aj9c7I*S@E*x^}9n zd}vskWef?rNXO^0P2eW1amZ@>qT=xS6&W(8_~tt`YRZ0D7n3WLAQ^4;F=DqofCMcp zNM{ms&YjKkwT*NH+H{*|KGfKgrqwc=eIiyx)iRKhD%!ofY+p8+y%^& z{K+Vt;T5yqkFCp_%*Rw^Qd*_#*?r;DUEgA?mX7Z0ZfK*WfT0`vx`srD*shGN(v&6a zqu}GF@!mISG2&~lyvAGUC2^QDFeDd?;k_~`V@Sx18MA>SW__#K z2>@cC959}6HO0`E?$iyAya`rRoGh^`=r9x9M0y#vtEDzBlBuQ~@?P}_2#!yGrD&8f z3?;~O)*ka@s?_ML*aYgPPy`GasG6|0*1VeDG?Y!xJCqR%7-pOi;>$V&3IYY&Q8EGp zXN^cqv&+l|>zEdn)s5&st~1&SPxb*ppe}^+@e|hgU)SQY^&HU1NuT^b==u8W@d=`I zfeneOBC&-mV9>T1hB87nm^@#X0L@NEs_d$uTlB#qwI+{WrCZEPL1XyE?mWKAZ{5=5 zz)`EfLpZQ}7(Sn*pJqDbG0k4Hn_RQiP@9t0XF6)z4y$-B=0%r)or>B8O{GvtsG=W4 z@j@%v@KRZTx#ZS5xdnyZe9 zfws30hoy7-$+&BJJCr6g{ICC3)q!vBkGI@jM|*Q{+*7Dg;|lrsC+}2{eCM&!$4~JH zSyJ2CqEH|IkW2bI3gFrRP>ye@i?MrWgy;Mqtj4>RAy@h>B6=9Lmt|>rpn`}mLi6j9$aDFzfi7ApUN3t`=D#b zY*_=F=N}NNd(KYL5mdD71@`#5yEi;ZID5!|C<@KQ`PbX=a@FCF39dm2JpI>a=KcN7 z|AITF0vwNHN+Op%F~Ul>T=RRnIy`*7zqc-iQ{|b?!B#TjF@sWCQu{37oJPAQ6`cmEgMp{(6` zrc)@zyuI3_HR(_f&`>PsLX0 zNTr~~KjJbUW%Yl_9G-*YCm_()}XZXj6~fd6%Ia9K186JY3T!hj`a<^B#+R3c6A8Y$-soB)Y99^+4&FU1(;%~`&}@iq4K+Km<|Bc8sNjXKx8Ij*k4QsqYKWHhuf1AnVJF86y`X za6r||s|mN8Jb}u|hXIDZptA1);oRQFS?&`8nBmPY25+D83N$YPd+(FR9P8hj)JY8) zro@_bQAl`KCl58IgsV^P7@WprYDiA^#$KW5J`++JoA_5`gp|JS_O4-Q#sR_&_(6it z2^&c5%tKbNSXso_K^c62b!eLh`fM><`4d+zox3Fa=?gho8p~GxLD(dJ#sN?~?uHLx zvgw_k$iy~0-)Hs5MRRLP;5WPokF{qHbNIm=aDukQGhIJ^t59N60K=e2@qkR1VFMNSTyW1V|_=mSN4* zuEnAdgh)iF9d$7+_Sf8X+KqP6Ae4@zr1@@>WOcEKr>Hdb0N-h(ja-g=P`uc{oOeJz z=qt^|MWO>Cpj58ZZZk9sC7(kmL^WG=INV?pRECVi7s1A~mEN3EG|^U?>Zc}$P4})y z8g!{rbfS@4I>CZA@C@KRKs`%Z5kpy%k;6plDGbib{Adb0VUMl&_mo1Oz;Jypr<&dg zzOiy>N9v406j@g5M^RyTf9g>Pa#|^U^nWr_g+r`Cf6Oz zosNy&7WT_;LB7{59+V!m%g@)4Q_|Xy6pn_gJ7B-BueA@ypGMFNCljqbnd!pgTPBtwJ<{5!wl zOo`s?%e4}DUU!!Le!e_CeKqlZ2uq`n`}sQi`S|%v&@UY!nlxkmIPr8h)cHu-e-NPj z(#-EQ>+^H*cqUgYetNLZki!N0Q!C(QX{!>gP03)ix@yXWdhyasy9j#Yt55CJIc1l) z?tKl0{o$Nx;FA$f#kN;&C{KSH%j+XiQ`_t3=JZ9bVa^z5^=VzX)VngCh)2wK4$CANa5H zMn}a`dV|H4?IAcy4jiGq5TS9SV1pJ!^w`q4W`p3#%A`iPW<9Ew9d_^Qfwa93u?Ijy zso@QwEM5jk&+l|{SChxZ(pwQ`Z}IBS*I0ul`QOL_f;&p7E8J?Bd~4t5B{ZVtZ)|bv z;NTxEF$-}R=h?Anvhl-E(N=S`f$U$GpIAwkKTCm`54dFVxp%>sidHjy8Qt$a5Tc|G zF`V~Gp0%aU5`Ku3hez^vSH@(A#&mEuvG6vI#AM_T*`rft&5Z1V!>x-Ux@3B&JrEK`~_}Jmf;N<71G~ z*?+K$eM_bD%+Q7b zs%UHPQ>k^@CdzOAU=XkzkQ7SX6A-~Sz-5`oCwX-!w)EgO9wh%VWMxA)eM}7R2%-?L zSR=Vo9SM=N)-k?a9PhS0aRdVxI^&LPMuF~PB~g?^eWsA`?i@uz0g%E}63-HcOP)Pb zAfgMx41&jTQ*ac;YvkhaM*h_`rOHjqMlW@@xDdPGmwWx^-j}{|w`hXfbXGlYloQo~ zrc{gTj5JPyDvIME)$rS?^m}y8*=a1~A6N%F0DH3PPqQZEbk|W>r~3=pxdtc0R9|B&;`staCv8t#<#&e>&qpm3%CDxVU$vP;hLzK3?uoi9Xdk zp(s^-#J8Mdo^SbsCjda<)In>7jV81kf}0MnL^3*uK=AC=KT$ObaH56pg=zl)1F>7y z+NbRNqfCYY{jBncwqZJvBs$1<_8?2%XHQS-W+ZO~$RLgV8*MXS$Ks@A?ELjnK7DBS zx^ht#pso4woG1dF>Dc^vn2~&<-00QuD_)PVmhrTkIm@$$=mS*8%$y~sTnx1%>}g=C z_$bIO4A&^c(IjgjO$L+}>NZZu!sKTtz|5oKQ>(FjShP6%c#aKjM)+z7y!Qch6hDp0 z5I1sh3RC{X<9rOl--D_skc4BW>37@-cN!;bH-PpW6^U&hn_ijm8P3wEc_56PhsQt& zyx0by&N-HhDhbk}6yR%K)@z0cunhv8exe44po>O1y|2rHOS7C5tt zR=Pc@1p_=jN=19ZpO-oHCJbQK!py(LSUnJ)n8Jgk)T?-g8cp{5c=8N=RYnE(2ea`l)E$S>a`9ePMZ zKC}Os&Q?*OsQ6yT<&QEREesLt%*<^02|BHIwjL@9w1ZxBqP7Luk2-^^zkwfvlrwH1 zSJjbji!w+bt^J70PCB2)#YAm@-pcBCRmsn~FtD-4$KG`133h;86gFYhjSH?ioslGf z&XI-u#l;Ev^MEY$y)FI6tXv%#i=}Akp`^Qs8;LQ6lbZwKBz*;t^+(1lh*!s5%%-_nS6u@x zio!PJp9p@KzI)J^C(A5hVV3eZMfsl>!4Ix7X{M%M%m>B8kmSk+qpWXT%*sVV);_!N4ij#P{CXtB2x@nZ5#H?nmM+8M*XFh^I4xqeqLG2 z61l;8L;$M;FK1f~OPZvp3V8kGy~w_6WSOIEfhXSChX-Zm3<*TB{Bx(3e}yrLw;q>pA2aTefu&$(w{ zC^XM{BalKKe{g!#Q8$?MnI|_Rh;C%Rr;lWygz1HWR1B;%FK~s8^wAOOvOrkxuLqA% zBalQ*8tzLW8W3K>yhS(X;by3&o?~3<#~dy6VO6MDm)p7g<8ctS4RC4%*Hw>p6&WUx z8|5OzPh^)>c?Vd4gedl~CO#dAUsS1zxvaHt%$({;nAfNsOTKgHCT1rVDoO-i+;gWa z_$U~@1Tc(1Ld%RAyUbvB1|>o#L2nZM9Yqn~jrg48;{`!HG|uS>j3|&`%pa^v40Gr^ zKUN>w)A!ILA-#P5i1X=k>-5c1zL8Tmcfq*i{WS17Fp6355sXy1*Y%M;e!j1JDo4;i z97)|zN1^NWs>jh7jP40bpr#u-2_h9{X_ni6gw(;X6FoWNFpjihjsW{0bn%rkxr_T; z;y!NaW`2Elb0g7@YlV$(52pMjnE1N=!{d|fzF3KjD>yemG=dN@6TjOI^rO7Ts@Z%n z2KN_@giAk*+7d!4TObbaZ{^%csFZ3wuU(kKTeQ3kl4we3Vd?dsJ5#d4zCPmZuO;^v zHOhLp<9}{NZVhB3)WDff)eQU{Jef0!kkM_3vcSY8&EOkkv_!88NOc27FP+J52*d$NmuP!zPF$RzBsI}hCu@^L>u=61^0Qz?-f$klb zFL_@NbJst4gH~U%myRg+gW7i1K=tZPQs)SLVOi_mK5q2OuGIOSGT{3}RpcPWx0U)_ zpYc|gFCOGauAgi~W}v-<#MbZ)Y;V#_g*O=~1%6d`En)h%ClzqeJY1!tcpaFRfN5>u z^%i40SDa$dZn4(NnJ!WYi6AisRFKniP!o&eGBe000^!LUM3!@+KyXftt;qB)8mrJA zv=@7(V0=h5ZaKEi_n)9kRB+xbvCw7mCrf}QTi5z;b@1Rw>nQTZQf{&LqpPM_D-Hz? za*%6w!1$SnGtFjgHh&jw64k^tA-AD5i>$X#L<=tml!i%GnC1fQbqp0W6)@VAFd!GW zHILc!q)8TjrWOUm>BpGJnq}mPy)Ml7GO)`bj><`oc9p6jNJr`8#uH63&n2IDjRHEq z);UvKD{6dcC7CxDC5Ac)8ZyG!iR=1)VISp{fZO64+2+Iu?ZB6+8n9oWU~=y$c{wj~BEkyf49g%)NUPtOOn?v(`LCiZV!>YS-iNQnO#0 zb8sJ5tRCx0Q>y}c?BhmLduc$_1`j?ne}4pc{7rW8mV&xk5_p)#(4nYciZ`<1gjve->#*ovp@`15OVR0*mz|hGbY6tm4Ay0#sZp zG^;`3U_O>^MT3dtVdIpVE_!i}vXP66tL5DyW;4vpD77`t0hg`?-%{BbF{{~b)sc%8 z^$YyC$e`7R)pdJkh+V!d`2)M5Z|sJFFcS>)@JPmMW5Oq3!SSWrUhm` z&8hbVBKu^kNa2%L0)E&%ckEZo?`VRtuNGMTA~=|*bWa}h@_MEESnTc!W2pTP7~qve z$pHfWEH%;@NZaH91HzA4whb6}uo?b|++Nq? z-v(whWimzX3^Khu$7G0Fb22WR#W{~a^)$$6P=-#8H}_`WZC8I4LtetFz|p_4i|DQytl6;(7#~sHvMWrFoKUkv7g1fa z$`i(Wu96{lsZ5#6!e;e*^8*J3;1*_)%{+w!t>rGjv}48VWEJ~@h)1X;S2jx_LC^Ao z@w@r?XQ+-Rp~i~Y(gMwEi$-Uj^yLXd06TF?hZ@>Y@+n?Q77ZquzjTxvZ;2j4Rtbfl zr3^8{!o@4GhHNe!>o7#3DGzdPjR;Z?D!G=)zs-G@*uh(d zyp{Ictl^GS9b~d<3vf}sA;CXKqhzLSjm4Twt=<(;r|wA@N3m%gTo72)#}Ft=s3VTG zSd??S{6Zq^Fx!zb#D~05uL;0l-;A>fzK+;an_1FMeM~0Bu%#}TH`Fa>|GNFT4rQ@E*{e$blZj%G_u{f%nm?-9yRT&v{w8{hv9@}Ucx4_o7LLjwj{FgY`6 z+1q$XrUQ#j09x=pdLGBWFcI`z-haE2b2R1!jSM5Gd>#6QI}`HAg|!BE=I;MZ&(;j- zAc*BiIIMb7Ah`VGGPei90E9rG7iYMHa1&Rofk~jA&%&jUbuLj}ZuCf0+}8L4uxiPo zhkMQcg|V*FKyNw6opNj?nt=n&9yxd)ri2`?K@Bk;oe*pg3L#vtUWmWcb`W*UPTZpI7@K*DD2Af(13eO=MBl?pdyI<1-0WPUO{A);R*VfYyn>!*@fB^x z_W)SNUvGYoyL`t1in@0V>e88(%lWFO?Dp5Dr$oX3q!&urL-~Xsr%0O+CsI|y>1pg} zwZ~uvQX7gN;LgP01K>5Nb{&Y;HR*t}p2i4DQ!wjC^>Cb2m4mY!eID0%2YCzG5O|sb zRW9-by2j0*elK*$(-q zh+@oU^N<|1RPGnp?>!z9>D9?QKxEP)tgKxbX8KQdzPx2ud7Ra1@s?RKRg1UCc>O&(@d#~}LIciAbiCmUlXOy{ zVRQF?ipSpqJb}jTf*o(dW2GI`T}g&D4l2)4??2oRtv9A*+^mvGd7x^EwM9II1?a5i z+%3i9+G%!QvoanAlbc5hUCyvJBHG@U)Tr^E2SRtt7B19|Po`yW#imN#<<#e-_ee%C#gP`Z2J^ zh-1^wy4)bPeGL7`-nK7tW|wq3GE2U;oTb>RzKdSa`CyiGd;0AVJ+tlmt^S_yh*{E^ zBktBY*~jl$%0neWjpyGb^{V8 zk!qE7WIgrt@=J$Jadnn{WvAHF!=4(c@}r$SxQoDU{I33p*7(WHW4zECWj6i#?TBf| zY;hmign^w+&oX#0o0?`g#dKnhZpWOMHQ(B}{;gZTMWfX+vJa*L$7=kD@{jiaPQlp3 zqdK!>8m+wFDY*YT_Y8jfTKJ2MIVDrEdH%b|;`=R3zdmf<)e}cC3Rr&!`=Vptxc(ja z=OJtMUF{z5)4TjFDoHqNt^nKWc@BbTB#-E+q9d?_kpVixFU-P(s@HT^u zhN|@$4du=R&)eV!%7rWGZ5%jeOoywVWUag^zGI$denP30q_^+FbA%Jd zl)nB*HR2PZ^xjjhl!y%6w$*rug3(f7_$29Q=B3*T^I1iF0MKI?x*VOruSr-zm4Cq4 z1=+#uB-e!Rl{HU;U>1umA$ddnj7tH5TeBG@e4{5)i`DR4-EV&IxBs$KJJNliMZK^~ zkm)Ru*$P13RvBRSET)KS!-dE8(P1_LwPVSMsLc|*6O*y1FAgxXrKISgEy5FC20HE= zfF0r1QKIzxBfRP7%H3pWf@W2-*FqyZk;MHdmYgB75;JSsa!74^pj%q4RsO0}At7+w z2JL@xWyWYG@@wv}*LUqv`oe^{W z{oySePwp~g&Lqd$HS=qTvD^su${j*XVZ7xI_X|gA`#E*PnqM+%Fic}Kq8$Ib#4~|R z7118&M5vbMEf-1bIZl)?f*m1h@~MlFr}Y4H5)Z-3?PJ^UDOV1CtH|4&8xJR|-xR-yqP`V=_! zMy~9zRvIcfcpZng>WUS3)^E20Gn`jBfw&>=``)|Vn6WIAw6e_H-v#d_%kKMl4_jbu zgnf4P8h&!?edrTpUl%f_5Ja65EB8JMuEZgq1a3$_Oz^A!P0p!@BEcH&1>SC!yv-*S zxSOdP%%?i=RsQ-my6TNfKM%iaPB>Y7%Ai@M^pI(miO?m5ZuC-HTqc;LOrnM*=~r~J z!V^M`2yQ;diU*b#fS?dG^l#z58zj;v$Uj`|hJGgqP9~pgf2mHBS>LIvsBJpqdKRRQ z@;SS(pa43PgeK>o8`3VIc;S?n76kjIM=dcVN{5h5mXUYHTF*RJvU! z4FyGijJlm1q_qOGV|d1Ra81!ZRwSHA?1+HE~SLg>z|VGUqh(+|c0FRg2v z7Ri9E^?gGOYm?Xj&2q{Q@idKr(ggLDmI=7bhB~FS{<9Us`eGi^mzS5tiFB(RLy&*& zksn~V&XKE3ajx8W?S@#_o00&^r??oXEVlGKuPRib_AEfBmhpLGnv$_HE(JM%V$2s2 zNZoUC5z3%Lwd~sbN*uMALuMBdcqWiMpzNl4W#yvV(iLpg`3dLcMaM~_NEUOA>fk{8 z={65H!?DUu7wQa7__H;}grccs&Ty_Qjt`JOwb%r@z(=;=)R7DIb3*}GSx$-f5~Ot< zfZwnop!m>5iEREgW}aU^?$bsDU1Qi@ehPmx`8Yh%wtsN_LfP?IrBGi)G4UFei)2vR z3nAXTto}0U`Rf~6!`5G4)+~)>-|qs8PV^X%Xx5#s5aN?>q{IdcQrIgqJn9~HIPgX` zH*|ifmx8xG8loVUUnWWfwSwDC#g(O<^gS|1oHjNP57YGp#P~?pGmH7PxkE=nVvL0v zFk9pZQ1f%e|L~eE%!!L72gWF7p5w6MmIJ%jVIJuOHi7rYvRR`@h_s1r65fl7i{Zjg zg$Yu4x4BCZjb8CZ@#h3(w#3&L;QNbPJ! zOqaj4wmJi$J>bOkhnDTJ*2%kU@0j^>{7Sl++=dg^N%P94|5i|St(W4ad(FZ?FmGE4 z?&k9)e$L<|Xtmr+MgIY+l=MYc2bd^ahn>3(mx$utaN~u=Y6aWpcW3s&bEGN z7XW`FS&c&Q{!Q5%`s$N7iQ@vcD1r{aoUHorabeCAouUv%m> z#<~inNSVrZpO+=(O>!o)=_QdfPtADZJ9{9- zq(LQmT+xipcwevF*L-8B>T%f$5=b@ZpWzvt5~L-lySPpQ2d`bk_kT*AFqIBu0{wjK z-^Ua;JR-Xcw+`LQC0b=%Ub=#QkHGvZ zJ6^(&ZBxM_L#$d|(OyiwxL~(~rVR;9M>I zWGcc`!DG@*(;kFKYYS`oFtixK<8WoFne>D39eA0WiA8b?2}z1j|KL)7loA$q6DMg) zEj3X4Cm5E+X*j+nIG7|S&E8r9%Iz_Xi@JtjHOy@^tn_D3I{X4S8Q(Ev2#ZhI(jh&Z zQ?8bKo=cNz(v>p`>C!Fll`x9#SqDIVmjep;r0@XoHonz+9|(VV;9XiPSYS=_*F|1!{PRrkC07zY z3c)6CN7o+BGD#v#u}S7%-kZ-o=>y_nJj&R4@qR@;e~Zyk4+J*T|* z<7e%{0(A4fqqhP2nO!O7!vSxDv=X-~#4kFz16L+p%^Nr6db?aXb*x_tltVDj%%{9w zUoly^Yz&Pj-nJshxSYa{Vpkpc+zzeaOb@C5&_61VkC`jo-@nh#KarZYiDar**|vp= z$29T9^J7a(tUw8Y4t1^_UwnU8vF^Ahm2+};&%a#gHEy@G5}`Egpel5&Mr*YkX{;}Y zDayfM`_qUdF8L|tGGJn=N$qvIyJ1or66%5QPww0s7pBbzbAolF*GtCgF!F~MlVc%v&ph0=oaif#r% zSxcJZNR>v`ZOU^VtM0NvvQa#edB263iHTv??8cTjk9@?`%~=yuS6z9!_{s)5`{j@k z#VPF71JzD}GmK>#usdKfC}B6{w1pG-fLLdPqI6LW3vyRyHP94^1G=cU?W&`>c-_DC zIVYHQ(Fod_3|2?8Zf1J zh#+R2CJa_RUw0KmF{uZuvP;_XfddNVZp7-^rb%BZJuZ>hr(hyU-B9eX7w>Om981KR zOqr2kgF+zmXyvcZg!20v842%na}cW;;7|9qe3aJR)VyuhG zAf?+O4UZ@TDU%H0fi~WBcv*9b#w_DeI2VMsc_zoEAw;4GlVG*^IAX5ql^d074`j1} z2XjXeXoW?DS9%zxyjeC3z##NE-rJ-9Yt!DEx6S7F38(kzSV6URrSxNQ)2%TzBF{ev zmEjkJF1CRgv@l8dcn5|IUAwY+3_aa3r0d$hxlS#i1S-|JuVXEAwUEmFj)LJmo?JRv zr3;TtU$gKX-j_ln$cYpF53@!<+y6ir7Mh1~(ZZtLSaSYt4z+i1Wh|TSo>V5nn5C2* z5*nLp|KK`r7P!1gKp0IQoCGP9Rb8_ec>M2%P9j#FuE(7lY(_u>Xm7S zaps8f;@Kv=mT@@M^$@Sfy(LC@`eBCne09xk;%k)$L*q?*GR^XMBo03}0Xrug->?wV z6aL%3QNO$ubPKT8=X@sIn(#3|%;D{a85|KSyU>wW1&+w70mesbA-$eVLJbT1LGbH2 zP?nJ-H)77L1kxBZ9+P26WBkV8Qcy*zeqcqd)R`Ss^6Csks|>FU(g!6jd(Wt^3+jx< z3t-2uP%^0RJHl>OklpvQRCoW9w+1Pk^my{)e{vmJeN7$z)*#*HR}K0)G)<}il^HzK ze@u54`lkt%B}H@WO9+XZ5rh9pgV8FN@*((oNHG7yvb&TLUpV(&5X72_>Xji&+VK&g z6FBzPSa8O%Y?<<3=8iV5Dy8m__7!9PMoxkP5M{nDf?9rjh9?Nz#{IcYExVI)%%rAG zMOV!Z;Ti&%-{BNCUV&CMCIdCwj6IMsEcc&LHd(bm)?9%NLY>JQ}0n)NR96l3tb zYm<7INM-^s0NsqBnC5sXo&W2G{4cpIeyoB8s;fTZ$lV2@HFyWHkjP*rtCeE3mw0HP z-!*fMw};zxl)m@w$t~)@b{^}k_NSgdWSx+}VxV07-ee3?Zp@D=ArRUtN4LE9EAQ)P zXK6Fk@B4(@UN4X5>%}4_ZLq!nW9LbG=l+BVO$J+uayR@hgO;E85~z0FI*Scf3mIIy zw>1W@VkBFZw&KEG_rP9EGTbYs0aFf7J6Vl5*(fKo}K*Z)=UoTnN&XB1dRfU<_WIV8< zch5grD5_7ixm^j7CQWjG6Ez^6P`%^L@#hStZZw?A-h2g2n)cH~Ia03Tze1q#Qup4} zJGIxk)IK)<{j+F|=Gs+Q4_|b1Z~G^D4#ksB}Yl6AR$|f@y4~ns^shiQYqPT%bD+#jY>ykligMVI@wp4a0N6K{+MIL}O^l z?R??_Vx9ayX5|UVz{}T9#)i0X0>JN?fH*14{M@1Z8RHGrO)Q3mn}1F8ILE(!j1yO(W%Ad?zQip*c z0c$-5(H>)?w9%a9p%ea6nt8IJI{LQFO&-e66xzk+b-zj$OwJx=ojsgAkRdyq*t(H6 z(jwEPwX`Tpy)1u7wN@kv|LbbeJvLuU&@pVd4mrBYyc}uM1~VCa*6!tPfR~6w<}(s~ z_uTkXbv2@qY|C4ANeJ)*I)0E|a?C?<3)|$|9g0k;C`+6GwJ7W7C2ZKi1f(7&uWzKD zi|Z@%C>ZJ8LlAo6_`qKF%7p^1{q8|8O_5Bdy23VA1>J0rdX(ICK&f{uC0G=0f@LM) zS^dVS5w5+Ftj1RlAs4YXr#ydRD)LS8=Qk0dRK7;d9%^d~Y#r>lD9p_Zm#>IQ4m&?W5kKI#z-!jsIR58a4 z55q#}Wc<*fDIE-HC$xhCjB}_iLmw!BQ`f4?(c<4Vf_uXd-+En?#0W;S*kXOV$m~=P zvA~V4vS>OW7!Bd3!vXrHoEeXYAML#QnsX5}(5DO0ksFrxz-`(Np*A`D*-0U5;e^9V zXyE*6n~{(eLQTI*E+p9tQUX@ec2G}CsQw0K?7-Cf0k4jmzrgYp5^Ade0-PsIx#q1G&$P95*JXDk~MXZTK(r? zEzZ-=o_3I<$^^@O z<>N&;g>zUb(`L>A&(&>du6x?Cjxgcg=*r!AXmNEutAfcbr&fd;D@XOdJ7k9j(?P^y zo?hqn;!l^#DxLrrY0p+d;_XH2p8uNgsK79?>Z=!e*kcD+-9>p6%s}~IG>@w&sj2$1 zxumRQ;|h~n2bbN6&&zI7?RzKo1{CHlu%m0@1!#H?mupMb^M{i1*Z1zAqwdxE>7d?p z+-bdmNeUj@Oy@ihf^I1I-Q>d*e$mF~gBFb9m@To(r!|5C_s`zr{i_DQPUDs6LJOls zrJz0cc`7dd2T{2e<4r<`58t^eXB2S&HsmI{&@NIys6k$&9O<`fgezuDXuaN+M0!8dlMt zx#&);$aJc#{uyr`7L!V%_6vQTr;&5S%qdtC?Iun4$sX*Q=0=q?9HvjH8y~!p>tGqJ zrw&=b4Rwhvtd1IbI=LG78okk3-7b#rXRJ%DS~)$PTz+=&E4>B<|gwFQ`c$b``c~ zjeGLL{RY~e*)C87=kC!nwiW9bjgcn6lB&5BOCM&=--1e`=$*c;9bf!04nyH~t!Miy>|E?j?V( zfv+jO>rcM$GkuIexO5EXUg}WdOXxy)9SE-{F>30_B-vgZAW!iHNU|_C4B8l+c;ns1 zi^J0$SJ139JZ1^}&}nU$wEv)AYs1W#A<&^fhqmUCCC<5^}D)7rVum7&eB3~&f>5k z&2Mg zeL$|CAAS1`lC(b@fBWnjeUqzcJ+XBii*$S!=~v^IUwmUe{PiE6<9A;?J8u2#i*MHa zs-<8D9>SK^P04#<>jnpNvG}+9FttTa1}-kW4A}SLo+KijJ0F-Jm@`>5lxo~_E;41# z(PA<9ay9o3Dplg*5-4)29F!>SN4J|d72yf>@j-WNOs2+7wPw0X(3l{ z`I7fba7~?jMoRh-0Fma)8zv3(8fqK50ZL_PIc7A98=O@36j|W6rsOq^7Jh(GIHV9y zmN0T%|Khb*YPs@}L7M}|rJ_()3e7oiE?eNDaG9|P-$Dd?JS7)?C54OEQrzK(L=v0T z&bU-Qfky$C0toD5#8_tnzLbC|abJk<8DQ=VKuJqSJs zbF~irb1HA>+~CW^mBD^hsz|~Wff3pznfAcwASC+hXSMg;^+VUM9U8<#(4r7`*`>yv zgD@dX!cBg5xc*zBnsFvy4$$ZtSOsjAU$> zd?DQ}npRtt7GTIvj8cK&TmLgpF@c`h93+Pk#;u4uChsNJwpcu*eX^;C!vV{Lf@#&@ zdse{W0R;PEF2h9oVD6xqHpdVz?UH7VyK0%`TGZPXR-yHZsrPc1NoOJYN-`2G>;G$5 zx*DiGeUm2%`OAx=ZxI2yY*NT4?6)uqD2*R}d~x*cVRp+u9)4voX=4_FZHo(wJk_!T z3}u6yYuytH(78hoS>ZYn5lwj4wwBieO&{xGgq+iq|3dM^elWb}pjG`?>PMjCm$1h5 zSNCX_l?kP3aw_712k{)*lgM;+9nB+8h4?O&^bwLLw z7HqMqu1RUhnC|q~ug?qmIQRU=3GiIz4-f=gy9`l5VDLc zgrC{K4=+_0u~9xbRH*JK>A7P*=LTsQu?0+VR)cOhE0#t)TQIp~sUD^Z-%W_?lONa$ zRvYBYMs*m5K|~_e?4vcF-m(?MytCfeyNVI`+4Ok&^#*;8pOK$a@)OL*Pc+nxnR!9c zl9%M?CpOyS=O+i`=O;B_`*9O}7dvywg zwhVvOd782${3TaR;@>{~ivN~~R961_l1EY~G1ElNBm604T17Nt_)Bw|uU@>`r3Rn4 zDYU+?9f8)C^;6N>w0clF8~U@;KF8{DYM-M!VeKvKp=)hWI*093VnbTdwEbOhfZHcq zoav5jDUNyjqADl9eO7Q8T3=W1M^8h%GChsVEoyBNUaZze;azKORJwkxt->2wYP5F# z=X#LuCrSeSz)5pUx$63pTPEFufGGwT9$qBUD)15$Zim2A+4O!G7sxw7LC?^8tW zh>%$k?Zx*cpWr!zEOBV<-sgY_pAwN0N>m<2OsQF(1mmT)i*+bS(%tS$1b1}g*!ue#2}dwj%oANVs3m0QV7R%31x*OfZf;LwN&VnnQqpR*LDE> zxGej`i_IvdQYqytu>K$z?B={X{H8T#bbXLxC-gw)wkvomo3*=St8+9b^0Jn z1urR@48n64McXot(=7{kcpUDJ^~bWs)@}NjRFFK2#1h2;7#@y(v|w?bbZMx!S~L1n z^)C3yRlqavxo&$+=a|}}Trs2={xdpPH+s;yjSgJZxV_rmsrkB+_WdyU)Wpr>+F=O8 zPg?geBc`M!R^R)X6*vN>_#qPoc|Is%5W8!3biH8VAfYQygUzM3P8T$ZC9P_fjGt3- z&ZOeXXUMhR>L1yb6|W4bLKLh8aF9O77IlUd1OALk?UEcP0Rv?uxEbN4Hs&KDoeMmt z_8h39&&`TN3l`l%vO*URXk8txH(pu=9#_>}^BdH}bT{!VUqq<}2&_|68ZFtcxl%*R z`fBAGel*~Kzl%Z*@LR1!0|E|yDk?4r-+e%>h5C;ZGtEa>g#k1Y!Kp8*2Go<)Kemzx zsL`l>=A!!ZSn}XkR`LL@tpzP)4Hm^D4OzkW=yF`D@mQP8;1U7uEL46TD+i2~1IEe$ zJEiP&+XjzIR_v{Ny`=IM_upDQ zTK8s5|Jyr}-$43bIWS}VX+77tS6tn!Gy_4$}| z8?UruEbNu`z_!MCnwhmqZnnZtF-*i?PIRdS$(RHkil1CD568K*LZm-Vq&HHe4XgoF zX)vXBXgcRa%PpMr!Xl#S4neW=1dm$Wvi9tlq}vO!Xwr5i@EMvW5+<`=qDa%j+X>;1 z5)LVpc|~3q2kpZB*Rz9SndKI(?%lH0UNBfiK;2yRM~&&L`_u6@h_&M0wBPa(0i{XG92z*3nDl8C0P}p036}I z0`63;NdOPZ8DkvUa4BVW1>jsJYr*%!#ajmi^H1+YTO6D-?e4WZIu1r*`2?paBJ@UB z*UJJyG=g&b74w*-hOKK4FszDIzJpt{NA{?1cQm&mf*J`nq}@H(yL-|p*PJF`h#5NV zpo^Qh9j5Gf3g9hs8J204N|PDW(W3QWqkCDI#erm(m}qPdK(luc2yIo*93ui+A(J*y z2dBU&O)zA%A$b?h*yd?%QuQOAa;dBL%xJ$5$#TW^$iB-e`j+WEMP6fGVaTH=;v92g zIEC%g&~XAUa&e&ctSaTeM;@Tdwo>`hTW2zc+67<~f)!U-f(Lg!g{|pqAuGkz>n-eB zy4!e#KxZ>sTd=bYR)FqlBc*6>(~0PMQ5>tB^k!y!n~l5YNgPqx!IYFH`DfeQA091p zhMo^q>|+)KoSFZIM`KnoV+k81X$NFc;5|S5f|1{+BAvJ~e(#J?4nW12Z-gZ5BQ-z) z5B$B~Pwk)6NG$hixD=_f$EA(FFneZpdtMDxx_XtC;kWwkQd-A8l-q4}fR$}rFZ#EW$E4vuy^IT-C!6HpzB3N(({9*aR;8WNC!dNF7ECDz!R96Fzum9%@P1jNeYV_z#}WB~wZY$V-LcPYEf-;dZYFb9gMvQgbqVNzyz?ygP6C z3>Js8>JJ;dY4CzQ!%;5GDDZRP3>&_x`NWpK4sQzA*znx|7uUkU6-s2FPiEN_u+#Gd3WS9;)4f z0=2Qu&9*ccSITGSbJ6V~ePFT>NsOZc5r854;ooPdThGrXT-$BvcmwB~T;z$PWUU&k zN)ahDN}IZ?JKvW1Sj)>^#U*&q4O;fzJ8-rO7Y>V+dwYt=JZVODgN`_kqYl3^!?aao z>t70wP@YmYfdKT1hGd%P=@_yG8Qz&XRm9T6cbi?ijAIQSK%n&UaYVfvo+IFJ#vY2Ax*`9>=m zz;`tk$JH zFdg51x2H(7;7Kf53WlPXOBU$_tzemm6*)WaJA;@T0ka__D;&?Myc%E|CArc}o}Kr( zPhBYDuW#qAm)n9+VbBN&#*e>SgHJbq4f8R#$DcB zq^VGO(b1praNio0In~FEK^8a&x?9{+NI7K{a-Ni|i)_l^E3eZzZR`k!LN*3Q6c0^T zKX%rDcMh@rc?!d}1H2R~B^snIVIwnhRPNSKaR0gI%K0nSq!&yPWQOk^rj&h-r+Omf z1Xoou;59uMbf(xFJTV--)yKQy8&OY&M)+j~zOs+G0q& zKivQv>I6;5EXmd43<`$QUeDDkAO9xoTslJB{@91m3Gne`$&-XD7Kt=gP#fRUdYm5f zdiX)Og8-r636x!0IXdHa;zq=)DLEl2n*;Jht@eO1myBXoWSA7;%O#6B)htolX$ zf8`Bz@XsY z={gyDZdQwlEOD#iwYMsOYoYjN`RXFbRF{!j+6`>eyyfgP>P%;6XY4!QDP zx4o(k42EkbZzVC&60lwjBv3rY^V5KE0Mm0to7-T)|F(k)S#5>SR1IHto?jyTXXCM%Ikw|1~e`HIrEYE93W>l5Cg z`=NPs+p46&r;Oq+p-1_A<4=kyDkZ5iGP1}bq=94jT}16ebAu9^Li1waY5J(p#F*C zF(W7EXX=31uz-O>{wuwsmoV3Uh>J>1i+|FF9cPTFfsbO5!&N6{s_sfagkiPb%hx0q28|eF%?mVXP5X4C@47^w{!-#b#t&1&eW8dWM8u>pAzs z)Fq$aWY#r<378ogUx0f+!<)|ew9iC0)i*8^lB>6ur9)=^E^{^8yBX-DfsO0tg(4>P z1ydrqYtv7bmvI`jZ#7~BF(56QD%}uHf;dITLHxDbGpS|BMt`NXVG4~7X|!aAUzKw! z+o?6v+8*o_izVf4OYv-UF2iSOXhfn$ zA!8c{3tJpU3yTI;Rqn>swd+b-)e0^M9v-qD)2!#yy+&x3jZ&R;al~xr zzaf8nC3kympjsquIS#kTtw^JYWtzqBtD$zbO16ujgFl0cx8!gC{yU4M;-6f2ocZx{ zM@RnppRMA5b(9SW0q&0fefIqMH^-Iu-xtTn|2W3~ev0RdkN<@;xQh_rtJ8CM(;NkS zb$Z?z2yCW-xUn%7SV!6C3J1PAJs%noY?_V%!DB%17!dpj0)nqj&)16yzB)Z0!-B`K z;Gy%Z4{XqX5gBa$+EHNe;|r1fkK<1kB)e9OY|z^ABTY{cCfm|vow%Dj*5iJ#^ab-ZN$URGv1G0e2 z4!O$vhIF8`G_2(Kqftcj` z6-n70lXe4k;uySBN9>|%op)XDl@zV&(z&iL4QR8Zi8en9Kj;bR43T?aH|a;{4GksY zNJ3XklIP@*H0xb3>*7uvr<;Vo(RF%sogQ7MdnYrxPH(rm(RKPa={mhT<#@mT_yL>@ zcj{v}SP}l&T#z%WlwL@Y&s%I}wfs%CbuADU?vK@QBPnunMQgU(`fcf0Lc5x0bfX^K zsOx|k@sNKWJsuiel7AB}$y@pV=J5{ve~*t|Jpa1x|NCO}|NRut7w`WIXK)w(zaL(8 z`Tu@+)$RXlrh$m4(f>D(Kb!yWhgavQFYfdHH4R7a-_iSb^!|MW-oGDS4eW&^O?OnHuBRLHHMG(SzG@Xgg*_d{@tVhJAVH4i|5a)^}o&QQUCV|o-b1W z7oNdQRezP5hK1Izcu`aM1>ddc`j+8npG?gc)ZZK$;$QR#>D9U-bN~qOYB&^kh6u9z z!@W^;II0dy&>vNYpFnk3TF1Y-YB1<_keJjL7x+PFpopN8=b5bGWV>Z`K0A8Wb%AxvNhh zt*^cTq+KUmja*8WY5+!?E-bZr5&#m5$%l)#5J6zkA5WtskBwxPSa*GuP_-cYhb_+e z1GJls(!mW?JUYpBgG*ES0Db2g1_uZ_6Ka0k<^V}%<{fEeYhM_U`ob^V2H@YO;yyK^ zqHI(!Zhd@UEoLceA0I5P_lC2iMLsM8^82EBq1$v7`k6~MBC zD^$SXE1VBZXCtR=$!OA2uC)w~3)9fo4#EHvxsG}vf#KW(a^rM~3jfht_D_v!)NiVuy(vKH7 z#CIZIeYa|~?$u%cuHLN@@$iu^bBoDZ?H*><2v%Fo&htt8JSDK6r{D)4zG5FE##)PH z!u`dM!pH}N!woPzcdgp1y_YB$wNn>l?#bNX7fPNVe@*u7;>qh&bG;&0LXfvq&e>C6 z#IU&REu$Wh{Zu$WJ#E1SGa;8$gG%to1j%bDg)BCh@Kk9=<43d6Y`M`*u6HYKvtCH1 z41x{zs%4?DyY~woElL;GIfx_Tf;xpH=IYh~5JH*TOj=8}6tY~v^Z6fM{Np!d|M(q$ zU|?=?Ya06P44n4d4S;96ob{RDX(;OI^~X$Nb;V)4U8zeYQbEgAVAe3gV%wU{eNM!j zM>HXkSl-y!e{DL(a7}#{{Z4!S zR-w3E_=?LY=lVOz=xviapjx z(v(+S%*UY>S0Ud!gQy(Ti2RP>^xKe%!|io=A(18f;FQ8sqBKq8n-%KnTQsm6_|mX- z*n@yE;GR<1iGp0NC7;ikv|N|uS=M^1U>zI9TFz*a7}5TfJx`C~P`s&3$^pn{;xWQ@ z!B^T1Zxhk&F#x9Xo^o%(&~jz<{gOpcf_5JmR_cJg>*HZRvwBppzNk!Ucd#}LZU|he zh!P?tR9Qinr|xAtUf<~!bfIdogzMPLUD|df2Gjnujl#|i!ju=2lsl-3rA}SDZ1>ef zt-t}vm1#Twg=c=yjgr6AxlB9S+KeXq2*$7YRHT}v`f8O8;y7P7bZc~0kFY@paR;W| z%%575o*i>y26g&zOFnoSiKPLd(~@?GP_?b{5KreDaJIcSx7%rO$KMHx>~ zQMMF$E1bm)l>xwkTR|Vxqsv_Bas-M!>ivqR+lM;S1!Yz?M~18|+rwOCTkBif$)Phsi`YJF{DCixwU3)QaOVO0nvnXi6Jk-$kw*Lx?M7fd5oGLuBYUCanJ7B;~3zR zTxlVB~PtX#9^nETYe|5viEz7h`)dk*2 zM9B6LwQyDE(Lum@U?eLdSpr;}VN_b2;k&Jm9hf2JbEfnV=ZROoWq=s4`>(`(0v9v- zPmKN({&|f46D9YFYFefapNLL+)9oqYEOHhFZ|_6-?S^S_a83adiMncJiuyyA(U?Sd{{Yp^c1bq|AnDF z|3mJmTtvDBs`IS;aPfAtTw*xKA(+>NNp_@3tVg4@uEHfH z1uR_w?QRdsS9Xn?COE9SsJFrhywyYan7-~Z^~UG1G;bk+1Qb`@AT=#)bVXmofjP-` zoK0;|(6>8eLRJ=omni075jQv)h^te9cZcWddtoSqlec_k2iPv)S-#l(Z4F_}bzA#*11<4~K=g_c4a{gmsadlG~M6aCMx-{#+2&6S1|$u*55~Bv*?w zYw2Ah>%iWduw&_XIJ@z|x`jG;L1$rFOqIPZ$^C+ZlTWrPWI=>!&&W3-UbR;J&;mb4 z_;Sf&PBlwbSc0WzR20-D*R1Xx%2mbTi7UeAsgS*?TY!vRusbFdgEB-#tY%54Pi?Rw zqst+Q9kACQLBLRXv?y#Q2e<|Wv>{GpmfkqiUiTJ={niD;ebi!$E|OzWG)?0| zcgv)L=vidXoMa5Tyme%U?clC?blXvEsv;6Y>++e!pA?#vRlj1!J=+%{!%t7#r`zxN zFcK6Aam&|9mURjpnxKJ04Tr@#MbZqgeoT{|0%5huet&g!Zn`z|vUa|md6?W|xF#?} zu$bJeEb^Tw9y4-sex?o(ty4w*mEO@yn8DC`YW>Ne$e<)`wbj>TcDr|dwM)Xu4M+z? zh@wk&$@RMP+q<;=%BRW9TA5!nk??5MKhx%G#qL;Qj@NW4e&I<%r$WvTSvvV}X|9|) z{4={bH0R?GV(Sx`a;KpI?V<0e>&K)&}X`F-d4j zSQ^PyW_~FuF$@?ItFIXlUiK7MBWs=YLA3*iFeX}3&E`Y#{H1MP_O1~$E)sb8Av@+D zD60y3cOmjLz7RLudzQg|So^L^+tD$qwRkVZvQz9Ba2oqkoDEEG28MC8=-Z>!G5bO% z2OJjQrJxc$t*EkG8jpRNcJb@hx+hu06*~a8570QX@TXQj%5I!wDo->x$D}32{F!!|0>*7^m%tj) zGAM{dX}-K+lI*`YI(m9we)2i&BC%Z3iDDU*V4cR63Ys3gIC}Q9O+cl}nVZ1c0{uY( zy%%V4Lf;QcV#p=&;^=7d;@fYZ9uU#$RZ<`Ukp1UJ&kvp-|KY$5@~Pd|I?jpJ za}06JcvCbDjEZ)E?OiismKaIi8;8&!Trr4)TB(Cq-`e(Lm$Q*`294upH`f|0Pq1YP z16ED{7*=Y>+{iv>MzqnJmKho5V^-2z9r@R!vSB;>|~@&^B2wG;~Bq zg?g*H6+nDIB+C*CObbm{=w=B8az#2zcm)5plYA7gzhHAVBwNv5!wx{-ipAReqD5;7 zSmLb|s($|accbgn2YXcP1{Rf85K{qrk|f3V4b##!QNN-cn9M`8`IY&vTb7*-d}kx4 zrN;8Owf(DB$Svz>eep4rdOC7BctNEbOEq@yS35)$%P)3m<%b9~5xwm2ajF65^khv> zr%pW?j1+h~fd=5j!0V1CJf@ljLP}Wat=o(QgM?M?xFYPMmK5Cc;1b=k6}i@lnnv{6 zkb&!nP9v$Ww-Q{;C)b0f@9=Q&v`Y98ctLiG0cDQ~#!;Cm=XxY9Epw$Ue>^-t z)m5!mlba=sP4?ThsTTJ>1?>Nq$s0!|CcpQjc#~989ZO!cF*Z%!$6+{^qfOh$2}_#N zd09$Om4G3)Y@llmLvBOq?AV82q3ffaf&F!Di2-!Kr|9l-k|g5(v~U|8!Z&vHZ@NX@ z>>Y^bE}h~!Uaaj`r@q29xZ<|HB~p*ACbrqc$}W@dJB1U>XG;{AI#bAMnScVy$D@3D z?zOhscT6utycwiy-yx8~re89kew2L9)3;m=3Zm-hZu7xdX$y>%^d@P$H3IrsyCY4M zKqr`cp2QKAv3*aT{Qk+~0@6^Ss0&gk9Bl$F@J!Im$TOycPr}R~4S5*4uU4t1AIZK? zbSx5@&cWc4-Odj|rpVfoynZs^zW$hrwPgL)&Rv%k8-C$f?H&DiG9ThEep2sM&XdKL zRx3}7Rrb)fB?U`WM59F;FSvasD;mc?QMnq-1D=HK8`)m-y6}8#Q$2@~nPw6!KC}tM z(Kb??sOIb3#?za_v{5J^aq0KI7pkd1UmX%b^U_|=a@wBO5#gza9mtB(yw&`9VtZO3;c@VGu zUZ|AMTHJBlLf37l?!5|wu_veiYP-kP9ZT)_y({e4D-ctP)Af@XYRD>^`jz%-y;F!w zKxt0gF)4X$$N8>uS!`0~%{CNf{YKIyvyfhIy|tc|6~p^so7lc!7~~a8SKF_2hC}TN+M20aNxVp6n*qcye`YSAZbx3G;@17?89lCEp+n%3r9+etXJPxM ztzL4?=gx+br}s2%4-;my8Hs;iJmS`cu{DhnAstqC;xy)G%*&yMniCu+PY-SpR$lu_NfEZ=^*h&^V&8nLkRF z-y}Txfel)sYwL_`*cohqfHHi6I7Plc|KYstdJB?CgWWZGcXsuTP_1cnYkj+BLe5!S zvKwu*F0lDYCI|1|MX5t+^V}=DbKPWX$j&+3Vt3HTPPPHe&4EdGKD5BN6dZfAOaUqZ zYHhCGCalJVy@^)qIDpOQNDrctPdAM&i1d@xhvQ85E-&8>BG2dqsg#H~ZKp(zKZVQ; zwkTJOW_*eUSfmr4P#3 zrdcBBkhEWySC_VN<1#b*ZkEt_xPo>P`k?EaR<>#~ijrDi5{?mci?C)&vc0rzQ> z7akpiXwX)TY1M;oYc%MPc_dZ{Xv!ZF>Z^6@vw*Xly$QGU#LA5LEkRR5& zx?u)OXHwX3wq|VxmM}Np_IU?);C{$cT&84yU*BsR60Z)iP(Z`xDo6Or89|}w&@xXn zO_|8s&`51_(8sHstuTY*4pbO&Vm*KMEx8hH?!WJ7x*`{DM>t#v$-p6+CX&&3<)-Sl z4eW$sE}3eZ=l%_~v9v`T9R&8CO0Jm%ORWuHYO%#`Z&#~)a8Syr${Y(+NHvN4&s;h8 z(3a&xCGNn}NLfQRhKty&=2&RnPSfI&J0@w;GN=U@w-Nd{x7fvF0gN?YLhUgdLgVWC zNXlCs+X;Hlr?}&a>2l6gu3R{LpffSNaI2#f+0t1myq8}ga6IHUO{vAR%k?7g_Rh|I z5MF^A&(8g+En~vgK?xp|o0X41hiWz2h}$U({Wj0ecY)Kg`vuo5;YuHV#WOeAZ6mW| zmNkX?v_kKdX-_mu5*4o7ouZKWe$yHnSyOY!Q_qU)z8k0AbwVYpEA-?bn)fu2bJa91hUJ zl7(7A`>kB41C+ex!h~wnCPyMwJZ3|4pTIEG#>@9q4%*UZx{K@0{%jCmvpZiEv-_rH z)b3H|RtztVB9>`I4vA#59P39oZa3tK3bfxa=uQd2y3B1KvD}7G!c}NFACHnq_7lh+ z;`lIxaTB6gkiCw92NT30#BdNH+>i)v2CQ}hIDo|UlD9STShbV2K8+&a*bABta*Dhx zT9-4Mu#)6yz`gIH_B+aXh3#)vR>^vL_Ugg_5ia;+ic`<1Qde&;PXTwFvZka~Wn6Y% z?GT_eGZ=&n2Jut@-fx(9nRL_%MI5`mNHCv#Of@YoAVwoMjf)e2xdgFq5a#X_Q(GfR z^L3pl{FeF5`eej>z5j%sr88kcV8MYII--WaHA56APudPB7=kIb@WB`X(2oci9FS9dE8r83O%}(X$Sq>YeT!n zsaR$rZFNOyT;r>9&yKbBtg$kMhhH-|n{d6(hQ763x^~nJ`?~tsxOL z7`(U5yVn0+XmZk%+c#XeXUl$~36Bjn$Y@uJ>LF`Sh5imI+YDb9w(naQw)%`KQ?$*> zUR%^9ZL+Kfez-YiU^_`PlUN*}V`0ExG_I~;9BjRV)egF<8(mXm4hN!%aN%372!S

K`Fzzti9kk5{QSWI{r za2h~2RHVTvULn(1&F-VmaF7{Gba5!QNUNYFyXI@x+Sj0H)fo-AUcQXZhaEV)qg^Z& zaOwoE=@rQ@I8zlYV$yP;6+DZ_WS&8VDHgk6N%lZa3--Sg zfswyc#$sXgGW8UR<&lIIOYpX!NFp3%J`&sGT_P8oBIp*&PcmP#j~)KIx&ytAkhCbk z=iTrFrNx4m1ub~8BVtXHgyblQ><;`Ft&aCC(-}E^Dj8vIJeO}w&+YXPiljddF8 z0t8xSoN#dMRpa%ol&^TYu>ZT+2g2cO*_ zpWU|t$hW=GKUL6h#qj=)3R$Jv707e0Ke*lwuD65hZIuSsTPqE&w|@fH+rqry+-a&= zx1kMlP5rLIdg@u1yM|K{7%tSum!PLDbQbhfMDudvJ=A16 zuEQR4$gelo2L@=UMn+IOs@xVeuxvsW^E>1W|Mlh?xId})3=`Hj_CQK$6dqdnfXO=d zFr~U@tD;JEOjpI2dW;`rJzp!`TPfRE_{2jQD$S1+F8DtNbfPPPpZqgSQ9sLT80)tl zs)tUnHnQG8qTZux(K=ILM$c$B$<S4{s(B--B@R{0GV?N( zC|fqc0+46zzecL&@d)ewSkA+$#`07Br;=0PdqRf_Tf5vuIF`y_6BT$rl`?+6rdek9Db9bCkvbQN&ptMch(9e1J)o0LZBAP^-q$QY_9N7;%!j-TgK7h$LX~n#I zQqQ^vp7@aSx(^9ouUX7#$>dzRt%8zgcg-(#jtX!AiDi+gI=KL{THuStkYlmFsH#>< zA{eXYOMbr`FSBvXwi7AmH#1rY_NA3yzV{JG%VG(feY1ky@lIu8US~BHPACA#5BRYd z%R1XK>%JC?Rl&?K!lg~SBkI6FX}a@5bZ_0y zmj11OEHgFEn!1pu@?H(;Uvg*Em}5a&`@E6gH`^XVYp>^ArHETo&Z9_Flkice+zZgs zD}2zu*@4olx*%LP{}+rr=YxHc_YqmMlE$>8#!qque(fy?qo*0WjVLp4_Q79j!gq{Z z!QyXptvm0Yr}1aJqW+Y7C!F_*&*Z=V=QWnf;@?;ysvlpy;3RkDk!(8~ zt)-d~iAl7gMJXnD#6O9OSWN1f@q0ZN$|x7(9bG3~-v^~zQ}b6PrLPWgb9@DCxxK_7*a;Wq-}j$YEKhps+ZDjogr~4DHy+9rA(* zW46g`%Ze>$55~^u-Vu$lXKe%xit*W%%4KbaN{lR4@Zy`)^N+11mA53EE^B^nOjHG7DG2HmOk_MtpXv zAxmEBIVacOP0GvN1f~yPY|5+<6Nu zm{mRdHcW|@9+1-lIScVsWqekGuDA&QI=?0Q)6f}B>Ek82>P1m^ffN`|@8AfC8|D*B z;~e59d#?hD%>v@9Ru*-c0kxzwG8T*|KDRNsO35W%v*eNr_T(KPB`ro$uwh+buA$A$ zd#aLN={)^qEd}$OMb^BDnUMMvpkxe}1M3A_9rUZRI>_#2mO5M%8@NrK)vAm2Alw*# zp@C^@{u{9uk~T^*QFH89G&x43Ss$uo$DcL60XxG}Q8GSCoH;YhoYn2d?~m2%j}sHh z9So|QHt|OY1~r&hL$XqD`wtIoM5#l>2bh5E_TTCIkEb6S_TPuI_veHC_Z;bmwEy5Ckj#x;&xS7z4-U^K9}HV5Q##UsC}(ARD)vW+xfCi;rw?{1*5SX zQ7=ixH+G%cc)+)`&i3b{d#1Yf2$)%MdH1vu5+SJfQ`+TPuCrSQQOb=^)mCMjP1_u2zJ zI%YV^c#PB=|1T4f<%kW0_SQLA-jyBb!{VgYu`-@%#SQZVUxw3pg+$O&!s$;Zakr@N90>p zGYopNs6b&s`FO!D(p_g(gl_6=S9gEoTjp+}QE=RR&-p@EtQWBS4Rf)X8n$(ndoS>t zapPUBSuy#0g^hXoYi^xHx)=ptjH4nU(Wcn4S=GGmg{+Z(?^Y%&)j;aDwkBG>a%rYVP zB2ib=#b=^Ea(g{Lot~I~omzjrcSV6Po}Z2DOTOQ-)OE?XMPzH9hKd1*3U~FT%Gn4G zpT2mpm__yz4-QdOurGV45Hrtv&cI%{HM%yjRR-?y)Y3BuU1#Z%NEJVONC{6x$tc9g z#s~G5_4ciE^}2!+50=tJB6Y@1nXReZ*5IgO#ZqHXkgPCf4*0e)XE?+!(jI}>ua+^e z+APLVww^4rgr>{MGMiv@mC5;s^Rub1E8NEbBIWb4;4bbddymlh_JpnNeid=waLsV3 zZqj^0Ia*n9bjKMSY2uo=t4@M`2Y9zai~5{%4B+hxNr&LS(Drcnx9k4zr%$KTCjR^3 zY`}k?CH<)QuNs3#z`yfSoA?&`3qQNSU;N@e_A695&kFrQE&Cw9@WPnbvCg%x23ar& zzLKTMPJ<-)1zF|T45(kB0Xi^8gMj4ZgrZR3gS&pzy1L{1W&bIUi)cJW(XINtbL1$dR0x@TEmiO@C#?jO8+lGbb zgfJSd^iQiSiQQ-iCHHJMF@cqw@}fcHD)yT~+CTtbeN~JlYSz@mxp4{CBi&`lba8Lg zc$E+R@c>qOYce?s`XE&mR#j$|*-_e@bnTE;Kw#0Pu~Day(Qq#))5;LwbhO94&gj4{ zcl*5;8uJAAPE#hwU7zmg?I-H%BYV2FpZ&eu+Q%(Dtfc-oma;;w*s^!R`q6sD*^^71 z!)(0^DmkW?k&!o`hmiwV_b$GM)#f@fBs|$4riXGQ`75?pxv#Xz+Xz2kCFMvwiqWJG zZ~MhJ8){axp@bR)>qfm=s8%|;Yl3)dx;Se(_-f>Kk!*d0tWE!7$m(7I)H6`{l^eIG z&e}l`(6U}b>acLj1Nc;@{`e36SKpNlL4n%wpATneAKo|PzkU4paln6`BmJ28Ph$)o zi~`})IhNDJf~<%8h>%@}CN5+>eO`3Ps&^^bU?#)0$oQ(7XF8qIDrA#to6Eh$nAk zSC8!e7!aQU@v)^pAU@B5_*e@{5bk5W5sLn-VR_-{vg_iM&SzDl{#C6O$C+FEW7t_2 z7|Lcf}YnZqEM*fegOZxt-1?LOw9K(0#zp ziospM2K^JzD^$<8P=w+q0T&U~m0cV+a!M-uL#-!VkkP5dx=uDJFsplSoyw*>6)`tf zGsJ-mhqBwPQ4KFH z%;S(*wRwf7ie~&N&8`pK2lU--ofIrJP}h5j4&K=J*o0sAgxK25TEHzrJid`7-?HnU zdbAN=sBRgbpeGfYZA#}d)PGj^h_*19?qSzIy%i){@gy!-id^x)1E~(C^DGt+XtRT} z8-uFifi{$;?I4FlqhupWR$R^6nWb;tZ(|e!64 zBA|EMxQyW=RES?P%_1G#$usLUrz@Xw6_>eMo2l5px!8}Rv<SFuHa~w!Jq@q1i2j zo-Q_zAvsn=Ufwx}$llKIg$5sEO%tjO-ZE=#8*YAMGOuo4Xm`=6l-udl<=5G4To*^Y zpY{|}ORNe^ArUL=oSlU0VT7x+_h11}6%~Al)@v`uC_+b+{Xk)MIv_9zCLJrIjzkqa zo^JMDwHVA=s?QzVB)r zs=K~MfF!Db8b;U1LXW@y8yqBxO|+_ha&kf13EC+@LBI}*8y#ekz0}s)0I%M698XGRoX1H0G(c_E}>`OJu2>k&9tRQpahP_e;0!q~DQ032`#$=am ziYoRXxuhv-x+=;p@m|=&)OQ07>w}U<_l^)sb!rmE$^7<6#-9Yznu##$AJZd*{DqH? z^vB!QfY41X%CdXjI=A=4atW`vq=JR@kx6((i3;2Bk2GoRL1&eJxxJmq7u_ZT)HcHp6^@5FBXEY|& zVRBVy(8gKcIuv7alWo%YCR@~wZO}W_wT9LbQBhZfx9e=(p}_xTlZ)n?vhmu<&mE_`7tRYBD_ZgeeObakHK?WCh;LiZYvttZ7BvK zw1;4`Hul=03521tPSmxf)HXb}1#fLB(Tl{kBdskZwqdX#7;8(>4)nDjy4q596_lg{ zR}G9I-p&!Flm)@9ZXZWcQob<^M(u1(k4tJ1VsAv!5vrCdKXy?=5 zoX>=Cc5eh-sOFR4nPEs~7>3ywy;OQd2WIlPxMe6>(~VU=5=t3}xP>8;hhUPvh@576 zb~G|nDgg*&f9w%fw+@N)KplG^ieaNO5LWST>aED(!I)vkhSCcy3`YbzMoJqBcrgA~ zBRYP3AsG2{p?hA4;RwvH-N0o3{p>@u@}n-iq*Ls1>;?5)31k)ouv1`X_HqOL?PjU4~dQaREMPT}q} zIE4>R;m0*{a0(xs!Uw1DeaQ`e(}Umi;5S{R!Ebu-n;!h82fyjTZ+b5ce$#du{H6!L z>A`P$@S7g|rU$?2!Ed@we^S5cgMBFUlG4Dc zVQyr3R8em|NM&qo0PMZ%a@;tQC_KOU6gcIcZ!E8hs(VS=&l@XCYPU|?QiUYjGuu0# z0!4yV9I*&C0G6z=ePUnZi#X@y_DN3QO7K<}xh!A0xI1kX2_%3-B9WO$WX9M>P4qs& zgdwtbJcWe0_iz^dX@gIz)oKlTJ@Id=)hhnm?hSi?YWI5mR(m+?_S=7IwR^2r`%j>? z$xhTgDP@rSsrA`y6$kg7JTQ(igDk``J#+wIBt;%40_tKi*}FPEdUe{QX~OB_5H$Gb zM!A>=8Ju7eB67` zN>J>h*yDhmCWzq-9Rd%}W;k{LASl5!WSHC^f+=GOJ>1)i!ZCs5zNy;FH|+p0H!XDB zcF!F+KB6886DD4c2%aG}MJWY(Nq_(oFondwg9HH>`{3eAk4+S!$Oq$l@aFvNuizGu z7)5l~0pKoVQ;Bn6Y4rs%txa;Uc{*QbI)MlelNFBozUa`t*IQ& zCVNxNqAl&J2bzgJFz_0ElKVj1EB<2l(Ghb0Memnxsgu9Zo7KiRwn>$m024QJfM_ z5{Ire3E4CqyB?ld05m=sL1=FVDd%;|P|WTVbO>OQM4=}Zh?5bI+j6^o=WDOsO*~cn zKf>PaCfiuT|6AQ&tHA%e!~S5){~zOd6doH+5M_sePGP4%IBfZ2h=TobueaYlIM^SI z2f?s2@Y{oaZ`=)9usv)Iy+LQtZ4JEs*z*Pl-4<*I$m@r4?^zIMAS#XZoh#-n$#^pUYIRtYd!u`8i z@^Bw|o;Ms1y#v_qBd_NN?LO-F2m6E05OsRU?|b{*Hf$XPL;qkn=%B!Z;~^aG4-N){ zA#@yy$UO8!Pq~b7D5Ol@8!G>_UyDx!Gwfj{PGqlz9D8ukZaK~!CbtoWejcXW_D>+1 z;rI$M)sBCaAWuX0a3kzfMi1L-&`baHWSFEF2R@u^!eTtQ&wFfA=uL;_}|r~ z=snei=shi!xkF<&3MoTz6Z$?uls<2{;{Ogmd;soSxzrV2UEY6J;4}LZeEL*^Y9v@U z2qQ%ADMK@NhSQie6CB2jHqm=8N`3Ua@&D~T_0jwzAHYX?Pe0Bf;d{rPkG)$&_S}Cl zZ@4@eA*NsX<2?zOznH~r?>E@|=TY-NTFryz&42!<`}cp@3*R>_$&Bu~|FZM+r;mF( zjnz6F&?cW}yR%PW%5XqGj>9;Zv71>)y^r36;57N@;W!8<0sZKsaVr0vCrtdqW=TLl z1}Q}zi#|@%31ZPWpdV+yrzk}q@f?u|-b)mn;C2VE-a9+Am*9=ZJB} za46JP^=@=_qJBFG7jF2XlDvq2mF=RKD|)`Er`s3xA)AU<`iCBySUBp1VFw&57jblN zKyku(SR;mc6dN)hN{!Kb`mnY%4=OgL-xpePloFlizE4222~I`JLfMu}FXgJYt(_~b z^;)W=LPuv)1jJqi(%47*cSyl4x_1@afA>)U(}?i~t`Gv2sIzdm`KDA+U-CLlaZQ`1 z3N)PAK^Be98rx+WA-a(vW$HYKsXJ>18o-Dm^)iBE6wyQQL34c3)#D8Nz8~^s62b_O z6+2kf#jHyLO4e5(!Degtx4)Y|pMWNS5#ktr6Nf=K;*5+Ojg`Ei3jt6tW@R4$$k}-W z6d=KXDWt#;DNGUs3GzWe@T`K?co~oLb2B;(nx?ZEh!sEcZ^$VzGZ{j`;R+2s{$9 z(1Q`@dxXJ=m&6H*3kzNn#@Ciix6flddHs)}SrS2p=-&Co_34$%-m?v~vCRI{8ng@g zU%xl(Z1um#cs_h+f-n}cBWN(sowr?S{Bfgj>t7MU zMl3-~*MGlg{~2`J{q6dHjOW9Ly5*0dkBAGSr~zECUHCuflVAVt6h$*>6xd)J%hvy3 z*e}_C+pX>Te~jk|7(vDmi78+h$f*Z+Qxt=78b*E?Pe1~_TR1_~b)JB0uHh+v01D_7 zMG=@pcnoHcdDAeS>;i%!$ig`i3b6Ga#=i3e#AqTEH1ISbC@)DD~1Vjo`7S)pupSXE8vHOI_@N7d*Z*c`;I&QC)pGK)i0)# zJ^mm4lg{J44A2;Qw`l@|dC+<0(!0cY=8oa5^UP(l#Ci6=oG0KdBq2^II6FC|j++qt z59Be&4SfXnWI2NW;ka|^VIOhW7w^tbFRuhpp(_8HjuD9wL)4Lqa9M?NCX9{=Gy0ilOuariIJ?l&<1`St(m?D+Kj>U0Be?Pu}&Z@2rM zZt?uL)!**_kMg`osj$F;E8$83UWFctDFSV`?KmSy;0!TDsN={Fm>lM8sn=6vd2oP{ zTo}6`WPhOm-^GXsLznpJ;h2$doH9(P0*8F?P8eIO!8KkI7{C}dz%MA80rA#3Ql=;v zfj1O^mjuS_5d00NUDcCbuArK|-*fdc5K;fD}YHo)qlD`hgULOxSNi zf;<-81LOheG_VM6dc^pRf!3I{>x37eTYUE2j7WH7=LfQbU^n%={RVlacZ2qYw& zLxyVL&afW_>hOc}Z9d{sZv_fGg@WB0NP^X;98ozOxlT=aK0^VHB7DcU1`kq10VHS_ z_$g972?>ZHOZiJao*FLe1B_E%l9?j zDohecP|Oq%fCCUfFN{J48Sfd4{XJz`E`U25e1g*IseQ< z97$5afwa*oJh+Z?JcaQDffLA(wX!>{eyiDPH(PB}LM>QbsN3`+$h-04>O_NcoS!if z&R%3D+k<1AG5{mKn@gcU78Ro=gae+Tm}S=FD;%&pPESq}AxM!tYxUS6h|mN^MJF=n z9JA0vj>E~aj+H$XL-w(k^0sz?YU;oL>wl{f|NUS8XNRx%7&8E4aFL+cQ7|;3z%Td? z%@NrZRddV>+=WpD&>Y1qg;8`5#t6)yj{uy*FoNRW^%exCh@kO3m~hrl z!97mJtVq-_Ebz1|c_e4I1VM&?j|4{z=SUp zDPdCp<2alnLLs@={R~1v8A#G`6nfFUW9Sf=@hV;b0Zov{cM|QiRXJ4abjLANdp8Ze zDPI!6!!tx>qxSNsoF^h_QUG*#S;nVVx0+`)a!$<5QVB;d6Rsr?I3X~ZIs&xQ#NNafqY$as4Ul=7!QmhAOtb(e@(0TG2bIBP-cM(t|3qk z<9oG9gt7Qx?REr2c!B{AGM3I|8GB7q@KlTY5>@w>&Ha=ht9#dinb7`ug+)y!ab98jW6^9Ur}TbqZb`z1tP#l*WDn-d$Y& z3eK*;=e65{@XuXlN`oa?je zSEsJyXbGjf(THu9Ql%eBtuRCMfB)D2Po+%7u#sK`Z7SJ7uo%p_Dko9Q6~c_EW;4A| zqS|$op2;Vl_o=wm9OF5PMUQciZJJ{g;X5vwSABJyvsf^v&_~2tf0p!9KUU2*tzJ82 zIWUGZ>78PRxtn#)Go4~s%ZCPAFp3DUW!_$neGzt$2m2Hgl8H^ApAg?(ga3(ue2d}Ebj&K68`s{+7 zgldqQNvQcQQPCz&g?;X7C;Qm~7Zk2lykM2s{jVG?PsckTj42{aZI$mCpTTn+^SN^! zr<eIhgaKDkPGKZ(4DZR>d(?vw zYKAc*c*k|52PhxnZ|@f4dB@6K#|MKpd5nf5y*C6;! zAmG8s5(X}bt^|v{)4HTuTo!_k(fg1x%LLB%bAo&!U7&!gV0=g9gP{xtf$NNnbyG-k zUl#w3ezBH)*R$K z`@S}_?X&ii-~VBfG(92wM0m0>F<_bhN3Sy|`hT{D!|ne67>{6czvZZ)DX+J$$UcQ0 zM9^LZh@R`ZRgibU)9l*r4)4Jea6H8X@ogzhe8^CC#}0@aic7B~a>gg`9D=96J!!XE z`|b7kzo@da;{f0Q@U>^<@t*wp|2;)i$YLA40=#7X_gnqq`tJ?5{@;)DJOO9Y^zcF4 zb)=shLj#A7^)bR@7=5zd=-abZ?@mw>;rkhi*(b;POpv&-N!xZEb+^`jW!C;{7{-+! zUO*aFS2^ne4bBQs_?!Y#|9Fh=@BUHHRrEcCFf(Gv~ zxRRCaJCwQWM-47)jYv3ysMD*ZwW*}cw6x$Pk?2v*VI1ikX0# z?hOaMR%_Vr=i*pqjX6z_3s>hfb!@w@7{gNaKyDbSdrm28-s8;wqV>P2XmE?ye}B;J z71#f;)!y2FALS8oUS108j*1`SNLvpVah}MqEiC8XA# zF# zecopd^eBpSoE9g5Q8b3$ty24_nYj~j#Rfnv&K^gQ(sMXd-Z;WhbByHeAI`^N6oJv( zV=C$&%Oih0M}(vi^2KG$(c5F$0Rzr%Oa%H7(ZYl0S0pR!-(#vDzi#v!w=}%su%#3!aoK zJbHT!uEKvJS(N{E2->aI%dlAR?eVoPIQQ6sf}^*`d%WQ29=H=Wwv3|b5D z!*$4J6P$^oF~zn`Bv0#8cI|L^gwMMvhO;nVpTUU^=-GA;vUr|BuO27wtG#b6Re02yKTuo1~e|&awseaM9XMQY@$h<9Y05ZOz)(p$#;}#yjxrOF^-cxMyTq9NY+_eh=0O-m_-;hPc^IJyI;9?z zo>X>dw?u!=1$?8(^YAPg5gdeBWH>31UZydpQpGyNCl4lY97f_kiY^R&|1b;E<`Zni zUu=S-SFcPAxOY<&i>n9>%P#DKkX2n1&=sKXgX3Q=-ktA)tJCW@XD8y{m;B$K#pU^3 zaB_5fbMf}{^78ED)YP-P2`TwYvU>yC$%Z`N0XW0+7IMS>Pa zZ_ZAtXMLr42LeDgqXOoe*GE^seil#x;Se-htxl(*$##VOdV*DwLk;u<`*H!v84QYq zs9s2~SiLkaVosN@LnRMpt@+ zg;AusuFB=Hy8yTOAfqzO-jzO!h;J>j%LO2{Uy2B%`URar!X+fWEpTy;CeTCKXM)5| zr6=krx`QGFryo=OPDx2WheX62^}vw!iZ)^;^L)0 zeg{Kl*IPftbh&XQdX&1L1Qx#8W^*Eb=Blk8=C`itY`l$CVoWO`AAI^$G_><|9pD9&h>u=|rx3KVw8W?5O56cZ&mhA=oN7;{J>JXsPZy0!rk^c_#=vL;Ac zI~OaoK+;%k^?sPn4#8`&Fj~PeKg;r)7g5XaSBcil9FVY z_X1^|#s5Ga)6s3@jf+|6`w_Z>BHoq=%f)3KaT`(?Q20`F!uO}|MPQHUEM|xV&_gum znIjtc!fgooXCnrIS^24iDN)Rt%&e~Uvbx=uqc>UUm!mftwh4yph)}p9@IQh+ zGO@g$fOjbJ@C?c8j$u3j|1Xya-jPFHYaS??nHc+6)Y9`;p;+-=Sk4OqV6`t*obh>hCVieR z5)`Ye)rCt!;+~fn^%OvjRIojR^fEmyPRKc1sEE4X?*A2*qY2?up^Mm}7%LCa!MBVSp$T zV6fbU9R2b&jNwEso}z3)8JvXiBtxR&Hl~1}cuP!)5Hp4ZXA-4|rSaK{8KP8ilK`sg zc6)ADTZ{)CuQTWlhJ#N3V87RG4_c`04N%A19}oM;-yih%JKjO}U_5BUeXrH-1b!EJ zeQ&=rMi3p07aE4OBh#u~)#XiJTW-6ZS+~&ub_SjOUccKOcY3Y;K_9lp-L~KM_V>Ge zw2x4Gf6y5o9C-WfL95+EJ+FV@wR^2L9HX|^U)Wa$!$|Bet9I5@uu^OFdRcGVonFxO z{Pv(d?zXxEZ#*2f2OV!1wD$d8=b+u|c97pe!&YyA{9zw zsdUXT2yLOj-){}}4|)OY9rO=|t$jES`av-4?hnS^U>F46(1R^b1_Rg&ynd(M=^wO% z&bT{7iz(nX9V3rLt9Dcsw`jFv<$>#Vx^O&%97!J9?|H3G&ku$NekdY%1_*KT+F zy@P|!!G6&1jZp{ss5j`h_F=m{@Oq26z}*C`%mH}W>}0EDt)}6iH*Sx|!-H|(?{<-o z#)JO2HTL_xerMc*2ZK&0*dMeyLB9)!Lo|T>_MkIpdjaC(@)!0n!Ibf><~RybymDXt zaq|v_tf^~f{kC`(Y!ABLaKAh7hvRXtJAl2;e$e;({qcAVTWCD&jy->TF!nmFPOCRW zoqne~9*_Io1CDbvSlI6wBq8+259_w7T-od1K?fcT`Um}X+wXSv_s8&HJm_}^!MHv2 z+upd<9R}m>{%{cVS{*+KVBa5m<5sT)z43Uz4;S`Y#P@qxpGDQm9`C~-fUW(3-#QqM z4|@B-pfhgux?O+R3VNOP0qk^;*Wp_n;xscn=pMB92M66=d+d(~-TlRQ#_$K!)e7Y%&4-yd|xzSs5I zXfZ2OXCf$mJ37w-3VODd?vyh@i7-bFm!IZICSyq9N(EvO;pt=n;0c@wuAkyk32sZw0qt-=;h;0qPG1Ewt|k`+m>w?)N)wB=Xsrj0Csxgpg-JiwT9zhj0W8lm79gWWL6ydg;F@h$VFH*ng&7m-oy|y`kvj6gvyIw z7=<;1d6Y67h4HOD0U~yqxd;klsh#i22s_{lwmb?oHBNQA zYo=RAvENMf?YW>hU*_cAo5C<|jv);_n+UVEe+aD4Y*JMoCzj8zIq*;jQ2q=Q&k+Ah zy*4fl{Jr+^)y_3C^qxIwwokFNam}EJ{jK?lTkJ+IyXLLQ2g3JJy_7{(-a`;i!uWkn zQ5MlA^o0KdUzBPENiXcrALtcg3YNYi>>J00J*rIl6tO*DB*>;JL3SOI6sQIGd3a6B z@jTyui#G~ykyY6B6L2YkQ!7&o5Vt}O9Lq*%xu1Y1pdltoGqEQHAweX+H3EXo2E~_b zk;<iTWjCRPFk{a)z{bV7@4VFpBhfe?%?r0h(5`1uAQ@h#GDp-3s}H zjuG(iY%Idw$=Id(*exqu76Dd(ldF_fFyQlWtmXAYQ*zZJk&^w3)9a(d!YY|ShVI}! zAUI{K2>Ghq=Slbi2nVc=qc|k7(Fy(~d6w8w5hNnb1cN5{c7RmImE5V7j)0v)5j|DO z!_ZTSDnzVf-rx(wyU7tDOL#Ee6aKj}7MKf2iwg}!#C6oD&WUXG40 zu}C-Z%k}k0{ds+C{(5z#{(5sF-w9A0=3!RjONk{L*@`RJn#`&oU3e`_LB^mr6_TCO zBL*v8bzKFpS5f*4l+wUS0&F)H%gKP$|R83xXx5eT9)LU&lbm|zDz{3 z7?ZgOMoOEuv$!`)V8_tA6_UR6*3;PmjkC5D_mrZTWpah8m{Es>uO_}>yCcf!Q~tnC z{gz(BI>;Ry%jXV-lPS}8l0Z?UvXU(r>Cy};j6FQFN9ShVLS{8*9@U~ADo9{LmMTaP z(qW8CWffA9k?!{#M@5pTac#_95-B()J~2+9$Dr5O*UW*8JB3rKt zk8V;BqqzuK4}HIhV=A(;QDdFZ$6;0yj*xN{to|5922V0;w7zAd+`S#0tL9yB##U&W zgDy61dFb)=mDsw8eTu~!<6EvrN$Q$!hG&Z~V6j>Yr)f6;P@o&FJ>6zs3S9(6_K0jV}g7Xvk*pf@ocN}PGOU3!W{!ci1l*6Pavgt znE0Hrp%|x=sWqi>c5x91=~R|2oP-@kkqLNb#17;O!;^{HA&pF`i}NJb_$%BMeqxd? z6r7j?Gd6h~Ze2(Y!if$lAUF7V?&!kYtNMmJoI43Ao`s-zZr+#ALacGAtO-_XWs4K5 zc14DFapMEXdz(Qx$>vjr&Z0SLTL?8xWR(mg067g;Y8wi$voc&C-^FFf{Ow}cd83fJ zTM+&e`Cu3LlN;_hp|Mi5P1N@s^pRHgGT1~+mNZeKyjx+~=rf|q;a=oYNheUeyn0uHk$F3408_8i`1CpmMa%4i#GV7?>`SiQ}elj^bS%i&%ot z>p**PaBiExX+C3hMpW{u;A>t=z*hY_2|1VC(|c?F{MTMRnKxCYJQSC;TQu`oA~h?; z5>xbQ@2EPq7ADNjKBi?m`*wJFt=G2=7KCsp+!ePz2s3HB)9th+ax8Da5^`eWc(w+1 zY|WzDsbwv|#H*@=JX|oi2wF7{@oU~|9&}F{JhG2k~cLQCIo2-3lk8C zgAb8EUC4nZZ(fMR^+CsrlgWclC%Ax=GL_mOPA1wzfTLj=avGGZc7}afMZZKPLt>oH z#)xoEBn+Ohr_dn0FZG=Z>6JO*O0K7NFH>4aapQb<3@MjsVWN!PsfhBG{eF_^eCjt% z6GYxnL`H=V&89wnmj-Xn(9}Ia?b4aX)_a*aN%P`UxmbjG9n1U0Dzg%0T)v&$n|5+w z4z)XAQQ!jvOr zL%CZEQ_ST>iO7_U4rut#Y)@i$7$kG=FH}T|()1+vHd$VCH7X)RHah*m%TOz8cQ7iy z7L5t7A7NAx)Y9V2&R!HDwS$=82w68_3pAa1`(lk1%j~Sq7ez^R@)yRF{Q21k`>*Av z;sQ3D!?VmUe4V8vq5!8XNyQ~wbx~Lu^LgQdtAPQeSL^SQIipdf2nw>G%z5)Q->7o( z=U&@wAM9nYZa7EVd%~uunZ0Z({-=MCJVFCWH|kuyx_aMjnIla#T6Y zx4_oNhpJeKk&?En3X35%z8#b)6vzu&4?uyexFQN<;cpWKUKDz_Q_O*`jfJf4YKX|n zf19|VI3nv~f!C@WKmTxyg$I0F{gh(kQOc%#g?cI`Pb0>SDtz%8-zKJB@iRqp^6t(a6@7-h?t;>>y2?Cbn|LAo( z-F*E2PQTmT=Kpw<=fj7+XO0fXBpptK9kXB&z_D|ttU)?5{hkh2B3GVrEip8s;>@U9 zB*G@7&7aP*y-%N<4a<596#v7-aDW zCDFPzo#v~{_&`;FpRWnUjyP0^r&O-5c${f|?-@7}_n%6pn4A?s+vg$-eF_8$Rp+x} zhtJLQEXJv8>NJ20K8omOB9>H!6OPIZvK?FLC*2L+-UP7>S>{6#p}FceydGC73?Ns9 zKXt9_2)QGOQcrA*YdlOLRarIlaqZ!Axsh0vWN4|M=-fMpGqfxIQsJ`>pBKYW=K9SM zVhR^#vAT>_nX@vrJ$){eqXM-0pjM^fb0YG~6r{&tk;_8b)V{pM(TQHGk7aDt!l|40 zJfudRSQ-ndM;Y!aP?*PEeQRn~8hMOY;X8v-q>DUp<{MaVhO{Ym)fv(@)yf%CA6J&%V(=+yw#5KoYdwTx^x_1yid|3_NP)p#{&$>qqKPe>TE05twQZ`#c~ zt!8Y(iQ5g*DB^!LfV)$m*|{eo&8|YND&DO1LG;vyr?|(>F8FDRsQ{Ztl`HRN)zRY9 zF!s@VS=p6$@mf2^d%6Lh`k}`px*Hi*8oVD3GnkzfiS{SZkg?ii*9>&k;YOkBd9c;! z7M6TB15nX&8dtVmUKMqJe{GTI5A}SG{I7Q8W#a!b`M=Za4vO-ByWii+|BvxV`M)SN z6p!nblS>#=L>ThdmEdh@ldtgnv1b-|J|AwrA_liO<+MVrugl66vr;i3_e5TSe9-sD zX*3sl{V|#>#Qtv-;`%kR_`^B~j@5dhu$#ro;SE*f(XkTTw48i$8}s`div%Ke+KTFQ zH}X4*=ZB8911pb@#rwK0lv8S8?3?OBe8_$Y{S>Ieg+iY`9p+xjvLC_kDQ2cl6Ckc_ zSbJgs!w59gjb81L#{tUhipB#+t-PvJ*;V#VVFFu-2vbxc@OBscG#BX027GHqIk!hv z)$pfJj&w~ahwCjj&r9+eDr|2BXz{VpYzje#|M^+O-%u^p0?7PHtP})|y+(1gUzYm}zuoQ^ z`G2q9+w%X%c)r>5A5CFvp8nJ??5}m`Qnd|!t4A&w(ia}MY%O;`%(E8%pC_>p{Z%HS zRe1lOmh=Bszg5Wp-|6<--7WurjK|3T>cU(QPK4B_E-o6uUtX?SjdjnH*fmsACG-1` z!NXd+1+T7}chf`)U1{Rd=^^;oG%Ss?&^U~JF8}q4a?wh#eS8;7==`s>;Qu&GZ~gVJ zVhbFvZUI=b{=2P`{@-tJ_5a6t%=%Z;x*^@4uQLU4vHD+7we6fkM%S-#?BQ)_Bfy9k zm5bT73-FpMNt(T$J7zr_4RoP3!P34y&#HJFHX#_tG`{{ zyuLVj^Xk-*)&&4g&aZBMJv|-WoFBbDy*j;odwO{Y8aQt7Zx`46?;vO_n!N0mubz*e z^etW$!B6-wJhfZ`cK_b{EnR-Sehe1%V?KCrPXPG&?DF*8(W_Tx67`Fli#OLVF5aA<++4kRaejJzrHng8 zs6}&ySz9(_O%kfvdXtPmKs?W^MSKCPwOqB5?VW$Q*-JtHDi*KinkFwUnLWhXwHUYB z)}${OuZH3uO7_`450U>=0G$oWf5U#s|GT}_{~qW0g7Tjtl(pnPJ0H{^SN^k3j=r=U zx5@ptw2xMR)I_19VJ$3VVrdD;Z%5}hM{llw5j*YEOvw4yoJ{z+ZS8={O?7n@N68 z%0R-$R<|N1=knss_36!r4JB173cr8 zQkR(h=U&&CpzWgU|f3Ix(U%~$0Z58FeZmYXJ z|9zCl$bUMlrVc76L(M(Z{4cB5+x|s}TX9H`H@cT;U-f5!G5%|#@VkE2U;idz>&hD7 zlJ(!~4~zaE{qC@{UH^~qnDu{M48*$u4bYIvS~_4OpCZ5U1L}c!r^l3%JrUGQxIY?H zjWK3b8sh>qWC%9_q*Z4#EwkNf6%|eU)yiiN>b622eQWtaDhSICH*#2ius-YvO20x3 z{QBm_>CM&Y@#X2Y2x~M;*gc?(h~y9=+_;CV5a~Lcg$PrqdnbfFkq;3t0zHvx$axo< zRBaXCb$s5xFqMYZxsCB1pGh4lQAAu!smMGPQoRm+;dbTlKIpKxIvn+p=ixM#VQGbL zR)nAk)e*obB}gq)bzXCQbz_ZOMg6_Ly1BYI{+0jUn?tfk(zq&sy6;l#-Kz4}N7tt} zCuf(cN)(Q*Dq_sCAlKDzF3yinrMSJ2Tuo&2yc~Xgb@S%x^zv$Sv=Wqz=!;N}j*m}A z*Ec8USF3c!1XM3;1+_AIR=qwLy6KKNQTgTidUP|oy!h+iZeE>TU7w!Ii#KH(#LBI! zRCKx}p|@RqHdGZl-he$hy}G_R8+|rhI{>`_&MES$f1}S7KeLG}V7+PJ^sm>KM>j{8 zFEwH+71#9;RE&;q8oNF^dnHoRoP3FPRpNn+(D|bK_4IF5XxpmXtE=4F5jhm$7*_sQ>r7oncA;AGWvh|6@Ex{+H7Vp6Yy?Tw)PvHl(-QPC*F(VJu^E z%IMY}T3stp1f&34{@r6p(Fn4saQax}Qf)!ebwuQcl4c>}I2&I?N5&4532ofaWpDF@^KP02xGxUDU=yffCgOW3s@;RcVp8qx6Yc6(lXSj70>>bss?~x&iA(xOr7icIAfc zwNt)aTV1DaVcAM!VNFV0RMa$R%+ZztQkabA*7=~=w#0B7*$nMusGMRdDmnU(y5VJ6 zOLCWn=SeK?4eRPMRCt4zYdA1vc!bC-q%>4%#k{FVx}ua{86aBv>`gKUzOS;3GyH92 z9ji1gn_tcn?jvj*>ym~{OJhla51syRj&)~qF3lxb+AcX6>rSDmUu6%J$QKQrgkGka3MM~pvy3tm270@fJPOB z2P4+f8a_w!TY+#Dt}V&B64}Y}E9(`i^9l%0tUK#<2)8?zqvJA&YK%7@kCqEGT#r{( za6QBtVq44^GSKUyHlyYWAgdsEnVz!tRl-e+v0AZd8RvUvF|N9g)7x>9r^6A(O1`Gkl>{QgNr}+eG8TSBYg4`64JZ z@P9ZYE|DkJWkJO~rP}hiT*k<}n8J0$46CaPC5;^TwS)~*Q#egEYCtVOZJl9q4gG(8 z`;VdDP5J+Jd*%C|z4q4s|52VVc>lAK(Jl4 z2|DFmMCE%^CrwKnXOG^ToL%3%yF9x-UEoZ6b$b2g?8N^0^6W7$mtLKYjxLX`FD?&3 z<6j#N0B57?qZhAEuWnu(9shcIesTyJalqDyIs(A2XRlsey*s-;{^bxfIIuBe@yKK1xVS`%7<7!ka2`jt3KlyFkpZwmR)#N{s_Gjlc9Z4I~iUmoRA@?S{J37*K-g(!d&KroI{Bv_(YoiK{PF(Ry~a<+;eiXgJQtW(GU zBuM2>_Z_}0!&q4WIbne)91}?Hmx+=x*_1_emdg*pSSJ4vf0);?N+KpXm3b|ba`E?B zdM>HCXTZ-WO{E6!mfwE*cfY+99fp6B|tT25?wZ2Hv`4B|4*Ns z+c5SIZHziI#Gt+|8*9J2pA-*vI0rp6*|^V3-vRJr%3ssG%Zx&XC?NukvxG~=5~FoD z_(cN!Ib`Tpbg!hxXo5+|rn5tEdVF$qBwosd^qu}d{32K;RM#nGj^wo`0EC^8T%tgN zGGpUCshERzDfW8UMc>2x82&t ze|nT>8S{;kiR;NJ&-t!NmkvAq5-(b?_)Q`G72N~3Iv1dI$H}$7XOJvQnriR4WzDQN zjA^rMMy@)!q=J)e59Ok-;21^JE*!}>)y0qESh2ZW9caC_Do(>OBC&Wc)EOKEg#$fI z3=Cb^(s3pc9>d6`3@1lX-WHjI{agfbEUPIG+{7#@sNJ~a=bBBcI29R2B7^Ryvy`&e zh)fW8S}`G+&$S6<*mqQrC)u{#gv1y_yhl)kp>Kj<8WLTl zIq5rP@@(>L>zKXgZ8sv_4f)3o*FH!%+X2=LmO@S!wqSuTn5VZoq}gQoK+IVns?le4 zC67ak66N&Uq*;BX_A}87bA7dbJpj>KunJ?!VC*4kg*c+Fd26Ayqa1<87&FQUREEDW z4w*mJHa0$lF{CI5O~15n6u=~D0K@(8U5rSsPD&A}FE7QxLv!A1d(}2k>61GpbQf@QGV9R+|z!BhZbjFHv0;O z{`Z(~OXngz?o&{v1F3|ZKn5G8>#8Q$(X?P8s{qu#HEVA%<^}XTMCohnYa^<(d|o2x zzat?-7qN%bdx9uViDwri==T&+X1&R9q~+hIg>JidFydmhg=@1L1Tc!m(7QcR?j`Qr zV^`rn(T-TIW|=tv+`;H-I~m`|WXy0JGEBmFVjmEUu>V?q$Su6Auv;u=^+I?^Na$Rm ze+|Q!p_ucjcVX<~JI#-uo5fpfGVQ!W) zXwI-OWqcsNM_DB?VHv|RB{D;woQfRaKe}4Dw*EK5I9gBrTWbFs4qHY4|6ykv|LIYl zRrJ3^O!<$l{uRrZcZG6t0TfFo+1sz6R%SwJsY^8i>xOjB4ES@<+NipzdS9b$%1NkJ zHnStVrZ~bY(m??~!so~m`<0$sFilo#umu$%!-n`O?=jj!biPFZlF1mSv8P+(-{oCy zio}gkb!VHv8DfYSQDp|--*{1oVs_) z*G~N(kb{>R68gp=K|x$Yu_Z=jB4_!k&OG8!2(>O%b@mRm-4OJ|ul znEeosh#ho3`sc9@bX1(Ur`KD zNt6q-I9=x`;~zo_rih4}w$S$h1Tne;5ntivEc{Wm(e?I!g5!VS@tW7am!JRj+r|CA z(;IB}|HpXbE>Cd$Kk;}YyT2rnN7?&DQTbc$ztU4VrO3B#vh%uXfbNR>svg5ec2!H$ zs^y~Q7KUp2EsR26ut0;zMaV1e+GEJP>0Y*X%h7Ll?(NR~ZSCBa*1g{PxJr<>sKd33 zPy;j) z>^Jl)c^+lY2%TagUhh<`mHY%h8n4lh&2#LI*vqEf0To@f@88+)S7k_=P!}+!6=!z! z`CWyHZM;$Ro*@#$=qzT41kghx?B{y%AV%`#`kNHGw}{hc&sXC4`YG{#yI-pjv-MhU z3wDtewgl=*K{3V{X^gkKooUWJsX}SK#zZLDjTmS#Zd4!&KBIfl9 zu}x@zK1w2dKSMG5#*{!a$`#c>L+xKf5j2f|rYZ=Ngl3wcLBUoR-0FhgyDn&!$i}om zYQ>lZU7x(NDwU~mqqLOsxHQBNj`&b(6<7lssqq%<5TI-{0tVM0LxTyC* zp?5_k^=m1pkFK14Pm1Z6QA)p}LRzVeu0*Tqm92k1w(dE2Ox1He{m+Q@oAm$e5Bi;w z|L0c!dz?q=e`a2PYy~hQ-xW1LYb0Mm1vIU1RtGd-w@Tnv3HZkG$boiB`@ZyKm!*fLL-P?WYhIp?e%?NCLw-Sw&E=4uixJ}21#E2m=UPX7! zxMaR51e(~&MnA4>WGx;^*!F7r^vO};$!dZL6+7$(r4wP>Hqh7WhWWL@u6%cb(hvHq zCI3w^3IB;>2BQ)7k5Yz3vZBw;|I_P~>_7e9V0-`fQJ%Hpzi0C=5?De*0rkP(QyRvT z2giP&CNO7mkx3$T?44bbJuKT+|8bxwrc5P7n^+o_q6KH}#8K4V8Wla;fnMhe0 zP^R)eC{WfkfvZHPnkI0?s8snBBTv=nbl(~ri5GK3Na&-+PA({yeqD%ctWf;C6x&IE zSpeh1=Z2%2Ca^9H)i2cyu}0F>on0#7W)rg6pvRjOsUBYfEzsW=h-$o9{CvrHCnos= zr?+dt6-_#YD%T%iGA3Bz$Rs!YHH>`=nNMq$gyex-4<|T^5Rs?XE->e98J*|A+o4h| z_AM&S!uS#;QRu;ZjAiS+RlTh$!S~gbviDY{uBwC>2|WwHTuaXN^LX^;4GW|2pE6|y zA|8qvoS1wQO%=}VQbj8*1ePrZT=tUGypatY%@KhUWHnNOt!2F^9;R0g->?Y2wzKRbi=R{npCXYKq?XOafKSh^=g zV~sB&t1IAZ%Im7uW@L67*k{V^3e+mHyDGY#{GLNsMetl5;Or%0V!G|{iz;7$Hp%Zw zW#HaU{Qr|GqwMf{QWi*EDGMW4LDU%ujOeA_(}tNheHr=KFUd>aUC?c=()mrzunL7LQ&u3E%_~$S`pk zfhY)XOCnocK`Ursfkza&@q8^9_1wfMiIHmEn@kJ_NaX-jeCY7~v6bO=Y2Tk}8Vlby z|4bXTZSUkqU?&x=Ma!~bEXBo7LHHi|uS4ID&>bXlJ7^TAS~VlnGW=Yuk(E_>_qaCq zezyeMX2hjt^F!s03Mge~+EUGYGTU7smh!)g)m$oDL}96m)_Ipl{07)5bgVEftM$qB z=d)X1ut^ptcD7(n3-dIqoTAx7W@onA#LO1W$?S8dqrMZhGqFya7TT>u9roT;K@mIr z?JV~qw>vFHTs19MKr=|;b5y&?7Pm;NTC2ze{V*e=R;_9bjY{gSF)Z40+EU|UUTWML z7)zM>3aQf!#!T{wstmMzq=meudn#K&Q>IkS5*O)|H?Bx}Q&U;xbZy?E`=(CT+DwYs zS_@9`4J~76lFj=<5S%hZTof~MuTG6~W})nZ?Zk42#uRxeL5=mAu~w^U#$LbQO{%$N z@|UPrd|OCMS5>9F0IXJOXpGs5s<0)B)WL6!f^3q8WEq74Xaez5n-EQkVY{-Zk!MYkA68lF@hq*_0MTI?7gD@vSSR<}Jc`pjpo^PdOge)!W0@n1T_V*HnOcd(8B@+glmg>NYL!?&0BVfCC3 zUn$?i#&bPv^E_<5eHXh109t!wl#6$U`J!|QI zF=BjTj~IjAbcSMf!UgJ(Q`928a9RA9UUyK?{|4R8R{wjHN9cOza$Z3;u^^k-O=yM- z2*q_@1ySnz)lN4g**ywA9zpNa>!?6VYDs+r)Y#7dSTe>#_WzOa5ZF}w zmv*<`D&GI?_6FPdZ;$c_|Nj>`FMn%ak~6Jrtt+|jD-w}TBwxmfKSzaYy7K4hZpNX% z3^G%Y9^}@aL*XjU{kaNX>56W7Qp#TBZ+s%m$62b$#>~feY``T4Y9_4N?HJw*Y z;nvfx20z-N zRskc8!pI+CpTp7fRD121&&w1=2_n=rFhzCEp4U(xcj~%gb`k4cW@^^8zF;W$p_ zZ>?jF{la`cdT$F|Z8T~+S9A)`D3!B;%n3z(M!#2;XqXFvqHOks9)jN*%1^rS_X2^} zz(NZ^ooYy{fl}RSE&{20w+k}pD_mNz@0!TVgQBGTyV_yPF4qJM7kwOEh70>Q6C{Hni=2_5<%{Kg=P~TIW9r_Fv;T6oDo-m;bdp?3Us`4SU=8uaEL9InGJ2 zKa(^5WzKRk_-h{IWED4ailYJqZsPnV>)I-ZH(BYgbaGReg7UFVp}?06wVE|m7YJcw zSWwMrO`*3-k7`P@^@lj8S?!pnnl`s*GywbqkHv(G2&;wA1e_L2X=Dr9FReHmsXD}= zi%xLL0_pao=9@mL859E)s6zt(wcLG9v-}K;h{EJ!sGy2<1=IE9KZ0k7O;JiO(`fYs zP|M=~w>$l!|IeV?*~)*9@hp@7%#4#XLSIM*%(bzu9GI*8?a6|?#@&=-{rbIsMthdCBiCnJ`7zFbbMn#rxKSc9LfyqK34Cj_TSInod($zAZ1_?m?p za%Jhf(Ru;pHieg3E>Mh#<&yC)8DGq5$`ysmp*Bq9u+=Vw)x(FrFFg8Tw3(JFe(H!# zegzh@<{yAhF00#PQRwA$s$VNHT!iEE)hioGKl+UPFc#52*0Y}cKli>s{Fm-x z7z|?}_bV`3>j_{KjiGmYA_Xha2UXe%KNEnbTqr)HpfScc$_G*)qIe|;AwW?40UlW&ib7)c%UTomda`sxmV__}%kBs3%1i)qS|9Y*G{MYYn z<-bRHgsgY@;%FlRAg7P7D**}$T_^(T60697x~vMa{x0;$l> zS+MRLD_iqJ_thoK%g7$9u^<)H{mAoh8nX@ZqSabgo!wx&+w%(Xtf&9sl&$XeW1c1Y z-(c7+>3_ri*8lrap0)G;UUC}vV%dKMg*A-9qQc=vlrROBI{DPN_+(J(-Fx!Zlak3> zfLO(&M-*Juk!M4$Rh#h!%6F#h0c1Ya!m#j`;o{dY_H88at07pt%HOV!>p#7^s{8cj#MCk~9l$Wk()pfa1|X;R z&Q*t+r@rc&QF&GwDBsv)+pOT4_&u>_nH}U=qdz z5)`vb6x75a$i8QuWD}{#*_pL!mvcio_GSK5hUiV@m$GsL$W76dG_+69?`cSopDj4k zEx9#@G%Lepwm;8hqTFm*ndP$s+`QLd-jK4aDQQz#zdg$q1FU<<6nT6GO9}7vOL?$m zm#R&6S8eC1VW0~bp~da&On71t60Z4KnZ>nGxYot4&f#{I)O?mBUsES-(==?Ccdc&= z>DQ2{Lhk}K{O&%8ru1!)XwsJot8tUp)K|JKs~Wva=w4FJpT|8xe$ z{BNDsaI616$|E$DD>1K|I02Rv@^#OE6_qYL1at@r8W+IU$FUJ2WfA>v(I+2*J z^xfiey4#YI0w7jUE zMj>SdzEa`=Qtiz0`>o8OL?2j0T~7&;c6otxt9W*#G#>O&>}9oY(S3F8goJa*&@H;J zuKW;wCn~x{W>(q$!bZ!P^0`*bNElB}a+u6rMlZCmW0QB`gpb$Wdj`ZY1E**HDWqVE z2m%ZP==%VI7~O%0?{8wmTgiEG`+WAZru;7rqiZSvi{<}zr`H-5<^N8fp7OJsrhx&*G4QIV2$*M~K>t^`|MMzg%CBuJmb%9SzkKz?9X0$CT;pWmVr39rwiq zp|J+8OjwBu+p?>&{uj_7PivZavx_L{qL>e<7#dLSoKM9zCCeoQGwk8WK3;5OTh$I| zOc_h8kPt?~&ml-f5nVZyr8!FDl^auqM{#(@d!=7gx2iubY_w+cE}T)*1bHEhL;!jr z=}H;uRApFI@%r`8vr!`xNB5oq{T>K=-Cp+lYy^CasPN1qD7ptY7U!1<_Vr1pMQh51 zFO%#v)#tir-$YY~rz7kGMMGoA*D{WklB~iNJyqF?;FzLVD$ya^(QTIqQ3f&kpA^T7 zr0g|g7_D)8Lz_$WL13P$buaDtwh&>jH!19;Ls`X<*}Kr?iBm_ zZi?buM?)%ZRH=DOu)hleOvFwjeAUiIyMSWN!zsAKF$0X;i;VtZ?91uq)F*j?0>qmr z4qJtU70a)1>(T1bPT^O+yp(y1HH4wp9#w;{%SJ_BUqji?jkn&}sIlS-cFJfJY#^j+ zZz>}XKzfIwC{OU5nrt>wh+?z2i}fr86mQAdB+f)IECU-<9dlbY4>8-{m2txglTd!X zU@~+gdOR>8`qmip88<~MweVLM`Y&JvV-J!1x>;};Q0Yy)GtsLTpO?&hp>d~f-D;*_ zB%1X)&Im+7c)Mc9AJD(=!1QH#3M`_J8m77&#~ir!;pVkB?yCv8nv1ea=hZ59l|_0r)C?e;|n?tNO>nO3_uM{BmU0=cQExMAu~j0G^}F*W zdh%oEaQK|(A@+ZD32amGe>=TlG5}n1|rCKS&ulbK_e2Zc$Y6J!|fn)15LZhAWq9%OAI!6-*&0i`6MA3Mo8vL$oI9r>@ zAHYH7(epb9M3muW~G^ zMn0+N`BD+3awh)}R|;1XOX}%%8~^_gl`qP=v;NSWQ3}My@J%0A6?eo1q>&gENG8Ci{UGEa$viLvkL8~bLxBK0#{Qnq_wEwAjz1qwrKp!O$ zzMr8-vipgm^0&No$8eqZZ#K?V?Q0puZ~Ssy{cduH$!&z8Z#VxIMxif+4};W2h%Cz3 zFiB_@&Cx={)`Yh;;eB%^yqu%WTFc}rK~*8BS2;n<-&x9w<6lr9T=~?y&grjk@~MQw zj9ZKTTZ`N>X)IsM3HGmqe^2F_Ug#FNx^v{`IA5;bN`n1IXywb#cWGT`6Z&X8kv~yx zIh2=mW#X`s%k+wTQq$oAe!0Q~u0@hd`RYa+G;UEbLnMG68e#wQ97T7&SYMMu*A{I$ z*;Idpt%pCQ?FXz%tLl~BjKET+Z#E>cnm6IbG61W4v#E?D^DMd1wN~Ih-?^;{>Z-f> z)~fLBKC9{f%0{<$gW~x~nxNw;@@_YE{?{IKO6Pz5)^Mx;KgJ_FC(Fx0<2FC`6N`<6W6>$3SdMK^zZcr zISon@h(VO@slry(EtEyq+j3YiQDF0QsgRQcDPvw-oLn3N@For!xJHyw00V{yK=FJJ z#q(DoWqU#R{{OP~rp;|5Ny6}c_OGZwsJF#lk)rMyZQJvzWwl#R+m>F*-4oAxybcH` zk{E#ii~=cZZ2$Ks>OOIi5N&yg54H$YWo2DinOS+j5RW8TWvku)E$ROl5~so|KN&X< z15rc&_YST2?|TOayKDNtiihU^g2gOP5O|s1K~xYMg5RR?1piI_ZheHJaYA<|akx(I zC3OUmaPM98z)L>j00f1f(uB-g|z~Zfjmh78=AM4 zg$a)g@+ZIKwiXbO0U`3@O-gxQygAf*bY_W%tP+1kDS-d%IfhE{`VmnC)Q0pL4osfX zxFy;<8K&ejh?2t5tT6#V4~9T8X9-F$h|{|s*o+I-W!?&b-D59BN%q?8tHmctLPN<) zMXy^Uj0si`Y>pdXjEgRSG9`&^akiD2H7no6YDz3VgCZqSNxp(tQhWYS35wE?1FYl! z_Kr;cZ-2Odu;%|(@o4@(eG+YkPcR8P(*Z-*Q6L?D8I%udtno@oILzK^T6!N3k)#Hh9_fRU*Y z_yK{wTws_{p(+3xONucuo*08cua=k48!rhA)&>a%p(zq1UQZN5a0kI{lHSoJD7e5; zo=$;24O<|F#g8;HQd9u=F^i)hD&l(r@mhpK0)d}^9FAa4f?JWT7e+Y@iuituIFk8A zFd^;Tz==PP(pip|wl8)7hKJWgIx7qu1i!fHBQ%>r1iTp%iHSTjhL(DE@@e)&Cv|&% z!Le!rK$4mmsBw+%AfR}t8yJ_Ep(q(^Ig^BxDWIRkD8=v-NF}s@9OI)j2h&+xL|M!$ zN07!G-2xFFf1x}|6UZY=iDf<)<~I6Jh{$!J2wWGs?kFWD{gLBnj(CKz1eW zoQk7hu-2DR=Ce5ecilJ`Y#sl1uw&l;>>sWDzgF{9@qhevw>)5-asMOZ1C8#ilov#5 z+spEUII|?SwVdkXV2{bRn~55vy24ecHbgn}}4}^&qUGlG?M1 zQ$*5(r=4cKS}SfcjYi5+w=%b4gKyZ)KPUrPzDU#&`!*O!9oO%RnQX@Y#nH|7`yzO+ zIpj9>0IK8vc6ZG9|9g8!!!`f6ibvfP(j2A;L))J3c$QZDNei5HckniNSGb$62=~i8ox)-QXXt7c z!&YN1YUZ;Tehu8ulW`8EA6XNmBU+^zTUUG>tpzz}G$w|LvaU z{2%$Y{ho&MX_W!0hX30=+A;5cclQt0_TMXcs9KMj@*yyqB?0xV!W3c*6PWu27OiO( zYpx+vOa==h*5WB%B{dYpj0=^BAlQs%3<#6~OY$A3cQ7a3D6=F0hkML1<$5+6MIV9J z_sVQs>9ww#45Gss~U#N9UlGlp_rGub{=bI(zrNe#fAs(Mx&Jr*qxWgJ zb-43||J?9s6S_K6SC5hvqiRD5t^@FDh6;d*DK#L*qe1k~eggbBoA}9W3iBwSt0?dh z)w}xv=6%3@BAAleGKMsgxChiWnfxs`oG(`oT08tAK3~Y@_FlXd6hnNi_!%S%w z#&gbCA|Fu`-3>872*5qmFr|tfq;1oy zr+)t4!7!qJT3M=Njg6Dv+eg%JK2Z`)aieA_bvPHz5R9k zhm}11{)bL2_|q_ET+HfQEEP?UT^F_1Fzc>N(a4YivH7hFWc|^ zeB9;=ppO3U4K4f6ox`>Kw~|M@pT+YE;s_N>5`Pv24TJl(BK94z zZIcYUM_cmX$0GMn@ZUN`rZGT`C~Zn~Hq9r%j7Kscap5tqTx2mAs8L%#%+dk^-L9Uc z02febmf(S9lF$0#=VQ`Ytr7CJyq&f-{ra!efZ#-HN5TDUeY0J?^mQ*|LfTAxel!O+cZZyBA4( zPfi@E^kVl5R)9;^)>EGU@R}T}1l)!`ZNN(YLQ_g8R4@<0YTEX2=I1mh6@>5%J4phO5ZW0-)=jXC%XZs9%Z^}tS#Mo=V1 zz`yxO`3gRRQIw;iM^SNP=ctI>EtGvQnLlGjypyvHW~90KAMKO#oKs@@O1^T6gm z(KhF|l;*`roK5^*&+N1#%&4%0W~=Fm9Y$1_tZRnc9uS#7dSgz3i6y{) z9-IE{>CHcJlSDvgm25|RMdv$6>`1YVr$bTx;sf~yYSjMBv-ANa!|1}t#&`*IZsC0m zHsa+iycc=r2olP+GY6S@G;ltcj-j@%%^L7y<|iRf|7u0D6~iDBXXAPFXsrvGlF1!d zw48cj(L%?yAn#t@yyL<_sT=Jj@3k^|xl5BsxEvPon0>UA=*TOf)?soLD7x zB(kdYXURXxXt?0(qeWJN@}_Jp@E{;006(r2;l2dv6q0Dtr0p%zLm%9vX>5kDpl$PD z&`N_IUQ%A8nRP5a{ZKJMlX%+AVC$i`mzj^+@sA2PrNNWwW>q~CIDusjLp|3t^ub2R z*d$kIA=*GmAYW3E*CRg^FOahBxuIRF=|viB6t)YVksTuf?u6h6#Bx^<##00-+6??D zjER#A>xto3Q!@>$r=xV1ID)FHWh`zowC)hC@xV*$ww&G@&6lj%vV~RCCq5k%cIWd! zh!{&MQZhH9-yKa7JB~IDFQ0~fXws)p2K#oRVI7&0Eobg|EtTs!Qz=;;$$N5G{Kc`! zACZ}y5BPWb$E9CP9Jq^H>{`yj2KUUfxHD}iL_x;5yD%ylAChBVmREe_ML{)3{IVcBTZvz`hqn5baCH%AiukfGVP@ z@~Lv>Gn^bcB=Wki>uCHWWcd~N?iIj$#s?J%QxtEgCcto>0hko|y-Q2r& z7V>ViyTm%acPlt<(qhuSBW&_=IHExS@%-z^Dwq6xE^#rZh62xEV5~5;7sAXX31ge3;}I2aL0StUb46 zF6~~`O<%H?7+y~m<53rW>Ld^(<*~O2hO~Ao^r%OR6Sq1+mf^CnB+I2#C55Ftii#A# zj}a2IZCBb%3T`3?$0S+z5H#SS7wqdXZIJHLW;0-XhR4DfNV3>Cxx zX@phY?HhIhxH$RPtFof|E{)d~qW?T$bvN-pjt=%r```WHaP9xQl1HQezv6lA&I*h# zlkegLke%uD2*5J&JdHw-L@^-oPGGJiACL+S#WX<>MuC&Ab8=>}S4x{{VytkF^C*n` zQ$ItlJQZR{E;8a_Ie7i&`SbIW_opY9*D4qz%dnssW^sYF((KcwRUPQ_0Sh6_&OXfi zSc6P#qy9*u59-@qjo+g~Tj;{+nXWXPCDDf&WJYRLc2N#QT+xc z|6?+PVgTR#kD8a-*qLwsM}_jotCQ>BO99cZ<*=-NixHtUm4+_=IDcN+4*9r9Go)f) zC4=Gy!)Y}0$7#akWG+xysd$BQMF4jl*>-CE~on<5wyN~cWL=!zt zpqj&yHuu6FK^u_0c4!WtlPtqXuy<@#-g>}$^FNpZcz8jn6rfpUGR>?$`FlYS@2}6^ zxWR1y1m0Xczc>aLqY=!(IGX_kiT^l=5|Bg6_R~<*iC;u>2qrL|l6ByR|D2(M@+E8= zZ{eX$z#UJDHBIL?j89|O-EW&OZt)vG_xug`yZdG`MK*`Md9yhk2pn7k$@01%1A@>!B# zSHWLx7hJ+L{3tdN@^H5xNqm2EW&r9Fs0uFtOCFArsD2$&*r5HA)3@#5;@kIVPV zgKQ+K4KOzAM$xLi(R*>W?AM&{(eos?q=K9_{WM`k#a0?%Mx* zC6AS#fy}KE$fp}skhWsJ3w@B$qpt132>1)?P9)SdQlMoyHjkeIkCapqu(JMYsOl$x zfb`UK=C0DOxcNT?n%0Ks3UiFAsb$&JG}SV2Hk4V(h>LRuzT&jv_bMFIK@PJNMMbJ4 zQf+ThCGk<KrEG&3vbaxdyStmh7#bjdi|AL->N1{;^D%xN)0H+ zSR|rdhV@wJ{Ewp%4DN%tN%H>&`Co@eX8f=Houl>r&q^Nc{1@}u&7m*AeHRD5(wnXi z`$?MKszfi#;dPN_9!;BgUHEySk-80&e4deL}%u-2RE={mjyk-psKsSs|VnZ&3+aWq9%UOwzo}iAx*55^ppI z3upO$@sUYVIU*4f&K;QHVqMGfXe!jJM$ZhyFImy<&@OjDmpG`PbxwgT+l&q87X4FM zu==b}s$!zGAvTwL-C9Fhvv_sXIXc?vRmZN;0xp4BwSu)(EV@{}mW}mX-io>=P{~TJ z7~87IGj6|`62HdU^{sWK1X-E7 zLaUy!y47I$fW3({l@LARUdQfrd01n-0J=EDGKZ0R}&2aTG*FOpI1>$H83`$677Yn>XZC@pA}JfeQpa zf{2=S2w;)gVz@<&+~7xln#FJnue|$oMoo!*@aFWAp#I16OG1*;U>@pIo<)u_bU`U%UbSXoT5pW%##%k35$kz!1hf*`?N%F0=rvNl zF#1cPBJ$(tU(g6fOz(Ak#AP=_Cg-2en0R7}J_PuS6r^)aZvhkCIfzMO36;VmvufCq zV^J=H!9X!MRKz{X?P{DZmzpfqfNGg%3RY&H6!u)z8(4yoLq<@oY`L+CtmCm7UJq<; zSkv8eaPzHjau zymocuV_4sZ@}G63YqJjm7t8#rY9x;4Fo6hpz{5vW#Qw&sw3ubO83+OJ#;^s^v?^TH zGS0KWV>j_T-P6_=Ovh%Cu?&!FweVlDRoN2wJ7_^uhU!f;h3U*`R8fhh*r=XH=}T~} zIR*`J%VZz{N3ugkvZCLQl%JG6>WZy2xk^$-{!%&5g3r(~b^d$~VRo8k_wIn2B_}3_ zVX_YH_%A4f0gz7SbC}=dQ32^8%kPg1ZRLn#R=lRzzJmD}N(l0^tGyC03X*h6GR+ay z<2{G5e}4^wGzl^9jE~w`4&O|2h$d+qVm^Ep1P~$h6>DBr%U~X*A^+_NzQXxmf`n$q zLoahg4k_6)HBpC)dl32cDTE&H*eFi@;&9)?T`cIohx?wDVXHa+{0#goIcT5VKAGA6 z3AzH6#*DRb@3rD6C59i9grq8jw>nZ)$-FCE9F>y z^h#HB!%+fPG#98*%lwS1m_0D6n4fVKeSsSl^pCi>w)~CK+BfhxU8cXQXCeKc41m&s z|JTm$-odWv|Fye+u-5;r;?dZ*D-m<26V6R6lkb9SQ+m_2B2dOUGWju+6_X{)IW4`6 zU@hcpHy0(pR{?XK+O0w+%^i2Za%3eIjF-&ehZ#f#I(`B`kj;)+JZ%n*e;x$cjG87* z;WW+fOUu#EK)t|Hip9}1D#*D+|2lr6>w?UZtXay_Uit_{$ruc`s3i=w?;*=BDz?BB z`o!{RmXNyg9*uWv;7*)g*}mw`awsT+R*A(bqGMG^(9ML<7ngsC=wTfbvW2_!t4!u`f!BfrJ| zl2#09xb3hwQPrEouEOmIQf)O~*@e>E6y)~x(6*-@DNOxRvdfxC{A9@)w82=~7$jcF zYKzW2AoH8(dtEe^<|S$7Nt8Yo_8n*3M*77iB$6By27 z2!{A5bELPAMqpepMaR4chWs{$_+Qf$mCL82R2HK_RV${!5yY~ASvNhOnVB9$O6bob z1yjEWCcp=oUlcI!$R2SKcC^J2E^4uoqCa%sE_g)G-FA$c@ZjLr@km|%aSX^!+wt~x z4#)80&X6>>oo_$i|1F)JZ|_K}uI-<|tFu?76<)u-{B!rYT7e)jhJ+6wV`#YV0N@3f zz3~2bbNG*c4Bqba|N8DT`Si|1$!|Z z9N<^4qBz3bKYe*H98P;S;yUu1G($EFDK~$%eYyQ+`^EOF?caG@FEC`IRJ45=ZNG`O zUqsulqV3-!Q8vPbb(Et7+}z_W#L5hJ_i>@Kk6D^vMw-3e+lPle-3~-7Bh#FO4h`!= z&%v1megVfRHF0HixU@yf(EJ3lEXV@vH4iBEvZ z7D>|(MPlVhETGp`$hO>TKcHux3##+@WCKwMg9B|S`=(W^=s-m;Hq2-n%XY`;k=;Op zv!KeB$DDaFzdg4W;#6HV<~Ug9II5H`Y8rQ_O=rPCgm5i37N?~HWn)A^=mC`3Sx!$c z&f)7O;s!WzopXh0=_^u^H_UZnW^BbL+bE6W^bR*WO7p2- zAa|@Ya_>V!qR<4Uoc=QG4V)beR+aad{ielD_1D(4ew)ui`hPQOf6XmGjsE{=_rQ$* zcCdfAw*OtpqiN10dAMdX40z&U17KpNf0d&FGfvM)e8+87^Skf z_c9Iqc#@*Rqg7-6n>Sw5Xh#1BrYS? zZ6yHu6?Yb&G@o_c0C@Y(5xl<|!!S=X3IYGs7)M#H4U(h@8%tYTa>_U6%BglGO?dS5 zTkT!f*Swgyzmyx^;S$PK`7lQjDqtdlLMd;`uR)YTmh@x+D6z=rcC}V5`#BpEwstO61*VG8|(1%1#1$xM6%`~>(2MPn=!(jj#Th30};@HV2U3cg`x zE)8-sb$Bhza-X5)8K6pgit1i+3@+v{&!dnTt18!Hj@GSEyG9ebIz&O$ZIz)E7*vdr z^l?Wd8pj<3(`Y;?aKTwdks=X2moS(>oEjgsP>Zof)SBTVj8r3USvfoVJ2*3R-p=_4=0?<<4usjRhU z9W>UxP9rD^`EmEKgte7Q;0a8C@&U6W`3!D>QudjURiX_xF33v|E(6pAd4t?G7#`Ub z&%S0|2EzrXw!RwO$HT_u>0TEVn(BeofvM=R(G|}vh;>0~45!4osebH$kYLb;M)aX5 z2|2J!g|nt7wAC3MjO8X2Gx6`t65S+Q^;)+nxhB`Z%D$nL%S=2}ZtFh8f?`O~0 zlf)89AUKHAJFppZPaExhk6t+&5|U)9@BE}7RvkA{5(1xwv-|lesYPyuU!T2s|I7L7 z=kKr2uKqkfHBygm_+fa;5?5F0hN^f?Pi^A-&(kxHgEfx>-kNUp#9n$Pre%w~;)vCk zw&#bTz@?nkCm>&?sL;|!VlgwHB{Iciguo39{278+7{xMYk%C~7-X#P8rPeoal;#ki zyQl~zQ8LD5{3IHyrTk6UEHwV zc0Fs1Vxrn3@H*d93ZIPoccwwN8KKg39I$EF#)@gOI>rsp-b5ty;lWkRfIiMF&9lIwke;WvzGx|a z;BTKR7Q{agPhG|k%>efqsOhDQYligikCKVuw*;U{I4>cEBckA_CWX4lTHuKt)f*0m zmjeTq(4>x|2-n~YQ8>faj==J!^A?dOYh-P{JvhJKgA>8$XaSr*?#uc;JSFv5)U@WC z&Q)x&KKjfbGV^R*8Swo^IsvXS^RdW=T}c+yZ+GT{nBn80ynlJ%fn=XqIlYs)Q2Q0} zGgLUbRC2@jC<{1Shn!pFm}i$nO>2c;7yJTdsWqkFb>DiC0v$Y#ey(j|#4y==XkwXD zW?bd5bVa4dohh5&20|oDX_gN*#VA4Em4wE41&cKi(y%=DBGYdA=UM_XrlOdkEWp#n z^Us@!1*;aLz5-=qSH+*KNY?+`yFilCEwO)-tIM2>HwVE~PbqF&1#zQSe)1DbL9-t) z8@>wAq@qgN_@A7Ri8Lfo?_E82jkxTN|I5f8o4()}a9wqxqu(k1fdmo-$YDwHQr@Y5 zt;f%uRDDe4ZYUU#RB1y{J90{z%z~$W%aXRVD6%GiIJMSrFWg^bMb_fsaim|WJnT;P ztbqP1R`3e@8yyz)mx5v}r#v}Q+{=`Skm}zt)rdEtBprajT1>>_8;%OO#X2hcNKW=o z!oX^a@<);08knyNa=0IQ*J}LU8hQ|iWDp(V(fpD5pjNTY-#DLO6LK68)2 z-ABPH1t*BhC;W;^kz1nSyUpp8Kq&O0w)!)b^;vWQS&t!q0W%|?+1(%kpQI^;e4zkk@G!Bn;M;P~)!88p| z9`Gd~6OX--JD{yVFWOH24L*L+@iQFJfWAiOhglYPIoG#R?imC{HN8e!{KC=fln2PI ze^i?Q6UUTs9Nfhcy5u`VKkb#LAu+v{EX&ca?jP$Iyoa6T$0n*dpD+xdm;?} z!aQ6UE_$g3er?oEZ%45{#)VWEjEhVs0jB!}D0m&5$9B-a!&-fOPDKc3_y%31Pu6QOqHDpHu&iNSNBxJh_jb0w_x@SoaXH-rfMh&QXR2vWrT zo&gc!F9~?NmH{z%cdU`TGrp4^Ap@5DH%@Kiw*k`2ZbU9e`x1BS|ruMy8In;WUqG5|3wiABKI#UZ6Qj{+?)ZNO6hk z!{PmLU+j6fV9siagHJstpXb5K16F>lu~>;943&mw#@U7(=SMlZJ&nCIZ+vE#r+-lv zQ>F$`iuB=w)n)*aUS)jlf?hCCZ=&b}c>kuy0FHA4{@c;tC@YZsG#1g9Rw5AZqlGJf zf9Ve(f@SCzB|Ld#>n^Md*0$mze(=eJa7Bq!1%);8*RHSt$3p-q$z{zMP?iKo^)gO& zV*rnug{I-iZ~8NQ_!Xm|i=&Jhibb@Eh#U<&P)Cn!57s9dEyIE`VwVevg5XR+`H;Z0 zlDRHO-vIJ>g!XOD8p`|8vLxfW%xW`p?n_{B*JH}n6egJk(Z^C zbRft^hGfT__m9+BY^Po6*%c$?j_(-c4(E_wRScVOpzV;Nwhd7$_=(P|t@3w2@%kZ5 z9}Fu@;FCQ9N;rzzED?logot|-ir^*$lo2`~AG|1B$fpoPGnB)2z8F4cTr9hMZtx5( z{JvDn-nU|!o>Qs3@7#5;LLu2hUuZC;plS(+q^WeK#AUrxVyOFsEdrl}0YcJ1ZGXl| zdt3u|xf?jNtuH1!)p;SAh07Iq*mrq(?E}%SOCskktHa1i;^YKm*`598Vyl^T)X+40 zhx!1#iQr`w@VI1oJ0XQTHh;PoO{-B~9TMn|s~aiUdA0J!EFa(79UBOJ4$A7U6x=(U z^W{|G3mY6~hPJKprm+W4g%F-X%SdWIU0$NxBF}`&j0tb`FG;GcqQIlPZCp=?bP&!) zrWWk_3u)UwFH$=dob1H>Mo!H#vCSAlLh|!qq`%Bq$GE#s4w5qFR|+#wLW(KJl9f_N zemq_q4au+`4@zg80EwFC2#vI2cs*rat==a~v5bYznt7V>`DTJQdlao{Lp19|Te86B zIhq## zj>_O%GmrG+Hkb1)n1jid>6=>;w6PE*nEsgLa)t5Xy)Qwf=p`;Y3s9!YyI;$ke|Q9NauhctQ5G1PCzlwb{W8tX+_vQ! zDO@ws%6@*`?`x!Q-^*|r+K$)@gi|f~w$W^~XG<)}qj@w|`^kZv!@q3qD`^&%NyV;h zy^*9#mUx0?T;lr#SPN^-_6=l0e4Sr$0l`!PmQJ#4gelKD&`BPdJ&a10@*c2Y<(biM z{QPvRN^;d@-ajD%Ge5NyI;%?Opz~1`4SRhdQh5DcJf1&4-@iauU8hqkdKe(eP2FCk z7VVPPeBCn4@t9JcZKxyLtNae&{zyvm180X+&LC3c^#0%b`wgzvTpzirI?5gbQPjrB zO19Y^@ip<+%CExq?Z==tKTN7E>w^WOuRy?ECK%POqb~=zF!1wmW2CN`4o_ZnFUK!* zpgJ;{)f<4=Uqy%v1DSy3{ekm{x#w_NbP(iq(;on!$?t@WUO$_9c%cdCe!HsBcAg|X1o4Qz4%xLwI!VK4 zE=pwM1b(U{j(aQnFg=%fxj*vzi8m&>!F$0hK!V~H$D5Ey0#(2dp?fN3?YqD&iZ9^u z_4WSX-`m>-?j8aKJUJ8#G)|UH-z{rP35(4J}+RV|4$Sh3q%flF|=b?MPvTFWMw7wCr*k9EfkY->_(o7#O+^3euX=(#(c^?b_I6 z1xs6ji7dsrdELBkNB`b0@x1edbP$A|``X!n_ZHB9aywfBy1YG}-LprVseMT*h<1?f zbzEi9H$GuIBEKTm9{R01dl#S{KZd6R4paEvjYRsCy!-wZ?awCNCnZ2I-q=Tc{o<=V`petz?%tN_gvJo&DS}4yM$2jWOWJGDO;L&*jbgVsyltn z=1+)iSa?kRd9emnt*hZxuYWeJo5u7Y5ne~PwbWS?7WN@gE$4An{u|R-kSMZ{ADe*1 z#K`8I+E<~%_VD~vB_&}@7uRz|TBYy1IK%zkGq$4jFfvk62uzU2*cjo7j0>i?+sQ9Z9R9j>9|BMM*+-l zzAU5O#|Qpiji$Q~xcx9c)c1hIZpctc|2K$tvNwF$H}ppu6zS4tkNl>J=iTaOfJe+RL?WGj^qrBdH&FF@rBkZ+rxhvTa+e5eJu zCQEVve2Vi4aDg15U;EyMe(36N)YI=_!BWBZhVZf{0$`bd+*PF6C)KveebcNZO2t-ABp7{hu4E5~m0*po;6efYwFr}&h zFTO!0I-ni3z;5Sf9oa|D6mXigj_@rHT(9DDR|eMJ+eiYSHA7l;6kvLJqz;P5Hh}3+ zm1ks4SUUQN-3Usy(wztALO&!dFs8*Rrw+=v{)HvcT=qjVE7BFEwjs}Wqafi(7f3^f-v6_n9o*O}p za})d;D}F|iS&`^tpwd8BiHPs;rh`)Fi#-q|Sp)@7{LrlV?Us(szk%fW&67a?AbMEw z_tiVf@T|m<@PXx;^m|nTu%oHZX*>WH_TpoAMPRq^Q)&o7LnffMUu0F%)bhGTJlelRd`+Bsy5H35~%fBV{$9B2F04K6cFc@PB zMXF6jBH3^#ea&7-+IMJZhDC9)SA_EwHi)pr-=X;;W<^cq?)jp+wEd;XCQ0jAT&W}8 z-rRpic)Y#lZY>AvhtF+L?b5~+S@){$XZb2<;dN{xs+!--9g0u6Sv3)NPC=ybB^&Kr z=vCCo6_)-<(Kq7yKH&3Q;is_dVK>=_Q8w`A*4g?V_zO0|4iJDn*ESAR)2c*x-bD{~ z;Jr4w%b>RaxMW_h2Vm=NRgpsLK^|1rxi_;eDB=diVIeLL%CpRWF4$fhPovu{{psel zSu|Zsj(l{k!4U`Cul2PTeXc=W<{dRq$E?>zy82#zAPspm8b*G@?o1}5WZ_e+gd$6H z9Nwx-#K9nA1dEYIBS7O?zVh+Mp5&e=wcCoMGWge|F_!2xtC+H&o148FpR>ZUl$;#E zWZ20IgiT?QD=J?1zlktGK@Tq1d41XZ4ETTr37}r~2d+VF)QDK*IDWS7Jgli>`oz~* z`lN`6Tk+?i%=RQ3P=$U?qEuKDW5AaLI?=UoMQExP1#gudk>(*Kby$84Rv72CJAUpv z=fMxb!8amX5jAt3Jxo);_Nf_@I)f-+FvL%s?pcu+t*w_37GM+vtbO`G-^hxw! zL@?N7KraP^tuRn{;!IsF%dhXfvRYti%bbt6C%al5Z-xQ?{OZz?`}hshAh=8 zl$;1t9%~p;m~;rDPT{CljVa$Utt9cbk@^RcGCiS#1jQI#r07}043)0ZKxs~Rt5s|n z#iw9ZY}V40LI!-?#G4v4NWh(={un-*clA3#&j z1!$E0OoD(x2{t{z6|lo5j}UYsOwn1T%bGDwJA7U;pN~W>zZ`&2B@qfsF8K1!)05U1WhXtOj|?sqI$@WZ379U zJLxf0j+N4F2-l4ACq!NHm{zR7i!1Mt^+hZghv4@aRrYaJ^6ygh;lJTQ(F|hkVaO>K z&S>goiA?`Fq_Sjc4=7cE=w{lB^32iJsN?JY%eAy!D+{~-d9PjoA60bNysg2lFzty5_nb72v}3MVsc`%`%ngoQC==+6zJb(!(z1zw3eUEDOrb(7~?B!-k(1LGjdfWjq!muf4{znr+|mn4#0-wi2J8d zP{d?4MeD9MJ!FUKd4_)_$s>}*Bm{jwP2f0Ob95ynhl?FKl=@Ry1DtXZ57zEJ&kqUz z04Di#i9vUhG?1C-b-IgpJ3=NgJn{Vq>s5Q$pgX&`fdzJLs-pE(2&U+5fCv~UP`aoZ zFD>wsvJAq53XT1cnN~l{d|(a<(n`36B#mgXfJm(AS*ysGt9Fvi zMwsN!yUH{}3Msw2KrRXKDnhP$R&=(S0vPR2*XNZK=wIh--Vk7STR&3VaU#A&SmUJp zTc8Db5izLD(4^WD?e(+XjxaBX?M}73!6@U{?G*ixQ(XjMcEVp9N^sDJqGKXKKp{TY zSN<=#4{4ZdJnw7>Km*tkB)3p-#0MKMx)oioz}w(6^A?U)ea4YHEFQ%L#cco@jm@>+ zGd>m_-NQW0%kFy9@Y}BPhn5r2#oKxmD6lTfr=16^^44?(d@p$X1tD^|+mE-9@&{n> zGYxW&Mn+dzG-*}YP+k2OkD-Z-M**FSo)p>dLupfvz-;K){NK_U{`+mLFq!|Ep^Qqv zD#b&&zGKCCQ;FLgoV-+CTNxJGQ!;50RbT2p;_NUGe4oIkjp%c2ZVah7QFXVEFEG1w zfjq`GiXl@zK7eK9y4chFj>BCBRMUR-hHBmYaPcMgT3LJ!7z!a~0IWG%IRM*|BM`6< z;wW+H{855PO@j)g!Ak+|xQrH=5CMj~z37eZnCV~7x=rWG%$_@lT*J=577QBDDhovIdc-=l=X zO@POSPM2Amt_`w?D7K109bF62oA+lVzTBg&yL(M=Uv2i}w(SGDA9)}*;Mpn2edxi7 zib!$L4qI)B(8SR_Ydk+uVO&!-#j&i-H06rt-Toz$m9j@UEUN~%1oyE3Bez9T|7nwd zO5m(xX*i4&B`!}WL6cZwl5JMi>SVA>D&CHcVV;`hkH))>lOmH?%%r((aTWt19BxJZ z99=y5Lxzr8god@@pF};FP#lqXDlH{Z%JDmTTz`MHb;h{uUvF6?EgcT>FU+gR_*I?Q z{3yLF#N}i(CGszPwTf;61Cn5bwdTtfeH`}4?-EVz6+EZK+3@Uz1M45$XGE$F2p48) zQfk6|PU{jg{(n|35sp+>!Vxk;d6!meI1IQotsgf#ZcFa?{{gG(<8v&A#~9v{wbS!o<;^m0r{0UYW~7_>A0!RwB>y$#WM*+4lnXdPW9!@cURRqpB$>>Yr{Rw8Bcq@Ael7Ye&x4phT zt{=GKvmKNKP%l%#DkI{Vhc7}j0ADn$4lf}C0OTdsI18{d>z!~&U zph|FcQ{=Va>mXRL9=PUvEIz+d?O{wDq73awIeOu|V&EUJ34uJ)b8?VeKhW_7a%+LF zT>}l4KnDGQ_FmAAL9G?IA@S>?rtaLDf8&XD4dR?Ix7YCI$s$kUIiR$HC9Mzmx9K_n zCH$A&$L?bM!0I_a0=&G;S_$Q}O>w};{u<`pQyEYm=>oN)69?!xWf1{Yp`gbb)ce{~P)_R#mP5oD5J79YAz z)@#x6HOwBehv)=D59`-6>P9_dGshj>@_l&6yBCZEEuVdls=~<=$3q<7H}WF8xs`T? zVEiS{7uf)hnVx%-!&ZJ+HIKwgI*@&tk9GCnV5o!{?AP>iodL@B`}P+gS7J6`*s&=a z0i5#$IJ+|+4fJwv2MGfIx!eQUp~MoY1C`vlV*`8b&kwPVbEp2wJTZufi}in(;xEwpW$X3+XL&z>R$U=tiSY2@xmM- zK8Yk9Wh`=Po~)+;RU=wOUjgpNqs-l-MQgdOizkXsi?~2r{H4(fS|z7t{hDn}$m8?ox4`C?aPD85iA!d;Z^olt2(4-fS_EYIMHzeU7nmw# z(%>skNuY=+9_#*(HLuDVG-X_7{pN7QB;V>zrt)cj!O11M-@)Y_p|Fecx#z*J2%A4s zN*kt#g?P^S- z8X4Vk^+p$lRa9SA@vIJx0k&tredn=GAU;aM>SF*l$jz$scF8PvIl|`CoN90;x@P`I zJhG$xji%thhmXpnjEg~?)^si@YdhUKDU?8W^$y}#jij@glV0{{1dSB~ik3qI6fE;a zwHt@$VTuIHJFSX^ZR20p&G^{>vFD02mTp4?z5G`PXKEN$x0Cjo$vpbNaDr77)j$;w z+ay(cWJ1pi+U0E7+V@UQ7#?>r>mDD=hvRC&5K=VjWHyboyE2YK6K)9O(2I^*bhnhVIpKg zAICBHoc0}VsL6b1Mc*cAI}3S5%l_RWluxhZxHF6Dh{4W5s>2^(2LA@+d$`G}1PAHs z6HpjINt_`qpMA*@V*w>iov8&8)LczZcdthQ3rX=SU^9547(s_h9|SE97z%=~G1mK> zGh}rB=~T(Zva=%0m=yYz@CA%5#k7(?niZ|ez5iDpjRVJ^E<0Fll(mr+Yw2RYo~@1Z zhqASnb2F`n(m^LKWtWBzj=;c>P)^xYyW&}_(bttjAl$YvqLlV~9UeD69!G@(l#;7t ztqt5sGD_AOrK>zX(#(8}t-wtcLEJc#brbKhZQx z6ku;wTp-g0;+Q#~!Lnk23{bo<$NQI$yYy`xhrvu_#8KEoF zMBGmeHjH!)ANURp>0athg4a{+aC4Dl&fb*If2hD`F_9s2TkZP?2YGmqcrm4`#`d=Aw?rg%pDW@;*7Mb1?*5tQL z1gg8Kd4Dm~FirnN@MM@7pq3f4K3cb&dF-eD{MPUg?F-XmI9EP${UAa7mj0`UsW39llFlds(0NIl&00jzowb3D#aSQM%vqvzict3_Fze^c3g`@=td!Xia-i}v_n z3~`s|en>Hw3g0Y_Y)_i?hEE@%IukqK^|A;17>fb!k*@>XJ?QNw%&=P zls{!h)uE#81T&c!>1EF`>?EX&#B(*$fc`oUK1VR+0{)-jTom<^lT?&N!7Vv}7u@M( zrvkEq<9T}WR+P{cnarnPS1)Tg`ERogb%%r(bOsNLT-U){-o)Lmmq z$L~e|TBCThFMuxA$G~0TZJm?<^aT?E&zH;$pBreTHH@d{vTKC}W)PZ==XQt2&Z{Vt z3`~B+M_OjPUB*fTqLpYQvIqg$G>UTX2^KXeJoo7K1+dj1kOaxK&YcnHnB)WyONGZ@+)vTg&vWM$Go`uJh=D>vyi*(S5OO6Rc0cu8c4(bed{{Mo|cg_#L)WM?KD(9&z^vYRgGwrp6Xdqg6xkjfE#m zh&C&V>z`BGdfxw=YueoTFkI$1fMB+cdBQ4m3lTTc~)Avs; zW)n?@J-QyYe`N8hB|K$2A~llncA?H5JqRvwL$5Ca$2j@G^pm-*jlksvU=Ia5a15mX z*9GWJm@NUP9!?DA0ifT6tZU3q(%|F6yDxeU;QePuh_9);?U^9+a`5VRsdI)q#yT~z z1D~h>VGN@;MiF2GV-#xOXoLvy*DkT{d*9a==az^mC#3bF#uh8 zp8$k4;EMvbUql1jyJkW8TOc3uiMJUDXuV5Ea!vu98?vl0V(o=JL7;B z)s15L77oMBBbG!KVt-`81crxe-CnyB*e?K&G3jddS{M=BJTB zr6=XE+R5l@v!@@ADytw$;iP1Lgjv{Vb2+a#niG3W`P6A;G6kP}u9{r1#uB+0_4;v@ zUA^UrkJ#vu-hvJ>Yp2~upin>g{`;rV00oBwtBC?Js~-=A)zj>ayMZ%1C(P4`<^tQ{`LKKF48%AI~l()k+z7`c%e3I;4El zCx^x*IZ-;NK(tje+N@?A;zrkQoukFiU(Xa!igDuw$U?Y0I0;XJlKs;_Qv^}B#t5SV z?r5B-NOsI`&93+F^JzdKYxLM;lGxcBaXDpDND4cYrEA42cbwo`VM}c&<a?m;{tipiUn#uwYrTtrqK@|_XSSF}Vz%Q|!3E{FvK1#!)2X*+7^qDm94!Wu=7NQ2W?_;`cth*wm4`Di zgDL|rWuzpP^hUvqES6z_JW%PhVtS+3=6xJ0XE4r)VY1YrDwjf65aS1{kk%@mR(36B zt|!d1s35;s5l3pOf)SJG7DvV@%mSnTTU9LuPlhWJSGqz=QY%)kuI5B7%qMk{ny}cP z@khx<3mVtbXF*7RIhpF?1NI09_p)x*&R_4#VFz(k?uB4y&3!qnM44J2xF-I(rPbxj zt|a$`$~>#_%iu5Y2E~gJLasc!nWv*_aZMRxLbv&{XG@n?SB%ZS{Us@(SB;D7&d zK&4?#Xt9urZSNV7U@J2y4@B9=Hf_k@E$Wd!4T|mK8tMZI^!YNy&|X=6UEU&siJL+* z`-xN^FlH^m2zXeERn|@UhJO4V`At*EJH$AAtWsGc$2CRfN4;tEk@X`!{DVZM>yx!p z=B7T;l5y~T@@ZXHD?2kv-BhD0djoD?0O6a841HS`tg#iGXN0kr(Nv)X;#y5O(lPB1 zXnBb7TI%22M;GFB=7xNmV6wrE55~TlE|d6bpH~cmUYHt|TJhiwIH9aDE6CPWZ6gS^ zVduIN3U_U|9!Hy4=^QaA8i!z3B|kM9&^c6THMS6D9_AUROnJg&_Q%{Iy^YzWQ~K8s zP%d5V(=TsAa`sge7OiRyQDc6$W>!rvky;C&pa2&ycxT^c&;~Crho%$k_Va zblRDaTgGVqtyL+A|DuG)Os#!UEoB}}U@DBGD;<-w_x};NFuLiZ->_Lrs+vy<< z0sG;kwz5!`sd4jhZuORqCEV0J8Twj(S`;Zr49~3 zG86CG-pns+NFbh)&=^9*h^EfGz^Xj=nqLa;B^_PR zNzS^>5uF%z=~Z&1xAv&~5HNjIVEJKwwxm6pE%8&K+GATnV6MT6A;U+rA=w2OVz6-_ zL09Y0(OuebS-WlaC(hI8VAIc8hQ+f&tx<^xyo1nFyT)k8$7}mI<#o0XRP`_?gF;6Q zC9KbJ2a5Ta-4t*MM(ns`YOB5@jycsz&KGwY^$M7jSWlab2~3jH=Qkc~TH~?lJlQ;h zw1pov*p1Rr>Kx^8io+Z&D1m!dT{N}yT+y+e#w?F>80O8t*__uAR%$HtkMJWgZrSam zS%uv0Ji6&B2_4sPD%95S2oEb0dnA_)DEPjQR98EX_%;N!(%94_7(Oj&0<)#)OnOX7 z3)ZI5yKCd#Ur99qZ6MdbF0d4RXSzrOjQ{82lb>_HX!h*>-(48J zo`oalC>gbz`=di~&-i3b8^3OzytGH*2=V5^KSpYh`Fx=CNFWCbOUQH2nKeTx93fzs?_Gx~y1L?C)a!gow9f zZSgzL-W*rxzI_{y^vq#C4V%)cxKi#eapqqD zk+St93de(@-2#VT@gvJU2~wrIdsh3-e}XMr%i49Ew?ns20tgg9*@3*nf{SFktH9Jz z*hBm9-K8M^qun2Ymb_3ZLBF7V`6fYz;wQhQY9qAh(I}fVQ!I{}Y@ez$11OUC4n)#Q zXv?*voq0%`c-;D+R7}<~pRld|!7O7;Zfr+*z`=pzxfMxyRGt}VkOCgui%u510j|sgQC&eo_d1nVl~LN%3_wV(2xH|&1Y*tIFT0| zg+2#I)+HrM4R{k55mWYB8Nxf2#pypGXn(xx)0=lx>_4rA?1-b~4&V(NU@drs2>Xv0 z5w%yg#HsELnx3&BH{9hMPt1cy{-nXkUiR(@6NrF9>D3~5}z&X5w_QPn)p$(U3==Pkm3vjrO#Xq%Y8bTbDTNrta$Wuu!N!L^jXtIvn-(u)(dQQU2En#V?r z4coNoKVC9UH7{$d|jx0oQttV60M8ep^Rq+qt^d65U<^Ctz3nT$# zXIFancTMlZ9ZxdY{Z6iDus^XsmrLt8y6UiMwd`5!WD4QE1u;jE)9D9xP(;Yve%4vJ zC#Ck{*;u@0NWv@3sS{oQ>L(njNC2KQaUkIM>_Z-em~-_6b?^~9c=0W2p2*k=_Lf@X zAv9$CE_^H=NX_W(4r4SA^FHLND_U9KPI-BB($(=Z(#X4}yw{bKq>a)t+5N-B_8qI0 za}moSY`aTqvCN}5?8!`k>8Q_#V6L=2?DB>5>3(R=E)6C2%OQlha_BT&VOg{SldAu^giZ+DFLq2AG7H z+#&QWxe*|c?H#>8qVu9`?kIAQZ}R}v{raOEKcvxZ6vPr#rBIaW5^ReqQJll%bOucB zf0)f`Xb?c9JTg}>uqpiYXPs49j8X4kQP);hQKN*40YRCKonyLG_ZRLfC|T@(M<}q{ z6)PmS)IwO!IV7pGvixq9xK?37j#WHZC&7yV%KpMEQtf7_AH7PSL1^(Z+kHH44S<+C z%N^N@xY}Brw%7kYaBuB+t`@v23yRf*m+~jteI2-RJANromdxy$(Z|1qylwR9XEW?< z)e1?m7x~746k3tL0+}b8B&BwXPpN`2SZoZFy-A-eJ`y9ei0LikPL+YZCm^HZa)z5i z<&tKs8OTolwv|4d0jUGtE1DHs$a<%%k6-~ki%?I!S#+Y(OSy(X)WUpABt@} zdD!|rj1l%;`E?UMlu);-b_J8+=jH@Zo^8|rJFN`t9Vx2kv%<&R*B5Bc3*uX3eFn%{ zKK;&PRS@Bh4xBVQ0ddmtJZn-RY>oI?{$>~&XVA1D|t!Vt`IL) zq3m@C#Wl^-m^)o}uItVABCfCu^m6#29!=YlDXZPiUV334%`%))WA(H}feZaj5)_M@ z1Q3yUf*$UFv=p)@1)iIY+#kpNI!LvQ8dK%#hJ*DZ?r-T;3YEN)Ad+|H8KhQw-PB4~ zJiBzMCHmrm-DVnGTuK&Hess`wjU8%Kk27s@X7Pv0Yjs)3 zz)lxGFtlM0r zCj?sjDtuNYG#66m@>8qgKwuY_OdCpBtJ88u67Ic^F^1>{`te@^pZ=D8eJ9MN-JD=a z{=>wLmJ+CvrR3+z)%z8}Ex^b39#MvT72zejB^fauRuu_-qgkAU0B(h0o$uQe%~(DQ zOG@}GdKU7rnELe(G1myJ>BuQat3D2a2OBs4-&jNAfRA)Q1V$3nR$o}HxPk(z{vr|U zLp^67GZnoP=R?fI;*9Axs;fpVKNn%eVES$PpoYNmuz_(lDE6+zZ2Ow9wy_sRTA<2^ z=#brB=PPQ2C*Y-Ms0T!|jFw6Po>m7d)W%+UFu4}1*t%7JO4q;BUkAxMq~+y7aHbfJ@zHb1`?GtNQ(C(W~&k)$Jhapt_YV1hSOinG)fR2Z;PonP{3+``F~*kgw#+5kmsqYEjs(;VH`V*&<3 zW#~%*gU5_P;3vMFo!Nan|84wa@ZH%qqyHfgygkR~w5-;sZJhz1h*he;n%|x;?`LAP z`ubu3&-lq&z?F}!@Ujx)IDkdhwY_o)KCeN~%*93|r9w%O%m0H45GC!u1H0@#bpUVr z|M3F;FNt7UG&L~$1LA?Cc^cGA;qrZCl)%d)0Dd}=l03`j7JM>lVDN*U*OuOD{AKcg zjQ0tUH}x0h*hQkSRlG5S9nh`kT$r?gXTt$HOF0~4q#aeX8>F;7(jDP$CXoRGgKyQ` zyQP2LEHfVa3w;M@Y$7N4ByhRj#`XADtKD>XSIypIxQYT?SVK$?>%CrY(ib>P0d(gy zW5e}~*$Ae4OPjr>Up#rxZ^EL4* zs38Z~$N(%o5hhWC!sV9HI9Fp1Ot5Cc&2POlhFYG(?hdqBp2(I$e3D%DhbaslBeGp( zz;!FK14y1R!W*;P!?(YPX zJAyT#8?rOvrAb_s$8udE#(#p{XItAYS&!YXzrigPgB8)j2ceewqszCRa$JxVu4|u? zb;M2$Z#Hn62tsF6@lCKvPeZ-g@vX)Oc~pcFY{FD-#gq@VlhwB}F0e21PX0=A1i7IK z)C)81w2f#GvPb#VEq-qhGcc#4n;clPu(ept;5{DmyU*m;;XmHI=p+J_B>#>8w|ND4 z8V>@lYac+{(}h>yTA!iU)O%Ns2`S;4($59fp_{#$CW$B8%=ro`3iW_|3#!iM>BSRVl5`oB?&P#pW~U!sb5fkDlDn}FwM&s9Jl=p()dyq(yzJ?;|o95pNiEXLGg3vCGOb;e#BFnMGxS2f;~ zEt;gpDwzqhF-G!4bK(fcRTRRJs?1ABW)-`$^#}Cguy{||aeWo!L7xdD`!B@-=LW9# z<12uqwg36q@ZOB>sy%-}rH0FZvg5&S#)l9gh$H;+BkRnB7||YrPz-#K!s5V=MF#rWSqPOEqIy(I=E71C*&(CMN{DnAZGwLJlcW!Q*?Srcni@C5$)4oY(Fx5IpZ>BXa@#V=Si zB@6{FS7|Acb;dUrdo;D=NHD~?c(h9drGs*7uUXoBJ+e%rH|-4V+=j#<%QraiyxPKK z<)`G21e-smhsko_t8RC!i}PXs(yaCU&UU)+FwAyt$saCxZ$+{o=K`-Bz)1_N|IF)S z+S3t)hAC5snq3XpcNP*B!+9s((cw3Y9{XDUYTb-c)(z8pLPQhGTW=9HbGdIeGha60 z0i$vMbeX`92ANha)`hdRFT?#8w;EUZSU=Bus^)W8?`rLQI?H5q<(fV^2J9qmUPpDCI z)i;-y1T`Q?guqrr96QN~{IxoFR)cHA1I-_&XM9P=a#NyBL}JkUSn;QAYo=K0tSf)B zS~eGSY`DX$iGP#)uVQ~0J^S^x00>u(3Db)y+_7-KPPSVpQ=?PEe?LEvgr*k@$s_xp zl||1%V5(mtUHUBL8tylYBr(YEW;R0P1bOP_wsDJcN)AvJjn-WX56x{dgWq z)kQ;-5@(3~GbDJCE)wV(j#vY&NWKAIWTg|)>~I{QAp7H#IitJK{Rf#=&|rfJ4+GLU zU%w0`n@fO{`#ckZe{;TW7HVyPEp2V=`b$6!fmFbupxZ>ML_jpYVb(kQS4wE)gwPH* zlryC68Q3?tooA&zfvD(69!S>{z0rR3LYYr&>pUW^Z?6ydY82UTHV$z-yhyBP7Vl2? zdJAqUJ>Pr?$@*88EYbKON*U$qf|X=?H&ZCF6jCV>j;O`AyTh)ambB#RhlxSJfbN9WOf!Dm^O0_8t*Ts-aZ$l!C2Ni!PIY=|^;Rs{v9L86K zf-`4*He-_4!SLBCUTDi_Kor!OPbb(R&@lT3q%^xV>W3)Di4JYj4}Q&-v*_29Jrqx= zWSPH_CfK8*(nY=unEJJt!C$w3n@5{gd@>h>T@kBYnMD>R7^mHH??fijqM{tp1lAxa$hTaDIUe376Dc(Q@ZWZ2y&2X``x{jn07Acynx7KR@1 z;KvM$L!M<|Oih$Y>!kKV1BK`E2UIa$9z(7Dz_58Gy2OA!1g0L1f}Z08^=NudKij7Zo4E2=i_busgP$domPZZ2 ztLA{gWh##q8%c&5KS%KDh|wyvdS*}O5zUw zT##64w~!$m6+g1%Io@MC+uG27ayz>H-Veiw`c0k44Oev*)X@LE;gQMzAMWn2 zVf3F~eD}dCSorbFUw|^R%bf)T@L)>8Do__t1p?1k>u)H(I@c01#Gh22F>^nU{F@kp z9FAZPlK^gEn&wj@Y7B-Cr&6ogQByu_T^S9qLTZ0-DfPFiuR;?)hvDy3Ewij&2ffV# z!3-7Y6j0EZn(})f?uVYiTo`4*ImF+JI|vgnoyA3z#cW13eW#tqN?_jCyi~;Nb_uNv zRoysFZ~S=Rhv6%0vh)VuzK(8t^(a~$6cW=S-MIf8>?wC%@nde^5I_9J}Wnw=;! zNO)rG=Qp_zN6~H9`?;WC8}8?hw(XL8kq^a!d(qY9=6kW>Hmh7TS0bJ zAyT(P!l<$9+haYN3qjhv4pYjPnH^;eC6|})2y-TWaQmD_*AQ;Myc<9S;AbW9k;^Lq z4ta|z%f)XHA;IAp=1T-$f{B7Sd1qivHOiNc(#jX34kmT38sfcaZ*@k3Mgh{kZD(bN zx4{K%Usl?ur(l!Bg&{wrx3F#LZ%z-b93=(&y97z4+f7iF#T^JMuvj!3<&D85SD>ze zAssO0#?cKi7fm|B3p=_X;IIye-_6liKoI2J%Y+LY>Uvdnhp`g)7pKT!TGI&!Xi-fk zA-08`+5n|1WrlS68zWjzA|rODImMa@;nyF#7%Or@cmz-Cy36xvk7sX1mNS~MWtF5PlbxMP z&?LGWF`M83Y{{C$r{*?p5!ZB34kD*Y_;2V(yUahCV_>8+qz+`g|Gr(mke}k zGqt;A!wrSU`_|1$XRR(uEA0f2Cn9TWX!2H0(?h%%qE`C8w*_?#c$wiM2|y z__Kig-}wNrS^nSKJvgk~|G&Go|E}h7qf6GrHjW(HzIqqmdN(JXr88C_dT|wj=p}*4moSA{jA&%> zY!IElEfCFMdMQlD=I6y#@P;Ix`+Jup`JWA1-3KpxJyOH%NT#XUqsGvwv)Q`%`# zHKcC4(re#EG_=G*c{VF~q3UJTibuV-X#&p4p)Tt^Xp{_G(4Cn{?&B-uKK*F0|6^^USq2M^OMB0X{Qz7OpzsIiqH0)(FT)DhaGgjw z-tXS^%#V{mqPO=%{~zzJ<9}B2c>CX)$z@Og3*4th102+s zd=?P6gtHv>s^NAZ59n)XLX%)OpF}Km|KCzL8sYegq&R*kDZ#w>zrzD>{~zofAFT5~ zuH>oN|ISPcnC2;n)gJ->7L>ZB%;!7hbECvxIEE{18e6*O6w$7!k| z1FAW>`cIdUpbSpP57pDg-|uW#=CdDU`yJWsT{)Jx!SlC`j7J$aEjB18h?;E z^nd^8$oKz#y0^E^|FM$CqyKs)mqGG1tWS-~mw3N#u}`<8NV-FRkcitkQE&s9t4MmhJ3OQdTWP;rRrXLjfCHaRLnodRMpPc;Ct)!-1Ust|#V( zDA}|W>lWk1)!ktv{yC2PbyHbsvX#IpTYOBrt}y{2(KOWu(um|)(Sv_^P&yxQ=x#r?`J9WpCQID$xcTjoZ+IP2F{`X z2fN2U{og&>TgU&dBpI5g_nEdVXx&vmuR9&(a=T@NP*DBz+L8L7>4Mu&^mpr%H7su5=FN;Ge-$l7 zR2#$!sOz?)W~abYL}tRtYM}nUK{3gaP*f)#folA&0uXYaHXn8HuKF1WeXVsbsz8$Q zyTMj%En1f-y}`BWs=jRLwKz%%ERMNqh%@tVRB`e*;0cv6j=F{2EwDMZe*fY4aCf&_ zd%;yIr`AlOH%WR8>vTll?}ENWpc)rx`W@<5c5a<_&BfO+=+r~7{X zho}3;Yx~bi9*_T*(e}#~0LmruNlE}V`pXgl)-3;b#PXNt{m5r^oC3KdX6a=s%yz_rn2Xc9Kt+2iWOVmUYw{xJ}A#t}$jZlr6-rERxhY^J*um z8~EXqrFLr9>DdrXcv3CCc7(#3&pnFIeNt@hLu$4kEsOoApJnj>)XL?x0RKPOt@8h) z~5iD7~4mpVV5I`y;oZewXH+phE; zTl3@P>75n#0DFbVh;H{yyRhySz;DQm#^@SmW9i0S_pQdMd!bO$PeBBD5610}Mf&*g zGT?7h{`tK>%aH$c^6t8H(DUp+2UYw3?mGX&Y93GiGb!AcD*I(7yYD9`_m#*mSLV}0 zy%xxRPX_^O@n~(F`Iw&0{QoqL$t>%15ByyJzo&lwr=x?Tb^PB-9*6&{xqUwwSrzbQ z~T^?)_2{t6J@L%NwnG6iOfM&Ch~KSA7&8n}5~J zK{c(kZsOBP!>Un!kLg&;@oLNft;cSimi1G7I`IF3P&h_AKf*XhjJ+ZWYIzInJpNxj z|2f<{T=V~xJc8g{eRIZlxtLcVCiXG>KEI0x)*AU3E`iPO;x^(%1@mQvda6P(Oj9Ic z`3LGxJ9yq|*}tC0{^TYAs6+<(MGcp-Kj?^1`(;BG8SS3Z6879{WUFvO$pnOgaq13= z3Ld;hF!`3^0=>>+6v^M5slS5RLu7sSfAiv3Bq{UUS)yER=cXhA&`mFaB+@}FcjoAuN6S%CkmKh9FfSe?tK z^UUG@hX?yU|3BJ0TKj*je%a&{`ir(kbB z*)q^?UVXVR^y%=%YXEGXzlGC0MPNjz05_TyGm5s#UV-zJA=RQBK8nXUgQ*!-8*8bz ziz;{o?h$|#0h|Gt0T-KX0MmQ;z--8V_x*`;A-GMI#u0b=H3)15r+QPrRerm~2dmCp zWWs1bcnctg44E<+DJD1@_ki5|W{n#BPo9Cu-U8UoOXwi#$WhLh6MZ3mT~+svd@p$i zU)USLmMZ8z1JQp+{~dYP;;8}VpsWSn1X9buo^0E0&CkhX=t_Q;A9p+G!o&M}(~lpV z#bSiQP)@^!Q4^E1SZ9MGGAiw>_3Z^$Krlf?&z;Ctn1)35N6+W-XEQKkp;R63Wwz!F zYa^L)H|kvUnqdX8@)X3_nU1x7vdFW5{J-S;-*@+qpB`22e?K~2%m1r*jQqcxv%VZr zhFO8K4|xB3eiwJS`@Ih3C8v4YD7F%4#&v97JbeI=!JXla+Q5umE+Oo0`#WjZAItn&%54| zF9u@4EAneQ8on%?ui&L!lK)HPO4M)8ZkMzN@8aTv?Y+CW=(6{GRJ(4fRW28~7r|Ky z@f6%@*7!kJ&JyVVBK%(rgct`i42_b&9R7c_TjBr5yGKWB{=bSxIUGpSOU)8rf)y~d zW&)PL1}e2A3!vPRGlmlWCq-F;q>bo`B!dn{!ElF`EHk)HMt5-`RVQ&e=xI|Sd@7cc z5=5Qz5U1ZAIkNgWmg@hfk3896wqKba`03XNJ z?&6|y$3!haxmq|9ECe`{Nb+V4((QpyQ33gaYlAX~q`n{3F_~zq;=^?@0v@Nsj1TiR zh$kq1!)H4uiF~PMsOr}xI_H7$Eme3FmL|=ZfXz4PfrVgIlDWDo#`2YF@Uhap%}BVz zfKcbdX_{8YpvJY$vq=T*nR%^uS?iw6?Hk9kX`0M8zXd+%H~1eYL=h_X67}cv8DYWEm;M{x3UczgtZYtrjB(r%GR~Z>>8lezF|J zC#`XR^zmRzy6N@KZ%(YrL9jmnSRNQBt%&}jo==_n5}F8#mJu)&OsICsTJeg^vO=s`P!M8zvoVAWaRkJv_Rdt4 ziY%+#MTQFiGayg!1T`-Rn2SPH?*5z;vAD1A$B7oc>3M@ObFj|eFIDF3#N{|oD zRs5!YP>BtyUvc-JI?*BOC!d)sYf?)>FNf9tUdEve1_M75h0q$XgLp#jv-*!yQqeet zRhkP%wQ{S~TfTm(=klt#!u@E&e^yf_D3b@Q=+boVFXVX_6rRos0-Qkys(QH?3Lwt~ zMudtv0QSy<6p3pj+)E|IX}`E!!nqW=f}FxS3+S!kKC3aJ%9*x%@4n-EQwWfHA6mWH zA@>=gY=U#q(J3r27kM6ZccjQ@8ds|?YT1FEC*U+m03%Z*_Yy^8NE4im!Tkgl0LD_> zmLohObm}WwmZd`NWoe+8yMfwBNLt2Evn8P7X#q~uemQtNy#&NwlK7%=PkQ4n&61y+}eQ@^Y*WX@x z@1CEY{rLKu^Xu!2=jYz17q7p)Jij)ofTtS(km4yW9E{?8b^`WycXy}O%PE=?K6v|I zVKbg&=mNS!8Db77xsuUa6x;C0bPBUdzhYQ;Z+41lzB55EEhZ1;;3Amd6|^H3@+^O^ ztyJpv!Ojq8J8WXT>Fd@Y9W%S=uT}#no)8e-aGZq~r_VipCd0vC5ZRp}vv}enRe^Wv z(B_y>iedrZBHvkJHzXSIOh%sNnxulom&DH=rc!*;l33|Vb+_~RU1W)A7Bi^Am@(-^ z8%3TG%QAS9bRdfP1#A${8p;Kjk5zq4$t-uI8IPC@a*_;2>?={O3CVG=gwxEkrjpHg zwizbMF=zPBw+LE5o`I;p5r$IJ_RbSWWN<=yeFUVqSZRCCGPQRA7pi1Hi(Xvs-g#Ss zKa$%$+t_3UEI>a7(dRI#RNV4vN%VLr3f{ewW)%zTN`3I_uL}1Uf`@WZqk{2_@iziS z08v@p9zZxMILrBdL-yf^4mIZVwgyzxVWwXjiZN%Nxz5mao=bAH_$<#(J|EAY=n`AK zsXe#Scke`ZZ(l!ueIle#K{nfd*P!Wfqou(Tetkmfs~6+A`uus>&ztBABnTs5dD$(Ta3lK zcPEvOwAvd!a-xlT+*JPR&_XH~qg)7cH%(a~v}J0RPUl?{?0{eW1H(h8rZ?w3p>I+G z6A*cdLS*BxHfhVJtNmA$P;M7(O~7;Pzq|WKe*V9Mrw8l!zm+_W|Br}`Q|H~^>TRUF zXIff-?e$R-lbt8vj3QVdec0)y;>jr~NGz3vXi^lp>q;{rOqf5Tz5S+XOrq@hkLesLuw^C>D|nhw2;HR$gZY^BvU zdKpN-ZF?~IwY+r9p50k2s%M}eHzIQa7}SLs&7Ep7v%z_GX8KAmQx|uGcJTYo6Yv5R z@kD}kvshK3KWjLf7Q55rj3l&R1CyyoO(MICm1mYel%>lCFQn(*FSgatv1ee+nY0gB zAma4F={p~0qy~649U|)WJ(r-JrUcA74|6k~dVdBIgSi`X?wBe__+ zzUm4O$_4}8QRT;Hok6s86ARCs8mjszQ@c;i5s@|BF@`w&w*R@k_Vf~ zxo5um)I4|_Y7+QDgXx5jH+ts>Mh8hOmOp;sShq{nBGLxy!JX$o&kIk zl1ps(Y}%$1^{}dd>QTR?Gjw@+14LxJ@K3}e9D|r7{xYbu?D^a?Tx{@WHbgW-1!6zS z_&lFhXr<#>dk{KP^p7!4s1Hx8Ctctv+0TU+*jny97`x^RoFzacwz5}loddr zk)Q&_W!PHX!Zx_ZZN}IxG&sGw`uh5%KMZn(w5kyh>KmHV^EH1O8>@9|R8Q*sxo)gB zpITOJX3m5}a_AyCzLqRIub%3DR1Q>!%BmYt+2P;2X>KJ?SNq=-W_W~H!T*5c@O^Lo zGspgSw72Ky|2{n0KUmxUR`JZY=;;|B$Qh5!zQiNrkf_VNQj0=smD)LSG)q&RJg8kj z7Ox>Au!MJhzu)h{9Djo-!z4QaLs-O8=NK5Z^{liDFaSS%kSRxHI_`35Hh}u z0Jugef(#8Vjp#2ZS0xytgEv;aKUV)Z3VeU8OO}qmC?hj@8)a06bes~WRX0wW?pyK( zWsVn;o5uTc?qKpK$(YokN_Q2KJ7FY1c(BN+$r55}%10PtPC&F58Aln{fy}Nx4;i5S zyyWbvRmx?exJZSs*MOp&FkBG&piU=)r3yH959Df{!+`4qc69uQ>L=m$5%{Kj90 zUf>i-YevN{%y&Sme1>UC?yo4m!zmi0a~8u?EEC^X4M@*8Su6>CWhjoxG{2%`gj00l zooPy+sOwo);3-mWx=xWgzc-+~+ralfcyAL*a=#>>?$ehqd-gz8T-iV{*hQg{&rZOe z3wk_`8&?W!0?%X3yKhQh7@M8j3zN!WEu2ysreFh>`G}K51&u1X|w|}$Hl%huyj$xOaIoK zcr$=`o<4wnp9?C8_8CqP==Vp2#;6~YY?R`-V4&Y0Qy8PZTyo%G7xepg&kjNV4G_k( zlbxM0E+(@f7eaS9J5~CRnYtY=XsDr*UP}MHY>XDgh5srirq1h0tz9ru9z-?kcA;64 zLH0F%d&VvK9^!(DlTlGVv~%IA6tBYQ4kkr6l})13dEfGd))a>+g(3+1ae9|cvgUHg2%K)+ueLfF8?l6uBz zC+3pfGkIr@#MNL4^W3uk4KUf^z@Eh^nI#!4@Ez*sW6z{bLP zxl`vg_JL+^J{FIgKo5S~IeexaBtC|jiV-dP%I5RIcG(;p9=XkI=nL*M!ML&*J@bGC z=g%oKXZGSL$5~Qbm}AiI^9s-Qtko)u%z-0|o(W3)UYLTK*QzjJP1Za~%3CAL;NuF^ zzx|sJe0i`Ngagx-kOv+o1t?e*_Fq5RBx^a-?uYZ&FRV9qB%Uvz&#}q$3pCAr-B~+L zp9uN8Bftrnq6UEc^A5~&wxbHwgeaE%>SAK@yQ2fwPrxtlIzaLI;6U-MopcD}0h|>R zLh(Oj=G`}c5Cq3qK+oi9;WbH7M@#5?vT;6rA2v=pOXXbkITaMozbcpa?=DzueKpKiIj{w8vn7k z&i}rW$BO?D?zh5^U0;)=0txtBcMSvK%Oh|T><0h9>|8bixb2;y&W`zefzWbM z{p6Vj>^l<)JZf^CmL4f?lQQi`I36JEP(u-$r9~x%qXtvAH4kIws%25dx?p+39#+3Q z3W;Y{Ue#9En~P9nea8jQz?3OIUCe(4BTR!1cy8^rAJ0epEK2`%)I%EP(sKmusltFz{sjU5Am;g7puq!k&1YE|;SO941iq%^|vwi8umJ1=)SIE z(fw-pmp2E&06~wMmmfvC$LJNI2ow{TiA$e!tB}g;S)s|TKLEEAEb@kO9>He0ASuZp znj5><#FG{X25aC_GD>SRMVUX$TVSu2OFA4)Ps^_&Ny!U~r!}GW@$$Gu=|8WqB>T_) z;ZvXfA3QzYThsqlJTh~tq^ru~T4X~|aq(Q#)RAMt0xmKxGlmjyKSAPnXCXM-;h8usK#CwM%tXi(VZ+c|s41vfq}_(@i)ZwJj>4iY}Q3c0?;s}2w)Pm2Sfm;WTOmV@Z^lNtmaDr`b%pupaiAlfNyPdmnaB0 z9jG*3CkmKajk3VE-fTQx7$`CO%}4{LORdF$au61i2ddNCAP|_Deh(7CS|k6xKVA7h zMPn?|QkDsh=L!Jx`2Ru0|Nrpm@!J1?CC_}0ZYEk!z0Jz3NZ?92O=y6*WEK~kIlv6) z1RuJNifrcchk2C{BpC^MiWnv+_AhWdyvMIFt;) znUDz52R@eOH6U5s*pqq&RZgzFDrD#DJb?ugy*Amoz5M^>E&Af3A~CceGFQh|GNe_X zC=pli>uD+Cz8>MeOg{*K)0;WqJm5CCI~jXe4vq>&bdoafJQ26o4tzW$ygsNh_ zaQ8+9fNI$Q(7)9&k2QG?Kz~921TvNI6z1}V0C8RTklZ2b`f5{2oN|jjH$(uv&0&_H zgs;?y%Kare))y>C{#nF*IUDXI2QtSRG$K>SUJGk8MC+$3|CeN}3-_OY|Ns8+QN{j$ z_;k(xSMhY<|8nY2({!EyAPZJBZRa+8oBMM<4GVD-KBo^uL80&nYd~(2 z_gjXEOxps}*QSZSorBv133C@IC>u9AE5@^ot|1+Tw zp5{5P?S6{fR8LV8zwJA*CmqHEdpFFq7!s?Y1xF>^X#0Utms89e5z8OD!-)9K;VnkQ zYG}a`2{+n)L~=@|sFaZ-aXT*o4f|M7H>so7b0~s24PM znKfu6bFUS7N$6h~$*O1uNz*vhI7+vjBOWa zIi>%0T@Izh z1w-jbUOJa(*Jh<;S?ZrFm)&7_Howy)KGtPuc7IDq8^SYbHng+83Od)+!HVIi+j3^0EK$Z(}rfPjb zqYT?oBqnRNIz?tLMb@0_JXYmSYXVW4rqo|sZI6&Vjm{7V=3THQHlrD!fHW;GkJ|dU5jzXN)-J-g&=FM5RJ%hD_8?$C> zw%L)6fLpsK%kitsQ2n-jA@)Er;{q_3bF8WN=pYNz!J3_D`ui%l>zvNb-FT1OTb2D4 zPrL1`rrp&jn=jzmWzU^iF^&c#25?)ia9l7+hai)Jy>Dw#l6pb7oNl+RWUFu^M$Iw} zF>xoOwC6~{%x_5{{%d)GgyiZf)cYO=nG895!UdROkqJo8Ng^(ak#XSJ z1E2^p;^C3ulw-on{exs`PW3M(_S@yP{p0q(dI0>tY5@u+*PHLY7+$=#4Z%5V9t6)D z=b13rj0q#Gu$meG1O2*Gc6|$m3}KU21NTO6R*?ME@==qu-o5MnOoq4C zoq*+yfMQ+EC+3eK)TK{-j7^q0!eJs=rkgDÐ0&=6abt>vT_MPaCYW%ef@s05-Fh^)m4ZI-gtjVIRS~gWsvLJp@yCV*mDgVRki{m zUEK9WE1^8|L=5%1${iLmpIFW8R*fg+>f$`jlwGDg#MY9~S`u1?B(wr$Pg zgkyR3BQCWSH@7L4&M-wu@MtA{C=XWzFW09Z%7b=@0G(xm!v_v?a!6sCq7<{KY-$SM z;^}M}XfgzxLxzPoNRcUZ3+x|`h-P41;5$??Ir9m_Bdokhk{N|EpKp1tLs2Ti2{ zMsxr!M#8~W9tmxi=SmD@=nl~mS^|=p#8KY3D~^wfRCV-pR3Q37P0|Uty?q(_08+k) zDO(UJs=SN1dT! zyAC-3`7eQjxMyF!X4@)+7NvNMIj537;NsRkSl}4)RVeQOOa|avnW0&Nz4O?CT$rI!$tX+%FwG~hpQ1aI3Xusj>BX@_jQ}^=CY;S*A zl6dbn7Lf2=ZsN&n_D4%@KavNS?sBM{UOKD8(wWLBk6bv_13`NQl@KzV@`?^0;T7$^ zzI)fJC5B!jb#%!(8QtG4^$?-A+Vz8shL^A5K)?I~24HR4Tluqy{GXFnX}`=fNB%!P z-uLZ)`^QJ?_}`U0(lwnV%ai|el7xfy>V*EqWPVXpWUxYr=t!kx(lqpVZ8?SSoi%3)TMNy)&j0@CfDP*kW zc=%NoZQ5d04Ut~FMLdOLbTvyk52UDA(DkLDcq$t9z_HT(1`NQjAX7dv`@ok&CWIB2 zsNhSp#W-1|7abxF;_Bjg%f_xQo-f)En?Q=LDB;TUrE`t?oV^jMwkU3F8}^Ffp*oSi|)BC+Z~Xa%^r~R+9Q=yOeiiM9z_fUViib_ zM~(|qHz-B12%>)+&9GsW^rC@WbVHSI-_sOBh8A1C7N!=c_k?Knn0eL!ny0rJi6mQW zl)80QTd^?7zM?QjSBPSgC>3ep{x?E>{F*OFiln*l(F@4})oLLL`6`}?O)SO5lUB3o zReA*4VcbMCmSw;oi8wA%0j!8Ji&<&j7;>_ua z`=)JooLVdDQkw;RN7C8!@l;WP(JQjDj6V`H$0GVaD`0^}v$U-T@Vxl1-HQHyw12q2 z*8f-W2xb39P3TfRfW1}nd-MRZhF}#gK$Q{yczlJ|jzEh#0+n~KR_cp@{*S|Xy8oVi zhH^*?k<#zC?KD(&Q-d>a<{)Frtv#sMPlsm#`R@*Knc~zfbT)z^H1J+W$(CMRhRXG{$2LbdZl#5Maw=~_eysU zH@8QrwcHlg)T=Slj!aYi?8$TC`j-0ye~IP&e4DArA}VqnL}dhaq%tBzTfUHxkpgT^ zXRP=$WFcG(bU$O4n|??ySu0oDA1lEAqz(m1CMN&;&)E;#U^pwlm=r2O+vd*%XCT@J zk==3?uW&}J=Idu{=}L#a+fd|XFM*zvndSbdEB+~TxtdPFr9mhQ5d%=V$7KvBXd5sB z?h#OATYAo^>-`HtoJ3u%ygR$@=e2b45kHUQ|0X!KNdlP1|91~P`_IAd{@yzO&q^LI z{(H$1Kwx>iPZ_|sz9@~h!pU9TQMF+!VvBS0V2>Zk&rL_%6fg6vF)q_quU)qNI(sgB zX``yv-^jL28y47ReqAmxn`3J@9T~OVsKKQphi+%p*x;YO&iyg2Rt|Wd zBl-Va+yDP+!TS<{+Weg^dj@~!TgBR6so7+& zcM2;R!bC3GVT^NlTh(}PL-vIM1#}yf4OFB954l<BdOj+2r z?ALdZ>HaZPfcpu`s{JoxqIKtgsJrUD8P96`>^wZJ8cW4Epqp{;EIt!w~wL$)>ote+)3 zkL3UQWup;b9{=ae-sAtf$LsU|l{|vIf2(E@d zL4!A^8m-=P=yEQzs%*B!YtG^F%;WN^F&Bq6H>z3_Yu$rm-^qEJCC)UcWfr*9bi-eY zUg!1A;8;kF6v>oh6v5;HKm*rbLT(e*I<z>{3UP8OxDB+xyizDE8s!t3<@%U&A6Dng6_bq zZ4d4FKYlKgC08 z$YDLB7K>v5(=>8)tFUAs3*!tI5g4>C5A!^IFcp5UoAo_B9rr(n5MV;U<12jn7}z||8$YW0~} zfm4wYjYDLEpSb|N;k5k(+|O&^8zL#T1SaxSFM@ zYKC=cr;-w`MQ23lHc(mfx;5wK0Bq6P^_Qn-om!wn7`K3X{+6>tmcFPPL}D%DujJ__|8upiy8&RH{LlaP^#7;32W$C%6^~;+ho$}8K4NdD3`mvU zk%ti-YY+-7ClZBpxSNtpeM|H$C2a-ciuGXU3AlokA&_EL$W~x3?!PWb;6$L&)F43k z(3M(oOK0dz>=A{!_DI0lh|sCJHHCpPD@=RULI8|)NQp<){qAhauZMB9D9s1M0qPYVFed3{+@yyGImdB!o<-5LP;B~ z%J8EsA4f6^Ww0HJ63iBBB0+o=pe)9S4FsHl)cOc*YHfo zsa30SisLsEGGk~74VS=LwarLMm(VH)Q`g=#8e>)<3SQ^DO+vf0VzvlTl?POT^IG`^ zQ9OF!ps76mNPw;)Z4Eg^jBlp}n!FRRPt(+EQy!6km~(J>bq#9obNYQ!dbj7X%r|UH$cPg1z0t+~V41s%y3)^~C5Sc5m)oMym&ITMp1U7&#T6dHG z1aDln{df1^(3k)A_jcF*A1it0Np(sZntM*8B(oe*#_3}gqnDVqJK|AQ6C@MrcdNy8 z9)7FZT6JvywA=qmQrr2_G99!h19SHO-tq21<^IpZ_5NSUV_ACSjfd6@E8k~Ua>U_7 zYppP7Y|@SwJ5Rt@S_aJE6eXfr1|SP^U)Rfu7qvaC#Ba}0Srl@7rYw&a{!JaIoIF$T z0!1$2R0K=ab5`kq&e39n(JW2nJp~&THzS6sO0MT8Ed5+c%mmcecZgD)pe?YOss1-* zFPCa0@3`@F+1RRjX>I(-d&P0GMAUVxQmjKfjBtPc5L; zp%NUIIE9S4i_pqLEiR@~vu03;tkM^Z&A5mw*Hh&Kh$ckvNBLd+0Aa`KkJPWaEB(*% z@sj1gz1^b&pZ@Rft^I#i^Hk}7mXDW1_=Q!cf#PTR7_}w&94St#4bA5-oX8dwa^VHl zd73y4oQX5|NLJJQBtTM;@iTQw`c%utE9^8Y(6bz7#eK}mZ{iJl0N*Rf zKLDJ8KZ>?Km(ipg@gV{tZ=|B%bxyKDDysUgyUq%VvvE{*&Et?|kBdAle^!~_sl3TJ zPXR8>jlK{__}kJ!0t^XBea@&ubT#OxpfgnUYPB)Z-mBh_`+&p(X@ul1p*f@H2o703 zwq*;oPQ4O~ixw^{i<6h_Mr=Z;x;Ah_=ZJ4Bj?{p3g@a9CFIUOIMMGP_bHTPdTjBZo zo7Ixb^F3hosM*lG^<1}pOJE>+Ey$e&XygM)zpSRV+`(^@H~7Ac)0wmsZnWvhASWc{ z5=HTlqXi6xRILu zG^1(fA)#r>23e6ra#u!TFGPAzM0({#)*_753;Bajc_dfEoIx{4K4#1W+Vx{rZKGz$ zg4`>nC}B3m+%yZKZWlDcDTlRv9e4cO*9%Ql``Y%5wy$MPJqVbL%JNf^;ev2oz@Pit zf=au(BFQWH4pgG$Hl(beJnJ}~^VYs9YJ?26{N+z|(d;~mxK*JIK3dh~tWm74XTJq! zHM{+*^xqr1s-RdmRM)TH%V3clqva2SMFnbKHOQIHkB`Q#*Y@dZ|I;3z zU5tQp&VLS$pC0??KYIu3`+rvQ$k={8tKcSw_k5-o4g3$pmsqj>EsTa`J?jM6GX@%L z?L#2*vcH&F(9~bRHfT0QI|HF#yt|dq1pRa{6`EF;U@u%73?F4M1U2RuD3+rp2>A=Q==V1LanDCDmN+iQeWg zOI{lsszV$|Xy{i8BulWn^{jH1S)HAlL&cpZ;0nHY zcD0ICyt3msqZ8&vP99}ebSnj1yJ=VE%94#$ZatneKXcP;ELX(rDF0Q$`P#^VbL7AM z{r!DU{yRM0U!VW3_!~$hY8Wcf==YG`|zQdgQRoD1D zGAP>L3Z<1%q~(&_gL?!f@UFavF9BFLz_tOE0e&U9Db4+MN3#UI-RA%5E?J$%Z!0}! zk`~XXj7)JwV^?Gl-6{vDP68=g79l6If(vOl1Mc;aBRqCfS=G>FSv2zH71PL85ao)r zg5UPJz;frG)~Es7a{JZD(%%O|?=`YN#a#*l{Hwj&j9{1<_PR5*c`QxE#GV!fj3-l+ z70>y$#ZLdbFuC{0)7DS>r#t@_DL6X$fX(y&KYCj6|9^VC&i}lUrws#ENmu&5a~3Yp z)Mh}ssCV)$^fyt~mD6SNwsT%dX#3#{a5d0B0S+RnDAe!X_4@sOqd`Kn?KCYc5aRWQ z6Y6Ngu6RT6N}ICQub?2`!D+hHP`|-C{1H*Pj{ARN5;$Cuq)gw?Ob+Jx|L^(v-}jGq z*Y@AlJX}cVIsTuh_ z?U^8+j>~e6QN#sNJ%4d(hO=xh`8399am6PxpTNR{P1dE& zPvERbC$Ri52Sr`^zsxAuEd+25|35l@>YxAYA0Mvsf34)H#Q$B$8D2^Vpvga3uK=nd zZ36*SafidJSH8}tmuijPr#@S{pAX0__yMB99TXQ12-oA#HYVI1n8m}w>#?u4ZjW&_ zP|W_?4(xoLIM7S4rOx`aS?wDQP~FGEJ5VfA zYbS&nsZ3dsnk}*E&sbEXau^cy7E~7-Umd2wKu~?vpXZUW{S^e=C8fKv6%PGxLe<3o zmxcT!0KjuBQ}b9>FnO}YOd40`aY}|T9pJYj;ozA{H0TI?zIsy4-62|=@rK0-V@xtu z&>4RpkfT70li|6d6HX#vb*X~w`_XXJ6mC`UoUi9Jud&DKI`g6XY0?)|c;+|sNUtty zn}rwQ6-7CuRkZ{7O3{dt>0cPhnx?ukDq~c1R*pjB(@g;abxM%E)k1x3RDmivaq3!g z+~gK&u}J}%Q?*G60t+ZY%`0>X$`F|A*%^LgQ)eSK8d)@OXlY267MA>uwxUF(0Vc;2i2XA;}j z>wl_9Tm8=p=<`FueEm-^)f)XzeYW&J8_+`fngeoSea*zywba+#j=ZnKLNk?adjUUx z^ml(G1ka3elBf{QfR}#*OR($tYLOkR5o%Lqhg_&#zizN?7vRnlaQpiC>l2Z$TU-Yj zLsmHxuF;oW{L3pPu4idgV{RNUQ5do2=$iC+STZNJss)4ys)Wb2GC~uzjwI5U-ADw zJX-62D|w{lPG0Y|te7u-t5+vqA6?1b=q{;OmylUBUcITPAgXA{o2SX2M}e!{&ED+J zBWndzG@?l~=NVRP52+>H1*BtC+@MrkWa8KJzSedsq^qh1a!Lvk6ETRk)Ns*Gpx%t8DoJ18%ByK)g#sv@Y}v)N#FpP)2HlnqQH2872#YmJ>&Keo0& zW!fo%2}lV{hA@R$j3~IcV&V?(DJo!^4y!|>RA#SBN@;#cVDhB`6$Q-2_qdo;>!wz% ziz~01y|kWzg4~GE40T_FTga0>Y@rHGb0Y2|X9b~fj6@&BQWR2*2uLKf2&@D-$5(pQ z29}=gj#tLT;sq+=iEP8YRLrG5-ii|CYxcTm?peDk!Mq?YoH?c?wU7jO%fO^Fz1_vi z+V9V8nM;Wm(#y88BLZihUW(k%U_S$6E?4?(3LKs81y)5tC{in6HXUltRV7u=+%{{* zH-K#8($fwj?N;AK>AKRi0IS79Yfv}cVHsB4TY~6S7h_$;ruA4tYa)#`{wYlhsd3EI zQt~~6Je=y*k)TeTq?Z$0v#9v!`fZ1t9K13CJ=3D7n<`1GUrG8C>~47((rkh%$^^%( z($%k&b}E)CU&Jz~TlN8E1%1c~*7uZo!(C8_M)*yc2bZtWBJQ&X=7i?iL!jrv+-9bL zgifv-ip$gY9LE0nWdmy6fmM$R>)(auSB>KtS7CK7>iRy09X#4~&kuf&<|7k246khA zrWWUSx7%n27nhW#CxpDIWMnS$$^_7h%8C)F0Jj!4U$ggU$WT0^D5~TeH4?HCkXd+H zS9i8)pnAM+eGH6ZxN3Lu> z5Dqh3V1{b-2?49B6Sm)4b^R)V|6#Wk>{g)7aoshNoEh9tPzLbdzzDxZ3=C&u24V`? zgs-x%zP|{#c6L5zC!aIH%1oc-c90;XRiT{_ z8iXDO9RwO&E6Ta4jQSFEFRXFE)U`V3W+P`p?OfTsR-|W@V-+dnq8a7Yc$Y#*neh)s zqd5kws=sa#OJt=4p^~~+MzahFH~ld=GDQZ(fR~x$J!ZdGj&{}{RXa7;W3&GF;PL*N zb6~elyk|zO3;5PPn&q6#O}tl?JR3yL?oNI4j&eHW!t;jAMGF5-u9=WsbH>mmNzlbr zHP0(>xrp3s4W`W!R3$xVllY4Nb`{$8;+^e785#JI-PSS*L=Z1wP*8W`m+QcMbn$OE zQyl1XL{m4i8}ZH!>oTB%^~v2w@^n4_yNf$t|2IGWf7kc_*n4`k&i}NMNAlZm&X#xh zcNcd(`QtVEb&>tnjndB1pY^)$$MjntyG8WdP&>u+TNSGj{Y|j|o6ZT}LyoL7GDD|F zFinRre)C+N?Ag7)eaIVP`^Un;CS5GX-yX(*Jkr`Zf2o2`FgWF^#59m}_;r>(0I}M{ zO2;FBi!T_^D}(D=V&usPL}D@4IQgQ#tMC4tZ7By}CrLGC1CxU%g>qFk^j>n>@EPzH#9Fz&|+B$92VzuFzr`U^=q>4R(NkWMtnk-F+5Io z;hV4JO$lNle%Qn}7b74O3w(N6Y-8^&n|H1KIMgKcI+FSGgRXl17ildmNvHnGJy|Z~K-dQELI}4-&FJ@~90g z1Gtyu0-zR2X8};v>fi{Vmt#9u02BV+$s2%``5sEav&<3U@Os_CD%=88TUBy=k>Ns9 zxKL^-PcR6RPUUI{Bu5ry3nIlSADmU>Bq(v=QTW8SA|eD+#n*`84N^le8p^`*S)g{% zqbv{}8}(9O6siZmALLb7e0>_mMuHNW#h6oMU13(h=ryz&tu5zWoI3}~~HzmU=4*OdZV%N{Y&tmfbsoWYZ)qr{DzefkY{C~K&zW;eOk0bx9 zX0+UV#z+gKTZdr?8{rho++&C(mx5jUnPvPBMPTO#)y zqAAHbqn3zj?-Q}VkYP8Je&!Y46EbI%WStR;Dajs-RNa+UpT2VjW*E4iiDeiPCZ!8Rm^OXswLci1qMn-N|U9uhbHsrf9F3^#&8!PgGsj0U~rnmqm zW11Qy_ny~{DIfd9g&^kR^&O)36c@t5NBY5(kVcc8a+)h z0?fdS&0v~7fEZ?AB3vr~6wcn9?%-^!xr?}E0cM8gOWhDBq8%!t(LqcoMR96#j?)sm zdz_|Vh(Hb*R~`!jqJn$}r)l&^PNSE21O|rN%wslXosyz%z%(tX`ldt<47O~s6p!?v zG7yOo<-hL`E%;b{clzoj@7P~%USCEwyprfk^H^rMc0mA}kbC`8+$+JEu!ODpU7E_Y zhfIRRtlcAUPiAQX?qOC)<+PwME-VlvOCPqua3=ir;f$*SMLFxHFDKEq5&tg=Fh&If zIi!51Ad|UKq42ulD}~Sa7`+8kSi}<~-ik$Y4{5@z+|*UqE0M((^nn@|y+C26uocT{ z3Lp4Ffq)`5OA9WSsMR>|D)K=$T|EK+o&9$PKEIRy-XJ{$a7gZu8sULGFCl*V(KFOe z^gqR{U^_o1=nlu|C1x#kfqC@*VBe4bI@~{4$A7KlnMc~nxps(~($R%EJYY4)$=hwP zA?rHHHbgBgPnWR$AT9KFx3)4b$XC9#Oq%}e5Eofa8js5i_BeUFRXOXHmzgG%j(?~9h;%sYY^p?WR*@scB+s1ijs)V#ibUSlR#B=&YdqOuBjUO+Vdz0#MHhyjFa6kf8vajyyrt@AEa>fiqN_{oS&M>P)ub z5q557%^<|g83w^7Lg}bu4?^dtrh{5@fTcVO(SJgV_R{}+`hR@j%l`*YkJtI1R`SfH z|7xzA3BP)8E{7Fg%3l_5*qA`3JbLt1yLM!~#XfR%wy$pfwwQ+jtS*W5xP?``Ci8+< zsMagR!!?{vpw$&8)vjGg?%3F~3NJK+;<7eE!+cG(v$a)mQPLNPT_kTSx%sr;j@SDJ zPGt2WGI(*9e-792AFFxh(SK{MTgmZmW*ibnV?N+c=%f3^nl+<;`FCPxY6h=LSnXwVxx zzxnZ|AQbgJ1833=>zlJ1kYLJsgE204#Q!Dwy}|GwbVvMOznF}7`2X}zc9-pxfQB%B zGt0pUr-=2Q4A_0%domcpH@zo=V#@y}6pwpP{=eR5;2TIWnK5wj{G9a$IVC@%xabXV zg5ZuUPRY-`!5xc9f_6Ry`qs4nUtXM@U*4QQx{c=jzqfbf=YQHeIzCw2|5x&SIb%3O zjDZ_6qryTPql_W2H`wd-t{{a|R3OTFJ^6vq6JS5L69jJQ3<*yR2Cn3e*p?UU5fMu! z9X-B~UKSJ&X9b~5fkTOiJv*rZ7o91;(m$hg3dGCaX_8=0Kwt{KW(a&mVOE@g@5oFz zddwJ7UZ)EDJ)v&^&OlB{GK+b|Z2%caNjC0*-~$=J1;C6G7Zexi17Kok66LjIBbZZi zhZB_4fFh$2jxkIDMLA)(AoO7y#IS%V83RHU;DNy&ri_3oe1kwv@f|Es4csY7WOigu zNDCtK4f)uLA&AuwY}Y^%lwO42IAb*E)s*KGG$LtA?m1_OAwvv6inc*ALkbg2K?aK% zf64n(14x_tAp>8O?Q&GU5Gw|~%~Kp>-l3e52_E7CB_}n&`ryl1mZXBsNNJd3M<_@z z%TxHE9ebQrQ8yyEm~7%~3&4yN6GZh2Do~d2H9#nE@vR+N?R*9E98#1O3J4%0FoH2o zaRG&&7tE3!LTjMpluU^z=C&#?WWh86Iiv+f4B)H=#2qH7Tq?pP8#6r)gI@1!B6P&( zut3(v-rqgi?eFgOclS&QwO@6igMOR}_pdK+o@;Qu-V5PmHX?K?+k-gr(T{S$dL5Rii;DFqA^VWlWTgCM-2!a_j;G4z%lCe z__C~{WSgSP35jRCt!<#1`qw}IN0s>3KmX5`P74Jy@H$6XPr=Xw1^!I#(H)}OqN+o? zq$eV}Ls=oc;D!iHVS)g>gE)o56!m7ppHYGK&=b^11Tcv$C~$pgrbqWdT+<$t{DI=} zqyU@o7TDk2dkS7bisADw!5N`Bp>ohqhuh#ZO~ExU%D^?^3K~iVy?_1le`?0)U;q3+ zd;lOQC``~4(l>mmgn1W`9%;e>0VrU8? z#%Wv9NKS5Lq+EgoMa6fh$2T~y&&@e?oy+w7H zfe?qGkj}`cFX{BDxk-Ylc3-L4S-ylfT9@jv8>{TGaF{lz!Y)nN(3!A z|AX9fav$-LiAg5O4-?k95#dxqt<#=8_9Fb)-6gOPbITV>_E5iha2Aj$G-$yN;jAEB z28cOF?3tY@o3n|4TUUz#YTt?ez%&Iy5bLQKWnp^Ed4vVZY;Zv}#E`@6K`{y8BmQ7> zI|@=VCV-4elFnrrdrva3sl|OcR1cQU0p|dNj7zi>F}|MMOZ7^mw|FOBgWEr!gY&=L zo?qUAtMltu7q_?P&%u}9fzzw2mltQJU%osCFHgVS7Uh(R{v3S!`ueZn;s#t@zy9Xp z`T2A3`m%R=$)%jr8*p*MIsBKWHy1YpRps?H`1ASo`Ip~;=NC6;FHbLC-GI}VFTuB` z*Vm_)w-@I(;Pmo2ID38h{NncF_2tcW@BD99*XK7k;Po}Qcy;yi;{5qGxVSuf`StUQ z%df!Zw->j6e*N_=czN;a;`Wr+*|MR%e$jh%etq`m)63h_FE3tR+N>a)>Wp zUxQO{b$We!arX7g(`#_`_4U>3oAYgO`TDYdarxr<;_|EWSLc_v+Z?Oj?ZxfO^Fgnt zC6p?o5p0$*r5{PHupH=r{qz54Ql=`1kzU2xRI-5}F@#f9zC?)(a?nJzoasi1YP+ZO zOg{M>C!f`vkvo(LjLE2EnnRS5doG!WzV><-nIKL$LDbrRmh@BKS4}r9tb0{CP#lDa zqPm;gC33MrsvufEG@}L6v?o<2iej8&q>!)b;{_3+J9;-+MEIoF+Z%veq9l_CK6X{n zK)m|u>LvI_5&8YWuHci|14vEhSVJ zB^feAW`%&n-JsVya95ly zSPXi-!vVM?Vrxm2!ev>Cl_*mId>DKRMqle`vj1M6pFV$eKA0wtY-67P-`??4|NLif zckTbNlE<8ayp(bJz20Y^flD~$%-`CESW*z^{|Wr$mJ*h43I0zaAXlbM=ky)DjS)&1I6e^hB4AtyJymD~#e|Z3 z6Pfvm5y{{1(?tJcny{T1(V{aOcVXzJ2*bxujGH+Tl;^n=;8EV zo0a!>_xHsKk3Hw$R2ZMwp!Zqtvr^|Sh1$~`#uLkGXA7m9yg;NrMO**g`^;#~TsJqm z$_S@OkdIs_=R#A$FpE*CEg7TuXXdz!3}v{tlSR>(I0}IdjOdoUi_XoS8%GX)S6*^l>7q+Tc7*SJrFJ$d8MKbRI&cHpzg*bfD!g}ws(%9+@ zmJu77Q-Fw|^+>4dkyO;Td!GTVQrl|uwWX7T*Dt{7<#*t(7njesm2j@@48nfFhY=-w z%x;ilYci%5V*yTKHlD#T0%LNAsECCxm1w5CH%gU&RXa84@pgnldEzV~%aPa+kRHsj zS}7+0<`}&#P$rrhy!itgV6t3d1D3#Z$xzIL$3E@=PNy#Hu^<3#!vW^OGV@V^CITo0vFbq@slMDG+2` z=W2mW9m6F9a8c;9*6|DqtzMGRArkg#tP{tu{t%4_MSxIodKy#07|@3WfaJ;m#s=Ul zm9{3$R+z~8iJ45&p_?=~OEbdti?f4+ga0kf>cU5b@z-D9o((Efaq3Ku9Py-d&tP0n zg5{bcIm%A2F1|Uq@jiINeClq)5<@=N_7&KCuZc5rc@9)O$m2I1RWHnx($@ouJS)Ng z^OM}6*J$(;7-5tqOpgS^Q=CF!*n}C7jc!{a`r@dOtrE@l+%z#R7lvYFg@)8sQV>tA@o7ok*w(hu`t2#UXgozB&o7sjp1nF(*P+a)*qof6OMHY+h!}i9O@&GUIRp5^ z(a{mutE4>Qau8k zF1QBHMPwaQUX=3hu>!$G5s;yKIfeR~m^bJ_3~E6+Z{of6=z+8ZKFLV&L{nA;M}rv7 zRAxUU5~fS{$r8Ml6KBG8Bms9A3X>uiH8@i0LQRf@2t3?2OVL;})I5qt#`=PUaA%B; zEW0t#ccKceEZ{fK-;j_L!LU~*nnIkmn+IM}C)O3!xYi>yd^sABF%nCsA!97DyQ17~ zgb2vtkX&j^GVPL-_E|#ag?bl zO>N4`K#JcW@DdeYFmRs5^dXlUL?}t>N>`<^IV8FCpi$t(Qc>$bIaQiOi|VZQHCNS^ zyHC`~g(72L;*77Dc5@J{D&J~* zrnwknvqJ^MF}_1twY`|4gbRBxWwtk>Uc~N}ZXC~AF$ByNMSu`8-k^tz=gr@n<&^p2 z2!Gz7htqV-_1Vd^zLc*VJm;c4-vh~s13?i9!3(5A`2@3qP#nY5czbZ(&q)Jh%BHDR zFfG_KF4f<1nquIJO?D3^kS0t=aYCFz{MDFnbzLbYPe__D zB}7iAsGv9ouTIazh^Xa5Ls@+GXm{Rnss0u_fwKA`?LQW-Pt86-G~B}7;-=Pr##+6P+EKVa<94Mp0}Hz3zya{+G|-l`c;>jGs3eei}% zOVeL4@Dm>tW!+QanxtSiWGWOBaTLLfQOc2{)MXBQxN#;Om_+28`m6`4Y0N=;f~HKV zUB=>zOY0g5qeBc4Uua?@QbCM^b{F?JB_T1}iAfftykI-z4$(V|?sx79eS@=cpRen_ zTscgf^{}1K#6L}hyj9Sym^)z&C9~*!dgaY&yPV*FP3l7Vr%2KT4e?Gst1;SF# z@Hi8?fy^jAW9S4#{OdI#1?LBUJBT=Gi7sxgzmhNiwig+dD?|6lhYzT%s)S!@6wGn_ zhFM`RK?U8?iL6*OF{DcFmZ@Cq%8J;ThD2DXHYste&MxbgM~f{ng>PS?Y+OuEz;T#A z2W&#E*3Xrx=ikN>;!u|L6jpUSL9(TaWjpj6#o3ig|1W!QzudTuC5r!_r$9MdB|9a_ z?ap>;#xr;J=dnA9H{Fh_?Vg#<^zJo8LK4Ol!687qmA(5e_gU_f{R-zCfFLDG)Q3Cn zg!m^Niv)p#gY*62mW+mgA4$zj=6%MAg%N2XpEG>}cx#x8ghbE6pH9whAg-?%q;by~ zK~Hhh+7A+S14oES^bj5l_xHpy^a}pbQZ{Zax_n+dqZPkc$16S~KCyPcNWk0i2J~gP zi*3atcU5^5fk~*!7A&3W^)NMD+fI3-1Hsue2wRpjh?hMLtv(?<$wfAc< zhciQ?7)cHQEGpM45|z#Dj3RxIxk_i~etQO1_9X_X)tI!(BBfRGAo51iUAwRNFe;P@ z6f+*%Q%n+(PK2AQf%)1W$*<+!C^O|gmWu%*al9JxJkR;O;R&m0uV9%~cOY)y z+yRb&<1%+Oo2tk4Kqmj8Bpn;#Du(RL_o;P!ugnWX`8<|mj9-BH!82j3yfl$CdHKM_ z)eVL}1m%y^n0t(Vtj44HAOmebM*&|ZH>@AJjg&AP{GpmsR+I}Bn1rp0I&soC*Al$t7u+%rz~5j(rSgiIrV+yVe{5ve?0>Ve)84y?6F1joP$ z`|AwA)t9D9uU|*|GhuKp)pfLaXCeNo<_GX9Nbg?Edrk%6OH_}P>591AFI5p- z^BI?0((N;N8MyP$mL(%W2J!Z@AkjkWTXiqe&B!!Hzu`OEyt&0Ese0_WN_8<4`2|R` z`)3sk@aWjZ>d~=_j$J%gcCnO9br*W|=q_}3p`Z7K?ih4;pS%0~Yq-x#h5G#~ct02U z4yL)cGRl=!W5dquM4; z??c9AkgC9VkVFr)7r6H9xWAm4LH%$j;@LtFVB0X8%{jtm5(KM5jgq#@bb~q=+X2pz z$(C?o+Y$BhD_ic?Q}bQ->!AKryIl}fx3~~~vrzV?daI>oiHfLm!c*Mms?@y2>dO;C zRufM66bp9udW)q(3Luq0g-|gsuhyk<z>?<% zaQ|Z{VIotn;kK5>TApEBf5CuVskEJI_*>}ayXMhYPNd<9iUe=r$6qSPUf>iz+9^I0 zON`kpoOv^PZn|ivj;(fV^)qLy`8axc^7S`c(8PD&p4&Is;laf`(SFTa_~abVO<5+ax8M=vvLYwZfC6Wx>+Y^j-jFOsYvOL z)+W$YpFO2+WyXI4nT^WfzZ579g@GOg8}lR?jCgd9ZXv8m^}rr@uKP?+xyA3WfHL%x zQ#s(kC0%{r3!_%J#-jX?Kk6Z$@t;)+bvbl=KNzcgFj2=3C&yIWNaTY_A!FgI+SnVR z)F0ByGj`>#vjQ4=;uWL9WA}JySUm{-&)Xjs zstzv2mJUza;z=h7bdo?5q<*E60INi>Z5NA4#LEK4Tl67%jHCk4904IPx-|9DgVh*) zalROurX@<<7a5TlfHlb~Z=^P5sGR;YC#M+%yYf)DDNJ{DYk=B9wjW~tq#rBj0J=y_1&m(Sk+Up;!gX*4JgJI&4o{)!gY)3COf2qfko>2lCr_TLcb)p6EWxd$D3Qo zWO5jE&F6{YaoDK10rd#E%2|Ex9Q7ymDQ$HeT6+Lbq5+gNU?08?Pa_L0`gX_U#b~=j z1RluPW}Z<}4goRzkbA$+;70YzQ2E|op=3GWFIvZ#iaFN`83&!vGo`g0VO{p6HMte& zEOEs1m`@&~C3 ztVM2*cH%qUj0;n=35{K7F6lH&_>N1+$sg~Idy+EDg-(u3)<^fO%R+~Ezs3r zw=WFB`_Mwv+ZaT4a4!U1Z>&mfnvKYFky@pF8#wp=3W>i29-b~js9%LA!dbgV0s6!0 zBUVrX=4#~wvcr^%T*|Cr){th=yzg~^Erft!xH(F>$X;`91?e7l@1X~H5 zBfLV?vD*ramh+03ae}IsDZN@5Oaf3M5(s9}dzr?N6@~8x4W7-EeKrcWA?}M2 z_OAa!DcAvp{lRY0y%6+at-eLAA^>hdFs}Q?@L;1WzX5&O-1@VT{bw5s5Q+BfAFty# z0-u^2p@{Eo9oQ~o$beiGY0&HI!vS5`VaeXfwmlxg)tA~+xhe+MkCGjF8XNv}Sy74xJ~;pIN3eLmbENC&Q=$T` zbi0H9W|MQD$<)1fvK6}6gFhSmM7VG^_{pOK{rl+O+T+7!HrF~nxPljT1-2O{KEau8 zeIvIz8LzDD21V3&0#M=~T2T3t$9l6(q9UFw&Qfy!D`kA2Q;`ewCAoW;7YS+B*QIER zvMMw%4JL-p)I5hCXy^8~LHS!KiRL67k$3^i!4_u$mw*&=)Kj#Y2{R>avw9!fA~m+jMbife%5X*C^qJxLL_qgFFZ0XPh&;=M)scPs zvBYI*l6~18$P)P)PWi7`_em@W{W4I(=%Uj1EwV$~JBwzT{$+95nX|opgf_qp){=6v zKTPJ35Vm#*J1a18CZhIf|Bd1EteB0LD1t_ zmdtBecBq_arm{@A{B*zBLw&>^r%DTW%>EzgJ7}SaiNryTSU6A$udru~5hJ-^74k={ z$36#N_L1op6e9Lt#sx!rK%BnZ75XyZFsssuW^d2_!_`d+R4*g~b!BU~@OF@mfvRMONe%*3hNWa8u|$q~w6|4)aJI z>bAOokb-fM*mFu$I&r49Itud$9HC4aX!9qn-dpRC>Zomr&h}#E!cwouwfc9qD8DM= zRWnQO5uYqJ_e)CO4|9yb@pNLh_j1YiaFOA5A-W{soDt;1*w6G!R)`?4YW*c-EJuO~ zsm@laHuV3;2+-Ka$pR8rnYpv^jIJs5EJjV^$7qa0zdI z{cqWV$NVk56o2NtLs6 zv{7GP1BOwX?KtR#?H=BHP=ZV+xzH^v#|s`_dXv>hlwXAi$;>3Yv;U7jO8N%#$I_*Tragtv)nSOA;9{|Otf=n6rG>_7DsnuNGl}sAJ#gVVFS= zq{JTNrlEY-bAc8Pk0>jR!V*-@f`?%#3D3|AD$~KJkco>RL{3eF8my5(!`$j=;gwf5 zjY8hYd$^s0kA?f)6ST|B3@hn4Isd*G4 z2)Dny#`aeA-EYKc+DAI6cppqQQ}K2T7R0;XICr(c>p1Jm@%eDpWdz?M`LCDSyYUNi z)n7l5t;)3}{kc~0O(r7BJJ3srP?KFCQ*lUqvRtZMn)$g^3$Ls~*k`>|#lq#_*#GC_ zu}r0z+kaP^Z@?Q!xr|CgUZY%KYW6mmsL0WyI%H>-{D8Tao^+ARa+0bo(hENg`5`du za3wCsb<=yM;+}@ArMO6}01>HFo7_ql`qNp=oKw)*jT)_W~goa5ys6)V% z;V1;R&8P$01x9QqIN{rreR=`;&^LZxmx%HB=hq)aRG8Ma3hHA){3h@@dmt_X~RXf?r1ePQjd{9_=6B1Gb_HLGuwMlM)OLV-Ka1wSJ<~0g7buVAEZhkFdl4CIh(26 z>juH}7(`vZCN-NWZAu6_e~_KVCz4=83T>D!W_Hp?AtzI#`%DhSu(TzX)6Rqozi|Gp z0M#&XcqUS#*`e20$N<{+fyMQ+Tner}6DArS^}%jg7z-1-#?hQf0~8Zt`g2uGa3><6 z4_EWEEs?d1DxI(c+}wfVqINorrNaGzi%w`4#hVMAsTAIXUtX7M`-6W8!Z92$r*blN zu;e7~SI=PcyT`W31gMXVG6U+PCInKetP-n&^EV=&c_;#kV4^ok*E1@AfycmJutPvH zX?hwEexS0WAv@Q^X79%XS#R|3`%wT(hD+9l0l`QQx z+X9pmsUfPN3hfG!AI;&{o+h(4iAKKKW&@}dhwm5btZRHr)t?p$W2h5!(+t=O1u~F@sRbxR! zh5Ls6%%-jfufsmfW3}?>?zqFYw}dnecUDgTnRfz;NLbPYm#wGqVp-}ql^F%v3LtAP z`06hZRPPpr+V^GJXIIMD|GfSvwH1gjl+aho!2b@}cLwkAo1OScIra=<+}jfX_$)>0 zjB#6#KH%U;)#p7~lbT(oR$(DP2F6sJ!ezRpDjk4SxpWSMznv#Mffds=PxT!Hue@n| z8JsDcX_-zEuTVJ8g*UZS0}grWB0yHBA*DBS^m9G z{MiTN#IYy#iDPfb4Fb=%SQX|Mly%Vf*2y}Zth2%BWSzF7lXaR#C+jR3ovhQzIy;T$ zDC<-TRnC&QQBZu-*Cxeq0 zFLpQ3ZJwG{AKRvCxzXh5crvdQQ2_5qsYtF3jwh@=sSKM5!?>v!+T~1mM{8N4d{nx| zVy05^qu4_oZnuI+aP8vL-73_~epRN%5fi%v;b29D>EZ%=Q>Ltd=5|N8S`F>&z>}u1 zaG71U$uSB2L8JyN4~YjE8NWYBVvz=&sJpmmb`U#v6*UJ7cWX00xEs66gbVA~p5D~t z9jc++sID3NHS~kRKLNpie7CLJjqQoo?95;4idm5)7QN9Ew+MnI9x?<<hU%i&S1Qd#R4n??$P^PaEY5<-o=Q5Z_)s5h5qjU{7_^i{1s$1Ec7cF!qR=DD4mrS%D{dvF)IsV$V-(EiUrS5_{ z>RgKZwnKrc`_Dq;bEp7Ns&GM>S=YET;#zD`RAF)K(P*+yo5H^Ro2(A+`UlXmqWM+Ijox_)*>Lbh*1A=|UDknPc6$o6YAWP3LpvV9s4Ssh95 zu_3?t#CAlse?u4ByFHQBf#t7Y{#3?AxW^Uy;&TS~K5dJv4s0^YNieK^CYHuu(Co*a z!1TxVZT@5X#zPQM-fU5~Yx!6df2gDvu51-n*)?`m9=Awd#ClpU>$&U#o1XRv}0r+^@^^HWWAl16BkW?|Zt9%5g^Xn&}X(GozXYZ6_>G$fbA zxFg=N;YAPF)qXr$LHAH25i>Q3=5CylRFKA0{$Yi>eX;D$Qn}AN0nT`XH3BIbaZ8e$ z1}9h8tFW?^iGH^KBEq4kz>HK400ri4aK>AU(TMB}6wERDBFI2s2EY^1whrX-aXHS- z=(R2<*k|+q)Y+4_d4{(hamqpRCjENp5ax7?8(R-+w6mLa?{+8IvMX&HslSio;jY|Y z-bFr9a$Jv_CM11AzxDFwOKr`rtloDTow#_%#*Wz*>O0r_z|5pKo@QFq`|~yb%#dZ% z$F}Y!qJs|mBrVqOvZhWrh9kX&^|b8;g;#TZ1kNLZ#Lp)x;CR< z*!rP9w}&^7hfA!(hiroCZbGwNQG!%P@p)~{nsM()746k8j1*Jepl7)%XYzmM{FTH1E1dQj(_t=iEq5A>5|I4k>PjXpv~URM2BcXn3&N{*{K-Hx19{rKMD(unDb zp=%RLnqNLy^Kop++<^6+Rj~=XIB!*Mim9g?4$pdYw5`E#%dLFBVGl<;POko(W!&}u zdo-G;KU_6q8joffhpMSRR7bUMoVK)=`JD}a&x+J1{dt{2{n7lw)b{G9`_WzXsjvQ3 zUH-Ma_+`bP)m?nBdV=2#cO{`tnD=o^CBhP0B_#44-#J?|w?QFd$4-^cs)n!FJ3oB2 zwX`JV&tGy~RB>@#*cv*oZT|dD)BbgDtX%t9Lp$1k_g;MWan0Qg5F zGDHDXN_QgK`Ed-f`Y$MNOjL;BRoHtH<*;D&c1}|1%=48iM?$-NInc?Po39U`E=-}q zCw$cFJM?O{Qb!YG^PyCNKMN6M;TS{w?$ZSHqlbx@{ER|e&&TfQ=sUk=KhEUSl^$__ zTZVA5jH}u^Nx6FqZXT>KKN25w>4mlC$ z6YX-=KRM*xzL4`LAc@+E6wJ9(FP2DcpD~9P|HzO&h!=7^lv$u3GgPHhH5O0j$vrl9 zI1w)uEm@bEB>4-412)mWJwf<(w{eR1X#FOGMZRxk_$rrIXeB(Xs&`sDHW)OrYFM#@ z3*pU=RhKPNrGSiv99>gn^%L+#pbD+v)nZD&LO3)&zA7^ij}4fJn*lx}x@_iuznEta zY>2V@blHD0Z09zf&==S&|E;(HWL2`u*{x;B0vA0HfORfWBA(%=@xDicj@;ts?#0)8 zK@54n)U|kO#o8C<8HWDrVmaXTeJ6>mNYx0Cgojy|PBgA!d+N=JwoJt?b9l}}*?{f6bp}1oOXgo z4kTBbfv;rK1$o%{RrXQdCOT>sBr>OCY2v38bOT&i>|?# zt(WS^5U73lrwfW2xdG8T29Vddv!*8#qpSd@%@93?*+sZt%wNlNSMXD9 zB~$VF$WRnah%Y~R*9dqANU>|oECW~eng`H_ zz1PFl&TzKIye5KgT?uL{fW4_`9VhD^Z&Q1+lo{8phpx^(GZGlvKEPUI$d-?|wSKz( zSiz)|CK_jbO-LPtb#J_= zr048Cnp2x$!;|{MN>^bTg;P@a+T7?C$G7&2i@*NVXs8hNLnStrY06e45qh8WClm#Q zoS}+Dxn+Uaff`Kv=WaX!JZBZpA@Y6kY8?Fa*PRK1KIr};um)(6VP-Ngt%m_FblmNM zkk&{X0p+unW=zA$1e%Q7(bZNBhdb_kjBdurc4)QUdls)Zu26PFoLGUDXK{42sO1cK zq>^IrEib3#IXXcqMs}!<+l_+9h>^!NaJfm`kEkM|Hn)M{Qdd+KdlWDQFy$*%!{kfx zC@}{&-Xu+7?Ik4?)RS|ugJj!gzCZZWc2$DM=$!G>YY~aXKoHn(8AeC3zF(KH7-R-S zQvGP0U_nct#{!?G+}vS7SyjhuJ~f5gv>XKW zB`xue0pHkRkSM^5@ku*c0JPl7_o@aM1+YpxVlOT^&fRwDsm0~#>%c2w1&4)+V1WfY zDeqN@R{__BM*U@!y(X3ToOM>pqwXQ*r1NDzD#p`>exfAkA|5*p&1~~bxgWz%NVow~ ze{rNmc&lkxMEG2ET1)iaBZDT13rbcAViZqosbRLSbp}%_Ui=9;9R-aNY~%yX2gHbj(*&Gn{M;9Q zX)wNF2@25@+h&;V<2J8DjStppvkR}6kh;du3}9%I`x9ZNYxyLo^63Q8puRG)cBJ=vW(UXTuy@{(4`Gay$)#!*?2~-`YokSwm7aUW3LF1j*Y8EuP|3uT9&1fW$O)(I5B$)7i1twUM4XUI_YI&l42rf!Vv8=25U z5t=1%t1)%)Hf6B##EMsCocm61B$}(apURPH92aZf#JIqve5W(Uo5Ny!ra+58k09HN z1`EWFmiZbJZXE}nW=_@TVP^t7$MT*o%Fp})>?;}BXQhfQV~>a zc|_$K>o{C+p2?EpL}R+xQKp+^$sISt+^3x1huOv&B@psT~GIU zgZ!Y?icWDIdSUO@`!9O&L!pI}Az%G?o$D3imlI%U(z>H=o8O7H>t#7Wf*3XGPt1;N z``6jB-ReuKGVxh0I6M!amRUu8qDq-g*)3{@NnYoCn1ztJ87E=)3P16Z01>a{5fhubvv`F1-yKbo^C*`%}H(F5eEiH~M(T4u^r>Q(JDYLZV$g2sCT%)=x?;0hKE_5=kt!X`PK~qow{8;TDicI7 zF0^eAqVSM32|~3p@h#18xQARsWtuO_NzjC9Br9aJqZB~2gb4lI27tlIKy+xqf*+s6 zvq%mO@rzF>1aiKAGz5Y$)m+V<{QCQ36YTS=^?SlLH~4Ofn~vPVkCR3Py+dA&Jys1C zPlOTl4NqRL;)aX@H<E+|*pOH1PH!s50h03P(xHzlRUcWRMj2rJ`^G#XYcsz#kP4O?d3w8JbPZDF+m0 zL?(Cw^Qzt|j>yh>t$EpX^M6id(O#Wnh(*z|JHRMth*s=-Ra1BrmL)D{hR=k#N$f+g zASRgP;yFe$vsn>UKAI0cs%0FKkE8w)J?|0=0r4e_!o6HNqY`#aCh;#5!k#qcp#w#- zkDYKJ5odBTRL2GzK-kA3NQF_wkP^PJxI8P!7b7r`@b!6Hq_Dwnga;l-#FR;QT4m76 zsaz%Pxb7>#WM|rwtW)SS82r$4!SrZ&2T==oyKAlt@X@9aGS0RKPyyF?#OwSO1O2#chRy1zd9m^EhbvVrOy?mp(8r%KUw(08E3lUP02XP;^gQxGQY&@_ohlw?%2F(<5_ zwjlMa(*=nkvFODxpFdHn8UM`ii@)HMk(S&a)yVvFle>5SMVI-JE#$BoVzgSVB5|{A5wTKn9VzxwrOx6sys#-_TWV8_ih2opIgBl&W|Z zt+nH|(xwT}qIRLohVB!v_;T+JCb=cIay*W|s@1Z-Z#|Zx?b{;}kJB9-tigbg2Cf!+*N+}o>yeE*dl0`~E;7jZ^d%H6kY+8AiY97me z{Y_bL`y18YzTSc0=HvQAE6?)2@8fBQ*|Rwt>nu<(Xq}|SU;zHO4qlEQU{dKDiq;X? z-2}RH!GkO<09GGnVhEZK!~^F3)egk zo?L%poQ2QiD1^=OF}6X=TpR}BqYsg&U0oq{{1nvFT=dzH6j`r~zC@KqFwAU~@+@Tf zeq%dKwGzY3?x7?Dr!&hZD1leN4#%$-<07>PTcwO!U^d7p38h{k7`MjHJV^+m&5Wf75(H*AzrFOs<)pJrE+xWT zBE%J~sNMgTJbf~3TsXFtVYmG?TQ{{x*|qMI*~J*gZ4O7uzQ;i-U5L3)+QTyVnl-snExnF%nh9{)D-o?qC*ifPSk-_^%LF%g zQDcvFI(iiGgLBZub2*SILSa+ny+EJY)S%<-@%^m2`;+(D9EK;TjN!^|T3887V0)ZK z5tj>E+<{F~B(Y@x&-=JHGcvZw2u%e>F;!x^ivH{NLG~i7ZFFH-vUk3g1{6hLt$4BY zo%q*$?#OGTu7P1GG}V~n;IAGW2}{2wcm3Y}!!dDzE_F?3Pc*dW4Ek69pIp!B;gJ4% zUe`d^7JED{ocHHLsQLmyQU!D10PN%_30b9=`fS-0OQ;oe?@^R8mf*knoa10Q?tq`n zEq|G$X$p}oaGW9+tknwUCgOVk(2IvCw(`Xe21&#=X27`P$rd64C>6^i#@ca5_ z>1}}yTLtTbXMrj8zBMFQM+Wd1N3^TA_GR{FL&LV)x)e`gNNZ?{)L5`ptWMHCY<0nj z0PP89#x%)%Y2pG!Vb>{TuUhdyR81LY5|bluvUsPeloZ2l@{-<5hMFBK_;ZB@4R6B; z%pQj$HTdc}G=rwjvBPP5(5-H-`U8My*MYB~@--9t)~%j7XxV(j0XPJY#^aL-(E-!Z zjuf<&O@h^hQnND4&HUs~BzH79CF(|vaxt)FqWxA?^7IQi*g&=buM4abPBURj8(&#z zENYkltU6CHR_2Fa`U6#ZgqL|oR9}y;hW7pIPwdUHh{(T{lHj~k4QN)yvg^kVH`Q~) z_TeJA+uje_uTx@n4*~YH1KvAKIPg2tOz<(gj~RmK4o!|MS;-+R=w&q$x{h-2Ql6Y@ zAcN=uw4HT2q9AvC(kbDiq^kI(X~(&g;$xn!lDx0ni64j_Rk!wmMDn7mS49W=mjKM^ zD@H%B36r{wlse;JjUaNzOj^XGD7K=@tMdd}o!IrXjg;EG!N{6c8g zbQhKZCDqoi%KS*u5K7_|>fj@7C_{G#q+?H??Y><5tA)Nq00%lVg{-<<)4eWS;X{oHY+rqA&kWS zL}9kRe4Zbc+kFqKUYbAFz?lw+D}%vtkUD@h`?Z5bunZR{0n!TP_7{^X{mHAVg)x?j za^f={Rim61bMmzwcBOddxI8P$KL;8Z!d>Gofac4a(z)`kH8#_t&&3$#J?dSlt;+3o^t-HaGYzHu zySc3vhJyzA2R#Z1s)_om+YbKh9lfPP4?8$;ucYPPoW)=7S<~*uBZD9qxQ9GJ%YBY3 z$s|Jki)IoeAxo7?C>zw~#=XVtUS|2z3TL5CNvB3+w_wU{KGp&`=&l=x7C5+o%kcYR zqB-eN2{%LsXY|_k@a#t-R~U!Y<4Z#~c>YCR9jfa~@tBv^k!B{~&ZO_Z9V~2D(_)~Q zzpWMwmpi?PGc&Lx-g@Z7-Sgv7yc8%B{Pgr}d8v*QVo>oQBy3we@B@V5W6}dF2KZc$ zkALgpbz9&w47?C~v6>t_YEx*P2RexVW>Yf4pN?8P=k}qINjL?iuH;gm|KQg}&leH< zUFOq3A78^ah50S>A#LyTDRTx zwzirF#v7~ea;^KNAx;?5lbY;PBjfd|UjM%ShWtxZkW%lt8WiGH*qGo&qD^AbRbm=Rpi~NvxNHbj*M;EWN`Rq{zDLrlHRZBW`VZM~ zBos*{XwTnOhiZ_wYK4&Q)?puP9vT_Aw59caJ8SINKag)xJ!zvuo;^qxb{f+<9~L>9rd2 zE65iG&!Z4uYO^QP!-Kd1_2u9M+EX_ zC8zK|G}+Iw^WXoY;a0H5>_`tK@hia5*wJ>Nz^C`^?mq-y`+=|CM8PAu92_%hLldtU zhl;;%UCy<4(@4`X)f2WVM5g}Hducre{M^!`^Y|KImz0Eqg&%n+f|XSwah=pPTNu9u z*7ct6^P;H*A+ruN+Jw^RvrN21S-3dMSZR`PtcBe}h%Zhr-}Pxq%=Pd+5$X+&o2TVZ zu{Rm)K)^(S}A#c*=4YfACmu$0?2%kBg*kDE5p07TDNuJ{chz^JXpBYUrO(1N>{r zjz{`mj-4I8&qIF9BkpJxi4-x1qWApJSH8jelbfbK7g}*zt$Ac9K8ZnS2!ywmaa`Q>)exRSgOhX$h#-gF85nU0!zidAWW* z?k#R+K6T9~f_;7SOm;UnG{1L!z08h|b}NfRb4a(fxgiWVfiJ;{S>sNW zzy3wC0!duweh&x7jnWEpw2SbrG9vVqFR(xkgFZvh5cSm`u6ferZQikYQB=|H4-bD! z?fg0oudX-Eiggc->egnvG@(}EjkEBGDALyp2V8>A{1UF%CY!}I9`c$wm zvA$qQo~XjUlqAR&Onp$SClY=!?9KAFfzyOW-Uskr>pZ1qIYyNVqW@$|j;N`a%(^1g z)zr@{nQlNJrP4mYy%py@VE(L^BGlFyehR7`14njww+|Feps4^)5E|NBsU?nD=jy_j zo1}TEix$TSwkdxaGzk>mnCo>s8_nd8Pa;2++BX%Ae;yAU2XgfE5G2Ll`Ref1Jpr-p zZbD(_s?dl-#ihS=zcCw$(j?t8oBzYCAE%v&W)$8;*ah>7g2Og6QJCeY%?p*)&_Jf9 zW+j{0M$be93#1v3yd_~XHbeAbhLDdrO%mlEe=f@^fYz0Y%j|LBB>TVvHmOki3Z6J` z+bTBqU2d_l?Qo&5Z@V;@s{Dn4^_03-%jg6zKC@%@gsVOs^(X*@iDF+EL_=sHLl+W%*$CmhHO%s z-Bp~+5Hm&FGr;n7j^==;%Bo#M@m@5C-bp zozeg5Ov*0o(6~;u3_?S{ik?#W2hG6vDI!Rg&X>CrbSeUze$@+)BG2RXLQJ?=iOSSz zy?F^!zPxj(@r0KBm252C)xB-9i~J(gH?;Tr#cbD({{wZT>Koec@CVR*L;LKppHE}< z+etR8+Pwpgh598}2ST+<6yTT*>?4Uwj)?+4La~4~%bfl3jeECi>X_ODBPtdwsqw+m z*87^xh|+FVPFIna^E2#;@m@B3@f-duc`qAnyFD{)7}GG)lLx6_P}4H#=i$muD`2P& z63xc`X7Zft6DZ0xsjRS%z{mK$d(xQk%*G(zKlTK92kcaOP`~|~?(HK99cR6w#S8d= zz(rRa$1r@%b5=s=npjC2Ozr^bQZ~>B^tW1_F&mQdCxI#;C__SaCIh>TVeqtPh8Mgd z%*IA5i>hhS;W|LrDFnnlnG{LW6G%sjyl%NPO^Bs&Exw%FN*_Z7>i%+8AH6BqqT07% zT5+#cqVly3lf=s}goO_TNFLpArkd6Nr-bDbMUR_?&j1u<&nZn9*_&`{M_~oBcKQ#M z(7!&_(9&C@D2IP3Owhd2Pdqg_sTFL}FG;3J7Je=NgZ85TpnZU=X+nS^sAqlQ=i0(0 zBM!9|KO5deZ{s?xq*)hHw`(fe!t-8@06|g?M<2Bz*gWF%MdM)*(GVL*A1i9I$zKN! z$ev&cbd1-_QYp^Pvu)tWhus~W!@d3h=&qW?;cN&6l6Dm(@mys!ojT6~R)xvbEjl|$ zZ#DXts!L{F5oKv0P??wCo|-W`dwIq=q^)+Qu`wQB3Q(#7n7IgEnzS2FCY4>PXe8Ca zoNab6>JR4MD|VxHt_+;c&Ry1~9vaJvew>!<(San7rOB5qJ_6gDj`&}rlpeYIJns5e zZPom0b++NhF-RwAK!jPXyd7GVILr7*H?==$x8=l#w9^C9VNezqIe7o+O^B9y&rLwPT8*OsoWLijMo-P<4tdd@Q9PuHTVVjj8)`Ce&LYML5X#p1M)z`8lme9#hu{m1T*Y zt*lxI@;mhsKO!_p1Iz+?TkyS4)X2>BLf-EpKTRGNF%3K799a7xR@Dp~*aXfWLEmKu ze=Qn3!?Jn*a$6JbSN!wGMxm#zo}t}XGz~%*I71g&6VXw(QPL5F6hci6H+$JJKw)NC z#w68|v&^?X>@}QME(z`W&j$W{69e3_s*qc7FMA!*Hv6V$|XM2x;0lkf}n2iiuFzIg_)(t{!8wuw&3gOdUPHC54ratmk_ri zH0$v#(y!y(PPV1|MbjJrSt=#_|APB!?XZg7#`$vog7dfn#*EO%Zho6SjwP2Ac<~vF z&$AR8kC+V9dgaH-a&`S~%W>=LB(@5%lm-KAGQ{}!w2jft4Z0~L2!4cfOEO~9JBu}q?o3~sLCQ$qU`x&4b!hvrqkP5#9gbswOBg zS95G=i0^cg#?{>=%hGdIe1fjQZ8IO)75PhC8UNwIJ|L+BHI(^*;1*{>&=?;N*LvA_ zd@l=;@En`h+386@>r4<0eoT}1XvS?t@P+#TO`Q`OFSL+^N4Ppu20UMgjIIfWlMGR{ z<}WaqV|j6ix}F8T;@aGLW2sYQNW0aO5U&J-zZ`8z)UX34+HoK_kl#r`*~t1&3~ML< zn#%s4W%wHcEEed|yJBD&c7f*6+YBV@?p$g=M@F%fO9hbh6S)iy%cmN~@Qj6m1vv(J=g ze8$xrF9bs9dvb3rri9NEZK+>61Saa$&|fB0yWu?n>(`iTcIblG<_l+r^Mt!5lOL-@ z7f13jo6m#KYt`V`}8SLi~koU zB<#G0K`0PK5GDkl%@y-H9GbPX`;J$lxEnBM8oMugN_h4ERQG6_vk$cdEl7VdCZYJ@ zJFreOTeQJ&f#=6aIMSg1oL?5}F@_O=XHK`M|x$b)c6 z&6tzCO1b{v32Top7nm{^%0hA<`P9rm*Lc%NSHaE?PRPAd9Q?9$&K}LhNPetxTuZf& z^*+*tRDcrZHX~w9!}XNRj&}CJf7Rq4EZjL|Hq6^q#J9Ezsb#3O!kJ8E5jY{J;!+>{ z;YNh?YR{U#fFwRHHwVexGl|RbXiIK$gRx1G#nq=Fda5cetwj`8N(u)`Zav)lui;OK?+WQ8)l(F+cmY%Y z&^_fhx}Wj-U+CU$<$t4lT>j-Dug&=I-4&APR=%GN`T()Bp!Af^Scc8#MVrxTuk}ig z^k#I+)4rs6J`?5th3;og=v5!c_NLhRt(wj}>N9tTd&Jd9N!F+8fhI*PuieyhwFpP@ zIp5dj3)rl|MVgRRsfLs9OL3@YDOWg1hdo4saF9g*Vi(H@=Tb&{2a_oz_qK#N1)MJ{ ze1N_wc*V3?oJU71d5wT$Sn-KF)95@b)^#&1WG`JjsYxw0X?S8I17^W^L*_} zL!U9=X9?NpPByLbIvnmlIU@`Jv!Oh zmV`#$EQp=}4)KnHC_ZU+0pXf3WkH!3?E)j=lOlYGH1!!S{3~_X#{IR-UeM?b$ghDT zH?&I$&!PpeEQ~I5V&pb6#|1I3#|5xBnGJ&Z32a;z#z8ka1u;^J<(Shy8$|O>nbwTN z8XnJkH}2J0gqAL(39ws1a8-qskAvI6_EALZj}+AY{<6Q_8>BNWk)2aKHNLw?VNavE zmfsQ2)jpSfLp`bKMGaisNi<|O#9&7?uE~JB8l#T7iIp;wolucV_VIG>zfePftkPAf z)(%NqtsYz82sB6`z)39WQPDAQt4TziDLRHwFVAH}e0D`aBdZ%{<0PBr3tun@LAoIz z-hToYe4opCv*j-CRqNY&1lcm!9cp+eZ>x>sX}Z3!F&C44&B4l#IgPE|7Ocj8NB;dZ z?3T{$u`<)6Bbo_(6y{#uNK5(;4hSZV?ULH!B z#G8?4CMyy#!sU@mXEC;^{==>5OAgyClda3!dCk2zX8yS0Mh@GK-`8i&-Rv!F_PY!~ zgCc%r!+(PRX1X)XwI5ezRWgHKG6f?l9Yk?~o+%}Qc|^7)c!55JN`LhR^WY~B8Co`t zh%i!0Ytka&A7;e@CUo({Qo?S^$NT>{#vGl-SEkP~1w#8$->%w`Q17F)jRJWJd^90} zAt*6=aEp5DhRFXx3y;W39RUwlii|PAq7R4(Ix*b3I zj?#6R0%ksN)Y|THep%5~{NXaiS@UQX0!(_79WrwC+efENSkO>x*_-xT*(cU@ay%M| zti&yK^7CVr_c!vfYB^^NLK}8195fDqYrXQheSZ#0NM{M8G~k+kr9 zl(C6^9%DVS!h{>fO- z*kvaEL^AN@n7Ow2gJ_7hNgWh@JsS{p0Y5LG;$E-#k$GsW2$Va=(<5YtlP2@ge3)oI z_0`Wr=VWu}QRg1o4QQmy7@8trt*rNA0-BhX)uX6l7u0%%OaS*pNA zlkNOX8IXAv&wDhzy#%pyf($i<`={NXx4)cJO4AkPR!+>I^XI48Ffx7BFf)CZjGSLr z>t;{P7Qb7jZ_{_GS)5&o{T)tHBn9zOn&vi%1RxMVW7+;v5qo;=%Dk@ru(Zhi*`y;5 z{m=pi>(U}dct^F~mtOADIL$5P0gr*hA^j9=-Ao5lM#FevTwvsS+%YTu$e?Ue#$O}` zH%8v!hb1ITmAa0KULMzStH?*{tISeBTlnWJc1NsoIj@mdYPYSnXQZxk^pQ;K|DRno?qd`?UF<**<8 zu4OHf64&kP{PL_8R>!}WwCQEkWfv%u*=Htd^h-^QP&qyHhf5HnD5cuXns1EwJeP03 zH$r1YfP?}GfjrU}n_J|MQ0}JVELHq&Ym{}cq^Tz^I)q+f>GE8TuEI9zaGtU;_`V1% zsQ%sYZdqH9phOsLs~VwdeD>h4XlNuAF@ z@r>h8!Vj@+r+U-5ZR&>yZAki+Qr@h+73Fu03~gNcv|{QPO=- zbaCG4vxk8B(n&ZymOk@~uW)m3}y{l`?kF01FdY;Q*fhgWs0=;A4pa{1$?-ywIDkB{@} zIc$FYl-s|j^5;cSNwEBR02glQJfI2dyT|aq8)jy#$bUCB<;aPjI+L*ba&sxE-<++A zQn`G8Q%QjtMp6T#=}MBFWnd|e-xbxL+@deVQ9>j$89j)So`XQX9JyFZc%u>9JWMMq0-^p#58i%18R0eW$c%u&Xy2<$HIJ6ee>W^ z%u}xDCjqeonrNBC!!GiJNScZ01-IRoUSCPHRyiXJexl{$cS zw^k0xkUd4O$syGH;26zGh9>8t!bek1PUAdSoBHXtu8KL;Wp1L5VIU%z(8ly1g~!i?ww@8PIju97)LUl0OAw*lK_{b-`P` z32A0f%npH~ixiEM7BVf^PXU0eC0jhDFHEtkICy+&I5RZqpkYc`mC=($j|$9FLow2ufpt(gY=|4RBU0j$1;zWJf&o^MHym1GvV2>QPz zy_?NHNzWO81oFrREqrD2Lf6Oiu)I%u{ z{#Vk|{2xhwa+H_V%z0`fbQpy2@-69u*bSYy4TkguM9Y2)Eu>je?0D2^8A8CqWCxrc zkK~B|_S4|`kEB<1XU;m715~(KW$WLCVBH9{ZbC;rMhOV|UPu0%r>doph=W;`1(;B= zyL4ejStVhY(`1u}un~24{3Jl5B=E%f&GdB5WnQt_t(Om^#&+hy;!O>~+TGID3Q`Ub zdU)S};xKa@Edob+NGGj15Cw47X*csBYBE}J|tWcS1vM^61RADFlODLn9-dRQJ_C|8$$BLN^#gu33gUQs_rUe5a>c>9Dz_|X_@8sGc7iXZQHT`Pma;-IKP3$8M|IX~U&Nmx&yew5|(6$T;7yV!VDe=S1rvxTC zgJBz4mo30KS!C~+cDt78k<^B=Sb?Uf4-|=}rgTj|qEYZT6xk71iT#_ReoLLu=aQA) zr$B|sUF!uGSV8|GGQC5Ji5N!*4_PfB(2psn-@t()mk`9@w_J_;Mh=;XXjaq$iPO^E z-6I5IS7Z{<10WqP{()^$~Sxn}} zon)4#`+?dQEE+5FY+|v}^a^44{Nw0u9<@3-3{khG zUpn6E!&6*cE%>asx+Hphm$PQQ+IVUuk`T`wsQmYrQiIj?%q^)+{OuCtfF?2RClI6* zxviKm@5dId@ESlBOC=_M>!uY}$9m+AyM0(X!|$;6(-?$p3Xa45Hkih?e7 zq*4s0HX(VX{Lli@rCr+$o;A|4%MQJFIJe_(0#bLG?)#u#vkRPB^;+}%XHl75<}KLtfxbx9?uZB3pg6J8xsmf1_cbGbhPMO#{BvR^`dY~<_bW%iS&;Sf zpbQ3{Q~!md5?_9Ge1{Zm*gb>Js6rV%#cCQ`Z~b}VL!X)FS|GfFj zzJA@62-IJ-vY)xwrXKb?obDW$Ss5_;INpY=O#kt16;Qu6w6w6eA>2ttwg^Rb#LKtd zXRiHKEp~HhC>^tCLa5%WimBL9@5cN^J+9?FWr_?Ubl4Di1YG?zQ^{A>(4$WzRwlf?OgO%RBjV$Hkn>_}2YDhZg8weCju*zHacoY)q>;oK|} z&Iz_yE6|h=wV4n$-*})!nRVkQffyd(xNu&$8fa4TZ4~-GrXD=+FMOqM1YDK6md~Qx zy2F!m^~lm*pRxmI^*mu30vrKvq8G*`+~hn-P!JC$i>^qbV2D$A*3`YLx@_{g(Da{f~94hIxEPG5fY#Hqj;igM1I7dndx;L9vTTL zd|^Bc8s8Dyoh-{@6HzK3gjQfw$M~`A59>8i5R#QE#Fk7|n~_J$0Mlx1x}8vT3x*)+ zdkrK^4!}@^^|u#^R7rbbq~LZ`!ALsW*Wd|1&=?=}Kblp+LQEw>ALdB_)v%6q^F{MJ z!F1&{uTc~Lr!*t2sQe?Wm@GIqM%3!{^!k_0xh<)IjwOTBKwDtc`P^C8?h@G|S^{br zJsd+g-QV>&Qg6#CE=vPuB7Qb8^Db3ls#Om!xK&<3JNz^NOyA2O4CHAKT3SX>PS1uX z6FT?8rQFg+`Z$C;rR}z<4`MOHi^D)~N#jXo$?5803pm>*6#IN*pWR@AbTQKhgS7sNYRjHPnHeNa4s9_O~tR&Tv{ z3xNyVsbsWtWu=xgIb=IC1vk-wr87ZO||Tq&$jT*LHR) zLRdOIy##Wvl%1XXd;b6;9A@H*m!^XycXkXkQ0zG9&!@e&@u>K8kfX#KW}`eLwqsn=s)%8SAO1Ke?j`>ArXI-nMC&z zAF*Ev+*XSKwg(-FVC8p4S{J1*fl%C@jBLpPt11V~0IVF%q~pO(DJ)g1$?xKrIZ#aA zfJI{bre{Jvta~bBxV{*KLLt*cse1(|X1p?QM;_Mt0}g!gYQ4|P!4xfjZoBL1{*?ZN z-DT|#r`vcR2}*-)dKL(uLswnNJiG_WH+uo~lYYT$9}W#5wolB*1T51=aSNJ;o2v(A zimx&9R)oXsipS;yN&23dufLMlewPl{({n6FyYf7Re!o`%=%!NjxoEiWf`eI8GvuZ^ zWXX3JKL{qBc@mh{S|=L9D_rFQj&}8B0YyZRUq)B_pWV%IuXd#pW{cI+zY?h{heA&z zgZ-pJW)Y`$HLr@AGrBg!bX1P^VaE9BgaidL9=H^fp<J-D-MCr5KajXZi;ndPrgRkaG|?EfUS~0L!3V z0OZa=2DA>bzP3H-Ey|*AVmYiW&;(@%%aUQy3hWd`?))26GiRV@V zG@3Z12CB<^zQr8Ii=E^ejg#bc)~qkE<$yI~C^<3nw~}F~R2wZQjw8vNeK@~SA0Vd3 z03|mt9W%rlT6(E49Zh|{b>##dt%G*m%+ll|hrvXlm#qZpnz#&=KXJ8{>}+~a_E1Z? zS7<5UZ9IEqd+VFWTubxq>#9X0%J7DJ!nsVRIFC?U8ndaT(W0f~j|BJr|6tdr?p~`M zV6g8;H^cnRQ3=RS^N(V7_7}{otAvR_;W!Ac2O7MaF|5<>04|XB(&BmH2nk%*T^;3) z5~jKWL+xn`wIb*<@60F^<*&v6t5HCgz4qq9C!1GTo0GBBoxZ|a);ap{5%)$5wR3aL zMBA^Kx$Zd%5Ap31eRghTYH53-P^DypzTWr$dUkjk=LMS3_=2W(OV+Q#sk0%UD*&ZP zq5xX@j4QMA_5bs-mK_P$_%pIwg@f0AikW_A_3QNkbFw40li@|hm_yAaoz)uNr_A?k z{YLdCB_g2)1VdQz5P0-Go9LLp%!oq<(oR~+jYoh{Iw9{JSj%>(@WUT7)>ZG(S)-Lj z?3rDtmjmIk73U7~4`hmb&Fg6Jm`VWpXEn59@)2}z#_S>~`1&OQey7+NN_?EDzb+{7F+F;O0=;Ifr4N-Y&UJIsBB;;U5nP zG)NxCjMS~Uf!Ti*EADLoH8e4Gk%X7OycII%!zMZ;%a4Nv)lBHo$T|0I&8G(8t_ap z1ydZ_Y<+VWPbV`s44~PUY3KK=8sd9_39>nLZkt>pW8Mktu z!^iOmPjbY_q~fwns;)U+FmQ54ETXF8BN#ntvYxQ!nMIwsg>I-008_FFQU;L4d+9zx zY}~(?22Xxz5C>H?Bl<}y@m1Bh7i|;cRrgKg!hvFbugO18I(mL0fMw}*@Rv}ErggX2h}2}$SUX}s(qi8GqvPGv#_@WEu3JttO?eL*|A(P zj`_^|h1&{Sy433u#0MLqObxUHCM2>OXCXDeT`N-NNUSO>_cH9hBHIS62 z0)m>%A_YT%RNGmY+V_T$rhbbaJ zIOD@Y7KHc51Ps&zfK=KN6S;((J?02&@Q9txTkbV<#}dq1A@-Jiwu;-7#x`~Hy`~dg22jr`nM(= zlRGUecr~^xdS4C+BRYgezNz|AcdnsRdOCecRjAnM8+(vt_-ds4hXwT&l&3h!7PC;KBFOfs_ecNP<|UN{PSGXa znh<~FsY?5B-%H^BmBSb!hejFf>~wiOMH71>CEq$ZeBPncq;Rw}oZBe_KBolZu3((! zPseHxt(*3IZ=K&~KBuda(yC_99|>O^_?P0ec68nL!%qwydB-*Jg=$rqyr8GaVth1)xv3IGe3+HP%CYk*QzLNU5A+Q2cc=JVgz>(2=Y=9#~O@UdfE5=E<l|d)PShxU<4fqmt|2={q^ChcZ#Veij9P}G1@f4p+Z5-EA1H%L4$BZ1S z6;+#uHfJtEx9R{T7a`Y7er*%+)};$D8~xfq^KMLA8CO^jv7!M)vectn?HI3T+OvDA ztewRR2o%$!yq9kd2fKQkF>e$Mj#dZOog_4zP9tud|0vP0HwKvE0-Vy@?d)VFDfQQY z>i>Z|^kI`2ZJ8)kF7&Z8TsHjQ@6V5)-acGwQ#A#~%dpf;1x%n-wtw4zG=za==La-< z#PF3`AD8z*1UneXMyFI9O;@&S`?05?qYa4IjgU3}^?4UFnEjB?gQZs{am4TfQ+^-@ zE?P)w7{?dvuT$SpD(}}Ynbod1EW=E$e5+B?X+0-B9JSYzwY5BAK?gQ?a6w{P}qJ_1MdXX zRd^U#!fl<23NrcKw!s}c-tIHESh5d&Wvvi`*!7jcgUB;qhj zH0_-;qXk50olLicRVs`MZ9bUcLV-0h`}b4S4QBi7=i`> zv;y$N&3bFjgJV72_ z@$g;JPAI`{`6Ia+Son1QwS>C{mj!sdW`rF+Jhu~^1{Jf&D6<4;gzHy@4(fmcpqH?Z z3(~k;@wF^V956FR|Dg@JYf#!=cKA}xbFq{|Ia8=Rm8anIoq*F9iRamB)qElZuR-Wh z#BvsEmzF|)q(zP!dfFIt?;dw~Y1Rq3{+O4Ws&3j>+|Bp<-ccWxia zuE{@=7wRLYZm8!WiI!v=)+(FtsCF=nXQXG_3yD0H)PdScr41)txPkS&R&)ZI+tfTV zE%ckfiM4*2TioSkeTH~wS2KJxpbmFxsdl-R z>F--mZoH-rP)nPfxx=T6(0>}X4^po-`Tdo$Z$9+>5aic}1oMWQ7q~C*p@+7wWCGq4 zSD|=_k@h~R%rG}rB~NNdFvM4t3WLMCIyq?3#a+B}#$eSaLV~k<*Y^rQ_Zi?*NyNSa z!X@=|ws#Fe(huNozz*WQPgwrc(lm$<6gCPO-SrFNW%Af;zcE%wS#-ykI_Av7ynp$R zgGjTUzTTa~9k&4(eYoU86{~-u#W%ck!}%V3dt6zU=luvGz-8v#VDGaz$r7oibxYok zUcn1ne&Y*if#yRFbu0)raS=)8{YyL;^e_NLVOE!rP7K9oxljyxVgpwQ$%tN_9)$U) zcL~N8O5!;XY!$NjP;1qu5j)kYT^sl=Slu#EVPl8?X+V$TyQktPj0hOdR}?y~7YKsf zehg!hdjp@4Vb>R$R@b?LC51w1;n!mXQe%*#OYL~HeqwlsUmSPJXiT-utrHEsx2iSv z5eVNHgn-AZ8y?h}RIpNZk-t_AaRC<$sJEi{SMoB=DvVrDT)_cgzZ@p`-%J0zu?iqh z+dg4y4(VHZ!PuW*=5qsTsO_^kE%0IRVB4y~>I?6gOVlf^LVky>@w44+2C=HZq4y=p zD!$$l2x}SaSpYcE{^?Hu-5{6hGxPdGZ=e*7lx|a0b470>NCZ_AHCUV=<0CqZ#210a z)aBmn5>$~^s_Mrk`%Sm5dnz=jk`scFTN;7A(SQl!S~M^-{5TE6*)Z*=!i z2Y3V%3&sJ-l?!f`*vz(`YUtVPAOLQljH)@aXOFm}xRKrIcJUrO^mm*f#fvmHv?*G^ zn;{n};B<2=Fdg`wWual9flhf^3JmsahBFn~p<975k*fv0U z29&qY9-|c`M1*55Kk-xg0)22)z9EapjtM#4$(nWbmY5g>9KK9R|Elr`ORpO9``hqV z>v!g{%!Zk6ib%K|dQC=N%x-1STUoD@fm5p+g7CD_EE2{|y z@x@Ct^#aI^j}fI~=cH}In%6Zb)`wGuzIS>U1X<26V$l47`59{}?`xUe*u7HZa zgpYJeu(`p6=G*?*-REo1m14|9mgwv$uD$&QK%pA4p(cki7bt)KcFeTO-)DhBI%T~1 z^Zr^1ewS|tK`PsTDxReT%f$h5gZS=6tTu+$L#afx>;t}62hOj9rqab9WqM>H9^>-v z!eYRrshOO0fueO^;PB|UTi**Zm~j7VjP!XT3~4i`NE7@?ac9x%GNn+VsdDxmeV`+9 z*);s-W9Y1n%9}{NB*c|8Lf(=W3n{cm(|7?LSd^WZ5`h?#{nP8iF%nh-2c`+PNiP*F zM?xhp&YTP3d+BRVMo5!;ydmz@H^=O*Zrq8oM$Hh+I4vw%g~BqTf#xRxm|`cijmtJ*oR8~O};(ft-fe>YKL2Z})+Y9!n{ z1K|(=L{Z~}vxMQ|XAczcsQggjk>y&nJF3Q#qI`YVCTPOp1*jK z{Kc;v>0^P-8q0213UMkx6H0~E`l<(h_4(1D%2+KFI!)Rptdzydw+#I)fF0>oNL}G} z^d1%1K}`kYuZ~H37c9}#%_BjUD6zQYrMQ4%i~Go7*?X?XO_3(_!#l?21e?`4FDziKzFP*Gc?`kLF6uDRO8_L}jap;)C_f}X zOv}Vk3k0=W%gIOEAR_vOB+`Eq4_c757Rd>7t8GXSDSJpFDk#=;mV%k|7W^}W&D?={(p$AF z$^>TE$k;X<9?y11h3~8E5#-C>Vw!Kz&Nh94VgT&0tHITS2V+w8f{g~2!>64Be{gSC zJ(`>N*-^vxLbZMbfmkhQU6Xe<$djN!J`3EVtQk%e2oCa`-W14&Nz+ohSx8#}(urfr zqO1pOnH)8ZoE|pnrw(mjmoo$TXsW$D`wQ5m+cmtNrT#HitZ{3nWB3cTkaV-2Ji@X4 z*#)SAo-!>=G9PS(*Hy<@`jV58AEJ_nrAFF7{0C5yufs4i74;W=j`%Mnk7A9*Lx0JCTzCiGt?VCO%59DD2m+Xj_0qS;8QUWZfp~zLtX!iIvPv+ZY{M z``UVXtsCQ%)AA_&J0P%t-4>Q!aif%Zy`3E;(O7BAdnGFVtaV*pyU#E{e|tQTHm=Kp zKJs=bZq@cW9s}Hy)a>wj!D7c;m{P+c_*G_~`;9F8t7X670!0vP-=zOpCMES$!iN7VXy-5LUwb2e`YZ^Je5edC_~m=Z zCy-Aa-Z+lH(p|=ygx3hlg*LBFq(lI;flRkuV;zuMYQHhxPQ0(@Hb3%an)y*#?)199 zc@f@P+Y=hyb=Lq-7)L?mRZ_uNcz-<(>8#qzY+o7woIxxHiA;^9X+hOq#sonNhkLvF z$fbOojiWR`^K$n$UX$3_nZ<^=&NZ&@8y!(l{5&3(k{bOLTtW!_+o#@SV;s_*RCUvi zmwA>3-;#IXA&%MKIHJej-BC)LQ$1&I&SsL{L-h0F`&(E2qQv>~;(EWf{qV*4#eOV* zIok+KA5{~5;EsmWPD2UIjd7mb_yR<~6bovD z7FEshqMs6!WpNi zjlUC^O2?}P1C{jm$)#sVl>G|PwxjP|@kuGDU5(bD(qL2ApvwLPr4?os3p5}v$*~|w zO~AldOZ_XUl~l4sn+a3CSF4};6Xc$&7JPQ%4{t(S@zukADfc{$&1n2%Jl&vZ>iHF> z4X~6Z`S0$VE{!v&uF1PhKZe=x0pxF5@^wA~wbXT9{9Y$LT_?VJMjK|jKgpPdToJ{& zLpcaBorhDqlu9ufC$bDO!bGv%-I-7Q$GP9;Ot8W1M(zd+N#`zj{Y+` zw+Im-$fK!vtobkIBj*ehnd%qw0U_wlhs~plvd*B#7`Yiva3k|Gcq9!eL@NYjtZ%7x zh9hLChX!AF@rU{T`e2DU98tu$;l2c%0qsT9OJZ{lcA8@HIoi2i&1Ak0vqH(Dg3%cq zpB=AjkWDMNq55B6v0etTNiJgibXG;RSCILi5V-;7q_+c+YieaN=T#Qo>0<+NlRDKy zi7!s=q}=3UWvIaGJFfHvuQbE=LAnueXjxJdcUjAx&_w7|sBL1vqbNMw5wBx9(qQoW zg2i0H5ji6C+2b{dVGdoFmtRL<`a#-5q~~|PIIk|34!>N5ds-C>cZ_qMA8YS@gP8d$ z(J1wAJ%7p5x63mRrEuDYVafZeNVFN9D$$fWL*IfT2dR2?e26*eVx_h(0ksgUcn|s* z^n(rP1AiWHoxh5hTtz(3u)q_SidlE_TM?P+Nu(+h#kLN<6@J)4L z^g;!SL~b>GyvlCTDpPC?AQkN4u&c)jm;;EWvxQ*i6p!tD3CUJ78~R#2#7c=l^2PaO z<(zU|IpJgUw|=g?tlMA05>?%A&s(S2RpEE*ekR_OlVGW$3+fd92&@Ccjh zGEd!M7`x*5;~3{8%8ZBF0)xMFqL|N&V;p-HhDd+Og*OJ3_xILR5KU7j*llluM;_Et*SZ8 zxatwBn3UCx^Ej$nMa(AR4=5(^$*!{Y; zn3ndyO!!E6ub#<#I#n6nV7Z%&nZ2gB?>UJbT*6-PFIb(smMv-|O|iOyAXeYsoU7)X zDYD+jz;*IViU0{O$aUG>qt0*dTuJqw-kR|b1KYC*&%l#cI15Q(oFv3$jb2N?q>pbc zWqp6q(Z^Lm)O{a~645ByqV?#;^>p z4fq-;DhWbJU{^>&eh<-!$>Ydyq4yW6so>WvDno^hKgH#xLY%D!)WECeeduO|XSs*Y{#}7+4o5o$#1Upub_{7lf}XVMi7qv6>ArI1yTjV&QdZk?|{y=)@NL) zZ&WB)L1;d>kB0qq!^v#9DatpJ2sh+m8WD{{bnx+F$tfY7a=9muwxG}tX^svZ2y$W= zbhW#&5Q=nVV9wxan>fP**4&qTE&d2=kTRboRLb*ky>8h}3| zjdULn0FJuN3X3tt|J^&W4!wa4lGKOM2UCFg#4OSaG&{MpP?{!f8y`DVWkCQ7F8uF)pMr&}3L_p2V zfo#Z3e(nrkM=k(TyGCh&I9Ej#O z02=*H2thADP|=aa0XV;se?pbS#$+_foB|!*)xs_*Rp{&tDLoStL(Q{M*z$>yUVLqY z4K`T~wz0G|WLmw+Y%Los{EPc|nmn!nt>yGaAGLU0xSD}o(?XhmZ0q&_7}H`9BhZ&a z(rV!jMw`$ZW!KdZ)dV%0V%Pmb$U5IDl6&Wog&X(GpZd}9-Ty~7RQpHqCOCw5^bij7 z=5C|GfxWFMYpo*Ly0yzSpQ zJ^Z&xmK~Tzh$Zeh+-}!>OFbjHBAGl_HnC2gT?$mK1vv-y{Gxk+MkYiI7(MYskO&nC zeHf>SUKRKdVS}E-$k_bsjdo71HoT0NixAJ<+S(py$O()|@LNC^EX59}j_I!RvKy#Q z=?&v8hxAO}#UdAQ?eA2RJ2rlWoM=RI_GpYoBN8N*1s9E3k5h5z3j(FxcnZtToaRVI z9t15ztd`%}w2+0UD3t>v8~d+qZJs7CQ{|@>X2nqsiR5UYdNmd3ZAcQ($-17~z-FRA zBFI9}c|bunZ5nISG5K$ofjJckL9+{TWBI|92|Rs8mTyO9uv%K}y%ML9K}jEWm6bsU z+u(W<`FLL27T~lBKRah#5rmYMNl7&^X#P&UlHoDF%P8U13K&0?Rw05j7Sa@|)k#a$ zahXHwa${hpsb@|dL+sR@bofp^dlJ?#vvp61i`*+I_AOj$X2#Z7jM>!kV=+~lvA97D ztHyo>URiw{z8s_~;#8|y8JG7DB+?Fp19b`kLZfn9AUe}wqJ6+)sx+0QInCV1do@<#qXt&@K#v^RtwtnWxN}ema6&1{HWDkFjN8jI2ze9IT z_g(z=$LgI+18agtR4c;mgkL}sp>+s+?Oo9zDJ;w)6K&Xu92pIPo-;_G1U*lGnyT#5 zT0#`zrZNyl>n0Sv5P#%U72c4k6!K-MSkMfT9kS+!IWbb#dT5S$5hM^8_>J&E(7!IS z8YN>GO*kyLzX_eI+sGj(R4R^K_5jn29o+XQUQk%fYiUn#xcG810u>VpO6jf=iex?d zlZ#*-^ZPwzr^eTX_&R{?Tq>e-SIimx%?vhT5)C10bJ6L__xR;8XzdO|y4X!5SY@IByJq-6`z$y4K!i`nHUdN&MbRIPZ@R;#DO zItQ!VtWw!H-7;*Y87)5M3ewx_@sqs;ml2^$0!#G`Ay)^Izaw9{K~Kv(sdmBG0GQuf zt;*BbeuEZ$=x#UKZPf1kCJQW*?PA&Qr0A2Wn`G^+8-!E}CXzzK$sT4cSLoRmjxxm2 z6E-dGaB9x#`Af>b^{i3iqUsqz}mX+uE&vsri>` zwAvwvX2Juwu3-r}t5uIysSLj6J$Ia(NB-oVrJ{H1>_bQ9Z{4k0QqS3N{r+p`N~il1 zN)Phe1D+^;jB@yf0{xFy-Zx#ksy-gj=f(|mU^P}Yp0~uw>gN##nx?cvOMcp0?4m80 z$G~0Au$_IJ;RD2l2Ac((2~E?Jld zK39wA#ImXQj3aRvhLw}(w}`Ya(~3r~315g81hfr8560IAHj*bqWW`d|V3v1XnYD9f zIy^6QxUWN$e5A{gNhIM@XS+g}PQh2&?)9HsxNxJYE$HE?V}SnGSX^*NBG4l?`0!+_ zJM^PNldm|EjuiE^u&~&yO^WAFc#9{xKoobj-luTCH0L~QFZQpu4sG_($6LsOx`0Zc0wfICYP;1;hIb)l(%gcAoLdUSr(akx!f_;}V zR~UiRhNE0dGGRZ1t8}>5eJpFuqMN%gFT~w@pl3F5*AX*#Tgo~79hwIiMV-f{an}{U z3o!HAvAQ zinqa{S18v`@|nNgNL(ZnQX5pJf;GLPSr@f+g@OaUIuJh@dMrj?mTtJQvYT;Fwp*rS z@2Wr0>OUGe_!m3B3u9At!;FU}W$q!H(3!k~HX%AQahdvKQ*vIQ7t1dHnNOJ3xxut! zv|!tfy|ccuKl^}=JH%0aa0eQ#y+S7(q5kIHv*&MGzWwItZ>sM8Z+QG2e*d9%VKjkj z1ibopy6f6L=K`nx(~+y|z1$lBx0@>Y)%wj8^64x1-HZRT6Zc~~_QQJkbMeFFBRO7} z$m@f#9FH$3^kX^(KlciaK@b9s5Lj%O_Bip1s!ThE_YLo)<^c70pZ**!xra!#lSl5J7z*3yj zo*jdk8CGz>Z`a8tRw{pS>ThAgK3Vu&_9$)UR{k3CIPo1!CMUUZ82CIZTWe4DfE0E|&qJU!LuAVN zeOjW2+%g@}*Sw+0j z_6hZ%oi28gr1YCo%2){wYXcVX9$Rn(N%Kpm?o0!*?tpG+w)|V7P=Nr)e%1H!!I=`F z9>1x+$yAeai}*X3zhyFTY9l$1{v9;qW#eaC2t&p9HHg{4OPjr7`30oBbKz^mgpsIf zCDAAZ{CO$cA}^e2Ha3go;>_f;qM!NW$RyKx%Bs zbSLpMOs8I~=uV_S9-%i?6xtPn3@vf9^zb7&o_lf|7qJE>wl3O}R&VBmaJUiUfAJrKSB==G&1Xv&mc&D$ z4xy$-Q!9WUpQphj1wsa}mDUU-s%sA9MKlXXY1-iB;cpFn*X#dgH|05BaR zU%LxP1Qn@nnrc0%eD${Q@OQsuX3yDt2qn=h3>8aAs~A`0R`!LjbO5&D97QH3Cz-^c zV#W^{AT9uLWOrMry$ns8?Q8Yft6!Q6&9I$loH8Z|6;|7TyuClhgLNu92yq)i%vCEP z*SBBCW+)>FCQmWOm7Kz(iPlGBxjp27K3stO>R_wN+nFm>EEl;yib^TSHy2G9-`J?y z^N1Wkd~wLnVDtIQdZbtG+TJ7quGsra`s~WGwc99r`4>AEO?`0ju+d~A~?6iu=)n=jd zVgEM6E@s=D_3&{iglof%d56o#LG4QAi>ln%fQ_rqGGFMLSJdtHueDUQf}U$j8#<_F zx?!G*#U#(%FoXVq7!`%4F_^UaD*5HElV!b{Tu#Er$A`W7WU~x?fHm8&cHlF|uw}aF z22QLNJ&dajF#yFQY?K3LD;nior%GT8Yto zwJ!4S4D})YNOFl&$TQQ!9l|&D1>QE`feTm_f;^q9pq~Y%Q~a$MNo|||=bwN8+Msx` z%;&0t4$e+5$^AUe5G+pKc-~lDY+upqoZwl~%S4m%{cW;A!xW3AZ~|3id|z7_=3^*$ zsi`IIqTV(f1Xoh`V4Xo z=vQy4x ze8LgL^o+-E5TW?gnK}V6ap}x`L_2Fr`wLBLX-3MX_=$mWGem?R26ZYq2?Jeo{_$q0 zVAUh?$}yjq3ea4kqw(e>LPXoBYfO~ch~Jr)oWRtkG~J;P48X{=ylK@2dS#rsgZH$z z(bDnKC9oI80BDx~;y)fNdH+^Nnf-MJ(Waplp0BW>q=DF2nZh>BJ}6i?N_cHC`d@7Z z`}iVhV7;A60k(aL&s5cfOY?X=k^AOkaL2*pp2P&^#9ow8Ylk?qrRkzli^1_+i5KNl zi>53`)3)$m&nh<)+03>ql|owaGXHg~8IsDO{z(^Y=@V)hh#8#cXNtiiO)Ah zuL=)zrKR?ZUYxO79iyg!$uIt6)!B7CuzTeUuFpf#SdoN39mwZh?+%)%-XKmI@DDM~ z|L`BzPsb_MHdWbUreG9gNQNnpZO44%>J>+jBK3Z>Te7r>8p*WUGoQ(ED`K+8VwK>iIjP<~fT}0|Kj&r|9V+kyeA~t} zt~aG*|qXQ#4Q2`dS@LuEzL*I$_N#nDt z8UQO#8h1T3PvgG5Cpho|5jlTxsS_X ztdyULC2!i0$&ZO<2Oxxx`HU0dUDXTT#2S-I<}9q556d~+1Ncgi;?L-~HZ$P+iIJ8d zZNRQ?Zbs{3ijno=oj>|MA7k$QGw`+`j#w`EqnGk39_#RG)1ICuvlYBjw&7Do^s1dz z0*B9eQ(HfI_2UQ^4$bN@#pCPZ)n^m$Mk4uPRC8Y-D-yXnkSm;BKRMtaa!8m)8eb{=P9Ks(>Az3dFbRxn)zT84XUzZ1nC5c>wuKVEf*+r zCEte#t*^Dt75CE|C}uScYF7XntZS%rbW(JV;lXAEvFyFC%gdJeMIS(73u-%GD1uYq z*F;jKGf9>M3C8jL6{vq$w1)JM4eK*F+MvEk6Ve7c%u`8wr`o()4bss;UhPr#Pa5;5 z%d`DXBlm_lPR-pGyhixl<)B1~&5%Km@H{#>ox-N%KcdHtTt_F{WiI8vYt0nUMwN+7%F3*SY2%M%jiimu=$a! z=<06FJuJFqE5t4hP{-3ck{J|g>&&)>SQM!(t8=A&yHF)e+EkTKba(p{SFzw)<6KFD z{%z@d=ffauGD~%RgpAoCDNrTI*-zScoL143XIz@INn#>~9O7!Lvj~4(f4p$TieU&E z062-_>8kn%-f_f4mQpTIk@{Zl{;F9h#yo1RzAXyZ-$}G&-UXOrDoT$s@>=EKQ}iOe zAdgq-7a1f_3rE;Ev!@P~J_V+G&lDMz%cvY4p5dn(vAv?hjj#G1*5-b*)X>aB-)`xf zb7&#N12RN(pJcN~EN??c-xb;+tA`t&u7=cjF?%=6?}of==1ZDIk=hclXC{C|A9ESM zK^WzxKu9|lDfxjFwNPdCR?BE`6E4%e5J(=EI-NeEez2}E7_x>Q9>Yi@e;ycmSc3OW z^{2S`6|WUYW248D9&gC5XZAI%Z>&PJ&aL?Lb?8v5!<6Yg()~>J6bEJsmc>PJ>`4fU zSP+7)h(npv(SEaFM*BR#v;(C-81paK7p)mURBg)> z88ZLw`Q2l69Qqn50QQ|Ge3S_=_k7`m<++mfwjY^)CS(~)L=G3DnC8RM^F6Y{BBVD5 zRB0VXL*3nIeU6}pHRt6|97#5ywX8Yz#zr>K!ERNS3nn#B_2Q%M&}-glFh@C@?A{+< z8+kb}@c7(g1wKx8nJO4f5IEVJo9BRz3Q&WAd|I$PjoxDoUiNPoCx~Yt1A@~oYKdu& z)iVZ&1oK)c<_Hi}4v^iBn4}yW@oysf2!=%jvDqdNQpN{Bc_!=j zr*Vg>Frg%aJ~wb3{D(aK_bam4f=OQyKOM!voG6$9do@Aeo>z)0^gO6B2$=JPVvo{< zv3j*D;Z>a1G)k`B%klYgt?|Y$nSYdPEaTzs-AZdMVqxI)0ACCYNJ(taFytrX;H%E*`(fV(I3m=)}R z6lGV%XxszB;SWX007^L;7;wOPiPi>VXULV;H_T%4fGt&v=G76qZ;96skF+)iu*1>4 z-mZ%XLAT*N05@V|($A&nuh1GC^KWkV2#L2q@OFe4Xe+s7Ac9tQE@tsll;tRmkU{;J zLXE1Zp6Xtr6jXVPfy-zD;jk$oMIrkN)qJ{ftLPCR0YdjdRzy_qH zpj~w}Z<)H1Fm-BeZOtIIKfBI2aXa=Zs2o=|L*?^R2Y&4d=m-*g2z~-ojdBg#vVqjJ znT6e0P`nj}W>RtjV~5^2hVm1}ohyXJ?4M}p*LPq}qvr}73uML^V~fpfRVjV|IewQa zK^04~82iE0gtnKiGmM}`GkK7%WjyX@tchf_cA`2@^4&vbK2P|rEq zNiRgb;|gz-@vZJdjYec!UR8Xz7vwpm>9m$Kj+NVmq%4vNc4FJv_}O?GxxB_jv48#+ zFD6V4u%U(N{4_rqw6w1p`o%vMe^Rh2D@h56k@Uf!tQw9BU#u9=_E8tP2!b_V^*AQ< z8lJF{N+l%%t7)$lg|Rfp2uF|~P!*G@tB)i8CFeIabuC3}MyhDEarWE0(RH7pM$9<} zKW7Mupw`44wj^~m+qJ1*tofLsj8(3rR^QCvF>*%I>hxC9!&0FVSpWM_A~G}Wp-y1F zj0BkYs2PTPkL3+iGW;o|ZLi5NP$8;4y@^?_h93IHhdHomy^4BgEfjCjD;{nvo1xGkiFv zV@atYzNx5Vw^+;})BE$`S)?s;$7fW}uSSQrmJy-#+C`ILgJ93W+!CtUNw>S#p^`(o zY0C1#I3@#UjhMtzS8cg!ye4|WSdPVN=4pfQBd&;TPtl~PHW1UmnsvIs>4M!D4)B#$ z40n`@`Gnu!Ht*?zIZG_Z0W(}F&E>t*5OEpooAO#(W! zEVZ?faN+(mQ((avj%n3fcJ8KgwBASCOowaJ zOu#2=6bom8hl0cKoU8eG=6Y%Q$>9?WkAh7xO@EpR5%VahG7W{JWo5eZ2v}XQtzqm%eeG8J@iqeuS7o6j+mj{tfn7OiKKp^FY^vxL*bQ} zjG1g0C)OIGf1VXDGVyK8x9=Pvx#Vny$tjWmeK+WQ2rTT=?3V6wKWxrxwvQY&X7sPr z1a3``b(AZXre-N;c{X^N9Ig$nHBU;g`=e9!rV(zd6-dUY&EiL)CB_IjNJAc0IaL>0 zauKWlb))QZFE#hSZ=Vg?zh}KaZYVSp9`k^p3=gAflnZ0E^R=Z#vsan_>|A3Wnuaqy z4z)8}5rTvMYL1d(CA0)A3!(I%SP^e8?N&t{5TBZiCy~nd`W$$~{`geda0NI?cy$tj z?5)@i;@5}A1V)fjy}V4rok@e}u^OUb1Sy7MxL-y|Ox9J*rDdU-R2!E#xo=N@T=$de zKD)9up)mA;9bPgmIMR7HUs`cqy_A-Her<;y6>K&xhxTUuoiiMqr{K2AaxDbG>w<>c zUpYzV6>5GvSwSzV>xy0+U(gY{+8=GKOf21Unrguk+ZZXThVH*A+qgeGQx)I3cZXZN znviduSH}k5--`A3csh= zfQTWk-v0v*)31=>vYQT)+*$u~RQV!Q?`s6Txu=Xe1<`Cm9Qx8nh*$>em!J0GB~^nC zl}&NH_J;rp3brwrmk+5lCWo8b$E8hv=42+9hj#Qvp01AcGKLuBp<_lwqXsW{g`qw; z+B(Ox^9``%<+i!xBi(ty!Nk+l$~Gbhw(5GSA}l1)GJ1}8`Jg6)pyZ!P9phg(=`{-3 z>vc`l?s|_P5=KFclW5fKf}0S_E2|}tQ0Sj|&)m>@PW=Uu?ixkEWfg_ikebYi%7x6q z%$2(ZG+LRSPQZ`li$+z|QdW~7EZ*o$ffAa=AWQqWA=ozC-T{Lh>Evkbluv~AE{lj8Mq9u?);IPY z&D4Do!wc%YNvOqvAX(9A;vHGFd>c557?cgRuUWvnPFMNsiox-5>z!J#Tvt4ftbI~j zyJz%2-&-&;{oZq*&r=Xxp}ybOv%(N}oO&sPPWU!VIusQjex8uJmu^3u9y{p%GO6f~ zTeKiX`I0uWS&<(EArsZ%2~%ELK<}dP<02t0=rogBaEIC{3PMusmXXa>U8Zrpk*F*f zG;+lyG&AzqWAwO@?2aog(jU0eLayHO1@D&N>N@$1l=Kq-BFz>P zCJppzY8$!%3T0?HW;BXxoK*G{nd7&{#g$VX|OfLOOau=_KxWf;LBsQy^a;ba*j~p&J5ZI@PvDoI1 z#0Fy@o?Q!UcZOWG5-}w=Cx8oPFmD-nsO{gRJh?eI3_b{RwGRC=DkpSi@MYr4V81F< zB;ks{2+fjAb6|8368-FH<$Zho(DiGF2JsLyFT`DRsd48ZObAnRCIT<$^L(hKSY}C{ zCxlj<+oSMQS$AlgAO~x8#V+U0x)&9fcx~fid&0{#4;;Z$%kC+duPuy@Ja#0O9J!k6 z^>ZHgwsgAb8;&IkiaW0b$6I23aaM#bmyF6{V?RY?BxA$m3+ZmrxZJ9+07HIalnM;r z`u8lw1bSw3kQ_!Bw<7MCyq8?tV)2mn$)+9-2P_f_rd5saSq_T_5bX20^b_raxr1if z97DXc3%ab`Rm&__qTaT!3awX6y_364S_{#al96Cp|6jt=RZs2dn=DDlpI;n*hX~MR zlR`dWzkyLeY5eHZi{tN(mbd)V(KiN@)@Bjdwz#m!QY~A+P&CN7)*Yb$tvmFP6|NHz z(S)~cYjHi$^sz2R$Qe!f&lFGWN5gyeTGfX_KLQ=UhBdCgx<|XLrBIqCXCm%-5HFxT ziA;w_yCx~_cpCLw(Uqo}9bLFSk9ARsNlugZz{B@j7j$r9!4|7(o0OJ}=~jRJ>b#(j zbI*UA0M8`v_JI9(d0vV-_;`8#NW%@#i@$qG7~Ww8AW zTegCjch(tuS26-W9iNP!ZP4fBDfuZSe}wt?iH5o{GcPDw@{;`Y#72Ak^yHBI^rQl8 z{2A7hYKW5L+CUqBFYiJAE1gNk@}D3qx7yOjkJvwD68ztEZx|Y5AbE zHuPtwd5-1d)I3Lb!kSyyL)X}#a1NWN#QL6Y4ju}r#$IfeWx zlIrHql=6hd=hg-2RBN_a_DJP*U9dqLGR@OWWXg_5yiXCeBSL0Hv=`qOe1c~Tvc#da zd!GX$JRl+^l&CC{y}7t{FXc=|Cj971C@-(NsFaKOH_Kv<#fA6vzUuFG za9wgV=nCV>)*s6jTesSNqdAMSq)kJ;)tb?ts&m0lt^=NV&vo0YJIB-( z<%%K2@So7Ry4HivZFJzO#_iSiPR%!^wC_j3r$%lbHx5G>e$u*+88Ia-u=?K5EXNTr z#g9voljp+%2C=(lN7r)}4idWZ)Yx1q>vTbrSkkIu$@nQH7fdRye1=^6t?rR+S@F`4 zDn!9r00-%FY*A-eG2mZPsa=xeBw(P71UDtT(8hd3q%(o%)Sd&C_nE9nG-uH*BrA0B zfY#N~dgG;K;Bi&nHNQc1Om`j6@>P^-fWSI6rqP1^k}EYdtglk8;e!DO{GAtSfZr-5 z8W3>sQ(kdF`0hPwEmVITnQ1=4Dh!~J2u^)oHK3ZT{;`!rK#fM_GneI`hmr@su#yLG zZ7paaYp}>CX~+t`N0;M5jmOGldY1@rXQA}-P&r_z957T4*h%Gp2gvy^Yjd@>TO@mD z>MkbgM*V4?s+)#k*_Nq(_4?As<(^$#qJGFVIt(x`hO4;rGC?ld8<)Wv!`OnHvNr`) zBlL%e$(qnUY|=2Nb>+Stq|{E)p{$tsou^Tf#TW|_3ImARZQ*u<^K8uQLofe}W$bhuN3Z{j%ti2BUGwxbUPhY0aQ2jxPzHxyZp z%RMdoN>j3Drn6^%hs4E9N+H7mGMU<_vwUye>jjm!xc}Db(YQB5`rpop{0h?l%AOhH z&#Jk`z2a)J(hLM0j~7ar$lVmGMx~gBlxcu6Q*wEOJ@3R`U&g zwJ7G7Yl##ohT0XH=k875AnC8SXOF`={30dy;E!D#!a>Yg;*SlZym zUjyPZ-y!gE2U_l4Sl2!=H8jzie*-{|$%oY88ddF>E8;Q08?UruEbNu`z_!MCx-@H* z+-!xPVwi}(nCMaqvSbo;D1LJJJRIlJ2$AkMkUy@b+3BVEVE8tGmm;~^!m@&qo4VO}8 zR{+jrvKD+lUcPleF#q&UwE4j~*X~}sqvK!{mQQe+B0?v^x?bi8q860fub9UyHEdmT zfMHpz@*UioJ+eoAyQ8@!5!6VqA?@zK-tCi4x#lzhLrmXk2VLC6?Jz~hQvh#~%dkwV zRGLhgj^>RA8{Nx_EDj{Q#6)9z0GhqSKxiv_<`@ys3YoNyIyePJVS*u}4avK3#x_rD zovI)4luKQ`XGZ&(NR}zKNA_J-(YH+RDe@Zg3PT<}5oeea!zpYJLdOZb$oYZVv#OLs zA9;W-+e&2%Z=G2()Gh#{5UjYw5y$v@fV{_tp-G4y;WV;{2^;LQ9tJQ}l# z8B5q8Njo5m9Pjzz=ZyR|73s*0@mpt%asbN5d?O@bpQr%}c;N5-c5MF~M`E#8!KFx* zJua>Fh1oN++w*Fm!qqFa48PTNmzq+b2ddJwlm)g@=hCO=zIgr4D-T0=CC_qwsAvSL zIg?PU>s15b1Ug|X4cvv3l~Xl@1$zTDc<5o5kC8j&=gD3y;zk^{OC@qm{L$rPU7+JmV@U8g64U8}xVgCv`FQ!Zd$oDnf*QNJ zCNY7c!Uc~jf0_^+0+Na9{G50Uwe~ujgGK7XM6lon_{G{pvx+R7nbL)@A;(9_{d^Ui zM|2*j#K^3l?yHGWswTzARWc2sIqrG}p4`w;kv)6!EJtt26SDMsuZQ-m=9~uX3O3(7O}4SnoD--N=YKL|f~{ z?OjZ8xF9oc4a(+=MW!Jr3Q;!tFy<3hZQ0KX=c3cG@Slcf`zIAK8?jFyfy<+4PNh~y zXuSug%p)x+oATQ+7yrrAnPf^y0VzpWbdmJ?#_{p-@wd;P!~c(uk4yi5_WbFyZ~y7! z`STaYC;$A<&t9DT)A7@1FOHA@i5x%l;?0vOP31owZ~d+E;=Ymx+;eyAb6d$pn4_D~ zjHTe#I>~qvqhq=EYrQ)je>;Bq8$v2hhA&B)C5d*3;>JGerL4D`t?x&k&j0+tjW`GlQxad!ENa2M>Hd&QA! zgbMlL`uc)Ek3h9luZ(SS+S{eeUWqE~#DT9g=GWuS*T5%LE!n$rSA~{F+hMCL(`=PQy3w&4u*voNV5wgJc~%D| zbCJY2Di8q}vK#(ghPw6qY{IqOhK@IIzR6{lI7-&2!73GzGNUx9yV~<@nU6KR>{MKW z2VJja@4W+OyKv#KSh=^Sh|H3DWY_D6<2dT*8#7E(MYisx@HkG`J#DBCUbCRQL;YFJ zeer6M1wQ#Go+i~3-d>=vY8R=3`gWs8#z)_n^D)ZT*aW5yXMtjJ8b4Z7iO0M}t3AHG zz-nJ3d3X81s-Ic7Z)w5t%&sHuw}yV}ApK3VspFd0ToLrCEDL|FtgT}~HAiy?YwJ@C zx3#ur4>yl4w-_G@*6X5Q*wzim%MFINwsG3qAU5}jcI4KU9Y`^G$9v}twvB7intkal z{Z@4F08$n(uN4(+D016=0jk{5g+*-~lA=mOaU z3qbHvlHyZqd0k1TQy#T=srE%_ZA?YYB3fCC4q)NaWj!{R(+}u&)y|A=4yN^K&Q|N;^GQ z%Y6Ksuyf%Ear|}SV3)kOY3oZ%)Hr)TXGy-+ylob&o;8zteRx^xUi#6ItR`#cOX>0LO8z zJv})-UR2`btIv9l@7-4$y>2^I9T*JPOx_A&q9tIR7)YRa zjOV8Y;Q*%RiadXA>+_?N{5|i-NOZy-UF8&{nC_;B75OpjS}S>!8}(Eu*}VZ!x};ko zHzlA9(Q{0PsT^^jX-rlklWy%`lkyd%ZPl8NG1n)&efLB2=(bTwgHI8~UqO%J`Np3V zQ_6)Pwrl#sXHz|_Q@0#_gP$L{&$r`<{)8|R;+A*D##B;Om`-)j!Qs|}%{tRHj{)F^ zH0jvS+KK;geSHC;G_@Q$%)Qs3#PfO)x^Y3+4WRy!;xQwq7w77b*sy?}L;gFxqgOE3 zZitaJICA%N>pk4luK%#R4^G-^Otc5J!bi~syW(wODvfj9yRvn|<4V~IJehleD!MOZnO7V>X7%d)1O8Jbc!> z8$G$C{_K>NRI}MS6z9rzDXPi^jR~qs4A<(0?Ma&RbZ}}+E=88cmtw+wC}+{`+c74( zz}U(O3$f@F#d@CJd&Xz;b@-z{L5BjAa17u;tY=e8WuhENfu0ojM8I=}yeB2|LXY!7 z$UcNexG>g;D~5FfFnVk;VX+w*SHWW3mX0A|*E-I9KXu8MH<`7~U<77{+85v+Q1hmB zKFu@Hb@h#lgyj0|RpF4Czl&VW_HG6`sbS;Vd7+3&eaVza?wa(I#bulY?Hi34K@3R4 zrb;)2lOWE}aS(rP_e^RSvesW|ZJ0u%BN{E((Kp51%64k?w6+5~#bQBuQ~BB=fL~$L zS_`Kgrce#P0UE{Z%EdxcTc0yKk9ttF8aIoX!(bTe_C)RK@E}2?*wyL##}`b7Fl{LKEAD!5~eF%)=>UE1gVAG;wL{W);{q_o59m0KT!YYLfE=wxuf|*O;P@P5Nmi_dh z*!bPJNo{L--dN?+O+FJBPPZxA(g_lQk%d(K1?|2%?Sfqq(tWMjevxg5@qxU{bfOR< z&4N;oGv32YT?NgqY}7gU9y5?OOj_588B}Y5m#X|3RLI!I!NL}Y(ZZsERhheSb?w^H zRyBePf`|L8$Fyt4WEKlSt5#H2NCIcp1mhN2gNuYw1t~kNgaJaGM^z0YyU&LSR_a0W z#c&VI@5`Vbfb&<4c@TJy7(@?)cN$+d4gqeD|9$%W z`L`#f_}}MGkG~z_e?Q0b)yMzBLEJ?M@b%dRys3`@zCOEX4FopRK-^dx3#_B%mkI~I zKD+1}5p0?c0l`B+@DLFE2m*qy&o0)B3BEqN7{Y>wu;9M)tPX6@e;yfZ{@PJs@Z$@S z{m+xn79_h?jBL=_@gsFl9wyt+WSzLL4}hdDy`~4q#f+s)@~EQ9M$onh@sB)|wR-{m z7D2wQpd-iO4MD7rB8asM{d}Gu|nBXpDquuRVxgu@v^ z5z!@`@WgP3#cyztcF_zia70T*XC7VeMLa3d*laz$gd+v;s;Swgd#XKY|KE?V+Wdb%zH0aXHPb*uRO|nn#b3<- z_v5Pz)E9So|C)w__wV5SJ9z&-0`K3CuX=d@(sGx<|99~J?K{uvz=iH%EV%&>JXYr*FRm$k|>xU3B>YlF*L@C+_%4bK)XYlC-3;rYVe9UJ*+3>w47 z`>dn?3nHJ^sQ%rd|2uj9?8Wov<@(>p-~RKU|N9)zSE>IC58|e(zfw)ZT@hREGuV530k@pgPR2 zbsw!^JrZcsP0%>LkZj67b*T$aUBf_=MB|t&@y8r-bZeDB@(4QMt~wttJ;$}UIxG`5 zHQPJ&g`jFiKVA;VH%3<&g&IhKmk<+$hG-)W; zS_H?XY3OSQVStgw7$Q$OF%$p`4>XC#m>-`?4SX+HD?k;Z7^qn6sD^U^-cKFcB4fPy zj%r2BnF~M--JvK|P+-f!cSATW#2ss^4p|0Q-X5Z`EFKAdMgLV`lbTgHTG&oV2{Jtw zlK+e=v}dt`xkHrIJZyM#11O=wuMI|BUW>gw7JGXu+V%}=vDKr^!p;3M(oYOEbT@KS zY{S9XbjoCHfyELIb`3)u?0?%11#8L8MUy1qz`_BA<3BS@h2q$`IfcsFb%sP%tSvgB z(Jf2k4I(D0Xvr<{=$i%oWG6Eb@oKWtWwx4hqU#0ybcsWJFXGkrt6J+`7549{-AWM; zpZFrPn5@z6VP=hBwbkrApR~_Y0_!;dKltz!`xG(OSR@nfFMbq8J|rA&fZ@3-)n4tr zM8T+;x*&5;W(L1d^8Dl(*|&=)uT#zSid+jp-cmVZ2fm15e%TvFJtq69aDX~!zy(tw z7gU2v_S@$z*Q{A(3mc46T7QR2{WjQQUmy~<*$Ge1Tv@x%w#N=PIn3$_rlSitl7?_T`#w`Bk19e-e8ZgOjC`t1yy_T2S=XS1C3 zh2Uu@>gx5UrNrur{dl`Vmr|sHmaD+5VT8q|HJkgKh#8M)LL#x4*w}w_>ZVy5VQ?1& z2^u;{wUCOOzJEpb|M&lH+8IMGK3tOh|NifT-4b+I7xQc0fQN2jtfF~s5MwDQcb>;l z+K~P*2-ybZLZd~4eg>a1PsLI?NlOvPpq}&YA2wV3Hdj^K`MZK*qBRJlkIzt- z$IwRpLM0uD(G7yMZqaTZcUe7z6Gpm7OTaAa`hn=rIo zS$)4`5tN|a2Zoh8VDI{P*w3sU6|65yliD4u4TBp3mnx!!NC{O|(B-Ln*^JkBx&>{h zS}fo?c5;`tU4g;0KW(G1bAvGD#U$kps$!{A*DjiUHBl>YNHS&G&VJ@gKj=ouU#eWD z9c^t!lYIi?S9~T?%~E~6TK3{NU)OZ2byknCK?`vQrrpe+T9cj~b7Tf}`f*D>cp8a? z0in~9wun%bt@030XB%*~oj14LX>h^Q%|!m1enmwYPf<~}5LqLf#T1nRz=2yqAJn6Z zOzC0-iaqMxil>v~r_Wn$3{9A@^``sd)WwnIEsOFb93AtCt*$)##L=a~N|ttXDOqG_ z)STXNAxV~Mo)D@@!f36T27M0zjF7s|`VdERn$9rDhmvWgGwJ<$*5w&#ro}6!S=7g5 zbLtxh>0-R=ydViff0LW=3O40Wz?*qU_|&BoM9&k$6f#XFD{Hm})5IaTPG?#ysOAxE zPX4Dbbp^G)HZha@j>WlZ*Y2>&g&L<2KW#(?7@2Zd*bTpj)(K$35CGI#>2P&TBPJqc zheWa&m2qOoi!idat*>sEOky6R=7;Ms`9a*XyXH6s_#{_aNFMn)-lGE+P44MR0rW;O z?j96Nx0}^EQ`{UgP|6duL?C^i3Cmwi7`bIjZBuoDHxd!Dc|Lfa2^=Rib$3K z*Jc=%250zo>thRMi1~~u-N$+2m2Vj!2JHR|ai74&4E_^?|Ac=YqyI#~eWIL}sl_Lv zmEN>_N;r$0MZw$TZTiJ}KrktV><)Q0tuE-Sz+HjkI}Wg|2Sg@QgG%g>OYlO6v4w;ap#o#51IatIE zP6p!YRN(F5x%yrh3gP4}pV!J$N$RqD=AEjXr1!card7+rEC*?pQg-3; z*)GXK_# z^$z8#i8&eSbH#xB_%lZrtZqC8f!pwp)|Sdr01pTrK>>-QjFs4SZ2Hj_hK zg92KIfREd={}AUngxeCpt>6xLyl6=F?Z@bYi+bd6K-EXz6iCpxn8qG|!m}WsUUh5*)t~@gD!6!*1xwdkohEh6omu$;u+%k>W8Urx)ky5YakS zGdt=*4&6 z9UKzT=v7hQ(^pA(3pEP+(eUxhO)K9=po!>Ji;q(UIA^D8dOEf0$zY_w+X*xPrv_ekG~qGT zED%z{N^k9EBp4*Da>o^6pR}alo(GrcmaWK*PSiM}H--${M06ZUeY2I|Vm`SZG<}DM zgQr!(hrkQ6Q}if%Ofa^+1VHdAVJl^!DD@4{0Ql>ct+oRsPw{$P-SXuhndH;H67qSa zW367I)g_bIopeP71GjK@Dm(o&+U{J3q@`u1wB?Wc=cl@^^r~~Sgt5tfvo_V@-UGn? ze;&PYWMcGNPl`85CDpRzc@tw(=Y1T8b2-|yjhwKcDV-Ii1XT(ca?1v~Rx{)_l+KQQ z^bNW`+8Nki*OnMS_j`u!E~iN%?$2_!(LQ`*TmQOS)Xv_4c<$0EuH(hpe08cTT!Sla z>RTZ7*lJ{(jjZf4`k_@g!F;wvfvGcvtda=jUE4t9{4xT*R9}%J%I8DQx;R z1L}k1GoHTXs#g$IOLvDCD7XYGzOQ39P{?s*bNRL1r_dGgyQj|)hB zg`ze{p>VVbxWF?(Gb7KK4n7GpgEZt}=)PK|ntmetKGCsAXgULf%kp-11Tw|4Daq?+ z1McfjOR<)$-`KhBvSP!p9IL&fpH63e{KZeJy^49V_`+)CX}-!1+P0uzsfuVcZ{h{F z&tyg8_>WYsdh>v%Vf$LP*SyX>ADdLqVPvM61dESs0&%pBFmTy58DX3D1;V;E(vS!7>hFb0`Lw|uw<&bpc52_NFc^D; z3ZSNYT;8$Nj^DY$mc0ToB|lw%G(+`SWnI6*UafZuaS15Ri904GkL@_$moAG<%DmZz z!mQs&x?mR4>#euav$SG(-)|F}7Yu{EV(Du8mG&|3&=@lx(d432L%C*xshT+y0A@jf zHC3Ax+?H=Kw`RFaR!;Y7DR&!q8Z|NwJUuKi4-cPa!_Kw+9DH?s)t+X7-LW)hlmaUN zSKx`X8S0(7d){X;9w)TYk~Q#;CnB$2zyFVID9GHfWZ<>lUP+^6o;gDTpZsTxVV zNMf4-#4vwmE}(8lUZ&*M{rMR^u3n)-;DV)nln>`&`?{@OaLs4VhLWZCG;IzOX45H) z@>D7z2YpDcuHIt45OesE&L}+M)`hV#jS?XrRR)5DW@z2j^p+{IOlZVx3M_Le4k2L- zIO^e-L`o77(Zp<0liQ8y0#4gYDdG$-8S?62`d^8R+=J#m;kOK1#yP~A0FmBtDN=wb zz;MB%@B?raBC%K|Ofxu}1h`+G&YI?Vb@i4=hEakl2c*^W9{Nl(ToKwDTGw^EmSrs3 zr?yT7^Muip`>HH~hqZ`V}F8H)>cqm9-DHb2Q^@BOR78sX;V{euzKqWw}&DGn4)wr}b(P|xguo*4s zK~(bjrqKqGZj$d(G$=lKWR#2-{nrL5_bSLIXtgZ zEms#%6VMSB@Dr8(SYZ@flPYf8Lx0T{OChOTeZ7m&>Ku)eSJ?!ahF;#y*H@KpwW?O` zTfM?o4Xd#0z5^c>x?Hj}h(y1F{9+>?Am>$C_F8S2)5vhsED^L%+OMnYE8DnsnM?a_ zn$TIef@Tu>pzFHAK;nMuvW?57W=3@8J#ZQ)+R6n1_i2+C9v_Bi&{mCU)PrwpG-$y( zJbeR}jZ5~AE?SDwJYn8AJ)5?FoUI+QrK{|dTj=lFgM@! zc?Wmke#lc?reyzE-)kEZulBJ}K*RbfNBGJaL80i-B1<$)naG;ZNM&=-$E%pFa0$m9 zs4(Qjdj9k~axI$Nf8Wt`MK0ZraJUeXfkQM+B%|@lP1SE3*a^iqX%0onQDMyc{*2U-(m7#DtB55hS|`u1 zetyvrOkSH_{rn;i;%5c;DI@)~CxbCh3A`Zy6-!uz0Go2D%&7xLrLkC=U%Cw_X$MfN z*3=KxH%z%*iyF3RjlGqjsp)G{1E_2&OEVm()a1|QP$D<^Y-2}3OI6e$v+=M9RWUpo5-UP7^ zG3-SMHzb0a0jrq+_8@VcSR?TFsOQQ%l_L8Q(oFcFC*2T;wtRQ(BaPPaQ{g!fG zVf)F-Dp}9YUtJm?!Uca!aq3H|)b-n|Gr%2ZtS+fl5tm(*I|L}r3CK|ED}_iN@| zBpp>k5yx&X63izbQ%&;=h|$P(?dD z=~P${Sa4v5j;JPZ%@763lcoa-hG2^JTyTF76-05Js1a`O$n5V3zTT#c>>*n!mG#bR zdJc_?VW-t);*hNZ8Ngwe3+=a9f~C0@B5miSD+@pKo!XpLgq+dTmIR>5$F#AqnS0D3 zlM9xXt!><{fO}JiXL*LpiZ9D3Q{nA?+UZ6FW_#x=l_kMoqr7oqo<7s=z+_Hm+?b5bH zH|&>Qo??>Iz`z|Ht0d_O^{{>3;67AZ|aj3&eKP^kvb-0-L6H?qqM<8`PP( z3oI4`T4HP>vZNJdr=DNG;5np3N~A>DPA1(EzqGL^iadNf=i%XbjMuuFX%_#-HZ=gk zNwf0e)_WzQC4;Xjdsq9vW+l1kiS27Pyi&`4r3sJaYLL^e5Y-`VPqXqPFx!N;3-k9i z40HW~Efdst%HC?!oVrfd4L{rsMqs;0N>(5_Ku5zs!EmR!_nmBYYg z!fg0~Eka?1Hb#lIN2^tZj%w|mYORvr|4+U4sEzwk6x*XV`Uz^bM{VB|S8X4xt+-(9 z*Ne&dvJJ1yI3mV)CpYEE0SMurYcy(q~$=# zE#-yb!>12Z%1qhR&4W(X9*$;>RGXlx>D45BF!>vVw+1*}$CohK+V+l%GB! zi(TzEmR2H}c?o~?agx50x8z%9IKon8_2(-*N;o#b<#_Nf>iu-y2 z#(iV5DwdEBq#*xZP3u`T%7Z$g8n15Wi9LAQhCA(!KD$9ayDtThZ+oMEs-WSD;r$gA zvP!ipkmp=~biEy2Z%5bLDvhqURvKMz{{*hLg?Yib*Hp7^LmTFr`dx*~Kg0pIiogIQ znRtT@9o1CXw2W3rMi47%0_LMKI@}~vm4Q#sUU)*uHmDyme+bXAP0hxkF( z^R?2wm9mY6&pec&()>u_g8wm~6I}`X#HE%?<#G#5=W?rTeWy>a50P?K;*F@Dko?zXN zQ>?&bN~gaMs|MRP-<#O`>eQ*0YzaL zfuiKw&;6>?QHKobN<+uZK^g}{5odK2aZCO10VcIlQVa44sUOC`f#0!y0FV0cc*NID zLI>5rm~3gm=_1)HmQ&{>aXO(iXGU4C_AaR~-W|2HW&rpv8Y%}>hYvN#UGlXG zpGg)px?}#(6a_|2P=`gVAaTYp0Em?TZb~i$5m}a2wwj{pOT|4aoQETg136JpU!+x5{d1&}*9RbYB?r3b}fGhc!4x zxDP+=Lz8&QOHPxkv}DEBN4)jOX8~7so$PSu04Uv4USgE{&JB-!N0%f{6ByXp?Jc+r zFri|Js8a&2zr+QJXcBFbj$mGLWZ&}$SHgz)04Cq074z;%J?rjy;zQ2sJ|uj-W-+HF zlXK~&3QC^cHow$6D!>IKmPMxOY<-s#+3ZPo4bogO5Nu7E9plyDr!*?^Pz|byj2HgaUy4fFFvntg|h%?rX7F70e7HT&fgu z-+7Sr2q_HVn}b&+3>=(L5u$6p{He-q`v$0$caxNgk(=kalmqqpm#Dx{@EHUtGE?KMsS9~3@70k0 zkUOKs91GIg=Z*Zn*>()Ay`FQGB5qANk0Mb`!lO>PC!nQQ_@IBY1Ep7WLAY-I2aG)D zgEqet;4d}dJ4UWx@mIRmop;C6_yhUNU*L~C z*%UNUf6BcR&ilj%^56gS97|>KudEQ&kI$ZPO0$?vq$*UDte8bBT9jgjr~9+0h{dd) z6u;Hepp0@c-O+Ut^o`Tg)6;iv-oU@7r>D(--=3eIKRbK#=I!a(`}gN>&z_yWK7ae} z%`C^boy@kT288h z!Rt5D+$rfg|3K0WXvisDvk#;(5bGiOTrL6fn{do2XLj`j-?irRm#UbXOALaYa8drf z{j6en(o^5A0InuHg@w8CP_773CYK^uPI4N7?XcDB!*jWCVXL-hG|5-=42z3aY)$oo zm*p(IxW4-Jd~W^R+=Q)4Yqzz_Z=dRb->B0A%%xBDW!AdN=0eto5KS(~8}Ba4;15C-4?dlpRS1~;}J+5A*(4O21)6ry6ijk0vhijov8 z%9bhry((Midsx!`YiV&{C8jh%n+${Auc=gK;Y!#hHOj+?&rUUD$xA)wDC#bd0^{i|9075|d}3*wL)>KVRY0*>Kz!B8 zqAoL_mXt=uf)T~%HYHanxuk2BTvEXvyaS}9#Y74=tP9LFw3)f3D(RKZ(_hw7Fwa?J z&6}7BsZRk)#&9{XUa-|czbdPP>|SQ6!$q-y+tgXDx>ygwjqxWMn6~D>5v`E4QId(8 zW51%wF(S?SP$fJ5tnm%l86Jv~@hEZT%rJ9Sw;R77tJjYc6UrS7s-HITM+gQrnpb18 z(h&O(&uc`fqr-=qfZg`r+3R;_?;7^sn>T0Yqy6_7>4&uc+5>T46HsZM72!d{3T!@Z z8G@~vG;G1<^G7uYo3-z=2%GuMT?;N+=;l}@8s}NY<%|EQ3?hAzW7D|CapTJD`T&du z7T4y0+)H@mR~3fZtwpwx=F3c9ah$zqcH3`fqZvDzv9|O_Gxib8*yfTHV##(bV_g=6 z$z?ZZQNdi!8g?j{_8V2@s3uz{0-k{8>Y*cU#RvkXIkLX_Ja1bLUaKL%_sC@}#9Yut z!hXKFxqjW#-cLqW{T`CM&R#=}P0JKcZu>lj93DDd2egWRkEcti8f2T^9{Q>Ef;D&hPY;h`%gdFmWZ^NX*LKi(92=v4&`=@RG6DzdD+ya+T2zFCxFtBFhmL z2=@JY){p<6y*+FCf4zSHe#HMDCH;{2zcCQ^1^#b7&;OBEplXfySHHKQ{`#X0jK6yD zsNjB8(O^HX&vSxrm^ZE9@EZ2atPc4?M1}#u>6(>Nzf-rXfNH1Kpbg;BC@~0fhfK3F z5wjO%A|^_(Bgj62?6&krko^%r_G&2!LD#Fyp|Cnl^7OjM$}Gx~KJEGC#pmmD2ta?HC!R}rEZulQS5L^-tY#SWWKn^_g7Wc#U8K9- ztO(uI*{*K?#<$GfM5Exi`JVHIzF03{`5We9Gc|1MDt9aJn{ne^tywYodxed8`fF~T zM7kISpNyj-A$mf9qBzE96$jl0?1|Vfijeafm;x*%x7VIBe~bADYyg z%Ok8`Yx>=(D7U5drON5_fi{+Nyy~m02}e}{sz*d*O0F{@_##nP)Wrv)K63MUes+3d z{&i;k_1YB$!gzi@tuOh0%~IDT-wu(jc^WE~DrX}&eEQ_YViq|}JUB#A!M+@zLR@>^ za|ZUpt5>k9WVfJphgEVzq%%HAV%zLv1H-LE3<8?G5H)lHgDC`T(Rj_x>vBTZZrchyPI zZvgLBXwi^!juE_lB55H03(Xz~|MuPgegFRKw2A+|dp+X6kCJ{={8tUc1K{6zsZD$f z{e_=h;4gl$jr|H$&Z9!VP|G36FT5}%cC2<3ehFg0Ez0veN;035WI|34TFVIW`08 zS7?9^%+Vkrf&F5aZAgTG+KO%&Dep5}Fx7rS+a;$Y=C`0Amu@>I)pFf~A;wh34JXS9 z)@ekYN7UJt{)jq14(beROd#lt3s@lLY|iolKHNBZ8h+cb@SG4vqm}+?l_jwo?V#k2 z?Peyhl2cwZh+IXxDWnSo@YPqvSfXZ4O`IE-a6QsphD;y#MvYhb&>s(ArMD)NqhJV9 zRbf?SR+$~8%}Lh{Sp@_ZZ5kVOniviDf-;>90ZvDI-0O@E>~ptoz0jB^xObW|Iqdp$ zPj5d^Umw`ho&D_Z<<36t=wT)Gzp<1Ra>bUt6V{K`E6$!=>Ktb4T~Ns(y^M^!0X>Wy zz`A$wHLNz*ks;wpdzkLak>syft8!mxleZCmz)H%Ico3t>5Z?BSuQt@IXhR7#2-b~y zbx^JJa@Pd$*7R}K^zhZl?IPLw2w9u{#gNs#0H|l6@GCcNPo1@cAfRP~hSYxHmPhcZ zPJ{3t{I9+y8;k;V<3DfD&)>do#(#VN_U(xOJVyF4@t?*(+#3bLr*kZ)i3M2?+lY`| zhbAs$J$+ns$f|cJMx?S^7xe9dGQF+AaYC7WAQN(t=gE%TGrnAb0yozr!C6X@jK-4% zO=ud~tMi0>;Xv_N7W5X5Skszac;CDGDx!5EX2uPXsEB7TWLHn@{umLT5%IC5KO#Pl zf%sSpN)Ya2y%CE3tYLZK>9X(Ql+I^WqyAN`7KfQz?J?}E3k+qm8uC4@Ogr1JQajT1^!vvw-p%>%A&|kBI=9o=M92pQ7rGDFSuwaP*r0y`dWGs47m85) zB;X>Vy0VMoMovj(f2j3@3o<#gSl7uW1!i^cty9^Qha%?2YKAzF;ZSzFb*fUxJ;WaL z`>zn~!xC@M-4-o0wRi8~FXpJBRx#?B@mRZlLIx5@Anc!oj!Nx67cu!~B&P0psq+NP zPE0|lK-$SV+Ymq})$A}BmjJ-0G{~a4pkojyeelOoFI}+mo_QQHt2VFjRMCt-rP=kN z`+&Z?tCNDI2I~4C(ZL&Sk4^ZsCB)8V)&lMj;^B=f`IdeDIG~OALUqgd1U;$HY*RXy zq5iYNN3?~>bPxOd@ueWqiYIZwQsjyU9!PaCooBItK$|_B-569A5452)Z3j6d8YLT1 zvf}Exn_2qC{WeC?K&mUV%}O)xEK;^+N%nl6iIWLc5EeO1Yh#y8JqujqBrx_tTzY>WEc=DI{WrowJv4 zJ&bUb4jwGvsiJ}p(R%I07)9ua(hd}6r#%9LVA8QN>PS?<h+rP0bD+IePvhTYZhw87d5g>^wpoY;kve4u2 z{{{z%ViT>ZpPXEfc7k>aP!O<#;zkEqWO>>-zPH%3)6=!%eukX_SF@gjHcVaY&zJ%^ zpcUn>K9ub?cvS`a_h52W>U|bw069$LW!EGiq$O zIGf>ST}F>HMzAl{C?oU-2(W_8jT`n#9SA5MG^`Iw9^E-YDAlP+7$@`FBN=}ZNNXm-tba^L2>A;ipXiTwtpTB%T9jpXymM~1 z#BvF*xTJ!G4UtKBMTrXA@Q*a<>_KOhf4;f7mM^+Z1gLdDk)+bkqKFAOh!;DxlurbY z8M(N=5+}G#P(l8aZs{EA(7(Hds{1+4JlijW;%_{cpDVPLZvpIM9kM-2@ zW;irGKeVg`};&{Pw% zIV&e9shO@?-|jnHS`f8uu&n0rTF0oCBQ{79@}(4dX8zI7<3mKDgXq4jNd9ZZ;iD&JmY}E0))C<&ku^MolZK+{X z(AZ%8GA>Uy&))h+10k~x~t{~7Cog+8|X6W+f zB}BVd_zsl%#&NexoqxZ07*KsbI9)^L{v)u#Kzh&k?g7sq1UBCvFz;M3_?W*AfJ7b>_9so2IqVvgtLDm=tDIh1kVgZ zGQ%*;q3EU3D|#@Kc_frF5OE7bCilT4eGxg$^yp}0s8j+F$l=%{tZqFL z8Gt$tKorA9XCSQN-_$#i!@V)Xo(*LXS{RN9_KcJ+6mW0+uSRtI_(Cx9=R)_q5W@kO zU$=qTb)Vab@O6x_dsV5PTLM+xO_{qIbm--K+@}L|GTw}Esr|YgY9vkLnb%*k(b;8Y z0XHW|NB^syLyEJh!T(Z}M6`dEw+ alE*ZrF^%a@oBl5V0RR8dzR5KJmJk4>*?SxS literal 0 HcmV?d00001 diff --git a/enterprise/prometheus/10.0.0/ix_values.yaml b/enterprise/prometheus/10.0.0/ix_values.yaml new file mode 100644 index 00000000000..f11b3d82d13 --- /dev/null +++ b/enterprise/prometheus/10.0.0/ix_values.yaml @@ -0,0 +1,1368 @@ +image: + repository: tccr.io/truecharts/prometheus + tag: v2.45.0@sha256:cec12b4d0644b9fb5bf9cda2a7d930c56712a377ee2c1a046956398f5f80e176 + +thanosImage: + repository: tccr.io/truecharts/thanos + tag: 0.31.0@sha256:28282d3e63f84cdeeb05e965b173b610d5597997acc7ce75d5849207b0f97b28 + +alertmanagerImage: + repository: tccr.io/truecharts/alertmanager + tag: 0.25.0@sha256:6b534671b83aa7fbd91d1b10bf0f1b29b948e4b300f8359a86043d0deba07207 +manifestManager: + enabled: true +global: + labels: {} +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +service: + main: + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + main: + port: 10086 + targetPort: 9090 + protocol: http + alertmanager: + enabled: true + selectorLabels: + app.kubernetes.io/name: alertmanager + alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}' + ports: + alertmanager: + enabled: true + port: 10087 + targetPort: 9093 + protocol: http + thanos: + enabled: true + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + thanos: + enabled: true + port: 10901 + targetPort: 10901 + protocol: http + +ingress: + main: + enabled: false + alertmanager: + enabled: false + thanos: + enabled: false + +#### +## Operator Config +#### + +env: + PROMETHEUS_CONFIG_RELOADER: + configMapKeyRef: + name: prometheus-operator-config + key: prometheus-config-reloader + +podOptions: + automountServiceAccountToken: true + +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - alertmanagers.monitoring.coreos.com + - podmonitors.monitoring.coreos.com + - prometheuses.monitoring.coreos.com + - prometheusrules.monitoring.coreos.com + - servicemonitors.monitoring.coreos.com + - thanosrulers.monitoring.coreos.com + - probes.monitoring.coreos.com + resources: + - customresourcedefinitions + verbs: + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - "*" + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + - apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +securityContext: + readOnlyRootFilesystem: false + +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Redainess probe configuration + # @default -- See below + readiness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Startup probe configuration + # @default -- See below + startup: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + +operator: + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator + ## + enabled: false + ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param operator.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param operator.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + + ## Prometheus Configmap-reload image to use for reloading configmaps + ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/) + ## + prometheusConfigReloader: + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +#### +## Prometheus Config (Spawned by Operator) +#### + +## Deploy a Prometheus instance +## +prometheus: + ## @param prometheus.enabled Deploy Prometheus to the cluster + ## + enabled: true + ## Bitnami Prometheus image version + ## ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus/tags/ + ## @param prometheus.image.registry Prometheus image registry + ## @param prometheus.image.repository Prometheus image repository + ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended) + ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Service account for Prometheus to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus + ## + create: true + ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template + name: "" + ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount + ## annotations: + ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus + ## + annotations: {} + ## Prometheus pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param prometheus.podSecurityContext.enabled Enable security context + ## @param prometheus.podSecurityContext.runAsUser User ID for the container + ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.containerSecurityContext.enabled Enable container security context + ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem + ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + serviceMonitor: + ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself + ## + enabled: true + ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param prometheus.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param prometheus.externalUrl External URL used to access Prometheus + ## If not creating an ingress but still exposing the service some other way (like a proxy) + ## let Prometheus know what its external URL is so that it can properly create links + ## externalUrl: https://prometheus.example.com + ## + externalUrl: "" + ## @param prometheus.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param prometheus.affinity Prometheus Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param prometheus.tolerations Prometheus Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param prometheus.scrapeInterval Interval between consecutive scrapes + ## + scrapeInterval: "15s" + ## @param prometheus.evaluationInterval Interval between consecutive evaluations + ## + evaluationInterval: "30s" + ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback + ## + listenLocal: false + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + ## @param prometheus.enableFeatures Enable access to Prometheus disabled features. + ## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + ## + enableFeatures: [] + ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + alertingEndpoints: [] + ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name + ## + replicaExternalLabelNameClear: false + ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods + ## + secrets: [] + ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods + ## + configMaps: [] + ## @param prometheus.querySpec The query command line flags when starting Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + querySpec: {} + ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + ruleSelector: {} + ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## @param prometheus.matchLabels Matchlabels + ## + matchLabels: {} + ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + serviceMonitorNamespaceSelector: {} + ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + ## @param prometheus.probeSelector Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + ## @param prometheus.scrapeConfigSelector The scrapeConfigs to be selected for target discovery. + ## If {}, select all scrapeConfigs + ## + scrapeConfigSelector: {} + ## @param prometheus.scrapeConfigNamespaceSelector Namespaces to be selected for scrapeConfig discovery. + ## If {}, select all namespaces. + ## If nil, select own namespace. + scrapeConfigNamespaceSelector: {} + ## @param prometheus.retention Metrics retention days + ## + retention: 31d + ## @param prometheus.retentionSize Maximum size of metrics + ## + retentionSize: "" + ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction + ## + disableCompaction: false + ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy + ## + walCompression: false + ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + ## @param prometheus.replicaCount Number of Prometheus replicas desired + ## + replicaCount: 1 + ## @param prometheus.logLevel Log level for Prometheus + ## + logLevel: info + ## @param prometheus.logFormat Log format for Prometheus + ## + logFormat: logfmt + ## @param prometheus.podMetadata [object] Standard object's metadata + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + ## labels: + ## app: prometheus + ## k8s-app: prometheus + ## + labels: {} + annotations: {} + ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + ## remoteRead: + ## - url: http://remote1/read + ## + remoteRead: [] + ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + ## remoteWrite: + ## - url: http://remote1/push + ## + remoteWrite: [] + ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Prometheus persistence parameters + ## + persistence: + ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## + enabled: true + ## @param prometheus.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param prometheus.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param prometheus.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param prometheus.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param prometheus.containers Containers allows injecting additional containers + ## + containers: [] + ## @param prometheus.volumes Volumes allows configuration of additional volumes + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumes: [] + ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumeMounts: [] + ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance. + additionalPrometheusRules: [] + ## - name: custom-recording-rules + ## groups: + ## - name: sum_node_by_job + ## rules: + ## - record: job:kube_node_labels:sum + ## expr: sum(kube_node_labels) by (job) + ## - name: sum_prometheus_config_reload_by_pod + ## rules: + ## - record: job:prometheus_config_last_reload_successful:sum + ## expr: sum(prometheus_config_last_reload_successful) by (pod) + ## - name: custom-alerting-rules + ## groups: + ## - name: prometheus-config + ## rules: + ## - alert: PrometheusConfigurationReload + ## expr: prometheus_config_last_reload_successful > 0 + ## for: 1m + ## labels: + ## severity: error + ## annotations: + ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})" + ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - name: custom-node-exporter-alerting-rules + ## rules: + ## - alert: PhysicalComponentTooHot + ## expr: node_hwmon_temp_celsius > 75 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: "Physical component too hot (instance {{ $labels.instance }})" + ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - alert: NodeOvertemperatureAlarm + ## expr: node_hwmon_temp_alarm == 1 + ## for: 5m + ## labels: + ## severity: critical + ## annotations: + ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})" + ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs + ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs + ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs + ## + additionalScrapeConfigs: + enabled: false + type: external + external: + ## Name of the secret that Prometheus should use for the additional scrape configuration + ## + name: "" + ## Name of the key inside the secret to be used for the additional scrape configuration. + ## + key: "" + internal: + jobList: [] + ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart + ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration + ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration + ## + additionalScrapeConfigsExternal: + enabled: false + name: "" + key: "" + ## Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration + ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration + ## + additionalAlertRelabelConfigsExternal: + enabled: false + name: "" + key: "" + ## Thanos sidecar container configuration + ## + thanos: + ## @param prometheus.thanos.create Create a Thanos sidecar container + ## + create: false + ## Bitnami Thanos image + ## ref: https://hub.docker.com/r/tccr.io/truecharts/thanos/tags/ + ## @param prometheus.thanos.image.registry Thanos image registry + ## @param prometheus.thanos.image.repository Thanos image name + ## @param prometheus.thanos.image.tag Thanos image tag + ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy + ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Thanos Sidecar container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context + ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090" + ## + prometheusUrl: "" + ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container + ## extraArgs: + ## - --log.level=debug + ## - --tsdb.path=/data/ + ## + extraArgs: [] + ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md + ## objectStorageConfig: + ## secretName: thanos-objstore-config + ## secretKey: thanos.yaml + ## + objectStorageConfig: {} + ## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md + ## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container + ## extraVolumeMounts: + ## - name: my-secret-volume + ## mountPath: /etc/thanos/secrets/my-secret + ## + extraVolumeMounts: [] + ## Thanos sidecar container resource requests and limits. + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container + ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Thanos Sidecar Service + ## + service: + ## @param prometheus.thanos.service.type Kubernetes service type + ## + type: ClusterIP + ## @param prometheus.thanos.service.port Thanos service port + ## + port: 10901 + ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. + ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests. + ## + clusterIP: None + ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## e.g: + ## nodePort: 30901 + ## + nodePort: "" + ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service + ## + annotations: {} + ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container + ## extraPorts: + ## - name: http + ## port: 10902 + ## targetPort: http + ## protocol: tcp + ## + extraPorts: [] + ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web + ## + portName: main + +#### +## Alert Manager Config +#### + +## @section Alertmanager Parameters + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + ## @param alertmanager.enabled Deploy Alertmanager to the cluster + ## + enabled: true + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager + ## + create: true + ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template + name: "" + ## Prometheus Alertmanager pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param alertmanager.podSecurityContext.enabled Enable security context + ## @param alertmanager.podSecurityContext.runAsUser User ID for the container + ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus Alertmanager container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param alertmanager.containerSecurityContext.enabled Enable container security context + ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager + ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled + ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager + ## + enabled: true + ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param alertmanager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param alertmanager.externalUrl External URL used to access Alertmanager + ## e.g: + ## externalUrl: https://alertmanager.example.com + ## + externalUrl: "" + ## @param alertmanager.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param alertmanager.affinity Alertmanager Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Alertmanager configuration + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## @param alertmanager.config [object] Alertmanager configuration directive + ## @skip alertmanager.config.route.group_by + ## @skip alertmanager.config.route.routes + ## @skip alertmanager.config.receivers + ## + config: + global: + resolve_timeout: 5m + route: + group_by: + - job + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: "null" + routes: + - match: + alertname: Watchdog + receiver: "null" + receivers: + - name: "null" + ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. + ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` + ## It must contain: + ## alertmanager.yaml: + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting + ## + externalConfig: false + ## @param alertmanager.replicaCount Number of Alertmanager replicas desired + ## + replicaCount: 1 + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe + ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe + ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## @param alertmanager.logLevel Log level for Alertmanager + ## + logLevel: info + ## @param alertmanager.logFormat Log format for Alertmanager + ## + logFormat: logfmt + ## @param alertmanager.podMetadata [object] Standard object's metadata. + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + labels: {} + annotations: {} + ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods + ## + secrets: [] + ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods + ## + configMaps: [] + ## @param alertmanager.retention Metrics retention days + ## + retention: 240h + ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Alertmanager persistence parameters + ## + persistence: + ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## If you want to use this configuration make sure the storageSpec is not provided. + ## + enabled: true + ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param alertmanager.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes + ## + paused: false + ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback + ## + listenLocal: false + ## @param alertmanager.containers Containers allows injecting additional containers + ## + containers: [] + ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + volumes: [] + ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec + ## + volumeMounts: [] + ## @param alertmanager.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster + ## + additionalPeers: [] + ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web + ## + portName: alertmanager + ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} + ## + configNamespaceSelector: {} + ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} + ## + configSelector: {} + +#### +## Exporters +#### + +## @section Exporters + +## Exporters +## +exporters: + node-exporter: + ## @param exporters.node-exporter.enabled Enable node-exporter + ## + enabled: true + kube-state-metrics: + ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics + ## + enabled: true + +## @param kube-state-metrics [object] Node Exporter deployment configuration +## +kube-state-metrics: + serviceMonitor: + enabled: true + honorLabels: true + +## Component scraping for kubelet and kubelet hosted cAdvisor +## +kubelet: + ## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service + ## + enabled: true + ## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace` + ## + namespace: kube-system + serviceMonitor: + ## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS + ## + https: true + ## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubelet.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorMetricRelabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorRelabelings: [] +## Component scraping the kube-apiserver +## +kubeApiServer: + ## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service + ## + enabled: true + serviceMonitor: + ## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeApiServer.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping the kube-controller-manager +## +kubeControllerManager: + ## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service + ## + enabled: false + ## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed. + ## + namespace: kube-system + ## Service ports and selector information + ## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager + ## @param kubeControllerManager.service.port Listening port of the kube-controller-manager Service object + ## @param kubeControllerManager.service.targetPort Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on + ## @param kubeControllerManager.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + ## selector: + ## component: kube-controller-manager + ## + selector: {} + serviceMonitor: + ## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate + serverName: "" + ## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping kube scheduler +## +kubeScheduler: + ## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service + ## + enabled: false + ## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed. + ## + namespace: kube-system + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler + ## @param kubeScheduler.service.port Listening port of the kube scheduler Service object + ## @param kubeScheduler.service.targetPort Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on + ## @param kubeScheduler.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + ## selector: + ## component: kube-scheduler + ## + selector: {} + serviceMonitor: + ## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## + interval: "" + ## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate + ## + serverName: "" + ## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param kubeScheduler.serviceMonitor.relabelings Relabel configs + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping coreDns +## +coreDns: + ## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service + ## + enabled: true + ## @param coreDns.namespace Namespace where core dns service is deployed. + ## + namespace: kube-system + ## Create a ServiceMonitor to scrape coredns service + ## @param coreDns.service.enabled Whether or not to create a Service object for coredns + ## @param coreDns.service.port Listening port of the coredns Service object + ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on + ## @param coreDns.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 9153 + targetPort: 9153 + ## selector: + ## component: kube-dns + ## + selector: {} + serviceMonitor: + ## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion. + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion. + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping the kube-proxy +## +kubeProxy: + ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service + ## + enabled: false + +portal: + open: + enabled: true diff --git a/enterprise/prometheus/10.0.0/questions.yaml b/enterprise/prometheus/10.0.0/questions.yaml new file mode 100644 index 00000000000..4b9bc24ca7f --- /dev/null +++ b/enterprise/prometheus/10.0.0/questions.yaml @@ -0,0 +1,1353 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: operator + group: "App Configuration" + label: "Operator Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Operator" + schema: + type: string + default: "info" + + - variable: prometheus + group: "App Configuration" + label: "Prometheus Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Prometheus" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "31d" + - variable: retentionSize + label: "Max Retention Size" + description: "Maximum size of metrics" + schema: + type: string + default: "" + - variable: scrapeInterval + label: "Scrape interval" + description: "Interval between consecutive scrapes" + schema: + type: string + default: "15s" + - variable: evaluationInterval + label: "Evaluation interval" + description: "Interval between consecutive evaluations" + schema: + type: string + default: "30s" + - variable: disableCompaction + label: "Disable Compaction" + description: "Disable the compaction of the Prometheus TSDB" + schema: + type: boolean + default: false + - variable: walCompression + label: "WAL Compression" + description: "Enable compression of the write-ahead log using Snappy" + schema: + type: boolean + default: false + + - variable: exporters + group: "App Configuration" + label: "Exporter Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: node-exporter + label: "node-exporter" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + - variable: kube-state-metrics + label: "Kube-State-Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + + - variable: alertmanager + group: "App Configuration" + label: "Alertmanager Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Alertmanager" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "240h" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The serving the Prometheus WebUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10086 + required: true + - variable: alertmanager + label: "alertmanager Service" + description: "alertmanager service " + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: alertmanager + label: "alertmanager Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10087 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP diff --git a/enterprise/prometheus/10.0.0/templates/NOTES.txt b/enterprise/prometheus/10.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/prometheus/10.0.0/templates/_helpers.tpl b/enterprise/prometheus/10.0.0/templates/_helpers.tpl new file mode 100644 index 00000000000..1f44049ac4c --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/_helpers.tpl @@ -0,0 +1,210 @@ +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.fullname" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.name" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.operator.name" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.name" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.name" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with thanos */}} +{{- define "kube-prometheus.thanos.name" -}} +{{- printf "%s-thanos" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus.operator.fullname" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with thanos */}} +{{- define "kube-prometheus.thanos.fullname" -}} +{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}} +{{- end }} + +{{- define "kube-prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common Labels +*/}} +{{- define "kube-prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +{{- if .Values.global.labels }} +{{ toYaml .Values.global.labels }} +{{- end }} +{{- end -}} + +{{/* +Labels for operator +*/}} +{{- define "kube-prometheus.operator.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Labels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +Labels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +matchLabels for operator +*/}} +{{- define "kube-prometheus.operator.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +matchLabels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +matchLabels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +Return the proper Prometheus Operator image name +*/}} +{{- define "kube-prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Prometheus Operator Reloader image name +*/}} +{{- define "kube-prometheus.prometheusConfigReloader.image" -}} +{{- include "kube-prometheus.image" . -}} +{{- end -}} + +{{/* +Return the proper Prometheus Image name +*/}} +{{- define "kube-prometheus.prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Thanos Image name +*/}} +{{- define "kube-prometheus.prometheus.thanosImage" -}} +{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Alertmanager Image name +*/}} +{{- define "kube-prometheus.alertmanager.image" -}} +{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "kube-prometheus.imagePullSecrets" -}} +{{- end -}} + +{{/* +Create the name of the operator service account to use +*/}} +{{- define "kube-prometheus.operator.serviceAccountName" -}} +{{- if .Values.operator.serviceAccount.create -}} + {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.operator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the prometheus service account to use +*/}} +{{- define "kube-prometheus.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the alertmanager service account to use +*/}} +{{- define "kube-prometheus.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "kube-prometheus.validateValues" -}} +{{- $messages := list -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} diff --git a/enterprise/prometheus/10.0.0/templates/alertmanager/_alertmanager.tpl b/enterprise/prometheus/10.0.0/templates/alertmanager/_alertmanager.tpl new file mode 100644 index 00000000000..ed5e24e9da6 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/alertmanager/_alertmanager.tpl @@ -0,0 +1,174 @@ +{{- define "prometheus.alertmanager.alertmanager" -}} +{{- if .Values.alertmanager.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.alertmanager.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + {{- if .Values.alertmanager.image }} + image: {{ template "kube-prometheus.alertmanager.image" . }} + {{- end }} + listenLocal: {{ .Values.alertmanager.listenLocal }} + {{- if index .Values.alertmanager "externalUrl" }} + externalUrl: "{{ .Values.alertmanager.externalUrl }}" + {{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }} + externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }} + {{- end }} + portName: "{{ .Values.alertmanager.portName }}" + paused: {{ .Values.alertmanager.paused }} + logFormat: {{ .Values.alertmanager.logFormat }} + logLevel: {{ .Values.alertmanager.logLevel }} + retention: {{ .Values.alertmanager.retention }} + {{- if .Values.alertmanager.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }} + {{- end }} + resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }} + routePrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- if .Values.alertmanager.podSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }} + {{- else }} + {{- if .Values.alertmanager.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.alertmanager.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.alertmanager.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.alertmanager.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.alertmanager.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: alertmanager + {{- if .Values.alertmanager.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.alertmanager.livenessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.alertmanager.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.readinessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.priorityClassName }} + priorityClassName: {{ .Values.alertmanager.priorityClassName }} + {{- end }} + {{- if .Values.alertmanager.additionalPeers }} + additionalPeers: {{ .Values.alertmanager.additionalPeers }} + {{- end }} + {{- if .Values.alertmanager.configNamespaceSelector }} + alertmanagerConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configSelector }} + alertmanagerConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/alertmanager/secrets.yaml b/enterprise/prometheus/10.0.0/templates/alertmanager/secrets.yaml new file mode 100644 index 00000000000..9a6f518f35c --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/alertmanager/secrets.yaml @@ -0,0 +1,13 @@ +{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +data: + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/alertmanager/serviceaccount.yaml b/enterprise/prometheus/10.0.0/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 00000000000..a6f438889a2 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} + {{- if index .Values.alertmanager.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/alertmanager/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/alertmanager/servicemonitor.yaml new file mode 100644 index 00000000000..ef0e02d3875 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics + {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/common.yaml b/enterprise/prometheus/10.0.0/templates/common.yaml new file mode 100644 index 00000000000..61364503a70 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/common.yaml @@ -0,0 +1,13 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "prometheus.prometheus.prometheus" . }} +{{- include "prometheus.prometheus.additionalprometheusrules" . }} +{{- include "prometheus.prometheus.additionalscrapejobs" . }} +{{- include "prometheus.prometheus.servicemonitor" . }} + +{{- include "prometheus.alertmanager.alertmanager" . }} + + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/core-dns/service.yaml b/enterprise/prometheus/10.0.0/templates/exporters/core-dns/service.yaml new file mode 100644 index 00000000000..359c945de46 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/core-dns/service.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Values.coreDns.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/core-dns/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/exporters/core-dns/servicemonitor.yaml new file mode 100644 index 00000000000..8906b87f8e1 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + jobLabel: k8s-app + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns + namespaceSelector: + matchNames: + - {{ .Values.coreDns.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-apiserver/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-apiserver/servicemonitor.yaml new file mode 100644 index 00000000000..7cfbb53f379 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-apiserver/servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-apiserver + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: apiserver +spec: + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + namespaceSelector: + matchNames: + - default + endpoints: + - port: https + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/endpoints.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100644 index 00000000000..13aa60ebf66 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-controller-manager +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/service.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/service.yaml new file mode 100644 index 00000000000..6a455359832 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100644 index 00000000000..d3f56c49914 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeControllerManager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespaceSelector: + matchNames: + - {{ .Values.kubeControllerManager.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/endpoints.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100644 index 00000000000..dde3d8b9110 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-scheduler +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/service.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/service.yaml new file mode 100644 index 00000000000..aad5969f5fd --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100644 index 00000000000..7cbe29f86d7 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeScheduler.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespaceSelector: + matchNames: + - {{ .Values.kubeScheduler.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/exporters/kubelet/servicemonitor.yaml b/enterprise/prometheus/10.0.0/templates/exporters/kubelet/servicemonitor.yaml new file mode 100644 index 00000000000..b109d78c453 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,85 @@ +{{- if .Values.kubelet.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kubelet + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kubelet +spec: + jobLabel: k8s-app + selector: + matchLabels: + k8s-app: kubelet + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: https-metrics + path: /metrics/cadvisor + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- else }} + - port: http-metrics + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: http-metrics + path: /metrics/cadvisor + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/_additionalPrometheusRules.tpl b/enterprise/prometheus/10.0.0/templates/prometheus/_additionalPrometheusRules.tpl new file mode 100644 index 00000000000..121048d87ce --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/_additionalPrometheusRules.tpl @@ -0,0 +1,15 @@ +{{- define "prometheus.prometheus.additionalprometheusrules" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}} + {{- range .Values.prometheus.additionalPrometheusRules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "kube-prometheus.name" $ }}-{{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }} +spec: + groups: {{- toYaml .groups | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/_additionalScrapeJobs.tpl b/enterprise/prometheus/10.0.0/templates/prometheus/_additionalScrapeJobs.tpl new file mode 100644 index 00000000000..3c5f85140a4 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/_additionalScrapeJobs.tpl @@ -0,0 +1,13 @@ +{{- define "prometheus.prometheus.additionalscrapejobs" -}} +{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +data: + scrape-jobs.yaml: {{ include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/_prometheus.tpl b/enterprise/prometheus/10.0.0/templates/prometheus/_prometheus.tpl new file mode 100644 index 00000000000..2410c614c4b --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/_prometheus.tpl @@ -0,0 +1,362 @@ +{{- define "prometheus.prometheus.prometheus" -}} +{{- if .Values.prometheus.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheus.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + {{- if .Values.prometheus.serviceMonitorSelector }} + serviceMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorSelector }} + podMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.probeSelector }} + probeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }} + {{- else }} + probeSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigSelector }} + scrapeConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigSelector: {} + {{- end }} + alerting: + alertmanagers: + {{- if .Values.prometheus.alertingEndpoints }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }} + {{- else if .Values.alertmanager.enabled }} + - namespace: {{ .Release.Namespace }} + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + port: http + pathPrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- else }} + [] + {{- end }} + {{- if .Values.prometheus.image }} + image: {{ template "kube-prometheus.prometheus.image" . }} + {{- end }} + {{- if .Values.prometheus.externalLabels }} + externalLabels: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" + {{- else if .Values.prometheus.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}" + {{- end }} + {{- if .Values.prometheus.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" + {{- else if .Values.prometheus.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}" + {{- end }} + {{- if index .Values.prometheus "externalUrl" }} + externalUrl: "{{ .Values.prometheus.externalUrl }}" + {{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }} + externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }} + {{- end }} + paused: {{ .Values.prometheus.paused }} + logLevel: {{ .Values.prometheus.logLevel }} + logFormat: {{ .Values.prometheus.logFormat }} + listenLocal: {{ .Values.prometheus.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }} + {{- if .Values.prometheus.enableFeatures }} + enableFeatures: + {{- range .Values.prometheus.enableFeatures }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeInterval }} + {{- end }} + {{- if .Values.prometheus.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.evaluationInterval }} + {{- end }} + {{- if .Values.prometheus.resources }} + resources: {{- toYaml .Values.prometheus.resources | nindent 4 }} + {{- end }} + retention: {{ .Values.prometheus.retention }} + {{- if .Values.prometheus.retentionSize }} + retentionSize: {{ .Values.prometheus.retentionSize }} + {{- end }} + {{- if .Values.prometheus.disableCompaction }} + disableCompaction: {{ .Values.prometheus.disableCompaction }} + {{- end }} + {{- if .Values.prometheus.walCompression }} + walCompression: {{ .Values.prometheus.walCompression }} + {{- end }} + portName: "{{ .Values.prometheus.portName }}" + routePrefix: "{{ .Values.prometheus.routePrefix }}" + {{- if .Values.prometheus.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.probeNamespaceSelector }} + probeNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + probeNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigNamespaceSelector }} + scrapeConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.remoteRead }} + remoteRead: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.remoteWrite }} + remoteWrite: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.podSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.ruleNamespaceSelector }} + ruleNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + ruleNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.ruleSelector }} + ruleSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }} + {{- else }} + ruleSelector: {} + {{- end }} + {{- if .Values.prometheus.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }} + {{- else if .Values.prometheus.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.prometheus.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.prometheus.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.prometheus.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.querySpec }} + query: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + additionalScrapeConfigs: + {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }} + name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }} + key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }} + {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }} + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + key: scrape-jobs.yaml + {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }} + key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }} + additionalAlertRelabelConfigs: + name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }} + key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if .Values.prometheus.thanos.create }} + - name: thanos-sidecar + image: {{ template "kube-prometheus.prometheus.thanosImage" . }} + imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }} + args: + - sidecar + - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }} + - --grpc-address=0.0.0.0:10901 + - --http-address=0.0.0.0:10902 + - --tsdb.path=/prometheus/ + {{- if .Values.prometheus.thanos.objectStorageConfig }} + - --objstore.config=$(OBJSTORE_CONFIG) + {{- end }} + {{- if .Values.prometheus.thanos.extraArgs }} + {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }} + {{- end }} + {{- if .Values.prometheus.thanos.objectStorageConfig }} + env: + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }} + key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }} + {{- end }} + {{- if .Values.prometheus.thanos.resources }} + resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }} + {{- end }} + ports: + - name: thanos + containerPort: 10901 + protocol: TCP + - name: http + containerPort: 10902 + protocol: TCP + volumeMounts: + - mountPath: /prometheus + name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db + {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }} + subPath: prometheus-db + {{- end }} + {{- if .Values.prometheus.thanos.extraVolumeMounts }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }} + # yamllint disable rule:indentation + securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.prometheus.thanos.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.livenessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.thanos.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.readinessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: prometheus + {{- if .Values.prometheus.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.livenessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.readinessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.priorityClassName }} + priorityClassName: {{ .Values.prometheus.priorityClassName }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/_servicemonitor.tpl b/enterprise/prometheus/10.0.0/templates/prometheus/_servicemonitor.tpl new file mode 100644 index 00000000000..20744f2c924 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/_servicemonitor.tpl @@ -0,0 +1,29 @@ +{{- define "prometheus.prometheus.servicemonitor" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/clusterrole.yaml b/enterprise/prometheus/10.0.0/templates/prometheus/clusterrole.yaml new file mode 100644 index 00000000000..ae96e2d45f8 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/clusterrole.yaml @@ -0,0 +1,41 @@ +{{- if .Values.prometheus.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - extensions + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - "get" +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/clusterrolebinding.yaml b/enterprise/prometheus/10.0.0/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 00000000000..7ca10743f4a --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus.prometheus.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/templates/prometheus/serviceaccount.yaml b/enterprise/prometheus/10.0.0/templates/prometheus/serviceaccount.yaml new file mode 100644 index 00000000000..39539fc1191 --- /dev/null +++ b/enterprise/prometheus/10.0.0/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} + {{- if index .Values.prometheus.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/enterprise/prometheus/10.0.0/values.yaml b/enterprise/prometheus/10.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/traefik/19.0.0/CHANGELOG.md b/enterprise/traefik/19.0.0/CHANGELOG.md new file mode 100644 index 00000000000..fc07d64cdf8 --- /dev/null +++ b/enterprise/traefik/19.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [traefik-19.0.0](https://github.com/truecharts/charts/compare/traefik-18.1.1...traefik-19.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [traefik-18.1.1](https://github.com/truecharts/charts/compare/traefik-18.1.0...traefik-18.1.1) (2023-07-15) + +### Fix + +- actually render customheader middleware and cleanup middleware templates ([#10502](https://github.com/truecharts/charts/issues/10502)) + + + + +## [traefik-18.1.0](https://github.com/truecharts/charts/compare/traefik-18.0.18...traefik-18.1.0) (2023-07-15) + +### Feat + +- add customRequest/ResponseHeaders middlewares ([#10401](https://github.com/truecharts/charts/issues/10401)) + + + + +## [traefik-18.0.18](https://github.com/truecharts/charts/compare/traefik-18.0.17...traefik-18.0.18) (2023-06-28) + +### Chore + +- update helm general non-major ([#10000](https://github.com/truecharts/charts/issues/10000)) + + + + +## [traefik-18.0.17](https://github.com/truecharts/charts/compare/traefik-18.0.16...traefik-18.0.17) (2023-06-28) + +### Docs + +- fix title for install guide title ([#9874](https://github.com/truecharts/charts/issues/9874)) + + ### Fix + +- fix portalhook name ([#9958](https://github.com/truecharts/charts/issues/9958)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + diff --git a/enterprise/traefik/19.0.0/Chart.yaml b/enterprise/traefik/19.0.0/Chart.yaml new file mode 100644 index 00000000000..cdf2b350678 --- /dev/null +++ b/enterprise/traefik/19.0.0/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "2.10.1" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/charts/enterprise/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ +type: application +version: 19.0.0 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/traefik/19.0.0/LICENSE b/enterprise/traefik/19.0.0/LICENSE new file mode 100644 index 00000000000..4139714f204 --- /dev/null +++ b/enterprise/traefik/19.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Traefik" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/traefik/19.0.0/README.md b/enterprise/traefik/19.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/traefik/19.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/traefik/19.0.0/app-changelog.md b/enterprise/traefik/19.0.0/app-changelog.md new file mode 100644 index 00000000000..220b7de3dba --- /dev/null +++ b/enterprise/traefik/19.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [traefik-19.0.0](https://github.com/truecharts/charts/compare/traefik-18.1.1...traefik-19.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/traefik/19.0.0/app-readme.md b/enterprise/traefik/19.0.0/app-readme.md new file mode 100644 index 00000000000..02206fafcf4 --- /dev/null +++ b/enterprise/traefik/19.0.0/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/traefik/19.0.0/charts/common-13.2.0.tgz b/enterprise/traefik/19.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutes.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 00000000000..a13de5922e4 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,267 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutetcps.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 00000000000..37da83b3441 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,211 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressrouteudps.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 00000000000..2ba4dade6b7 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,98 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewares.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 00000000000..26cb51d2e6b --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,917 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the escaped certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewaretcps.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 00000000000..1f6eec94044 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_serverstransports.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 00000000000..afc03849651 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsoptions.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 00000000000..16ea46008ba --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsstores.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 00000000000..f6dfc6c8fb0 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.containo.us_traefikservices.yaml b/enterprise/traefik/19.0.0/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 00000000000..358fdc1eab5 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,381 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutes.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 00000000000..89aaee75952 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutetcps.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutetcps.yaml new file mode 100644 index 00000000000..82f61ac24f1 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_ingressrouteudps.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_ingressrouteudps.yaml new file mode 100644 index 00000000000..27c50185d08 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_middlewares.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_middlewares.yaml new file mode 100644 index 00000000000..5a4dc3640fa --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.io +spec: + group: traefik.io + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_middlewaretcps.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 00000000000..8623568f5b3 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_serverstransports.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_serverstransports.yaml new file mode 100644 index 00000000000..803b56395a4 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_tlsoptions.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_tlsoptions.yaml new file mode 100644 index 00000000000..b86fefe0e95 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.io +spec: + group: traefik.io + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_tlsstores.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_tlsstores.yaml new file mode 100644 index 00000000000..47b46854c8b --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.io +spec: + group: traefik.io + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/crds/traefik.io_traefikservices.yaml b/enterprise/traefik/19.0.0/crds/traefik.io_traefikservices.yaml new file mode 100644 index 00000000000..0f3475bda46 --- /dev/null +++ b/enterprise/traefik/19.0.0/crds/traefik.io_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.io +spec: + group: traefik.io + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/19.0.0/ix_values.yaml b/enterprise/traefik/19.0.0/ix_values.yaml new file mode 100644 index 00000000000..be9ab2af58e --- /dev/null +++ b/enterprise/traefik/19.0.0/ix_values.yaml @@ -0,0 +1,430 @@ +image: + repository: tccr.io/truecharts/traefik + tag: 2.10.1@sha256:049aece2d3e7eddabed1e2e4c4bd03ceba372d3b9f461386b262b6cb69369fcf + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + args: [] + probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Redainess probe configuration + # @default -- See below + readiness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Startup probe configuration + # @default -- See below + startup: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + +# -- Options for all pods +# Can be overruled per pod +podOptions: + automountServiceAccountToken: true + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: + [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: + [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: + {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: + {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: + {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + main: + enabled: false + type: servicemonitor + endpoints: + - port: metrics + path: /metrics + targetSelector: metrics + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: http + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: http + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 9443 + protocol: https + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: tcp + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: http + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + # udp: + # enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - middlewares + - middlewaretcps + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + customRequestHeaders: [] + # - name: customRequestHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + customResponseHeaders: [] + # - name: customResponseHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + themeParkVersion: v1.3.0 + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + realIPVersion: v1.0.3 + # Sets X-Real-Ip with an IP from the X-Forwarded-For or + # Cf-Connecting-Ip (If from Cloudflare) + # Evaluation of those headers will go from last to first + realIP: [] + # - name: realIPName + # -- The real IP will be the first one that is + # -- not included in any of the CIDRs passed here + # excludedNetworks: + # - 1.1.1.1/24 + addPrefix: [] + # - name: addPrefixName + # prefix: "/foo" + geoBlockVersion: v0.2.4 + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # blackListMode: false + # countries: + # - RU + +portalhook: + enabled: true + +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + +portal: + open: + enabled: true + path: /dashboard/ diff --git a/enterprise/traefik/19.0.0/questions.yaml b/enterprise/traefik/19.0.0/questions.yaml new file mode 100644 index 00000000000..2b51544e550 --- /dev/null +++ b/enterprise/traefik/19.0.0/questions.yaml @@ -0,0 +1,2728 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "$kubernetes-resource_configmap_tcportal-open_path" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: expertIngressClass + label: Expert Mode + group: App Configuration + description: | + Expert Mode contains settings like:
+ - IngressClass
+ schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ingressClass + label: "ingressClass" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: basicAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: users + label: Users + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + schema: + type: string + required: true + default: "" + - variable: forwardAuth + label: forwardAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: address + label: Address + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: trustForwardHeader + schema: + type: boolean + default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: authResponseHeadersRegex + schema: + type: string + default: "" + - variable: authResponseHeaders + label: authResponseHeaders + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: authRequestHeaders + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: customRequestHeaders + label: Custom Request Headers + schema: + type: list + default: [] + items: + - variable: customRequestHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: name + label: Header Name + description: Name of custom header to be added to requests, eg. X-Custom-Header + pattern: ^[a-zA-Z0-9_\-]*$ + schema: + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + required: true + default: "" + - variable: customResponseHeaders + label: Custom Response Headers + schema: + type: list + default: [] + items: + - variable: customResponseHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: name + label: Header Name + description: Name of custom header to be added to responses, eg. X-Custom-Header + pattern: ^[a-zA-Z0-9_\-]*$ + schema: + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + required: true + default: "" + - variable: chain + label: Chain + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: middlewares + label: Middlewares to Chain + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: redirectScheme + label: redirectScheme + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: scheme + label: Scheme + schema: + type: string + required: true + default: https + enum: + - value: https + description: https + - value: http + description: http + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: rateLimit + label: rateLimit + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: average + label: Average + schema: + type: int + required: true + default: 300 + - variable: burst + label: Burst + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: redirectRegex + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: string + required: true + default: "" + - variable: replacement + label: Replacement + schema: + type: string + required: true + default: "" + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: stripPrefixRegex + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: list + default: [] + items: + - variable: regexEntry + label: Regex + schema: + type: string + required: true + default: "" + - variable: ipWhiteList + label: ipWhiteList + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: Source Range + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: IP Strategy + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: Depth + schema: + type: int + required: true + - variable: excludedIPs + label: Excluded IPs + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: themePark + label: theme.park + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + default: "" + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + default: "" + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + default: "" + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: Addon + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + - variable: realIP + label: Real IP + schema: + type: list + default: [] + items: + - variable: realIPEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: excludedNetworks + label: Excluded Networks + schema: + type: list + default: [] + items: + - variable: excludedNetEntry + label: Excluded Network Entry + description: Network to exclude setting it to X-Real-Ip + schema: + type: string + required: true + default: "" + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: blackListMode + label: Blacklist Mode + description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked. + schema: + type: boolean + default: false + - variable: countries + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + label: Countries + schema: + type: list + default: [] + items: + - variable: countryEntry + label: Country + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: "" + - variable: addPrefix + label: Add Prefix + schema: + type: list + default: [] + items: + - variable: addPrefixEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: prefix + label: Prefix + schema: + type: string + required: true + default: "" + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "tcp" + enum: + - value: http + description: "HTTP" + - value: "https" + description: "HTTPS" + - value: tcp + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/traefik/19.0.0/templates/NOTES.txt b/enterprise/traefik/19.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/traefik/19.0.0/templates/_args.tpl b/enterprise/traefik/19.0.0/templates/_args.tpl new file mode 100644 index 00000000000..4478375d842 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_args.tpl @@ -0,0 +1,182 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }} + {{- $_ := set $config "protocol" "tcp" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.traefikMetrics }} + {{- if .Values.traefikMetrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}" + {{- end }} + {{- if .Values.traefikMetrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.traefikMetrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}" + {{- if or .Values.traefikMetrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.metrics.main.enabled }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if $.Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* theme.park */}} + {{- if .Values.middlewares.themePark }} + - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}" + {{- end }} + {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}" + {{- end }} + {{/* End of GeoBlock */}} + {{/* RealIP */}} + {{- if .Values.middlewares.realIP }} + - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip" + - "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}" + {{- end }} + {{/* End of RealIP */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/_helpers.tpl b/enterprise/traefik/19.0.0/templates/_helpers.tpl new file mode 100644 index 00000000000..1345dcea39a --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/_ingressclass.tpl b/enterprise/traefik/19.0.0/templates/_ingressclass.tpl new file mode 100644 index 00000000000..4213783865c --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if $.Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/enterprise/traefik/19.0.0/templates/_ingressroute.tpl b/enterprise/traefik/19.0.0/templates/_ingressroute.tpl new file mode 100644 index 00000000000..bf235761f80 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_ingressroute.tpl @@ -0,0 +1,34 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} + +{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}} +{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}} + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard + {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} + +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/_portalhook.tpl b/enterprise/traefik/19.0.0/templates/_portalhook.tpl new file mode 100644 index 00000000000..242555bdc92 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_portalhook.tpl @@ -0,0 +1,25 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled -}} + {{- $name := "portalhook" -}} + {{- if $.Values.ingressClass.enabled -}} + {{- $name = printf "portalhook-%v" .Release.Name -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }} + namespace: tc-system +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/_tlsoptions.tpl b/enterprise/traefik/19.0.0/templates/_tlsoptions.tpl new file mode 100644 index 00000000000..4194e513cd3 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/common.yaml b/enterprise/traefik/19.0.0/templates/common.yaml new file mode 100644 index 00000000000..d70a9887a47 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/common.yaml @@ -0,0 +1,23 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }} +{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + +{{- with .Values.ingress -}} + {{- with .main -}} + {{- if .enabled -}} + {{- $_ := set $.Values.portal.open.override "protocol" "https" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/addPrefix.yaml b/enterprise/traefik/19.0.0/templates/middlewares/addPrefix.yaml new file mode 100644 index 00000000000..cae53f113ea --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/addPrefix.yaml @@ -0,0 +1,12 @@ +{{- range $index, $middlewareData := .Values.middlewares.addPrefix }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + addPrefix: + prefix: {{ $middlewareData.prefix }} +{{- end }} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/19.0.0/templates/middlewares/basic-middleware.yaml new file mode 100644 index 00000000000..108b99499d3 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/basicauth.yaml b/enterprise/traefik/19.0.0/templates/middlewares/basicauth.yaml new file mode 100644 index 00000000000..dab1a486a62 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/basicauth.yaml @@ -0,0 +1,30 @@ +{{- range $index, $middlewareData := .Values.middlewares.basicAuth -}} + + {{- $users := list -}} + {{- range $index, $userdata := $middlewareData.users -}} + {{- $users = append $users (htpasswd $userdata.username $userdata.password) -}} + {{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%v-%v" $middlewareData.name "secret" }} + namespace: tc-system +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + basicAuth: + secret: {{ printf "%v-%v" $middlewareData.name "secret" }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/chain.yaml b/enterprise/traefik/19.0.0/templates/middlewares/chain.yaml new file mode 100644 index 00000000000..ec4c38100d7 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values -}} +{{- $namespace := "tc-system" -}} +{{- if $.Values.ingressClass.enabled -}} + {{- $namespace := (printf "tc-system-%s" .Release.Name) -}} +{{- end -}} + +{{- range $index, $middlewareData := .Values.middlewares.chain }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + {{- range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/customRequestHeaders.yaml b/enterprise/traefik/19.0.0/templates/middlewares/customRequestHeaders.yaml new file mode 100644 index 00000000000..e9c5b030fd6 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/customRequestHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customRequestHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + customRequestHeaders: + {{- range $index, $customRequestHeader := $middlewareData.headers }} + {{ $customRequestHeader.name }}: {{ $customRequestHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/customResponseHeaders.yaml b/enterprise/traefik/19.0.0/templates/middlewares/customResponseHeaders.yaml new file mode 100644 index 00000000000..c11e151a2d7 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/customResponseHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customResponseHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + customResponseHeaders: + {{- range $index, $customResponseHeader := $middlewareData.headers }} + {{ $customResponseHeader.name }}: {{ $customResponseHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/forwardauth.yaml b/enterprise/traefik/19.0.0/templates/middlewares/forwardauth.yaml new file mode 100644 index 00000000000..08ad72e5cca --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/forwardauth.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end -}} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end -}} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/geoblock.yaml b/enterprise/traefik/19.0.0/templates/middlewares/geoblock.yaml new file mode 100644 index 00000000000..ad78037f3cd --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/geoblock.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + blackListMode: {{ $middlewareData.blackListMode }} + {{- if not $middlewareData.countries -}} + {{- fail "You have to define at least one country..." -}} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/19.0.0/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 00000000000..fcb7de882a7 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,27 @@ +{{- range $index, $middlewareData := .Values.middlewares.ipWhiteList }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end -}} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/ratelimit.yaml b/enterprise/traefik/19.0.0/templates/middlewares/ratelimit.yaml new file mode 100644 index 00000000000..d1ded79a7d7 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/ratelimit.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.rateLimit }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/real-ip.yaml b/enterprise/traefik/19.0.0/templates/middlewares/real-ip.yaml new file mode 100644 index 00000000000..a0383c239c5 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/real-ip.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.realIP }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + traefik-real-ip: + excludednets: + {{- range $middlewareData.excludedNetworks }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/19.0.0/templates/middlewares/redirectScheme.yaml new file mode 100644 index 00000000000..21f45fa1ab4 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectScheme }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/redirectregex.yaml b/enterprise/traefik/19.0.0/templates/middlewares/redirectregex.yaml new file mode 100644 index 00000000000..ea6a64029a5 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/redirectregex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectRegex }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/19.0.0/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 00000000000..170f55df4e2 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/tc-chains.yaml b/enterprise/traefik/19.0.0/templates/middlewares/tc-chains.yaml new file mode 100644 index 00000000000..2548dc91521 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/tc-chains.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/tc-headers.yaml b/enterprise/traefik/19.0.0/templates/middlewares/tc-headers.yaml new file mode 100644 index 00000000000..437f49147e0 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/tc-headers.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/enterprise/traefik/19.0.0/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/19.0.0/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 00000000000..13547ff5166 --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/19.0.0/templates/middlewares/theme-park.yaml b/enterprise/traefik/19.0.0/templates/middlewares/theme-park.yaml new file mode 100644 index 00000000000..103d53c314a --- /dev/null +++ b/enterprise/traefik/19.0.0/templates/middlewares/theme-park.yaml @@ -0,0 +1,20 @@ +{{- range $index, $middlewareData := .Values.middlewares.themePark }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/19.0.0/values.yaml b/enterprise/traefik/19.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/vaultwarden/21.0.0/CHANGELOG.md b/enterprise/vaultwarden/21.0.0/CHANGELOG.md new file mode 100644 index 00000000000..b2324cd08ed --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [vaultwarden-21.0.0](https://github.com/truecharts/charts/compare/vaultwarden-20.2.0...vaultwarden-21.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [vaultwarden-20.2.0](https://github.com/truecharts/charts/compare/vaultwarden-20.1.0...vaultwarden-20.2.0) (2023-07-15) + +### Feat + +- push notification variables ([#10503](https://github.com/truecharts/charts/issues/10503)) + + + + +## [vaultwarden-20.1.0](https://github.com/truecharts/charts/compare/vaultwarden-20.0.34...vaultwarden-20.1.0) (2023-07-15) + +### Feat + +- remove redundant websocket service ([#10491](https://github.com/truecharts/charts/issues/10491)) + + + + +## [vaultwarden-20.0.34](https://github.com/truecharts/charts/compare/vaultwarden-20.0.33...vaultwarden-20.0.34) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [vaultwarden-20.0.33](https://github.com/truecharts/charts/compare/vaultwarden-20.0.32...vaultwarden-20.0.33) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [vaultwarden-20.0.32](https://github.com/truecharts/charts/compare/vaultwarden-20.0.31...vaultwarden-20.0.32) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + + + + +## [vaultwarden-20.0.31](https://github.com/truecharts/charts/compare/vaultwarden-20.0.30...vaultwarden-20.0.31) (2023-06-07) + +### Chore + +- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457)) + + + + +## [vaultwarden-20.0.30](https://github.com/truecharts/charts/compare/vaultwarden-20.0.29...vaultwarden-20.0.30) (2023-06-07) + +### Chore + +- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423)) + + + + +## [vaultwarden-20.0.29](https://github.com/truecharts/charts/compare/vaultwarden-20.0.28...vaultwarden-20.0.29) (2023-06-04) + +### Chore + +- update helm general non-major ([#9393](https://github.com/truecharts/charts/issues/9393)) + + ### Feat + +- hide advanced ingress options behind checbox ([#9203](https://github.com/truecharts/charts/issues/9203)) + + + + +## [vaultwarden-20.0.28](https://github.com/truecharts/charts/compare/vaultwarden-20.0.27...vaultwarden-20.0.28) (2023-05-27) + +### Chore + +- update helm general non-major ([#9197](https://github.com/truecharts/charts/issues/9197)) + + + diff --git a/enterprise/vaultwarden/21.0.0/Chart.yaml b/enterprise/vaultwarden/21.0.0/Chart.yaml new file mode 100644 index 00000000000..cc9655fdc3f --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +appVersion: "1.29.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +deprecated: false +description: Unofficial Bitwarden compatible server written in Rust +home: https://truecharts.org/charts/enterprise/vaultwarden +icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png +keywords: + - bitwarden + - bitwardenrs + - bitwarden_rs + - vaultwarden + - password + - rust +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: vaultwarden +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden + - https://github.com/dani-garcia/vaultwarden +type: application +version: 21.0.0 +annotations: + truecharts.org/catagories: | + - security + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/vaultwarden/21.0.0/LICENSE b/enterprise/vaultwarden/21.0.0/LICENSE new file mode 100644 index 00000000000..80e4ab93f92 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/vaultwarden/21.0.0/README.md b/enterprise/vaultwarden/21.0.0/README.md new file mode 100644 index 00000000000..f8a41e479fe --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/vaultwarden/21.0.0/app-changelog.md b/enterprise/vaultwarden/21.0.0/app-changelog.md new file mode 100644 index 00000000000..23c38d9b2bd --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [vaultwarden-21.0.0](https://github.com/truecharts/charts/compare/vaultwarden-20.2.0...vaultwarden-21.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/enterprise/vaultwarden/21.0.0/app-readme.md b/enterprise/vaultwarden/21.0.0/app-readme.md new file mode 100644 index 00000000000..08d9cc8b1dd --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/app-readme.md @@ -0,0 +1,8 @@ +Unofficial Bitwarden compatible server written in Rust + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/vaultwarden](https://truecharts.org/charts/enterprise/vaultwarden) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/vaultwarden/21.0.0/charts/common-13.2.0.tgz b/enterprise/vaultwarden/21.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/enterprise/vaultwarden/21.0.0/ix_values.yaml b/enterprise/vaultwarden/21.0.0/ix_values.yaml new file mode 100644 index 00000000000..47911f70ce2 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/ix_values.yaml @@ -0,0 +1,161 @@ +image: + repository: tccr.io/truecharts/vaultwarden + pullPolicy: IfNotPresent + tag: 1.29.0@sha256:df6f1c44282c46dfc276a0628000344100b41c0e4fcbdd2e904caeb24a057e71 +manifestManager: + enabled: true +service: + main: + ports: + main: + port: 10102 + targetPort: 8080 + +workload: + main: + podSpec: + containers: + main: + env: + DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" + DATABASE_URL: + secretKeyRef: + name: cnpg-main-urls + key: std + + envFrom: + - configMapRef: + name: vaultwardenconfig + - secretRef: + name: vaultwardensecret + +database: + # -- Database type, + # must be one of: 'sqlite', 'mysql' or 'postgresql'. + type: postgresql + # -- Enable DB Write-Ahead-Log for SQLite, + # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled + wal: true + ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). + # url: "" + ## Set the size of the database connection pool. + # maxConnections: 10 + ## Connection retries during startup, 0 for infinite. 1 second between retries. + # retries: 15 + +# Set Bitwarden_rs application variables +vaultwarden: + # -- Allow any user to sign-up + # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users + allowSignups: true + ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. + # signupDomains: + # - domain.tld + # -- Verify e-mail before login is enabled. + # SMTP must be enabled. + verifySignup: false + # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. + requireEmail: false + ## Maximum attempts before an email token is reset and a new email will need to be sent. + # emailAttempts: 3 + ## Email token validity in seconds. + # emailTokenExpiration: 600 + # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations + allowInvitation: true + # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display + ## Default organization name in invitation e-mails that are not coming from a specific organization. + # defaultInviteName: "" + showPasswordHint: true + # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting + enableWebVault: true + # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. + orgCreationUsers: all + ## Limit attachment disk usage per organization. + # attachmentLimitOrg: + ## Limit attachment disk usage per user. + # attachmentLimitUser: + ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. + # hibpApiKey: + + admin: + # Enable admin portal. + enabled: false + # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token + disableAdminToken: false + ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page + # token: + + # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration + smtp: + enabled: false + # SMTP hostname, required if SMTP is enabled. + host: "" + # SMTP sender e-mail address, required if SMTP is enabled. + from: "" + ## SMTP sender name, defaults to 'Bitwarden_RS'. + # fromName: "" + ## Enable SSL connection. + # ssl: true + ## SMTP port. Defaults to 25 without SSL, 587 with SSL. + # port: 587 + ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. + # authMechanism: Plain + ## Hostname to be sent for SMTP HELO. Defaults to pod name. + # heloName: "" + ## SMTP timeout. + # timeout: 15 + ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidHostname: false + ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidCertificate: false + ## SMTP username. + # user: "" + ## SMTP password. Required is user is specified, ignored if no user provided. + # password: "" + + ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication + yubico: + enabled: false + ## Yubico server. Defaults to YubiCloud. + # server: + ## Yubico ID and Secret Key. + # clientId: + # secretKey: + + ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host + push: + enabled: false + # installationId: + # installationKey: + + ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging + log: + # Log to file. + file: "" + # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". + level: "trace" + ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. + # timeFormat: "" + + icons: + # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. + disableDownload: false + ## Cache time-to-live for icons fetched. 0 means no purging. + # cache: 2592000 + ## Cache time-to-live for icons that were not available. 0 means no purging. + # cacheFailed: 259200 + +persistence: + data: + enabled: true + mountPath: "/data" + +cnpg: + main: + enabled: true + user: vaultwarden + database: vaultwarden + +portal: + open: + enabled: true diff --git a/enterprise/vaultwarden/21.0.0/questions.yaml b/enterprise/vaultwarden/21.0.0/questions.yaml new file mode 100644 index 00000000000..31e1eb13202 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/questions.yaml @@ -0,0 +1,2387 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + admin: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "/admin/" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: vaultwarden + label: "" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: yubico + label: "Yubico OTP authentication" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Yubico OTP authentication" + description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: server + label: "Yubico server" + description: "Defaults to YubiCloud" + schema: + type: string + default: "" + - variable: clientId + label: "Yubico ID" + schema: + type: string + default: "" + - variable: secretKey + label: "Yubico Secret Key" + schema: + type: string + default: "" + - variable: push + label: "Mobile Push Notifications" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Mobile Push Notifications" + description: "You must obtain and ID and Key here: https://bitwarden.com/host" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: installationId + label: "Installation ID" + schema: + type: string + default: "" + required: true + - variable: installationKey + label: "Installation Key" + schema: + type: string + default: "" + required: true + - variable: admin + label: "Admin Portal" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Admin Portal" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: disableAdminToken + label: "Make Accessible Without Password/Token" + schema: + type: boolean + default: false + - variable: token + label: "Admin Portal Password/Token" + description: "Will be automatically generated if not defined" + schema: + type: string + default: "" + - variable: icons + label: "Icon Download Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disableDownload + label: "Disable Icon Download" + description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" + schema: + type: boolean + default: false + - variable: cache + label: "Cache time-to-live" + description: "Cache time-to-live for icons fetched. 0 means no purging" + schema: + type: int + default: 2592000 + - variable: token + label: "Failed Downloads Cache time-to-live" + description: "Cache time-to-live for icons that were not available. 0 means no purging." + schema: + type: int + default: 2592000 + - variable: log + label: "Logging" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log level" + schema: + type: string + default: "info" + required: true + enum: + - value: "trace" + description: "trace" + - value: "debug" + description: "debug" + - value: "info" + description: "info" + - value: "warn" + description: "warn" + - value: "error" + description: "error" + - value: "off" + description: "off" + - variable: file + label: "Log-File Location" + schema: + type: string + default: "" + - variable: smtp + label: "SMTP Settings (Email)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable SMTP Support" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: "SMTP hostname" + schema: + type: string + required: true + default: "" + - variable: from + label: "SMTP sender e-mail address" + schema: + type: string + required: true + default: "" + - variable: fromName + label: "SMTP sender name" + schema: + type: string + required: true + default: "" + - variable: user + label: "SMTP username" + schema: + type: string + required: true + default: "" + - variable: password + label: "SMTP password" + description: "Required is user is specified, ignored if no user provided" + schema: + type: string + default: "" + - variable: ssl + label: "Enable SSL connection" + schema: + type: boolean + default: true + - variable: port + label: "SMTP port" + description: "Usually: 25 without SSL, 587 with SSL" + schema: + type: int + default: 587 + - variable: authMechanism + label: "SMTP Authentication Mechanisms" + description: "Comma-separated options: Plain, Login and Xoauth2" + schema: + type: string + default: "Plain" + - variable: heloName + label: "SMTP HELO - Hostname" + description: "Hostname to be sent for SMTP HELO. Defaults to pod name" + schema: + type: string + default: "" + - variable: timeout + label: "SMTP timeout" + schema: + type: int + default: 15 + - variable: invalidHostname + label: "Accept Invalid Hostname" + description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: invalidCertificate + label: "Accept Invalid Certificate" + description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: allowSignups + label: "Allow Signup" + description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" + schema: + type: boolean + default: true + - variable: allowInvitation + label: "Always allow Invitation" + description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" + schema: + type: boolean + default: true + - variable: defaultInviteName + label: "Default Invite Organisation Name" + description: "Default organization name in invitation e-mails that are not coming from a specific organization." + schema: + type: string + default: "" + - variable: showPasswordHint + label: "Show password hints" + description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" + schema: + type: boolean + default: true + - variable: signupwhitelistenable + label: "Enable Signup Whitelist" + description: "allowSignups is ignored if set" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: signupDomains + label: "Signup Whitelist Domains" + schema: + type: list + default: [] + items: + - variable: domain + label: "Domain" + schema: + type: string + default: "" + - variable: verifySignup + label: "Verifiy Signup" + description: "Verify e-mail before login is enabled. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: requireEmail + label: "Block Login if email fails" + description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: emailAttempts + label: "Email token reset attempts" + description: "Maximum attempts before an email token is reset and a new email will need to be sent" + schema: + type: int + default: 3 + - variable: emailTokenExpiration + label: "Email token validity in seconds" + schema: + type: int + default: 600 + - variable: enableWebVault + label: "Enable Webvault" + description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" + schema: + type: boolean + default: true + - variable: orgCreationUsers + label: "Limit Organisation Creation to (users)" + description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." + schema: + type: string + default: "all" + - variable: attachmentLimitOrg + label: "Limit Attachment Disk Usage per Organisation" + schema: + type: string + default: "" + - variable: attachmentLimitUser + label: "Limit Attachment Disk Usage per User" + schema: + type: string + default: "" + - variable: hibpApiKey + label: "HaveIBeenPwned API Key" + description: "Can be purchased at https://haveibeenpwned.com/API/Key" + schema: + type: string + default: "" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10102 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: data + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: cnpg + group: Postgresql + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walsize + label: Walsize + schema: + type: string + default: "256Gi" + - variable: pooler + label: "Pooler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: Monitoring + label: "Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/vaultwarden/21.0.0/templates/NOTES.txt b/enterprise/vaultwarden/21.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/vaultwarden/21.0.0/templates/_configmap.tpl b/enterprise/vaultwarden/21.0.0/templates/_configmap.tpl new file mode 100644 index 00000000000..a396837e5a4 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/templates/_configmap.tpl @@ -0,0 +1,111 @@ +{{/* Define the configmap */}} +{{- define "vaultwarden.configmap" -}} +enabled: true +data: + ROCKET_PORT: "8080" + SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }} + {{- if .Values.vaultwarden.signupDomains }} + SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }} + {{- end }} + {{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}} + SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }} + {{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}} + REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }} + {{- if .Values.vaultwarden.emailAttempts }} + EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }} + {{- end }} + {{- if .Values.vaultwarden.emailTokenExpiration }} + EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }} + {{- end }} + INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }} + {{- if .Values.vaultwarden.defaultInviteName }} + INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }} + {{- end }} + SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }} + WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }} + ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }} + {{- if .Values.vaultwarden.attachmentLimitOrg }} + ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }} + {{- end }} + {{- if .Values.vaultwarden.attachmentLimitUser }} + USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }} + {{- end }} + {{- if .Values.vaultwarden.hibpApiKey }} + HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }} + {{- end }} + {{- include "vaultwarden.dbTypeValid" . }} + {{- if .Values.database.retries }} + DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }} + {{- end }} + {{- if .Values.database.maxConnections }} + DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.smtp.enabled true }} + SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }} + SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }} + {{- if .Values.vaultwarden.smtp.fromName }} + SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.ssl }} + SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.port }} + SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.authMechanism }} + SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.heloName }} + HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.timeout }} + SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidHostname }} + SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidCertificate }} + SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }} + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.log.file }} + LOG_FILE: {{ .Values.vaultwarden.log.file | quote }} + {{- end }} + {{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }} + EXTENDED_LOGGING: "true" + {{- end }} + {{- if .Values.vaultwarden.log.level }} + {{- include "vaultwarden.logLevelValid" . }} + LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }} + {{- end }} + {{- if .Values.vaultwarden.log.timeFormat }} + LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.disableDownload }} + DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }} + {{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }} + ICON_CACHE_TTL: "0" + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.icons.cache }} + ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.cacheFailed }} + ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.admin.enabled true }} + {{- if eq .Values.vaultwarden.admin.disableAdminToken true }} + DISABLE_ADMIN_TOKEN: "true" + {{- end }} + {{- end }} + {{- if eq .Values.vaultwarden.yubico.enabled true }} + {{- if .Values.vaultwarden.yubico.server }} + YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }} + {{- end }} + {{- end }} + {{- if eq .Values.database.type "sqlite" }} + ENABLE_DB_WAL: {{ .Values.database.wal | quote }} + {{- else }} + ENABLE_DB_WAL: "false" + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/21.0.0/templates/_secrets.tpl b/enterprise/vaultwarden/21.0.0/templates/_secrets.tpl new file mode 100644 index 00000000000..262fcffa1b4 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/templates/_secrets.tpl @@ -0,0 +1,37 @@ +{{/* Define the secrets */}} +{{- define "vaultwarden.secrets" -}} + +{{- $adminToken := "" }} +{{- if eq .Values.vaultwarden.admin.enabled true }} +{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }} +{{- end -}} + +{{- $smtpUser := "" }} +{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }} +{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }} +{{- end -}} + +{{- $yubicoClientId := "" }} +{{- if eq .Values.vaultwarden.yubico.enabled true }} +{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }} +{{- end -}} +enabled: true +data: + placeholder: placeholdervalue + {{- if ne $adminToken "" }} + ADMIN_TOKEN: {{ $adminToken }} + {{- end }} + {{- if ne $smtpUser "" }} + SMTP_USERNAME: {{ $smtpUser }} + SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }} + {{- end }} + {{- if ne $yubicoClientId "" }} + YUBICO_CLIENT_ID: {{ $yubicoClientId }} + YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }} + {{- end }} + {{- if .Values.vaultwarden.push.enabled }} + PUSH_ENABLED: {{ .Values.vaultwarden.push.enabled | quote }} + PUSH_INSTALLATION_ID: {{ required "Installation ID required" .Values.vaultwarden.push.installationId | quote }} + PUSH_INSTALLATION_KEY: {{ required "Installation Key required" .Values.vaultwarden.push.installationKey | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/21.0.0/templates/_validate.tpl b/enterprise/vaultwarden/21.0.0/templates/_validate.tpl new file mode 100644 index 00000000000..e4832c2f6e5 --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/templates/_validate.tpl @@ -0,0 +1,17 @@ +{{/* +Ensure valid DB type is select, defaults to SQLite +*/}} +{{- define "vaultwarden.dbTypeValid" -}} +{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }} +{{- required "Invalid database type" nil }} +{{- end -}} +{{- end -}} + +{{/* +Ensure log type is valid +*/}} +{{- define "vaultwarden.logLevelValid" -}} +{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }} +{{- required "Invalid log level" nil }} +{{- end }} +{{- end }} diff --git a/enterprise/vaultwarden/21.0.0/templates/common.yaml b/enterprise/vaultwarden/21.0.0/templates/common.yaml new file mode 100644 index 00000000000..66c6adab5db --- /dev/null +++ b/enterprise/vaultwarden/21.0.0/templates/common.yaml @@ -0,0 +1,17 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for vaultwarden */}} +{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for vaultwarden */}} +{{- $secret := include "vaultwarden.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "vaultwardensecret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/vaultwarden/21.0.0/values.yaml b/enterprise/vaultwarden/21.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/cert-manager/1.0.0/CHANGELOG.md b/operators/cert-manager/1.0.0/CHANGELOG.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/cert-manager/1.0.0/Chart.yaml b/operators/cert-manager/1.0.0/Chart.yaml new file mode 100644 index 00000000000..9245413661e --- /dev/null +++ b/operators/cert-manager/1.0.0/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +appVersion: "latest" +deprecated: false +description: Cert-Manager is a kubernetes-aware certificate manager +home: https://truecharts.org/charts/operators/cert-manager +icon: https://truecharts.org/img/hotlink-ok/chart-icons/cert-manager.png +keywords: + - cert-manager + - certificates + - security +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 + - name: cert-manager + repository: https://charts.jetstack.io + version: v1.12.2 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: cert-manager +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/cert-manager + - https://github.com/cert-manager + - https://cert-manager.io/ +type: application +version: 1.0.0 +annotations: + truecharts.org/catagories: | + - operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/cert-manager/1.0.0/LICENSE b/operators/cert-manager/1.0.0/LICENSE new file mode 100644 index 00000000000..4dfe12ac30e --- /dev/null +++ b/operators/cert-manager/1.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/cert-manager/1.0.0/README.md b/operators/cert-manager/1.0.0/README.md new file mode 100644 index 00000000000..2af65573319 --- /dev/null +++ b/operators/cert-manager/1.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/cert-manager/1.0.0/app-changelog.md b/operators/cert-manager/1.0.0/app-changelog.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/cert-manager/1.0.0/app-readme.md b/operators/cert-manager/1.0.0/app-readme.md new file mode 100644 index 00000000000..512d4e01ad8 --- /dev/null +++ b/operators/cert-manager/1.0.0/app-readme.md @@ -0,0 +1,8 @@ +Cert-Manager is a kubernetes-aware certificate manager + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/cert-manager](https://truecharts.org/charts/operators/cert-manager) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/cert-manager/1.0.0/charts/cert-manager-v1.12.2.tgz b/operators/cert-manager/1.0.0/charts/cert-manager-v1.12.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..13d233c26dbad7c5725fb5d5897d0be259a88382 GIT binary patch literal 68114 zcmV)DK*7HsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwycH20T0F3Y7dJ6oU-D7)xmTdW!#5*&)ZadxM>BRA|ow@ex z7$PAFV-jEkpdC$5zsvV5-;;d@g$qH7k|sEUYC-4ruCB4YP! zjD_k=aGLzbI-kA0y}jeZL-==ZZ?F1q|L}PKKl+DS&DlGnE@5y~tC-;>+m@%%fqMXT-4nkNcI>eD0=Yt;QyO|(@Bm_%xf;NUYkz`}K zkfbB_J(--Ke{~Q-Xh_+Jh)htXPEdbufA8$ugR{MZgY(00501V$ebYbdzkbu--#^|v z?w=hWADw^OKX?N*bCH~&u~L~l+1(8h6NZux5*l^y$wZdE={JJ1QFniDzu(<^-QC~o zHtn@H%0?ZW(LWF&DQ73>q2Iw-7X0k>_j~)Dn8--bOu@@j^gEKIDAIcc4Y@$!XgXt_ zl424g3P6f@S{ifdM~6nbSyx5i$DXN{OClo96k%$93%l{rL9{n`z5jA=_$rED@5Qh8 zUL79q#mBFY_V$loACms7gIB|&;cmi59RAmpDNd4J#zvicGI``8mM5KVc`99WpASek zAtT=DqJ$_(SR^Ky>U5DxWJiDXpxXTHZ&1Itzu(*I?rnBbOqs%z5dqDT6w~CS)Ot54 z^1ma_M+q4To@Y`|wSy4D8jiDSbmk*VXS#Mr@?1m&hO^Y_JXDe4OYhkAKBb92;3Ow< z?F?W({XaU~+k07||A%{f{g(cJj^_nBCqtYk3Yo>9qG-L&3v@fC5>bgT`t#|#x7{HZ zDOQTaXh;*H3!IZE!GfR%EGQl%L?Xq}fS?RZNn%8q;%LHiffPxz1S=wYol(LEIMGb! z1-d3fA_$9!uE!ZcT%eQ-f+UFqQLedMH}*It3}tzeP&Ps|#Umo24MBzlLC~~GFrqu6 zd^hHi+*MfK%iV~xAsyv{bTb}zHF*V!va1{HLTlYj&d^>7Pis~p51nZ@UCk&@F!bvhgg9#MUvlBc?h>$(#=36fG2N~4g(d&Z7 z_yIt#JJL06XOzJ&w`lHnh#n})rQ)e?(5xpJ^-#v+TU&7#Q8p4p%G;o&)3bMP&c--N z2pf?bo;(ooyW88Vz5azM3k@MuUe~Hr04pmT_Uz(}cHz|v9HpdJE&b5%HR@Fl-z;J{ z;4`A-9vWdqZZZ-*ZG1IDn{GeiY08K;s zP?TU<+BQS8_T|OPc&umaYMtpymj<7;peF`6IswtlVA%;$A}8?T1v(v#1Q}`AoF%zb zL|k*b@xS+*55<Ch+kFwV+J#nO zXxI%b9G4xso-B`VNR;dOUh#xR6Ej1?G~tR*5Qw=(9+l)Y%T7hgMN$0)x*-Z6`9Q>g zOATy3ER#%hjoFCk*L$doj?p7kV|0uLL{DE=O}SLIKG9n<;iI?Yfg~qrU-yv^924;- zArXk27U1t6h!8X;(1Jz)nc=9ix~3)~wkiU;0`+}`6SM(xot#KTQlL`0_1iH)aV|g= zFf@p9*0t?Ln8h^KbQ?X=BteguDujoM2*d}HhzC6}Y+EvQ^kjqa=@CmPMcK##AR}Gx_*UP zbP!4@I}K~<7Hisr*FjMYqe?lzPeK9pG@5F1!x3hHSej~Yk>03>`rFVL7YL(_h=?$S zN5qJ6w#fd`e{FXhLj|+9;+7nN{u_=5(L3VG8l7y-+7_=TgDk-3SnuQ7?3f3pjuKC zB%ws=-Z2{FBQrW6J_CY=^dpFsWp38*^$$8PmQwFP?%O@yd#x*eki-qHM?NZnPsK?3 z`EMqLB0VS+~}rh-H&nIMg?1joIOE%co(18lTo_L8GaEKdiTYz|T6#1IR5N0y>7 ziE|BkEYW5rxMqHojW!Whh_i@vQvC6ZvnUsWFy)0AsR>c119GTFQ9&}zow%5spdWKQ z(Tw#UL`j9C`?3WkSXzxyf95%i#e7B>IYAisn3c878{e{hTlBcFr_K~hgOMYJfjh(` zOE^ffk|@J6G=4Y*!^pE2L&Uhncq(u8vcjViJx?qqp067U zhGIG*(qbETL&R*N>p)Rc-~`Dr-ak4%*&}-|_v1K@`@@&RSHtMl>%G@_Kf=eu<0JC& zI64~c#rwl(ICwQ6hc90r9AR>Bc=VFI8Vn*b*w^GoEd|<_)3n_Eh#9jyJp>HNmQZoRQI1PKkvb@o> zZUXD0)iJ8Zlp!iRFAQ)ETPi986dCX_gmcAHtgM>iR2Rz@3$t3U6Is#C4)HP&UhIx4 z^?{RwKT1$#0C$Fz5v?c+12d3NA}72I2(sM8s-~S6hz?82G_|U3g zMz|`}<1tCHVV)Qb)pnr~O2ZC0*kP?k8{=V2GQwiQq6ylP`M|v0?y&M??ch(N2>6~s z)r>@RsOjV5m;j@|ZjuO_f&nGBaPCZr@rE+#{@kRhjVP`G5bQPsBh9o-TYBEQwH<^_ zLsX&>VZ<<+Tsnz&m?sH*cgiF*$qHQ~P-1W#Q}<_Kp7#1FukfQyiEc_Tg4ROAwi6Fd zHTuE4POmOXn`8)V)HZ``JH461DwOdhMwEnl9Ckw~7rf>7ggIp+7_bIo{g^W>6piu( zgErTB(Xiz|8Z4)lk7-fb@cSKab8(xcylDkV`GYgVIEB)xt)8S93Xu?vb*9}wxqbi0 z^v)i7;i(|Ku+NEjAi_-V{PJe6k8VgZL}z0X-9u5bK;3pG9$5Tc9HnG8W^%8;`@*u4 zE-Sj}4!P*U=dL8lup2=)H8PV_LXQwsxv^H?^d88#Pz61Rav|x1B^7oSCAw+1ZVWtO3t%2gCY~zQcd9}6K!kxeNc%6)8@&vkk8(h26v22R?3y$1 z)__0&2taLoPf)^{?mo`JOcdd0teeV+7;=#oB)oPwvuFCAC6fRPPKyl|Y3MU8sWJi> zTF7C#|B?a9Z#y)gnwx{gk|RlgFQ7uMHtmRV7 zy)p2EmxL1|#TeYzGI~s<5%;Z;dSTJwizkBodKb&57v?c^H)d|{^Jhj66 zrq;jQA&MiYu63tUMOl7=`g^I`U&>3fnd{mvMT5hFn5MGgw zYPaLw*d9O_&e^HFW>5J#!F^t^|Fc2^o<$GQx>9TR1~kgfl##300Ix1B6)c%>30wr*Gfd zrN*(|uNs2i(u5fEQ6NgxfVk6n;7OhmvqS8UcbXg7H>)#!bPfV&szu}%RvOhmPAhEx zDP3IgSWC4TkEdGAcpR8zOPw@n*|O%&3ny?j9QFdaW4hfLgVf4`WrlJ`GZQVg(qVBH zfRQa!ruA#$vB1#5~26Y3#q|xgzN3pojjbHQFIJaygX1OWE;I!h3$LE(fcV!cWvv(Aevr34D^CK7cJ%bD9OgcqvcJDBis4!G9Z_4&yPo0mCg9dh?a(0+%P68Rj259SfG5F-<)ow%VJ~ z?Jh&9y7c9H%HsMj-wB>)M)Jr6Pqk8!%aWzb6HP#@lrw4vT5CHm8oAJl5R2fr!jMy- zvsjFXy5d5epx1|c`=%0B;}f)-5+!J4jQP%(YOJjKjf@1&$Sq9?&(#S!u&+zfHL4N+ z5gK#Gh1(Hc>M%^3$ja%Zr@lrvy}iBq`_=XPKm8dI_CN(^n%ERItl8=BncyEaV(1?y zySwJ+tG!oy8_qCQDk7)KFzyQU_h0t*dV9V8PQoLcXqgj)q!6!9heOKLWJm8^i}&$= zgXGibV8ttHL9s5*=<3MqFsR5(p{=uU#33bDQFph*SpOx+uje8o&9N>Fr=VnEXfm`JQO$lJnjG z3oru;o{+EzLOjy|;Nk>bu<{pUu{{_FJ$IseQ)>Cg&4OZutC&XwW@>8vl@?FeZ zqoS0Z(0tewKzZ|HjuZRVii8#b=AAiyIYF1)t|{q+eOVqq12`E^_-JyIY02V@GpPio zOnpL7nGPj%82Jw818&A39T-#m@#da9o}hgT5my5o;@pp3dElCd+TvP^{=g(wR1T>* zByf;CWs^rdvE_ie72LrgC2Rmo(E?1xSyt(idLmqMZkkuci>@c3?SD2z>|(#A4}=jZ zuLL(zF$fvO@pC8}JCWLI&}Gr9*Ll%-fzFLC1RAC{Q4UCq)*NsYOBen*Ncdp))!y;oV6XpjFFNkygI7Zm z$47@z^qR!vFp7`&UmoE;jt>UAQEIjhj?-P7WxKhe$*$B)G|G4kKV@&kU%cHv?04Vp zA0Bm*aNae?Vw!zZMR9UY5BF*|8Q~krlg~T!GSvKqd8BM z=-2(dy}h0XJe9!#K+YnbYJru+Fh4NiYg*}`=p4r2Sc0=iFBBRH9OuST58xY<09o`j z>y{p6SSsW&r8f&`8bd0l_p{IMYftd&&hTfR;)9P}jqz#PcHASFI?}cXm3%b-Y=C|o3ENpL|W+CU<-TGbK6|S(uHL%3Zvc)Zb#O44QnA(ipV5YHc^**kQCt|&|ZS`iILCg@LdQ;o#t-s6l zcQ&f!fv{KR6jxA$FYqYD8`i~8Vu9N#`3HdcbJAl^0VAYWv)eYom$#Hbb#wjz5 znKs+NPG#!WG+itK{tASHRs|tF! zx9PBM1>hD17Rnf@#$2jPqF_cTkBxoG-tRN!d{`*3x-tZ=C5AM|;ZnGzLR&JA#t2Jv z`o|me=KGs%<9uZ$k)Z-8uJptweS2?onyxVd_I`vQJMSQ5Dtl2&Av)2yHK zOo_(kpjeYl=j_`nIMywgNu2-lmGQ>pIQ|AFm__>4N!cG=n#)91d-DUQEQX*=Gi_=w@H#Bj zE!hGK?z&m00_XKJ6g(|#4>bEG;nBT&0lb^W;sou%3H9Et5#mXy35|NPXd?sK@@mhw zkqNGN#FG2n1tm# zn*94FV5c1)9v<{6ogXinjN(f{x`R;YRpow#ZdDPc>>pk&sd{isU88!Yrr2T@tu^-R zwZ_)2Vr!5komC8e0Wd$MQ8wsipyp<$|;Iu9v0$wL$j--x&R znGM_Z<$mL|l{K0Bp0h>i>=a#8uwu%pw2}>|1n19S1`7IXEkUg%=$To9Rx;Qu<1Oy7 zzo8B3IT(W$3A{K;iG*M-C#zDSqKVH#g@XQCDpXH}oF9wALgg9GsJW8{fvDiJaK@$T z+KaZxm=qvN0H$ind#m#T5f*1$b3Y@cMm!~jn9;NM^nD*R%@SgrW(=*sp*Hw?KIl3- z2NndGT?KJHh#YrbAW35qX-pUVBXzM4rlRkd_)D4K13XA3g~fzPbMj~`pOelDZ*Vdl zxu{xz2*2lpO$qL4=)I=9kJLIxTG*KL%@j}I91HOr?#!6Ge7e~0`2aEU06GF(Smt`} za5X#dv=G(u6?MLDJ#wwL(0;*+ z7l;?;Ko?MNQ%^loiQW4+qnl2bDf~uHP(L+Q^==v9=$;RUZ)r+3+YEo6pu<&kt}3ej zo)0<*{eurq%Mn@;8j~dL$?-0@LX>FW)aULap`)=nK^y&z>5t}yb~m#^o{2Nmg-;+r zQOt1H6& zm6Q`NNm&d5;U2;htUpfqN`+T9Nq>=gP%)6KGZ{OVX)JL_B zJ{IMF=!GxDuR>3uOK(B1&zQLgWl=^f)6- zZ3f8+x>Dg0giEB*!gjCIc?a=RnTcBtuHHsPj_D9?4=Yf)rRJull5w^Mf0v3Qc-paH z8izb*;Pu3Fq1A~zCCo6clTK%e_*9+Fw_H>QH`Q}B2vj*H7u+z^i`5CjY#Fv>!&-*{ zzagL#MhSSd7{|Ih>;BP|W18M|mYPm3@rdl&26kIc@^w8k=>Olfo=b%6sqE>gAm-Em z{{B(Fn*Zmxf6(TC_$<#)KkfbsJ<#+7Nb!&+M3chbq#7*In4F+r?f(38N0;in`Iwmt z?PcA=M(niZx-RbwRDk{q&Pxm@UepB#&n!P;YxyqcE2$a4XGk*grNJ zH8K-|?!J)cCI(7Ph{!w4OxOgycKZD$&azDq#x`~F%|IjGbXOtt50@LN6Y(^|ioywk zF)5l{4ST)UfsYiD*2Y@1H=Uz(c}qGRv|qm}@^dkC!HP{Ie$Sfw{>J*FN;XUr9zYM? zj&>%Prm5F|>iw6J_|lSP4DxEs)j-qaUwM0aW?wY{j_)ksg1#%7YBz`gKO zQ=!10X3d1CXn6)LDhjmZC;-+cq)7XXC{nmCPa#TckVXoqG^7nPYcvx}>Q*735VKof zjYu?XZzi3no_T(1Vo^2SubE<0nx8>7Dy3T5Q3cxTR^ku0?6+TVXnz_{)(UaLL z6KXp1`&m)*S)$QJx@3TxaD&iAe3J%0OTo8*Sk&=1{q?eTKRdNJ)Y{G8&V>Ijm(~nz z{Qo!5#@{zqz#*5%vYaFe$FT`#2v;ASk$HOfh6b9pr$bHp9J{p#5dT6y=3IGj(;*^1 zqAkC4W0Ir+N6;YWV%xp1?a$r??hYoVOJ`7UC%8ZV+;L~d0Cy-=Z1Z9%dUZGuYyp$w zv=`=aghEL1KjSo+S1xS1c0qhj9CQ2}<`lKgfR!va)(yZc2^?Lxl&{nz8?bkeNs^X` ztm%XrZ0!`Of()&u(mNNJd$6+_2x)Ss1D?GjqBH}5lN8Lr3pOFCODP2H#8gH(B#|8x zK{_=Krn;E}`C&N8|C(C?V&pTRA}lqeiy zg-?9;_7c&o)eI19z98XMsmhEUYin8m7UN};Wiz`gbyXMWc&G&GK0>;>*b~qS#oGC#jG|CT2EV()mCM>b(sfkcX{4U)?KAv4!X$eo)${MZbGPx z?Mq_(Iv~6%jF-j!MmykD*#5kg@xIH|3N=eI)u>;X2E9yevl*_8O?t2N?Y15KJ*9X7 z>;v2Me0xu?+zTC|F_zzxNzJU##yro(jbN5@9USXP#JoB)0a3FER&1V1UtUzH$!xBN z6zUW!ta#;$Pf@A%?$1ig9$cjfu%}ya)==GpV};Ts>cw*~4)FobJI{W!;ba2uncw~S zXWgU!4M!bb@-?5FV?NR^p#E0Rc(8BlLg;^WG3)hiia2HbBv8cvb6WlDDLg_y|BQkj zH!5>1!OhR)DsXkL$3rOAD_r8sjbJg7CzYP2bvu{3y9K{_WV$rPy9aO$(}5|(E(ljP0=)BY1z zrLeS=suY*NKFcUVFaC0^l7IhN#xidl;ia{r#`IOTIsMOLg!8&~SKtD9#OI#+L|q2A z?1~Dd3`^_ixW4BZ(OklD%uHDHiNIkmmK25EO_S9+4F3GmrjcL7v)KNZ@i_L;%LWj= zY)M1lqWd35FOMqrzx|i}m#zKpb3C){e>G9-X4wSIWxB#Dcr{(MH4lDH^Pn>teD#*M z1*W$;94$pegf7b=6+!=>Hoq<1O*zh@>8KK=v9_z{#o-#zf0=b{TwcKwvce(I!ux+O zEB8P4`!A10Ub*Xb>cpk*BeU_*H1Il8`M$52)MfCsRv zbI&bTQ3YG>Gw*3c|5tVVvd;qgzkhsKq5u7thy7Om|18hvp#R=HG$0BGHllLvl?nbY zo!HlSn%KCa-cg|k>6j}$+ay;u_^1)<(WZ%vxN8sOH=8$SYXr@mp!(*TqEjx(X_lRe zv^ZA6S%&rRVkjD?8cj@?c&g>0G-|JYX0`3r_{(K3-f56;XK^4@JBPC{8Y=qh-%P3p z<0}ENUWer*Ul55n&9pA3l8I}jQ#zIDqD>Q6<{i#9&2N%sYI076{h0}FVhr2gl0=BFj^y*@>K5dkFd2w}CesOhiUc7*~tREy1EO}b ze3AgLfd9YTfBCY?|Bnt@{{LB?C-8qj410^~Ng7|v`JZO(({v@Y_ia?-bZz|25Td~J zw-Lr=v)`@N@2?vpqBeHWMnWb0`-oLEhBB3I>e@A|Vy#V*2f}8yXz)+}l|w!<{Z}@t zb)Ux3dNPKXS=V!s>(53bD1~m5x-XX_u)aVOC^Q^;MjH;=rZS~b!-Z|!Kl!K#)6kQ1 zdNEu>iW9N**=*D6rYh#tm-Z7F3q}Dg6N#z zUd0tcpNmm#lLu~^rUvCT5&o{lcBiP7df6a0b18{2=g1$`q9 zt6h=cgURD6mCy?H@|~U&M(1{E3aqcgYl7p+oc`eZa@}Pl>Y0=}*JKErY^qh8@@MI0 zb4f&PgBIKQl5IAEOiHB0qv<|xst|L5M@~?GsbTor@-7+OElr73IL(4)Vj?3!GvhIG zRxM}}WGnwukj&(GbSeF`5JZH@1^sBk{!xiIX#MCBOP7AIhc1+h?>EY^z)ab+O*Ydo zWoV4Ej4;_XdGu@+C>#kcC6Xk=nie9Sxy#W#be2%Ul!R>5E^wgDzM162b?L`!0u^3= zdv5Yc830k z+?nB-!Oj2())Vc@F<0I=x`R@JnZ`e=inWyhD>h09g1qct($q-lKxy(ShH!-Zm7pDI z92BGr30F6!7Th3n@LD%X1&Pbi5V{avskCi1u7Y1`FT7ViAq0 zB9Y1k*~J;{!eE)%^J)CTGwjU@_-ZL4a#GG*SZguI;G3y#Gxbi9yX!YMw?!Vgkk%EL zSO8lCin5`mkGdpmT-^#`u|ZPUzCgsZB$Dba;)Expcn_U<^fc!Rnv61ZhEtN9X@T)m zgBnuVbv5{!1G^e+Zoy_MMJN872#Awsi+eBNmM|vosL!t@Wb`2nU2twg4s`<*J1&ZxQo*rUMD zbPlx5A!7k zJUcZ)j*}zcL{;2-Sa@jyq)uv1{=*Mig465+q+>(n4LdP>*6cyMbD^hlK2Av1JSON) zw+W5iAxM+y88wyQyL|_5<=t$M4>(T5<@*@cH9Nn4z?zGr3mBiI2wHVO{!fd(*Bjif`cX0rW{q+T?OHsJX*70z{!sd^ViCH7F!*VvCMyuf*$fnUdrQryd7KhCdN+$w zPLn)0XOA2MqPG}8NPtRJH#M}Frqs)hwF3bW^3#n26w)T+xD2v#ta%)k1~w95uHL-s z5*Bg24L%<2y{@H+0Z|+5N{X=~`h#tK6w=;n9t zKfFEHE9($}GD&0Oi*$B#4U#`P4@px@M^xbimKG$pjQYQYd7K^F;P2QNtb=qusGelU*^4 zj`m;ey^z+U?69}r>-P>;sMFs^KQQzM7>^&QO~#>D1M6`m34fF)=!Xrvm44XRK|gFv z0o%NW`7njF_DGe6ws~J&gW@e72||ijTKlUh=>-`3QzXGJR~&JcOl&h`>J?`84{LVB zxfk81iG4wb~^tbn`TYXtDjtilS(yDC+Xp(GeqJ2jN6= zbkF!B^J?QM+6pF$PL0c~nrxRRt3i(jM5-_II4B0QtO7Z?_eRA z-&%u?*^WU?jTe-~2AF`femCOUz4$%gv2VZ_dO<3@gHvcLTwgE{XKl4P2BfD-($ix+ z^J6QrZ~9l^N}A)lnn}))nr0d;7MU%86;@B-%b#@*wI3H*HV{g%RJQ^%N!?NVtddp4 zn5yV>x8i_4;zAIaakzO=oaIU7(P@m?i1igeX%A;LO6G@S7} zQ`%S?$9akw5(LL^J{=TvL_8)6)5NnUn6~l&+p&ZrwdZ+)VEM#(no*|$YmBo!B=ple1> zo^hPuS-+FSoCghM!z72Ji4hh9W2Q;mtv1c|1~|I!^5O6ajJ`_iK&OjOkP^9nrMQ4Z zNbs(D`}|Y5!M6UdPx60-x3!M1^E_VXxVjRdNlWJFEwnhiD^jF;YY|6;Nv+mmhVo4Rj-5-R^%$K}&f$oe3lh6i z^6x!KwmYZjQBM=f-BtG79e8Wrj)`k4?7)&;Y5!Th>hFh8g7Wvv8&7MNZN$>x2ovRr)&GW=p=+-ZG1PY#SjBZqHR zG4N_~Cg_8P4IFb7lsP1s(HK)^+1;a{N)cvue_7kvlt^JQBFa+gLf^p*ohI2Bqi+eE z-#OOBSu#QH+O>B~y6bj_rd)TViOX+_=>@%&X8Iegx!gIQQqItT+s29jFVLwwi|`k3 z=eU%v(U4fbKz@BN3zojTPE&T%0*N(;lm7fBjQA-g<~*{p)H9b>LngzpcLH?yWLC>3 zm?f7raM0;vEeluOlF`}=$)$wcWG-%hYID)~o9nsX&v-hZjKo)O-qo1#)0DHzCZ~X# zXTGdqYo@LNm_6Zgtv94XD}xIjbls5u=+ z_<_?Hjf?^fcV&!$37y?sOG`Zrf7N8fc!+Cp?Dp-A<%ZJ8?U+rF4dQ}uqO6-GoOl&P z2xQFx8RG}abFt9#<+#6prZ35A*hS50DxQo{z?GGt7-& zWAR<64j_{sxlksg(IzH4#Ohd*uOeN~0G0#O0!3A}c z<`U#O%8-`OWKm}@LEmvuUVB$q1SzP!fX5TeMu61W{b(0rcfTkVT^6CiMdLJ%1(C7= zTE8h3FC(|{_IRG?ZH|tOn!nbaAES68+_wuGEs(BkY}sve>%tQpCUMwTG&6?3cdoP`QHetgkuDT*mea z!oq?40ri1NGE6;1XQp9#s^`u#}Hn#AaA^79jI1 zR%ns!Y@Rkaeau0u)kK!T=iMuvTgF+H#tX2`q9IM3{rt|=?)~Fl-gyG)jQDm%O3H5# z<$$nAOh6pXrL%oH-~>o|HwCaeLw)_wVMLxf8zUy7X-Z;>6-g$ZAy_u%$vQ@7ry(z^ zPEUzks_F#6f%0?A(phI*Ej@bucdf7H92A%@BzSbI_TLz*uBtU_ga{0>D`f~z9mP~; z>0#p>9V`IhV~DY{%_xobGHSG+(L4t0LDyiXB178e7pT#IHP|epAxw#hL$?YPHzm4@ zvBFLmDa|h${El0csx1QBwmJTEJ;*VX@he z<<^~6R1#G2NbW|QX;oN)HQ<4g$K6LR?kO8}weZ(9m?OaxMDD(Tf9gy)OU*sIk7R$p z5%;_L{_Li|znB5qaxD*BnFm%O_%t?{_4oh1*FG9dGy02WkB>ex;F#;P_W=JxU!RIz$tmBSuOdP3CA>2we_*z4YL1 z{p<5fB*~B9*t>&d9*q&U2UU*lfsZAyCjbM^)tE4)=^#Y0yCEcW(-`N2Uc}SgQt0B+ z58wuJ_h5hTU}vS8hll%z*3RioZIJU6CFFr5r2~7JXBijv2%>b;&j!=AfxREcL=d<5 z0j2lwwax$|>-gmy0o?I@spY#H0tn`PH^Z$h0q0(n zjT&LuZ3VGFvf(3vv+)G%=P?$sL|aBGslWwPd(`5shOp&fS49WiJZqzhB*% zA-Ep(yBB@<4u8Jd(OfsvOyL2f>Qa0U+gg+09cVpk3Oz3P{;J;F#->d$8KfJn+;yo+ zaY8xfk7Wv1oKFfe^4A=U#|09kt9gf(!u0kqvP&j-M5H^vv1c`xQF_ZL9Vpu=UW8-l#qP~6j8u#*F$~8 z!o)*!jscij86H1ks?6PZ@Oiavkl}<+lSe#})fuN)MPu)J?kS!XMpNU>V!JCt8@va~ z5a&^p3+eGzufQh2c@yw`fTR0IEMo9;!-_(>>=_PSYe8V>d(L+QlG*|quLsbpddAaR9_7^j=EUQkaMLqNV-GfqS zx@rf`QK!a-$9t+Bp_H;*>u1l=hewbHDk*2bqf&7(c}r8eSc9vpG9f2sz%0+ct(RjhNbQ2eE8p* z3c7CC7B3m@yt&-$66@VFK{(3@7UjZzh(?f%V-q69?xJ3`RA~a5{lrEq&~ocPa%S#I z>&4j#W99P)A|3_Ri=ulTVCiEAh7Fb(1yQobo2`JwCs6FGY0nlc@@X)3uuN+-G@CZX zS?#J?VR`Bv-4l+Fn#Y<(O{B~4;`f62TV(vVn7V9eJ^eOM67;8|z1M~ST9M9}3enaK zLBVL_yC0ACUhii2^yBUeO-XBGGdvN6A+Ma61BUX+oh!ZIa>3jcnjO1*LGO9v;Ng^mtEYTlrfAVkf*0Wdu-sN)>| zpC`a`K^sJjzP_m3WB71=@k}o;eC{CFZ5-=1j&&Qyx{YH!dyH)y>o$({7mj27ln~FK zIkxks4VYVsnAbQ^uJJMYJP~r23ysSbOOS0)+%_og=Lm|+2PP1v4c|B;m_g0N+$l{t zl$Ke{B5K{pH|rvU22obwKuMFQ0oKY@o^jSg-*VyIT6Z8reO+UE-Te`0e}4zu8=&iI z+`hkl{9A8&lDdJ{JC)&3iFgjgDK__T)!4bmI6SnS&J3-zXf0+R7?~$HHab3>QL2q& z+{Q76=gD!5Er=O{IOEff(W-brGx{}Fr5p8Hg$2YOh?ZN!0s}Wiy;{f$tG%t ztTP@1z1yzFqBRD^E*?GIEAJ$J)7)R-w&J0%=x)%I!)wW(9H3qbjH-z9JhB&QYCPj> zLX`LzNd7hhcr7~;Se62uM;Ne|!VjX{Vh~r!E{X}AOVEY8-4M3vV%u_ofGsS&YK*JX zp{h5oPptqrfLXaK!2MEGms02i>qug5$vL+Wzi73=Wj_hpan;Z(?$&KZLXhWs^DIQlSTycx+oheObDwP6L$mx_K$VsDyQ&a9OYTWQ=>;f^MLx%n8bN9 z&$RudIU7f;g%jSm4TSAYS8cNnkFm5aiV*GikH#x|PQrQ69h{FFwOiYJLs#?d?gm|T z-8k+Xh0ubi^*hu04J+vg-a)OP5irCL886t*P90gdt?R~uMnWH;n!}o@dHU=M8amTQ zAU`m4MTDf%2kW(cEp8cHUuCsP8IoXS5_9=*U)ZOQr4nUWC>L)z2_!GA`VA2+mC>DW zHsS_PEgs0CPM95vx{HL?N7B0Su`2MWtgf10pgL*2PT2W^=_AHCNeCMe*~3vv+6)rq z3=%V7GMz@kff3#XNhI9+=@b$k@bEgw3Q=mRK~9M2mt8&VhS?%k%liNpivYQcJO$I? z@fRjxun|3{nmgwyrfj+P%g%QQD71MIYV#s2n_i+(9))TSlNHk{`0Zy` z2ci@6VxF3}`y!5|7@uT@PS4)Gv8y&U)W%r}97rm!+hhf8vVt~Q!CI0Pte9p1o4_c> zVe!ND+nOTNe93*8m!sgGOrHXFk>p9;UA`_-{GLo3Y-gA@yC@gc)9AUW4=R&vqz8Yv ze(QENkigThk;>%|b7oeivR2k!TII9gUN}Zu&Z(|c3vYBtU0UVoAq~0ML8Le8A@UKY zSweadPraF}@a?hz!_6!>o7;*~#W?G_!YBrr#dZf*;D6N%dc6ZB z(Oo;b3%@K4ujWB)uU(`aSRTNaWD;iM(d!I0au<8n*a3>G%1-+;GKw{oIv9IU+RFY` zFkBYiarc)?H-Cu|Gzds*Yg(}fGqkCPv}xZ%R9qqi7hwarVAeVd8m3=yS0u&a-rSn8 zM(~*cZsW@?9LO&tzU<=64!4df78Is@7uvu6mJ9T|+uN(XexU1FT4G6;ksN?(Ig((V z6@2Cv?o(bvjcS9=9N~;*cfSrz;J^Rl_ehQNbdYJ)?zg>P!%($op%p}@kwAcM*WhpO z%%S=D<;|Rd53nT1hd!Fb&F@b4kB*Vdef*O(i~}k1QI&xMhg@a^w|}|?iB!bSt*^Iq zCJDon7q0nPc=luHJ5;qsd7zka6aaA zSGV4cncPOFR~H%<20~L4HKu?$#aJyeE@Qpm=o=06~+Hr3iI9;7@<&0twn^@-x%-hfl+GK#kV|HHrU+mH;wp z76%Z0{jmViGVuUW!i958HkCx%OeLz`Gtb=AXG($prMyU#L9QO@K!8 z+%y=s@Nf`Ndm33TFY|$)>BadP6beH>FV2^unRMuKg;Nvc>?{z6;NnO^hRQlUzq`38 zMUGwvPN21jU^Aw1alV!*w8Xq6=3gl>C+vX=&Qih_TB1r|2(NM&nj5r)wp_?q_;i&I z5*nQ)Jdd~6MG_WY#WPQLY6wlMoQ)~NOV#*}h!nG>s(iTlPA@z_ZE?jhmx{!H;f&03 zuLz%+>*eizHK$zbS|1x#-~wDa)N+|{TtotDE0@pac2I|T zwdG8+i?9~G8WmdmX?yHn`?NY&t8;x0oeQ|eFv0aVnQLe7_{N#9`q?-}l z5|vFo8GFq?mxizu`TlIUonr1ibjcMtv0)W3v#_|=?7mVHe2^b4(nLH>3AkgXM2$Ik z6I11`th#HTE|VP}qKt@?N^>o7Z=IT#Ur$HY1EvT=}D({W4_AFq-fcP+ZD2Fi^RSdr0OG%x$0U!J~u z<7$P8{l}II8$rdUs`Q!1#+b!gAJ(;<>|$m+dpT&0LF1qAw(ed23 z5XX9EAsfq>M+DD38?BY}&Q0a_y7IHM5U8dOl1(Y9YP~vYo|b8~OzU$nEisJt`v=EM z(W&ci&vYHMwQ)XSIHeK#0Jqhp!wusXVy^k!K!om%ZL~Noy&cQ$_Ol{*0Pku5iR#mI zCl-w@Mdg1&Vx9$J;|M_pE zyMSQ2){0wAsNZydH$P*Lbac8XH+(Iu;dbcl&Bb>?w)o(dwL@_Y;wjkn^!|vA^af(g z-JKpt-;)W%&btG56chME(@fKLIhprXgeB=xCJ6-IeIVN>=z(VdIImQ}OBSFA91Sfh^ zCJ--DukVH3vOYS|4w7LmERDQ9{3v@k#sB0CZi~zKzB}ZiJL0>l9 z1pYDCT5H1jeV$p;0FbqE!dog;;aViW0WlikjG_o9$=Xx{!@`%dV6Qa$)LQF-3-z!sn&1(EP1C7Y`4w~@X^_GKEv>6ESx`afE z3lp~6o!HhK%YMs6k?+uEXekH125PjU0U+~4mB8rb4C)dhVwp-`v7Y2!}6Mc#?1&dw9y3 zh-Oi#Xw~1Mv5^`5MVBhZECl!3jnKzw}0TsxuYLZ#Ue+#m( zBUj&s4c;u=eK(&B6U~*rP&CM?V5JZaGDvTbaVhB_0S^p50J2od05dcJf5XVi<`~qH zl}c>o?Lc#z>N_RT7&9u(F^&1I#=h@NW!T3i#5^5!8BtnVKt4pf zF+D?IR34K=IzozUNl0G9Ld#ka;nH-_#To5MI`XMwwtJ=iE#?E}+K|tFLefU29fup- z=2&s5u{3TomvzJuhNy@aZAggegi5Wz5kX0KIEG zuM1PcG*>^G-%-MXFs;5W2gyxH#^nHj*)$Ax$`CVC8vum+q#8O?+*fv{23#J1&x0jj^lGvmX zAWQ`*ORN$WGy*WOqzepv_cltot?TOm#rk36j0^I^hI78ql*g|KP$WH6tByi;t+-(I zhSoqdXIs12CD5&`=~wO`nMY$y00T_Z0dT5k zvH<4HbGse%!-m~@y@KW1ZTrK9Nt0x31U+=iy>T|;A{5cL9Bvqm=!cCP!^VHuFnH_+ zu)SlK-#bxRd#6i8%Fz!SKWv~abMe$r;BCM&>k6brJ25wPbnz@@TQTqiyUq!k36e(5 zr1;}o!bWO*g7%LN8db@(R4UjB`oI7D*Z=($cmKK9ef_tszjp0kzjCj(|7Yum-rVoo zzxvMxJW|EI|+H?uhTYL-UJYl5~%g$jq6L=j^Zn#2f`mK&H76q_vfJ~GkHc6S_0r$VUJu{@f483s{bH#0{X+sB8A0>C<*oyD?dX9zDy9U zKgM)uc2VMPd|9g~qo0S zv2Ln>YFelCm>g+QLa<0C-hhtA{Bf5KkwfhOS7Ef@+C%v)7aG>OVUx@il7AVs7uumR z)DvY6$I`<*(d(3OHge{sDhlHWj^GegkfDxh9kN78cRVF6&{=ORK{S1eTyk`0r}3k* zd??kV+~AYO=AD9y?}WE5;JBo(r?+3zpBZF0U7rck(OS4Opu5>A*ql#GR|^@e&7%bdbF%I27L~?B z&SLkMuXdu>@>g!TPtaROr7i*8D@1TBTE9fv7VI|=cPlErWxQZN4$L~nZ-WX_ISqXpHKjv@6-o$}3UNj}LeY8wp`flUP5s<7 z^{dt;8_U~Iwc*%9vRe&;WzHSmyXbN5lnn%EtuO`$Z1yb67MXDe?~=y^XdoBp%-Cr! zt^j)=iu8`Nu>iesh1YT@PT5EhIoFapbrxysSmj~rJT*KbGzks^=aa#tI49u(r98Hw z7cXq1g|JAOO<%9LvF8_Qtu>4{cYBW{NxI-dVbbyWes=%#=f7;~dYjc@ZK90F_PEVD z!aPu$3cY%;rh6fpgzf?^!Yd=D~;P&UChe?li?V7fJ0n&h!_! znCLVp&jHuw5>oAIO)xeuYbIi~Uw4{24b*aS&}AWe8zf^5m0`_)_z(rYuh!GqbPsFr z9M|QRq*;RJdrM3$i>J(Pddjv^q^tJ6jA}Y>uk$~!mAxPIRMOrx9<48Psx>P+{$jYm zNZt{J5q}^;fRS(Lo!*1#diD)9NcGz24*4crJfCNbx zN`frDevP!Vg0$*{Xw*xO#Y3?W7@Ct_I+imM)u zCcx!Aa;1kSgCkIgR_l1YwycinGjEgw-PWqBt7DVQ8*UlnZ-;E4@9*kdz)e)%zc8(w4|Lw_-YCe5reM zpKkvThmxc1}oGv+eR0Y5} z{1^}k&3Ryk04RJ{EPR@7QnVT@(2DRd_3X9Db1+NX_*q;Sd^NA%d?Zn>8eD>}K2s8{ z1(P#Tn(l$2+Yi=6$N{{LG-5^N(6Dt6aPl$J8`PYF`=gn`q;#unkSlkY)o1pAb%S;v zC{Mr_9i&KsQZBr>9W-w|nTu*vqLfQjz|NU`bTj@IhKWKi6_R)G!L@^kihA2SU`oxEhKU~IV1lS3 z!nx54o{!8-NMbuKUm(_UmF5v_gf`6NHXPH^%^3$PGe0>0v$na23qfSY8PtR?Z;G+~ zx32_#91fUcIvP7zVk;1r*I=1FhL&=^uRaZ(@vBcohO+r+3LFYnTM?0Zm;pkVo5)rO zO>JBS19Y^9wg9E5+LVCaU7l_C&?#cM-(mAQVBEKF8?xz@d|OM;bwwg(o@Kn&t54U? zm#}EDFMC~e1Jk9eu1bDgZ8zpsYEOkwhAk)k4P7GA9fYOi5d}%oZ>sW6G&5g*t_9t)}(LRgG(D(f+G^6*qlpa z4KS?8h(;(SVnk4;IqQ0`ie{b(8W~gOuA61{_ZzH*9mIeM3oTJ!X>`nV6>2StThzb73 z6-tRhSe1;yG$sBhuZX=oC=P34#F@41>&5G>HiC#?>72OTD0r%SrA#@3poc&llx#e) zI5)}Q7|J0l)wUU}ggjJmw!=*vDm`o^%w6dR!juU}Lmp_P{QTg~236+xZnZ;$m4v<3 z1-$Omj%j+X>Yk^_V^e*vLNhAThYcw^Q{7RzA9Lyke**Hpzh3^32R)e=Jc0gK6`MRs zG@_bwpXmwLoW~dtls1<+8Z?Jsrsm&z!EcF3e<8OrZXtOPpa+EOD^S2dDz>Mc zB)%%c$6fZ*KrpvAGa|YMrR>GQY1lY;epR@EEJa!M=(M7f;nW zyGYq1r^VT7>z}79ilEN91FZE~VL(azF(+aISBeXDD2T)9a_vP}lBMopPd{rhBCJR2 zUf($ys=~F}w6W+oi?h4BVV!?Q z8Ky#NdEQz)!*ABw6gHzSv{=)z2C{t$tSb zwE9{3Y4x*KKb!Nk`dO==EqYr0Y?Y@_4%VcYh1!yJgaBDkVMU|DyVs{_g}>ITrG*+; zy^a>@aZ?&`^L4ea+e>*37#tjyt_j(0of}jUH`@D1#c0c&MsMrIWL%X$ zGDW*Z34cBft|6tH+odB`?{Ve5d3(O#W$k8kH7e7@8fG7N`Ew4cI_AQea>r}7(UGtMYF;S+2&qIjBYTrUW#SB*1h3q zT*Yr_54@Ho5DDuEh?B(LHg}4Iad&KxC#3p(SueJ88xP;>xIhHAG_8iz7@F$NA@W95 zejrZN7|{p93QE5vx3`_lvQ`fCNjS)_14{qfCOiZt)$t~!85b-KMVQ(Yq#yU*ASdW{>wK`I(BegoxN>8gJRi9QzDm|@^WS>?? zYIUT_fLa}?)sfuu%h8e65rew*Pg<*g(o^Zpa+gXvl@B^nY%5r7n9ktQDoyk)z9WUt$x<(XN#UzKU?K#<9t1D zKRWbW?zpsZzFOb9220$=`Kms@usB~OKd&zr>}&a9v=P7Bh+l2QuQuY>jHiwG)!t@r zZ?k_5R{r)j`}EV^X17m!o4viw-dgOdPkWnv#?xBo+uQ6jo;KoF>m?ODt&Y^{NUe^v z($nfl)u+{wN>8gJ*{9W!S{c#aH)8P6$KH@18YQ6_0jg3x6SN1HG0N_=uP%}$SQIciXX;^w8E zqQ!a(3)MsKIJnyk`3V{;mC2Lc-GWEYB_vi0V&}kgo$ZxqM!#uH3nR*Ck^bbU6@n{F#Qx@-_oW}pNxzq$# zBC}5y0yHsM)+$geYq#m5uCSS&CSop)KbfFhP&GMAu#}fe zY{*8`c&hcLbZF^$NWF_AavDWEXKL*evCSiF+W%CuP&^?9<<`p;gLao&fzQPeZ`~f& zlHIKzEl?7rFhs@EqQ3c})d)60nq4XzQZa}zs027}{@N?OJ7hQ{k@_vlrIYQvpyw6U zU%S74`z(2-nZgseE*l9jmFVI`Gy9whI{q_F&1 z8#JhyI|Wucu4xQ;|81QOc{-rXbY_}%O9!pH1z<7!gl;|ucvmwj;i83q{ zjq(Hwr1#p0i^*qMfdUC{NW@vZq_$tC$kn#OH37~-1hu})G$qwduvM1&_|Q=qzvXv~ z6#Ymg35_#UB5E#AYzO4t@46oPW};PVy^=eKDyPCqqIR6TXt#u2oMOWcxgZZjpskog z9k>s$-9vvNf*Vr~85vh}yM^FF1jwuew0bPj9@;Y32xyv;m|{he$+kI%cNY;>S?X18 zuLQSNjt`fp36pyQX8ZxH79~<>3>g&^@I0B%IhzR1A_8lUBZD46{-N;*BSA*6tIW>$ zM0?80dbhg#f*vZw%gF6sSkyfN1^M198c6a)qo6I)LpOPraiOYwGbUGDD8vOiOLD1* zxVQo!<_r)$4oI0Rya*Z#=Pws1fThWL9nI7VZhxF#-duvZ%#FqDOba_h5IVf)ybby7 z*BhV`d-+WBxG_!=!bbL+fZ4-FFUz+Uo;5pFf8Dfz+APXhbDx$~AWX7RQ0$!?YHVvp zy|-1y7*1KV`e^%(3~B@UaUJIp%*;{|JkyTWKwNAh9L5Y(sky|xY;LlacE2*kb(#wJ zU>1s-*S(TDVdM!bW@u{7bEc&}Kb%0}r@#;I3CaYCNDSsJdxauq@-KniotuUAx2?>0 zoUG(m3yfL5Bg>FW%Wn%p>}xOFTO$EwrQ~^&Q}F!WpKoq1 z`!8PZIq7Nd?Bd$}|JuuBOsH~60slUuPb~Qrzd83~S!As?{@v9Z@6~|4pN74MZ7)4M zrZYS&gTG#LgPM?(MIn^UW~>+H?GYk;o@xP_@#joVfrO!Jc*K&4NbVe%b8Zayh2Nn0C;lIIQ{h0}kdMNLIA;Yyk*+Xr#lJ$ZI<{o*CN`P&UE zM52onI2X(t)_lllR(Gvlyks@sOZB|}vq%>ck4U*!bp?fL(m6G$gA;Sqozf30;JXofyXToqm;B~HyjU9Svs^$SjAg%u zE4btVsaAbhyw7DJmi}54y80Dllk^yFn*Wp41s{w0-^yXg<*#5ttbzUb(`WsD|Fg=i zf6RC;#d|9hb_=`v4LFYPUw(EcReH=$OJnu)ie`ke7$ER{HWikq+;aB~2zp=%T6Lr` zr6|n6$)x=$S9~mrfz+Q-Jp)=4&+}u}`|(F+#Wc?xD(ux>a8vHF0sHBvo_~H&_if`x zx0*sKW4TJiG28p`M>e<;nczkYAO_>7pZ4IbU$Jk50;_B4b($Z4bmy96Wh&Sn{>^>o zf0>fX@pblV_R~+FIjzj?bzJB&KW6jbP?f=hU`=K*03iI`X*b`_|K^lg_&v|cf@e+8 z!%q$;%ZwL|AK^DL;75GFUt8a2jG08ct45#wjIn#f7kZ;lXMX>(E!yE9VtoP1$DHb{ zoW`EvKKrN9>XO^ZF&p6fgG4KQ&HVk3`~Tm-QGx&b&%G;mYxfTRK~F`O2-kMixYY}Z z#|EF93S;uk{4WAAwpb=u#V$Qc%BPo`a>~-9)v|I3dWN{ z8^>vL4lWBclVeB1(@cWP#g{b#cI>`SzAyY_SThE@UVVM~<(FUn7F+~ixI=dL-OcG> z?kG-b$Ab`0xeYWjnTRQ`a8Bn!om`&(<;&~F4|AG%?HblSdXWy!++BmLg3?X^1;~v< zs!SB*#tnGZ93#BN8+s*1w;}!tAz|cHX1t&fcKrAuo9G8{{h-5$Zh0RrZioji@JQyr zJDgP|UrAvra8`3*~}Ibx>RDW8h$ z)baVJ2DO8z={xYX2X-u0&A+ffi}zy2($hH;#$C6%z}=){cqC1cdqdL!PZme2)oCf1 zz`Xiv@QjfHx=TdB2WkoyX6_ikZ(hB6#rEB+2Z4iWriV@uVMdPKy?+1d#cyL`yf9GY z5%cEi6jdko%X@Ccw_=7N*;it;>eqdt5}i8Y z4sW`%zI^?bot~IF`|*}E&`f+dLCn6AiGydweMvWuO{DB?=_?SvcdSR=(>Yz=$^7Qc z^H`nedC6?;^ter2wM>Y&+RxErZmBy+0 z6z%z~n33MGqQ+)D7*4s@Au*DsGHgs!K!T$Z4|s$W@X783Wmp#8rPH7XXaM;fEN(W!*<;0RQo9-otBs?c-fR77q4=f_K#YC!zKS%foZAUEGOt9qP zHtNw)F#qcFTV}U$Lrl3`XzHFn2lu4+IKXR8>nVgW1dT=gZR4%fY;BH3QVd3D2<{|8 zTWB@TW*~x0r$VK%P+pnZqT3F*o?ya-R9M|lkC5aVT**wAMF6NSYE<-)R9^Hl=CT0M z9e;HK6YSK~*6tX1#e5?Rp8o_$@X|`4BZU}C$CH-3?;gEn0QT6~Y75=HTuXg)V#?%R8s4?e?C$M~Ron*qI&p(IDr}{ZhQ;{CBAt)f==J!enSTMJbFlkpU2<_1;9%-AQ(juQ?F1R7W3!!W= zYk=p(9Z<-+N8%b%uxmX9#RS|DRSZK-j-t3vD7LOJn#?!`Pd|G=Z5=b~N1IgE zRmrQQLkxvOG`NTb5aTCIXMHS(@zK5Kex0XI1#Ts_^e$`f_-l_kwAJo_eGo(}t?AO{ zr8Ob^ZouZ}QM$6ZM^Rl`2{sniuvBF79)yipL-+Qv0sFd&EWt1nCskHrrTgEr>l+4^ zdLzdQbb|*VH>DBBY|s6ArL}eZ;BQ}I^wIhC)i?OZzrEZGDwh%uqB%b+@Kq9i(I}Y9 z>1II%DyEmerC`v&k<#;br>Bzg}1QDw%oxnhvU17~c6y>n09z!73IGk^!<{XMY^ zy@G$Vl#N@9E*}@qXvHrc;}stfpJGk{oi(KvxXBSUQJVXhPk~ zLMtl2`V6e>3k*`LF=>@WiqaZd-dD8hC_!7s{H-SFjT#ne+z3K~3QMu>`%HUg3YEsaZrB-7<} zK^{+}cqECU?heEagkZ*NpY`FM84AND`r&aPlmAeXjty}YP%|)8FhjlVkrUo5#4E!?x0c+o`XqGA~}PR@s^%oZkIf zvxhqNR9Qn4?O2W#KAPp(zA`W%^;YI@-G0MEeR84r$LWt{+bZ zZU#tW{4t=`*~N8_?ME>IlX5sn^z`VTT2Hh@?wKlcz)mjDu~LD9+#CQfJiJAzg0-q{ ztW!X_?}h!x48Zl5CfYo{j`ga3G}qBCTe}f|)$juZ6{L43W<9Th@CB-e!oGY#Tt2K+ z5gq_ab>v$uZ0$NJ>z2KK)TC97^~BGq@N%48>j*N4w;u(G7RKD@JE7Ji(-{4R?`-ns2A`xV52sq0aw>{5kY;z! zD(2wPv5VECV;3E}c&_YXA(`qf^y<-F=nQ|B)up+e6kM#%!Qt#D4g4L*qmp=h~eW9Mf(+*HS0I_9zrQlBt$iQLN@ zTuc?g1?he?AKUj~L-5mOIm~2on&~nG=lhZKIUxQ!x(|8`5*gT%&Ux%s}eW{^+-;!d+wRvx{i$|4C#r66A;M;%>`nbvOT$7hvBzBo8*HF1HE*!`>V%Nh z#1lTng8jYTV5tvPs|u+6TFI+TsoaM0E+M6qXGSw6M7n#rnmER>xsvyd*5gbtU_T#; zhL;z*)vW80*{vDtpKB9PuU?-^?1gN|DG*uK2mq442VZp##Fxb!@F5f*rS+<2&@c|?*RmF!o=mhhf^qo9I@Y?@_l%Bc=N1h%*QKd5hjtokr?Gy-8Y}RxQO1`S4p;&Y z&%sW^1V0P!S~Jojmu(W3R&2ZHHc6#EN`r)}bRvh1(y}U;4A_OX;+W#wxgr?d2{rd7 z<#8i=RaGvg!cKIG>0Q{M%djypp2F8|by%5;Vk)t*_sab44Z+MhlGl;EPlV(#Bm~>L zbHh~*NlvRML3b(Zqq~$FLFyB}lq-u)tpEv@pdye^-2EYzT@Shd*bk5kdk#M2V0o(U z?23wK8}BP|AiKuwniiL%p09Fo^7gfVH!dDHAvpm>EXuhlyajo}AtMdm_EHz_9~wS6 ztoIsjYiX?I8MgHo^x1`0?OelOYbWzO@@Oi@((+6vg17MFFO*}?aEf{R3_{@C~O#-ZeY|D1Grs7 zUi98Ul|<-J$re1h6U9IZJHiBeogC4Mjt-tVafLHkR?W6P*1OTw#2XM*ccITOLxoLU zfZ;q;P*I@-JC=}fe2lX9sY-#vXMePGkWgVBQk>iaq0y`R3z^Z+FYmt!-*k7HvVDb0 zGL2m`nfX`A3&DnP=GL%%F&MMIfAQkQ%j0zTo8#k`|2X)6|MzzcD>YVCKAY7)*P|2b z`k#y(w<_tk1o}M({+sLbZ&+2i5q+tQP)545KR9N$w|{x9K*L_h7lDDPXSBtECI7L9-@a0Z{d@p z;P&BrH&NLnTa~e+$`d|69YExJOpNA`YPS&RgsV=tS_Y|4Rk+fn6|cVBG==xC*X#;s z_y}~(LX6u4g=~`e`t4&CT&pq9jZdm6Lb)AiK3O;GM9nb_6h0M-?r38IL-pBxlU^IX zfy_o1@Lvj)hQdG(f{l2V^@lvUL$?stq`GJKyfBB%Ot{1ExPbCVX3(_H;lMdv{m=`e zQMksT{D4200iW`JYXx;VOnTQJ>7qZ@NB1v}sJM|R`r}fjB2=|;H^QWMgNdDHzp7$q z`q4_BgtWsv$rB>`58VB0Jfb5u184HkWf9wVthV~byDD7sVy>A`7?p*UX(P1C4rG?EyA zHOVS(q_I_~ocR+d1B~aAB|OWXMCC!zVG|2-_P}S{+>w53K zNfKLtQAY}zi-HfDnm!g>edeZs@p`G1)k2yqp_~>vHJq z502;3*F$!KNK}>8u>xw4j$L}BfjlR&$}(OIr7d_dWB+yi?gATzcmhI}{Ce|~st&!R zj21^c{>@3#jbC)%#sn8|ybS7m#xb|x3zCUAz(U#dwGxsMa3R2Bsd%i_kq3W)oBnHE zuvAzsGvgaE8D%>d}Wjj>Wy` zQ)B%;HW#jSjbAm!Tcm@5Me6dLvcbSYzaY00G3WB#^$lb)c?`PbvrO|eZdAMk^$5AD zSwrp|^(PJ~ZA~0{^Z=ej1E^@gE_@wy{K%J+5(CC34O);h*i%(+p>IO>F+Yh&aP>#{Gb$*n*I^m#4^Mvjed-h42qeV^_~+zT;mD{9|Y5r>Qq z-9qRFEpB=q&d8G={D?Hr4YiPP!!qppjWm}Xv7wmod#OvTMedGv96H{NN?W!GjDEs| z5Zw0$ROz%dR!=?LY6bE+b$_)w20A4Ry6aa@5S%zI(AQyiFZAR4&_dK(8$@pKAOu~m ztxBz%jmQh3oYKAtoO^$T#9smrSMv}$tiu!GZ2Y4D{XzW^Cny1Pb@Bn(VX8$gWY#ci zOtWa-?@Wm;gn(iAIV!oy(Ez%XPS%SQ`eiqn=dur-)Q{YgV75E@6}Of{JB7a0eR^{( zt$kJBg8F!*i@}Pc+Pn1oCz%n`{YMf{!x24df4^TM*ec*0;1!~d-A-V1oL8ib6I6pt z8Pv*X5`YqsKroZuNtHrY6uuiZc(xPv!``Vb#1DH_<5*Lj5l}X_R8qN};-=C{xImf( ztr_U;>Lyh^N*doahs>18#1Ya6cYaVoUL?5qxGHEC;=h<+@A}_Wf*nxUZ`~IC3sE1| z`did00^k+}SlIk!auk@g{yF@Ts{Giul3Sf$cH|49Hcf zqF!G=?9qiCRP3ED`wx5A6B;ce19qc>u{+U4tV-;A{6SsrhrMeQ8GhJ9T=xq&I3yGa zA$nvj&St)&@(+7I?6G}JRYw|r0JunDWlp>-L|eRIo7tEUwqWZzW=p}d#$-{yx-VXR zxyFmRlb8#2%>L&;{`Y_W&ins<(f{o~_W$0e|NGqk>EMt1KMYp>e(?E!wEnI;v(51k zuD&#Z%GEKjd6aBF(AfB=^O{oB55f8S@4(`H1GH2)jH=smCC>OawBwc z2Y=H4o^au$|9wCQ`u~GJw#SF{Y_3gw@C7fL3hZ*6_yA|R@r~T*WP-A?9TZXDi9m^e zXhG#G9vjRynND~%KTE~^FSHGPPDLTmm*nqZQD&rBUsj?i%Bs-7G@2MXQ}Y6Ppq;wk z`qgi-BwCPkMB)W32V0y)Tmn+eQBN^?D(r-`(K3rbo21VNAIc{Xcg*`ab`n9g(U^V7p- z_ss!&m}n#5G50UhchEwU5{ZKvv2dUiUg6FdBSs3rYUGbtk9!Wj93s;lC`1~*j0=YL zfH-}%EA(Z+Vb-M+!``0!x38NNsa{9~n#$H-?(HZW1786Jdy%5X-hOv|!;(z!BAW$Q z1e@rGBROIowIf`G)qYJO7I|4XSVNae%WY{6AteWtcbG?-ShqDLgcOX*%$-xF)!3Wb znkdW@aD*~xq0OIkdT*mcs;9OUI=hQi2uHmV-|FAnqQa_(S4|zcM|^VFd{|NX!#KwX z98WLZ_P$u~JzQkGU5GA;IA;R+Fzz#l6)QxL*R}o%GL9p`gj8os>2<#B@82VzO9g(R zT5zxj#O&j>w*~y5*zZYeIgV|ge^{TnI8++9$T6!1Hn@a0zx-l7t|X`B^q771>eZL8 z)?-WfVtb}!DoU|ABZ@O*=RZtxn-mea@;P_0;WBsMq9 z5X79pjvkq-Fy=-UqTzeqj^fG@Fy_~v9^}mcVl-V z7vqfs&H7%LcfO9M_f&!)?v&HWNlE@ddSpqS>V-}P&`DjeQ?yZ^Ujl|vo9#5}h3y~S zc~F8><3gAgmg6}OFTF`>$(;8(cD!Qm<|sgDIIH|f(6BnCVz%crX(finU9iEsQFUf_ zQ12ZL9z>S)A;1OO^M>yn{q4WM@45GS&1Lmiu2XVWQn1p!G*YVtZb|nQ;Rsa-Pw_=h zDXgGH5aJX1ZIg_*Ilcu)7(yVA5i1*h_VkU{6rTK`7*GSjOXa>ma0E2W#%JAQ6eLT3|430Retrf@Y*Zu zMw_qYCEm=D%i{g6^I9_$ID%RuP?M)=75wYT5a2tVU>(`p1Bq=4D7IzTPW|I+i^uDP zO8HR(_M0eHs)O^~Xzv4D86GPeoU#V*37_MYA-1YO9aSnL3hY^7HIud`iY_H#fuDwe z+LG!5C0hNnRF$!&;-y%;I77?(U08X4?6hCho2Oht?7U%|y*z%&raaHlCT<^uh|(&~ zFR_hTbNA1eS?4<41*6V&x*3xORp1xSp&jr#?!0n*JluH^({M=s>2eG|erC@6=>yqu zf(_}~Kh?2JFPq6tMRb;qsyDa;)?Q`K2F*ri?~XwQgJI$6Sqty6+{|Y0p5~T3TjKvPiTt zws2yH`7kKG88F;XIu$1y0fjXIa|Zty3Ime{P{)9&;*kh$>s@)a4UE`UaKg7K{rC)w zI@e)e=ZNw6=hyE=QrgzVDw<1)J(3C=Jo{7)4*bCJmcvV=D-HvzePF zWD;RV5@VSur*6^*A;%MI4w)Q?L1j#?rkx5Of8!mV5vpP2_*5us*nUuC$O3*CBFmd+ zxe#23OxR>_a0rI$(mI&9H4bM?T2c62QDGqb2)hqKiV9Tq}4JetBK3?RViNh{y53oXGLS!;+H_Uq6HO?;hJA6{I=VN)2g_ zhGa**(kiTq&fkh+8lVU$f|>p#GEb@g2_6G`!S(^kr0p3%_`c2$2JD2XGTgaUA5c2X zPZLqYz%bW_JKl=i;aES1qB;5m0imqjQ;=ls)+g|?ZChRJvdu2rwr$(&vb)q}+qP}n zwkF?m<~#FU%*0&G++^fa5g9vTsI@U=LCMX z+m;c3O&@tmygzgz5?FytZ~TctO3O9~(}X*r&mBkuI_#EBYs0>dm&9yAR8fR*iIYG$ zwX>W;j{&AYXKInS zeP-$N_|eNEOThbYNb3y77pMNVddIL`(;nsG3S+o~ogB~(YRCdM=yT8X)vm-PB#1_0 zXf{o84H6M4><`&pCH!PnpLlA_sel`|`vJ-t!?r^uAJADTyOb_CU5u${<$YQzw5=j! zX}ZU7r7CZ#pPWked=k`S%sJsnMObk?_&qJ?M(H)BR6~J>v3}Pmey+V74j17*dn?$E zK|S}ZDd2C|CiqOlE_Je$=M99}74xpnbyIb-qg=3Jl;?n_s{5Q{T#aMlN;%IK^Qv+t zb+;Yn!0YM6SJmbtHkw-klK03hE~r_FKfJTYaDT2VtjPjD4(dMXb-CAe2H1XXbR4a) zs7=S2dZkvkJFoMedkaS}q{cEUS+-knl%xFZ7zy zNPw~P3HDYC$!)3?)#aqMkV7HTlu4(htYj(IqO{=>>{!A-FoVfu42`+it~T{hgFOpr z(DIUBnHcte5k>vdbk4Wk&tDa~*ic=#nBJ^>{MhleWs-am zn=?omu3?miLu2lD7%w8_7D10AzV)h}5<4}_#Lm?&?Bwhk#wup!rv8(wz5nCn0wH_T zAoEtLhTEAhg}flqr3_HsOL5Bci8$G%Q{(J^J;)5#Kh|D24rv#2%b|?9w2_F1 z5l!bCS3%mZ7F(Qs1`7cR0w!ElBA`ZU6qasooNK^4vH}#=ROC4Sg!H#U+a*r}PcZ-8 zL>?Cz-`PXno2u)PXjFCtYt_pvIqIdD-xae|YBRwSkU_`g5+3-J>!w`K-i zZRLz*^h0RWd6FHFuN)@3Ub1>SrPfKTKr*8pQQ)iyBZ_X#Sl(+Xe}2~LWPYzy-6Dx3 zvE!ocYw{co5|+(_UwDq?y&uHI(tu)o3^>xm?z14*p$&H@T+-zXO%lO7Rovv5$s+Vf zsMpE1tY!)=6SKlQI%C^l%++*qGp=)I39olLHHO{w;pIc@f~+N6_S$(7ipj30Bh^MJ z8kb|Vp=Nn!-1uRzZ@kNop-TdtygYBSCEEi5mnY~W<-6@RDdV?p)))QO^thK}(KuNyYdM)bn`2?Yoo%M77D~=z3 z!E#?2)iuN9eAXgGD@L|nn~Q7GF$%D_6f4%CC(JfowMfB@maV^F8J7_+*5HdUZC!7< zRi7@{!HAckYi24n9216hcbdNP;t$;K>hjCSKMhTM|LNCI#61|n0neCo^!Ehz( zUxvJ3)%W449f&>S8Gq=1D)gpwuiu};LbOU9G8bucPG)Qy!_rb2@+Z7?yzUTzU<+;% z@WCtjYhr4mJJ_Pcp9R;Lge+RKbi3&jLzzgi)$fgjYUiINpF}myRCcvQz#tJ&Zrr>Z80xU*W?YHT1qpdh7dZQ8cH>?_kveKQ~maP-@hMpD#3N zBX{)r_SX2wx1lRGj-0vq-mZex7aF>r`_as~D;j@XncLt?Zol8X33}an8QDRHWn&r} ze%Zn;+Z8a6%axs->(Vx6*1~OEym)gmPPYBLp&g@O{)+3e>hh$aJ=@%^y}V~zw2)U& zWX+c90^#ILw#Gvo*<9yg^*)ww9YoDBJBNxU_wRt7_uBZ`$E_EgQc7w{S(Z!VSB_I< z_gaK2__rqdhZaPA)!Fv%TW`a?wlcr-SioX$R^?NR5wOx(?5<+#$0#VDtkHLF#AYMZ zu?bZLtY#KXOX8;58#hlZnXNgw;?&eK4aT9{0WZih`e!!+ww|qX#^KyQ8xybrt=Rz^ z^Yw&fT(*8g-#NpiSi=^uRqM*%p2wqWji(uf%gf)E2X$rnkUS9mR;?Lm))=p63!$>tr(TOTVa+L|T8R87-hpzp_%lsVC*j00?vvKmY z*mN&O$>RlCaU~foLaaZY`pDNRkPgq+Ow z;NEd{Yu6joJS)BF$(~2Xdh$fSv2;3w6n){}xrpS*IyY=>Xk!~27fUV66aPlF7{Mvo zASq%ynb3tf*olTHj@Z_cXu09m+#H9*C=Qr~phrC2?&0=ym6l!jLnWFv1}hnR(H!?@ z&UkltAGBH6g>2bFd@|FgkzJ6Dtzd&2xhuyUAZ*m?AU4YbUx229NLD$5QRHtJ$tQ*g zv#}bvg|PA%$R1EJhuWDV2xFar${L810JUFel`oaQC=ojja&?Z(E*7i8zx)I3kX!S* zhP}(X9m$)0pcas;iFb9)a4@1@>Kdvn`P^V%DzL=8n&9Ay4^JeUEvl1iV10wye@RBH zWhiG3IC(?M;>_?#RC?oVxr-@=l?Ca9K8HLrrVI1Tk~Qen%VH`tov5{zIs}Y1EpGA` z*xiPF{F09rBdPV%FS=ziN0JDV{POzt^LvqaVYRiiiv7g-YoJ)f1ib|wOzYd*i{Eny zuCp*5K4PYEX&@W`n3w(=NjsebtbGP8mjPjwTmpJgPk^~&2CKBY>0+QsrJAi_Xj$OR z#>7i}Wx@J-@v@@yq+H*N(log;iT3@EDxvDjxd&SYpPx8zr6*Ss41cK7dw=liXF>_u z7j*9H4AAz_fL_pBJ1g8SQp0k9W%welSYXKN%lIog;Ou5p_e3o zrwAd%tj?^+Bhl6B@gmOy3ne17Fsg5U2~xwLWEN>dkQu=Np1w)E8vaT3NHedI!pF#V z_24|a-mNF^cxsVo2@O3%X4$xIvNYJNFDwd4q0jzn7lMF#FM2STZYwV30Ol!hK z{R3xe#nH+UQ%Ee8-Fb61{*Otgx_s@5YTwSM_nOU0#v=y({?Y^mmU9+)QhVRdK2$Uh zUy}6{$~<6)uhW~TdZFmuuieX6pyoKT8Qf>p@@iHn!ZUoqco#j$vwIu)jI`NwVO3A# zo~m)4--`3e?QwBuBuCB@!k2~wsLLR-k(6ePyVh4rn%E0a=CP!;aSRH79AxEvG;ZTFi;xB znJW7*5ANB`Dg3P(k3}U(#T8=kBfBiGf+`Ek_4SfdkN{=5bT|c5Fl@yO{wR`FuW9TLVL|8`5I%A-`sNE z9hPdspmGX8Dm6Kw^p|~~ShdOwmv_vWvdwkPcXrMPY*>X z7Xv|Mh6(}m4IQ+Xv+Jk%N0c-LQc?A_--;vN`6cJu^UN_9o&1SDY!ZNOCe+MzeSXuTmZ@?OJvd4oF|5!(|AK?0>?1kMi8QsCsaNMpS~uH> zS3X!+R@yOJKtts=Edxb!MMtuu&qsaGDV)H~2&*M60BU9FtG2QjGjai8+)_}ui0^aZ z$;IXA>B=c!g@A*NWRZfCk^7{%$&LS^Q1KDvWl5^AH@zW!P)hHZv46Mj#C9;6Ee{L6 zNXN;?aA`a$$Eo**iqZ%FbKR#3og_EO6(z_npU|=oapE9;fmwf!8p*V!Yw@L45y{4= zYRAL3s6P3q=`H2vRg`8}MXlk4Y+A!T<=>(AQ-j87p~T#%a7S7jF}C)N667cH-IGq#iSD^R_vFjM>$vS>N# z`4Lh#2xm&%!+vEZ4?TJ?evfCzMPG(5t!1%td4K*!1j=`}!leL3_qp%n7{e{R{eijD zf)xq~!ztOe@?%D$I?3bLSY487nb4|5m^Y1O-=%x~uDFn2kjX=zdLbC>kLR1ECUK)9 zlwIE$Rq6d5EGitp8&T>|u_%Ydw@SfQg^pKt*l<*WT%a|k9LAjDgvxR5LWdWv;d4x- zrJtjF`0Ln~qV;2a1k?I?V*xn;|EGYyZ0fmVZ)VN)4IfVRFY(}R5GNOT>KFlEWM(MV zs@bUw*UML!=Piv%+qf$|g4X9aG0km)d|i1QV3yn8af1do3>ORkNOEc8H}B

Eh79GL>5j)t+xr4H?oxsoO1 zy^5LcW=4=_pZK>ov~`2}#b`vKA>C11C4FA#q5Q9YeWMvS*EAPZlYjG#N|Ijxvg6?G z-3&X|h2^{LW-5w$74MZ2B&NETl?a5_iN&)OhW6+t&cLEG`vM~%Ab_YroU`oX z46o@Zu*^4!_eC2k$J2ww)4g})1$oU9Z#%w9N-%O650)gJ>EZ79TmPN7J^Brrh}S9} z`?uaVk9pP&cMaFN1DmC*X&nKA`xRbgA?cQd4siK$%&5I;JAj{z;|~YY(+j&^hkNZV z!d1u~>8tw(5Kof=5OAlblgFs@?zamdMkboM1qTwDOO(G2t|M;*r4`KfG|eI$ z17VqTC_i!hUbes|b`JcUWo`Ib7enJb^A3Qarny5mpkAI!1eMRzI|D2LDbDyMM1MB? z&2DWC&x_f{bsjrR5O)vkgptgAmJ}U~HI)7Ki58c)t@`5Rgl`j-2f1zh6Aa@AMpDRk zY&iTspE_^u`-d2D+mq>RBh#-3Z9ix|twf7M4uNA!LZK@W&l;X^?ppR36TudkS@Qi` z%&HWj2;65x(IW{6CuGpkFE@c~NlXa^6xhQmjw#Q3t$F!372&gZwYF9nqcOB}hZqG6 z&`W<^2j-(Cl}YM8lk^dH2;+zsMy&9}J;sw}IkZyDS;om)+YM@TxoHb74O~enQ|(~Z zt?b$cRWa#PY8-uXgvxkm4$kf1wH{047-RHRvPFawhaLzJkd^&R5=5tF;i15%0|zlp zWNFru`w0b2iS#b}>#~6}cfIAk#T`Oi-dtM}$h?Hc1NY^lMsM+wz z%yuoEd26CG)LMVfQWFWN0r}6^rsHu87+`fdptIF{aNmfrQq&H<5c7Z&6*j zg`o57b32MJSbuwgdXLB%o$tYO>`<|c6*7Ow>nj%aWq2AUkuE?H1D1}?N#Nz`Y{RZi z`A*LSy#$HL07h?;d^b{1LWs_>7ejGFt-7esF&%s2H*lRp-6#P{x!g@m3|t+;A0Ne zLw6Q@+aov(RkgsPJCdrWngj#m{;YP{|xqa^Ino zJAok(o500Tj9y8iL@gBw3E1<=aZo`n!r}SjZ3F+^)YmYGa{jw<*<`tO>P7TW#o&RJ5ADV-{d1A^P4kf;DIjJj(cKg}jl~?{DuMcO zd}1sKFUCxcZN9gK<*=I}B~y!uIl6FMhQHkxMFQa^xo%8Xg1U5%h+@@d_-3UkK_-AgLZJrE6~z0yVf4 z;!?I5eB3JkmmiH(2WsxYUD14hAU;btS*qesxM~;xv`I4`*2g~~ZWn`;y^PkFN)NWZ zy*-RGbbrv@IKk})-N|onW+5EK?iIT7Ksiu)xf{z+7~(8`&9=%@rXKsf-nHEd&!_CU zM0pCXto*s6$7$J=;tuGKYZx%790p~VPg`V6)9T1kGjzsXgCm05q4Z;))amgQUX_LxtNLWllyX0kRp(#9& zzgh^3B2906jxn$*hvz&)(@#ztl;@^md#XvoiWWmSB?mi4Vx#e%Jrbk~(IeXDrl8s#8 zN)z->!QY|90}ZqNoy!;_uzvKDhLk|+XbrUr9Zqk z^#Kce0j~?A?#X4=ClI?1l5B4A8A{1c#t_F(QljROvY~LX-QoEddD*UpNP=2R5U4hx zpPchtt^47s<#lV6C*kq)tqP%WH9u)oNn{vxd1b*2Pva z?_AKHtQ+5Zbx>TVVN0bz55QS|k^V;E*z`%~3~;AnKJ5YPI{q0%n%5{7a3&(^Z&M=E zxx$UVM#Ni8^rDPYe4!LM2l&irsVv^25Nut}E25GyNn;-r*vUabWaZ{+M_tHlxDjQ+ zeE`xi&84y7k5eq#;PH(#_~qfc$GfISL6Wlt>q_qO(4LBiquiAWfg$Qbxj`Z(i^>le z((uPAIBv#u;P)ihdiZnBU;^_$WDM6b8@fw<9yV6ZT{Jed#YxSJI`2L8CIAQH*ZO>? z7YYRMDKcDcR_D682hC-esVr&4PR2MZW~2n9mBN99s|XfVOr~9I4*8bko_8~2xnWnz zLNAX9f;~MuJQ?WwK5{R8K%9~aL1XgE`*X0o8gCW%Ji7dL_MNmv{S7eTXnnAG$9)3t zG8P!)_JmpQ%hW{}_IaW_Rj-1p=)V3xEUZsn_KYszW7C)t{q*VdTxO$8s5XHy{XiiO%9gMr34%2UBc?@GV zlJDDF6X*T)*#1?S|JZ_hPS_sa_t6SU{9Y0&4UbSX<`^SnMf4`@Rtj!p;*(1*8)k#4 zxbjI>0wTyyUOh7_Q6`PvMpqLRhX8KngGW+L?5;$yOEoYigq0ROy#vyKbZMs3ph5w1 z+(G@nS*^b=5-*Nzy`b@#bKyo!$G)9&Yh1oJ%?!_Y7OULdU2hQIFU_f5f`^KGf-J{o z;9Zh^44R-$=^MnsVs$@VMPE2z|E;x#I0K?( zUfpix=W@q3|22 z;^8amXSc!o4D7{!2$ufmgZz-~J=w)d!#cvkG3Ii$Tz9)?=L(9X*yacqDzgz_MpFjQ z9~G86vdK>Hg;C@>=H>O6*43u{#>- ztC(1Ysz!6vQE05cEj{!~&y%9Lqgl97)BnL&0B!XxrUFdVklzQPJ~V4*?xZZ0#F97V zqpZ_&|r90N;$|($V4h4`U^KeC?I7h<}C5_?&?9SSdtz z_Uc$(&gAoca`G@LHTED&N4wjd(=9q~@QybhvRO$_$waq9yRvR^-<$f`YLeh=Macwy zP~Vis8)>W?S_yF3B&shj)$L+`sr;O2?4cjh?&c)^>0Ob^KU=W6i!3qH=M8Y|t$y}pT^}g;Y1S^jU4CXx!+y9(FroqD-|NJr3 zuBu>?J8tRofm-5PcEVE^Tw@05Qkzi;H5HLYC73;uuzH@}H74inJPXH4O9XZJP3CRc zlH?nihT*YRaQwC@SsYW~%%hxBOK>P5%vD~)$k2DV*xN!#hZSS)64jma%Ixev_^N?= zQ^^mxf9ob&W(&~jR@w4ZnMO%g)B$4d;!0x>kB7^(*3t_8CN;pWqxm`J0?dI+qc0|Rb? zuGh#Vt)LXFp;(~OYL{d;53I%C;YqiK#%#h?sP3xUwFPC}cI_rOlWSb(RB#D`MP`FN zG(T(B#7VIj0W+l2{yzY$6=uQ<@|m`>-)fnPt?-ZPLXtnw(v*b?+l$NPV|<;+uW>7f z)BpUwAq)!@?{smkD72YW|JKd~lGO>(He@gsmJJxG69bA@PJ&U%2E8?5g!G0Q6u0Q4 zzGD_j{w3`+jC$-uXEl2|Dq=;7rMJdm>RaJ4eG=|!JFD+hY0d3qUR>*nb1q&{3-XO) z;_b2PPkwWQcflfkQ-4#%N=oOrN?~9z*yLrKsC)+crgpBmZ3ttB_!GMZ)@HEwn&NMn zt(=pcA_058n#!Re^@T`r+ScLvSxmrfFa;?Bjgx|OQ7?7kB~lTo2mYuQe5qX0L9NSr zCmpbyOS16qd1}cSow2tQ`a`k!w_t|Dv3w;Ofk5&SD6%{&2<3aYHi3oSH7EOuYl6+y zuCA}Fl%&7LvDgKv6SEgywxWA6Hbkoix?y&q{LYz-<#qP&{UnFQ5T|4cM z9#2{?^Ru~{)@m2yvMMnO4x&=^d>esfI^NzEI!B+Lr%WT|O!~Tl`a*~H5yfN#)4g2b zJ!ZWiRZ#MT$xl?sBLmP}gQ1_eIP=l*@p+u~V9e?&GHiS*+zQGg*on%ngmU#lVKUo* z`aMei}-(-QB$V3}MiC4+=bf0>^W<&p6eaq-URNt2 zn}P`FnjKXBlB`EIS#v|oa_%KVM*_Ew-Utlzup z#Kxtg9}U=|liLDE(tLD#3E4(?m$I0ET9%iC{e-RE_s7%0!{uuE`Z^M)qrHS**Vp~% z`1<;Zo?ge>+0&AN^2<2j3(Ce;m5GezIhnZ^?iL6~sNEnODK$n8NXm`|h^dA8!t!%a z{(qBKR?b`CNUwj93OEbb=)kyk%TTLQ1kaSvtDG$c%Nf{Zc0bQq+xxKjKy>Pn_Spo9 zGs(Jq-_^mFEhn7z6D=d4+fCdR)!SjxV(53e z(Wu}<0tmoxZ)wjFJsiVqi7S4&Oka5zAf%_;hiy9mA0|u$8#N+8PMw~GQDDXNu_7Eo ze)PhUhrpc-4Nw)yqb&NYng~1{UD8?TK_t12zae^E^eop;tJq`&*`F(z0P#nQl zad{{lg^KT%%iR{+?zZ8BUC5_!^+gnlT6w+nxaE~d)&x`#i^hTpPRPRQL)-E;Ap^Ys zsMu~GRY{=7T#38W9-)rhMzuV@oMGY4$&R*sII~KKH(gX6b^(@9LS1eI?vaO|+C$Gf zCy;}xVS>#NI)~AbR{P!N>lOen%mYj;<=grCOC?NKQ7np-;QOfXbcmtN&L|L;Ll?q@ zZ$C}z27FWmPe0H4O%r+)ss(AMR+(q%Y$T|=N9MbcUj3iGPq*+*IGZK`P54|uX-xI3 zKOr>4W$)o&mV2=u;G|p>L;acyoEy6?XNGHAFh5baSD$Ms?JLdR%NVyv@Zo3`Q;(D2 zAu!&+TeHJCQ?IM+h!RJQX2^3*GKv-YcTGyfM^q+p9FI9t)Di#R?Ukj@{~vpW{U3X! z@qe*b*K7YoXXdxaAtYWbU8KOr9-^Fb7U&UzRR#&XO3;%hfqV91fa)s{5~WPlliKLQ0z1 z!Z&sVq1v>yk~P_J6EKB1i+oTyp1)usy1@vlj)l?Ad@t()f4r5z3_=%gbUS^PVf=vfhlKsDgUSr;fFI+iq><=tyJQV0 z%zNc}z8~>fzouW5rYO)xzP|Q%Oz)PanlJoYUDu---TO2J1`*2TI{(&y9T*=gyAU$} z3RjKJkUwxMwaUWzc^Ge7O;BX#yver#qL)yCiE)pu^G{dGws4gQpE&-K@y{B!7?OTO zukdqUV92mw5@Hd+H~rNKH{~yb>oDG?xY9F;encS59~Bc3sUhZ3nAXg=sC^jLI>XjK z+?Ud5&(xj)r{ZOIMmH3vyx7(6kKymH>1~hiZHBk*&*87__Xoe+cYgd2hwrf7v28@Y z@3^IH7qcc#g1*I63i(zp2)4N2mykHP-_E*9k#EEte&6`&9o0OiTrcq@0yLW!JKdVc z8^wyR&$_n3^jAA_Z`-K!Sr6TaCj#GoH^WaaH93=w5r|zoqDlcev8aSQ((GLcxY^S3 zs!c&8XWYnCw}^Bl-h)O#s}%Fl(?@2dE#DzcdDEp-U~j)acxlI?S*PQOM zPp{RFM0K_|oeLXbI}u4IV)RwAH=l=g#iZmCCY4M7$sV)V)r_mg{15{MlSaG#I34pw zm_tE#D0f+k3}m(M<@}3;wP{pz9ujKIUUcUn{cuoS;JK6NUdlu?0kiLPB=1xGsGeoC z>jJ?zz#G2!L#^VS>?qh5`-g$E!s$E0YTjkGFthOYvHfaheUMKuTMymR@4GsF>7xXs zrY1z*iCQ!3#$C|nc>68)(Ty)y(z#nrAMU2q%|ZO(>(jxyg*E{P<724Mn9t2h&#_$Ed>G=KCN6c<+3 z0VhcH-_W|o^*fRJsGs&^;u8g~!R0k;)jtME7+@i-P82O#=_ZK_5B%>C?j=yqoBjsJ z2P&kuI*m2pcqwV2hIoL)%2Uuaye7(C+c--+E;I?5xz)n#mZM`Q z^OKBqY02^3_Cof+u*2bx#y0Hz)bi{@jwI4Rwj&Pbk5NL2INDLA&Y4mmu2NXnNVc zDhFm-VATvgGTE3z*_XZ0KY8@x<8+vd7pKwTPq00T_mR@VN}~v#Vi|p z=uW#x@bX}Ge{`Mv2tjXv67m-6w)uU_Hr%`eB|KuHEC+c8@uMigs&3trmIVJ5sLNyh z26BpUbFOL=$gKn$D#0M8zw~*zYcLMKPD}iokuGz|;mkJxO}Dxp-1m*FmwR&h3hnG= z7+i}Ke#2|>xVNJX{?n)?6g|NhmF6I}`xH6Ku=s~70Y75#-Gci|4E(A|^P-7>03bPMGB*;Wc9=9J{ zsDJ5wjexVG-NVnULdZ3N>U@d6$Do!x1PV{YA-N|cBzh1jzi;t6Hx(bliYB}ZsU(dD z;(O2FI>xGVFm%04HqGxFI|ed29W^?(U39HNLB!>)z%1`rDg*s^u|d3xQ7cHjyohRL zfCro4)=T}oZEoGO<$v&7_V}U>O1jwR;9mOp)ASpe1Su`;@a{TwFb$}pmlQ~vhy?J` zRG7{!iOd#}(ca7>$!jU<{1GYlODSVoQtm*D!Zb7Y=!T`aj>~?E^1M%y3eRSbu1_6i zSWPEid?jyUw7U9wWjfa`Zr5LEm1Q@Y`vddQ$Jqd?JDjZ+8yCjSV2Fb- z%C8fY!-T6?H4n_49e#k|PjK;b`G&bm)Ux(F ze9;SV62kai@UjdeGqHM|L{3ETrR{pv3 zfa?-lLQ86V;ul7Q>JWzP#ZN+rB6iSFT*=}+W70o06#7#;gu({;b3kWUKUH{8dTlys zrketg*I{H|*op{q0~C(AF3#~73BEtxIwd66+tfv!CPojz`0S8|MEz?7`QrsuL05Qz zk5n^|Bk^{L2HrPxoTE*luIhIyQp`AME9Ec{dH?S47;Jf!GLJ+9X|(7o>3|gxXAl&e zlrI+=DA`zp3)-wM&sqe zn82?iM#5?IAPO6M+|yzPp2tIH!XY5^+UsaSqBalhM*pIL$z4!5ag63h#`bB+`EzZ| zH|(>JcDZ}>#AD?=Z}1cU3emg4cw5?80V>f7+^&zIy1em|z60!*gCGr+Gsj)s5oPb( ztmbRe2)8hhWmvP6cyc!WqC`zIL}m6>OFhO=Z)=kSy(vCi+D zAM|XwMpXj5+G?nGo1%=o#v54K67eqmAr;$(!GnL*dtHODt;Ow4c3!Fyi!MzwgB&T~ zgBus}bV%>|u|L+B3&*WNwVOaC)nY2mby-zObirW8a1f}Ve>r4W>u-qxJ;E|N<9KRw zu^kc8gE4tXiCS$4pX0!!#Ng-A#a{l>VtunM=T096bvhq)bzyg?Q0XvVOhZ-J?J^K< zkFe{zs6|9g&-QNPy{eg<#2pXiFQ@dMNcN{DiDl_EImhl$kL8jzmQ7d!8Oez2dWSVu zc@Z^e7;oh=#$0Rr?(k)ZK@Fd7_=&mJ#}9dd8} z!7>Xxq_3SNu(XK4VJsODoWcxd3i6kz#}H~l9ojx}3n*5zAuTE!`k;Ev#_hGv-ZVWH zWh{QJ93Ho@Es}fJP@MpOL51*9%fAHB6F>&7#mX*euyJXa^`89Wf>teg#5Ialu^qj>otQ$Zl{`RAxh2;0$f@D) zcL?KJu?COW8KR_mQ8_7nFH>GZMQsM#H4sgPo=3?{q*fJj>j%}Y4Db!z`8BWJIz_jR zp&qiMOBGdAJkTj^y+UZr_$x|w!A6@!D?EEWGUKzgy)lPyBkt0quhqp`)(+4-sQuwsHKZ0jT<6S5Zs5gVk)m3-DGDt0U}in+p@ zb|q%YQCL9_)>JH($1Zae+jk9svSTn zfHG}PJNMBg>pN60w2hxA;|Wn}Nzd4Gz*2aXotDn~IMoQA_@o*w9AbTfI7U-!?6kgd zL60lO=AZkKMxHXT?Vmv4^aJ+^0MEkwKyv-zktgb@5tb&G;G*9feWH!#Bf=!voE?@D zb|ap{sT?*Sp3SGcJvP;0UdvoNgwEe)oWFT8?PEH6yWI5swpUBzg1Mk@t+>&M52L&Z z$f2eQYWfxRiMoXP94`gq)(RE{zt##DjMCe{v_IL^QFLSy3XG>TgYRk3vOv(^XsC6a z;a4~|Q%@nFXN8=+&0<5ZR>6l@4-W}72?r6cSI)*?ZrG2wTJRXlkh!!7|NahZAg$ZP zZCjbTjHrOFum_JSW}@%oty;y*Wo~h^&;p38Lqezt;bvAQ0)ZqQD6~&~K!akv4lZDJ#<0eML~f z@~YwNUIzDRLZ2b0OtB6Wm_cGGYyG08wh3KTwe!DXLf6J_I<`6JEUDh!`csyOYP#`# zTO6cmlV#Zlur0g*+fojIE>ZwuWy=U)Et>%7a#%1=%RT8B^e+q3dJ6apm510(np!=kt*z-Mvy&%r^R$fvBocN z{+$pNag-@53fX4qzAHIN*I;(8+Bo|LmvdM#5~)>8Vrtk%oJgmd_ z5%xR<2&96fkboW)Cp;`a9nrkNg9HY@blr(f0e57}S_Zl}Id0}=0Buwg?Q^%qwf7Kh zUJ$LR?Ek=cqkq4)2y-^ajje|?+L_I|^LvqPF_gBA)IY@Wa98fn-$Xe7XuTXBj{p76 z{L0IhGqDl3w0v7@eB}BS(>TOHY~Wh_6+M+&Ym{zDIq_}bjWx|?ka@{PQWX{Y&RMVv zz*X~CX8<8|1Ykjxi~ut93b0nM02~CsLWa(3I>nof_}Q+_sF${G=r8Tz4V2*$>+m6) zz&e}IY}ZsEl~H_NTeD_bJCarNs3wQ=NiR`yUK-i_zSSmUcXNu#^;JvTPF0U;+_P0X zdgXzBqIyZ(RIfUYXvzUho97o4W%E-C;eH69b& z4ggs%FN12I<%2+9-bLR_dSd^DuFlWCT>zHq&F^yf{yB+<`x8*;SOC0Qi>neEm;+d= z6F^QZCssyGjo5H<)`Rt52n&F=Ffp4Q|5dcbe+*lUY`c~bKw#Yg%6b29lr;#bu57y% zH=yq2-_NJRe*uTVh^9xl^cc>w38!%!8{Vs%sIy8y>#K^WndB(8=OAV)H9O*~UBYDR zjKbaQT65hx2{ya-U(|_6pbC~08FUB<%&=B8;K(42QLUF&XPYM%rX4up{I-?!PW)wJ zOr1X$N)Wfq`$gAs%a&29bxn~}2(h^pvd*=M6_|iu(~KijCH9sENas)9&MFK>Kq?Xz zaWMkoz7ZppoO93lEvb9ECxV!6iZSn3Pfy4sM^Hds4>SiJ?AKFU`1Oe_MUe?b$OTLV zI5wa|POq2>9J_#?62FoO>JPf=wQ8zkkQ1r(yM=A+3= z&kmmm25@W5t^>F0-cZD=c;+uNO9aR`<%`Laq8Ma3%Q*jPz!`PW=<(s*8ycxSJLU?> z_ZC0Le;P`)!wkF*I6z&&C#qL~-~{)~5Uv(IiG_ zfY*IT{AA)nfuxfg$ShuO=P1b!sn&Jt-23YfyTPYGcEzE5-24yPmnfysg=o$co6-&| zy#Ams7G=n$8wO zmtJrrx+|@(p)xZrJKM5Z(S6XZuLmmXl7E{JE}Zql`0-AQ%^zP={ZWw%Q`{Z4xAaT< z+0KuW+{eGmOo+3yp7vrT@7EkE$e*@>k$Fe@{(0_~%!6CQ%(!P_3hetp>1jSC@uy|6wBpf zH-(jpVo$Fi5m}$AG}}S-?$W9p$72H%yoYr74QU}_UGqEimoyMpc$#=iI_Og|w$!aP zVtRuvpoJTOXGBUBJieMssdyXGbH4t2X{Z}f=AnL17iNgqeF~P*8ki2V#4&KGraxT} z?o;5U5lVEHtSEIW`sxKx0kt>I1A&geBNi zwVHb%$+VpD`W+by(G)+vuY+nh;|6~RFX7Hp0+{FimgQq3#IA5BDOBCnxqwd>yd)|! zm(z%39Ndaa`f*#0OjlN%KDr zx0_Vsr+^#fAkknrHqphh3pfF3sCE1$$U;5P{z^DxqQkyC^0w>W5GdY<3ENUF2QCAB~ribEqbi&Dt6-3 z3AA9VE(aHs0~}WZ4HjY?4`!h#Rf`f?dtln@alUybWj4}Na?YT~8_?Ijb5GN?-z24!Xjz0Hxkmxe>(&E}@g zP>y&hdI7i7l6w3f0IEP$zm!YG9v&VBjXBrCVgy@<#g9$e3X9i@c~~7y=sV&!!Ex)C&)wMI#+y* zPICA0KK{E{1o1~;ygI6~&kU^7F`xwxJjTM4B0G}~@20EZrl%RZ1z9jbrs1SfpqkHMT_K?H! z=mSp69txIBL~`eek5}z#Xy7RdpbFO0(4}3tA0w8EyN^?uM`+8V6h$W{zZQj~+pQ1g z-Rbou2>qf!^4U0%>J$KB(@-eD$C!L~^#%+RFcH;O5CuheH~#2B{;yILjz@Z?6djbY z+?HtRP#)mXVbo6vYMDeQy5OLg((xYggxJ@*@Z9mxeJF;)cUNy%;-&q)iM9Fv&)%DN zw{atnqVu;t1)eZI&~7FZWzUb|(783y-Ay=FaoUiNJ1Y>|pSWs_Q$llx!rd_#9y z?`vD!sLhFU7^{Hg5|5;Y7w$IDvuZ**E`e}155A`FoW$enXp&Tus-p6yi#Aa1JqZwc zyjMlQ!F2G zL-YM^tGU#{Te0%LWvP`!i61eaMi-Q&8piOaOEkj42a;3@s%vt5oQY}8rxe$IQiN~? z%$Ch{Lge#IOx@|5(mPN10Z0-_4FlF%g_<+fzh?Ys6hyn2D{z`#(YVpv<_}4guj;w# zbxw=U(-hgVXhwo5P9i?r&&SEAKIhUz*_AdOn_W@xZ0Ku8@w{7LP6PJjMdTPR!7gjR`dfaXLVCQjK1XymU)-ex) zZ{Wn!(Zu}7Id2LIQjWV@oz1GG*V_+dajVaXY|1asm>80T!Zrs^NfN;p07XxHVSiec zP@8;lnyQ_yI@N7XJ89V62EGn}r@lTFT&8jD6m z-ASx3jurGC-6y;F#&w#9ygQvas>A4Nnd)ePQp_!9z4qL}kf0wVWwXrFs61h5XX+#W zF7gH1JU5j@U;_*gnA31sE_h?dZR;!Jwbl{gEihL(OBpAMU$_h+nRv9*)2Z9M*8Sny%|MG$cu8Jw+&#T?4hRumeM#1qV~Y> zduHTL$eP`hr736{+kgG*M)A}!WlcEwGY3Mthi9XRBtq)`patWY?^&k~bL73{#9L1M zr{%<`$Z>SkMfGG}(jH7z?EB%TWN?g`IBjKDwcr z1sOQ|P#ffat5PAHpsVlCFA&QVEsnK`%Nj27Q3BvU2PIi)%eXtHK(xy!(P^?!R}=?m z*IgJ=!3WW;)+}@?*F?pgT06gCaj|7}yRK{p{_vIahR*b`3xa=T{GfI00scNq!g@*7 z8}Ij+lhczPNdg*@5RIUw9RKju8+37QEFeXiKgV$tnll#f#9)e}#OxwI zXri&E?LXe!46ot9h9-#)I8ZwgC!ulQ1p!c&G^HTA1-;2kF8Pl^obhO`^@fXcHF~?< zJ?9hi6(y9Fi^3^|c0nm0Lh8BE8^dD`Ql@1zj`g27N(giP1ib0Gd425+WuD7t4YoY(+*2ru|(B#kfVK_AN%sEGc%PKM4yW5 z8I8E>Na{5R+s&xCf}*_u_X8&O);Jnz=RuA9rwi|C;X7Y3&*{W(+IY=Z#AjN^YeU>S zQ50{ma1iUn$b&qo6NE&L5BHd00cVKX?yd;Lt3(i%G8OEBb)p5XKayk~F`B3xIf5F! zUm}#0@!w>zh-{4KGEN5l~?(XjTFb=KN*mWSb zdxIQM-AuR6a?`{_SgRD;OV8NtHoiGojF z7{4(rb1gE`1W1RT7X?d`Zp%LJnJ?lr@>R&S+z$${x;r8aFAIvSCYQi1B{Q|&!ghPO zSad$T+-kIsQMy1|jkbO48H+pbl%KC&8{RR(oWSpKfvEbCy_RXm>)K# z9&7EpNYidEfWx6fB5zp61sXCcG~*k_SV(>E(bG!j{H4kJrzaP54Kmthzt?iFp00VE(K?m$uJ`)JPq+XHBO23)NMjvg)V+%k*~L$2c(ps zWRW~?Dq@w;JcWelfy*XEry1A76A%)|`}#Rhn2zlkoG^r5SXVME}Wh4+R?n z!%P~N04E515j>X#!6GuxtA#}1DCR0W24ZE-R~bV<6BYkjxh*O~)%A|gYr-DYIk{B) zRvtN55zf>{KY@>h1pqx%0XMf-1c!^;`u$xOY|{{E?W2H7;c2ElGZ?{q&2iHaaK!MRB+>bVIu7h|Y(i9{QYx$dj0hZJf%_8+ zHc$VS?}=(KdaYQp9Mxk}Tm8hss?)m%n*xQV}Zo2;8fN-CyG`5ZdQt)6N=xcUrv zd7R^j3rObtfh=m)wU*120jZW}IMt=qjy;16%;uG#Oj2I;uGj1BBu5I&+J$EvM0N_gAfm>#3_5O9_}DC zSLmX__4Ja@4-JZCBYP`;j?$WRp+7$BS8jS2$a-=?<80G~yrPv7$Rv^3R%L}9|qVgq#eROH_U`{g3a3Tn?8QY1F zYT^{9DM@&5M8=d6tu^9+Q7%QA6ho>^m4;DSFfQT<p_p3{My94# z@)^(?btfUS2z*x&IG&BA)R~epQ?0`Ekimt*Yl-$Ard6vc4o_$@i|xt5t8zB!i?VXU zI}+*{vwDUdwM`R&6O%&&U7O@9$~YC!WKNhsj0AL&M88{TJXdJI5@Ay&=}cqF6t_T( z08(a&1Hs%FS7C0RM8a^qfX-%F5{bnCPDG+nCMe^BkjzOu;L)UqSul+R2}H)o0H;w8 zI-4joorO;<{VQ5!Yh?qV`HgceIe=X`((TF zO1VOX!N9QaPKBH73O!_bPQ^Dpu}heR<@C{{F1e3S>uu587fQZS`F*hCKx#6bzI=6s ztUvDcRljsqfT6tV$Du^=woS& zaFDWfaF;_{*2jy>p>Zet>!F6FXzkNyO6G^~auOARix=*ZlUz^GXU&O}GQj7vTFTEA zaW$hhfw!(0Qli9AqHb^1v#er&&1s`xke~ssS{C z#i2HIal`%4w6L9}J8nHD{iq3-94#OnUy{=WxMdJXi|3dGTHH8Fa2)+^WJszuQjrd6 z)lCx|RcKjq+u-n1ZQWe;z&sOE%A()v??);n8_SF5hfh*W%(u4{kKJ={NSTL4p+!4m z>bOBGqxNLfbEV3qijoZWu6dHzJ#>@f@P@wZ$Z_J2TVJG9KXyBCY=^Dk0Axito0FAo z;9RfHVX*z&&Za=_YKFhC6$)gTuXjv==5^|0QDH<4L4`5fS7Q0%8fivsNPIq*6`DwR^E`LiwrcR#duGd(lfF z1G&EVrg%G%c1qsZ1h+U~mgd*-!IXbmKZhJ~E`{0GWk()+GGQ%6I-n1{dF(P(PUZR| z&fSi>x)In4X3Un@D|@@)xdjz8;y&+Q^+XdookSwSF&xBn?Y2|JbX^+2m23B!h&_&8sl4KFpDGPA71Uu2 zw$HrG%CM1hgxb@llzrssTw|DDXq6G=Yh0v0 z>arzzOmLY%JEqd5j0Ir33}|Yj8i%jmSmU7^ zEM!HlcO{E}8AwXgELO|~th&}T0Jrmu2uTpn0=dJ+SsX8nsloO1b;#hpox2=H?mVUM z@0ByF2)CkPn>0eeM;yf&BXv%h-n9OZmsLqbb6-s7;v6*?ZT%|=tx+s>OR_|Kz|=xd~02V*7iVRScLIQXcX2TE>?OLv&p2}&gwKH?{- zuJE2T+tayR2r6>4r+1!~=rwy%BK;n$dsWy_3r5v*?k1ky#I2k8bSsB$=FQDqxt<@_ zaN-gVuGj`Z8nq~^B5dH2P~$K|yky@>inVStH?@MOA+#RfF%Yebi2|o*%n}=)WJj}E zCct@Bk!*EkZQkLU3yLc6qSeFjk3V`+G)133@BD51eBF<$_YaJ(B_D(&jp<@W6477a zS-f5w2L}fSrza=y|G~jQ;s3+a=SN3>J3Ki#IX-xP^!)JfZwH5`r>6&hLkF80WYd#z zf!W^<)^4jfxUb~#J%v-Adj`L>C{W=GT<@4G1;X4pcgIZyC2LvN+LAXfl(Dr+?!;YO zflcX3XW}&ggU_?JV~g~r&3TB z=P%A|BZB@L&*D1JnuZ%kC`Qsa3NTlr)Gg|l7Z3#pHT{d2E3U9ydjVEkg5?&WG__nX zEXZV`2dRH8IhDwcP|r@mDJ?GC^|>5oZ)kE?o!(`!yc4E>>%uQBN=ie0Wo)5T#cGrw z*)^#HUD`u1#^OHe)?{Uaa8-AhH_7OXh$+cbp*?J)=n^C^N;MmB4$| zyN{^UTR03djYo6Qj0X%$`B9lj>R?eO&d}aJP7aRts@r#6G5rkX zZ(ESNT-rl*Jxf!}eNa(-z4`cL~|G$C9(lZDX#mc`TyU4+D($WLc~{9$vw{#}pdJWY+0eqZ1T`urI=E$$Wu zR@mx#B*QF@RiY0Mnc-VMwIBVOm`%LXVlx*$2FG;rn#@V;*X^NRZ~mRrRAcGNju)B> z;*1NzO!%6OXezg>OZJSG-m@a7+o5jo?BXob%HN+3-@W|x?fIKm*TeIRSI@ePw2C;y z1c!vZGM27w6rYPVn|p-!!GR#w&-Sv+u8-6<8s3lm6zKW4z1Vup8p9( z@KS&D*WN^ac1e1DwJwd$@W%_9X#2e5^;c?thCfQdLYM629))gSIzj8wEu{}Qr+@G6 z66J(n>X<6pbIxpfR2J?rGXBmn@pf%GO!&d!l@t+qG*=u_g`I)BQ5jEU@g6hf6+2QD zdNhd_ox9-MLFziOR0m*bI!wM)U_7CxmrI;OP;R7d;~CeL>?LNU%}^-bl5nu!!!L&2@kzbALtE z#CkHC*BCg%{lIAHm<*0#DkEj!i;Cm6Vcb>#Yvp;blKDNdJc&WSri^|p?O8PuKi=F7 ze;r=E`#=9K&w|!DS8SEHHG94Jb`#pv=-YRjZ_!2z`{gQV#;LD$4PA%Eh=4^OiZ zq`%BfjP9SKn2rYD9-NMj4-Q`(1gD4i_}eiF!{;YK@DCD_lOQ}jdhr||;_!Gh2xcKv z#^G#$({zxDC?2Rg;8GgGPu`!ySpQ! zDWxC!di~YTa-{{=UqBa%l1VA8*ju-LoBx1m)OQ`|!PQL~_g3^HFb7KtNPd{>k%5{q zLlu9ASI__}p?Tycm5jFinA{(U?MM4*xShmRDzAT(t{dB}Bdn$~700(V(|B4#w-o`p zS)@v0?x9x-9llz6``DgN^k1*%svMw|{vVwd=>Or-(aDznKg6>v{eO4{ppEluasUlw zDHfpX+#?TIh6}982ky)3r@#xA;|5*$K^sT7)cCRG39CFc^gpFx7;%wg)qVZ-p&antQI;QRN|t#Z??LeN>1oX>F-L-Y%@HkAKE71SW z)V{xcQVt^C%`05}u(kj=5y5(8Hnm z@QMdGR#z?fB}jOIQ#^{|2(qxE_rD6u%ZYelpzL^Yls&Yk zvhKgZ>7M!xxoTcUO#e(7{SDFz>)-0Kd;KG%cgY=Q;rZ}VzL`=k^l4t+d-?Kmc;UYo zUcSs2eRvqT~!69vmEKOW_QEw7)rd9VOXE z4;TPCPZkmu&r*E>D2}yWypeXt{GWL`{q=x7N*Sew|AQ#GDFL9F|DT*5yf`fK|C7V5 z{qI4ZYEli$uM?y$uknF;u{z5?Q$d#|=CX7Y)EE$3jBx$S3lG|0C`prRGTaR)Wnq-K zE4cfMqGyf;aThwt3tu$HeeX?x6IZW`Yb)dX-3bx9`)F5PCMN$%u?VJ6Y6HEp%_xN3 z{bdL4K;3zQCJZOSOKpu(!e$YN=u|zoTQkF{P7S#8M3+FeNFK_w!v1J9 zg>*R~-R_b{U{6`ekWySZ-=>l`zpDoDc#JG&Tj{HmoLq)%sZ*e`Eou#epc7=IVv+e4 zpBt#Ye@Af@ZPl|V$+Z4+pf2$#lG`riynA!iEF+FM{C`*1LKR4*&2$5~j||)J7*t4N z0<5G{gJe#Ua(g*kGe3I&Xv}}C+en}LYbU0h{qD&6-g@0CQH^Ey@DubeVs4w#SB$|VORYy= z{DU%17|%2In;atg63?O4lwKuc$^tO10c0E+70TII`hehU#|`Q(m|1DS2lkfG0ftcF zp4@v0{QLXBLUuL_A3TACCHeKDxeiCXo~^eW1CukK)nbNIq8d9YkOBuY((lj}NJZa3 z;5511M~{SVH*JJX5O7F-{s>98TBj}1t|!_{V*EbRf2~eOeSO_MB zrwU-8y2E*aFbXm*=nQ;B;MP5LZzcg}7HB|SKJ)}7IM(Wat)#KA>_W0y3w|85~>%PpB*5Fsm z{kj;-H)nKQUs}0;7P%#fE6nUl>T11cQPGqx47lS687tz=N=+Bcw|Or%rmQcgS%1+e zsjXAQV+oq7SP9?X=fS;rYJG|x7v65Y5FQ!&78YcS#oL4auMdaa<=A5I_Pp~e!d<-( zTddul9DQY&>nz3=d$;ztuMU5`<@mE=@H(hFkI3B?PxBnWH35})GGSzb1#za`Cc~{? zEnBT8C`|Pk+7&D#yUWxgVI)?mheHTxb}Bky%=c^;{~``k)*Y?uiO!eYcyd*@8}C6j z-k)m&RUPZAzXCb=5SW!g>*q9h&x8;l_EM*K65UrC3?9p(^{TcDM5AVQP2R z`fENeZoA#XkDB2&EYD-*xsNi1-S%1I399q|X_VSb3c$Af?=KDu_dgw;9v*M=|31i5 zy#I;OnG{$vUYGILvMo&-*30d?3Uw;o+hgcoo+P&-Yp(26e$SlC2E0pw{!DCfEmLaM z4Exvj)m+`@K`Erl6^oQu26{Q%Q8(vnHkUFgXh7pLbaSC@!dKVo|KsG~$g;9CB!aY; zqiIifZAOzwPzL1$W)mWYP}#|Z=is(qsh?L+efRIqdfY3!CQELn|2npCO*YVa|KIV8 z;{8w054ZIHL7oEr_eIH?6tG1W;7W%c+0bV&(F{+>FpJ}B6)Pp-72lohG+(dkpgGP2 zoyi9M=5Oc+l6V`wFqo!#67DjLtU=^nP2jF&YNqpz%&naqZ<$HqO@>Hd!w&z~P{>HkAKn*QS?Y|;VRMW`BWL4S^tNk5>BP!2KMMF#Rl z3vX+v67_map`(eP`8cUen%uEEZ1k8{f?E3CqAgigGQXYrjw_OXxzwGmrSSDY;#D=9 z&Un|2fp_d~3E0woE+}Td(Ge(jODXT`TrphJM)J^i46jW$D(?8V7ic1+FVS3q7?31P zX_Oe{cx{~)p%ja0*FA;B)KrTSLD(F}9jlt+raBK8PRUI)BQ)#Ucdw2CG^Gh;8o#=M zacX>RV%dW|b@HFUOk^oeqhLyc553>$=-%%CKRrGz-v4=Ua&o+t{~qEg>i_<_*NJr_ zN#=4f?!V}$oT~S>zM=V)Jf61Na z(^z?`)m@AiG!f*Z$ZHlptbr*A68PXKAT70~&!~Vt{ z(A2-9P4v%tz4`TWXSj#!in`16jU;S^-nd^j)1lVRBs8>2eqPOeyB3*hZ6A-vQ4$Gf zH<>s0+peH7VMR9Xyu9Dm^>wy+4d;H_6=;c-F# zKR!4*+3Nof@pRY!SGXy@>@VBdHM->}sM($%(RFJbSk^kA)?;(_0UaXY``z!QfF*ms z?D&56dnpZ#>;pw2!l96MvX{^My^IsDrnR*9mO+o5En~3HYV?1k;uJcvfj0VodRRFB zKRP)+-O~RDdG3||-+Lg;mJNIbY~Y@vY&xvHA4apxMaoMV2iJ7`_@XSRJN>`6^S`4P zrw66;zZZvF`u`BmgVBE__YLNUBOKYdGM}P&K%&D3)<@o~Gw)mRsa-nqv7o?~25; zP6K0EBBB}byV40>^~fsW6)a#Ya^aPNZc-M_qnJ!cc!tI}=8~VnObpG3S3JNmv{NWS z!V8?LD}5qR(|$qdi9KTAL?Ajwfl~xB97MBJDsUoR7$`fQ{jP`hQbr|bCgGm?t!`0~ zKcYqJVSeLGA^#<7qtisClg~r>>17hC`D2YJ@z|9}{In9vh*37iw$zS5;eT~e7e3j=4WClF@8buju$ zb;k|m$E(ZN(d+eALCi+$L`R>uEqeY5&~r7@#;P_A4`sHtjqS66r=$G0Ry=r{{r|;D zQT{u6aj^COevoHn`LCIZEEzezvODBvL%f%ujGKz`ZW+&mMScI}goWi7W4(az2S|*t z3g4}v|950GrSwBDpvgGudd^$-wEF)X74tv6IDWA`|9z0BK-KlS_tmHp#B(Tmdg@A2W5{y)g$5;~lwJU4W`v`fDwclS;1Duhwf-Fye$L+ByH;w_*D?rN%+vV4)>Gl!C8yi8RmjvK_)uD!u(oVy;?JtwRT$8oYnh^ zUG=cM6Q(!EteOGbW2~yv!~?~swg#bE99$*%R9D`7(5dOwR~c-YPw4{$nbydsjuS&( z*7Ix-EF*P5my2B0ZQ7CzQ}UOMRP`pHbA)R3iFZsVugRRme%&7G_2zD%YGdizu*eo& z$8Al$|86kHY~V@p>cha%i@LP@ciqm}cXnZFda}D)tZh_u4MS}`0=b8JrGBfAy_7O9 zu-DtR#LZjOeaglJi;R(fN)@I&Vft%tB0sxL*H^2bEfMpJ(uA4u=O3%*iZb-noiAJd z8G4G7P=B;<`{5$NvnY60`Y?`S!WUeS*)#O4Vy<;Xb$pXddI9b!Pph7lyTAMU)8V_9 zzrH> zBkcyJ7N6T=v<={U2%Wb%!1K{6W;Ycg<<5Ilkt5uN9F40;kk^*OU2QV8_BxhzRV>&t zEp@N^hnHHi7Ut>6$#J<}af0o95*&+ZG3~+h`-g7nH4f$8KO-J$svir{z#mo(i>8R1hJ zhaCVGs}w(sXuL-LDT}wbuqO7ZUd-VfVdG{Ex>F> z)>z1^^7eqH&%CqqK?| zjji~4)%-dgwbOh>)Yrn?f<;NqY@PDj&g^SDR6jOa^o(cUxc_7W}Qe#1URC z&NuG9THAe1>18bXf59{Q`+Qo?|7V%NB1$I4%Dj>nKx_Qhi^IbC|KZ8@{QqGd@BBa1 z7invwe{}%N8;uhGQW&8uk(nyIs;9tT^US|=-dMcMI7)saf#?OeH)eFE?XJ+pltqac zquu|(2mgcj0=$c!w)G;0IGB+l^t?#ELyA!6hj}TQmL(fm=;G?t`OPcu)z8D1?yE|Lpoez9 z8GNI_+ij`tmbaZj?`02EXxkHXGmW^JDnyfbfp8FzRB$vu^bjj=u&=AW`cD?kaV*ya zd^+^m7)f}>2uEUy1xjern;+V`$Xrzn0pDC!6;y*0Zcm=#u^bVL`Whf zlsRF7gh)^{KYXUTjg*grh_pHS5)dWPQ8MCpY=9Fat*O>wrka; z$ey`I`xNA8RT1&fBKWQ5!KEH;wkmgWE5JRXr$zotX&6SFWvL`>qb!_|6&yj^{QsYq zGt6_9)^naba&*o{P{|7IM`JWGuw)tNk z=Bf5^`$AcrYy5{gr1AWdlJzf`Lb--1e>H?{`*eDiqyNk0eKt=U{XZ(+|9o_Gdc4j5 z`5?~<^#9(oI&axPkqz8a3gw20UOl}~r;wI4(+Yj*UGwL8+UftA$sanL{~a6^@Bcr2 zv8DeH^Q=k#Hbc8!39jLjy{qo?u|cZ!IB496WxdRD$|!sxXUMt^Cpw0$1xX_5cd%KL4e z7Wwb_;n86+|JT9s*8l54o@(Y@$m)F$xx1@HzOzD%8r7&VNr|92NDy=iB_x5A!r-=U>@uzbXl-$>XL-Rb%!`KNq`8y8q~$ z0{>6SyHInIJeXWRst47AdK*(n13_igJ;r@){mb{=0g0{_@SM{w&;V8_n|H^P{8VqW|~t!HXAL z`R^f~Cmt=_+3_f2#1VEgpWra0iKI-Rq05~n>6j`#lQa(}A&NN9q#%Xpc<1KzHF7Uv zM^cJGbIc-|aVQxj6J*Kn&ZR(iQ5sOV86?Pr8lBKdAatG>6uTg;Gc(D&3v5=%d z>^ymbhKxwM9`Q&JzO&Qwv%nl3 z{7)!#DJ91^mLrkV0hd|q?EH|$F^beDV1)34WdSh7eNA;_rH}|5#T?NDP3fH+R-mOR z*&D&|&Nxe;8jd5eKvClJuK*`#M9`RK38bo#op|rH9MXXQ^3)LElH5ZBK5)wqaw&K4 ztiQAKy_%WGA7>!PxsMh!Qx_|aBgTa(q)NEGyvVqqvn$Q>UJ^(?DLdz|U*Ophmn%A^ zY(`)>7;%zfCfA7z0?Q75(9p7=h+rPY3zQ|MX^8=hm|tEeq%cb}fkF}!DZNS<%=DRr zD1c77UD~<5y&Yjb-T6C`vl56{Votn3y|LwJlSoXnQ9q!wLM~JH2U8jaAB6NSi75^T z^TYn(QUAzakAQ_--Pv(_d%Lr9L;V?*bFM^kB|!j8;AiM|w&>{>w`b7rfF_*AMB?aq z7($KzB7zGXd_X^vSdP=&;Ii{~G&OJJHb=jif);CJ)4XrqOX=G|{_=VQIH+V`n}Ov0 zM7{hT3cq%*H`iCe=vlHI@}^5o(q)1u3#C*=(TGf<#8MV_-z!uF@{$lGU~wWOA;IRL z{*v>IupP>f`YRXjo{lL)1pccAWUwb zH)``pj8@x`sy!M;<1t|%DlSsO5gqGF98kDK3&fPnc8Z(*y+q)U1{t`POYkilJ#aNO z*xo--R_tD>ZEtaM2B3&8N*SF;aVKhczPX9gZ@xK0uOlub$uQf6qm0X@ZUHOfh>Kf5<)70D z!(oApU#BF9a4e@n3dSa-?F=vEG5~jABt&;plAz23@T1)TiYbXH;bcd0F*7nn-{b;H zITgLn>rb*MB+F22TNMWX%{N1}zu>9|G$qWkH%(e)BdQMJ|IatysPQLJB`3R~IdL5T zyjE4L$T;|CWBXGBP{MaN}6kS~syl8D)G zCuQj9@9ca+LjwVQLN5sqSOhtE;Fl`=Y3CE_nFl$4yT72+ZH*EC7JWij1n6x5uE#VX zh%z*zpsy=KKkyHfakHV*Ol<}L#?dEq`~H_(uNjHFG*QRrvI%{VE-55P2})RTRQ*rr z_K(j#49D4Cg18)`Tfs7NyN~p-8_2typsVlCFC0+Dl*bXzMm@!!pUDQGw%0`IdcE6E zXsF+zK)zHmgrwNs>dB^!=^~{e^nZ7^0K6_(w0Sh8DAD=>LCjWLqfU5Xp<&tDxsD7p z!H<$>jiXpHW;DDWR!>_@a7fszn1J-1n*=2McXPs66spaiOEG{vQnV0MvF!ZTaF|^M z5)lnkwkx-MPu=3x*gWj)mwJoJF33$9>fgClO1BW;Bm@fuS9I$RM*=D16CG(MXUT=3 zG@nMPQk8IwvP49&(V<}bQ-lLxbZ&7vhUy_2Wddah)Fz=BAdji&BO}lguqQ=xNpqFT z_%WJgvqJApZ;VF61x-`gfYv{R1jR@i<3PS$Ae>M!b;pW6p{5yxKE5P4jH85@8H^G^ z*c``bM8q8-i5WSUEy&K|0A^u^xlqE7(kZ>Ulf!lTDSOW0dz4J{G??4xV<`@aDV9Pj zBLB&7EMdxq6wkJE(l!>s7DG^dD{z5mgB?eFO0zgr%U>8FU_hYsTUkwUVTA;Gb?pF6 zXEblSxO&O;E|c44A6;C%bVw6m+=w`w5Oc{Wgkcf6aMYJDG{M-{a+E8GR0CG*F+>4Y zvK-Ep?Fuzc6ZV&{Ucb6|^|DA&)TNNQE(GI(n=+jnE53h zG*q2*?`D)8yVg`ivj}=UnjBf}R5h~z!VMOU$_wvbGG>$Ql)!YBiLik_#&3ba2 zw|bGhm+w+#1%mp#%&lDk1uDKu=3YIL%p*n7uTHw9i<9 zvlhTf3{cDJSIQ+ZpbrUE@$qtw>v|M%+aIi?nTVqaNr=J_MJME1m_vd5yuc8*dOsf7 zNB3A$C@YC3+~pxx!)x$sf(FcYbUwWFHk4c;*^rs0^UAr^NddeSH&<*luCaUhO+{^W zV^0eVySXKRi{a0M8JS7KSvnyb#L+Agz9d|@DN134dIkHGd=z#L@_h?b0&^Zs6h?nS zOiK82Ro)xT!Gh7C`7ckOXceSqTJ7m3q_7EuvF3KG%5Eu4h2#xIx{{NJ{6fQxb<({u zNOtTk4T<)mfT=3YO+MS^<{w+lUJle!(Ye3J)^#uXsjhBOr1s_=5McC2#NjI#T+H1) zEpYw&_Z;Qp75pjXEPb}G#4KH0@~#o7!mE6>qSBfUY1l{CgrM%mnGxZlmoh0w24o;t zJ|>tY2#;tcl*j{C^k^~_)=HsNY#nYMmQjGq1BO!qVI30QKTZygT7jilOl!bkF_mBjGa^_N@K#X9SWpelni4*t z+tY(~XtA{$o`+Uzjjai>u!5i3z^Pu`C{kJ7LqkVDq1)pQ9h}mHvfR31Mz<<23%16N28Cd!w(i^N**U-WYD0zZ!shvM8Kl`M;hh=)VT~N`2Wsea8N* zkG@|>VNIw5Aa{6D9n<=Q(^D`wq)KE{;|4iQN+lCXsNpQom5C`hagF0B5WJ5rltO6q zW_88^+jEzElt@g%UmZ^))q-=@*heK2LBsQ|dP!NOc7(b7#AY>kd3_IT!_5&I(K*6Z zmqg@(SbZyniDErW$2_Ay*tBKCQqxHUW($YlKE(HPzO z$^Sv=|MTzLO7oFbk;-#m zVe=;7*Xuw}XdURc@794ECj8*=N~+#Gnk&;NVROQib%V}kxmQw%xBxx~=h5KCijz=D zD7rJu08%2Gf>c-*Wv2g6MwGGnwxu8Mk{Aa40|imH=$`=&&r&k3ZyqQMVai)0qDh(6 zD6;LibiBJu2)iO<+3>%l+6vk!7&9ZD8}ZF?sxj94&LWBj>JwJ82D*V>c3zH3e2=Je8D)lmc~2J)W$j*efGtCE9C(%BR-j@AWEI6RU{?@A4A>g^qr(kWo0UVl z-cj_WqOs>>mB`IFlYM?{%N zAw)x)N(IB?aTL^XG{0S4Ngu*<3q(68jA9ymP&@yvThI67U5PXl#{Z?d(R^&S#Cmo) zMym%`B6DjUt1Zz^m7k2}G0H=7DSsIawXzNEG~)xWbe{3+`A#%`^>$~Pa$#03Gb`7xN;6}`|B{?YTIkl*#FyLMqVbA0TG3u~Npmnr+^54tOE6e#d; zmZ{$S%SQXcPf*1*?I<0ZR^+ELt1T93Zbr}yKzf!}SJHR|H&fvYAVV@Q^-{wz=t08aVw744bdZ*C}!`eCeGEp0vqLswfDzr3x>-Ji>tJ1TdpE22AqH)iyxYqWZYFKPOy z1m0x*XdmGQ3?TK5tZf6Sna$RA*S3T>4L5rad*pgWt4K#u+h!Xn(AFAt+5ydZ@7^ZrreinF>V{m& z^G>ariaJA9vLTkN&S{U5a}B+TKSiL6&W z!fCW;Qx8ZXa#piOBOH97mvh!!R;`)(aCASmrqb z71}FnMeDUUEb{QuE~%7a-L}{StnR!LkG(jv0_c@xkgCnnG=?@|q;>PvgKic})&Sf^ zKxqeGJNKR{T(zumm3q81_Ed41B9IjX6%jYKrx{IkLzUd78jjC$s=+PKcQ&TJ)sx^h zp0t!ASKmxy2xqrZZz80#xuv!Bx~6IF)`PV*ykZxc)w~)0ctMjOV~ix?Vk*UyWJ0XT z(HKFJ+(Ku|s3R~F;~Y#$nCZ~|y_C^_a1NQTuoMB5cZxE=?>u?(1l6*5m2AeGVW%|g z#bi!Y8aFE~=y$vzb?|*OA~C(&M>sSgFp&O^5iVF12oiSn5LSQ($|YD!8eHHc#4O~4 zCpo}plCb5&xHe_%v3q}K=VfU$1yS#8=l1p%67ax1)Ng5WMX5N0WC}YvMTx$kJilJ$ zN?lQ|fveO#rlmSrEpMppl5+RraoJ|bXsU8BpTB->@&r9W=fFbb##2dLb&9O<0>QD9 z%?9M`&f8v3?tB}g|9;>8`OB>p5g-7=O%!+A-`P2j;hajP4v|y<{Ffkc3m~IDW78Hq zb)IiG1|HG5m!C+ZuFhEyqPwZe08`Fu*hfD&3E!$RT2*DU8zaY~0QF(goJ3^*rWtg> z_~ja$fA7@F(X~^)r%_Bt1C^O%pp3UVQJ-JTY2cYj_as;}%0!e*c2wR)m8dD=Xoe$& vOQGD#@4NJ4$zBUaNPDlJ^}n)Qy4z>_Y@hA(H9h|~00960Igb)J0D1@jcSl10 literal 0 HcmV?d00001 diff --git a/operators/cert-manager/1.0.0/charts/common-13.2.0.tgz b/operators/cert-manager/1.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/operators/cert-manager/1.0.0/ix_values.yaml b/operators/cert-manager/1.0.0/ix_values.yaml new file mode 100644 index 00000000000..dec95b2791a --- /dev/null +++ b/operators/cert-manager/1.0.0/ix_values.yaml @@ -0,0 +1,36 @@ +image: + repository: tccr.io/truecharts/alpine + pullPolicy: IfNotPresent + tag: latest@sha256:a661597195a991150580f4915018663dd18bc36f5fef1e88e00c7a3e7b93e127 + +service: + main: + enabled: false + ports: + main: + enabled: false + +workload: + main: + enabled: false + +portal: + open: + enabled: false + +operator: + register: true + +metrics: + main: + enabled: false + type: "podmonitor" + endpoints: + - port: main + interval: 5s + scrapeTimeout: 5s + path: / + honorLabels: false + +manifestManager: + enabled: false diff --git a/operators/cert-manager/1.0.0/questions.yaml b/operators/cert-manager/1.0.0/questions.yaml new file mode 100644 index 00000000000..e4653ab8c34 --- /dev/null +++ b/operators/cert-manager/1.0.0/questions.yaml @@ -0,0 +1,45 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false diff --git a/operators/cert-manager/1.0.0/templates/NOTES.txt b/operators/cert-manager/1.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/operators/cert-manager/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/cert-manager/1.0.0/templates/common.yaml b/operators/cert-manager/1.0.0/templates/common.yaml new file mode 100644 index 00000000000..995efb03eb0 --- /dev/null +++ b/operators/cert-manager/1.0.0/templates/common.yaml @@ -0,0 +1,5 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/cert-manager/1.0.0/templates/crds.yaml b/operators/cert-manager/1.0.0/templates/crds.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/cert-manager/1.0.0/values.yaml b/operators/cert-manager/1.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/cloudnative-pg/2.0.0/CHANGELOG.md b/operators/cloudnative-pg/2.0.0/CHANGELOG.md new file mode 100644 index 00000000000..582f5d6ebe1 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/CHANGELOG.md @@ -0,0 +1,96 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [cloudnative-pg-2.0.0](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.4...cloudnative-pg-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [cloudnative-pg-1.0.4](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.3...cloudnative-pg-1.0.4) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [cloudnative-pg-1.0.3](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.2...cloudnative-pg-1.0.3) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [cloudnative-pg-1.0.2](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.1...cloudnative-pg-1.0.2) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + - pin dependencies ([#9468](https://github.com/truecharts/charts/issues/9468)) + + + + +## [cloudnative-pg-1.0.1](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.0...cloudnative-pg-1.0.1) (2023-06-08) + + + + +## [cloudnative-pg-1.0.0](https://github.com/truecharts/charts/compare/cloudnative-pg-0.0.4...cloudnative-pg-1.0.0) (2023-06-08) + +### Chore + +- move container references to tccr.io + + + + +## [cloudnative-pg-0.0.4](https://github.com/truecharts/charts/compare/cloudnative-pg-0.0.3...cloudnative-pg-0.0.4) (2023-06-07) + +### Chore + +- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457)) + - pin container image ghcr.io/cloudnative-pg/cloudnative-pg to 1.20.0 ([#9137](https://github.com/truecharts/charts/issues/9137)) + + + + +## [cloudnative-pg-0.0.3](https://github.com/truecharts/charts/compare/cloudnative-pg-0.0.2...cloudnative-pg-0.0.3) (2023-06-06) + +### Fix + +- fix webhook port + + + + +## [cloudnative-pg-0.0.2](https://github.com/truecharts/charts/compare/cloudnative-pg-0.0.1...cloudnative-pg-0.0.2) (2023-06-06) + +### Chore + +- update helm chart common to 12.12.1 ([#9349](https://github.com/truecharts/charts/issues/9349)) + + ### Fix + +- use hardcoded and fixed cnpg-webhook-service servicename ([#9429](https://github.com/truecharts/charts/issues/9429)) + + + + +## [cloudnative-pg-0.0.1]cloudnative-pg-0.0.1 (2023-06-03) + +### Add + +- add cloudnative pg operator chart ([#9332](https://github.com/truecharts/charts/issues/9332)) + + \ No newline at end of file diff --git a/operators/cloudnative-pg/2.0.0/Chart.yaml b/operators/cloudnative-pg/2.0.0/Chart.yaml new file mode 100644 index 00000000000..9181856f7c7 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "1.20.0" +deprecated: false +description: CloudNativePG is a clustered postgresql database operator +home: https://truecharts.org/charts/operators/cloudnative-pg +icon: https://truecharts.org/img/hotlink-ok/chart-icons/cloudnative-pg.png +keywords: + - database + - cloudnative-pg + - cnpg +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: cloudnative-pg +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/cloudnative-pg + - https://github.com/cloudnative-pg + - https://cloudnative-pg.io/ +type: application +version: 2.0.0 +annotations: + truecharts.org/catagories: | + - operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/cloudnative-pg/2.0.0/LICENSE b/operators/cloudnative-pg/2.0.0/LICENSE new file mode 100644 index 00000000000..4dfe12ac30e --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/cloudnative-pg/2.0.0/README.md b/operators/cloudnative-pg/2.0.0/README.md new file mode 100644 index 00000000000..2af65573319 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/cloudnative-pg/2.0.0/app-changelog.md b/operators/cloudnative-pg/2.0.0/app-changelog.md new file mode 100644 index 00000000000..a6b5c9cc8cb --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [cloudnative-pg-2.0.0](https://github.com/truecharts/charts/compare/cloudnative-pg-1.0.4...cloudnative-pg-2.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/operators/cloudnative-pg/2.0.0/app-readme.md b/operators/cloudnative-pg/2.0.0/app-readme.md new file mode 100644 index 00000000000..53fc6df3fba --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/app-readme.md @@ -0,0 +1,8 @@ +CloudNativePG is a clustered postgresql database operator + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/cloudnative-pg](https://truecharts.org/charts/operators/cloudnative-pg) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/cloudnative-pg/2.0.0/charts/common-13.2.0.tgz b/operators/cloudnative-pg/2.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/operators/cloudnative-pg/2.0.0/ix_values.yaml b/operators/cloudnative-pg/2.0.0/ix_values.yaml new file mode 100644 index 00000000000..fdb484a9e4a --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/ix_values.yaml @@ -0,0 +1,816 @@ +image: + repository: tccr.io/truecharts/cloudnative-pg + tag: "v1.20.0@sha256:b226152774c438d4826d29b63efb559a4d99f7a4890cae26a5e49e88f669c38c" + pullPolicy: + +workload: + main: + podSpec: + containers: + main: + args: + - controller + - --leader-elect + - --config-map-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-config + - --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-config + - --webhook-port=9443 + command: + - /manager + probes: + liveness: + port: webhook + type: https + path: /readyz + readiness: + port: webhook + type: https + path: /readyz + startup: + port: webhook + type: tcp + env: + OPERATOR_IMAGE_NAME: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + OPERATOR_NAMESPACE: + fieldRef: + fieldPath: metadata.namespace + MONITORING_QUERIES_CONFIGMAP: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}-monitoring' + +podOptions: + automountServiceAccountToken: true + +service: + main: + ports: + main: + protocol: http + port: 8080 + cnpg-webhook-service: + enabled: true + expandObjectName: false + ports: + webhook: + enabled: true + protocol: https + port: 443 + targetPort: 9443 + +operator: + register: true + +persistence: + scratch-data: + enabled: true + type: emptyDir + mountPath: /controller + webhook-certificates: + enabled: true + type: secret + objectName: cnpg-webhook-cert + expandObjectName: false + optional: true + defaultMode: "0420" + readOnly: true + targetSelector: + main: + main: + mountPath: "/run/secrets/cnpg.io/webhook" + +portal: + open: + enabled: false + +metrics: + main: + enabled: false + type: "podmonitor" + endpoints: + - port: main + interval: 5s + scrapeTimeout: 5s + path: / + honorLabels: false + +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - pods/status + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - postgresql.cnpg.io + resources: + - clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - clusters/finalizers + verbs: + - update + - apiGroups: + - postgresql.cnpg.io + resources: + - clusters/status + verbs: + - get + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - poolers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - poolers/finalizers + verbs: + - update + - apiGroups: + - postgresql.cnpg.io + resources: + - poolers/status + verbs: + - get + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - scheduledbackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - postgresql.cnpg.io + resources: + - scheduledbackups/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch + +serviceAccount: + main: + enabled: true + primary: true + +webhook: + mutating: + create: true + failurePolicy: Fail + validating: + create: true + failurePolicy: Fail + +manifestManager: + enabled: false + +configmap: + config: + enabled: true + data: + CREATE_ANY_SERVICE: "true" + monitoring: + enabled: true + data: + queries: | + backends: + query: | + SELECT sa.datname + , sa.usename + , sa.application_name + , states.state + , COALESCE(sa.count, 0) AS total + , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds + FROM ( VALUES ('active') + , ('idle') + , ('idle in transaction') + , ('idle in transaction (aborted)') + , ('fastpath function call') + , ('disabled') + ) AS states(state) + LEFT JOIN ( + SELECT datname + , state + , usename + , COALESCE(application_name, '') AS application_name + , COUNT(*) + , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs + FROM pg_catalog.pg_stat_activity + GROUP BY datname, state, usename, application_name + ) sa ON states.state = sa.state + WHERE sa.usename IS NOT NULL + metrics: + - datname: + usage: "LABEL" + description: "Name of the database" + - usename: + usage: "LABEL" + description: "Name of the user" + - application_name: + usage: "LABEL" + description: "Name of the application" + - state: + usage: "LABEL" + description: "State of the backend" + - total: + usage: "GAUGE" + description: "Number of backends" + - max_tx_duration_seconds: + usage: "GAUGE" + description: "Maximum duration of a transaction in seconds" + + backends_waiting: + query: | + SELECT count(*) AS total + FROM pg_catalog.pg_locks blocked_locks + JOIN pg_catalog.pg_locks blocking_locks + ON blocking_locks.locktype = blocked_locks.locktype + AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database + AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation + AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page + AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple + AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid + AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid + AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid + AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid + AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid + AND blocking_locks.pid != blocked_locks.pid + JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid + WHERE NOT blocked_locks.granted + metrics: + - total: + usage: "GAUGE" + description: "Total number of backends that are currently waiting on other queries" + + pg_database: + query: | + SELECT datname + , pg_catalog.pg_database_size(datname) AS size_bytes + , pg_catalog.age(datfrozenxid) AS xid_age + , pg_catalog.mxid_age(datminmxid) AS mxid_age + FROM pg_catalog.pg_database + metrics: + - datname: + usage: "LABEL" + description: "Name of the database" + - size_bytes: + usage: "GAUGE" + description: "Disk space used by the database" + - xid_age: + usage: "GAUGE" + description: "Number of transactions from the frozen XID to the current one" + - mxid_age: + usage: "GAUGE" + description: "Number of multiple transactions (Multixact) from the frozen XID to the current one" + + pg_postmaster: + query: | + SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time + FROM pg_catalog.pg_postmaster_start_time() + metrics: + - start_time: + usage: "GAUGE" + description: "Time at which postgres started (based on epoch)" + + pg_replication: + query: "SELECT CASE WHEN NOT pg_catalog.pg_is_in_recovery() + THEN 0 + ELSE GREATEST (0, + EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp()))) + END AS lag, + pg_catalog.pg_is_in_recovery() AS in_recovery, + EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up, + (SELECT count(*) FROM pg_stat_replication) AS streaming_replicas" + metrics: + - lag: + usage: "GAUGE" + description: "Replication lag behind primary in seconds" + - in_recovery: + usage: "GAUGE" + description: "Whether the instance is in recovery" + - is_wal_receiver_up: + usage: "GAUGE" + description: "Whether the instance wal_receiver is up" + - streaming_replicas: + usage: "GAUGE" + description: "Number of streaming replicas connected to the instance" + + pg_replication_slots: + query: | + SELECT slot_name, + slot_type, + database, + active, + pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn) + FROM pg_catalog.pg_replication_slots + WHERE NOT temporary + metrics: + - slot_name: + usage: "LABEL" + description: "Name of the replication slot" + - slot_type: + usage: "LABEL" + description: "Type of the replication slot" + - database: + usage: "LABEL" + description: "Name of the database" + - active: + usage: "GAUGE" + description: "Flag indicating whether the slot is active" + - pg_wal_lsn_diff: + usage: "GAUGE" + description: "Replication lag in bytes" + + pg_stat_archiver: + query: | + SELECT archived_count + , failed_count + , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival + , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure + , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time + , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn + , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time + FROM pg_catalog.pg_stat_archiver + metrics: + - archived_count: + usage: "COUNTER" + description: "Number of WAL files that have been successfully archived" + - failed_count: + usage: "COUNTER" + description: "Number of failed attempts for archiving WAL files" + - seconds_since_last_archival: + usage: "GAUGE" + description: "Seconds since the last successful archival operation" + - seconds_since_last_failure: + usage: "GAUGE" + description: "Seconds since the last failed archival operation" + - last_archived_time: + usage: "GAUGE" + description: "Epoch of the last time WAL archiving succeeded" + - last_failed_time: + usage: "GAUGE" + description: "Epoch of the last time WAL archiving failed" + - last_archived_wal_start_lsn: + usage: "GAUGE" + description: "Archived WAL start LSN" + - last_failed_wal_start_lsn: + usage: "GAUGE" + description: "Last failed WAL LSN" + - stats_reset_time: + usage: "GAUGE" + description: "Time at which these statistics were last reset" + + pg_stat_bgwriter: + query: | + SELECT checkpoints_timed + , checkpoints_req + , checkpoint_write_time + , checkpoint_sync_time + , buffers_checkpoint + , buffers_clean + , maxwritten_clean + , buffers_backend + , buffers_backend_fsync + , buffers_alloc + FROM pg_catalog.pg_stat_bgwriter + metrics: + - checkpoints_timed: + usage: "COUNTER" + description: "Number of scheduled checkpoints that have been performed" + - checkpoints_req: + usage: "COUNTER" + description: "Number of requested checkpoints that have been performed" + - checkpoint_write_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds" + - checkpoint_sync_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds" + - buffers_checkpoint: + usage: "COUNTER" + description: "Number of buffers written during checkpoints" + - buffers_clean: + usage: "COUNTER" + description: "Number of buffers written by the background writer" + - maxwritten_clean: + usage: "COUNTER" + description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers" + - buffers_backend: + usage: "COUNTER" + description: "Number of buffers written directly by a backend" + - buffers_backend_fsync: + usage: "COUNTER" + description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)" + - buffers_alloc: + usage: "COUNTER" + description: "Number of buffers allocated" + + pg_stat_database: + query: | + SELECT datname + , xact_commit + , xact_rollback + , blks_read + , blks_hit + , tup_returned + , tup_fetched + , tup_inserted + , tup_updated + , tup_deleted + , conflicts + , temp_files + , temp_bytes + , deadlocks + , blk_read_time + , blk_write_time + FROM pg_catalog.pg_stat_database + metrics: + - datname: + usage: "LABEL" + description: "Name of this database" + - xact_commit: + usage: "COUNTER" + description: "Number of transactions in this database that have been committed" + - xact_rollback: + usage: "COUNTER" + description: "Number of transactions in this database that have been rolled back" + - blks_read: + usage: "COUNTER" + description: "Number of disk blocks read in this database" + - blks_hit: + usage: "COUNTER" + description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)" + - tup_returned: + usage: "COUNTER" + description: "Number of rows returned by queries in this database" + - tup_fetched: + usage: "COUNTER" + description: "Number of rows fetched by queries in this database" + - tup_inserted: + usage: "COUNTER" + description: "Number of rows inserted by queries in this database" + - tup_updated: + usage: "COUNTER" + description: "Number of rows updated by queries in this database" + - tup_deleted: + usage: "COUNTER" + description: "Number of rows deleted by queries in this database" + - conflicts: + usage: "COUNTER" + description: "Number of queries canceled due to conflicts with recovery in this database" + - temp_files: + usage: "COUNTER" + description: "Number of temporary files created by queries in this database" + - temp_bytes: + usage: "COUNTER" + description: "Total amount of data written to temporary files by queries in this database" + - deadlocks: + usage: "COUNTER" + description: "Number of deadlocks detected in this database" + - blk_read_time: + usage: "COUNTER" + description: "Time spent reading data file blocks by backends in this database, in milliseconds" + - blk_write_time: + usage: "COUNTER" + description: "Time spent writing data file blocks by backends in this database, in milliseconds" + + pg_stat_replication: + primary: true + query: | + SELECT usename + , COALESCE(application_name, '') AS application_name + , COALESCE(client_addr::text, '') AS client_addr + , EXTRACT(EPOCH FROM backend_start) AS backend_start + , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes + , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes + , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds + FROM pg_catalog.pg_stat_replication + metrics: + - usename: + usage: "LABEL" + description: "Name of the replication user" + - application_name: + usage: "LABEL" + description: "Name of the application" + - client_addr: + usage: "LABEL" + description: "Client IP address" + - backend_start: + usage: "COUNTER" + description: "Time when this process was started" + - backend_xmin_age: + usage: "COUNTER" + description: "The age of this standby's xmin horizon" + - sent_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location sent on this connection" + - write_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location written to disk by this standby server" + - flush_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server" + - replay_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server" + - write_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it" + - flush_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it" + - replay_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it" + + pg_settings: + query: | + SELECT name, + CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting + FROM pg_catalog.pg_settings + WHERE vartype IN ('integer', 'real', 'bool') + ORDER BY 1 + metrics: + - name: + usage: "LABEL" + description: "Name of the setting" + - setting: + usage: "GAUGE" + description: "Setting value" diff --git a/operators/cloudnative-pg/2.0.0/questions.yaml b/operators/cloudnative-pg/2.0.0/questions.yaml new file mode 100644 index 00000000000..e4653ab8c34 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/questions.yaml @@ -0,0 +1,45 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false diff --git a/operators/cloudnative-pg/2.0.0/templates/NOTES.txt b/operators/cloudnative-pg/2.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/cloudnative-pg/2.0.0/templates/_mutatingwebhookconfiguration.tpl b/operators/cloudnative-pg/2.0.0/templates/_mutatingwebhookconfiguration.tpl new file mode 100644 index 00000000000..8c3d90f10fb --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/templates/_mutatingwebhookconfiguration.tpl @@ -0,0 +1,85 @@ +{{- define "cnpg.webhooks.mutating" -}} +{{- if .Values.webhook.mutating.create }} +{{- $cnpgLabels := .Values.webhook.validating.labels -}} +{{- $cnpgAnnotations := .Values.webhook.validating.annotations -}} +{{- $labels := (mustMerge ($cnpgLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} +{{- $annotations := (mustMerge ($cnpgAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: cnpg-mutating-webhook-configuration + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-postgresql-cnpg-io-v1-backup + port: 443 + failurePolicy: {{ .Values.webhook.mutating.failurePolicy }} + name: mbackup.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-postgresql-cnpg-io-v1-cluster + port: 443 + failurePolicy: {{ .Values.webhook.mutating.failurePolicy }} + name: mcluster.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-postgresql-cnpg-io-v1-scheduledbackup + port: 443 + failurePolicy: {{ .Values.webhook.mutating.failurePolicy }} + name: mscheduledbackup.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - scheduledbackups + sideEffects: None +{{- end }} +{{- end -}} diff --git a/operators/cloudnative-pg/2.0.0/templates/_validatingwebhookconfiguration.tpl b/operators/cloudnative-pg/2.0.0/templates/_validatingwebhookconfiguration.tpl new file mode 100644 index 00000000000..e16d46ee015 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/templates/_validatingwebhookconfiguration.tpl @@ -0,0 +1,106 @@ +{{- define "cnpg.webhooks.validating" -}} +{{- if .Values.webhook.validating.create }} +{{- $cnpgLabels := .Values.webhook.validating.labels -}} +{{- $cnpgAnnotations := .Values.webhook.validating.annotations -}} +{{- $labels := (mustMerge ($cnpgLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} +{{- $annotations := (mustMerge ($cnpgAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: cnpg-validating-webhook-configuration + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-postgresql-cnpg-io-v1-backup + port: 9443 + failurePolicy: {{ .Values.webhook.validating.failurePolicy }} + name: vbackup.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-postgresql-cnpg-io-v1-cluster + port: 443 + failurePolicy: {{ .Values.webhook.validating.failurePolicy }} + name: vcluster.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-postgresql-cnpg-io-v1-scheduledbackup + port: 443 + failurePolicy: {{ .Values.webhook.validating.failurePolicy }} + name: vscheduledbackup.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - scheduledbackups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-postgresql-cnpg-io-v1-pooler + port: 443 + failurePolicy: {{ .Values.webhook.validating.failurePolicy }} + name: vpooler.kb.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - poolers + sideEffects: None +{{- end }} +{{- end -}} diff --git a/operators/cloudnative-pg/2.0.0/templates/common.yaml b/operators/cloudnative-pg/2.0.0/templates/common.yaml new file mode 100644 index 00000000000..3b4deaf3d17 --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "cnpg.webhooks.validating" . -}} +{{- include "cnpg.webhooks.mutating" . -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/cloudnative-pg/2.0.0/templates/crds.yaml b/operators/cloudnative-pg/2.0.0/templates/crds.yaml new file mode 100644 index 00000000000..50f8ad30c1c --- /dev/null +++ b/operators/cloudnative-pg/2.0.0/templates/crds.yaml @@ -0,0 +1,11805 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: backups.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.error + name: Error + type: string + name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the backup. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + cluster: + description: The cluster to backup + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + target: + description: The policy to decide which instance should perform this + backup. If empty, it defaults to `cluster.spec.backup.target`. Available + options are empty string, `primary` and `prefer-standby`. `primary` + to have backups run always on primary instances, `prefer-standby` + to have backups run preferably on the most updated standby, if available. + enum: + - primary + - prefer-standby + type: string + type: object + status: + description: 'Most recently observed status of the backup. This data may + not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + azureCredentials: + description: The credentials to use to upload data to Azure Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without providing + explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: A shared-access-signature to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + backupId: + description: The ID of the Barman backup + type: string + backupName: + description: The Name of the Barman backup + type: string + beginLSN: + description: The starting xlog + type: string + beginWal: + description: The starting WAL + type: string + commandError: + description: The backup command output in case of error + type: string + commandOutput: + description: Unused. Retained for compatibility with old versions. + type: string + destinationPath: + description: The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used for + WALs and for data. This may not be populated in case of errors. + type: string + encryption: + description: Encryption method required to S3 API + type: string + endLSN: + description: The ending xlog + type: string + endWal: + description: The ending WAL + type: string + endpointCA: + description: EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid errors with + certificate issuer and barman-cloud-wal-archive. + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: Endpoint to be used to upload data to the cloud, overriding + the automatic endpoint discovery + type: string + error: + description: The detected error + type: string + googleCredentials: + description: The credentials to use to upload data to Google Cloud + Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud Storage JSON + file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: If set to true, will presume that it's running inside + a GKE environment, default to false. + type: boolean + type: object + instanceID: + description: Information to identify the instance where the backup + has been taken from + properties: + ContainerID: + description: The container ID + type: string + podName: + description: The pod name + type: string + type: object + phase: + description: The last backup status + type: string + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without providing + explicitly the keys. + type: boolean + region: + description: The reference to the secret containing the region + name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: The server name on S3, the cluster name is used if this + parameter is omitted + type: string + startedAt: + description: When the backup was started + format: date-time + type: string + stoppedAt: + description: When the backup was terminated + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: clusters.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Number of instances + jsonPath: .status.instances + name: Instances + type: integer + - description: Number of ready instances + jsonPath: .status.readyInstances + name: Ready + type: integer + - description: Cluster current status + jsonPath: .status.phase + name: Status + type: string + - description: Primary pod + jsonPath: .status.currentPrimary + name: Primary + type: string + name: v1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the PostgreSQL API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the cluster. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: Affinity/Anti-affinity rules for Pods + properties: + additionalPodAffinity: + description: AdditionalPodAffinity allows to specify pod affinity + terms to be passed to all the cluster's pods. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + additionalPodAntiAffinity: + description: AdditionalPodAntiAffinity allows to specify pod anti-affinity + terms to be added to the ones generated by the operator if EnablePodAntiAffinity + is set to true (default) or to be used exclusively if set to + false. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + enablePodAntiAffinity: + description: Activates anti-affinity for the pods. The operator + will define pods anti-affinity unless this field is explicitly + set to false + type: boolean + nodeAffinity: + description: 'NodeAffinity describes node affinity scheduling + rules for the pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is map of key-value pairs used to define + the nodes on which the pods can run. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + podAntiAffinityType: + description: 'PodAntiAffinityType allows the user to decide whether + pod anti-affinity between cluster instance has to be considered + a strong requirement during scheduling or not. Allowed values + are: "preferred" (default if empty) or "required". Setting it + to "required", could lead to instances remaining pending until + new kubernetes nodes are added if all the existing nodes don''t + match the required pod anti-affinity rule. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity' + type: string + tolerations: + description: 'Tolerations is a list of Tolerations that should + be set for all the pods, in order to allow them to run on tainted + nodes. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologyKey: + description: TopologyKey to use for anti-affinity configuration. + See k8s documentation for more info on that + type: string + type: object + backup: + description: The configuration to be used for backups + properties: + barmanObjectStore: + description: The configuration for the barman-cloud tool suite + properties: + azureCredentials: + description: The credentials to use to upload data to Azure + Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without + providing explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: A shared-access-signature to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + data: + description: The configuration to be used to backup the data + files When not defined, base backups files will be stored + uncompressed and may be unencrypted in the object store, + according to the bucket default policy. + properties: + compression: + description: Compress a backup file (a tar file per tablespace) + while streaming it to the object store. Available options + are empty string (no compression, default), `gzip`, + `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: Whenever to force the encryption of files + (if the bucket is not already configured for that). + Allowed options are empty string (use the bucket policy, + default), `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + immediateCheckpoint: + description: Control whether the I/O workload for the + backup initial checkpoint will be limited, according + to the `checkpoint_completion_target` setting on the + PostgreSQL server. If set to true, an immediate checkpoint + will be used, meaning PostgreSQL will complete the checkpoint + as soon as possible. `false` by default. + type: boolean + jobs: + description: The number of parallel jobs to be used to + upload the backup, defaults to 2 + format: int32 + minimum: 1 + type: integer + type: object + destinationPath: + description: The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used + for WALs and for data + minLength: 1 + type: string + endpointCA: + description: EndpointCA store the CA bundle of the barman + endpoint. Useful when using self-signed certificates to + avoid errors with certificate issuer and barman-cloud-wal-archive + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + googleCredentials: + description: The credentials to use to upload data to Google + Cloud Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud Storage + JSON file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: If set to true, will presume that it's running + inside a GKE environment, default to false. + type: boolean + type: object + historyTags: + additionalProperties: + type: string + description: HistoryTags is a list of key value pairs that + will be passed to the Barman --history-tags option. + type: object + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without + providing explicitly the keys. + type: boolean + region: + description: The reference to the secret containing the + region name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: The server name on S3, the cluster name is used + if this parameter is omitted + type: string + tags: + additionalProperties: + type: string + description: Tags is a list of key value pairs that will be + passed to the Barman --tags option. + type: object + wal: + description: The configuration for the backup of the WAL stream. + When not defined, WAL files will be stored uncompressed + and may be unencrypted in the object store, according to + the bucket default policy. + properties: + compression: + description: Compress a WAL file before sending it to + the object store. Available options are empty string + (no compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: Whenever to force the encryption of files + (if the bucket is not already configured for that). + Allowed options are empty string (use the bucket policy, + default), `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + maxParallel: + description: Number of WAL files to be either archived + in parallel (when the PostgreSQL instance is archiving + to a backup object store) or restored in parallel (when + a PostgreSQL standby is fetching WAL files from a recovery + object store). If not specified, WAL files will be processed + one at a time. It accepts a positive integer as a value + - with 1 being the minimum accepted value. + minimum: 1 + type: integer + type: object + required: + - destinationPath + type: object + retentionPolicy: + description: RetentionPolicy is the retention policy to be used + for backups and WALs (i.e. '60d'). The retention policy is expressed + in the form of `XXu` where `XX` is a positive integer and `u` + is in `[dwm]` - days, weeks, months. + pattern: ^[1-9][0-9]*[dwm]$ + type: string + target: + default: prefer-standby + description: The policy to decide which instance should perform + backups. Available options are empty string, which will default + to `prefer-standby` policy, `primary` to have backups run always + on primary instances, `prefer-standby` to have backups run preferably + on the most updated standby, if available. + enum: + - primary + - prefer-standby + type: string + type: object + bootstrap: + description: Instructions to bootstrap this cluster + properties: + initdb: + description: Bootstrap the cluster via initdb + properties: + dataChecksums: + description: 'Whether the `-k` option should be passed to + initdb, enabling checksums on data pages (default: `false`)' + type: boolean + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + encoding: + description: The value to be passed as option `--encoding` + for initdb (default:`UTF8`) + type: string + import: + description: Bootstraps the new cluster by importing data + from an existing PostgreSQL instance using logical backup + (`pg_dump` and `pg_restore`) + properties: + databases: + description: The databases to import + items: + type: string + type: array + postImportApplicationSQL: + description: List of SQL queries to be executed as a superuser + in the application database right after is imported + - to be used with extreme care (by default empty). Only + available in microservice type. + items: + type: string + type: array + roles: + description: The roles to import + items: + type: string + type: array + source: + description: The source of the import + properties: + externalCluster: + description: The name of the externalCluster used + for import + type: string + required: + - externalCluster + type: object + type: + description: The import type. Can be `microservice` or + `monolith`. + enum: + - microservice + - monolith + type: string + required: + - databases + - source + - type + type: object + localeCType: + description: The value to be passed as option `--lc-ctype` + for initdb (default:`C`) + type: string + localeCollate: + description: The value to be passed as option `--lc-collate` + for initdb (default:`C`) + type: string + options: + description: 'The list of options that must be passed to initdb + when creating the cluster. Deprecated: This could lead to + inconsistent configurations, please use the explicit provided + parameters instead. If defined, explicit values will be + ignored.' + items: + type: string + type: array + owner: + description: Name of the owner of the database in the instance + to be used by applications. Defaults to the value of the + `database` key. + type: string + postInitApplicationSQL: + description: List of SQL queries to be executed as a superuser + in the application database right after is created - to + be used with extreme care (by default empty) + items: + type: string + type: array + postInitApplicationSQLRefs: + description: PostInitApplicationSQLRefs points references + to ConfigMaps or Secrets which contain SQL files, the general + implementation order to these references is from all Secrets + to all ConfigMaps, and inside Secrets or ConfigMaps, the + implementation order is same as the order of each array + (by default empty) + properties: + configMapRefs: + description: ConfigMapRefs holds a list of references + to ConfigMaps + items: + description: ConfigMapKeySelector contains enough information + to let you locate the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + secretRefs: + description: SecretRefs holds a list of references to + Secrets + items: + description: SecretKeySelector contains enough information + to let you locate the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + type: object + postInitSQL: + description: List of SQL queries to be executed as a superuser + immediately after the cluster has been created - to be used + with extreme care (by default empty) + items: + type: string + type: array + postInitTemplateSQL: + description: List of SQL queries to be executed as a superuser + in the `template1` after the cluster has been created - + to be used with extreme care (by default empty) + items: + type: string + type: array + secret: + description: Name of the secret containing the initial credentials + for the owner of the user database. If empty a new secret + will be created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + walSegmentSize: + description: 'The value in megabytes (1 to 1024) to be passed + to the `--wal-segsize` option for initdb (default: empty, + resulting in PostgreSQL default: 16MB)' + maximum: 1024 + minimum: 1 + type: integer + type: object + pg_basebackup: + description: Bootstrap the cluster taking a physical backup of + another compatible PostgreSQL instance + properties: + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + owner: + description: Name of the owner of the database in the instance + to be used by applications. Defaults to the value of the + `database` key. + type: string + secret: + description: Name of the secret containing the initial credentials + for the owner of the user database. If empty a new secret + will be created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + source: + description: The name of the server of which we need to take + a physical backup + minLength: 1 + type: string + required: + - source + type: object + recovery: + description: Bootstrap the cluster from a backup + properties: + backup: + description: The backup we need to restore + properties: + endpointCA: + description: EndpointCA store the CA bundle of the barman + endpoint. Useful when using self-signed certificates + to avoid errors with certificate issuer and barman-cloud-wal-archive. + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + name: + description: Name of the referent. + type: string + required: + - name + type: object + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + owner: + description: Name of the owner of the database in the instance + to be used by applications. Defaults to the value of the + `database` key. + type: string + recoveryTarget: + description: 'By default, the recovery process applies all + the available WAL files in the archive (full recovery). + However, you can also end the recovery as soon as a consistent + state is reached or recover to a point-in-time (PITR) by + specifying a `RecoveryTarget` object, as expected by PostgreSQL + (i.e., timestamp, transaction Id, LSN, ...). More info: + https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET' + properties: + backupID: + description: The ID of the backup from which to start + the recovery process. If empty (default) the operator + will automatically detect the backup based on targetTime + or targetLSN if specified. Otherwise use the latest + available backup in chronological order. + type: string + exclusive: + description: Set the target to be exclusive (defaults + to true) + type: boolean + targetImmediate: + description: End recovery as soon as a consistent state + is reached + type: boolean + targetLSN: + description: The target LSN (Log Sequence Number) + type: string + targetName: + description: The target name (to be previously created + with `pg_create_restore_point`) + type: string + targetTLI: + description: The target timeline ("latest" or a positive + integer) + type: string + targetTime: + description: The target time as a timestamp in the RFC3339 + standard + type: string + targetXID: + description: The target transaction ID + type: string + type: object + secret: + description: Name of the secret containing the initial credentials + for the owner of the user database. If empty a new secret + will be created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + source: + description: The external cluster whose backup we will restore. + This is also used as the name of the folder under which + the backup is stored, so it must be set to the name of the + source cluster + type: string + type: object + type: object + certificates: + description: The configuration for the CA and related certificates + properties: + clientCASecret: + description: 'The secret containing the Client CA certificate. + If not defined, a new secret will be created with a self-signed + CA and will be used to generate all the client certificates.

Contains:

- `ca.crt`: CA that should + be used to validate the client certificates, used as `ssl_ca_file` + of all the instances.
- `ca.key`: key used to generate + client certificates, if ReplicationTLSSecret is provided, this + can be omitted.
' + type: string + replicationTLSSecret: + description: The secret of type kubernetes.io/tls containing the + client certificate to authenticate as the `streaming_replica` + user. If not defined, ClientCASecret must provide also `ca.key`, + and a new secret will be created using the provided CA. + type: string + serverAltDNSNames: + description: The list of the server alternative DNS names to be + added to the generated server TLS certificates, when required. + items: + type: string + type: array + serverCASecret: + description: 'The secret containing the Server CA certificate. + If not defined, a new secret will be created with a self-signed + CA and will be used to generate the TLS certificate ServerTLSSecret.

Contains:

- `ca.crt`: CA that should + be used to validate the server certificate, used as `sslrootcert` + in client connection strings.
- `ca.key`: key used to + generate Server SSL certs, if ServerTLSSecret is provided, this + can be omitted.
' + type: string + serverTLSSecret: + description: The secret of type kubernetes.io/tls containing the + server TLS certificate and key that will be set as `ssl_cert_file` + and `ssl_key_file` so that clients can connect to postgres securely. + If not defined, ServerCASecret must provide also `ca.key` and + a new secret will be created using the provided CA. + type: string + type: object + description: + description: Description of this PostgreSQL cluster + type: string + enableSuperuserAccess: + default: true + description: When this option is enabled, the operator will use the + `SuperuserSecret` to update the `postgres` user password (if the + secret is not present, the operator will automatically create one). + When this option is disabled, the operator will ignore the `SuperuserSecret` + content, delete it when automatically created, and then blank the + password of the `postgres` user by setting it to `NULL`. Enabled + by default. + type: boolean + env: + description: Env follows the Env format to pass environment variables + to the pods created in the cluster + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom follows the EnvFrom format to pass environment + variables sources to the pods to be used by Env + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + externalClusters: + description: The list of external clusters which are used in the configuration + items: + description: ExternalCluster represents the connection parameters + to an external cluster which is used in the other sections of + the configuration + properties: + barmanObjectStore: + description: The configuration for the barman-cloud tool suite + properties: + azureCredentials: + description: The credentials to use to upload data to Azure + Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without + providing explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: A shared-access-signature to be used in + conjunction with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + data: + description: The configuration to be used to backup the + data files When not defined, base backups files will be + stored uncompressed and may be unencrypted in the object + store, according to the bucket default policy. + properties: + compression: + description: Compress a backup file (a tar file per + tablespace) while streaming it to the object store. + Available options are empty string (no compression, + default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: Whenever to force the encryption of files + (if the bucket is not already configured for that). + Allowed options are empty string (use the bucket policy, + default), `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + immediateCheckpoint: + description: Control whether the I/O workload for the + backup initial checkpoint will be limited, according + to the `checkpoint_completion_target` setting on the + PostgreSQL server. If set to true, an immediate checkpoint + will be used, meaning PostgreSQL will complete the + checkpoint as soon as possible. `false` by default. + type: boolean + jobs: + description: The number of parallel jobs to be used + to upload the backup, defaults to 2 + format: int32 + minimum: 1 + type: integer + type: object + destinationPath: + description: The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be + used for WALs and for data + minLength: 1 + type: string + endpointCA: + description: EndpointCA store the CA bundle of the barman + endpoint. Useful when using self-signed certificates to + avoid errors with certificate issuer and barman-cloud-wal-archive + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + googleCredentials: + description: The credentials to use to upload data to Google + Cloud Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud + Storage JSON file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: If set to true, will presume that it's + running inside a GKE environment, default to false. + type: boolean + type: object + historyTags: + additionalProperties: + type: string + description: HistoryTags is a list of key value pairs that + will be passed to the Barman --history-tags option. + type: object + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without + providing explicitly the keys. + type: boolean + region: + description: The reference to the secret containing + the region name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: The server name on S3, the cluster name is + used if this parameter is omitted + type: string + tags: + additionalProperties: + type: string + description: Tags is a list of key value pairs that will + be passed to the Barman --tags option. + type: object + wal: + description: The configuration for the backup of the WAL + stream. When not defined, WAL files will be stored uncompressed + and may be unencrypted in the object store, according + to the bucket default policy. + properties: + compression: + description: Compress a WAL file before sending it to + the object store. Available options are empty string + (no compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: Whenever to force the encryption of files + (if the bucket is not already configured for that). + Allowed options are empty string (use the bucket policy, + default), `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + maxParallel: + description: Number of WAL files to be either archived + in parallel (when the PostgreSQL instance is archiving + to a backup object store) or restored in parallel + (when a PostgreSQL standby is fetching WAL files from + a recovery object store). If not specified, WAL files + will be processed one at a time. It accepts a positive + integer as a value - with 1 being the minimum accepted + value. + minimum: 1 + type: integer + type: object + required: + - destinationPath + type: object + connectionParameters: + additionalProperties: + type: string + description: The list of connection parameters, such as dbname, + host, username, etc + type: object + name: + description: The server name, required + type: string + password: + description: The reference to the password to be used to connect + to the server + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslCert: + description: The reference to an SSL certificate to be used + to connect to this instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslKey: + description: The reference to an SSL private key to be used + to connect to this instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslRootCert: + description: The reference to an SSL CA public key to be used + to connect to this instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + type: array + failoverDelay: + default: 0 + description: The amount of time (in seconds) to wait before triggering + a failover after the primary PostgreSQL instance in the cluster + was detected to be unhealthy + format: int32 + type: integer + imageName: + description: Name of the container image, supporting both tags (`:`) + and digests for deterministic and repeatable deployments (`:@sha256:`) + type: string + imagePullPolicy: + description: 'Image pull policy. One of `Always`, `Never` or `IfNotPresent`. + If not defined, it defaults to `IfNotPresent`. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + imagePullSecrets: + description: The list of pull secrets to be used to pull the images + items: + description: LocalObjectReference contains enough information to + let you locate a local object with a known type inside the same + namespace + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: array + inheritedMetadata: + description: Metadata that will be inherited by all objects related + to the Cluster + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + instances: + default: 1 + description: Number of instances required in the cluster + minimum: 1 + type: integer + logLevel: + default: info + description: 'The instances'' log level, one of the following values: + error, warning, info (default), debug, trace' + enum: + - error + - warning + - info + - debug + - trace + type: string + managed: + description: The configuration that is used by the portions of PostgreSQL + that are managed by the instance manager + properties: + roles: + description: Database roles managed by the `Cluster` + items: + description: "RoleConfiguration is the representation, in Kubernetes, + of a PostgreSQL role with the additional field Ensure specifying + whether to ensure the presence or absence of the role in the + database \n The defaults of the CREATE ROLE command are applied + Reference: https://www.postgresql.org/docs/current/sql-createrole.html" + properties: + bypassrls: + description: Whether a role bypasses every row-level security + (RLS) policy. Default is `false`. + type: boolean + comment: + description: Description of the role + type: string + connectionLimit: + default: -1 + description: If the role can log in, this specifies how + many concurrent connections the role can make. `-1` (the + default) means no limit. + format: int64 + type: integer + createdb: + description: When set to `true`, the role being defined + will be allowed to create new databases. Specifying `false` + (default) will deny a role the ability to create databases. + type: boolean + createrole: + description: Whether the role will be permitted to create, + alter, drop, comment on, change the security label for, + and grant or revoke membership in other roles. Default + is `false`. + type: boolean + ensure: + default: present + description: Ensure the role is `present` or `absent` - + defaults to "present" + enum: + - present + - absent + type: string + inRoles: + description: List of one or more existing roles to which + this role will be immediately added as a new member. Default + empty. + items: + type: string + type: array + inherit: + default: true + description: Whether a role "inherits" the privileges of + roles it is a member of. Defaults is `true`. + type: boolean + login: + description: Whether the role is allowed to log in. A role + having the `login` attribute can be thought of as a user. + Roles without this attribute are useful for managing database + privileges, but are not users in the usual sense of the + word. Default is `false`. + type: boolean + name: + description: Name of the role + type: string + passwordSecret: + description: Secret containing the password of the role + (if present) + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + replication: + description: Whether a role is a replication role. A role + must have this attribute (or be a superuser) in order + to be able to connect to the server in replication mode + (physical or logical replication) and in order to be able + to create or drop replication slots. A role having the + `replication` attribute is a very highly privileged role, + and should only be used on roles actually used for replication. + Default is `false`. + type: boolean + superuser: + description: Whether the role is a `superuser` who can override + all access restrictions within the database - superuser + status is dangerous and should be used only when really + needed. You must yourself be a superuser to create a new + superuser. Defaults is `false`. + type: boolean + validUntil: + description: Date and time after which the role's password + is no longer valid. When omitted, the password will never + expire (default). + format: date-time + type: string + required: + - name + type: object + type: array + type: object + maxSyncReplicas: + default: 0 + description: The target value for the synchronous replication quorum, + that can be decreased if the number of ready standbys is lower than + this. Undefined or 0 disable synchronous replication. + minimum: 0 + type: integer + minSyncReplicas: + default: 0 + description: Minimum number of instances required in synchronous replication + with the primary. Undefined or 0 allow writes to complete when no + standby is available. + minimum: 0 + type: integer + monitoring: + description: The configuration of the monitoring infrastructure of + this cluster + properties: + customQueriesConfigMap: + description: The list of config maps containing the custom queries + items: + description: ConfigMapKeySelector contains enough information + to let you locate the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + customQueriesSecret: + description: The list of secrets containing the custom queries + items: + description: SecretKeySelector contains enough information to + let you locate the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + disableDefaultQueries: + default: false + description: 'Whether the default queries should be injected. + Set it to `true` if you don''t want to inject default queries + into the cluster. Default: false.' + type: boolean + enablePodMonitor: + default: false + description: Enable or disable the `PodMonitor` + type: boolean + type: object + nodeMaintenanceWindow: + description: Define a maintenance window for the Kubernetes nodes + properties: + inProgress: + default: false + description: Is there a node maintenance activity in progress? + type: boolean + reusePVC: + default: true + description: Reuse the existing PVC (wait for the node to come + up again) or not (recreate it elsewhere - when `instances` >1) + type: boolean + required: + - inProgress + type: object + postgresGID: + default: 26 + description: The GID of the `postgres` user inside the image, defaults + to `26` + format: int64 + type: integer + postgresUID: + default: 26 + description: The UID of the `postgres` user inside the image, defaults + to `26` + format: int64 + type: integer + postgresql: + description: Configuration of the PostgreSQL server + properties: + ldap: + description: Options to specify LDAP configuration + properties: + bindAsAuth: + description: Bind as authentication configuration + properties: + prefix: + description: Prefix for the bind authentication option + type: string + suffix: + description: Suffix for the bind authentication option + type: string + type: object + bindSearchAuth: + description: Bind+Search authentication configuration + properties: + baseDN: + description: Root DN to begin the user search + type: string + bindDN: + description: DN of the user to bind to the directory + type: string + bindPassword: + description: Secret with the password for the user to + bind to the directory + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + searchAttribute: + description: Attribute to match against the username + type: string + searchFilter: + description: Search filter to use when doing the search+bind + authentication + type: string + type: object + port: + description: LDAP server port + type: integer + scheme: + description: LDAP schema to be used, possible options are + `ldap` and `ldaps` + enum: + - ldap + - ldaps + type: string + server: + description: LDAP hostname or IP address + type: string + tls: + description: Set to 'true' to enable LDAP over TLS. 'false' + is default + type: boolean + type: object + parameters: + additionalProperties: + type: string + description: PostgreSQL configuration options (postgresql.conf) + type: object + pg_hba: + description: PostgreSQL Host Based Authentication rules (lines + to be appended to the pg_hba.conf file) + items: + type: string + type: array + promotionTimeout: + description: Specifies the maximum number of seconds to wait when + promoting an instance to primary. Default value is 40000000, + greater than one year in seconds, big enough to simulate an + infinite timeout + format: int32 + type: integer + shared_preload_libraries: + description: Lists of shared preload libraries to add to the default + ones + items: + type: string + type: array + syncReplicaElectionConstraint: + description: Requirements to be met by sync replicas. This will + affect how the "synchronous_standby_names" parameter will be + set up. + properties: + enabled: + description: This flag enables the constraints for sync replicas + type: boolean + nodeLabelsAntiAffinity: + description: A list of node labels values to extract and compare + to evaluate if the pods reside in the same topology or not + items: + type: string + type: array + required: + - enabled + type: object + type: object + primaryUpdateMethod: + default: restart + description: 'Method to follow to upgrade the primary server during + a rolling update procedure, after all replicas have been successfully + updated: it can be with a switchover (`switchover`) or in-place + (`restart` - default)' + enum: + - switchover + - restart + type: string + primaryUpdateStrategy: + default: unsupervised + description: 'Strategy to follow to upgrade the primary server during + a rolling update procedure, after all replicas have been successfully + updated: it can be automated (`unsupervised` - default) or manual + (`supervised`)' + enum: + - unsupervised + - supervised + type: string + projectedVolumeTemplate: + description: Template to be used to define projected volumes, projected + volumes will be mounted under `/projected` base folder + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal values + for mode bits. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with other + supported volume types + properties: + configMap: + description: configMap information about the configMap data + to project + properties: + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If a + key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. If not specified, the volume + defaultMode will be used. This might be in conflict + with other options that affect the file mode, + like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data to + project + properties: + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced Secret will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the Secret, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. If not specified, the volume + defaultMode will be used. This might be in conflict + with other options that affect the file mode, + like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional field specify whether the Secret + or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the + serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience of the + token. A recipient of a token must identify itself + with an identifier specified in the audience of the + token, and otherwise should reject the token. The + audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested duration + of validity of the service account token. As the token + approaches expiration, the kubelet volume plugin will + proactively rotate the service account token. The + kubelet will start trying to rotate the token if the + token is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults to + 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + replica: + description: Replica cluster configuration + properties: + enabled: + description: If replica mode is enabled, this cluster will be + a replica of an existing cluster. Replica cluster can be created + from a recovery object store or via streaming through pg_basebackup. + Refer to the Replication page of the documentation for more + information. + type: boolean + source: + description: The name of the external cluster which is the replication + origin + minLength: 1 + type: string + required: + - source + type: object + replicationSlots: + description: Replication slots management configuration + properties: + highAvailability: + description: Replication slots for high availability configuration + properties: + enabled: + default: false + description: If enabled, the operator will automatically manage + replication slots on the primary instance and use them in + streaming replication connections with all the standby instances + that are part of the HA cluster. If disabled (default), + the operator will not take advantage of replication slots + in streaming connections with the replicas. This feature + also controls replication slots in replica cluster, from + the designated primary to its cascading replicas. This can + only be set at creation time. + type: boolean + slotPrefix: + default: _cnpg_ + description: Prefix for replication slots managed by the operator + for HA. It may only contain lower case letters, numbers, + and the underscore character. This can only be set at creation + time. By default set to `_cnpg_`. + pattern: ^[0-9a-z_]*$ + type: string + type: object + updateInterval: + default: 30 + description: Standby will update the status of the local replication + slots every `updateInterval` seconds (default 30). + minimum: 1 + type: integer + type: object + resources: + description: Resources requirements of every generated Pod. Please + refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + for more information. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + seccompProfile: + description: 'The SeccompProfile applied to every Pod and Container. + Defaults to: `RuntimeDefault`' + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a + file on the node should be used. The profile must be preconfigured + on the node to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. Must only + be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile will + be applied. Valid options are: \n Localhost - a profile defined + in a file on the node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined - no profile + should be applied." + type: string + required: + - type + type: object + serviceAccountTemplate: + description: Configure the generation of the service account + properties: + metadata: + description: Metadata are the metadata to be used for the generated + service account + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - metadata + type: object + startDelay: + default: 30 + description: The time in seconds that is allowed for a PostgreSQL + instance to successfully start up (default 30) + format: int32 + type: integer + stopDelay: + default: 30 + description: The time in seconds that is allowed for a PostgreSQL + instance to gracefully shutdown (default 30) + format: int32 + type: integer + storage: + description: Configuration of the storage of the instances + properties: + pvcTemplate: + description: Template to be used to generate the Persistent Volume + Claim + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not + be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed + if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will + replace the functionality of the dataSource field and as + such if both fields are non-empty, they must have the same + value. For backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource and + dataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and generates + an error if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource being + referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object is + required in the referent namespace to allow that namespace's + owner to accept the reference. See the ReferenceGrant + documentation for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the + volume should have. If RecoverVolumeExpansionFailure feature + is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher + than capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: Size of the storage. Required if not already specified + in the PVC template. Changes to this field are automatically + reapplied to the created PVCs. Size cannot be decreased. + type: string + storageClass: + description: StorageClass to use for database data (`PGDATA`). + Applied after evaluating the PVC template, if available. If + not specified, generated PVCs will be satisfied by the default + storage class + type: string + type: object + superuserSecret: + description: The secret containing the superuser password. If not + defined a new secret will be created with a randomly generated password + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + switchoverDelay: + default: 40000000 + description: The time in seconds that is allowed for a primary PostgreSQL + instance to gracefully shutdown during a switchover. Default value + is 40000000, greater than one year in seconds, big enough to simulate + an infinite delay + format: int32 + type: integer + walStorage: + description: Configuration of the storage for PostgreSQL WAL (Write-Ahead + Log) + properties: + pvcTemplate: + description: Template to be used to generate the Persistent Volume + Claim + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not + be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed + if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will + replace the functionality of the dataSource field and as + such if both fields are non-empty, they must have the same + value. For backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource and + dataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and generates + an error if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource being + referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object is + required in the referent namespace to allow that namespace's + owner to accept the reference. See the ReferenceGrant + documentation for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the + volume should have. If RecoverVolumeExpansionFailure feature + is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher + than capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: Size of the storage. Required if not already specified + in the PVC template. Changes to this field are automatically + reapplied to the created PVCs. Size cannot be decreased. + type: string + storageClass: + description: StorageClass to use for database data (`PGDATA`). + Applied after evaluating the PVC template, if available. If + not specified, generated PVCs will be satisfied by the default + storage class + type: string + type: object + required: + - instances + type: object + status: + description: 'Most recently observed status of the cluster. This data + may not be up to date. Populated by the system. Read-only. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + azurePVCUpdateEnabled: + description: AzurePVCUpdateEnabled shows if the PVC online upgrade + is enabled for this cluster + type: boolean + certificates: + description: The configuration for the CA and related certificates, + initialized with defaults. + properties: + clientCASecret: + description: 'The secret containing the Client CA certificate. + If not defined, a new secret will be created with a self-signed + CA and will be used to generate all the client certificates.

Contains:

- `ca.crt`: CA that should + be used to validate the client certificates, used as `ssl_ca_file` + of all the instances.
- `ca.key`: key used to generate + client certificates, if ReplicationTLSSecret is provided, this + can be omitted.
' + type: string + expirations: + additionalProperties: + type: string + description: Expiration dates for all certificates. + type: object + replicationTLSSecret: + description: The secret of type kubernetes.io/tls containing the + client certificate to authenticate as the `streaming_replica` + user. If not defined, ClientCASecret must provide also `ca.key`, + and a new secret will be created using the provided CA. + type: string + serverAltDNSNames: + description: The list of the server alternative DNS names to be + added to the generated server TLS certificates, when required. + items: + type: string + type: array + serverCASecret: + description: 'The secret containing the Server CA certificate. + If not defined, a new secret will be created with a self-signed + CA and will be used to generate the TLS certificate ServerTLSSecret.

Contains:

- `ca.crt`: CA that should + be used to validate the server certificate, used as `sslrootcert` + in client connection strings.
- `ca.key`: key used to + generate Server SSL certs, if ServerTLSSecret is provided, this + can be omitted.
' + type: string + serverTLSSecret: + description: The secret of type kubernetes.io/tls containing the + server TLS certificate and key that will be set as `ssl_cert_file` + and `ssl_key_file` so that clients can connect to postgres securely. + If not defined, ServerCASecret must provide also `ca.key` and + a new secret will be created using the provided CA. + type: string + type: object + cloudNativePGCommitHash: + description: The commit hash number of which this operator running + type: string + cloudNativePGOperatorHash: + description: The hash of the binary of the operator + type: string + conditions: + description: Conditions for cluster object + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configMapResourceVersion: + description: The list of resource versions of the configmaps, managed + by the operator. Every change here is done in the interest of the + instance manager, which will refresh the configmap data + properties: + metrics: + additionalProperties: + type: string + description: A map with the versions of all the config maps used + to pass metrics. Map keys are the config map names, map values + are the versions + type: object + type: object + currentPrimary: + description: Current primary instance + type: string + currentPrimaryFailingSinceTimestamp: + description: The timestamp when the primary was detected to be unhealthy + This field is reported when spec.failoverDelay is populated or during + online upgrades + type: string + currentPrimaryTimestamp: + description: The timestamp when the last actual promotion to primary + has occurred + type: string + danglingPVC: + description: List of all the PVCs created by this cluster and still + available which are not attached to a Pod + items: + type: string + type: array + firstRecoverabilityPoint: + description: The first recoverability point, stored as a date in RFC3339 + format + type: string + healthyPVC: + description: List of all the PVCs not dangling nor initializing + items: + type: string + type: array + initializingPVC: + description: List of all the PVCs that are being initialized by this + cluster + items: + type: string + type: array + instanceNames: + description: List of instance names in the cluster + items: + type: string + type: array + instances: + description: The total number of PVC Groups detected in the cluster. + It may differ from the number of existing instance pods. + type: integer + instancesReportedState: + additionalProperties: + description: InstanceReportedState describes the last reported state + of an instance during a reconciliation loop + properties: + isPrimary: + description: indicates if an instance is the primary one + type: boolean + timeLineID: + description: indicates on which TimelineId the instance is + type: integer + required: + - isPrimary + type: object + description: The reported state of the instances during the last reconciliation + loop + type: object + instancesStatus: + additionalProperties: + items: + type: string + type: array + description: InstancesStatus indicates in which status the instances + are + type: object + jobCount: + description: How many Jobs have been created by this cluster + format: int32 + type: integer + lastFailedBackup: + description: Stored as a date in RFC3339 format + type: string + lastSuccessfulBackup: + description: Stored as a date in RFC3339 format + type: string + latestGeneratedNode: + description: ID of the latest generated node (used to avoid node name + clashing) + type: integer + managedRolesStatus: + description: ManagedRolesStatus reports the state of the managed roles + in the cluster + properties: + byStatus: + additionalProperties: + items: + type: string + type: array + description: ByStatus gives the list of roles in each state + type: object + cannotReconcile: + additionalProperties: + items: + type: string + type: array + description: CannotReconcile lists roles that cannot be reconciled + in PostgreSQL, with an explanation of the cause + type: object + passwordStatus: + additionalProperties: + description: PasswordState represents the state of the password + of a managed RoleConfiguration + properties: + resourceVersion: + description: the resource version of the password secret + type: string + transactionID: + description: the last transaction ID to affect the role + definition in PostgreSQL + format: int64 + type: integer + type: object + description: PasswordStatus gives the last transaction id and + password secret version for each managed role + type: object + type: object + onlineUpdateEnabled: + description: OnlineUpdateEnabled shows if the online upgrade is enabled + inside the cluster + type: boolean + phase: + description: Current phase of the cluster + type: string + phaseReason: + description: Reason for the current phase + type: string + poolerIntegrations: + description: The integration needed by poolers referencing the cluster + properties: + pgBouncerIntegration: + description: PgBouncerIntegrationStatus encapsulates the needed + integration for the pgbouncer poolers referencing the cluster + properties: + secrets: + items: + type: string + type: array + type: object + type: object + pvcCount: + description: How many PVCs have been created by this cluster + format: int32 + type: integer + readService: + description: Current list of read pods + type: string + readyInstances: + description: The total number of ready instances in the cluster. It + is equal to the number of ready instance pods. + type: integer + resizingPVC: + description: List of all the PVCs that have ResizingPVC condition. + items: + type: string + type: array + secretsResourceVersion: + description: The list of resource versions of the secrets managed + by the operator. Every change here is done in the interest of the + instance manager, which will refresh the secret data + properties: + applicationSecretVersion: + description: The resource version of the "app" user secret + type: string + barmanEndpointCA: + description: The resource version of the Barman Endpoint CA if + provided + type: string + caSecretVersion: + description: Unused. Retained for compatibility with old versions. + type: string + clientCaSecretVersion: + description: The resource version of the PostgreSQL client-side + CA secret version + type: string + managedRoleSecretVersion: + additionalProperties: + type: string + description: The resource versions of the managed roles secrets + type: object + metrics: + additionalProperties: + type: string + description: A map with the versions of all the secrets used to + pass metrics. Map keys are the secret names, map values are + the versions + type: object + replicationSecretVersion: + description: The resource version of the "streaming_replica" user + secret + type: string + serverCaSecretVersion: + description: The resource version of the PostgreSQL server-side + CA secret version + type: string + serverSecretVersion: + description: The resource version of the PostgreSQL server-side + secret version + type: string + superuserSecretVersion: + description: The resource version of the "postgres" user secret + type: string + type: object + targetPrimary: + description: Target primary instance, this is different from the previous + one during a switchover or a failover + type: string + targetPrimaryTimestamp: + description: The timestamp when the last request for a new primary + has occurred + type: string + timelineID: + description: The timeline of the Postgres cluster + type: integer + topology: + description: Instances topology. + properties: + instances: + additionalProperties: + additionalProperties: + type: string + description: PodTopologyLabels represent the topology of a Pod. + map[labelName]labelValue + type: object + description: Instances contains the pod topology of the instances + type: object + successfullyExtracted: + description: SuccessfullyExtracted indicates if the topology data + was extract. It is useful to enact fallback behaviors in synchronous + replica election in case of failures + type: boolean + type: object + unusablePVC: + description: List of all the PVCs that are unusable because another + PVC is missing + items: + type: string + type: array + writeService: + description: Current write pod + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.instances + statusReplicasPath: .status.instances + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: poolers.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Pooler + listKind: PoolerList + plural: poolers + singular: pooler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .spec.type + name: Type + type: string + name: v1 + schema: + openAPIV3Schema: + description: Pooler is the Schema for the poolers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PoolerSpec defines the desired state of Pooler + properties: + cluster: + description: This is the cluster reference on which the Pooler will + work. Pooler name should never match with any cluster name within + the same namespace. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + instances: + default: 1 + description: The number of replicas we want + format: int32 + type: integer + pgbouncer: + description: The PgBouncer configuration + properties: + authQuery: + description: 'The query that will be used to download the hash + of the password of a certain user. Default: "SELECT usename, + passwd FROM user_search($1)". In case it is specified, also + an AuthQuerySecret has to be specified and no automatic CNPG + Cluster integration will be triggered.' + type: string + authQuerySecret: + description: The credentials of the user that need to be used + for the authentication query. In case it is specified, also + an AuthQuery (e.g. "SELECT usename, passwd FROM pg_shadow WHERE + usename=$1") has to be specified and no automatic CNPG Cluster + integration will be triggered. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + parameters: + additionalProperties: + type: string + description: Additional parameters to be passed to PgBouncer - + please check the CNPG documentation for a list of options you + can configure + type: object + paused: + default: false + description: When set to `true`, PgBouncer will disconnect from + the PostgreSQL server, first waiting for all queries to complete, + and pause all new client connections until this value is set + to `false` (default). Internally, the operator calls PgBouncer's + `PAUSE` and `RESUME` commands. + type: boolean + pg_hba: + description: PostgreSQL Host Based Authentication rules (lines + to be appended to the pg_hba.conf file) + items: + type: string + type: array + poolMode: + default: session + description: The pool mode + enum: + - session + - transaction + type: string + required: + - poolMode + type: object + template: + description: The template of the Pod to be created + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least + one container in a Pod. Cannot be updated. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on + the default "0.0.0.0" address inside a container will + be accessible from the network. Modifying this array + with strategic merge patch may corrupt the data. For + more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields + of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If + this probe fails, the Pod will be restarted, just + as if the livenessProbe failed. This can be used to + provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time + to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + Ephemeral containers may be run in an existing pod to perform + user-initiated actions such as debugging. This list cannot + be specified when creating a pod, and it cannot be modified + by updating the pod spec. In order to add an ephemeral container + to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated + activities such as debugging. Ephemeral containers have + no resource or scheduling guarantees, and they will not + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted." + properties: + args: + description: 'Arguments to the entrypoint. The image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The image''s ENTRYPOINT is used if this is + not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a + variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among all + containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral + containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines the + security options the ephemeral container should be + run with. If set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + targetContainerName: + description: "If set, the name of the container from + PodSpec that this ephemeral container targets. The + ephemeral container will be run in the namespaces + (IPC, PID, etc) of this container. If not set then + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be + run in the host user namespace, useful for when the pod + needs a feature only available to the host user namespace, + such as loading a kernel module with CAP_SYS_MODULE. When + set to false, a new userns is created for the pod. Setting + false is useful for mitigating container breakout vulnerabilities + even allowing users to run their containers as root without + actually having root privileges on the host. This field + is alpha-level and is only honored by servers that enable + the UserNamespacesSupport feature.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order prior + to containers being started. If any init container fails, + the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or + normal container must be unique among all containers. Init + containers may not have Lifecycle actions, Readiness probes, + Liveness probes, or Startup probes. The resourceRequirements + of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, + and then using the max of of that value or the sum of the + normal containers. Limits are applied to init containers + in a similar fashion. Init containers cannot currently be + added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on + the default "0.0.0.0" address inside a container will + be accessible from the network. Modifying this array + with strategic merge patch may corrupt the data. For + more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields + of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If + this probe fails, the Pod will be restarted, just + as if the livenessProbe failed. This can be used to + provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time + to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims + must be allocated and reserved before the Pod is allowed + to start. The resources will be made available to those + containers which consume them by name. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely + identifies the ResourceClaim inside the Pod. Containers + that need access to the ResourceClaim reference it with + this name. + properties: + name: + description: Name uniquely identifies this resource + claim inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a + ResourceClaim object in the same namespace as + this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name + of a ResourceClaimTemplate object in the same + namespace as this pod. \n The template will be + used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, + the ResourceClaim will also be deleted. The name + of the ResourceClaim will be -, where is the PodResourceClaim.Name. + Pod validation will reject the pod if the concatenated + name is not valid for a ResourceClaim (e.g. too + long). \n An existing ResourceClaim with that + name that is not owned by the pod will not be + used for the pod to avoid using an unrelated resource + by mistake. Scheduling and pod startup are then + blocked until the unrelated ResourceClaim is removed. + \n This field is immutable and no changes will + be made to the corresponding ResourceClaim by + the control plane after creating the ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: 'Restart policy for all containers within the + pod. One of Always, OnFailure, Never. Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values + that if specified will block scheduling the pod. More info: + \ https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + \n This is an alpha-level feature enabled by PodSchedulingReadiness + feature gate." + items: + description: PodSchedulingGate is associated to a Pod to + guard its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set + when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are not included + in this list. Note that this field cannot be set when + spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias + for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are ANDed with + labelSelector to select the group of existing pods + over which spreading will be calculated for the incoming + pod. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or zero + if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as + 2/2/1: In this case, the global minimum is 1. | zone1 + | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 + to become 2/2/2; scheduling it onto zone1(zone2) would + make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto + any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible domains + with matching topology keys is less than minDomains, + Pod Topology Spread treats \"global minimum\" as 0, + and then the calculation of Skew is performed. And + when the number of eligible domains with matching + topology keys equals or greater than minDomains, this + value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to + those domains. If value is nil, the constraint behaves + as if MinDomains is equal to 1. Valid values are integers + greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone + cluster, MaxSkew is set to 2, MinDomains is set to + 5 and pods with the same labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), + so \"global minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod + is scheduled to any of the three zones, it will violate + MaxSkew. \n This is a beta field and requires the + MinDomainsInPodTopologySpread feature gate to be enabled + (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will + treat Pod's nodeAffinity/nodeSelector when calculating + pod topology spread skew. Options are: - Honor: only + nodes matching nodeAffinity/nodeSelector are included + in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology spread + skew. Options are: - Honor: nodes without taints, + along with tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: node taints + are ignored. All nodes are included. \n If this value + is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. We + define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose + nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node + assignment for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS + Disk resource that is attached to a kubelet''s host + machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the + readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: fsType is Filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is + a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is + reference to the authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados + user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a + secret object containing parameters used to connect + to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference + to the secret object containing sensitive information + to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no + secret is required. If the secret object contains + more than one secret, all secret references are + passed. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for supported + values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage + medium should back this directory. The default + is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local + storage required for this EmptyDir volume. The + size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that + the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is + handled by a cluster storage driver. The volume's + lifecycle is tied to the pod that defines it - it + will be created before the pod starts, and deleted + when the pod is removed. \n Use this if: a) the volume + is only needed while the pod runs, b) features of + normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified + through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on + the connection between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the + lifecycle of an individual pod. \n Use CSI for light-weight + local ephemeral volumes if the CSI driver is meant + to be used that way - see the documentation of the + driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes + at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone + PVC to provision the volume. The pod in which + this EphemeralVolumeSource is embedded will be + the owner of the PVC, i.e. the PVC will be deleted + together with the pod. The name of the PVC will + be `-` where `` + is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too + long). \n An existing PVC with that name that + is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by + mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created + PVC is meant to be used by the pod, the PVC has + to updated with an owner reference to the pod + once the pod exists. Normally this should not + be necessary, but it may be useful when manually + reconstructing a broken cluster. \n This field + is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, + must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be + rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into + the PVC that gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, + it will create a new volume based on the + contents of the specified data source. + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed if the + type of the specified object matches some + installed volume populator or dynamic + provisioner. This field will replace the + functionality of the dataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the + same value automatically if one of them + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates an + error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide + identifiers (wwids) Either wwids or combination + of targetWWNs and lun must be set, but not both + simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume + resource that is provisioned/attached using an exec + based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is + reference to the secret object containing sensitive + information to pass to the plugin scripts. This + may be empty if no secret object is specified. + If the secret object contains more than one secret, + all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset for + Flocker should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at + a particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo + using git, then mount the EmptyDir into the Pod''s + container.' + properties: + directory: + description: directory is the target directory name. + Must not contain or start with '..'. If '.' is + supplied, the volume directory will be the git + repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory + with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly + exposed to the container. This is generally used for + system agents or other privileged things that are + allowed to see the host machine. Most containers will + NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use + host directory mounts and who can/can not mount host + directories as read/write.' + properties: + path: + description: 'path of the directory on the host. + If the path is a symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name + that uses an iSCSI transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP + ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. + The Portal is either an IP or ip_addr:port if + the port is other than default (typically TCP + ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same + namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path + are not affected by this setting. This might be + in conflict with other options that affect the + file mode, like fsGroup, and the result can be + other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced ConfigMap will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, + JSON requires decimal values for + mode bits. If not specified, the + volume defaultMode will be used. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu and + requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced Secret will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended + audience of the token. A recipient of + a token must identify itself with an + identifier specified in the audience + of the token, and otherwise should reject + the token. The audience defaults to + the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the + requested duration of validity of the + service account token. As the token + approaches expiration, the kubelet volume + plugin will proactively rotate the service + account token. The kubelet will start + trying to rotate the token if the token + is older than 80 percent of its time + to live or if the token is older than + 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file to project + the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default + is no group + type: string + readOnly: + description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults + to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: + description: 'image is the rados image name. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default + is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default + is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation will + fail. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume + already created in the ScaleIO system that is + associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret + in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope + of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping + to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default + behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do + not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: + default: rw + description: Which instances we must forward traffic to? + enum: + - rw + - ro + type: string + required: + - cluster + - instances + - pgbouncer + - type + type: object + status: + description: PoolerStatus defines the observed state of Pooler + properties: + instances: + description: The number of pods trying to be scheduled + format: int32 + type: integer + secrets: + description: The resource version of the config object + properties: + clientCA: + description: The client CA secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + pgBouncerSecrets: + description: The version of the secrets used by PgBouncer + properties: + authQuery: + description: The auth query secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + type: object + serverCA: + description: The server CA secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + serverTLS: + description: The server TLS secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.instances + statusReplicasPath: .status.instances + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: scheduledbackups.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: ScheduledBackup + listKind: ScheduledBackupList + plural: scheduledbackups + singular: scheduledbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .status.lastScheduleTime + name: Last Backup + type: date + name: v1 + schema: + openAPIV3Schema: + description: ScheduledBackup is the Schema for the scheduledbackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ScheduledBackup. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + backupOwnerReference: + default: none + description: 'Indicates which ownerReference should be put inside + the created backup resources.
- none: no owner reference for + created backup objects (same behavior as before the field was introduced)
- self: sets the Scheduled backup object as owner of the backup
- cluster: set the cluster as owner of the backup
' + enum: + - none + - self + - cluster + type: string + cluster: + description: The cluster to backup + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + immediate: + description: If the first backup has to be immediately start after + creation or not + type: boolean + schedule: + description: The schedule does not follow the same format used in + Kubernetes CronJobs as it includes an additional seconds specifier, + see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format + type: string + suspend: + description: If this backup is suspended or not + type: boolean + target: + description: The policy to decide which instance should perform this + backup. If empty, it defaults to `cluster.spec.backup.target`. Available + options are empty string, `primary` and `prefer-standby`. `primary` + to have backups run always on primary instances, `prefer-standby` + to have backups run preferably on the most updated standby, if available. + enum: + - primary + - prefer-standby + type: string + required: + - schedule + type: object + status: + description: 'Most recently observed status of the ScheduledBackup. This + data may not be up to date. Populated by the system. Read-only. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + lastCheckTime: + description: The latest time the schedule + format: date-time + type: string + lastScheduleTime: + description: Information when was the last time that backup was successfully + scheduled. + format: date-time + type: string + nextScheduleTime: + description: Next time we will run a backup + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/cloudnative-pg/2.0.0/values.yaml b/operators/cloudnative-pg/2.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/metallb/10.0.0/CHANGELOG.md b/operators/metallb/10.0.0/CHANGELOG.md new file mode 100644 index 00000000000..ee870ba3360 --- /dev/null +++ b/operators/metallb/10.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [metallb-10.0.0](https://github.com/truecharts/charts/compare/metallb-9.0.14...metallb-10.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [metallb-9.0.14](https://github.com/truecharts/charts/compare/metallb-9.0.13...metallb-9.0.14) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [metallb-9.0.13](https://github.com/truecharts/charts/compare/metallb-9.0.12...metallb-9.0.13) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [metallb-9.0.12](https://github.com/truecharts/charts/compare/metallb-9.0.11...metallb-9.0.12) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + - pin dependencies ([#9469](https://github.com/truecharts/charts/issues/9469)) + + + + +## [metallb-9.0.11](https://github.com/truecharts/charts/compare/metallb-9.0.10...metallb-9.0.11) (2023-06-08) + + + + +## [metallb-9.0.10](https://github.com/truecharts/charts/compare/metallb-9.0.9...metallb-9.0.10) (2023-06-08) + +### Chore + +- move container references to tccr.io + + + + +## [metallb-9.0.9](https://github.com/truecharts/charts/compare/metallb-9.0.8...metallb-9.0.9) (2023-06-07) + +### Fix + +- set to rolling updates ([#9458](https://github.com/truecharts/charts/issues/9458)) + + + + +## [metallb-9.0.8](https://github.com/truecharts/charts/compare/metallb-9.0.7...metallb-9.0.8) (2023-06-07) + +### Chore + +- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457)) + + + + +## [metallb-9.0.7](https://github.com/truecharts/charts/compare/metallb-9.0.6...metallb-9.0.7) (2023-06-07) + +### Chore + +- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423)) + - update helm chart common to 12.12.1 ([#9349](https://github.com/truecharts/charts/issues/9349)) + - update helm chart common to 12.12.0 ([#9334](https://github.com/truecharts/charts/issues/9334)) + - update container image quay.io/metallb/controller to v0.13.10 ([#9304](https://github.com/truecharts/charts/issues/9304)) + - update container image quay.io/metallb/speaker to v0.13.10 ([#9305](https://github.com/truecharts/charts/issues/9305)) + + + + +## [metallb-9.0.6](https://github.com/truecharts/charts/compare/metallb-9.0.5...metallb-9.0.6) (2023-06-01) + +### Chore + +- update helm chart common to 12.10.10 ([#9300](https://github.com/truecharts/charts/issues/9300)) + + + + +## [metallb-9.0.5](https://github.com/truecharts/charts/compare/metallb-9.0.4...metallb-9.0.5) (2023-05-30) + diff --git a/operators/metallb/10.0.0/Chart.yaml b/operators/metallb/10.0.0/Chart.yaml new file mode 100644 index 00000000000..bd04d1f1fe2 --- /dev/null +++ b/operators/metallb/10.0.0/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "0.13.10" +deprecated: false +description: A network load-balancer implementation for Kubernetes using standard routing protocols +home: https://truecharts.org/charts/operators/metallb +icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb.png +keywords: + - metallb + - loadbalancer +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: metallb +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/metallb + - https://github.com/metallb/metallb + - https://metallb.universe.tf +type: application +version: 10.0.0 +annotations: + truecharts.org/catagories: | + - operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/metallb/10.0.0/LICENSE b/operators/metallb/10.0.0/LICENSE new file mode 100644 index 00000000000..4dfe12ac30e --- /dev/null +++ b/operators/metallb/10.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/metallb/10.0.0/README.md b/operators/metallb/10.0.0/README.md new file mode 100644 index 00000000000..2af65573319 --- /dev/null +++ b/operators/metallb/10.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/metallb/10.0.0/app-changelog.md b/operators/metallb/10.0.0/app-changelog.md new file mode 100644 index 00000000000..e91bcd797ea --- /dev/null +++ b/operators/metallb/10.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [metallb-10.0.0](https://github.com/truecharts/charts/compare/metallb-9.0.14...metallb-10.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/operators/metallb/10.0.0/app-readme.md b/operators/metallb/10.0.0/app-readme.md new file mode 100644 index 00000000000..ef8e745914c --- /dev/null +++ b/operators/metallb/10.0.0/app-readme.md @@ -0,0 +1,8 @@ +A network load-balancer implementation for Kubernetes using standard routing protocols + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/metallb](https://truecharts.org/charts/operators/metallb) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/metallb/10.0.0/charts/common-13.2.0.tgz b/operators/metallb/10.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/operators/metallb/10.0.0/ix_values.yaml b/operators/metallb/10.0.0/ix_values.yaml new file mode 100644 index 00000000000..5c03bb3d62c --- /dev/null +++ b/operators/metallb/10.0.0/ix_values.yaml @@ -0,0 +1,347 @@ +image: + repository: tccr.io/truecharts/metallb-controller + tag: v0.13.10@sha256:ceb5bd0146b4e956504165d5ceb1733e316056b19e4fa41d3cb4b9b43b880eba + pullPolicy: +speakerImage: + repository: tccr.io/truecharts/metallb-speaker + tag: v0.13.10@sha256:b17cabf528526004299a1f533a314ce03b42add607b63248412c316c2085734b + pullPolicy: + +workload: + main: + strategy: RollingUpdate + labels: + app.kubernetes.io/component: controller + podSpec: + labels: + app.kubernetes.io/component: controller + containers: + main: + args: + - --port=7472 + - --log-level=all + - --cert-service-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }} + - --webhook-mode=enabled + probes: + liveness: + port: controllermon + path: /metrics + readiness: + port: controllermon + path: /metrics + startup: + port: controllermon + type: tcp + env: + METALLB_ML_SECRET_NAME: "memberlist" + METALLB_DEPLOYMENT: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + METALLB_NAMESPACE: "{{$.Release.Namespace}}" + + speaker: + enabled: true + type: DaemonSet + strategy: RollingUpdate + labels: + app.kubernetes.io/component: controller + podSpec: + labels: + app.kubernetes.io/component: controller + shareProcessNamespace: true + hostNetwork: true + containers: + speaker: + enabled: true + primary: true + imageSelector: speakerImage + args: + - --port=7473 + - --log-level=all + probes: + liveness: + port: speakermon + path: /metrics + readiness: + port: speakermon + path: /metrics + startup: + port: speakermon + type: tcp + env: + METALLB_NODE_NAME: + fieldRef: + fieldPath: spec.nodeName + METALLB_HOST: + fieldRef: + fieldPath: status.hostIP + METALLB_ML_BIND_ADDR: + fieldRef: + fieldPath: status.podIP + METALLB_ML_LABELS: "release={{ $.Release.Name }},app.kubernetes.io/component=speaker" + METALLB_ML_BIND_PORT: "{{ $.Values.service.memberlist.ports.memberlisttcp.port }}" + METALLB_ML_SECRET_KEY_PATH: "/etc/ml_secret_key" + METALLB_NAMESPACE: "{{$.Release.Namespace}}" + securityContext: + runAsUser: 0 + capabilities: + add: + - NET_RAW + +podOptions: + automountServiceAccountToken: true + +service: + main: + ports: + main: + port: 443 + targetPort: 9443 + memberlist: + enabled: true + targetSelector: speaker + ports: + memberlisttcp: + enabled: true + protocol: tcp + port: 7946 + memberlistudp: + enabled: true + protocol: udp + port: 7946 + speakermon: + enabled: true + targetSelector: speaker + clusterIP: None + ports: + speakermon: + enabled: true + port: 7473 + controllermon: + enabled: true + clusterIP: None + ports: + controllermon: + enabled: true + port: 7472 + +operator: + register: true + +configmap: + metallb-excludel2: + enabled: true + data: + excludel2.yaml: | + announcedInterfacesToExclude: + - docker.* + - cbr.* + - dummy.* + - virbr.* + - lxcbr.* + - veth.* + - lo + - ^cali.* + - ^tunl.* + - flannel.* + - kube-ipvs.* + - cni.* + - ^nodelocaldns.* + +persistence: + webhook-server-cert: + enabled: true + type: secret + objectName: webhook-server-cert + expandObjectName: false + defaultMode: "0420" + readOnly: true + targetSelector: + main: + main: + mountPath: "/tmp/k8s-webhook-server/serving-certs" + metallb-excludel2: + enabled: "{{ if $.Values.speaker.excludeInterfaces.enabled }}true{{ else }}false{{ end }}" + type: configmap + objectName: metallb-excludel2 + defaultMode: "0256" + readOnly: true + targetSelector: + speaker: + speaker: + mountPath: "/etc/metallb" + memberlist: + enabled: true + type: secret + objectName: memberlist + expandObjectName: false + defaultMode: "0420" + targetSelector: + speaker: + speaker: + mountPath: "/etc/ml_secret_key" +portal: + open: + enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + allServiceAccounts: true + rules: + - apiGroups: [""] + resources: ["services", "endpoints", "nodes", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resourceNames: ["metallb-webhook-configuration"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + resourceNames: + [ + "addresspools.metallb.io", + "bfdprofiles.metallb.io", + "bgpadvertisements.metallb.io", + "bgppeers.metallb.io", + "ipaddresspools.metallb.io", + "l2advertisements.metallb.io", + "communities.metallb.io", + ] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + controller: + enabled: true + primary: false + clusterWide: false + serviceAccounts: + - main + rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["metallb.io"] + resources: ["addresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["ipaddresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgppeers"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["bgpadvertisements"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["l2advertisements"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["communities"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bfdprofiles"] + verbs: ["get", "list", "watch"] + pod-lister: + enabled: true + primary: false + clusterWide: false + serviceAccounts: + - speaker + rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["addresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bfdprofiles"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgppeers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["l2advertisements"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgpadvertisements"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["ipaddresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["communities"] + verbs: ["get", "list", "watch"] + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + targetSelector: + - main + speaker: + enabled: true + primary: false + targetSelector: + - speaker + +# controller contains configuration specific to the MetalLB cluster +# controller. +controller: + enabled: true + # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + # command: /controller + # webhookMode: enabled + +# speaker contains configuration specific to the MetalLB speaker +# daemonset. +speaker: + enabled: true + # command: /speaker + # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + tolerateMaster: true + excludeInterfaces: + enabled: true + +validationFailurePolicy: Fail + +manifestManager: + enabled: false diff --git a/operators/metallb/10.0.0/questions.yaml b/operators/metallb/10.0.0/questions.yaml new file mode 100644 index 00000000000..e4653ab8c34 --- /dev/null +++ b/operators/metallb/10.0.0/questions.yaml @@ -0,0 +1,45 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false diff --git a/operators/metallb/10.0.0/templates/NOTES.txt b/operators/metallb/10.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/operators/metallb/10.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/metallb/10.0.0/templates/_webhooks.tpl b/operators/metallb/10.0.0/templates/_webhooks.tpl new file mode 100644 index 00000000000..4f7e7fe4aec --- /dev/null +++ b/operators/metallb/10.0.0/templates/_webhooks.tpl @@ -0,0 +1,162 @@ +{{- define "metallb.webhooks" -}} +{{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: metallb-webhook-configuration + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-addresspool + failurePolicy: {{ .Values.validationFailurePolicy }} + name: addresspoolvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - addresspools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta2-bgppeer + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bgppeervalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - bgppeers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-ipaddresspool + failurePolicy: {{ .Values.validationFailurePolicy }} + name: ipaddresspoolvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresspools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-bgpadvertisement + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bgpadvertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bgpadvertisements + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-community + failurePolicy: {{ .Values.validationFailurePolicy }} + name: communityvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - communities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-bfdprofile + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bfdprofilevalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - DELETE + resources: + - bfdprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-l2advertisement + failurePolicy: {{ .Values.validationFailurePolicy }} + name: l2advertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - l2advertisements + sideEffects: None +--- +apiVersion: v1 +kind: Secret +metadata: + name: webhook-server-cert + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/operators/metallb/10.0.0/templates/common.yaml b/operators/metallb/10.0.0/templates/common.yaml new file mode 100644 index 00000000000..7199968d14c --- /dev/null +++ b/operators/metallb/10.0.0/templates/common.yaml @@ -0,0 +1,7 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "metallb.webhooks" . -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/metallb/10.0.0/templates/crds.yaml b/operators/metallb/10.0.0/templates/crds.yaml new file mode 100644 index 00000000000..fe28279e74b --- /dev/null +++ b/operators/metallb/10.0.0/templates/crds.yaml @@ -0,0 +1,1233 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: addresspools.metallb.io +spec: + group: metallb.io + names: + kind: AddressPool + listKind: AddressPoolList + plural: addresspools + singular: addresspool + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1alpha1", "v1beta1"] + clientConfig: + # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds + # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + namespace: {{ .Release.Namespace }} + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + path: /convert + versions: + - deprecated: true + deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated + name: v1alpha1 + schema: + openAPIV3Schema: + description: AddressPool is the Schema for the addresspools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddressPoolSpec defines the desired state of AddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + bgpAdvertisements: + description: When an IP is allocated from this pool, how should it + be translated into BGP announcements? + items: + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets + you “roll up” the /32s into a larger prefix. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: Optional, defaults to 128 (i.e. no aggregation) + if not specified. + format: int32 + type: integer + communities: + description: BGP communities + items: + type: string + type: array + localPref: + description: BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over + one with lower localpref. + format: int32 + type: integer + type: object + type: array + protocol: + description: Protocol can be used to select how the announcement is + done. + enum: + - layer2 + - bgp + type: string + required: + - addresses + - protocol + type: object + status: + description: AddressPoolStatus defines the observed state of AddressPool. + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - deprecated: true + deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using + IPAddressPool + name: v1beta1 + schema: + openAPIV3Schema: + description: AddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. AddressPool is deprecated and being replaced by + IPAddressPool. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddressPoolSpec defines the desired state of AddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + bgpAdvertisements: + description: Drives how an IP allocated from this pool should translated + into BGP announcements. + items: + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets + you “roll up” the /32s into a larger prefix. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: Optional, defaults to 128 (i.e. no aggregation) + if not specified. + format: int32 + type: integer + communities: + description: BGP communities to be associated with the given + advertisement. + items: + type: string + type: array + localPref: + description: BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over + one with lower localpref. + format: int32 + type: integer + type: object + type: array + protocol: + description: Protocol can be used to select how the announcement is + done. + enum: + - layer2 + - bgp + type: string + required: + - addresses + - protocol + type: object + status: + description: AddressPoolStatus defines the observed state of AddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bfdprofiles.metallb.io +spec: + group: metallb.io + names: + kind: BFDProfile + listKind: BFDProfileList + plural: bfdprofiles + singular: bfdprofile + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BFDProfile represents the settings of the bfd session that can + be optionally associated with a BGP session. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BFDProfileSpec defines the desired state of BFDProfile. + properties: + detectMultiplier: + description: Configures the detection multiplier to determine packet + loss. The remote transmission interval will be multiplied by this + value to determine the connection loss detection timer. + format: int32 + maximum: 255 + minimum: 2 + type: integer + echoInterval: + description: Configures the minimal echo receive transmission interval + that this system is capable of handling in milliseconds. Defaults + to 50ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + echoMode: + description: Enables or disables the echo transmission mode. This + mode is disabled by default, and not supported on multi hops setups. + type: boolean + minimumTtl: + description: 'For multi hop sessions only: configure the minimum expected + TTL for an incoming BFD control packet.' + format: int32 + maximum: 254 + minimum: 1 + type: integer + passiveMode: + description: 'Mark session as passive: a passive session will not + attempt to start the connection and will wait for control packets + from peer before it begins replying.' + type: boolean + receiveInterval: + description: The minimum interval that this system is capable of receiving + control packets in milliseconds. Defaults to 300ms. + format: int32 + maximum: 60000 + minimum: 10 + type: integer + transmitInterval: + description: The minimum transmission interval (less jitter) that + this system wants to use to send BFD control packets in milliseconds. + Defaults to 300ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + type: object + status: + description: BFDProfileStatus defines the observed state of BFDProfile. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bgpadvertisements.metallb.io +spec: + group: metallb.io + names: + kind: BGPAdvertisement + listKind: BGPAdvertisementList + plural: bgpadvertisements + singular: bgpadvertisement + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BGPAdvertisement allows to advertise the IPs coming from the + selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets you + “roll up” the /32s into a larger prefix. Defaults to 32. Works for + IPv4 addresses. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: The aggregation-length advertisement option lets you + “roll up” the /128s into a larger prefix. Defaults to 128. Works + for IPv6 addresses. + format: int32 + type: integer + communities: + description: The BGP communities to be associated with the announcement. + Each item can be a community of the form 1234:1234 or the name of + an alias defined in the Community CRD. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised + via this advertisement. If no IPAddressPool is selected by this + or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + localPref: + description: The BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over one + with lower localpref. + format: int32 + type: integer + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + peers: + description: Peers limits the bgppeer to advertise the ips of the + selected pools to. When empty, the loadbalancer IP is announced + to all the BGPPeers configured. + items: + type: string + type: array + type: object + status: + description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bgppeers.metallb.io +spec: + group: metallb.io + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1beta2"] + clientConfig: + # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds + # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + namespace: {{ .Release.Namespace }} + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + path: /convert + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + type: string + ebgpMultiHop: + description: EBGP peer is multi-hops away + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of + these selectors. + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + minItems: 1 + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta2 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + description: The name of the BFD Profile to be used for the BFD session + associated to the BGP session. If not set, the BFD session won't + be set up. + type: string + ebgpMultiHop: + description: To set if the BGPPeer is multi-hops away. Needed for + FRR mode only. + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of + these selectors. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + passwordSecret: + description: passwordSecret is name of the authentication secret for + BGP Peer. the secret must be of type "kubernetes.io/basic-auth", + and created in the same namespace as the MetalLB deployment. The + password is stored in the secret as the key "password". + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + default: 179 + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + vrf: + description: To set if we want to peer with the BGPPeer using an interface + belonging to a host vrf + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: ipaddresspools.metallb.io +spec: + group: metallb.io + names: + kind: IPAddressPool + listKind: IPAddressPoolList + plural: ipaddresspools + singular: ipaddresspool + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressPoolSpec defines the desired state of IPAddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + avoidBuggyIPs: + default: false + description: AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. + type: boolean + serviceAllocation: + description: AllocateTo makes ip pool allocation to specific namespace + and/or service. The controller will use the pool with lowest value + of priority in case of multiple matches. A pool with no priority + set will be used only if the pools with priority can't be used. + If multiple matching IPAddressPools are available it will check + for the availability of IPs sorting the matching IPAddressPools + by priority, starting from the highest to the lowest. If multiple + IPAddressPools have the same priority, choice will be random. + properties: + namespaceSelectors: + description: NamespaceSelectors list of label selectors to select + namespace(s) for ip pool, an alternative to using namespace + list. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + namespaces: + description: Namespaces list of namespace(s) on which ip pool + can be attached. + items: + type: string + type: array + priority: + description: Priority priority given for ip pool while ip allocation + on a service. + type: integer + serviceSelectors: + description: ServiceSelectors list of label selector to select + service(s) for which ip pool can be used for ip allocation. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + type: object + required: + - addresses + type: object + status: + description: IPAddressPoolStatus defines the observed state of IPAddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: l2advertisements.metallb.io +spec: + group: metallb.io + names: + kind: L2Advertisement + listKind: L2AdvertisementList + plural: l2advertisements + singular: l2advertisement + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: L2AdvertisementSpec defines the desired state of L2Advertisement. + properties: + interfaces: + description: A list of interfaces to announce from. The LB IP will + be announced only from these interfaces. If the field is not set, + we advertise from all the interfaces on the host. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised + via this advertisement. If no IPAddressPool is selected by this + or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + type: object + status: + description: L2AdvertisementStatus defines the observed state of L2Advertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: communities.metallb.io +spec: + group: metallb.io + names: + kind: Community + listKind: CommunityList + plural: communities + singular: community + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Community is a collection of aliases for communities. Users can + define named aliases to be used in the BGPPeer CRD. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CommunitySpec defines the desired state of Community. + properties: + communities: + items: + properties: + name: + description: The name of the alias for the community. + type: string + value: + description: The BGP community value corresponding to the given + name. + type: string + type: object + type: array + type: object + status: + description: CommunityStatus defines the observed state of Community. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/metallb/10.0.0/values.yaml b/operators/metallb/10.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/operators/prometheus-operator/1.0.0/CHANGELOG.md b/operators/prometheus-operator/1.0.0/CHANGELOG.md new file mode 100644 index 00000000000..aa464e9fabd --- /dev/null +++ b/operators/prometheus-operator/1.0.0/CHANGELOG.md @@ -0,0 +1,78 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [prometheus-operator-1.0.0](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.8...prometheus-operator-1.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + + + +## [prometheus-operator-0.0.8](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.7...prometheus-operator-0.0.8) (2023-07-08) + +### Chore + +- Update prometheus-operator to v0.66.0 ([#10172](https://github.com/truecharts/charts/issues/10172)) + + + + +## [prometheus-operator-0.0.7](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.6...prometheus-operator-0.0.7) (2023-07-01) + +### Chore + +- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069)) + + + + +## [prometheus-operator-0.0.6](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.5...prometheus-operator-0.0.6) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + + + +## [prometheus-operator-0.0.5](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.4...prometheus-operator-0.0.5) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + - pin dependencies ([#9468](https://github.com/truecharts/charts/issues/9468)) + + + + +## [prometheus-operator-0.0.4](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.3...prometheus-operator-0.0.4) (2023-06-08) + + + + +## [prometheus-operator-0.0.3](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.2...prometheus-operator-0.0.3) (2023-06-08) + + + + +## [prometheus-operator-0.0.2](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.1...prometheus-operator-0.0.2) (2023-06-08) + +### Chore + +- move container references to tccr.io + + + + +## [prometheus-operator-0.0.1]prometheus-operator-0.0.1 (2023-06-08) + +### Add + +- add prometheus operator helm chart ([#9418](https://github.com/truecharts/charts/issues/9418)) + + \ No newline at end of file diff --git a/operators/prometheus-operator/1.0.0/Chart.yaml b/operators/prometheus-operator/1.0.0/Chart.yaml new file mode 100644 index 00000000000..6f68033bac3 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "0.66.0" +deprecated: false +description: Prometheus Operator is an operator for prometheus +home: https://truecharts.org/charts/operators/prometheus-operator +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus-operator.png +keywords: + - operator + - prometheus + - metics +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: prometheus-operator +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/prometheus-operator + - https://github.com/prometheus-operator +type: application +version: 1.0.0 +annotations: + truecharts.org/catagories: | + - operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/prometheus-operator/1.0.0/LICENSE b/operators/prometheus-operator/1.0.0/LICENSE new file mode 100644 index 00000000000..4dfe12ac30e --- /dev/null +++ b/operators/prometheus-operator/1.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/prometheus-operator/1.0.0/README.md b/operators/prometheus-operator/1.0.0/README.md new file mode 100644 index 00000000000..2af65573319 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/prometheus-operator/1.0.0/app-changelog.md b/operators/prometheus-operator/1.0.0/app-changelog.md new file mode 100644 index 00000000000..e5fd9769dc1 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [prometheus-operator-1.0.0](https://github.com/truecharts/charts/compare/prometheus-operator-0.0.8...prometheus-operator-1.0.0) (2023-07-19) + +### Chore + +- update helm chart common to 13.2.0 ([#10555](https://github.com/truecharts/charts/issues/10555)) + + \ No newline at end of file diff --git a/operators/prometheus-operator/1.0.0/app-readme.md b/operators/prometheus-operator/1.0.0/app-readme.md new file mode 100644 index 00000000000..d5868df5695 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/app-readme.md @@ -0,0 +1,8 @@ +Prometheus Operator is an operator for prometheus + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/prometheus-operator](https://truecharts.org/charts/operators/prometheus-operator) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/prometheus-operator/1.0.0/charts/common-13.2.0.tgz b/operators/prometheus-operator/1.0.0/charts/common-13.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c0fecd087839b011aab769e3785f251e9224747 GIT binary patch literal 133368 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POw!ciT47D30&X`YUjl^tn_QM@L}BSV)id_otZ6;&IC*^L-Y@$Q5PwVHnbV79q4hhm@gcU%i*C*uXAtNP~b2 z$Y4ZU5>!l4vA0zri0-$>S4@RB#C_Dd0{oVZE%JTv=o8U*E zjG+%C6Evpc*HHri@$nil06h=$X%BrMzXBhQkPTnfQP@Q-AHqA2!}2SOC_ zuMz&6d5E0|720!iY)uuERa%HhJzR=Yxcv{c8#g)4t++Gh%1emnu!_%|er^1qHi zr``S$XA6EjxzPm|E~_Yb`SE0*7e01fL@9VjJju4=r})JO0DvaALeTpq!VFymZVoXu zD0q%YEY?9eFzUAi;o}7g5LLebzyW3$`lrZ;%WLG4z@r>V^)*BhCSLx%YQuaOsP_|y z{WwB5vk1`{@x9~=jYVgyFCFnELeRrs20~r&g|9^{4j+Whpah$4DK^7)1$`P)&U^}e z>|!Bsg={u5RZM3tXo1jg015nMBQ0?yi1Rs|BE7a?{=-aY`6)snp_q|q*#OoLJ}=#< zg^8^@-p>e}<8*xnxnN^(dIUPH!&dvh=?r!U!=uUMz?)1aJ-0g?!pX1?;Rp_ggPz+S zk0xDr(3yBcw>@kh^m>EC!x5Zxyk4&lq1!{9!_nbEx|J~YeGn2KyBtma>r(tU0_T(W zgk466qJT9T0?`w$qkdw%qsNz*AFkf26(}U$$@%G(`b8J6`PESCpBqP*Er9~ipz4JM zP!v4TA|B`xLh7SW%!t`!6(|?Brc47Qe@pI*;^3HmpeQ;5gW*B)>c@!0q4f?y?;`M* zSA?)1u#f1HGBh{K8{nvr`^yL~u#cwbjJnW=(w5Njjf)EP*|XnLpjX0)!xxXHsz>wM`61;Hv;rz6C)N749 z5CD=96)-=%JHGz;Q9uQRBjB{#-L6r-E{RvpuuAtRfgTc1P9QmglPn{u7bi0qOp%_N z7XjzXcbLv0b7zvP;xP2l90d&eq6Re_LYLHKzWgoc;}xPLj<_DTvd@t&%JK8@9P35T z4dWxwZ@1fX@pF#mLbx4>l{iAb#)zhhb}|JA?RU7*Fb!RVQh{s$@c!fZ>G|>P$?@g2 zUZSDzE7VoFG<7Rz8xqd~jf8%ww4k>*xU<-9Mksra*gc8v(l0ML8|fEx1|zOx@rC7m zvMlJ&5fW>i9;jpg9xnOldjZw&l%Dkijwq8~PDn7pQ`uLNAS=5rZR@}zjG8$vR-Gf@ zbR31^v5z4|ddRuHeT{tNG7>2>gb^P_T1OX!s5?Vm?4#(tXh6#G2ooWewYsa`M^Y?h zUkeFB;(#fF9=k68bwlouB?lRb<~R^-{}@3RU8dLfVOx#tE04HzpOfDw(A&Q{J3f7P z)|z{J4gHQ2WzKa-K?pgPo+XpR2+yHdVf7m+RZmgqlO>-U;-xqK1!88`Bi?n0Tut*t zEF@AjX;wb@#+CAtLqVxLe6dZ&MEp!uBV$DE2J%|vs-~0vI=}x8S|6qBL#g;J-hmdk zBB}aQnF-+YXD0(B6lNI*@^Tdv2BRrr!nXSZcuHkn*)%VnZ8oQ~e%sy6XvAxDmbu}x z^*~NkZv6blt!iQZq6LbU_cIhB07I@-^By#A{^tmMxH(BpZ3W(*+3MB$6I)=Xsh6Id z#WXCQn4vM2g^{iCd5bBtmP?7gW%JryuwEbO^}#Fah#W&S583h*ONBxR&`Zc>M_^x8 zmL&dJo6*Bk)cv`IT+5dHBEv z**vU-?4bpn%^wKdLyLVno3Ga!nmgld%*aJ;$_Y!Xtg zgsmvqB2c}`)riK>73KIJxvvY+%@ZHu`3;(fVry#;yt-zPp-JptBk91{YZMjCW9LF2 z<;GlMS@E|4?Sz zFUWVvT)2&6ii0Wm-&`Y*d%wbI`}y;-UR%E(+UwT%1|&V94usuf=Buyk387QlE3NQeSnfv?hJ0@w_J3Gsb$&tLl7?g2R9-HpIF zBKK5#M>swaw=^qIY69LFpnmZhDDceJ^zR8F%o?c|;FP$rFjBevkXE{nAVt8PA@>fD zmv_ z|J*X+69;gUA6&?tAzAFj3)QULuAqW+3b^3o`x$m;Kng4nAmoWnoG}7Z6mWA8ar>AT z=Y8ZnlUXJckBl&^v1i;>MsZTVxe;oy6TH z6K|s6afc)9sQ$iA_F}{ino>ojuK)*n+O!&$-?B0FW5nX%Tsv=9IB8XJ?UY^gTD?Ky zmh}#XZl`+yd*l8=dpz{eVc$LI9Ci;-r`;a)4%-vAJ?eJRxIab*uGc;oxdXR**qw}# zJA#98rS~;JjLryQby3yj4X*80r<34{hOj&A9`pyj&bZre9}EYuJ??e9j(c#>8=wP( zItRn<=vs=3{azP&T{LR!$ zaVV;bF0av)RSd%YR;SaEZ#WrD(4>P74p6)8j$jXs#)m!B>5eM#q;3S6JFAPR zDy}h=K{|#5;34d^VH*x619v=_p#HemhVIZibO*!9_S9sh(SR@ff+xuZyTEZt-e&nDA<^+k@i~4thgxG#>YRL)h;gOa|UyFdmO#8;wW3vFnWw$8NXX zZTCm0JLvYt znDqOj$-o_S+FWF~hwaI5*zR^m!-Ip`7}VWw7SMjd5&AKPk+&|@?{S2tyka@s6WBFL zZeZ4cW)phB#c#LW?X(X&eNFGf$zX^E!(kg8c#{LK@AVD_-460bJ=k~M?%@P>`{T)A zbkJ^(#*;A`_Ijw@?i}<{7mX)lw+;?q=u7%MO+@U3)c#eG-aa)8#{_7m#;IA4^t8`GcsgQCO zTVZ1qkVx+-Q@a;MMom)r9lTTKvoN2epIBD~uY_HJ1GPo-8VE1MYk-*BYPI%S3eLGO zvLggA1#=>Z2m{d3U|xecZ-q+oLg|%BK8so~xq`_1HeZbYQs*% z@^P!}H5d~%lSVl&OgRDq3z!-{*&d7;d5eR)d@t0H^G5JA;KYZ)(rj)Bhv7YxYK3Nl zAMhvSy)&*vnj^0WnV2DPf+E&@2Lm`o5pd(&g8Jg?X zQQ$RWs-i9?+3_;los-Vxq zYg!@bY5XnOC_*yoi0c>NN&=_gXG3lv&W9W}EJvIb;{jd(M+}q}VlOgE!i-RsCY{LEA{5;^j067uhFdKCW;+K-Mo?cy zXo5ebg9MV@@mx!K>6I&`URuTKnQVp`R^ZKKpop1MAF_x6s0Ug4e-oBX#^>hkb(URP z;CrqF$o(?0H^RlE>eM`F#;}`k8!|TKIAFEs!y$=$lYjsFl{qyiN#2AZ zZc#j?t-AxU-kC{7_qmn3|3VdP1u_^B2UAt_yY6JsfqpoH-MvyPNf3Dr8%dNe+xAH< zIie)E!-1#1eS|*tbi^Xy1Nr0C<;fK<_8R#O zYRN{H;sUWIh@;|UElNSgpgR+qowDU%gaUSjCg$h~mtYZzL%m6>c!3#kdfl1IsNho8 zFuK&wIPg|Nll1;k0y9;G^ewB}$gdi*hSZd6RFjdig{@KK8ueN0=3=)nhq)^G-k_1w zEKs6>1SUSEV9=u2SAvg^7N?{>^J7$T?F-OxanhRR^|Go>0(K1DJE7^zkT?;b&1H{{ zhz4{QDkkWpD&D=W~7jCQ}@XoSQ&#WaeA z2>L$urihiq5@uxDiHOqxdN&%p)#pBwFc0}ES!LzhpV9J2{rS;Y7MZPW(Y~_Vg5w3m zK1V{6cn&{(2%!D8agW9`Lhg=4@STr6$oa9f1ClyP!G;`00YbC;JZ5!(=wf*gjX7cw zcIirT<^wBVm>_mNbLJ$#j6|z)5|RA}Bckl&Zn0rOpd0?MzC#1%^VXNgvIRAI^=MLl!8ykA&!* zN-3UeFZRo#_Qm3>bFu{m=&C&(=?+8sXw<_%Oj8G`px|G=U zkcBb_b3dX8PcS!6ICDovA4+h_o|NSJpV7QkXdUu|Ij7qYX4ry5UX}&q8kaoR?1Scn z#DU%B3`Sma06=kxp*QxHZ;SS9j+ zhr$TCBH%Dt_jQw&tLR1pFWc~yC5x#qzwzH<2Mz}lk~lUBpcJL^(d}D*jeRoS=SsxB z2v)v3p!-oAwCGH!eyUtz*~m?>nQ(+~c_QO?wSeZdN~`WLX0to4RvIP$1vuujfK$(f zkvOue%m%S<7$D>c`5p%Vi}2q_Cluk2`JFoK!dtl|LH4cdqLAHs0Zpqa(%)mDC76^AUSvmgmx;+W;Pj*eIG1fgr$Q=^%Hr*r)Tn(NdKKeaS;ZZewnk*ax#fM zl5`OE#Pm%@8dwLaCwQupBFF`Pk=hk9=fb{Vgj1VL*=;5iEX@1-Hj~w_r3%jXaD-fu zXu^`js@)0p)rl1#&z(;2G#O8spNyustrBV+$|?y+08-8aX>BOLjoNTMav$U&^S9No z)BZMPHRIoqCx$RJ^&}~LB15)Sl)9KNW3zU(EGqqgeU#z+x(yMZuc(=(QVhoVB+FPg znNhQ&>BWgL|QZ8nKhgTfa`i;`N1kL9k7cVtSo=qyv1zljhZ60SBW@QM(kJ7uH@ z>%s|B1hHgyDOX!&M@pHW($Rm`b;!rMD znR=okGD@T^3zl3a;)n!Xo?4<>9F(%)8_}R;{$pgk#U>9D^;Z3-mG~)QS*>zj;hgD< zJYvyQplJ5uPt1uU=?(x*5$n?Ac2Cp8kqnqJ=SW#fT!oQrBt?AeMj|E*m1v%5pqbO{`MF-+HmFEJkvZ#beGqQaPPfe!Y=alFu45kr~XxJRcfUCh9elyb zFvFY&rKp_~Pgc<{QO=PV#PczVxFiw|&%jk=5P_}wIExH;opK}BRjZdNt@GG%xjTlG z>$EUb&hA)bDNBC8NNhg!o5mrEK2Q{0W?iDXV730<+C2#Hgh6wKg)+ubMt zaX5`2R}5Y$nYm}0wi}LgaN8UPG4#zhy=0<@%hH0L?1+#t~Ci# zT~FwaObSz1gor8^vl)MtuK;?&l_PaSxmpWX%+*DX$&`)`DE=*3lh{20;llkZ6`8Iy zKgqRCme*2^iX53vcQE`BYh&#m`uW$QF%eKDoGOA_+FaP#lLAva2@CO&b&@y3(@7vT z(NwYA&T4;AlvF!^X1`KTBxYeO4hgG+&dQn33umG@ z3?MyQfA!5CjVcwPNs{?G?Y`y*)dpgSQh?OJ|M-oJ|71fL=1}Pv6sbH87S8uOnS_NcTGMxWT zzvrvGP0%?E@B~q&qUB3OvPz6$hC_{A$-b$ihB{!kK0Q>$LW<<9T~%0g$@y|frbr;q zzCC~hvSLjV$iiPH30xn$cQe9)u1$rcZaqRI<-bf?P~u1HQ-Rki>_7i-Ld4;Mj`}Ip z#^adH_zZPbP9Y~CP7%F$jW3f@Z_^vSDzQ4(gGAVWa$+MwBFeKN3f_di(9fScjs5O< z;G^z;(Ba~AUvACX$s6`>6T7;_!u2nRSaJVLzuWDl?|_sRsELNu5nf+nYHUBUAXVz9K9BQsmx?YZ?YLaQ+RWNn8KM+EH0z1`J_xKrf-DZ zmVs8DFD%!6&O~0GgLFSEcB$k|9l@RLoxoas%u}lrPT9DpAvtMgaVoh-`4kICn5JEM zYid-SG{uYPoxsTQMVdL&4Xigp+Dlw_gtWW2aD>#yIwPdpEg7LSB*#9)?xcIKI;gsM ziewsVWFJmQox1z~NoT(5uVyVd9eML%gabAK&UcHZ-OQ_E!6riYTa(!L`Ckrb?PYj& z;ff@_b+}cf^0ht)Ol^2ddfdJSFK2`buxV1YS?gWHph!r2e1P8nTfDD*grs6h#bq>uT_}w#jFB zdPg?N>7UNzUy$BhY`|Js?AI0LN?56MoBQI*hIBst?KGOoYQK#pGuJ9OnQV?ulG<6P zKC)WR6mBIMl6XS}R}@)y2eljNdxOmH_e9*yV&4c-e3Ov;j)KKe!&-q=FiQ2ht_!7% z8W?z{x=O_Kw>GRbaRRXq9CeOc#|m;yoSn% zTmV{pbec_}=SEpQ;Oslu-afZuUmPZaQ)XTRK5DE_&>gEG{OED2m9i{NE0+&@elP83IPr#IKXVVT3N7{lcIIq zY~>U#!SZW%wM=D|cDA(Q72RkDJuit(graZ?Jo)_+KgiJDovR{`W?Mo&4X%^TqD}XtrB(_osYf zKi8&9(K7g@Zn-2xuiS9idG5ZMr%e7Y!a%70>OQ9j%l^NtmjCTRyPKB(ol(En-^u@N zJVyUlXZa?0DzrXzrqU?>^4wQF(Y*+RmSLSDo!^5D9+mnncy-l$D-Na76^AW4I|6?+ zjY#7nG{Aw!^}l{rFRBIGBlm%X&i`5q{#+p{q^n7XJ?nU z?~mV|U7uZjJi9sq4hbCo?c#?2J()OFgO?mY*5mO~A23#V8$}GmD=Q@6^>+&=fhCTt zDOz%U_T>EZs^lwOxZ>+x*1RvktMCl89W9o_vIxmsp_bLSWy`OJ$FK^I#qhzH0Pw^4 z)!8q{Z{M0h)Gux?KHPkN@!|dH?e&N6-=E!FE9XuYYSvw0=9UdvvxI84+$AFj5G)dJ z5uda_3U3|DXyZ!xlk@P{9 z2AyO}u0;1L?(a%{yHedgdIKCMf4X2zqoS@l|6hgb{9kaRr)2$ByULGuFb zai^<4sjgnjQCX?~$usDWbN<)x|M%J%{jW0|4R-s#TX~HBr!#))e0MSn-b3C0vU<7i zUu54En*?d6d!F|dJ{8XR=O*D-{Z!6>lQ;Hp7T}8c-ye*!@gJRDr?;E`+jz|UzscqZ z-hc&Y_-8E}&@t6iyxq5F2d0A_V;b#?d}|{7(U59P2rIG}E69)#+~l@a$R<{1r`^sP zn)a*Odk^ZgLYjPQ#X%|vt2Q@MRDZBN+z_08jTrd(!}n*m*JmeJXE!3_(mZ5KKv^X2 ztq_^eU1Vi%*O@j%21SjXQ1-+vn1Dsl6&Fl3e!=E~zJl*Mb?{%Ax_r2C7m#~Ck~)c_ zNCp{Gao-rGdLDWr?5e?W&>4GmrtD+aC2=4#=8D)XA3>2tWCHy-LTaL_{hFKWTdU_P zA@R-i?e)dU&;0lP0!I5$92Dht_ga*=cdGo&@y*%o>G_qa;^VPZMf6z~pIAoT<>|Spj1ass+Z?! zH|Urhm7i{IE^jZdF8=Y)+qdV}H)rqV!JE7fqIT=*0z%!Au-mR54OL~eH(*cCu5WJ7 zFCPup&W&$?bB??o-0D5WM>dh<(l-s9{p059`1bhfM@^VQ!*x9ZWfS+C#%_+!--_FE zPM@M(btgi?=zP-seD=>Gvh7Un`X;vy1W!3p)(8bJZuiTxTq^Z{nIZV8?f*ezgu~X{x8QGywbOO8xJm)G;=9L?qD#nT zBIu(kq}qa_>xj$`Im<$(m^QJ94Vl(VUSqrn)ujQnfj)&W@Gh*6QukCR1K$x39Ra63 z8jYL=W@w(+A}d1|n?T%HBjOhu`b4h$Rj|cSBU(`bR3VE7r2cJ5n*2Qhzn7iWlxs>V zd|V4SF6yLyZC&UhQj1@ThPmW31Gh@xuHZE}P@88p33tPsCIA^ih*i|4LxvO80F$V~ z$5rT&w-X48Q57sLt&A!L<+hLD6y1PzBHX+xXS;mE_T0%It}U)pHnD7@F*7G6EedKH zGNyP-0m%%;8*6`1tYxCRPBKD!2`OiUib@UrM_Koh3sq8wh8JNV&JFA8GK;yx%Q+1g zGjfTdIi?h=8_%-G{oR?kA4dI>xvXUj-!uv6dzNXP&~qd6THPqK`ROg;Zebx=msR8q zI+j+rDR%hcM0>&m(w&mrI3@>Y-61vgi~NOhFhoPAINCTdayQjkB*}X`R#_PJ`kQc{ z72avHv63^*&!6StwePt_BtCK*=z`C(bOtf>YhmY?Ap(xMr_f1nK$`}6dx*LF>4HTq zC)W#E%?qi#0tXduRE2?Eq^Rv5RmhUva>{;Az?jXDW z+v{|9_TM(1vh%;{zSZrY`_*Dj>!!Szz5vxJ6(?32&|-a7sUV54Ngn{VZ+bI3-{Qgx z@r!2D70NOzPX5{(;RPptt&E`(Tv^hAK$<`^y6$yLqEz$D_T(gd-r)>TGm6%FHX zUzD+q4<^?*&S97(WO6Nc4O&`f3MQ>&$u?!ENMHe4GbSO!4OScsawv<#bgA*CVW9wra_cfL@oh2{#u2 zsYBdVc1;!S)a9WoNhiy#M>%coRT3@%ye{1|_yQ0ssJ8z%a2C)wGI?)}k)gZ=RNnA_ z197D%;!7i*sD!C@Zi#%N3laNjWxFVi0$7#pytsvR^PLxWJ};Kii8QQC6IO54-b!`K zXY{LOF%<5IX)VAS>e?wfN=~c3EMl;#OdV@v>uBXG)y&Z$6r{q&e=kZIo|s~eWmMN9 z;r`#i59j}QcXm|w26#+qjOhMB=infj=egdQiATH(b+Nu9?nC2db~>`*hTNgRDN2pL z-ryDnB7K>|YY);x23ehFc%oTSaHi+WB;&(piRJTn5)vBt-y9KF=o9OTpzNAb>{(o` zVk3Z|4RRlVbv#%|Lyhj=RbSBUHt!6 zo+mv2St#gMM*o^xf6gm^P7{Oj)237<&>WH>u1xE{MTmEk$@*SJJ_#xcCcS| zb}%8!?b$z0-hMbeJAHq4^UKB6&)2u-mmmAZNkA6;Y#NZY&RSYqH(%Xh%M}D0mIfXd zlVU|$+1>fcFXQ~=*Z$=6KXJp){;i85h9}sC?8)OlJA*+k|6_Z1{%bpr(*H0uJ9y%@ zE<^#O0D`d}BOwyS?1a7#PEf>}>N;8RLvcxRW$X+x03)QXb@v*4TH-)?06Dh-ACDs# zEmx_M^0Fz56Ri-Rh!A=Chxo(14%8)LQc{`M@=`ATKDnMtTJ8z(b4p`r!ME~nKYwmC zo6QCc@kegKalPvI-^=dEvNSCLsyUbBvf;K8P~7_e{JC+51MkSDXk(5T)W>B59e4Lq z$zb(P9Cwi)I3=|3GoP$bwN!zrPsY%%D0d~V`E9*7B|d*{aH)M{E+>CqfRh(cQ6n9O zqXs~f5XsG1$hC1fie*^?0AGw3kfEQ^QfaLIlth@#=11V{%8fbdO5S7;(Z8G3R|3fQ0kH2~BQ`7vcEk_E+k6`7S9YfKuAuVDEomH$CF zRULiu`2WE$8~-tC_jd6gTX|Lq-yoc}T*(Ki*fbf^VPC(*i)K82Gf00%OVBF53(z{_ z)Uv-PkStG{YVVEZ%`A6}X}4^`!}@Yb1t(b^@_l(0XlE zoZ&Hw0`Xp$Gh{N!Z0M25z|e&)8%K$4%1C(Zr+twr*l$D<$Gn;Hz(vgBg3^UcelA(G zvO`g{epRkrb=IxoHA_*)H^cgB9#i%XMNYo|T= zdn%cfY+Eiof|i)!^)X=ri0WFdPB6d&DvBza*9SL@dU2(6VV98d-W z7f~yf5^b5c7FoM0;Al(;qb!2T!H5IQys`G>@h*%ZMJZ_drG0V%hM@zDlqL58ic)oA zilXxJQUyFR`$|=Fy~#l}q(V1`(egv+L58kb1R0txQ;imuu(5~(8iy!aV2V6P(StG) z!KsSZ4i~PDXFRf2kX56vVCa8O`11E&T*LbcCC7z((Y`UM9bxz_^eG9u!N=wyR}6C$SQ^5coxlBg+_ zlj{c!Z3`uH0TX0oa%OB+3urE|2xYt@zxqifF<^thtKTbBgE5pX)~cH7a0 zhV17phjuHyuuiA#e6dU2?kRXm*Z<92{U)AO>;I^mTmSo`o&R?$j|j3nF~^;RQ3TYs z9RC7+UuL6Y#*8Z$;!WxNa^GE1I_p=mXedWqoY zRm8Hciy8(_9B`tLT6T+y*^VYr)?RLlDu}g5l;nRE7O@r;jiOu%a)rSw84eHqJ-IQu za%VJs$DURO6cx?xDF55i6%yi!64uXx1$)ua?p@K=I~bNYcoQ(KvJJ`_o;OpWfOm9P z%2)_EF7$<->KJ}@_Evjt;rhw z*fPgP#GW>tE+|0NJ_c&PuPcx=qgDu}nj>3(eCr6YjW>!uF%$*RKMxp+CeTHf#7klE zAVKnU_=Xwusw92#Jd@1VPfqsRc-3QO>$P4M>>@Rm2O$R@G@2q(!9ueA)G5Qu>_3^$ zo^Igwua)-Susz7-e;e%1e{AOwcHXHN>}$j}VF7w5^vQCL0``R&fu@%=%|J5+p2H9{ zjX%;9gkeY%OVE(uYp?|kvO8;VXAOSI)}WcI8?y(gmCP7`Ib`naZAw9}#%zmrOh#c* zx5cJy*}NUQEgN<__Um?R*Du;`-MY=1wO6x~`T%6G%bKarWuk7~JpGzX)2A^@pV1^O zG)HUks(NKxpxd@Shfi&M?w)6VO6`AR#XWia_pm+e=kEXR^mq3EHXdpJo5B9J9RLYW z*Yp5bJ$VKffN6cRJ^%yut8fA&L$LD#?7RS9vKPQ`>dpTH`mb^RtKZAr|2Ej!|66&~tu=D6H(~v2#@U|jPvw;%!uWqJ z(@%;E>x!KK>VgsFF{tSXNIGR1S5I=zN)HA78jN#|?9MdbndaLy&EqjeOx^?RF^osSr*YD=?Kli$$-TJ?cC$;{I z!QP}2AOL=ont5L{*43-`j^Bzju{d6(ml!jZ~cBdcmG?zJ>2Pk+j!Qx|07`vae*;3Y*BvsM@(@r zeem5Mvk<0SF7lFKoqMk$X{gW-g-+0##J(?=!j=t+zupL-SqM!sKm)WgRpKm!o5_@@ z0VSs9gAygqLRcp|;VgtTvl6DSn0lppr*U&Q5ib@fim=C3EITQqex1o|uSonRm)lQ& zsetkOW784NLRglD@TX!aS)%D`WVe`Xuv&Lb27a?i?>DI|ZC|&{@c9#Dwcjj#o=S^s z+86$CzP=IC*Ic1f6k-OE1 zdoEbZgs3#f!4(R9?80=8ee1ndy`w6@PsNpz_g1Bzs)SgCU5mcl8c*SQa{1u{!#@5^ zUQ>i37X=JX%^gEcmCo}@Wvk947SAT!cf;7ckqsO#Pz0yQYNUW#tFXw1N)&eG9h#G9 zxyjzl1;mGRs0J>-|C#RftNWDc|2Po&+qaPatJCY}^M7^QyZzs-JZs6{tG8yDGY#{+=RNLGpB+tMEs}#Bkf`SJgc(+9m&5 z8UssxHNOC_$|yg)9+V1gC}!AiDTw-}7^4!Y_tY`trnduxw&Z}8rFki=bqPiN2jkB1 zo?6%ZYq&*Sv_?fK4;ccaxw6ET%Cw)esnXvoY^wqs@@7^+p&Bg|uxuL8C5f0OT^643 zHr8hbUOLYb3s=v|9KqYbYR=7tvr>%c)!y8g+DdF zqfTkNduiOS9zlXN~NGLQ92Uqv}uvux;)8Vw+c97kH4L# zUZhs0YQh!sasf0$6h20!ldQT$TGZO!rW}mg)+%u_Dvi6usc7qHUyNfht(oqei#f_X z!?l@)V&;OQqFc^+Pc!#e@2i_?n(_+m^opzEKN=(4TuhbRAP+zjh@aYhXs(pED~lTGI}v5+ z%;oi&#ZVeNwp4YP5D;>C-z)ZzrWP6PnDpuD-ZJ0nYrd-9_w~viVcbr6mj`kZJp!~g^BC` zIc>#6%zjM5twb>gdk!dScxAydw$`g@k|Tl)zt2|%Ac*H< zeZ#e&L#l3t_4rM17M1P)Z0hcpztp(@r9aB%{~h#p`G2?b2v_)q?tc05?tQ6$=gTwQ z_p_Xzd@O(a-yx(P)2xpfFXO{@)F)X=DgtJS819pjUHvW{^fAg3R zQ!xDnjc0`1$s2X!NDSS&hT*F7-@RTY{;%8ZcX#oBTX}@7_pV~FH(?l7G1K$j5?Wjly)vR-u_$nC1*Nd;Jwd%(4%KB?xLS8+#8?mU1QrdcRO!=P?nqtZn^4a6(RXzP0 ztYn4v&Qji4%3HOR?3zV^fq5sBIv#mU3 z`d@$;SD=p>gYImO0(Q!m0Q?a3Z)N_!;V66lyW1V??tkCPBUHNgau7*0fw)3vk@e-@x+>PbiF$fkl zUxQ*+Ic#O>+T-=FjEeI0YGWJHthPdrE$m3>NuJ?zHQ)aL)C65@T*XD|M`9Dl&7^W$>CRf?X`|?D!!2czE5+AGsT)~9_38c-OPc` zJjld5{h(u=DH7H>+?lHIOetFOgOWc*m@iX5ZA(gRkPsel(jrBv{CSIF%_EQY7jw>{ zh*fr{ElTLKOX`x=Izr-ITNeyvBKNJY2?TNML!J64D7YtRQq*!bG+yNFNW(9*FC<~o z#hp4}UtSi!%W>PL&dCC*1II0K-YT0i=I{o zI%Kf5Vp$F{<4GNa+c* zkEx0;I2`A{BysaN{N5+-UHO-mi@hkTe{rC10E=QPBatef#2@gAVi8Y+Ds2dTa#5Iy zAD3^64%<{z5@&5%t54Ug^Cpe4Jb9a_8%9#@fma|POwuQNnio$1i3;nrthp{=lodJq z6mq^0OKldsV1ewIZys0ZS#8v&`zEN?8|WXstDe%dkxEUo)3U>UeAMT9zu=6e?qGIpZ&P3)*f$ z+bw9j1?>x2(01$DH@u#0e7`6AlRsR3sC>#IV9`ttS zKezITh>nnWo*C@180<|%eH8G}^G16VF?D5(M@fY`ksT#fi$i)#3a^UfEvmM50B_+a zJyk%6bW|mAAeZ^ZzlQjaOX7h9Z=k5Q3)9_&>25Q8L{Ac$(hPHo-S7EJ;oO)qGJk9D zB!eeBwOG<}!TGR!w}&h8%oHRAE!g|{zmx=3y;^hY=kcOqFJp~w^DJxO=F?sg&GR!h ziIYfmcaDSO1;joa`#Qav{VK^B$H+B{a4=0Vgb+{z3= zK5Q#f;3==#N}4K5hI?t`Qi+|A!M4Cmc%D$L99R4);BnWz<y<*WRBPj#q=un(c^4@Rr-H7m;Z4z81Bx0Zsl2}{~I=l zVs2DFi4BlyV_iESRr$-a1ybnMvIkN%p35f44@rStkT3M4wn3`7Qu`n!x5{jUJmz1H zolwLvJ6oZIK0A9MZ7)nC5{LQQ1~_-V1~0|eEZ*dE&uk#r zO|?X!REUREIrZ%!^)kPe!-t-S<(B7WS}ORdZ*A}jsF*bW0D5v;&F+gLFRxSlTA5+u z>K{+NvWfJqkI2sO*yvNL|1aEa<$v#YJ6Zq#px4>?|F`mp*q+OeCmV_PSrlbU-eP>u z<;Roicpg=tPW+B2S}%ZxcY7lNGd7TL;a(vIaUk@51x72K6X^S6=-!=5g-76^N~iWo zUvZ`QoC0S|h@akwk3{jzm3s-8HwA^uoMGv5`uX@0kYPWOqqdS{F&I z5r0D&3fM>D$8&VzLp=W~qKypVKw=IA>brQOZzkS|Yk}D*tT0Y)k+P9;{+}~L{=7wJ z`w^lfj$EWJ)%$;r1DrdALZ{R#@pVKuX_E%JE~4}u@sJ(QREj)TT&yaOoOvHlobud* zn(_*-2>lu(>&`XGNCcdcbY^Ls);spSvx&XMx9s(o+0TJ>0(ibE9CHx>6xHJ}BQbqKy zbg5bw&V9aJD!oL+~+U5%siUJrdfpa2>aYcOO07w3l3IR^22}+YL6)NCL zRT9Vb$^kx~qR!`$t(B*}+B+5fYgW;}4y8GDziK(MVn&Oyo4FaKyIHaEJq|n^OqKL7 zzn)Ww7_Uafmfmi<@22~fr#tb{6`BY$ImACkBn~U)T?2qeuhuK3m(ghIi6C{2@3HHW zI4C+C`cPR^uXTm&2HXAW%-K@=kHqYeVPEE1VgHRfop#p#8xD8&-&P)x|M$kW^2GJq zhyq9f1mjd@U~Um!amG*?fhk}!$N-EGa3cg6@)}%j;y{{hg0+B;#}SN{ty<}W1=~5s zGgJ`pB}$kAD}%gBLc9_v<>6grZmPt@idn6YE>W;oyY(mPRHY0%ksy!pIU) z660qacs3RIvScmm&QCWtmsbfZNQcCahzY(*o#>D7oG)W)A$cwPyaa~VUaAuIh5pqU z=wpWcYM1r;^Ban(jpAT`nw|j1M%iKPZ7(tTGTy5YDLaW*VBQO zg^ZGEJI65T@1=}W(0-nU3JR@+pJS>tkV_IVO|UF1nXsky@bl7nCRn&y$mB>x7p@A= zFBlnl+#qKtO(8?~aH+FX<6xQ?O3)8yu$vmC0NJz1`SI%VM9!7H+_z*N<-gsWlz)1A zUH0k2si~EW^aNrbywW54o-hD8zhe(bIV-03tMBNZW5L=>4W$X-l(v>`uhg_NO#H5GK$2}`}Zk~te0}L(k}G}Fjue?1SsZyl!)pIk!#6S%>*+- zndpRsYksDfyQFYwlx11WwfT|qAf~y}isfvAF?8=x;AtMV%eSm=mHcbiRFSuWTh%gJ z&aFmv7bp~!yjLaki_+I#o4iYa!;B6haxw6M9RO^vnu|#*U#nuXm{H? z|IaoaVW(b;!QMm!fMlEJjR8=sTNwqAl&KR3kd$W2P_@Ya%6~6T@0WaEmC;X?Tsw)M zru)Xikj;sB4p-bfar6c_7a{yLMo#9;Azz)Wy#PTO$3+pt6YN5U(g!YWm~ViS&S}8> zl;_UA3nSM8p2I1+jD7#w>U^zMJmTJ=NM5h^AF40FOgEWpuN-{mMquN8VLp7%DRA zou(+6N-L6SVb5m8%5+3zYz(dn%#SjIK3(+V~+qx^T5_os-_ycEqX^bqc{7t$Q|<_&g6V0}B{o zIQ9{>#pKHwq(9x!uR$;R9_oBtCOMeZaphMGRXVNL^3N<8 zO$A#fdYb0?6ngea zRJC<}Nj#ub7b)rYMj`G-i9c?HnUMcPeP@!&d5chO0G}_IO)_ zu;-gp-Qq~7%t?0(W@c6RNJzYvRkn8D461usTz{FNAcZKV;^?9pw~%Z%?w{W7PXEsXXuztZKU2Ai!R zyzh3e96m3dy}kVO)tvpt#8sYOIyGl-BTq&l1~64?Q=WJL(tG6lX@=+AWQ&nZ7OQF$ z%S8&v9!IrVoQWib26kbTgXQxOqy2R_H`I*%LcAMR7M1){2mS+-$QunPoq^Imv2W** z-+5y;c{04vw0}#W_dWDs;G!r!eJc+CDw~cYz|fh>-!>Kn&=rrtC4j3uhC0i*sJEH9*v_%Y`sh3bCeL%lXXUfP|F2Hw zJ!$^$?x>T^|1lc0hdclOHlCFKUyb$#_W{aJc5XEwD8jenqYQ>Da<3Dc5 z9SW?hAq30?jji1XO?JkMn)D&-Y)u$4KUE5ltn)@S_!aqZG;@D3zMP$JP={DB9 z|07*F6PWt^_kX0(t8-X9UE`VV|0o!e{K?&dLQi@BN4mMP`#-Kza;ro?DZsoyMR}fM zq=g*wr#MeqPv0n?AG`ZM{#5q`TA2|ZdS{>lv9WstvzZn$@1OJjz>*!@0?b$5BZzjl z2Yx$Gss7I(LzCF28#n~GLjNE3Mmhgqr`_G@|J!(^|4$9}^=1wMdMNbCa*np-_Y+0s zZ+YsDk+SIDq@Q*DYsoa&_~E*8DSuC*JD)($ZvG?mu_u%QL)0olW_4^BhBV2$X%XV9 zaN#BB?%a1f_ucaa+pINXuR~On4ZY4TV)`&tT4R4gow4@LcUj}x>5!k+g?9_) zqPJ_xNzI29^0LMNuEmlo5Lr_1WP2DoINbXs?(FW$@1Kf(B)?Lkaj)%-sX8$jg zxe-i%LE{-AcPI9lqxD<@EA0PXZ;;vl>vl)oo&CR+N7(ouvxA*JV7395K#rYKEj({{ zP&IDV;X(`7evG90H;v$M_%=))Q%dFa^+$5cHNhL4pP)8N?7uW2&fC zbo{p}y+Mi!<_?H7Un=5!ed|rR{GTF`KjMn7^iL}Pd&Ax!C;vyg`=7S*$oqd0i=%*o zx8xpCCSpi`!qXZ5TjpJXl;UY1XQxQG6D$+y2(U@-^3Vmtj?bdVjU&vKCsL5NY(8Au zQShYe!zJ-ntqk=$w$VjG=9vr(G*V;2XkpxMj-fOIk}amTHZ z1TCN3?}1l7Q(e}r2-th-r75XiXZxDdlM+EA#Y#o5*G8BNtUd5*S_5NV^Z_VKk+?3- z`5ojHoL{7BCRqFd7!g_Np21~NssCB|?;fK8uH63_<@CSNaCiQDD^KeDcT;2=)T1ua z4sJl9+fX7!IjyS{we(@^+PdG0jg8e^*_7(03Q1?bD4_mKi;beZs+KP~l|Uq~{eYsp znDdyjQ-s135-yb&Afxx`cmmMMC$CgeyC{KW)+6v81MgZ(?CD=DdF$~BrP;oEaMXrfqCpR9QwL4Mlyr^Yk)cZjq`{ENM{x`Y`!qz)@f3h z%*CEbTD`3;~_X?f7blwV7vK54MXBnoXX&&PvFSv^Yg*H`fHqc}# zwG$quEEx}lPA-fC!1X0D3Bm}83#-M2JXYRe8%LvH?Y4xnPc8lL`f-;5tkVAmooxJ1 zd)OQ7^uKL9Rr;TPy;&V_)uGF;Ob^U-XREp(wcCEIK9~kpM<>*4NSR8QhFD)C({MMU z8m5qVfO=Sj%uYqDQW4X`{!D5jwPn|nsEXFb{#BYHO-@#?=UK1zif5HZ;~lMX=2lGb zm-*(ORDmpK5}RUQh9a59_1jV=%k{rGyhG;!yNKQs5V0q_AsyrhZ4$Z+MJ>Ki-}CiC zt=s%jEdVwn6mbO77v;b}_r>I57PpgJ=oBq``VJqFqSg^qbbzCX=QxpN~cI37Agx71%B@p|HdQ)B zR1ZQz{0(*BxtGH~-BYOl35WRpt<2i{_#2>C=zrZ&uamw1xi{Ly|7_)v+dA6zo5X=D zk3Mnv$pz+oqF0dy&Uc=bnBHo=N^{dlM#DD+jin|2i@Ijqxp^rSb-+t>{4JVlFCC zY<35kL>ZQ+-Cp~NNo>d&BEf|MAP>`ef4-lcy z=YKi>%K^@<^N>EPv*w7}bEkGM7gn~vB4%ru5zE}*CGvmIW6G}36n%Opwtt-e|G!}K zw|4XJ->;hgNB`OUKYRa6|NYXDkoUkVAMyVJ{d?HkOK)wZx5@=%A6xm+0b0++S+OPK4=3iSPN}u-%j1hng%n4QOxJm8T9X6Q&~@R^~yJHD(BkR0XYdD!DObWWHvl2_ejC zDL3m^bWJ0g$P94?!zBI}6F?S9C9!U2H~;E1raM^Km@M@8#x!9n8rQdUsC4D1SHJl)qEKcN_}aaiof)GK6z){ zV&k985B=4ANxl7#H+IEa@kdVN=rnDVdFo0hrjn$JrsX?>g}fA-!#^^I<8^BQB=3`V zyjA&5xBrdmL{;;jqG&7gzt_*L|J~kbH~+Ws)Sv%UFaBbFdgDt-N! zeivyB>FcS+kYcw9V>UCho41)HVpR7E@t0~+LrU*Sq$EHZjc;(OKFL!&|3zBNISi9L z!0YDxwVze~pKd>Q{--MwI*|{r!wzu(n8G? zyQvDr*>tTUHI4!m_p$c*p0wNEKBMC$M}RDsyCcWw9SlJeoP7%A;go;`O*9YL68vvo z?e9+cCXU`9&{<06Fm!V5R{8o15s=NQ6iHB=Kf)w{(eky(L^CA}{Oh~LznvtCHQVA! zhy8QUkZ=1blm9Zc*ZwVxrjOnNSS9~^?Ogn4r@gcPw(_L*XZc_Q5nlc{;jgk_a&TW( z#P%QRA5}{vPUpHZ z3w_YCGgJQ>6NW(gT$N8z3W_hT4{ha+WT}3@Xetkb*o}y{K<}TmlrtZ(L6V#o zcbvSfl7fH(;ZieDWafs8z+Z|LCvkeI{e@hDW7XChPT_)N8M)PVQIsx2!w~E3BB5fv zloaBH08w#6RPh;mbD}!Gnr0SqMQW?DA0jfhFNk~@p$WC@OIJJben!hHG;x3N{fFQHIIn@DTDIS$@S`MR$9_12dwbbV z7v#4#A=rwI8~OazX_I~h$@2uk6EK7HXS5V-$AK9Z&_9o|%u2@p;Y|w9fU1;dY0KH% z3i2t+YY&Izb>`~9cQTs(?@rDUQ9{NdeDWAS0-ZawT!D>wd54zfnm2)jHSMxQR!1qc z0xoHok_*`y=u-#-nG*4+AceXi!z(@Dd>kEF>ms>;xj3VBx!B~$Wr5^jXB`oFSmifduic#8c6mGVOjv|OADu?q4jFst}4w-i{^D1x7+mf!^I zO&Krf>{AoQ)sfH#nD@mcb0n@Y5N*E}J%nIPh@Z`!B-_@v5LgX5oTZ#vBU`|H=|v?A zT3qB%4|e*_hsTV^O8R4l<}z!)oUHaS2rXcBs*<8%Xo8oX($9)=+Q|k=GRTXHx}Nx9 z9XTnRo-b4TdFdiGCW@K`e-|^xWP0}{;4hehX;~|8Yy3ML&Y)rp5G)QVW zdX+g+RPz8_a+oo>Wug#`+>)8t1L|DhnqK|1QkkeaiSDUk=@&;?{YZ@DqNTsfKQ1Ag z72s~R&sS;=d2oMs3e|n{$`n))N<|oz(1!~U7RxlPiaOG1{BN z+Fus?nZ|_8*6)ZKya-KX5@0_5X=JS+4?UK=SfQhck6V#1=RvL$K}E}(Q`l(XWmt;; zjH4s;L6vu;j&CI68EMsUi&Q#AYB)slhV3d>NU0-a<8BZ&Hbt(G+%OeeNTq|fmK)^Z zPLRjBK-P1B)N+43!1+>x?v zp6y9rGM5xyZ>-?qBK+(@5J)D=-a{~ywbw#V9&;+hZIwSk;qqXIf_4^IS6C-Y5hDP7 z!jvWVpRepyvB#}s)3MlJ^Bg;m>Dw2+qa{5~wkB(P745ZYv)+=jp|IQpB1}dwwcfNz zyeAf3#Sxg>h=QzP|GmZZaVG#*#s7_Zx$}R6UH-T2JURRC?Z#sN6zhB|_Mhy_(*%Q{ zpePhX3`H{^YQc+VmHxFnonl5SEx$m*NLB4D39$f}%FJGw8@rz&Iz^6xS_U*7(k53D zX(9^PdFLw>-dssg5C)Qz%7ufZgnlCA%}}L8{N@5f9=jB*lK&I@33+Fa3j$mr|3}08 z`JYj5cm8uLPfGs(zz2JCQGl9vzKIne>C8r#0B#d62=+jLeIWAPponHJ1<_Y|=m-%b z7!6Jt0hnB~R9HHDOqauJFXwypOc&ri>fZ%>XduWc|mec00o zl5BBXC%*97wr3eSFxp`U^*LexG4_*eUFWsb{YZ($Kme@{CN;{g8}BNe1r z6`odrNYSvkYC!Z+G2eH%JwFd)#uvw!VIQ-l1Dt6D!x?s|1Dpl+5GisVyD$`kYmufv z(=Y*jqP)Q1Ar9eUVi`Z{xOO0)M1cQO>}4$`97XPlk{?HJ#C3b({;n$1&rExY+&IE) zsQ|QG=({nOf)Ba5axaCJpbE#xPxL(T;pTs`%Ag_O&HsQuxU_16wz{O;OA}|eOK#|BF z0B`^zB-MVIiadY}FA$g^e=hg{djE+jlX{7o#;-YP18}b|#hjCcyeHDZ6MzGXJp}M4 zkz-eJo0C~*C8MmC2?n*+G>ji)(L_Sw`koNq5uWM)kG(fe$VZ7KtPei3It#jNLge1yT7Otb>Si*+HwOC-4=nWtjszy zv-0TmbWL{sUS@mh$<^80(<{8S9{qCm`t0WH^qO`%-#<$Z8m7XQ?CkGxR|XNdK0bPV zs!4sh&5pL1$6n!ODDfmBD>ns`Bi{ez;T=GMvpU$Eq^ap|| z*;tB;kY$a_^uYQUvO@L^saBuis%)uID9u6qaeaFAVRaCA2JNOE6*_H#)DVJ?Ve26i(rLL3C)Bh{G~ zr|Lvv4PD`;gAk$zl)XylRZXu& zfo^_F-BB+6NXjGA#fiKvQq~ll4h7m8qAcpQtFCGNsnY)hQ+Et`GUf%9Ko$C*?St)I zJ^okc|GA>a$j?CrTngmWjw(o*Mn8l;NTaB2yD$R&f_ilcbxkhNvK-roFMvZz$_N-) z{}oi#6F@+Ep*!=J=~wLhp9D>5Ly*G!(<*8iHZ^s%44e&RRx;w^oPjSnt@ynP$F!fq zBt}6NONrE*TU6!vNbp`Rh*9Q_+d(CB$BW{S%)*f7Ni0$~ilKJ$vJP<0M(1&MnL-4k ztRzI;8cC)YKv~PBR&|a@&Sfkgz&T764#ZGd+3*%kG}rh^eV7A$S*^dy=eMlM%JHz_ zS*8XQeJm2uFT+e!o&RAlg5HA{!X++%D$f6%;lY7^{%>t{@qbtHDCfTz>~;=)0q%!5 z@Fi;6KI|uPd?#;uNeZtsEJKjAnb(<{X3AE#mOUiOE(t$D&jHRP%M$hvQYsiMK|a#* zHprwljLruA=WQO$SyST}+bu56NLkFuU*Pl-{EWfW*jwctm9MSdPq&=PKJHaJ z=9LGmj5`MNQrCJFW1#k+j0zp*s9L-?-gVG3c|B zD)&O+WfPbZXf6;!uH?64hnKnO7-ot(N;)M6&q=P=B=+ge93#mH@x^$HQqVHPi~DC1 zr$tU&O8*sjqghxu!}p8#Ocdum5+LE+ff+7FT9O7+pUrgf$x$$Z>^#APWuJg1 zu9mec3SDA2c-n^Rx3$RYi-PO0b=aboNk?&RJC6{TO z#asPQ~j=5Acu0=4B%{3~ycU?u339XD7$0XAkQrx>5*yqAiso zYhQ}8FBqZr?$R!v`EE+@iItwG1=PVHrFcsWLf#*!@EqLCQew%2aX5$BeVpEbINAU~20UWEg9LiOon`UV z%>pbDKM;64aLr52&) zhMX#H3IWP+0nbGcQPU0qERb9DH;9oN{NzrP5N_a^_YlvhDX|M~jxP!7f1F&>Er$#v z-klJhFVSpz3)4P}k2-<4ywn8*#aqZ*q8J{9h`5nMiWSmH<@CAax`p&DfpdOw1KiOF zv)NMjZvYpGB8+63Umv5xfg;-USw^j+CooJ9WzI$SQL{67V6oIOOYzYXk4B7T|JEYY z5A{^a|MXCPyG$CmD*KNeJ^uIh*8X1S|Fe>Z=YQjdXur59@Y+iQ$HixT7A;~uPmX{_ zLc7^&Z3(?X$`?j|QIG|082lS*!KmrIj*GbLrpe^|^C=TgbkTubhv_blA}uWk@xfVsRErqJ~tfGb+h!CN_cX(&y0&b%YK;8BBeu$~*? zbC|b>88m#vg|X|~qYQ2uA#)@oY@J&>#2=qvSMcL3z^qCJLg=E5U~F{A1|5nAeO5?= zBo8}{C6%LUv9wUS>PT*!H<5Q6X2Glat&m~-*1PNX|5Ts<@hx2P0-*f--x_Xj?dtmf z-Om1VHIJhIza)d*){&24{TRxBMoQae9|SIz`DN8e7|dY=5psZokEnqCjb~{#OH?xu z0^mlo1yQsrT-7p86VG8c?>(E5pQ48&v!Hy}wi!Xtie*V?)dUH02W+a01~H7#@*Hx+ zZ0Qc`m_)FxjG2cjk(m{UCCUg@|IM-AV1FBISKg7ujwfS2ry}3FJ%40<^l%Qd_u5h^B*NfKl$YS`js3Wn)#27IIFG9YK>)R|KxTu zY=duL2}JH{1WBfvwp7l9b7R$((1#N9d3`f1W^? z9LLFnJ)ma6iOFH;tb;xN3re5|awqdSOz+bmgY=N)_s5wsbHp(#UQ=w}z;q0A2>EAQ zdj(z;B==X&GzV0VcLGEA;Tn2z|NULZNOV@8 ze|`ym&N*n8-9E`o#r!>GsB=_mGuGOTE1S5cV5AE}d6#f6dfst;eY|>LYZ=mYaJ(b7 zKpfFHuB50_$xkb+lx6nOD_uc`r39|1Pf)Fv{ux)%DbT9upK%p+f@>AjkGQxp{k77{ zH}JhULH~uHD*ay`>*TTgzqYn__O=cGul+9m>q;JleY+AdcUs}x#N7EIxHgHJwiSVS ztRtNt(^;{+WHG0umJzH){@Tt(<=@MI*-q_7A(Q5oJK(%$b1WDynZl1Vh%$8e3;-{g z9kO`Z92)=J_mUYkO`5`KoIVtmqo09%fh83SgK3bFbBX?S_)OIW=_OgSl&8IP5elL) z7;aEY7;4``rd^P2fGKo|<l}OO_gwR)) ze~9Q|EpKEClk~msX_T09ub}!LOkpi z2`R6MX|(bFmG>GPJO*Hom@TQtQL!~UTcRm~lJWFN2)~B0MUJ_};yfopnB)8BnjHx3 ztQug{9@ET305H_gRb55~amI|KX-*5#i7FBW85RxO2W|~QjpSLTnF9Zgo}_oSTFpxo zTFs78O_vJ$8;gzn2Ky_wVu<~L#o|O(ZxXu-yCX=s)qE)lg|{il?(3l}Pc>4Q{H0)( z)sgtgl+*SGZE9nXcqYp&TGv3H-$Y&OqOmx&MGu{`D1BLcO>E}L8^>yr-fYKs34SJK zVa2nY&X$un`dbEAI9%jSpg#*C7~-Q0S?!U=8B=u3dtk_KV~GDX%@n$PR#0g&YP)L5 zFj#_E)-da)=QA_YgGdVfnZ;o0X5Iw2AaSz{rY+ecF2asBIKo9OR#MPI*X@Ew^xSU8 zs0a@hejWGJQAQbCYL`fS0(7=0Hw}>_R*u91dTnXj&ez&c=%r(WYCS$#M`Xg_KrF2nKyF;xz3K}ABd9oN4 zi{rwMGBJ9~^TtR4l-XHMPcP2lt0v+aIB}hGh4<1oq$0-&Z>|gxiAhn~@7dGA)w$i! z=ZT)N6`yRQI1J-^-0Ub$r*4MqvChc74-JVz6PWV-mtn8rY+8^l>Vj7KJ9~h5tY>wU@+SL@^RQ-(HU9%fJP# z(b3IH_8{tCzdm#Esdt$M^B{y{c#7qEB7qqoiVBhoasJvjs^y=^-8}TXc$!?M@hAw1 zEhRoRjY?`UYMLrvXwbkYrNy1svFC=97-bHv8uH(~@rp(h`Y+H;89X;}Z-X$%0!VI8 za`lpz&#AmfABzG6hU@!>I!9eu34qO#JB!bX&pK`ZynAm6-d~QPpT-G=fd8tEV_vNZ zlB5X}OH*5N%opa$ckR+W;mPmcGIecV^J3=yGGFi(mr$w-I$!@HI1YDUj=_!z*DH`wT750F~NPlvBwuxR}E<4SZ&-DqW9R zS~o)NYE7u>5D8VgRfbfcU(!dpk2@mKIPM{s2IEPF3(gXX6p84;R1oecgDIHe#w`Bi znoftaUJm=4uvfZbXRhi|B)qNa9J}%AoN5Kyw_Vl8IX7W_7ev{6)qa(nMtHlEl^T>j z4bx_}t*zyYQhPoRzb|#VBeT|yanKm|I<=rk+mD^X0@gNH0#9HBqz{-KNoQ~a6td4` zTP50H?Si}j;UYkFkk_``8r_qV;+WU0%V4v&kZJYDOeLR~$u+%Y8-Yos`K zL9C6fMsrG>>*~iAHWCb4(}+ISPC^dsLgB3L32hLgf-&4=3o%+_(x7~AbTx~zU<#Sf zh@(iH&L5E%M-*yl3XcjYR-$YIG%7GI&$iM~ZnqgbRSWF34WKHzhy&DS z35X*$;{~SgYZ(L-(jiOL3(ssBNP~HeW#tP+wqs(6uqASeqs)phH3eoosw;n-W>;h< zt*Nu4N#{%smPL&uuxcyqR62Xwnk1G;0>OS5--Gp#d)g@Pd-Td#laO+z`reH)V%2dQ zL_Tn7IJ=);kXqzc`26(d!!Kv&Cm*g)uil;=YpF-qT;D%tiL1+WLuI_CBR6sO_W0D{ zVD;mGx29S>v6qgHY0)GvIbzkR?YO=#a4BZ>3CK4w%9QkxSjEz zyZF~R@Z1EKv?bFmW^{pWfo40V3zcgDa&JR;y??x5M)I=#L51Grc&~+Se)89&t|}fw zgEdihT$CW(WLc0IVWj*mt#W;OLlVX|tn;dAonJ5hb$)u)tj@{N@rR4Ir&m{JCj~3K z^(9`wQIo2UpT>sd9b|B7uAZ@Rl#J-`%s1uZ(kmW;|oPM0SAy}V9!ACw|i;i1k`f#IIX17r% zF~ucgXlJ%0Ij)t|cHL9ssj~mbU^)$=MI*n`rz-yI*4Ccx|GC%Mf2`(F^Z(|9-Okma z1n`HrEL7-e`+89B{an(VLWJBgymYgP0~{xR!IP`1M!ClIgA7&Pi%G%01YPHga&|@r zq2jZy2ED2{vDGH?M6ztoL^bMlAHK-JVqDMX`05Vqo0jt z0ItFuu}#<@dB;>}ZK_ntGsGrJQdn#M)*Cc7XE>z=qh;5G!LC{N~mN-}od!-n?s7hb>QCC~jFniaTo59g6yoTBp1cj}t zQOGNYcGz*~2Gbk9&(seRYXr$^W+Y{cXl4x|Th~eo2$xOau{k9xM)dsv!PJAqlL-$P zA_Hc1<0Slt@N2gEDmys{M|Ny3u+S=)B8GQ}GTEN4*%lc{D{;(Ti_*7g@r;p{nmTFo z_eB6qt1H{P#+F!YV#}ih3kw|nW=CW2IU%aFkZ$m4^ zUjwBJs1C%~lt>x&Lr-yM-@P?J#x#^D$lsQO{#+6Sp(*#N9K5nEfp*lAII!9~d-0rY z>YHzC^RhWVNWSvWrDgWKJb|MniIRLA66Qi`!gioUc7CIxmf$8#F1Us*Ja_zM#@q-? z8+r0OJo#KCXbeVl&LsFf%L8bQ0aSUCTTsi_jhr^rC?@dAOF4=JP-Y;y6f#;f%EGAN zH7qUgwOs_?3X$&`c93FE$zc)`%Sx~oPNuL=q)o&`U5%e*`iZdgv{D?UqcEfiYFUss z1hBZC#6B8GRw8(E(dv3#kpXk+-a&w1gdoXCIrlPKwkOMq&;YJSOoFoue@0LMLZ}g{ zXz(0d!wh&cl*Lm()=L}_Gn53T(*Pl2d|wbpNsbt0m#j2EPR~XeE_5liR!3;m>J$i( zg@o5$a{QDZke6ui)7;$n8eB6MCO*b5)XtJ;1rJ!&sHZi?uD$c3@Sqr^gWYB2a&a^hafIIkLSY)knnsl{HCA{JgZ{;Q*L<6QZTXmhI@yaSD zeL3j)JIsfa^2~%)F7C+O0!%@$#tlzyxux`I6UrnR*QBul8I{;t5=+{W;D64&W6Hz! zt?N{?+19JAJ~Om<#NCSW`Hb}>rj*oo>K2kc03U=T+j0WEU=(;|sUp`#F!LtRzb=^Y z8Ua?Et-gnil!Ro4STV7x0qr;!pjacH+12lVclHjt`2Q<;l>1*isDKV}J6FFInYBu8cX(c{ zHTuVQdl{@!*w$?@zwRZplLG9|&C<-B7(-V(?3#rP#9Z#r49rWC(*_gvo_IM(gQ0G* zU%x)XrAUZ=S~ZW7QfHR1O6|mo-|hDMCeNb#|2R$B+yD1=^!u20^FKZ8%=`bW`x|c_#g8r{xpRwtGSOj_! zql_BH;J?U8t%1}b+Rk)9Zi3mn+^~lr$-!1CjeR8g zT+bC#(_raapIqJ3#i^3JwNnBt&I3wh{#crT z%xjGcd@MzP==)9^Q1h|w|2|Cca)`VDqQM6*47|HZJVWp-`d?}&(##RGV*lUW-`C~; z?cKd@|6j?&LWqyo;G%pBP^vbRVbGECEJnmO=!A3@{5W1Y9qT5dyP> z!r{~4(MOO5V{EVbxU&pHc8<;h-cJYGmh_O32^3H4sfm+-b!7RxE_=nw!(@- zzX>?Uz*m8K=^}z19>}9GnYib(DcBoYj6PEc+!O*q6771l0SLY#badncAA0FSk|_z= zxRHp|C(1U?FnIyigUE-U246pXT};l3G?>H{vui0UZ8)YkS8Lz~%B-qLa#Esqt_y z_-Q^!^5aymG)qHkox`8z|IbfzV$5n;VfmkbAefTb%R4!5rL-RA0d8F-4)xmq`nR5p z4E}xSO(+f2tX8Ig_doO1MDY{~!@U^Dt>Tri0ZB^ezpM zOzw3${TJ=Ec$$QeWHBKtVnHx?!eS6)A}cVM;FLmqq!I&CvY&$W<9IrSQATrNCZYR4 z&e=GGn9cU$G{rIsO|zE;(YQxvC_CW}iJjgvNF0D^%+_rO)nE{krDK`ZBsF-7<&%N)f|1`}Z(+C2^aY77`_@c;hp zzuaK4%zyML=l{2N_V$eUFTxtXVS@ViZlI_#B>p>veqcJ;P+f)4Efg+9 zr3DJh0c+;!%h#WogGN@+bFA*;^e&8D)975fmiZk%0OHJ$Ko2-U6l6jff~Z_1|Lpo!V_Ix4LO|$&){+VK7$iHoA+!(ZO-}Dk9g)K{Jk_hG53jo9l8=({QZr`lDNLFAt367_?M#|_f~b{c-86)A znzffEuX+|t-7)0ui-&+zIt~LEWoP)yGcD>m7T%>a$b0*L=Py{oWA>&XvoUF(RS;R1 z*~{W&##DCzfSjqAzcZ5(^R&cjil=7)=*fTOq`PwZTmUw~(d*aGU^K@su1-(Ru0Q;C zaeYHSQ!)5=_;3YByh4$_gMOtpFn{~}xkBhBozLX$uV4ShYTvl%1mzz!C3~qyHfF=(8wdv76z7U|~+pUWx;OC$J zc6#wEZ3=pm7&xb&pf}5cXbet%0eE(!e!uUK0`J~|%?LPaYOgrp{d@4A|B3q`PBV(w z@$0h>M}OS>_QELq-_KZo;j*vK-k!c7Jw;#RX%qry4Zmk4{g`z_3Q-bA2)>6YVlD43xJ3Y)%9Tc&0h}=Om}_;>!4(1kqT$=&`?o5qJljHIAYK zUc3O#<;D3c2fPPgzF0oKzBoELJAVbPFp?lZ0Pny;Gwo(B-tB@2OyM+69~|)hzwwty zv`l)At!6d_$>`iTHm2j=EGMJNaae|UX~CsXVj0?fHm6&623i&oqq ztESH^EpVh-mNyIJIF0udxdZ8`QD`_?+HwWBV6c4>(bLMd*^vD~Iyb zkN2v8Jb3%K+UYoDKfSTY-mum;#T{8gLxaug3k$lTxGKVV-swAzy}5YkMtu&!QuLFb zCvOYnP}v-&;mv%G%fb`TFH4Zwkq^qJfI74_y&?1WJkT1PY)bnY$|q0o>4=TOnw>S( z?)T&{BE*_yTk3C{vdq&)hSgS71q1p&sZ3;Zh_{G8om_mq5dO^Mp~8~A>lkGEe|A7A ztNd687XGKrVgsUJ+lN-lBEUw;qp*qrM-IZ)sNFU#{g%!$QGv<#5dG0 zFx+C;$ggsHovn`k!-?_KE!j+5t|fZp9l7vd#6$38Fi{_3{*)}!Xa#ZWC$?2}JhnwW zdidVHS4WNIG6#ty4BbZUyAuruF`v4=nW3|@|Shpha>;pN%?!}oW9 zfN8Ht!t28l0Y*hIzOwuVL)jfanucoaY`tyu*)oHD?Q2`sU%xy$XRXP8V*K_li3==upmx{#tylk=0}7zgcIGo4k1C_{XCo0C^YL?u)ds-1j0IgPz>W0XD6d}k?(9f{ zG;S;35El&aX!i}|Yx`I9YI8jxP9*Qcw7+Z#*S28uG=9ZqVqYcjYw3GouB)4cj!mX> zgy|X!l!lY+pT(z&roPc`%=F-t_2_<*w^9tGMNZ8Uh`lyOtqvTs`;TRVe>od)|E-4Sr zSATnZ_n8FHa|{2gKhBIhJ&1!SL;ZF845797qb}pd=lTv1bb-zc;uz_2JMf3IDFH*s zFc~*JksmDCB54z#!PSXMh_{=6ObwPQLi zQXWmCRmq>u>eVsnde{byeJmYnw{e>lbaJ=l1W<&`*5164>&HyZmZ2eVthAM z#6C_J&IdwS7C>avhDe!OXQ|@u?_N6K?(bZt><)#PM6N9mFEgUnnD+7<<}B3|lK(0p zsGUDZPR%XcmNa7WC|V%=q8M)CiK{C_r!xSd0Dp+y3j`kK5q^k74Y&|I0oXy?K%gqP z0z*gR2Z9gi^C(C|2b`y|jTL0ecV%>!!SD;{nEABoPw;)AiVRU7b+59{B}G_G881+Y z8Fw@^(>VX7NNcn2L}T^TpxWHk*Ca=pm3tK?C1x7h3q&r~zWIzTbm_O9W~|0%;~vTJaq0 zHC@s*Pwyoo^gb{2wV(JkiTvPDIfA>87{zM?Vvyv)5Yvf2AH^+t&3O4L==OxU`57eh z2n2L@wiaE3^xrqOfPg5OZ4k?CKx^Z3a>c#ovu~Ksgg5Z}|HpO|FT0lqAk6UN2X_gs z$3#3`E@z~HjxmI0?6#*`T5QBkRi3Yf`A3Knk-b0vItsfTgzeUxZ#5*~WHiupkByD0 zz-vRViQsb+zKo!%xmMajTv-{^TNZ{lHq;prFlNiT? z0gd)A>h?zz`s`PAkvy3o3Ob?B3FSvdI22--wZSQmWd=z!?|}{W_|LZ)QCD6$Q3l-ady-h ze~qVtZ{*a2iioY)-g1*#5K9RzX4FB0Im`>(wE)rN&kG8@D09f->RT=YQFF#m#9cYQU^BX7qc#S58 z%aEptpOz{Sj3En7I=74i_|-D?`SuS#YDB8<64o2M&E5MBv?TYd;Lz!Ch~KAFBNf$SPX8UEO~Cc?gn23!BixSO50V2OqDSInM!b z1zlfmZ87D5w%5)sM6~Zzdva~+HFzu|FISFKMDm2S6h*Yq`Lo!~AaQm$M1R42ms*BA zYg@vE8b7IEg3_cz8*=AGQ%w^#KwdCQWHrn|4I# z*Y_1$CIQn}VpY!R7)l+SyTMOAH4>=7gWzd)ClMC+zEH6By+8S=bni{|3q(@xA79tI zAR$jeLFj-N+X6X3WZwjFPGq?|3v3k=Zp1=1gkS+#T;{2dyG*qaLVj!(2)X^qtYjnT z3M2HuCR#t6Q7OsRJ<7ds^^hlGpfX5ZI4Mp5X1XK5pRV_zwe@i27vt_Xme}*dK#o9 z_>B*guKFefP3~fE5^*A@3}P0XfOIILn=a3nwU%X(uM{G!t1s?QO>c`WN*H&fW+UvK zf@&$ik;%0-(?1=pN*QgYNK`Mls1v}P*7RK?Q6ut54_m6xVYNmAJ>Wl9WXu`6D zb$`Akp!uI#n89nzl%D94NhoaZ!##ZKfionJ9a7P?(eA7H!3aL@G&0&VR{P+2P~z`k zA9$bq2fCSrz!Q^<%bLKau>>rVWjr+=y&Y2E`OiR#Xvlw`rwqE|v>_^$J^W?5{5^L! z5G9X1_Ye>x{TDH{Y+Y3zb|IFK_(Lh*Nk!>?Q8fOmawHAEt*PSPfENjBsr32;(8^r> zeDk-vzCHtrymxNB8I4J#p_1$^G5W4Ai&y393|ZSk4Oo&X!AagrObVWvLDKj)4Mm&S zlsb@-C(VOLb8HH|M|B@EKex4IQ-5}@F)31Ih%KV;1=ibFtZcvu~{C1M{>`%9$Khujgm}jUSzF1HOM2oS;+^kjamHNxZAw~u@1Lv z?`kxFh>p;s9fDJzL?ncO3)6mhAXhGQWGd5kc*fsI$*Tb6{FU(vW5vdaRUKWX0VjOk zwokb~Njubo@*JQw=+{(8gmO03-IBm!>t3@=PfQMKEH+!}98s)yrMMdT_4OVR1P3bW zQ97Mon3Jk#?^>{{EfwpoI{@OZ6 z5=&yOo8MHCJrIGSK}7K<-h^xyX(Yr%cZ}5O&eHEmiEsQ3@n4O-);AkhD-@bW*y&Hh z`={BfEvlawD1xH(xDdavICo?=U6yQxj5V5{;BQK>Iv#sGI`Q+IXw{!D#HDfVFj7YSAA*L(l@a!b$v2aqPWhwr zfNuSK@AE!pru?6P(V*@l+1RIEFN9nF#5*VdvPG8LuV6th?D1a})xM3@kaiZ#!;u2n z#mbT9*jq-jC*6yh97!})%8Dv@Hg?$_!QgDj5^PEKXHLMsbO6?W<3m5MT%5H;5+^ax zGKRe#kh~)9D>L~!GpSLSG2>U?S0^I($&@MXfx^gWW({5>VaTs9e@}J4W6R^3?h%n= z$m~LEluTkgh!F?wb5y23|AgYoks^=ieY~AJ*9b6mK$qjm?9shUvh^sHliLKW?Cu;-EUQ%7R-jB}* zG6PN>NVlE2gLQWeCyx$e^6>p{(VAF7os5-4MgG8p z0cavgC42x=Xdj={8f zXv4X;2%v{d?I;~l8ZL=Ut;S1N=#3$P1vWwuZ5#SYka>J zv2G3Y@B9-b%5~cMbnSikZI!cChJXNr9r!2BOOUs>`Ny-#F{mLa{NmJp)uR;~D0UI` zxGxM5{_ig0Jl8ysT#&T4&<+8iBuMBbShF~CwoSDwd>;96Z?&QN%kqQ-H|uW4oisQ4 zf~fT(;$p8_3#`rTdb3gC8THstEwOaQbslo%$`-~@Zj{`N!CzaTK*S8&lp_vG&}S_Ui8GZ`2_aLvA|E%d`ABtOk5 zNOl-o52d^|ez7~|(+~9@AgjDoTvV$AV~&tn@~)w(hy4E|=Sh=?nn;Ci#Ap%8ADVdC zb*uXJ`@AkFLv8--t>3d!$GQUVPZ z_?qYo?f8E%wq^&>gf${W-BDkuP>6eUZQ1n0ae`iGLDCWnobcafu)jD6_l=9KoGr5A zi(U62@7@W06BSxV(G~2@3!;O(w~(FQci;|{%rzv{Le$lWv39i}-0nB?(iH#YUGPty zBIhbj9ZdOm5~)^gaKn(?+gSTJ9JNEaYF(L3p4T)i0>=Nig}sOumM(gMoDdp+ z3KRwrB_=9_VaL`A)h%$6YzkxyL=Yq!{p~=CVz3+b0NU$!Tw0jU68CW%!7i?MIToY+fN;XRdZTd3Hh9c`R}^23m>q z2BZ+?j|1gfP<+sb*#;FU8W=GN0DGZQC8Q%G-A$m!)lCh-odt*TEWD z54)488{A`%*C#{l@5s;oUb@nmiqO=;CoM)R-PLXr)aWfjlpnXR*DM#;6(Tstpnq4Y z@u2S3RxmX5%@g|*H1^76Y{krTr}sU>Ob-e`9(1m;1NC76sXxu|=`Zg6as%rSH$X6M z{AQhCO0U`iQwVOs0he#GRtU?*JHj8S2Ez>6Z+^)h<)Vi&W0&NwVXKRBtjmk8^c-^) z{<_KWvaGyd#iKob&=B9BPI@{N`~^jmr5yjMc~2%kM+#Pp)0UG`805V#jJUUsVdM#A zi+~`TJEEHWzheO@&Ke#-g&L+wFC@2b%6g-iiCcmS!4?+?K3>Koev=K(;9-S1KUAuQ zuI{CBK3LvW1z?5L(|EHr(NZ?o&eWOU&i>3+k-_sGJHkvf+1$?^U8a^TODRvA2FOwBQC#gnQ}#g7fAAu!b2U>dFilx4_>I2q%t(!8 zAsnME@F^xj6T@sRW{ZA&HGCPJGlQa0`=TH2Os zoHrqaQb!~)ZbzycyW{T7MD?F6u_#7=DfID@@YJ^?6!`7b&6D4!9&yTozC)Xy63xY% zku(8xM=rjR4Cq^Je(Tz+><9tV=YgMeHbkw=%nyiY@<6TpMe9ybZkvHr3dj-eqqjQ~^76|} zjELSgIxG!Rx4oh+GI&@|KY_9Np*h7U*7rInWid#TQV<&(D6H~l?~^QAOU7h}vaOo5 z{tRf}2KYJXfBFRakD!PT)$JYjS<5lX5>|1W(6O-C$_{>P!t5>aCCQTvKU(hnAzaC9 zm$@8T+S?3ayyq`6du>u#@=5L~XNHO)v-2BqARRn1DsIgJM<`F!VcdOd2%D#^hTyQGd|df~%kk%dp;t5-mCXH!icDCct~iuC^D zxD}b{4`@gSUgh`$kMplDP$8YQ3g?EplG8JyNRwfDj7PO9ao>u<;76UL!9FW6YsBCc z=mY4Z5AJB*?l`uq_08Hf*=(3;yw6S*m1WFae1sWY3 z8eT!<(@v?pz~sXS4rBHzt&xK=mJHrBCgCTm^^vhlC?73l7)8~0>RbrIM6>VoOp)~-etDWI+5D%c0e>+R^>^N z^~B=c0-h$2#MC%r@+kl$91R)P9=`u8GrY7G>H(WMmiGk&|!*h2|wn@Q454Z(@u4`@S*n<3v(% zm231&lH=K10~zMJFDODExR+CJD<}=8i9r%1`A1|ksMDJDZ8&(A>^aIOb>hXgFf)K=D~je%x$sz zsv?T*&}jC7Uh0|0_^QsG0a$NfoxH6tlRqjH6+y@xT^3|4R%1yIK(Y2A z*i$Xfsq5%}ZI&|)PN@=jt#4{Z}x3PAwjV|xD1c%=8=$@piZ)Lhc+oX1xPXPF> z&l!2rL*TLC69tC+6-~3~-G^u6I$3H&OS7=2-xLnaTcVuWb+8jB;Tt5E6ZH4SPeJ_* zY0Aq);qko#IuuI;0>dmvWdq*WBI}5m5-^;_Cy9PTFRF(Tn)a8A>-rY1kWo;My5{SNDmX2lCjeyxZ9y^j`&| zb37L!PwpKb_F!`E9>o3xN#@)O=c~t^&rbKz?AUGZJRf_6ET|z=T zqQ9v~I%nxcj1{Hmr&r@iyovt>9C1ngBYN_tKD?8mO8#d;F{B$ZH~zSaRPi_|Dc?}J zI92`XKy%(>6=10{ugngp*y&gwGCr99r5O=gN~Q%Kbp1tzGev1qK(lVIj(Bi!y0@lvxRxfM zMEQmB+DoH1-aEt6y9~A(HRa;_P7+NOQllP;A&ks|0+4;ld7QG~iRX+EI^Iou(3d45 zET{iI3(bqG2=Up|+QH32-!&$X<+jc2W5=IX%@fiH8X9GP69oF|6B3#i(hTSPwz)R#gYfF8|(r$xDa*#^e z5Qa*!R5;eGD|cvR@cYP*K}SaGmXOTfI0^*MBCDxPxhZ?=X%p5+6Lu3q!)q4rG_`WU zNoS5pwG@|?xGsSD1akpGpAi1~pGcDy+n7lwE}R62QPdza&^H=YeTlG7>qihdlt@z; zbrClaU^Kgs|Jd9%kzXse;g${=wp!|bsSv0>8HJP{gLiJ>oWL*SKBrL#QVPy+&?|_Z z<#UEHDvv#TA(IBSZe1$>XK`8rHB!L;n$*9A;W3{})`HNdvwRm`-OqPDzIn0_Mzzx9 z6C5e7b$`8cq|}#@t5_s~UM}+hsZb;q((SjTK&qyKUH);H;Ht?QumRG!rF#eAkT~T+ z+l*2?Q)cEH3 z0)!?n2m_pX!z+p`p!{5e9nys5ooG`DC3@^>gp!92uV83RJ_5|NWLn&yrd^NB9XOFI zE*DB`V+}^W9xeW=dFMB6pZqHMg2QT?19&nTi>=Fsn9D^9ggXj%@ zd{ps++|gQ|Twd#=zjCj$Y;-3m&@Q8hh`pII#NUQOKWrPY}4Wj=!P!^OEZX^<1-f6|9ztg!WiSYw0v zVz>ho;7IMS!sb@@AJqrw^*?GG)Z+6CVdGjeKob98-kK7;T0}~Lzpa1k%z*srTNnN# zIMiMM*1`uhH-6(VUX3w%(o!1+c@Ur%2LDj3)YkC^-JA}9mP?9!4rM-2qY<47*wpHtxePpVaQ@ZV@xx;ogcImJ(otIMjPPl#gG}y?Tz~g!0L#Qp> z@<%1zMP`ilS}6MYVBCy8kbW0LYlpho!8Wulo-tG=0#WPJ)#;)=qi!x zE^ZhYK}^$)d!Hh~r<@V89eFwx=Y0wpaMaYY#INOZe5&oBYs)A9jSYCikNE$@g?}p)Sf{; zqv`+7oK;oaf2LbncoU@uWM}q}noy-@X>fJVhi7fL#i?Mu4~?$2T+uXO$lD3z`;e94 zT3B5KH}m$nni96-Ur(R=-ku>FpSkU&(aor0Ns{thGXmFmvZU z4WA0N4;j&3D`Xi{CG*C9m#hgj>b;(pL70s~q9JM(!n-ar9ZA_A)j#B?O113WSq^;D z-`rQ2JT9Rf+FnYB9)!!)HFw;EtvGi?S{}<8BJnwC5E)y2tkztE@@8<^>I+XV7CU6R zub{Oq%_qX3_F8s_X?k{hzG5gm5q)~Gspew9CCoBb$l|0VtY>EY8l>bi6iX%i3Dd0y zNAkhLqvaUjoY{}5SfVq`NMoY2I&}&?r1xc0AHNYsrOe8u-`I8y;6VC`2U^lE$BVfPb&o(UTzkMRb+Vt_u977hOkVWz zQJ$N{GG$kgI+Y7{H@&+UcL zv7kOSx70#mquZC(_llCzCH@JlbMJZoDD5^jZu@Ia_`mDJ!)JZ80yw52 z)_QsIPx;HRi|%|Pbdu15H8$Msl%pewP>*!u*bNp!9IJ`po{A~d+~6-Aq_^|N){U&^ zge!dY#F^)32|KOr)8gBQ(sua&I{s}T-dm=$b_=p(3v=wq>`*($n>GDq${{S%%o8mq zI8Ya_g8yF|aR)gfXf#}HIEF1%FU1~T`6e>AR-rIESPyao?Qne*Q}<`9@7nFH&g6g?H6N)ir5Ns)~> z_#BiJ7L^}wNQ6S~M7{*Ukqr*t>E4n(x45~!&+J~+Cxa0Nx;qdX!5NQTKPTiR9h7{0 zseL)7@hX=((&*p6)g(J;>`C~dAkGgey_6q%T*k4>**gAmP7{cmMp#$fj0r7^>?$7i zBNL_zjc{Wm)#ZOC=wl{LiIl$I_ba!cJWJ(R;r7?JQ3a~?Hpx-VuUm;nod~tNSL-O9 z&+|T|82x=7^=&6gGit;}v5$joM?2ir3X&zcVuYjaF3^an_B^IVtvYpUR*drd0(<`F z=clPc5ml&DqIUd16@H?AiZ#1)E)y4w$o=|9&^d`+Z`Z~Cvp|bmbQ0Q$;cfr-?&2@L zyk1}4ov;fGlErJqXdD!YzaB0{OPQRTv($W5Dqpe1f|zsuTkzet?61)#bl7F2V#)ki zSJmXFQmy*8NsLoHG!}qgchJw5)7Wg!FFPMI|Fhov|NHDXiYTmcp&DCrLcYaijasNs zm>zcb=N||T4i+IPu@>n`UtdO`#H*z=?=)PKX7KnUmk)XQ$lxjFDd@3XkB)`CL#&Qb+;qKHtA+eFi6VPAQ)uy;@@ot_vrFMz|r$z%CJAJ#`F z&I1>k@M{h$8MArk)z%_Boy#0d7g1N8RFUl)z3F|PcH6Ozu4!=oQ~Lzx>QajuDXJ_tip-$MNP zd)wo>1+cytkg~$cDFisA(oK13Zz)(<+(`W*Bv6(R_>LQIAZBK=76x5F8EhPSPr*Zt zUIM?W6O;5^1^DLcIKK2j1}O6Gdf6T*xB>}m{yTjE_oR?OBjFu}Ep-P;&lPNbeDt0T{(P~tmgV5UcFS2`1}8my8Ct)8bT3Qisr&Z<6n;6zll}3j zbDd`$mlVYH(t6s_B%Nx0;NrSm_nRt-GxcfsbjQho!-LC%EvWzY7V@KB(_HkdA1lKfQoRa))tz2fq}&fO#nq=868@ysbML8GO^;Ly#u$?`}eV z_U4~a^+}VD1p5Fa_)<9ztj(~)O?=|t1Hae^=txI7Mi4e`jtQw6(R{ z;|RQVy%qT{Gfjl-%xwmQm7ZGW20SkQkecz|EJI+nOJZ0mGl00BlV=vSTkA&{%~SAz z+$vAziN`IJUi3o@iWniTlu34pIuzj8{Aw zXK>$otBKA>wc0+&!WOInM)0|^$eVDhb0nG+$Bw_wUs2$XkmoiX=4iz5<#;1}@Q(M= zMfmIlRb+c6qw-H$MbItdS;;bAvNtr^yXvw)99708!C-NS0kfW(OMcoi6lApo-rZ52 zvDzV2D=IuBVaRy0h|{WA9Usec`l40cOPVh5ikWF=UN-E#a#AW1qe|0iXvd4y0mKF1 zx_{1se{2>gUOJu_;16Q9r7E)1;`1$$mz< zgvUX<;Tni#o3ynPv=Lk-*!-ENI@i+w zHPhQ5eXggfq~q)3c(qT23%=z3{wyjdGG&};=#a{#p;}1B=m|BI(!B5dfPXGBe%E1~ zlK(}S7pSbkfpiY^+uqxM;s$hjA)<3{@oIFd+UgC19j5MORR;0(;1)J8Z9rIcurmW4 zdC(`{P={E;WGdLwO$~CuS;7Nlfe{}zH@h#iU*_QQFNtbU;;K~gNuiv}9Ce2UR#hCW zSZkg{DQ=&Co;xH>M*!BA)>Kq3<}oCh#U(R7RaXPcz39&#Zu zI$BvJH4lpXk=s>6s(j!Ah@>2)?-ynp=aH>pjS!NGMJ6eW^%=~D)$ca&$X&G+qt$*) z#o~l1wz6V1pgY|`l&F}{YZ^zh{)Rolc2)?JEf!-%{?GZlu=4ASQHq%-RaJiz!U=lQ zUn#B5rs?48!+eGIE-q`#(7uu6v(v9|^zB@?V7+XqFDGGZ2fOS~D#wB0L~Y>pQtw&K zjTgiG)yF@venndJ;%E+W{oc=zB%vlgMv1R>hFS^FcW?~9`p1Vf6;&nlbBGK4pj)T8 zXus-*oNy(1Qd|QpF-WGiz*t#i-@@YOgUmq`p3p)-qM1gq!{2|+5y#dH-><`Pax zQKnQO)S9&r^@fYya7ehp>?`AuzS~l{e>S@(Mkme{ZcXU0;7@6p9|O;DPXCeEWcS^) zy^{c;Kw%Q$-XI1Qw?**Ft;b4R1=e4eO%Ro^Hc+J7wYv|#v7`(fCGvm5QB9y83Fv=p ztZ)np2dkXxCBgMibOO8HVWO^KqIWuF$XtvGS(r9qHruhU3(u}pE{_v)4Q=Rzg7E2f zQRGl4W;>0r^=9PBeA6T;u@;HfM1sxElQ}GFKI3dURLbQK~n{y z-wJNDM-Nv-qZwY8vSG3c!D%XTUXPQi{--6;P4w;Y4nmlzf7bVK9`zgsR5wiIDA^|` zbmuwc;7dyi<^E`kK8nu*?s{e$1kEhv9_}Eam~*6HPph3gIf~mAIjMLMGsXhwJprN2J_#`Idfd|5km4H z><3+2I4%2`t|wXnTTF?{OKHYS)>GG$=RV9!e*>p5u(#`<-tx?wEphm4tQXO+!B;5d zYu~Xgz765Wr~_P>x?qWX?q|iQ?5SFY(YT~G($4pt_e-3?U;RKn5DE%$+FrcE3%~`p zB?;Kf4jkzN_T++^qd^UYGP|JKn~2ttn?%ILTTd^4!5&CV%kp7b2E*4wgr4eu$MV^G z?g@5SUGn>Sh3`__qBP;R^YmPfJGQ0&`KM4W*Nc@Pi_Ei~GyX9zkX9JY;+{YCIVU{R zX4+)GMoUbIXq|aLIcjWnAKhOfzwkykC6Sv3ACq4z45vikNk>azNg(eBqxbyP?4Ha4KUTChkhoB9|KP~RO71k)t&8)2Z4r~irL zy@Gd<9~|k5dW&(W7<$%C`34z}>K_LbZA91eL z)_rB>H?#V6*rY|Jj3&|b$o|Rm%5>UZ{v)9a6=UbjQYeB8vWTvZCiYKAyh|RFHEBGh z5oe#4cWG|M>cGvrv-+kk>#Bs)) zf82elU)fo^6OSo5ofKP_a-`_JmDUhBodfGSs}nknt@Qqmim8@>Hnw^0M97F;o&n!H zM+g03Imo@~FsGd&r;PGMe7SwCz80m222Q0FL;hfwsR{!bvC%ZQ-y@;r`Hy(yOP3n#O79k zQ?Gtgx4pd3Ji%}9W8~@lCaQKNYpVC+yaS+)WA?;vCU4xa=lpJ~bKJBBWy2iomc_U^ zM&~k;g!lvL_?F~>WT#gJ5jR}1Ny-XR=KI%XyfZq%G?9WNpcB5;lz?Ms{LRKAex z%ua%?U@v(@VGU|5uKONo?D;i$#;u@o8>iJ{7`9VuQ2;v!STO=c=;BBX_o_XCEHud4 zW8k)o*9WMkyZZ`kAx9V5DQVw|d-?q*`|(o*#XX+zt0xm6M*YwCHdkauOo8)1VSa0| z`Wn}971@jz>uLekffC`!|CF|hx%}hE6l$J+k-h^}h#mD8Ahf~olKDsaXN@wLtqL#w z_0!R4eeKP%E1!n@Lmeax*Hh|j^ke;MZ3M8wC#=|k%gY(zHchBa^1w(|zOae-X_L!r zvlI2R1_0xTO%zm6pdh0X^AM?EtR5+mwCT7E@Rj zfjFASm=>0qnPyi9%l+dxW>CH-7-g6Iok$_~RIs_J#u)S!ui!uH2Rx@_zgkZVVIC|F zm~guh1$$XqpE_T_|BF?i3QG@9*=~85p8ps2g&Z}kz zl?rAI#L^$n^IP>MmGD((2c46)pdHiuVM_byprT9610Vn zznEo=a_ff?s}Z3JvU5XTKrqL649*~XWW3@8XC>_6oF{xta+}`@9GP{Ly=qK@XdK^O zp7J^cHY5hXv`*bVNc+~}c*u+~ZsAZFf!(<${QbxD7}x3zmSeLn6Mqz2Rd^v5HoPc(#I>S}{ELBx$V zr|+I?JHT4RVGV(>wPE}f(NHb{!(u}r)@uS2vHdugE{bt*xe$U(eCLy@9nSsb1+Qwf zKz{)d-a<`jOI#6IpdGTK4x3=U!v3#Cjv8r$h%yImBAJHrb_4gS_rEG1<- zB?UQXQ0T}RHY-i5RmENyUHVX{0)`*wqDL>^Z|Fna&+*7J6#|83^mfzKya?_ohC1av z>-(dSVuq15ZtovCm<#0m=`A$ua~Dtn2J_;}UUbPc1I_It=j%$rx{;EVB{?wrh_|^8 zRE60~T+K){G~YCMIc_O!#&0V_s~QKL3ctwV`j5YY+?XLIUO_dx(^qkcpn?TZ?UC9G zsD&AVo~U~h)z}ad0>Ths=bhEp=-zHdvfb>-f5?R2*87bC+PSu%-Mz?6SqSYnUGV7| zI8}b7;T*IVW_QrHm^f{-^T%)8n6Q19PmLrx?|1q#O2yl09gW&GNE zh*k>SS2fTbT=163iBi*4n-knQ#mS%@mxR_d->3cIT1ltS;+^~uZw@v?(lsMoI@68} ztz1fiE*jT8l~}h>P$2@s%k*CL5(-Iit)_@!zEx6%!6BBA2MKLNl88?av72p4L{QevWdB;_kxIQ;6Tm z$UqNT;z>l8)p(Y)ZS51-8E^R$)dgLO5>$dXPEe7KsPrqU&~ri2Pxln=w+RN`#u`%F zh|Jb9!rgdonk-d){zy};zk!3M^!BgFTf=snv zGm1qCd~V87KoqiP)-d0$z$Ge}^naeVO9zww@ou1NM;s+0nfml|Z*3d+{7Q&OA<-{t z65?H`OvZ9ONnHT&3L&i@@pq_hp?T63mrsd;xGH-*&352(%i|-Ub?X&WeK5BS;Ow%! zfWT@iYk{XLZ}q`5mg~=R@2qIMTtI#c5-NyksQO2VYY5`05FmslRg%(d_@em=y1Y6$ z2OC2H(V(`ZGULy00~<%m`4E1U-a*oXRQCu^Y>7;OFK=h{y~$$CIIDICqrQKR!<1(# z8>j0QbS1c&ve!7DwM}uA&4w}9_pNwwNizJPC>7j&IF z90FNtmS<4rI33HzY9V!9R%ib{>$*>pZYRTJ%3HwoX?QPA< zGB$Y8mXa$FrgCX<9dm+Oc2-%@<5|I}U~8>e8tzu)r) zX*uOtCb_j;2pAA%|4&HoL34EwL)Zs-5Gl1JnJgo_@)1KtYvmq737T7v1= zw_gk_$#=JBmy%+-559mXh- z?DRh?d9?FC_qK1B0m$dgljHzo^xI+qx+DKDbmX^Z{@C&vyx{(S?oMG__W#?v`}>Cd ze;5B}HBZ6*kH`0MP5>I6X`eMlI?eU#D3RL!}C9s!gjTF{_hMe=l`&?|6a+X zo&R!Jwsz0|Pzm_<1kZn!fOZwZa<@No!!Y*T49YKgd^~pRC!M>crKM=Q)OxHtkK2oWbGwz~q1xDQqxspBw7T^(-+usZK@$GrQACv$2 zt3M6-KOU#MQ8?%-{m+h}|KC37;ya+lU2S0_xjD zOjYr+M26;H3d5+ntU!%G(VY5L0;@{xHj5k0DYAu+*2ZVSpsPBH%f??7V_=4r=1n}E zFsvNqM-0cB_g85IXx?{SSk|Zb*w6ngPTesad~iJvBJ?Kq%N_hHo~rZTy#E;v54!Vz zB@fwfF5e#GRZa#QkkMY|yiev{Uz#}ILlW3z?$u#049wed^<;%SHw+>1IvL+l`FaaWU9I2hcoCmL<>;Eea zGI$Yr(4oKaq5j5=9vtbj{u>v+jQu>$oy5u&5;u)~SmADKxXzL~1_kBLvp*rlBT>TV zC4f7J%f`T5WOI1XKe8ku}5PsRDayR)sI z|69X@&i-R1k97WD)4>L0v;nc>TSn@q(E9om`mWf4a%Dpy1x?TW3f`fFEf_o}TlCoo z$XLi3)Z>VdBvH){nCAdEn+`}}HcKM}9A^XEPXccOrqGQLNa4pBL|G7xfeS9*5>0X*uI`RYl`=eHsGiAqO~<7-g4kHgSLxe0m#)Gm-@zK`(`w z100XUhMKyG0~{aD0}twH(JK<5XKLPM^Z2^V`=d?*^s?Y>S>yEQO|#^aj#w~7ej%au zWZ`%Qx0WRTvyl?@?eR@ZYjEym-)!y8y{yUF(@|}@s8%^$=voBFp&LxW4L>ix>C9x{UpP1Ervypq6WmI$`w}YBAWy8nNoa7*ijEC_4jad}T zKb%0A9LLFnRL#g`zJ|zVr5i~}1wP;}2xb(vgC=pBQ7tN=O9!~zu{QTIBgaG`KssA6 z637NPqDbOq1=96_PhsZb30DVY;81zrDLQ1Fo?*jvHUip77a-it8^D`D?+%Z468rQe z8zIxKix8)Q(KS`U$j(iQJ^|}@@B!Ii8NpoD86(+BmDpHuYNOarFo;v-!%-NTeNbT9 zrs<@t`pl%zx~w)Om9$|j%Z5pO(_6ruejWT9+I9p(zrxGvK&Y!Bndkavt(C$%aG+l! z^XX47BO)F&LS0Qt4!h93g(2PAa3S_H_g^JTN9N9|Toc3!q?>%%y%TNB;YcX%2)H@= z`cN7b*&kuw?mWp&BcdqI$okKTli#g|La9YZ!O5Ui`c|7@@)IS{JFJcS($|AE_f3sD zy*V-~`&N1YkSs6`Yi;_AT0S+R#WoNrM8xe^;K^?H#BV{lScYUl7hVVy8>x0`)*tGz z%73#g2nQeBSr#WSoi1bgNuF}~Z)Ip#Q5eSe(7(}ippvrFP=pHYXOHbWlvjF)XIRd|f)No! z6E~Y|khjDDoqY;2Fe9QJQ(?S`XHiBbGRWdsP_uUHB8U+nx7vd#Ddk97xw9z9fExjN zgGYArEC!P}^r<+RL!xyt9C40Q5U*ko&tVEAJu^{Sja_p29zp0s9hxfmO?9Ud8Puj> z?mtz$L)cF|GMCbz<{LfjR{eYKhtlu&4Nnv+%mSH`=58pc;!WcFsQBYFw(z_}kBwQW zLQYreA3Wo%EIw^A(?82?yeKSH=nG=#->K4FUjjD4NYys}|Lpz!avL|&D2$)Kc@_9E zN?Gzxq`oY9kDm3Oqeyn5U0YH~O0s$OY{lRVNFo{zCcq43Zj!g2+jy(asd}&Fy_CI@ zx6lA)0L%x6ltkMJr?xiMaL{Np8vTVv<0MNNawZIE00kqZNbM;M8Hf2p_Nv94z!enk zg%pq}02fm@7b=&~(|E_8&)Yn5O)ajIahDn64{~*b32IidHKrYQ9}_OdG=bqxa7v}o zG&6%zMrYo=X2mlQl@~I>%;-O`N z3Utg_h|Ahw9f$Z(4n`0B7`#$_+WfC<(D6+B?wCZAz8LR}8N2HqqlA+ljYW#32QB}| zk`c!t@jva|6FM5F-DA`}=$3vANkmf8Q&((vj}g2SSrCAn+a8c1^~15N;&ZTL&_ z1_?U}3vaY1!HLw(skzVff=mhTAPD+lDmg(}w_jAL1tmJ$s|987YxSk)#u(2oJ=HrM z7I5Ct2_6v>o;XH0N@z^ZWf z!+a#{Pk*&KAi2{e*@6q4*lUYeI5V`GwQXtEMlT@oYmTE-@E$>RVnGkXNYN z+o*<8)A!DE$CPl?vX6i=EK7aQVN-hrNRvw)l`+iq+i%{IkdM-KuQoPCic{1JQ1?sR zEj8ToS}FA8R~-HJn+n)iSeM$PUw_rOzX2U8jgJz>nUHS)Mg^j(xlKSkOr^^C$A%ii zKNn~*XS6k-x(m$oWiB!1%(L_^7MmOM`iQz8 zRod7>zoH>$lOOOT@(v+LXlBF@@Cgcc!1LzJ8og)yE@C)DUC&?W+BkeBG4qD_FYJ%& z42uVafak=2clTeu^y9xrN9+23D|wv!A2=JQ_q)G0T&}ZcT1J3vrYY9?&U17soqb|9 zJKa(|31=w_lqugGr)lD*(u|pa@Mm{#|7Cx-zuVt)eoh!yKfic!;QWyBsB~IsBVpm` z`PsFC_j13#cO*gX>>W8@iD}?|_0svu3`)ucxpWwZ(k%J_r8FC8JmN$snWNkqiKRVg zm9%iKzboNs_Wa8qn9jc@sVTy;oo^yb@$Du%IM7UOm*ZE36m1Z{V-h8Vi+-M6kwZ|j zuquUXYsde}%Z(!i7zKfhA;^Ms^0iUwZA8uD`qTNQupzO5+0ZD%m}t-Nx~US1L~ z)hm>;8>pOs`gO;Q=1w)tY~?&VGks;))WtnVyYly)=jaVdgRuhZRU4q6wT$284TK zPZVgUD}Y&-VV={|tj~(VVD7@4OH&Q0pyo!?GS+l3wuC{$>(r4kKm%Y`xnv8;;t<47 z6|y0ric})~d(EDW$=(RbhjJ5%ia`Ed+xDV@PZ}cImH-2lBPYz9)iuL|iWdo^rtp`& zb|Ggk!Ag#G)1W72A|(_5{&w53l6D$S8SkeYlOesU+!Lz%xLu_&vMRi@^Bgb(EHL}@pULv?6UYdc2!hccw`k6s(7`bi7y!pM`OnBB*R3E z-DL^tPWQT~tL|EV2j>C`l)6O=pQ$!1#+2N5PX-W)BURj2UTt~X(zd4cTLncbTUK+A z?6^Ges=Q9Uz)K(ZVeiYrs4|gL3*Tj-G_!vB?~*JpP{@_|MlSnv>4{^SQb8)L4EWYI z8hvZD$`~!5S1LgLX?G5!W?ruHjToPa*w+4)i&gUHBnQ`%v}SI@S5sE1VsRFC>C&&b8e z4T2N#ke5h@G(Z6heKu$*9b0|fzsm-M$0Q}H{*7=_+d93&!xL***FlDlI zAW1U7qG3SEGZmG9H{=h(&SeDPwj|OXseDh|d`eW2007O8Um3u@;s88q&bk%S$L&(3 zYgNaCs)Z*fB8$>e46g=Lw>J-Cr_?qyu?lQ&*ktvGqmg)JovUkweO?GhwRcRh9Hu(r zWC^f5SFa^4~zT`~dT+LioQczHSu# z7Ss(JoGthbR&52p>D!#)r~vy2(%;71>)0DWF856nOYWDq0lYb=+#vF#dGVvV4dxx= z1f^pfL(wnOE9R;^FV1T#^wI5@!nrZ2BSe-YjHe{**I%OJY$nv`q$M^58nl#()^A26 z_Q|}3_G-1HqtVQ?{0cc_Z!DeGgxaU8<66l7WYPOx{b!E+-+%G)MXCPd?*3Z-ui{Z> z-jrO`2df|(M(0IHQ`77cz(y>bxD|qg=zdI8MQJq5VioD90znmn&?*^a=@uh}^8J2{ zMs!Nz{QfyzIj*gSsmW&PIcZ#`W_92E+x@wysMIh1s?b5|I(_GKZ$9i>vq$RopF!Vn|f440D#8w;BGC^&-qcYptketX3zM z%Yw;SsGRNUnQ$(k0|qd+&6VfE+)G!@q>GX6)79IL^|a9coMq{fH@~Q7Zv3z8|Lwk5 z>;IKJZTvrAfCarj#WYnq8Gi91f2xNHwQGIc==v!DstTHF;VWE)P+N^_pgd8uuRz!9 zuPM@}8rg9^hsYl<%4d*Y$M`6a^FJ$jYR~@&$0u9ZC987A z)Nk6^GJjME{Tu7UMyW4~(<~bfK;-1$DwNua{=9eXZ<$UWSq0d*`#smWKBi5h_v1~$ z!()CqWq&t8KSSu&{!KnJ%egqEiFL{CcsC{%QtjaQN#=_Z$t94lluKhNaJ(qal}V$- zzXW{9vN)_tCtmCMPy1=1|IK;lr44|2`hT}{|L5-E!CL>X?PzCooRtR0qhZG9{c2XVrHeCA#cFACBww%llRO!WVlqKozmA#+@?Q zyr*$SD((*%nza@VCPY?%F5;&^_k>%-?#O$C^9` zpg$o9qx|+sRUrb(#Shq&Smn#}MzG5bYi>Xg`HDHXD^!@2|rUbDjqMuO!xkwg3G4ANG&@`~P+iUhb~-|0J z0H_a3p0;xvg020fp2jKMgrM)|0|?Z<3`^@>)!;1^&V2}e&o~TeN?DAf%e;%8dpWs2 zjOSiiXF2CeCs!U+baZP)Ji+V2yBe(7M=Pw5itgO;zXFHwBuNO|fNKBL4I-9>F;3}} z^pa7xN#FLIvnLDCgL)N)T9Cx*Xi2J6ciNsXx=6`9idgyB3sA&Q4sSsbtD_|;Qr&5L ziX@y(NIE8&$PI=$)G3YMh3FwNBxx`v;bmg1w8u1<)jz6lM|4botXv7$rl_%yT|~Pu z@4lV9^BlcVenvEdb{~?61~iRk2#Y)S@;=L` zu-+i~!Xt_eu%ZIj`OqJ?4&K4&x6wU8V$8BAR6YLn=JLWb^(w<%IS=NRxz~%T;rds> z;xd{Q_Fg`ZhUpCGUg`RdD^3#3m3<7Dn&j002i1;5A+Y5a672V!s_Y!idX7I~JO+(| zkAH*vBJI_lg+W|vAa4w_C<2o>x8XMo&o|vSQnrtC{>cGBDILQi{+O2uCH}HlHQ>_v zwzneZ+?iWQT>VcwlxaKVw$S!i(c4VONj;|!v3*&rX;R$hXQx0bnyO2#>MD(yt2#}j z;Ucd*W?fKFOg`LHkRxhlZ>#F=NNcMX@K8m#91~0xKvcIOOS{XFlr$A28mgj$p-FAl zPL}2Vxpvu<;?wzqF7UC6;o0LYd^t1L>M`1~HSfBlbYTa;{Opopj)=9cbpMCO>7UlR zO_`F0F^hZZUa)_tPo$_}cI2c|7?*UaCSuNnP$1Gpyd0PCA#NC_z6}Huil|haT2d?V zln3D^SiV&ewXP9H{eHhfna0FynOUo}71;|K7j(}t(5F*ec7^zq?5vM&z>a|e^CV8u zJ!kQ#-+l(v;LR}eXc~?~G{O9?=n{)+Golbc6}DWJW-7M_8THD$fI4oDI(754)V1b3 zzZy3GwFyKKn$rK;YP*Hxd33pe5MH4*Sd2M=Dy(TJBDjqB|3Y^=V2b6?XPU zFsWMTYHBNDdtQhcbTL=C(A_Fc>n>5#S@YtoTb`AzD;H+X(rmLL9Rs&^O&0Vk%~1Wa zeFJMC%%lMV#-Am;4p;Ra8RoMwZFfv|FV*&)%v&Dz^&$J{QyhXc`<)^+n*oXp$nVu0{m4LhmpP% z%=~q1mUYd?d6&PUpEH({@|v&dF5{8ya&e9svZ`KM1Jgb z^|?IF@}FlBc|hSW{mhg9`}=1P7oZU`hTh{IRfBSj+B@|1``0DUN6e{P}eCKlY9e_V-Kmzm5*p@_!XiEBRlr zfujW6?Av~20%q-=uD>^sH&(a(*;2<1Jb$l{vUlnJESvlV(HQ;Np#0_ZFDO+R;sb(U zo6gA*Ev~d{DqjVt9KTXFwU6RP#TK>vL8u)J$gVMzi$`75on)!{=a%aqNF+BWnMl9E zLiecvZ9Ntl1_X{0u_1)xx6vR=(TJt_CS?U#(B@B!#;CiEx;ZxR-v)YBOr}PpspeSK zNKCUQm{ddXI~s@Q0(C`1A+}$E^rG}{#CkvwMv^O9l3(I?IjqL3VR%~c>rYjB)|}}u z(`FE^IDR*O?6T2AXR9t9PeU}>AFvu7WH&s?Qa!HbFl76o*1+*czW@Q8AlWDS+E5UQ>iZQ+ zS`U%XbWAw?norcMyGfnf8AGLQwCQE1%)AlJ?v_|0g$X6)M1<-#wJD}YFtXR_G_!o^o7Wze$ zYH{rIwkt$_1A<<*vv;a4>FlCzp3fV0QTKT%S+f*IE2WF6*V@+Y`>tk*f`#{}8fx6C z(ydx34cWFq8ZGQex+2MPD-D+FACIC_TnkDLHsj=qMKmZC$V}ARCL+Uk5(q$`&TOBL zV#Y}qb>CnbRaIYcCr0TFKma2roN1rqnF?S;wF3z}1#z0T3EbSpbTna`xs@=pQBs z_D=*IRnQ177Wi|ytG^&BjQ{aCwwyO+D?ZnL#2&vkHLT-g__TtPFUSM1)XdKUl%w zD~R!nf9!OfJ+REvy#Jri(t|R<=GA|D@nX;4|KC4)vEKh*#nWd0-`VuHHWtnAEwaCQ zUUF;o?p+S1$%}`NoL9BUqUCg>dM^|{v0f|;1D-?;V7BaBz$!GFSW?*$ zE=KOVIq0|_x5niUWKLA;e_e8T=f{Av_$M~FNl5Ty=YJ0NUhb97{~WFF|60kTE7q|1 zuWW$iG+S49p5iD{H+&lQIPU!NOOw1Z<;E?xX%bt7pWrwR$_vn69Ye`V`3DqbARkgw zw^Eg4=@jjxFc86*gjqyXGxL}9W8@&wknsslw~-(Ojngy{$2&VD?%&fpnvjs!LCnhK%PeVU~Vk1L?5R6iGczL_Q}W zSQqLZ*m#CG!Gd{s#5C$_E974+)^lq9(q%vF?@j%q+yCq!^#9ik2#4G|^RF+cX5QW- zrMsFyVkV#no0pbnUKhn~{0c_u3OiLbNRM(9u>p?yB4x>mRioJH$Ek?$OL1yI67fHQ zq`&-vHbHkf`K^Y=1wwxBxBt0il|Qob{EHQ6KszHfE3&d}#bW#A7pHyc3k$`rT9I7| zscy}A;Hp2fVD7MmE=m7w&TVFoJ>hCOYN4vWUOPF&7z%amXzjc0MgWFtw zBP0?M6lPNkVg3+7{wvaE)(iB0tL@WxyYNG+ZA*p2v$$w#KxgpM?Xn=z|Wejng zlF>|o$p@Fem#s2E6d14tRZS^r1tlyL%CU{fJz_Bt{YA_XkCKmVkeC7Z7KwRpsn=^3 zMKm6%!j_-@Nay#7Zcrx(YMFqxZ+O6G#Bb5pKl@O?nAn&kbyp)e7pG z&)r(|1(a8wiJ@QD?JF!8KC!ylEeB5u?vgq!|MoHMA+ffE)|SvJETK92|G|4d|82hh zf3bg9s{im}cYXiwN*>VikGl8sarS+r3TDG$r55KT<&+3CAVbCpl=D`*6I8(VgbD(? zTM0*M?`M)kM3wK+DqT=c!pg0cXjW{lfG#(?ANmH30YN;ALBm&U<|LToC?XLR6V=rO zf1s0WQqg4W6Le6r+=#c7a(qX2Kg4z2zoJ4S)kc1?^ zfvEH?g`4Q~9Rd=a35NRsRX2v<@cm4rWP;R0NEn1qXe=cqP5%Q;rAp2(xJ{U#&|c@5 z_R;weF1S!zLfgf@l0Y$;5?(+HQJ5(lRptt8AEl8V=*ci8{EeQZV|07_w(18INhVUH zi0F{OHWeEp4C@4jJI11zZ1RBw8PID}AE-W6d_xf9a9<1wxBBW%8Y1822JFB@viRRH$2g^pMbC z2E`bOxs6O+`U0rj-oAAwXGn0GapH=IcPu2wX6p6du-T#()|lO+D;C-^1+LIeIS%fC zBq<7TEXVi$g2m@?NIsD8J=)ZE;g)2k_vZCNuEA4nW?C|}X|=CZG*HpGS_4&Q7Oq2kPyNiX{}UEIxcuil`~T=@-_QR( zI@(>||GAP!T}{Kn$Fu(v7FJ){S7-DuXY<3S>Ti9Q71#!uPJkRf zUJKT1(%*jT=mIP!LBO&Y&cT4Ft0$veaOFlzIa5;DO6yAkxp6?=vO5yDK%}YpvMBK^ zmIn1{goS8H55LK>U0bTE;ifm)Bc0$8xymA`135{TOnpf?oj}JPIIB!6>N}~(z8x}V zBE2A~WX%?Ivc6uHL=wc+`B}@(uFlVv?MRFRk?gmB8o-x!ICzZTA-c?(fA?rYyd2KdPyP?HlI>z zjAynVs)=Gz7JtogK&}XmmPm2)Q9tY$|6%a>Y;vGQ=Ro+ZIW>%+Ifqc1mDNxArhw5S*)62(3qyD&QRPp zZHMEuTG5c&F!Yo~+2r9;QG+oYSz_Z)B+N0#{}(Av$uNr^lmR^N{MWAU|L^bZt?R$9 z<^gB_M$hu2W&nGv^GD18vPiIs6rd8tKb>6Rbt2HRi9pKF%>5I)Jrqy)G?J%#Pn)>c_ zo&UX($2tFB%FZL8mc6y^eZBZ` z^Y50qW2xFxFQ1WiY?|`Vo;_FH-b$Y+mnwx?2i@WXc2`$K=x+H&f?Ex<+*J;}xs1MH zS?9tIA6Sbrn0AfJqUSPRwZ&vB{;aqLDL?jZLxB-hjU;Aq4@yg-KbwYs=~n1%_|say zIzl86R_SrEpdr~tf}wkYv@BPdbC7T+y%}aM<8OZ$e9`s1wk|&5r@j8q&!H}C0nF3? zyMFz@{TF)&>-s+{dA#%Ak8A-{@XS-%0DkmEd$c7@?)r|p58Dx2UYl2r_<{O7ABbDx zWnMJKRoeQstF|xWGsvawmc9N)wVn52fo;~;1&cXVtTmhk6}8=Ij?01?x?NObL;mz_ z;?ua?z%MIr8g4rG1x;|$H9wW=9Je8u({XV0*y**69>&}~$7P`=U11u_5nH}Z37K*dl> zyZ3%b-{zU(V>_~6KSW{1CrGOAyYt6ioQXDr|EG^s!;Pwq=V#~PX|;G%JlD7Qe0ooN z{jamjme>H8>;E4fl>Ps;{$I&c%Kv<1JHX0G{KG^5YR3G@h5%N#3t%(aItI`x22e+` zbr4|vJi^mn|C^VK2La~k{}=l&eEq+>yWam_$ph;Bdp))2D=cX6*d{>2=>+qctqM0l zpe$08p$x-LfI5$9N}*bn$!xN+nl{E*T&ea_e)~78$e&-sneNd2*#Q5VAvPr(8DwnO z9LFPqHex&>+h`;ILMnBAx*&gNX$Oh%uz*K}t~Ql}F0@ll0rQ3D@WIvPwlXhb#$88w zbgeDrF8F-iJojw=t<^aia8tVKbngAK`N-`HW@kysx%afZ@U*<{%*CO_HM#c0TKC}O zU+g?bCvoUZgJ!d08Y(8jeB%y&=Q&h*lb@zz!ig$5#t9B*2%Xq# zfhGG6(-@IB<+Fs*IE6deRQ1aN&&6TAq6UuX<0$GnzE!nlpgyKCO}nVy`g@!t(JXK9 zM_sH>@YJt=N%6;#0CU#=i$nkZ&%LAF{q_0pl{~Qi-!dFZb0tDT)nO1Vm%Lh)t|bl? z*@8@@Yyy|^4rxThHo`)K3K5O9mEND>Ni_cef<~%OKBOGqCQ;X^rm*Yu|2h^Kx600< zgm8U9v_Mt`4lGSHz|}KBYW4Zs$?U4M0Q zx=;^%fP)rrUw=pmk8y;~={|0nvz) ztE+FX-!3wlvTY?2pP=7TYyV3R?U4cibL{_v!=snJ|9`aJ|6k4HgwJsiKexBo+c^Wu zrFZOM!bb*#1}hg-suJ!dEY`n;=9ZGShH)u+u=5;UVJ--Ys7O^WIDz}GQ&zDf&=_g} z5I%J6R^0N8oJyR9M%`p2(0IuBMBkbsP*D}8y=wsg15=XF?OrO%5s3-MDO`_|O1=Jb zgc2;oJ>#K(h&>@;8)qgLnQ=1es^X88{csXev0N7+k;Er)K#AxBoW63l7;oxvf;q+E z;1T-NklOXi;t_kCUKONPy#^5t?#3(=X%Xfs+;Y@<&YS$q|ripU#6HbIwz)N&F1=uH1P~avFOXTs%gHhXK(veA_z^bmffndtsaiwU0uw_P0I6-3P7Xl zV>(S@wdL1qiQqJe+h7)xRE!x*7bcx)xG3RFyGG=B)p{qum4l{?CJ>_4;4Q zV?{;Ojfd8>>)dBisOG_}wO3dfm@$bLJI~SA#u$z9goMzoKv-0o0dAI+{M62{g1@~) zW%$U+nX)ooXP6_8UBwJ`R*5hxgUas6oIq*EwWn-(HrM2;+9F@e$rbO57u&X<3bKa;9>2kk0 zQC}gGBlhLA_vN%}{nP?l9V(S{2_h_n%Y;@PYPgt6&svT`*ZTTgh)mkril0h9pzfG~ zepJ81AE-L9`V-BoZjk?RGFpZGx3_zE;LHD`-F5!YYM!$EkCV~k2!04JHAwt88IiUk zUm_)CbuRPe3+H4DsY>BR<>JfGva7$YIp&$4)1Wcz!FN?NqfaVCD#`OqoiBZFc$fm(Hzk=pt~v0NI9$3#>8Z= zdL;J&0fRI`a#?5&^&G zkof~#7H@SKL&yKS&<)|>3JX|}-L4%l+z1B=CsWEY_%UMaE=y2%y4OWrljgJ0za|mE zg7ow21}*;oQuH#R3`CcQ(H3&`595}QwEDH#vdEv4Vn0`lD#b}JRnPdgAoeYqZc6wnwY|e>`bqQW!+%0Db;v*5+!4NkxkIiKH93E zIt^Q-pu;yUA{QH8$2&V;PLIEw{?9L`J$`?D_~KxHCzmA}4>=z>ilu3>U*vIK82!%~ zONo!*M$CkW7DecP2oX(KNM7l<`cop9FrG@k!^iPUVGych&N^_lpcaDiQ#c5GDDvI0 zN4eTbY)=ZiTS-~9Zs#ahDNWR>>Z|3eW&TvF07t>7nd;_KCJ`8NHu(WhqLPTVaj5sZ zjTx(ODCyHGp^__gv{l_n&3ejsv@l6{RH#9bhF!HPyRa6zW=(Vr=XEV6?CKZl4>{#s z#SL?amLvHPngQDNG%NQ}L$XTk6>t&?TVihJ3{kfVn&1>;(gJZ0${;{AF*suwdSPiP&JiQrZOw{m&PV66S|~76=vQy*@&` za2+swP{0t?gr{sOoI+J*gi*kfynI!`rGD7XttbVB8_ozxPG#eQz`AqT94| z_LtHJSU5nrRn18?mwS>A368_d9EUQAD+(I=jVg*I*u#2N+RH4@PR*v`&U17{_>l1l zDk|ZWcW_(LXj-m*rb$-dTB2G#egVgK13mB>~f+O?aNqT;0$Clwup8>M(uRne^yaP6jDhbs#;R=V|g&iu?R zv+=klX1)DaI=Q#B9XQAS+uz^c_v%0G9==%b|E}awNx7vno{we-R-FG_$RMm}Up5RW zpln%#aH#OL-?T*%vy^^i#-Aq!q5rL_vNBqBuc*RU?ztr(NG($vfGqM7dW>WqI8CHI6nZT+-=8udR^+jw{m*u4Dz!)6&e}ivbJ6#oTdo3G*w_kk$t^xWNBtdjb z4)t%pb$Y#CV?YA>cDjZL1iapGPHEe)OW6>z(WYwkD@xf9coJLRzwfI z+Y+aSM@y#x#tE)F3@}cxm9Hn^S7q<(*eYbTI4No=gWqI3*Jg9YU*5}{6#2r)EAUz_ zGk<=98%#~nPrLAtG6q%C&neG+{Zv2o^4}|X^#C()Ui|0fiUOC;13jzyE)pm5M-N!x>f`g2Fa>sP+dXZW|q@6$h9zMl`s{qQ5426s?g`arm$ zL)$aqE@75G7G95ixp$k!<%44OukFCj_lYY;>Gia*Kb>>C3w#m3x&Tqmp8>w`$Dc+5 zZJ|w6!7uvwnLeoQW8rNmrjfN0syZo6SsLX_V$+|oZW<{vgyaJ%Gn?d&yu*q^_2qn? z2cGROA?UJ{8Om1m(f=k?^Yj13M}83i_b+Tb5^Hk?i#0EI((+^N^@KhHX zbPPV@-nhCEsNiZ+F9msczhMZ0QDp=e!)g`KoNV>3dR7Ib~ z93WKZ1ldciYOIYeP^l(PU2jgB+)_O@IY4uoHaS6P2}h`zLm$BzLUS`atKZntIX4?~ zTeM=+G8b9KSni=en|5Cc`%dfuLH{t2{t3c3z_HG}E{ZOCDYL5#r`P*`=8Vsi`+xhp zFZ}Z#NAf>w|8E7)llp&o5%_xlPk++Z|FaJC`A5Qh|IhGmjsK^Aw){UE&{F=I19EA9 zEk9e=(qD52@>H9J`Bb|7Rpj}TpM6Sz&g>>E)JHfgviuuVg5Az{i|oT1RekE}kW2OJ zx2^2k1-SDZ-Cmwu9;1^mRM$ZUSd{jJYy4#w|Kj?E>ntjJ%#8%goAN9o6^Q%CP}W+yT75-0UA2@w=EBjs~5bCkaI@Rc@ zo_hITaVgc3T40X+f3bUT=;wd#?XLa5l{_G_5*CK}R1aXPAMF5G<=tirWdT(}sLcdQ z!hx*@DjGYoq;-J+33u_*07*D#R}{edaK4}6hoP=mh>B4nGt9Q70jgH|x~S;qS|gxp zF)x&#mV|?Koq*~Ysxgp0-DJ9l?fF#7m6oUa+pysZbGDj@R3-lwp;xg>Q6|kJCW=++ z!B4!r!20>bpCg0M6O6ZecD#s|xF$nGntKE5|NjwV|67^ASmJNCY=3 z`t7`5YX?=eSEV~hI7?Z;fQa33nkE(Ys;L0n-H2I8exz03$T7n=FJ2r}{fyJGk3GCA zN<(*dD%xc{(nY#^R$cu(R+u8aC$pV{Ng2}nWEG>;UpskBU6+bopXg@Wr;MC{FGy&v z_1B3kP`q-p!MYfeC?Q<*^G&9| ze^E3jlScb4-jMXB*;|IguQaG`h0%OZ({Z_NWVJfK@|xMK^$Mlz2K+RAUz_`pXI$Gs zRWeB!ms2fL#_@>27=abR-h+Z9jHeZxpyv3>aBT(anc;ZfxLCX)X)soOxR(mM(#PW{ z_`YVXLwB#*HK_~)xNzodEo(*s@YV*isq{PzwE67MZBa{Aeq`9Tv?3~U9=$6vs)+px zN!Os%C*bG|uYxO5#);;DY%(yKt1PNsxqa5qw*uKl)-ws??YQr}NL_DY!18BRJZQRJ zfDOy(?Um@2nX#^66F(NvnnYtwetHulHPTG8l7BM5!>NvsKsrg0UQBEaQ%UOjeODzp zd*4(9_$-OKsV`~p8>xKa-7T*|vMo^In@XCMhWfR3)qzzd6RV<5Y78V!`7B}7T$t>U zJLQ-R>0NOThUC#S=!uzdN^{sGFmsV#tE_=kWv(`Su7V>84*V!i18R!{D~EgP-&M`8 zrsJt}*Ueot^<%6~@NPFezxY*mJ~CCwu%#v3)Z_f&E=J8t=2F)5n6bOkjVwi7$qMwk zMZ+#C0k;@i^6Whs2ohwRbW8UQZa8TSPS+NsjB!a zzxAc`xw`ztM#~p2j_P~>pkEqGt5?0N`m9o+Zx&{xdR0mURu_6lGh`gD8a-)#?&ot~ z5h%9!Vorlv7I*q8No-f5H+rVizvQOB4Y1NIZ0RE@l zRrLujol-t-_V-+!n{6x{W*KaGA zSGD^iU484MpE%yx`BEHzDL|FwV^+&SflyI}c1CC=^lH$RKr4Ag2k(oj4FF< zA5Xp!4!ffjTQ<&ijQw68w6Ta(9@N|uTTi#0HWzm5!rM9376IRSzpj{*xrMivu{;+) z+W^TxHor4(_iBNX*dFCvr0Cxj>r{m|GeIs`NY1ay*&N7KCTh(!L^umjr3`>3E0+HK zs%rJaJ9}@ko5SzgeLbd}sKg863OGq5_JyCE|LEdhf>OGV2X*tdUAq%+>$NV)!ToE! z^Y{^-hW)>3@Hp3h&#(Wr>*s$T9=%-Ge_hF=^zC=2kGJ_Z4Hn(`lP!9+`Fw;6DpC@= z#m?>5rF<#t$Hgjo*-#hDnJOBVbElfl0&hAye6xgDdt|wQ9^xn(;Nb2|@9f#5znvuw zwY^4=U>_})mSmH$!X9azbMmN$Pj#YFfoVm0(q$aY5O5oCIvpaKJ`>1rhV-?7@@$B@ zz>GDA{K(JxcYn^d^Z`I8`HYH`#-q~+(@BLnwu*$hk7-T2C{!hgRn?zZGApdHVe>Ke z$2W9=Lzb@K)|e6c1c_Sp`kxQ*BN+hm^#9R|QvI*pz4iI8l|1VF_g5#Uk5%zgvdw}9 zfNIjS?n}ASIUR+(fxRjtv1J3%w-1HYi!Wefy|?(CCB8Q5O%B<_wl(1Il92&`S5Yri zb~G;`d%3D)j*9a&n8~Xt=QY_m(@&NO{)b7jmW!`tPBk#%$1Qw$K18ap*!MIfaF!%w zL;&-E$+L~H5ZQ$2@Jscn#?7i6e_gLk!tFK|Jg95bc)p^uoVuTc3peX@8XJFTg;;zBi_P;#+;=9rdnyi|;7f?sC0{IXOBZ}m__i(gVh`Y{4s$~vU8k=_4sV<0&eb?o z>L-g;Fxf^T@7?!-oOto4d6~{<_|(h)QU$)HRl(f&@BXfT|HHw-+W%Y0qYNUewBTdK zfqnK_&?hW6uXWe#!ifGIp!Ud09-P&1K}W8-6ytnX&T9CPj@W*>UeqJiL48VBt+obg zWBt=#K6>rb1_x@9iyxZUeyMt=i`F{*2>$Nx=Awt1r$PTe^xCKVnWO&?j`m9a-@(iM zwfsz`$xln)Q z(`5hYL*Y+d|NX_@e);~dgLVCnl{|U@s{`DRlmehRXJG?Sw^|?(!0>3hRDk^W`$E|O zqNw*!7@kFq2uIhO9#)YSp!+I|_a4V9;%EG%DDw64r3t2iE8Wut3mXfo10441IhTU$2T>Z}{p z&U1+;Wt2o_C=sG9yNi|nD9DAnVU_}XJCB#dXu54JXVSjH%?D|>y znQQ-_s8#R~H(=iW@8Q9|zyG^?xVHaS@;LUtp6f^U12oj-+=0CD;$DFf;B7O7J%(S( zOE45HI}7HQI-kLGyF%ANce&0j{=FMmW?{FE-Tl4|pj@V`?Vtwze@_NbPY)>< zVarX0qY*KSVb~;?9)w@rO}d|tU(jIxGkzB_96sCum}mbVygcyj|Ca}QYx{o{4@iyg z^;ADr;LotmqPBkCY=K~3&Zg~xeEH{#h4)M|$DuIqO7>UY$wG!$4sRi&%d{$M)cmNW zuU6-D^wHyfk7Ww}VT~-aj@nsSwd}BnMdfrd&hO-)>QFI@B^Tl}cO+R{94FpJnNY8U zzH*>62g}9|Z}MvQ;Y~sUB$)L7LPkXVELE;Ai&0D?1m&yUTK~VyDOjL^R%ERJ;Cvcv zXZp{&(OK7T{}BRwVi zU)?CP^COMvqa6NfQU7E2z_;WM%~-iMMMWYzn*PzmttzJ@}ZDGFyEPQ8uSW}V3^zOdPsH@bwj-?>Vh~nc4I?H zn3{H*Y(i6%mrB+|+HwI*B<({N0?fzdl<<2_Q{rLgbm@S~jif&6<`q4>5UthQmPMX* z4dy@SQ!D?q=dptGAA5&~FG~Brdq->ezlsMWvJQfP*q<4P0{k`YErAmhusFpuMq?69 z5aB%c)3hR>0%an@Q8YsVj?oxWs}Y8sHz{{$JTlq^Zdt=|F7uUdNJHp{Lp3TCFwRL3 z*_z{|!0w(#5gHJbU?H8yl%a0Qe!!Ec`#?=&_`Zw!xwe_7Y>GC8MBTtqR7mwrg&gW{ z*=8vn8lno+1&YeQr-Y}HRzIA)dn*U_*PF|Wt_`mc`YJpY=UO{uNQ~LN`4jGylS){@ z*5fWhWhO&DBrt3D1l_YN3ei1|Q{|kd90#cdg2mBn8x1npM8%nO1=3>H^RXOvw{!FV zJVhgt3Y1_jX9^2-DFTM9d&wzs#z*7>n&31T6LV zlUJy9@;{;?6+1tMWJ&|_mWqe?0`uhm!TzD2|GRg%uK%!-XP#&)7{C#3+DC_QctzBl zh99=khHC2++k;ldo-SbfSvTZox3vy0s8@cpOojgJ90K*73LY0XSkdsqR%w4#U1sd` zRk>%cI(g+>SzLcy$%z@dqek7NRIJ|V$S(C)-%ttBxwzCqb1qO&gLCK0Nir$tp}2zh z3|b;Jm8#zUKNPfos_H?~AQ%*RL^MXldknC+60iW&YXYwqUme7x0?vXuLAUQo#$G@(l)L@I zs)zDSw$Tyx-7H2yz|7?eLX5%bs8bK%bCk=$t~J1;JoDr~$pjF4yxy95}r12Cqu+?o{F1({^3yuVuiBjPKYfPnYU6oqd zUsZF>qXpJBwLX5pXpa2XC*~fe0_Mp7{k@l^_|L)m{P${}dGg<4fL6A@B{dpkyO;)A zv^y%pH$v??OSbGT7FWG|w-(@h@!lxfb^g_u1a}g0H!q_x#sXoKn@H^v2TOXjl=Wgr z+s%j2wT9Cs7E&U%QZ{X9T~;}It{jacra`5`QC-#O8}(xgbpUf&RjIa`MVgaqqtftOdugBKqxFA(Ori-L#f+23?_-Ys z-#sk(fBP?Y*ZE&7dA>kbI86zUVe?pV0J8gMaZI_`=s-{KfrgL=lygd|IIiZb)NrUoiEULm{XPsbbj_) zbovQrKan8q^l3=&j{2OlpE~`i2v|sVJ_q@x*Zp5Z3bt_RHDZ-m1V){AWIn+8XO7X?AdV*xbCUWEB%H<69g|iCt*mX0KpOZRuJ?x z$8ma$eqb3SdSrs=tWypCp7A?GW0Y_fW`S(Djj%uwi$@()`Cx%)il~sng#>9dLjp(> z>Z~Oj!GyCZ4M|u7iVcS}pg2ODBuvnh@!2*CaEc=~LX2y`{TzE735F*4j-Z6oDNacZ z+zAWS?I==^rc9M+@UaCF1eyffHIP8k!|@x3M*U9B_i}=UEQ;8@)C>U@L?Fz`HVQMM zF`*pAIL+isIi4CoCe)7wdRFu+QF#U&Lp~%C4X7MY!r7P(XiCE48el#2RThU4s2ODq zOY9g&Ar(o4XC|@7;fgwn&~&^><1K_^mW~NG9F&qclsv#Va`CMttx3MZNrE|vQw;>M zAsXUM#@8!V4hMU5RGdLt3XON6^0J|PUmzC zKH?cpiM6ozcMo@ayL-Lez5ENkUd=}by&!`0udi;-47g6`4J4Tj8K0>B@PK70!jV+w z$|g{s!l*g8rxOyV0;noUb;E|~z2v7(5)mwj%FGJVV-%4Qj{c|g^dS9N^cf#@Iu|UZ z0qJxkTh>XkO&D^>f=u?cjdWN4{;&V7zxelm{huvU78b|oG9htC!!U$G->`c!C43v2 zIho-kb(;bgFlPNE21%TEQmCelG8VZZb5|N7rGH2U{{ z{U1pHj8cw6GQs>#vPw1Zey7uW%%{_7R6)0dPlTFaqk+(va59*okre#`%~+-`M+VZQ z4Cu72WTX_g>ZDvqK%&wq>Bt2wq@5a4p%fAU>r_eJn8iJBsp*pp&b0TXD9n{2NN;G4 zV^pP~wpH5TwlrxcG=&8n(TNml9k;iBr}KI^BmpcJeN56?r8)l&S;o^b!f{NegbU2` zbHqc+MT(Ma5YZr-b#gvL`FOP~z(^z{keUQZ5V?f#Ib89tWX(>_wfAEhjOCI*s+JCP zYA=tR8sJKD7)je zvu7tYPm*X>2y1-}Er_K~kZ~!vqnYfJz^p+2DiHyvgYt^qhCxm;AU_YrQi9=*G_eT> zJ3z}5Wl7ky+J*|$csQgH1zAAiluEG<^Nq7~%sBlQ2|Jt!5=DfoAM)-v8FEZx1vnE% z;khi^=}5T{utcg0O&00fP|2#W0Kl#wq1#SPM6rNCBZ^KHUALt%fJCM<$eAn8l=o644Pv&SXlWnL5{xgK;xE8n&=j1+2d*=Ce*a5S)N|foqM;6!bft9}GDI7K?-i z8Oua8GggE%7`Zf|pPYbF3K;rH5mZT_K2ofSI0=ZPWf?ab+b}yhOgN{mP0&K~&(xYz z>qt^2V6hTE0-|+8CZ&Yt(~eDhIDYJ|5}d-^N=Aui^^1qb6*h$d4eAhQDU&upAT?qq zUzw^qTL`#qjTxZV9gGJ@5duT3qi0l9%VVh{EKvCZ2dM!h$MH-n3CIzj+1ieyh>aLx z!$PD>TgG0K0&N;|Uy*8N`5br-Ff61+%ZZTuAiX6Aafxofd5vEG{r2_6ExLMr z{qFqs_VpS1>IZakb@lfA^yI6zuhH9+@3-MQ?YEzy?=P?ahR$!$)%E3f=V!0a(B(zv zRzr48F?!5l{)%EL}8+3V%&fi_VJ%4?+jm|Gl-+p^`e(^Qh{Qms* zo6B!+(cANP=eH-a&6W-A@=fR6>+92RPA+awzB+$g4+N z{Pf$mC)eoe+v}^#o7dau;_{+*e(~n|{Nn4^?_OWrZcD5>x97KSU-vs5W1*B44X9Zm zw11?$!h+EM{;&UAD4Qx}x%CRXsci!gF-%HT$)Zdhaxg-*nCV7~YP+NTOgZ@yCtuZ^ zvMGrHV>T?5=72=(URvf=zjiw3F$gCb5^k+O%lfGwtC5=))}68)2pb{rsTt;Wfn1Oy zl`>-==G4Mb)KM-ICjm_;(a4wm@sz>Q9kZG&A$;8F?Df$t)0W9h(ynY8z^kvX-lFfc zkl*j`f}V_LD8eb>M*4$qCV$8^uR7HvU@~w@rC9_MQU$F7*1cpkNx`DMB-(`FSSZ*+ zyD-J@jG!xxBEaCX4M=`62PBhhIpTPt5UYb%g|LL?;M_-!g_;w!uuxr;)R7^Ur2t9V zr&xyr_F+~CmGgUyHt|*gEVkh(am$8A%I6%3i<4v$IGrR+%FWoph7)O_DqC3FzKXFO z+s`(*u#nK?hgD|xe@L=y4z>`D1>yQOTe%kg{a^q4g2i&~`kl^!%W<}0(eHF#^w9-_ zrKMa7S7m8cqC*9E*8d!WzSg7Tzt^u%&fdN5Pr|3@V_yE>-qA~c|7Ul9o&T|tC*K8m ztIp|nI$wN&F7QMuyPIH4CZyBpnF|7R;q2oMLOoNL>lnS?c#}oZ1)h-i@WZ8C3&MWi z+i(G>Z+qzatCQ0ufXQYCga*7kN(Rss3&j#pu2^UwoT^iV`jh-G>*paIy~BwMAb(wq zDBvXZah31#F9IA9`_g_7BH`YruRlNpE<)#VO85{5vIYIn+qhPKkZMQckbHRG>HGyr zSjrIS{RO>uzk8>r*nP8G#G#E}BR@)@UTa=f#1e}CV{fNY=f(T?^AgxUM< z?e}+~$+vMN9Xi`fhgekrLDUG}gRMQ{MAaRjF}mk8h0P~ptarXBf~^j*a^7Xg3r~T4YoH)~?C>|E+8AAF=xZpXKkoe^4{JVo2 z?+1^}C+;#VFqFg&3iBSxwFZ0UY9A<_sqHs&svg3WD%S%;ofQbcyjLsqnhf8gAtg~L z3?&4e&g&UgKAy-pU?sqUl`Fb_Z02MHu&v86^uB20f z1EMb5_$d=A8Y86lkpF1HeHwDwFOglbl=a%EX*V~d2a3&EJd$HlYKs$)AcY$8(kGm$ zdM4*n8#XF+MIoxi7zs5K^9OMfuu)9^l|vIIxd)V| zN+1D04j9{PT1(QyI?G}Ug3kX&@8pEhc*u^y4id*ZJ0qGJB`eMUET-vf$Ii~$3CWa1 zJA#gSmoWR-X=>zEzDwc ziYFvG#ezIJsU<~4Pm-@av27En+@Q3W5He;)?d+Tp0ah{OtmHfQo*dJOZEZWPU!Jf; zg9)k1{BmXK>ATm+Ts#4bQ_6FN59EXZ@j;q`OM#^V_|xIxA=;Epw{i`}j9Ve-NUrM- zhr9pX7RJIK)tr%`S{Y@Yp2_z68=0v<&ovp=e5tUk__2wA2y8S+k*g$RiI`tuL5^PZ zNE|TOpMjQguCHFdL#HRgRX>?7z-FqTsfA>zuV9QJyU=J~*!Co9%G7}R=v}7Mr^pAX zdLYd}&eP2uO>W=bd`CDP&i+FJkt+7iH1~2e^p0Z|3+ro^{CKvl|1koPSy#XMXCNh(jcTMf?{&7 zrqEmyc}HeI)RarzBuDGX0~HB;9<%hhk*pey0WrvQWj_K1(^dLp0p8e&8KjPcXi71J z6s4&lkR01bQ6@e3qyM0!|WB zXD7AC=7{7XgGPe~R?&Q*lPdE0mlTkB19gPa_lI5 znS&%Zja32@oP5(i8$vbF9JLo{I+VHyEuLLi*GS|(#DGXfgN4XJ7+1z!-0hT*1!5;) zaX^w(?64`}Q%df4?is(M@u(;Hx~Ditz+R8o`2zmaB*ounnIOlgD}TLaES37;?+0BeTDs>q*I%ob zf8XooE>}$Mi4Pxf)l?h5DkzxH;7(Y_UMd}Q%O|qVq5(;@-K|Qw*p0QY%R7Q&p(dmx zu{yn|V~-X~VuC-sCGjX7AETpc{ag_fYQ;ZSc{~3$mMRTpMNe_r#{-eATr4}GKX;s6 ztJI*Z0s)uW&5UN-2x}FlMT_2Z)_s6(wa+3cp(p9DXHE_v^f3l&JlBlirx>uZLoMB4 zBP5MPA3n6l_rx}IgZ^k~8@D!HJ};foN?**=6`zrwm^)r2z}x8twU=QQwlt5-QpG_4 zAt6^SNICWFnK~NI`0UxU#iY4NG2Gf=8f}*(x}l@=dwTlw-gI}rj}zLDNGga9IWRuj z$?@pwS|5PvbU%kL&?fDZKDvH$ivDzXc(|pHlj-nAtz$Kx#&&489jVVRZeE{$d;PjP z5^7yWTMiVcD6bu@$)lpyhEk~&NGB=C#&~K)i%WrY6HpH8qvj^A{kQ>hm@^d=)0P7e zOPA{<5lbc#B8jJzvv{Jm-#&pTdqqI1nUk6#Qi4TO!fQphw_er9%At&)nDJ1~Vib{h zL=3DNNul)*anUlhR#lx6NWTb^EiR8 zH*mO7OHX~ee;Wxx3Q6iEB;~TSKn8@wPBY~(=Xh50h4i!=RHnNfs0MIq2&ai-PVNdc zX7}@ntoIM8_OT(aqK{7Uduol|E6xQf`#hvWmA?S+VP_(h_R@%I;Kc`L7dI;X!76{m zhUlBy+pFC@DRRy(Zg%%d(^#)zTlvB5+}AJ`yL-(po0~RNY`;43P^q4ZXecCil9c49 znl+~mW++j&F`NB;HS}V+4B=#46FMz}0PX#EwflT_aWn5Tj}+hPLu$`}wazYXo}o=E zCt#cn`T?8l{KVLpQKdb@SZtw_t8+MM1e7ZgfRljnuyO}_Njjj`ArbZTjIlp20PHpz zGcg~J_H%+@UR*rdv?=9ZdHVpl3-aua%$^w+1Xs8oF%pisyj{2=xX2s^+j;(Mp+#p5 zEjVkaO-QSF7MlpvF3eRtpRx1eKCMGv#nUDTRzs;z+s%0pWu$m$N0kKt<2yXTbV<2= z0*ygC|4XW5C6K|q{VYT@5#pBJk$5pNt+L-#n`K%q(WR~)d&**wO$a{&YxeO~MTs73 zbLX)oxtf?luZ^?Lq2tmjIj{_!2We`Wjup}BW7 z;7qV#icTaT@bx}@-_9_~*PLZgGNhfCl?`$VG^BQ#XEA}Hq<3?YVDUI}L5FC-Or8af zLw%Ifq^og)A~HH*K26le-h=W=ym$h=Kqtx$MxmerFODxRT zqKlII7Cf|R(uUxtD=49S8nG)ExMm%zT5A*E_; zfKP$2S=URT3P%8S2~t#|RKBVF+YrUu$ zG*m7VnIuvtmd{!`+3CTUL1|&=W07cG>vg85=+Pq@sED1MtkYZ89_!j;{p>wf&|kv{ z*B1_`p@-36r#XO+qPrH%v`A>114|9VekKR0OMO6jPzHIT(ylFzWfe4m+U(?5=eOfn z)98-GrIz{}w_>lN%Eg4FV;1UL|8Nwsdx1uvc(}T;kVTR!ty-9k=ew6AGg^zhwaELO zh&-eO!Na$6^QD|0a%z$U>qY54>qWT~rGCeYva#q?14&c~DoqldcfXBTY+q%iFOrp1 zG8%jUH>_D}wxQzL(&Gvw$!^r?nih-0J+E?c^6s^1YZnh3Ydb-iSo+KjHxcA9h7)Pf z+E`s`{6i>VLgU=SZEcOUoWr*J1wC}Z;&xlZZ{RlHIiH4fL{l8GfZ!JU_?33-nF4Vs zL3}2Wm~^pp=EdZBy3Tf5tJSqy{mj)W9|rq-2S-cD#OpVwvL)K=p3P!Bp#l093L6T; zKPqbq0o`ukTy%GQjh7=`?^Yjx9sGR$)WAy(0H}6hP z-<=)4f1hWLY;Eh;H{YD>y?<~0wSRc@{=MX={LSIs{`>a}MUxhq2|c_eR{>1J--y27 zt8x}p37#4~!S`b3PqNWbT+4mYC{sDX=!K*2YyG zrGBr*70Xg`c(Cjd-tTYFwSw>&_?n!I+9ZW6bMW|)J443(u#R;( zhJeDSB-U%x10ZyL_E_ImmgapZWy3i9S0_qCVW4}0hB%6P1039`Z6Q^YYKo?qi)|#v zSn{`BKpF0nV;p$kTrd6nE)1`5jb!;gz88Hw!T(}0)a4N2U2n*EZ^U+{dpo+g5#ha2 zMnjTUwUH}Agm?XMI*Gn0a%XxLCQqW=t!aJGR@-eZNb^Z*oMTh|I?3QdPqoB!;jue4 zX{ve<{FTQaN>v9dxn<2KZTVzv39K!FI!gUcEdk_Yuq~I1sfCv$OdipP>@jT>faeGd zp|VTk+%cD$(Wg^JY zJ)Q}DT^`YJoShs?CPVE$S6MvCU|9VfMGZr_W|7KCRR21;zR($ma8H5ZQzn zEm3G0@*#<6K;0V|EK2P7D$^8;i}mty6pYk|_6d_I<`hauF0PNBCfm>%%c{+ZwRSH} z-CDb^wR;_mg@&b*4}4Ew6k6>!c;M`aP_ z1DbNoXXvjtmlx{75FXb#<;! zgF%G8;%ukloU6;5TR6#NIOqz`B8EfzqT(9X)67*s&Cky1`-$@-Z9Wgpoq#9t016rK z7<(PLjLZbtmLt}?7;Q(WhzB-yI!pAS98E;KBh!8x!HRlTq{=^gR4Pdg_)+T^>tfDc zA!F+%^n?jP2dXZ6Wle4dK1_oVMYMWaNqxaAIx{|-NTiy{aa6-xSzI7E0L5z#BC`qJ}!j*R$GolpU{ zp>hfZA(c)uk+O-Qn^Pbk z>)T&bW)oc>7L?1+Js>!iUZAPNE*tdh_0Yo9TbM-uAA4`V-MDQnivORdz;e!7va=+4 zJUNrqy1nhswI``hW*o1vr|n6n=Ncj*2{lEq1ZaVHGdX}x>c{p; zFxwq}$&KOAPGMlwfZlASwXf@2P#qh(7_2#}gKM{ck{L1Ge=PAdEYYL(_lE_7tpv^y zULoq(Z3RZlc}2`PLDkEYUabr!0Voj(1T*QqOk>E3!gqrP&t}R#9Gt6Md^ji@$LjKo zfU?=8lFDrrw=^z=3#3`lnt|RfZ&KN#r1o9iXS#@{mXHRx^C9)}BEiMQRY9{5_r(Z% z*Z-~*?0~|4Z@1`P2>P&A-=bC#0Jk6**L`Dn(CW&!pfByMKdtOP+gN}|v~T`+9lsIy z)Z7R~d~fT(b{RtkM-70VFj#M715{C|dP?!5~ zaDyVlhXcfQw}7KQp@6>@zy8h#KfM_I_8*6TAJD(Pa(_DdUd^+EckI2G);~9eNrY{&ZPUiUvM7|L_N}c)xR`>*!OW08e_=g5mzT~mqY?G*nCyTR`-2X}$-{(~10)0vD9_B?tn)P)lnxd=< z4NQZHp))nlp$FQz{cTYG7D}QyNk=4Jz;dv~S->SA#T@k%t!BbZNgJ&~#J`DVeUOY* zrDvbN%vdnR3OYD5=|f~2w4#ic7{ALowCM!9ixr)rk*AE9oyI8F+l{Al^o@857_Hj% z&yD(@o+hp2PtBB_dPH3%hZTG%Z1gEefzP* zWoeRq*&fIe`5I37uUPjzzx=ta!EJ65EL>ya5)g2;lB>#8l66DUE@<5`x> zYgu-voM@)9Ou77Yzu7~5#2%+g3wX@_AL%=2p^1saL5)~APztZGXN(aexnLFYN36#_ z2VeG)=@t|s_Fu*YLwi7+zT6f1GT<<)(urno&;HZZO$t;mBm#A1Yq;=skd1+_fP%eD zQDbl4-`uh&5j;=k-W9>7>hV~PnM3UWS7Ei^Qiw%X^ago?_N>n;=rnWi?^9UTFOd4qOC#~LF>yYZGZHdnIV&%e8ugJCfceW_MD&kc$ zOYRY$EH?K`O5YE2jKJ}9Vz>8l$@g%P;dUXqB;cG83+14p8O#I14~I4Q{=NRO<@Q@v8L06M91c8)gc z%WJ?eYO@^&y|CTGdk;#G=_D7rf#rC?!%J_HTC(814jr%9yEzCD8qG^T5;UxishI60 zOAhlHK z61SxNim-&rho`urrxaGuAPDgZ{kBoUn;hTTBZN6z9lxrVZ}C7@_TmO;LM1?m_o{)s z+BLfepX}Mg?^(Lub6S_@h))uJLmR#ovn=6F;u;pf=I_6QouRpW=`){zji#OokbI;7 zz3d~d>(}S0oZanxMJ@_^%Rty4U~O-O;Y>Y8RrBPUd%31I*EG6L?dO>A67!@*c5roL8iBN+z5@?uPJuSTQO4}&p zR^G$y9DFR?Z=2T^+VhuCs|E1!I4*-iT~G($JDp$^*_#82Z3`&2V>n0kCk}wFTuo|Qf zv@EDzOr+9(7HO%(muwk}+9qg`z4t30OsrOf`qYd|h^f|$vy;;kHse`_wo>ybL=bL& zd5!I@>bq~nX_`kmsdyhuHdFC-3>L(@UpaTR!0R~c+VS~t)@20WBKa?u+Pm>HbJbry zkgdwKCH=Wp@l7To$~(|Yh|ns#K&Il5_++_Mxis^0s}^2ag|N?hsfvZm!Lk3($77jF zGq?Y)Hs63Zka8K7h`dI*z|`z*Fj0}CM|H@~EcpR*FFolZm*pf?Tcj6$8uCM6*x^cC zj_aoPOvOD7Sxa$|SOFqZsW!QlF7&6t{_TKahsBe#t$@PnfVqJG83_%OdQgXeDZ^0+ zZtbW8+XY5!Cph8Tlzn;u`Or6hUzdpS_~+LjMO2u^wF>HELHs80IeQ>30^}0;hc22TE6tooHS;)*@a23Q8LFC_csB3aiGR&=$w;q^%qSyVbqS0 z&ur>?@H*_nJXR~8?v6WbdrQcw;m+y_AoET@5eZA0;Ij2JUMx!;r!u2JTLEOv1z-II zg6iF(Q2V}2`|L^?`=8ezrM3d`g%bKo8Tj8J`_AA!ezOxlDaW2cjC*?m0H38uoiT0; z(gz$IsrtMpYf`hz)G90l$iSG2Q@BjGRHXxuDwocI@VE1XC$MI^)l+>3!7Fc8z6{P3 z&a_M?iB~9`=fay>ssV>Qb&;UtGr{>FrzA^wBw`kWx??BCjzBVEGm%dO%PjxiC;se% zapKq$`^2#~eCuSLPS$BLI$5Xb=wzK$qmy-(j84|+WSyPHbCh)| zh4E%Q8_=eWn#pMEdC>y4H$&WC(U4oWyn&SFO72umaG{Iz7R+{(wUI-4sguFUix;~a z=-Q`d)yKA}T5hcJbUc~YiYS10q*Nr=6^klqI^`k#$u*Y z@}t;89d5URNO0}q)7>i6%zjm-#t{>{1mR#sh3Vn~dsC*YfaZ2bxLOVE?7)+zuyC1O zw#hLG{XwJ#D-VeW85zGnNMex&ov6FGXm$`gcNH}U3wNuXAKZ=IWx|DZY)@}$@($Hd zUa77b`!)1~!ao7Qe|Wd8+l}ps*X+z+>WW#BBo@8V6SoM0B_1*aO65wT`xYIQXIB?k z_*Sr6m8nEc=HUrq(vUC43EE#VBGJ-bqO01GcRrStqw}#WjLz;*AD!Ky#pvt~OGamR zSR9?*p|d;eGJXwqht9{cVsx@jIXYRV`RHVw#nH(+ovhQzI-RVu?Rd66mVM5csd(>6 zLYa!!O%ip^+&jXjq&DlRcGmRPmuc+9LG6%Q5P5jD7_< zMpLfwTwOVYRVhco^}iMQ>{pv{bPIjK0AZkhWQi0AyO_MtBEGIdEKH`wZo%m z?%NIps_wrEke`E^}=)5waAAzme@NoW{-| zHM6YnfhSfDz(`oKPT1M&LRX)9##p+HHVdiQ!M&It^cT?f;4(cxd0_!jy>J2Ds1D$_ zgHI!;?M;Z-N7b@*3*8G&K27*P3;V5oD&-0#0CfDjZ|hPxfPmFNF!0g4a9hfT%=XzL zl`3`SpI|cIa-$aBPAIHWK`o-=1)$OGzb->tVL#8=$+)1Wz?Pa5nN@(AMo> zSk}q$Gaml;{~T3n9-U^{X_i}zPP6PZ z%WX%eSw4wox!<_)P|u^_7LZL1H!>ngFwl3tNl)*v<2wue~KyhvSBYzp>5S`F0I;W>)cupW@DOV|a`NgOU2PbuA4 zr4+ve4c%*fPhm&We|^Ya1J;KVOKhl39qadl$UEZAo=amqwl0lPi*)HKV|0}6!gPAE#0CkfSb za4HRk!Zz-_SRc8VA9iK~PZs*@c(w`K zY~K-aT{PU!84cHIcb#@u9i4W!Fgoq7#ptxV)uYqy7DuPub=qBn(P?*`cGq-t+TC8X zyZu$*?;_HkAR=u)6m}1EbuZYwrwFtz`s{f}pY4DvnTpR+BcGiqEsC1aKq zhN_%(wf>%St-s2Nb_M?$75rNTv##pjit&76;<~DTZAVx2Z~5q|{;e5Z)xWOlUss!9 zhtbt$STefW4BL;cHbbM))n@2wGgL?C-P&z*wHbCCoyV)I&9LKyUDdxX&av_6G|Nu2 zY&JU0a^>hW%N<6iSvDJ;X1RKFnq{Y1ZZSH|vePWL9i3*`RsH*Q##plFn4#5G{p;c` zw>s{w>fh$^tFQW3i2?liO8>QAMpyr@tN+*4|Lf}ib@l(c`hU&G^Y@fIJN@IA;T`EJ zL^K~=g@~1-s}Rvui0C{W+l;P4M9a~6HM$BBEk{@XuZxRYJ38&I)9$LH)9w~Vr`@#} zop!f+blTnG=(M{|yK68y?XJ`AnvPDp>+1jg@?+Dw`hQDC7l-z|G)4lH$qNB>*IYOc)WS05(G1zmk~iT5=!srW<6-IgM78)QJTIK|t%6{l zu{vc_V={eud|cA_p;X7Qiu7@$(nw?m{xO!5A_wvQm}@O3=^#@v)bBd(wSv^vTyq~h za!b6(a;b7@=I065`ijrQ4#;siE^n<5TI=b>Z?wbzEqA6x{vac97DcK^%@b{nKEgPD zkn-y`woKkE=DKZ)HY&51@f<9 z8Ya_NM&1yKki{=pxC6KxPef6Uh-H%TgN>>`GB6ujsRDsHRx{1%${e zg+aY7sSJ*tB(W_GcNLI+Uz+IH{|le_)BxYb8d!n)4=rqeUOQiI^$SdWum4r>WXLYWm=}ow z_|c!}p#^KgqfFw6=P}4TNPn1Cc>Wl78u8RqvhtL%VkygbZe&y>JZJVkPE;*f-czHRSiCA(YlKBxjU|q!h_J_ZH`bLnp@y)-tejm2GGsgS{ z)V&HBMGdfq8lLm3HAdsWNF1oaj)Z!|`KQG%&T=t<`-ivZ6Wl(MKyU3^jlNbRe5iML zLDqg9sL%IaX<}L>7Fp?$A-gHEOy#D|mt%3Qa>G>4&XYnLkzZZ|Sc?>{L>!Po_i!`# zG=zw5q~2Dx?=?_-H%N%MxVpIl8=69M#JLr<#vtbSKyj*>?r{R(6njb0^3W+y5|K{m zw;bRBM4~Et6NH!Ca{FtKK-VjuBU_4q#kgnJo^Bf$?qMRnpxh;AY=zK#2-&hg&^5jqPqb{0JS28 z|Emy)ISi!Mn_eR|N@AEOCU}Y@T=~n`07}(kpHCHX?Z|}1KXU%H-#>ia50v&ykb>}f z1)eEpy!o)iAP9@N%F zyn&bPK$2~wRNI~J+e=qxM}Qcb>l$gTKePiY=5|+YuT{Kc;6|nygDgv%W!{+=1^D{-nZpd`ZXdD|GGqjym(}*^>sP|YZj;U`?@pkduPp~dMxMc$u z2w4bJoH+6#JY4I*7+j#re-Lvds)@$g+7wy?Vm+KHE$_ehjONs4*!H6Sves3YL*bMZ zzO^vA$MI|U;o@&PHySNL{ZfgIWtz1UNrpZm1%sl1kTX<~sIn>+J640~`u{CGHLzV7U4btqyp;3?Q%&3?F+iplGsuVY2Cun!> zyc+m%^mTw0=pRe)S(7W}0uk6;I!ESkzkhYH8>9zBP{3**qrhl=6al~e?kKhK{-rB9 zC~P_?=a&$>0>Hx+c}Xce6L2h$f{!SnUL(qf`&K!P;eI>|6Qb<)c@GhhU*XHdOvuH> z(OQHtvHpqEhetMSmMHSc%_x{8r|wyj_uoGWv2)pF|8^{6D|_DCU4m4ZmgY&t$_-l! z$UiUaqYreb-TRDeu}+A#KPJ(Yt302?=Iso1dbtd)Kip*kg8N&f!>57Lf$rQl0>M(> z`S%45TL3X*CkVzpxw*S2tG2A9=oEcTxcP5>0$_q!Nx_?C-O8Vp0d}Jk{Yz!-2qgc% zUQ~0cxeGXJd-{!tao3`qDhfLZM-PKC>YvGXDg1uchY=M4$aK zXp*?VWHmsBp%>b5_|~8cWPhP@O>a~hSGU!6kofv+PTJ2C(Q-^NALbe}!b^ElyjJO7 zGN|vJ5f$M|X8O(4(RtRYTM9gOX+r&BpOfR(d38py@dm$okdIjBSXt>dSZ!JORS$J) zJ2I4-7X~}#F|`uKUy!p<&?rI2zd(I~j5s(=!Fi@G{ovU~5?NNE5WQ+zjnn)*74@j| zLR&2Ll^2x5axT?|NV)1`G=Ulqc);(Y#o%XHnp^o#av`c*ms=?@zU2;uM_md$xh+Pf3iL4av2&a#ap0A7#aOXo&C$W~pK<(R z4<0|2w;maC;HW0xVH#hUg7h){LI2F*QPv>gj_gq!Rs$F6jB|@wrdnR}o{HcwF@-XC#&yF@p*RX(_Ky=wvv-ac%JM65KEpcYd+ z3%vNB2RcW%W7izd^r^Qj+ZU>uP=X<~7x^yof>Huq z+8$WF_(dlQO@Sj-&dxc!e0Qqzyk4uPR{Gp2GCU>X`!6I3*B3-7GQw(w=2ejt_&a4p z^0>6B^}BxjC0n0Vn}x!mJ9K1WpPC3A3XVZ>&LR9mAs|{>ksl$B7e!Z){zc#v`EC(O z`l=UzlQs9&fltqc$AFln69uAJF=Wv_34YMYiQ7-H8uiLBDQge@ac_p#ochCZz>EDl zYd-Cab(baE{g?TW8T;iz*%(_fdD3hkOI41+MBP-V6$Z#~EC}0SIQ|X^a`@sucP)%Y zxynXWrTC)n1kNc&vOq=IN+yVv4JbZj`hWMJb{lpiug0CmIX~;D}k75*c4|p_pSTtC?5XaDVJ-I!~T5^lrWQ!Qx zEwk1PSwA`j?!?MXI#QXaY3b)Fn=$o25ED_OEpo@YI10CTm-p_BtJ_+WHl|t9YLp3ui z+gaYen#v{-IzVmB)5~Ex?-z(h3mZ?SWea@b|AJhxuKxC*doI3~cKg4K-o+xW0e$=H z5Ld1|O3bl%kcCNHgb8HD;>)e3dTq43C7I3~mef(jQ**)6z&nVb%2@a) zoTjYBkDX-6ASv)mMd1XAdt&_oe^xv(<+1l*Xfw5-99EbYndS*9to^7yCA%1~;bq^E zg3adD-rZn~2GiCXVH7Y#ZHT?;DLhW8RMK-N62jjlj3J&Ekx32l8fTns*Fv^z7N>4y zKcwN;swJQ{dihNyaSN?^>CmR9j`@3!4XA>;X~A~nh#4Q?Y!XY%nV13HwMjt`im?VT zVNyP*fE6k4yhnmt0|FF!yw;{4v-qs|fgm80G0@DJ23rKWnW;MnO&^`5tmGu8c{O*A)bh zD32-M3?-VTldcmPcHg3bL5Ca@_~<}6+qxlKtTdgh?R6%dqy?Eb#SREu;RSEzmCVT| zjf5Y1`JuvFdIC}}1T)j;P42%^K0sTDE)jUB|f z*iu1(4H_a#G#Ieoa&P_-azZu|qx7ezsf|;f)#ggAHVF@n&h|-EA5wTWn9V1ZwsmAU zswzetu|3gLEDZS0s-r4_VIM?|8WR4}NsWgSS?fV^3Ab;gOi?TcjXAeb=QceK36by2 zBfiVO7pIsl6#=pTokmGbC|&VYkgk2#anB0mk?&isSjDsWV3cl*E<=_Mr3Z61_<)h! zhvRN3HKcHo`))j;N6VASOte%fx|TYGlv9r{gZG7KPSh%qliPE{yaob0ZtOW zcHUqr)(YebSd`M%_gkvD0VujA4n#lCQD!eJ`%B7YD_4Ies=xi4Rhl}N{Du{bWRj>kKC z%mg06p1P+$N{XLeTpx?XjaOQuA>^7NdLe{}hul3i~Op5u&Y zWIpOYP1H*+lX7hSrFPLra+$)Aa2#@!^PUI&ng`jTmLq-Qm)Ulj^y8fb$OfU#JSJ(q zPCLc>oboXUy`zmQR?2KAnq*467!eJVpqBPLlPRr*qN4@vxM*_1yl*@S1ZC}VH(Cm$ zh?QC4d5_kkFwyRNx&B{IYki=2F@fd^sDHn%JSC)n&%858D}~JuC}zo`!jaO}|G@LM zD=#dlOb100QX&7_cskMV?XCDyV9$8xqV(WOH4Olg_-N)z@ej7)LebQ3fTp2w6%^I1 zO@~Pbmb{unyP@`I*Li~&f8mOfn;Qhmdl1E+7XbH1W(1tKhQ|Zolg%!p3(MVUKZLeW zh){Vaa2j$#tdOMgzi;}dBn$WvM4us)5<2h0V%`COLceGLwx(kiQQ|@rV=R}DITNXp z`NoLxa8k}dwKmq^fiTgKnglpkRKY^TBuW?SNe2Gwm5|_v=Kl{nd<`~|nv*a7p{2ex zI0t81uqb=v}XNUGFWuvN@H;&xOO!FeBzSvT5j@oW*oaydTd zVOj4o!9WxZ8CPaw$AAd zc{||cW|zj(B!Rv|e;%cKI;O1~eKX*kh4u{)2tM`8Hv^($nzMa%P;2Y>*Ten_MfTIB zDG($#BxzZScC}J*pk>^{Ze?P{tqe7YEztW2>mR4NFr}?uRVs@b1`w;s6O@(N`9yEH zZjaEm=$z{J)zi>^Xxojw9WF5$K?xP^E7O2RV+@~p%2ZdK5d0V}io46(g!=(~&A~~6 z1M#rWJ`)c7zBChj%)xWEAi86#6H9Jt2n%{;y@all9K4hlry9@*dLV62qmC%h1D|wS z_ynmcensY40j2n)mzyN-J9qLIqG#>BLlBX?=*CUy@zHex=G+aVzxT9h<91r3aqv2n z{4tp}5f!?u%+B5hId(fv8*2x>vAZ-nkj~A&)rMJgZB21u^h>r24Mb_xlkc`zs#KKH zXoEV0TzkskgAvL6i>DlFMhe4dTKI61_IK^ss>1PC$=!hWV7mK(jD>4I{8hR4xIVwR z>E`qprmD>^!&h&ON>tkFpfeVvE;s%I{OfrPPe<1#vjgIAOhY=e87PYfvAo`!fN^BwC9`|ZK13-+2vzp zbYI9b!y_xQ4+tDmlHg#*=-b9&fjm64Vh9np@+GBGcv~Cbj+Jo~63L$j(Ac6XI$0h) zrvw=Hx^|J>u5t1ydM_)bjLc7Ut+U~E!PK5@em8p4-gJ3}k}{5yj zb@?%%d3G;yRdWg#q0TAiMr8M(%I?0+1oP0`*WoO&u@deg@5+e(N=%Bo!Z|vl)^&&F zy%D)X+ihH4>bt`7&hh9_Jzk1NKUI#kGXi!eDb%%MV7Z%=1H>M-Suosh_aQVEU`c%R z(24t&rlNQ$P$c;2>9rPQIL(MbB>|DJ?Q_8o5kyW%jcn@SalO5rH7Dq{!R6|E!VRcf z9X%V;XkCW8iT~zNGQyuvGCf_{PhzS_GFfXA00LNlChD*l?n}i6gVkx zn_`=uaF>upOESiSzVduZ2A8?bE%a( zeMjL!cZhKueE4gcgR{r+Qs>7MyRfdFGjTKG!(F)8l+~ai@5+<(HKa4+6u zcA|%pFbQ-rcCs5T_8j7fl$sgyd@8^RXEJmvMS#7(uL}|z3 z+IZf{DOKk8z8BkfBx<9ejXiCT@#i}cZV%uPbX|yDno1waXnH3{S7HX((;Zw6`t!=0 zvF&B}yXJC_#e}`~$g~7XZMX$vTm`z^>X{%`ZewRBZ!b5eugAmH{nYnH-1q%qCT~ve z`a0;x`|Uidi#v+{o4!s?Z+C~a*@-2X+qQx=6nMT5-T6_2K7=#>A632-?sK1))8i&7 z#lO^ZaBi}~wAD|rfc9VOScx7U1hnNHgc~(mAX=G{go3+00jD~rSNaeWA=_2) zfl(ewFk-x&BJX~qatZu(;5pa4f0S+MST2SJ#u*S(o0o5Tiz!bl5$`h4iiM4$yM+GB z!hA>k6)24(u0H%2RXz-gzh^ZXEE9uX43s7`vAEog?KMXq2g}om^iv+eg6pkb`Z{DB z!?d_GZMoZT#G2lPwJdgOBoTcy?JxvoY3M5VfZuZ$YbkX5&(_k8MMIG@8Vh%avFQGx z-RY`Cew(A&Z(iGl%?QHHuy>~OW&8DvW^_-VTjz?m#U-o_jat@)%f1PSmH^|4*|%a= z%Asig_yaL!JjgVMlT7R@0UK}K+@_Bc=2%xAP*{XV&hZuGx=yep_qG;S-cyyKq5aE{ zDx1N6xV+s(7t|HF6K2c3ighlG$Z$^RDEoc`0j9)Kq3%Dv_-h*&E1#iWQP3iL_rKez zufWs9IHU&9xOIILHPf%W*aG)YR*v%6KDW;&=Ht3JBNo;3-VXj%%(?utL-ERg(oOLX z?X_1%q%GzpaPpaCGJ}ikJnI~qNCs=MfgkS|7f}qLS`7JV_=s;Hmnn7r=uu zA?#PMpjn>7zDana4+$)sbElX5c7E+f3awkZo{iW`V>xtx-+x83^;+o%|Kzh-`ff!( zY+*9Mi@xino@lG?{J=0Hiukgs27O^Oofd=w))Y_mD7LP6TBWxe_bR(DiT{99t36_s zEA9aaphr{$EKFf8vSuDELzAc}9{l(t+g3ih2Vl*;{lP$4zcT{ZTT9u6n;J8zQbDZm z)zMcfh0q93TOkJF>G(eQi^fEV)2s8~S?F@42-l2Rwb2bOw|d>VYZByrA9xbyNwUC+U$>F^pf{?D>2u46DE)rBZANvY!KxFSoj5}9ZUz-< zUo%z0nHAK+vXyl0b+xad0_A*{xWDc?QfbHg0*`paDN)P0HMhj`HoiNj7t_vlm3tL_iKJ3R%fC{HM6ArtpD@; z>lb?CbGsBZVE^Oz`U3cMLH$xz#E<8PQTz3ER^@MfJK{QnR9O^hTx&eq4gdGAb!eQa|R&_L?B~YI9q} zZ}R@KfS;A^r0i|@l{}QoVmac~eqNk+R@~YyNn3FJ`|ckEdkF&2dB%iZ zG&pO_;(X&M*hvtIa_U!QFeoo>RwCTl7cO9W3l}v+vFQ5~Hjo6O(m0qcl8>L8ih|P@ z_@+H9b5#97l_?mj|1WV*rgWAxwZyskkM|@}?dtth;96c-QSCmOtQn-gVFb5>><%S9 zaM>S$3-If}P22SD4-VD zIkc|Od#|X8g@=`*#8MwkE*Eii8{#}z`#>g@Tx{qBPSC(A9Brc&!zUOvUnBQb!2yNL zG#iD%j%NB!1CeZSEx>GTNHs)9?IsClAQA|5RqUK~hXBQy^?#sy9M%69x`(qU36Jm* z1Qp~^aO&G)9(@hu0g&%A!FlFKM#8i~J{Ih?<-)%4?{ zDh|X7M(?5Ph)LItD^h(#ou5gk>{TzWl?;(f?rbk$uKeUdGd5k|7Eo2cX+J@khuRU+ zl7o@eA@o51%fsN=_}x5;=muze>5x2UBc;e?cT~g<@&KXZB!O`)OI8W1QCRLNFCyg- zpXu2DQ#J{w=HQOeN4+b^AUz3}N6Y#kMZF2rMBk_5Y}oSdIQDKIcj)RxE-q?`XExwp zqTk52mu^F0O5N%YRw*G_++M=~e3d;_;PV>K7&OK4TZkOM{7B8s<*s&J5W#GB|h3%1h5@vMWio(xA zK%AndqXqCCW7JK0GrwyBttR|{9otG5k&i$>91T_n+F>)IGTB|&t*FMLu~Q*xVU;Ux zAxP7pAxK@XEY8bHEAm?CHZ*p3S3-s58nvN=*!;rqb)Gm*O@RS7siFh_#Q11Fjz{8j zQ=>xX2U3}zT9oy4gIxwvE&7@p19~0d?M5lXY;cPYwm~v$`M}{TU*7 zHDRIuBB3&8MpgbdBAwZcf@UgpbrB=v?YFVIIoR&b1+=j=!`;9MrxmQbW~# zg=pW`c+!enIS6Zcxzep#WFBq<-jWGCHGj1FKjgjewWidzGgthnp*Qq-zU*$KX6o&e z-xDao8}}uFsYPmILqnVwa}=&#PFbejGh!3;mF~+~u>5Y zTEHQ;xNP#@2ha*7n+#yssrG%4MT|cq2{(q98rTHnR@0?G3zd8Of6d6nV()upTE-jv zS`=k6BN^%wx3@dRmidZn^COWGq<%DuOAfV}#AxQz^F!`;>wFj*GC|G>nCU9!n9a${ z$ZbZOU~I$wDuxrFyx(JG1unbq#lN#h#4Fy}+0gw$_cU*3e{9#7I zDt+jO0aO5EM)1kpHE+eGSx>#~f1!xG26AGt|D>Zs)W4gn=uy4?eIAx7lz2*&hG#Ld38wdT)><%m~}gK;bhzQKp$wl z2k1;it_&_M*XaBNv$@T{x^rR1C?#yXCtVA|s_ z#e$MGJSJudY=jx*&4xDV3q8kQ56iS(t{R;k4>v|!0bSx%%Y#Pxm)P3o1K(^1S+F{}0@TJJ`)(7A>VO=QEhX_MF~; zXDSiwNH{jcx|>1~)kH3WtMHW#?i)-3X%_l!$b**lyN z@@};crp$Y`WriFQeKz+;2Rplp@QBBG;p4bd+=C#Bf9kEoFb&wsfLydLfyuBLQ65C9 z=4>av%|=Ya!Fond2=peTui)`3+J)pN%_3N4I+tZp5}Sp~qL{DCB3P{4X8wXCc24tx z5f8d$kj%=fSgnBg$~+3!f!zRy=)xsuatbGA zcDF}E6lSF?my~a_yu71v3g|cFCxuH?k7XYbZmmOz0V{{;x(vps><9*p`C!-mq)~U# zq9!tPN}}l=-mXIzsz{JE`pSh`f!T8v6KgENIw=G=DHQ`M`Z_L+DQGh#*Wikkg$zh9 zZb(SPWut8DL=!v_t44tc&-nQ3mmoqP%USQ%tYv*leOpfeyGA>s>{q4TB~cu$k2iLv zViI5Z=$Vx3*!oTW8tgaZ_{UJ!vm9P4GyQtt_Zn&zkt9uF;hwqUkn|@bM9}1k&>8{P zz-%pDeR;7#8gbXjYtlF5B+Lx8d)!lG`qeliU8c^4}j7^hX(+pN|Y`LRjZc-$(fdJr zkv`AV6O-*Bc1!_y3Vk&qfWayIcZBphkt}WcPrD$wtN*qtXUP`)``2>MAc^ zm?au2=)K@^a%ZEJ4)t?H2S(~S&iybQ*=%j}x_oZxD1tf8aMfR$h60kG>V)^4CirRR z3JU29tol*yXf;Z$=wo`(5FZPjFQ?+huI;O3Vo|Y89)#0rncbEjx>PuC5&4R0o^Os(?3@LNSI(JO*S zb&B6AWGwAbsMMRzz}J2>7S(WCOuUi|_`YP%&3Pm3BhOa*Mjy;h4PS;>;ZXKkD|?!J zXrKsGGr%-1qXiSo{@TCZzn}axM@(yKx#Usiuh^PdgO-;tO3YK0cpgTc%wm*@xpwAt zQM|tAssdN`kIh#2R8zi`nF1xNabu0r%$JO)rFuUdsV6^ zY$bRU_`~sX4GvAo&@Lk zwK8yhRgauKHckE(u%e~8)EGJbs#rPxi^nF`-zL|W&C>6Ptyl%lr6ePC3n^4Efabgd zaS>DJ+RIh2|CPElG;93{msa^0tws3|EL4X22HLJpU6t>y;-q)~e!pfXxk;C+p@M0I zB|b4~lkjN_Ut?GXmGT!OtCIrX!PgQ3meRy_ZM%l=a7x@g<=qgH+V%!_KpE@=zlZG%-VDY_X7*VMkF) zG)AmHSn*^pUSS^umm9%|1QP;yBq_GGDUmR)*YmyAd_TJtZO~P?_Ac55K;UU>LJwb4 z&uaMxE~D(uXdpdRQ@VaqZpoZ>@Sz z#nsKB=l|`tbMZXhil&Rp7E2TF_55u}|5kQS65M;!N{gn5?K!yoWqvyxejn`AXhr?+ z8mnHKv-+)IMa%JPv;8heuHUjWxBA=sU52v1BdwUaId!MF;$ykevC`_NRZ%t84#U4) z@2@E_PTGoi8L{f`|H6MeD{0G@61Z?D zV)Wx;msLN#+!Ca8N9yRP{$Yxdwv57b-M5mZPu{)M24PygS1>b1O#xdv!H2 zgBE2!h}&jkyhfi^0m+yndB4#K^xMcZ)n&Fi+p648TVa0s7=iTJo8Itc#Dj+D0bI>u zOoB)KPU-Gur|)|{`>!2ozn!_$0By7JGAcx0C}g^fF{bAcmJq^e>n&(KM{V#S65=jN z1y4047kxk5p+*TC;d)Bpt@MKVn!;E0Cp3hWIutM?_7W(LwiI7Yj0!5iFGpXDfP|W) z;yFZhf5#>9ACBIP;1BwE^A{2|?wUx|zzs#COEq}oO?iHGLrA&I z-fLu3dH#vW6bZLtB2+Qjm1wGwI(gJQ$on)zX($ww=7oNca8*iqSlm=cbw2n}Eqqe6 zLb3{0WQF`8m;fz6V1a9vZ z;=d@ILcEI74YsLu3B!BAGE@Vg23WlZ;26y`XU&LGx5G{Rg5~(ppSouh?UAYQgU9_J zZfJLdXRZP;{Q*%cgrF3yD+>ZnC#+%!Sr~l4DvOB!;0bxY5&W(gT6M?NVdOR1Fsr@G_aOi>6j=FTa`5)T-K5H~QqFY=(c{V+Cjw z2b?(yOl}WlMv=*r;AxxUC^r{yaSY3so%!wesLheHkryc5B$FqQ9QUEl*8r_YJxh7Z=;0lMfxet7D0 zkV#|`GYzYn$Ym*CKhD5G`at|$=+qM;qy`D%gTt01l^+a@Hx#^T`K$gX4$X-?G?cGr ze4&N`v9P>qrqxx zxv~tq6@fe}ktLk*wgGgWs?t}d3%P#%5D^lV&8HD)^H=hs(`>X{8Fc|;rB+}6RR(AbVA zLyB67?xATM0YtF?QBwZ%kaFEq4hYJs=^6H6bQTui=C;ck&@9ClBg^;0Aj6Z(&#Maq z?^_~6pLY9u#w3HZ2XUk+C&S3?LgeC8O!fj)Ly=w>x{I_Pp=vD+Rtb5l?)rDi_C8-k zzp^Bl4R}f(|J&28t&4%EBw%V@TpgXAb^kU!GGiiIH5F)lhWFt}{ktq^el*WTi=&&p z9>-YV^^cCduD$2Up(ZO!fi&cj>!|3FL5B>BQSr)r2&^Gl#b;!SGD~RkGD`dH4D||W z#ThHaC(wKgLsHP6plDGm`|9zJ^-jPDrVC%x#navMlDK3k5P9l8Vu151J?Eq~NweTT zQ^tc-3b*oLE*La$q%0x;FpH3AaoEej<>Sr?nI^Mde!F;tgX#@P`I!DA$1oBY?**eY znUQC^L7Ycge~{0^SRiRMA7?225o}0ACcQc_W{Mk*P-5>34ah9%XE;E)MseUiU z{4tkKo<_+O#5)^mzulGWAO$^hQwno`s~B0p84QOxSZR4SQwFSu>8T6+N|d2}?%BO=AJ)#F_81+~h#pcO8;bJ|ojOosy7|P}4UM2etIIdd{izIHKSK#+_!`E8 zw2v0askqdPbAmZdTBu=UJk9)8{yH6p9v<#KC$&>LEmN&&539Y%Hwr;O(@^}&fi7P03t**d6-{cNZ}0tx zX!TDs!EPNaoO&67)vrqZFI1ho0GTyk4WDTfI<@c2)5=d&lcZM^yUdRyMb5nNUlm<~ zJPw_qV0GZv%a0G^|76+vk;@1;;mm#o8438mKpTP78^@$EZ}x-cJ?PxAzDVuCxF^|& zII+^Dk;@PEEhB%nk0brkYjO_yX88v9J4f-wADh<^84NtaSWQSb_TV{eHjmtpgJe zCuT3l>!6j1+fI@WswV1qdrLEm8^Wzrc(-tPf1Fy+o8JhqT1iM)WAV6WBTD6MS8nCD z$}}}F+Q|U_KgNt8Ql|}(TY!x(Q`1}nYkh`NVpIFG6lkr6ap~KFG_YVGcyd`pv>ya3 zEQOQ9|Ilual<@2PEmCzI8M%#wz5LNCk#+z2e(r96u(jUr`o7l&GEN@hiTF6)!Fe&Z z1$1(~NnQ;p?<~I;pc5ur@`k~mUk2P$D{J0%yRcTQZ#!f}gezPL@7;}fnwMy%y&(D9 z@>=JK^tlKPyR3dUfaBA_t3HjdGg(~2*|JZ`In7$3#J)om==~k`Co&d8=9&z$DK)G3 z!{fw9KWkNCvo~>4)Lzwi4c*bpB)3iCwVJ_TCJ6oGEi9BCv&zK5@Qg^KQ1HsRrbH`$ z5-@~sI(g7Ij}&X0Q8Ss~cF7+-49L44M1o$XQ-%O1CjIiZ(_ba~%wQ6IUasEO^!>lI zZ=VBT(MZ!?+D?Z?qBJ=1f<2~V%-w&fIS)w?6|%*qi>W>zU*(Siu)lwrNKsm>Oa}NJ zOHW8p9VJi}tnwF?{O*i+hAs-iE`=v&6Ng!qy_3zT(6hlGcXG|#pOLl=Ve>Ys83^tQ zrY{uC$5U%DgH;;y{}DxkKwTNrCGj0)ihN^m-)+Dj%mBPy%$EGy7^ww-Xv4-mt6aSM9o>N&UwAXAWH z-K8@C8=RSWsTu>&oE|)v@P$~SduTyK_V~aC4iBBUI2I2M7KPu4-Cnk7shJ>!FJdPU zl3jdH{_AI+008;y4Ps}mirv_wmA`S33f+DniZ#8D#G5JtCRgl8q+M**M3iFY2QwLq zgDQ6N&VdF`#JTFkwC~B1A|_HgKEgP641kt(n3Ff6?-i;GkEKJI|0lT#ZB=c$fMSZk z(llYa$J^H#n`=i(3mt0~r=B+7gv+h7mi;AyMT{im0$L=xKvsa;N0k1iLtLH)%xuD9 za`sJz&2nJySm}HO@WDaj4Me^=5Lx9nslb#aP{f#MFJ#6g0Ugw)&i11e1V853LQWw9Mm_5 z8a&aQDNfX~l5x3I827Icbc}^o)m>y9nLfvH$WC{wdUDdH}YrAtOCT1kO-z4t%>RzZpyn8-^i;hp?)vRvsns{nLh6fd1(X6N*zVHekH} zb9ZP^8X2pGhrlA3Ujq^@Gg-)kT+6Q_u`mbthG0kMF&#pRe0Z#E|fnXJn= zWCfe2i0t$p_fvJRg&o#QXbk}8k>p+~TmTf`*_64&(-%{$W4?rYO6^*zshoXY5C#U| z9j?#ad<5>@ZNg`2ceyv+sHLQ1uA^{0MfH%n!(FXzx@J@q?oG5|Qa^|%ONVzn{odRP zzv1|6_It-az=h1#;~iN%1T^D!mWT;!-b3sULq^d7-}UskyLyZD|HUq88bIh{?765n zLF_PcmKLu+4?Fta^KELUel}CmfZM85Q=AY@ID0>jGa{{9WWNj7xv|^36w@c+rqO|j zjF)MPcai}YHO5j$ImIh_kiL5YT>SwGBFTV5)5`}|2n*X!bm{! z_Jqjpin_%9HA94k?%3#g{k|_eF74+u{ftgOi;N*Ax7bf>itBgKXvW{l&GcG(y%$pt4&EeH< za)GA@`mzb7M36s5H~imyZE^4R6%ytvb#o@k)HS1_|0IL`r9u`E=Rm$s46rlYbG8s= zl-h$+`snlfC&|$pj82MNMKnM1$8uJztBaP-S-D`ezd#6gCc&vZ+Px$TCzN?~zqAAT ztI)L%A2W?97kr*dtjogi|is?kjG^ z=ng8+NUV@l*8G! z@+449sYMml6$Rv!!XG7@jSzqiS4NrLFiLf@QO%&P+l$W42>1L*nlZ!gG)_We+EX|2 zv}wlj$+H&umEk2g`GI4!E{y*67@7sz+GeUml^3vX}INCyk5C;1von;N-V+rz>WrCi#J(&-S8n`o{J2bS}iul7;v zw#-tu*mHcq+kiApq2dadzlOJ4CDG-=e4aa&#V49Bk>B@vJOy zZmE-$tt1#7jN-GL=RQO4Y{{pW$BvUzJ`+6#PQh(fA3I{7WOW$FcP0iiYe5hcgokzi zM9UMiHl`(F^q5CoYav=>Qx6O+!i+0r zLOsbH9-}$1jJP}A9YYQxqD{fQYJNW1_WM;S`0UYF+#DkOe=3FX-s{v+Gk*%kx4L5cDjyo=Tv{I4YLP1fzGWR6uBowZjKcQHlm~#u5 z*S?#@bC%%1?GcPCuA>11{mR)&gqaoNkdMi9C_ZK^^j$?E1u3d^4-SAjx;TdD;_D-b zd~FzH9_@5w@{B=T2!ar_2dPFse^;v1FXwx`jx}SAtW4Tv zbelbP7~06%e-k^#(xky}hu@5RiivbEOdXPF?w@PiACW0b4*#eWJ1){(9?0uN*?;eZ z;Y9DtdXKNw?KM6y>z-iA$pX|&Wh@ERBFob9NV`d{zAz}}_0Z}p?Zhc6S-c6Hx;WD} zZLzcaBX;1-`J0nBsH0ooW#=8_UXC^4V7)Yg=Sr(u5YXovTO*?O|HF$Mo*X95kbowu zPk+axfvoX?N|vIsP*Iz!w2A6RdOeu9Cc9Vgt_(PNo{90LLj9GNYclKl)dZrzsaWwz z>C7zLjAW|>vD%hY4U|^+;(7tjt7OVrK$ZW?ixlS(qT-&s24zJZ*ELKSVQ3;T)EC@! z&qy&mbySXqN&~xNL|*phOy3=ARbadUpD4Kg6t6H;#Il2@A)1DO>)~;Uy+z!N)o8%9 zXYDMmA7tnR`m68nS0w~;1we1q8Mm+SlvOb88rCHUOq=RB|BhLwb-in00c`zoC zXjF?mV_I-^RKKPegnK2WMHz<8afcvo+ZRa0&XQz4K}V*TjYwZtq*Rb2K=cC|3hPHL zK)G+_gpg(o+PMUV`;RCvr-CIYK~#y6ZgVHQKP^aEmxR22sVz$w!B{|}RqD9+z%Inn z(xofb$pZ|%MEbQnm0Ac1vwG2hEPT0;N5DDyb`OtwM^)+bpOu= znOTE>RnkGWoZS2m_*8eU-Q&dwHoj^mRHPt9#Fbu&g!k(hj8pZjpozu*&;VXksW#HbQ{E3_dH^b;}p-Q zS-+`6e^0&(k#gl?`SFHEl*ZK5aBHdickAbm$b@;9-x{LUU#HjlH1++K_#V!WPdb%5 zyDfZpZkvzP($M+Z5304|*LP&y)Do`|J(99enl=G?5O}v}w)=uvehtj1sP~e6kK^qK z1j7udEJq+SnDEdRi`^Avaw|zn>*wEW$Ykh0UQZ|@W&OVqXNwr$(C&DFMT+qP}nw(aiKwz1l_&C}oapV)UNVxNn>FKUiC zD=IT1vS!uH968?i31T`v3(dh&3k%LzX$rqpH3Ew5Jyao#0rWYZ3zFc27!V=$#Rs0NXKC>92wy1JQr1i0u`lj6~j;mSW*c+N zgogk1->N$B&HeF~+v{jw4vu>YHELWTAOGZ?3X<!8vc&A2-3N z)O>I+aI7R=VKPB7lQlHPT7&nKo2Q5qT$a63>5Z0XdQ}vA9uZ2lJ*+?`Goek&; z?BFv@5aTtYPTf0&>jL}}BJqfTS8W`}TLaS*>c^5CgB?Yehdyimm!9n|ayDF!rQF&U z(w%wRUlzu#p~n5NmMV^j0a9f>utcdxm&OS}@1#eU+p-om&p#kk_ncnd8CqV!QU2|4t?s~of@@F`U-$iu_2{VY<2n25KY#FI>A*)**wm<1(+qGj zUDEpI=?8le7iKOR&|7JIaM#R!#Jo>q5(gj<-&2g|BX zW~1u5mW&&!_hy4{BG*XlzHr^R+ zBXu|P!P%Ac4wU;iH0m0cp(D6ntcLL{*Oe?_T`hCF%pPaQ&$^1jNJbQs?J#oo|RbnV?HethoMDhrbnaP51cF zJBJ%|eeL9y=Lh-XQ6b;w2YORRv@^i+vZBVw)r1^S`||0+9Y!Hv`A~@oiou{0%>%L$ z?AkdWt55Kxi%+5+JE1Ygh)s!ZHn5oPNUzhbNvBRU0>&$Rc{Ob^EYWD^ZRmwUt7d(9 zZy1+#o-Q@2ttxnqKBW!xa*u}2T#Xav%%2{I+gVTede(_S%ETq7jEK(*+F*fntP?vh zSh&&S&X+>Dv)^+g%y)2xM&H}_Hd6>K(0X>ER1y>Jr(Dr)8U0B;yQ*bp1^bm3=^^jY zD>Zh&02`rg@>JWOS4>&C{mEyn4ORgaJ$Oc_g%?R`f3@!5$H^QNn@M!^oKR-KcE$OJ z8!~XYKy-b>q*D+#dK%zl%vh+s{wmz_Err(YqT;Rg!$sb&a*Hm!QcD}6PlIMuuVY!U zNm!5!!D^Rj%@A0n!Xs)qjXb!TEc=!c?eh8wO=>t6OP@YNs60JQ?Lx8R?n&KSk`m=z zIwbr>PK|hyqgCy`SIIIF0_^gHdH%Lhn>DiqH)AWK;k$zgFx&IoDIzBxmJ^gn!V*w` zsYJQ_9w(eW3UpV9f=}|oBq5KnQhH9^NTb$-l#4f$ss!}lHim7bbL1sD*8BzyR&_&m zrt>yc*6505WmeY+^qW=o^?VSJdUuawts`&OY)^-ln3ids#K2;@)yp+W`MhXOyd8?# zF`a<6DtJ6zhmu&9vNxv;q{u6Qu3N%mGhEjsCF-}57S+fT{a|i0NXGw8fTm?!#jt_t zKQf?djCB|VuEf=Z?x*x1CYTTwQd44?stQ(E%}SqdFuvvsG1%9Y?(c&~;eTRhD*~W$%>#DuTKU?)oXm zAt?+MW@N5u#+2YNEpA(rI_-bf5QIu~hiqtKSb2s@zXJig6fKxnZ`4Z%Q;g{CBk?a$@*+q_nxV~X#b#yDua+8?V{3emty%v^2xJPK`Fj1&>4S`$r#-#Q zn~eAw4+`5dj30wFgx1`Sfc|~AT$-r4+}IIsE2`Vt2D9okUDet9aVmm3d%V)Jb$R|; zG!5BKQ28pPxBD5DO$9F0Nl%dUDP^%CIQqyaxkpX~iiWSNs3a&j@iu2Y zShTO(_jSZ?aob|z8Py`0B1Yoh|0@K_!2bUf0)?hvO;Y7Oo#$Ph3Tyo&r6!4zeyIxd znGN`PIlbXhPriFJOr^mA=hF*#ncJyED^fxjxw*M=vfjMlwwwj-^rAa?bzSZ_3O;Sp zvOXWN41F^pt{M_3(dO&T1#xhhxVicLVu!z<_m{VF;&3?67xV1CyY_ z!Z_>i>J7V!J?$tFJ0Eq~?U8G~pYd`vvh(nq{Ht=YvzQgKdF5=bBC+B@U%-^;(XAd- za_FEyTwshxB8(_cr&t@pO0lOtJkP36Y1!t!o4SAp4YGko&2WHJ=X)=tXpMc0$lL!C z1)V#dzWOq#zUdeK`cK4Gv?q*#C;b^2RBLHq|1R>Btj_Jo&2uBk$@9nMyXq!ra*dfSUE&H^wLHp@&aGko zs|rF4n)1qYC$Gg#d8Bh^%j|l&1d}OXo>AqT7sMHT6M%s}zvAo5?MhZXyBIYJabc(z z*V0pB!_YiRIdUU9)%vw}gh-Qx39fqQQs9BZhN%_c5vu)agK`ek4Y$ggmmSOx0C^(7 z%hWuD>8s`*WS5oe94USn)+iA3G>U@H>)QnYSjfqIu+B5eSa z7U(oqPeWSg(HyqT-N@ogp4qZjU|&h^%jz(L}#htOQvUWZ5W6N~xY5-SR^ zFKG|LO4V<%FKD|?i5gDe7gN=vb?|OP+_*E-Nzaooyh9@YvER{>FM0Tb&FW-dg)(-s z^tD`$aGFeGUZ=+@Xm8mfpcb~(%K&jB1gucU8vcKb!GZSwlflvZf0w~QLD`J>b|X0e zM{)V$8g(6#4{!BEYl#YI4;|>R#U2V?Q|k@=zOeniIPu*S0~#*;aU8dLhaDg{9V7qu zr4`OPjnP=3Hj?G^>1ofO?y}za#(A9|M_W_{HTD+;q(^Vr2`(Eor1}m zLqOXNn&TWf@)d!%5slnwRpD)DAPm?wyy9GZC=LLfvU(~qt;0ML-I^O4c@WK7r_7qv zT~iwEvFbmzNj+g1b143<|3f`0|L;Wv`^@6g7J-Ia067$`l2Y5e# zs26Ur&R9NDsyWFv?pM2w><{VE>z<^VxnaD|^2L0O515(_D z0jl@rH|W|Vg@=JsfK^Rzk$PeLIji5pM zTB>%2O*Auf1c`>;Z1i7d9$M^M8iQpLR0$?jR!^3oCHJ4s(@3eNP;jHjq9AIJX?u6- zUG{oPUfTs5&P{!q9N{j_{Y4uVj8$KgztA;!#^4ntAtrq^lZdnUWqRbEfuYd+GCd%L zJOprh)loN?^qD6&BZzL~zPFBKpoHm#fm95vG%s+4jr7qG>a##t@4pX@P$Q5;O&ae@ zAsmUX;oq{`i*U15(yz2G3=@tP`mrjNEi0W|00=n=x`#NlLmF!)21@jE$xZW+66mrk zYdnK3KtkmQS(D!mM6YX<#a-4~IcAOxB~0tp4kf?1b&~T^N>rqRuJ3p<7QN;5--8%N zAYkN1O+99@dc%@n(xA6V0gs{y@J76k^9e#A?i-i%1V-dZFy@ZeC5O56Twm%=oEV4b zQIMbC{o}p69XkE{N)Pj@m+q;Se7+~&{|@7n4Etj=?GFH@%{{y|J(VNr9Z#wqcBRqh z^=Ze^7>w=-OQ5D3I{iT^%+jo|{|KpvVJCWW#9~T3C85aA!(Z*xygQ{k7@-!cN%$cl^(- z$gPoVgc>;WsfK~SizjnN5i+_RQ5KlEqy>C~jMkwNUw8^Y4oX5+LCnV$j(jS0JvK;l zt@dsv2g$uNUK(}|XO*VAwG36ta^+&~HnJrP7`$M;vYuFQ;Czj&iMJ^T&DvZY6uTN* z#KaZ&sb}bnS1J*bqg~%a_a|ql@AJd&GQ-zv+2Sfe`tORmMNZ0f`#zBkgH&c6Lr{6Q zSEQ7u@+J8G@BbL<7pDC~U541j^1DxiDEO$xdIWIA0yz_|FVS0ln!k4Q|81e*RhA`hYo$m zA1}P4Svs<~WtJVKB^|GI@X=Y&bG*f8jJa5l)72BWnd$?T!>oEP~n zH?X{fLkce_>pPthH0Zxzk4*)d&6OcIV{D9s zn%&?Yo5wS&@UY&;3$7vLIR3u3zlGZHGb-{vmX~dyd5hrtB>wab^woT_0Bg9lrI}Tn zL=b(5mrAB3H0`)G!6K4qh{D7RuC$k z1akHcayY20Lk0AxweZr;(wy|VVV0rf*+2_{9!y zqacaElLj?Y{=0IzfEHC1hswaW6^#0#sjb?)Vz?lhF0zQL3KNhe%JDUF?*^F zZx}6~hxR%t@NTA#9s=cxMEm_{AJ7`T!w^w2a-i$e;{@D+)PP-Pn6x(Rny?d)YP-ww zp{|hQv#PhQavBY0*t?0i`knjhP$#HzCj-y|20@}<3Blg&9(>U3bn#N*BkIS(y=mQD3vdC z?-cJA*rP$$T~>7ED6V(_X<Kv!V+`ju)vt#5OWbJeI3R9%`a(B5O9w&D z$4!*?dUhT}ysqav_tGbj#zq9V2`4`AAvQXNXF10iG!)bjt<%V8nUN@B@J#l-$mpRT}9 zSMp_rT6UC8FWl*?Qbz%H6PEn#XvN57cqyJU9%m`&EH*!pI)<$giTpLV#fpj$ufZL* zK6h@y6pp4k$-6csOg*mRS%%903oAeUR*&6 zn!8c2WPCvAI!JiF2qHkMoe%Gfi7%1f#tO}Cks^Ss?+A@49b zk}@TP4^wRl!eHHxa|pgqnx(d|q@4Djx4$i_2^?SPta zgL)o^@|Z|^F0b+)l-x~)AtQg0esuwX5w67ia^bC^eFaBtS$R4UT?DaQN&B@=@&xDK zyk?G|m;g|SbmGhxP;R2i4X}w+OL@3dGOiU$Yb`!W%6mFr0G6%UbO;qWd0ZbxN}hlnx{4Hhul%7@LzJ(2i3)Tn3BuK-9NuOwc6$t_AhqFyA#N;; z-TESxYv=^DDvNMN6?LSHN+Z!iHwei3LLwz5uRO!I>>aZBVH$Bj8B@|=U8^@IB6-qxK zL2rrJs4uQw!6FmZ5#{Zw@YAh1g-SL96~zwA)2*j~jgyJ<$_eDMV!i0eE?!Ku_lK{D zFFz-Kd8v*ED8R9aN4sXpG;N-u%#x`^#vKFy6V84EJdwur ziXBh#L$wq1ZE2<@9xC5aZy?L3RolG@1vi^iS^nF`)J~?|=Zvg} z{>1i~LboHFgNUZ@4J~?-&xz3OlC=w!^P5TKTe10G4^%&9c`{>x@%wYH+jdwD;C83K&TfwIUgG>xD0bA+JH4Rbi{zG) zI^v67ULw2w`A`5S+EOd(g_~1+8xK3TY>dM%kuEy2Y%(3wXezov#T3RpBF*cBlF57A zH^L<$&7;sm^|k%q0w<&-rPIZLCg07m6-#GDt``Qp_daSq@&&16(%)ledm`A*LAcs( zbsxOAumdZt=)Y2j{sJ$sxnYjPU`B2T5Ga>7=|+ZVpRpyNDQjwSd0e*UWlI-=<+J>t z%KLhubNK4UlDQ(a;J2TyPz3t@NH}SJ(-SpkU6E{k3JN4dn&20K*+4$8=(5;W4re zoz7!qAIdkInr1jQrQk1evFiHm*B>!!c8_erXu)xqeqn#%fb$m_b4sQT{mw*dAJK8g zsNeY+##>~({vDloM4@4O`#<6RH>5w^yqpZK-+*#F zObt^z7P*w_;^Luk_)ZKP&=9#`M6eiUg!)ar5vBES<13cD66F{Zg?{RUd07cs8dY{c zV|DCxjQ#hT*WypgyFi+C)Q|%ky={$~=0Bw;yK1*@cI^zq`&h9{l1Sm)b8yYfFNlKI zl-UM4TBOiXmuY4ubHRbrtjmS>zs|(>8d96!?gI!_)ck(^vYJZbTW0Rq-bSyb&LS}U zH8x~p1gwRryGpNex=0-Q51dhteev3yjz<=0C)+>cUl)2S!=m-=AxX#j z0t_JJjPN`}NdBPp>F>hrIYa7G;_6)&l4;Lq-AYkF#k3q^Y)tfZvj#ygFbs(%7W zAA$$S_E;HWdbjTXWmDcv5qMWBC>2^uUUDA3qH%c8sqZnV`cq?=;@=;Dk8-j)Z@rZG zS@h(CJc%iHXT;I`Pa0#(MgnUn?>1u=_SU93fVBLlJM?;1>SS88Phk1w_=Z!a^pG`c zk!K!&|0Bspd68`Mfh4v(I$%feQz*IrORR4(yc919wJRD^Nq2rNPjV9Tqg9yh6 zG#Bje(9RU)n}LZjeA6$C(`xj9x)dHq%&IPCt9D;;HpJLXI`Ku*kBjtYpjbd6 zopx?$LznsX6TCJvU`+^>lj!4=el|@C&8bqO(K8ZE{luZ~?br^l7ctnz`^E6;yMD7q zZi=4ZI%SSR(m$nWkFxJn9t&J@UjW9HVhKOHFXKTZ!Wg>U&)th}=&A|lH06x-)C%=) zm}8ik@$@R-$LC=PS)s5YT$K$IX_`kWWJQ%Tr|HQbOCl0Z8OM?g9&YgZV@mA^4uPQB zJBC-7;BYLG?bOs8Qu#}45aI4``!_&mbD(9!ve4yB;H(4OVVfCeKQaK>h7%N6*q#E3 z!G#bXazH$Pl8NrN5c?rocDomv)8|N6)ilF);xVcipj24xz4G?{=(pBMSWwb-#MrAg zVxDjR&do3TsS4e^k{n(C=T%VS%wx z_2&_JfP}KppT{JqB^;dcYg*zAW5g&8EJkz*gtBvfAeHid*p~uH4*b!gH=W=?@Nc2i z%e2@K8wkq3J+B5T#5}Ybl$(Y*u269}2lg0Kl>W^6jCyCxvT-Bj(i{(w9CI@(qE}l* zE{6jHOuJa^^ESiBWsq);rxu-#9|v`-7w~EFV}rJC4l4p->%P&q+o@hzHH!Lft?d|K zS{X+9s+JRc^CqeF79^=HHH|@~G?yr@_MI*2G?a4VUteF%OvjpK7z1p%`@MqTIr}YB zMO(3AwdtYUZAbv9p5UUOG5?_9eN!R{abf^Eu@1=_QxlDpbj-=+i8ok;A$7~h|DFZz ztzcj4Rcx+E??thI#5D@%4q`vlEg}=snI>be$ceKgD>#l5jW?fQR0|2#LpNn(D-bVB zW3gR+mN7$nggcZ_>g4lIdwU1^O_GJb^tb;5wEBZGwTO@(3g$z?lQ?c=OTZtLzw2Z` zve3#~RdFp#zn#Ew8oM_#BX>x@m?pN9)OAAm2>DU0QQ6KuahqO(Wm7nYDl)dCB^2`p z1cGd274Bl@Rw8kNY<8c-Bi@Itg2bD>b3vUN4e#M@qi zUKB2Fk|vGS&FgOD%h$sLUYaK%oR@-2=?VyEeQ6Y#!})$N%q=h7FTe(qC2;|x`8FT$ zdBd3$D#}%eVx7F8d{TZUj@utJO>u)%%nRY#Y)~XlHORUTm(ccy>)c(R59QC^?+%bS zZGXmNR@SSAgn&0F<(>`~A1nr&4J}C2GIF6h%v)snKSR;cJ?DJ&-j8LiWvBakN|5W* zPuyYHcwp-SLMk7=`GEia)^DeFP^V7OzY*Dps;KNuvt9LXdYKBO-{~R)fj=c2x*dma zHm2wqf*`4@+;{Z@$)io%`iF{1Yi`c>URd0oo?SdpS~|&(`-hdP%zxIep3jW!_LSYD zFIp0-{u<%gzE;F%;2!*bRZKw>UVkv)`@}6PGdEnZM|)uzeA21+5bG+KAZ0Go zeNq~qJ<2}EzOYgLhu#$icC`KxAp-TV#5ML6$Og!!(@i92o|^H*clJPvNrOuCxS|=G z@xFesuldGM-RrUyB$#S2FvBx6^@o{T5@Q5G_ z34%&n)?F)TGII0ciB?NTi#uT!PFay`ga*}qIzX{ec@j0+5KylpPnV?mH~(SczUZJh zq|YTjh=&)+42bv3_2ANl0KPh4?H#!+s6vLaw+`LQC0b=%Ub=#QkHGv*0hKUh+f=g1 z5UbWyb`(=DE?BM;{wPIiavV)$%ygGM5uEh2SaX~StQJQS>-Oh;D6tr+_b#oZFB#hS zaX5?~;+nmLz5Lm}cV=WXa}6Yy!VRQ8-fO$+Tt{Je-b>~VTuicWiy2l^Xi{DaG3IgFHE&w5N?WJq!zQ4WuQW&=}k$6Q7uMaS- z#aKv*k1viwilvp#MdIh~QVC%fMgYaQk%d@}I#Zph%%#PtM+@XU-j| zoZwHbg$9_w7IUbVCgIutYAA)5z73+l@bj=DIMw{u_w@#4aicv}%lxJQIJi|biD_0r zmS9XkyC{6+aRP6Kg-`h`-r(1Sf*pSHJB>6Q4xzeSlx!bw2CJa+KB8ILPLN=G1c2#g z)qEYm^fC$2kEy$8daUA3;XSb0lI|8f{qiGyUJM5pe*I3!m`^QM{JxKQIe8rnjhA0` zW65}2BhM2zo_xC{NS=(QX+%SY{z!64Tx8$3=?6%S>u%DT zb#Vn{ARnM%MSgksAJ2t*fWQqk7W03StLCul9tGQNWx?hGFGZZOBzoFHd^_^MTo&>O zo6Ewky@y%M5PHsvSoIKd&UEVFV{n5NB%?sBR2ln|y(xeiJ$50u&6I-(N2ur#1-m6! zlQM+kJS>5=Qhdf2xamY9IU$?v|0HnAcNib~zYQcF%w}YatCC_oBN~0Qd z6gW=R^xGg=%b&`;p3BX~#8an)ou(GX1lI&|D!Tc$BniJ@U9*~953vg8sa!c7`sLn0i#)D z@DE%e^@l+@AZ_j1358-eW_fMTvZtDflw1NxEQPXWEO8`62q-pzGxAWr)Y!CD!5?P6 z4lrh5P}w_s8xTb^cYf}!8kQD4fe20L z&7DMucYyChNR{_M+V%zMUpZys{mP_zY+&_^lUUjS{<33Ix|$5L35Vw@e44cqF`*uv zk#O`^s4y3RbUY399f0XT2_VxDzlsCY33(Q5ly%zX7T4?6E2$VM|S#=Zi`DvL0W z^tfC_yId5Ye&}hEpU;4Kcc(3XkInZhZtv@nvP%8GvhT%hucq{v0^d+nrXMi+*k)$1 zk~E>y16VRN-I}^-^h}qCp3A_FCbh&;s8rYCuC>sO5?Z%MN`}`&N|`i`9y~H#?UFCV z0BVh3M-GHGX6>MMfYAypGrv#O?R9qH7b)(IelFPOgZ8BhJ~1(@ZV@S6qD=F#MKWSm(^ zq%pSc6OqVcd?t`G(8bDu;Ki*pIej&{ZEUucK}ikCTScDgmP1DdCu$s7A|cK$k&B+L;fx;6Y9X_`i~4h)4e4@SwiK> z(Oi3yLZX($5N#PSn&r|y1fTbbrmd{oYijYu%U{JIEa~WeS<+-X-code$KEOn&N!B> zQ~t}`(ZAI&t-2XjH0T*B*XpIU}@xJ{^aDw7m$ zaCCClv1Oy9i$&x+7{zACJ@G`d6LZ5QB_dcj&@DhHw^i#)d6jlBP2hG-Bxx*^zzDkK z*n}>Wqcb2_Dc|)n9#9e0l12U4SsJlw;0{u+p$MpuPTSogoZq1c(BS_p3}0Ta*Kqs1 zk1uY}Mz;!C@A-eM{GghI1Qvpo5)LQhk#pnwC=&vqy>fIbem;LLe|9Q5V1GVm<#v1d zJl^#dvFO8`f?jqWwRi4Mn9yXfl_+<^%Nex%#Fs#|>)%*xuv*FBI=toU#_l}vu|eo2 ziuRIPO-K8y31Ma#9jd40Y=-(LDB@{RC}r{CONxN2;MB`mxU_8Fff4NlhNS< zc09Y+-*puw>M>dX;6;i`{y7&@3fYCg!q4j&A@lhYvK=W7)nc+RfJuuQS3AhXE8#~u#R%G%JjXmm{@7smI4m^ z=O3h%kbO-Jf4PRT7%jRTUELr~0H`h{Ne9pxm^@DobJg=xCt=+Q*a$L0C}E;htx5s> zilL;eg{A#ibOKKl?S$kwrB35va^-RKYZnNsc_0~>_fP;Xlh+d*Y$WC=Q_J;?RVe{L zISDr#VHIog#Fb_~+O9Li z&{?OThcF=_gqozIhQy8**LKCD6<-td{(V~HWyx?5}8FYYz1=S)H*Mg|7p%Hql4tA zv!FW^9n#_B{UGM%wKkU7Ng1P7fmWYM9%DF%4rV9BV~S>+sg(vzJi=`zv#Zce`e-Zp%% zWAk&GvKMX`FwJ)x8X2l2BBceE>Ee$~x(O%gjmJdVTjCsrVaAANqOO&%w5>3m%>;Fx zdT`lad-KXuW~~H2RDy2V*$U;$7VIHrccOwbAUGG-E)Eu2_&!=zofml(n*Q?`dVSa<`%M72P!rHNjMmQ^3G7V>s*GwP?r& zga78(hXKGjRTrc55x_5N&|_%{>KsP7VGe6PPK~1hC!1-pKOd*GX#yW-M3$Q~>Jf+s zb{7MS6PzC_VmC5-84#lFv4DiLGkAu); z8=QH*mz!~RCD(@C-5OeCI+I2s{GpEaex1{dG%`m8RwrbR9VS)tJubz1_&ZV!vK0xS zI}<7gy)+~|aZmZejKBUZ6kXc24c#Yv|C3AGYpf>6)hA%~i*8|x`K0>tq=MQisDN=h z;gI9*t{~qo@jzD)e{FE_ZX~pzHkVPx^qx`O*MXI-;?NDWO`Y=Ce>_>OeR;HNJKrD{ zFZ%Q8ZHuoanwV+2+=;2n{HlU1+J%lqLbR2~-1B~l&ivdZe? z&tEL$TJFn7zbkJ0bSEGOerYtaGv!a?c z1R<+T4Iwc$xn5mwfTb_DEu|kJE{l$)US`&IQNeK4*H@L{sYzBb^Zcv_wV_0%6Q=dd z`0z68mEzZ2>S{d=p21|$LYQ`%wB05{i%MZ`1fJct$nBr;?x}W8#m%;@nZ71l;K0ySo{f=+QQEwI%_6N-yvZKQ~+K$;a z5Jczpfit$2e@bLolmR6z6*x2pc0)W%mqtJk zpD7(+W|x?<(a#ULRSwV>k%xb6qqlh9Z)L#fqI1Xc`O`fxu9E^szZ548}+`v!nb6Q z<8JGhI&~j)@pbM8m1_V z8y&ML1=IB~_7K1KvmMIco0+(4z#KON9(nVp&$$yA-3#T%%(?bknk|0d;26DIcX)ye zYyJM-a~(a+>FQd7h9fOv=h%vkRJe_$0{J>C!PteELR_`*V^2{_yw$pW*P_Da#))rgI-UzL>_6+Dz zeqHcNT8GBF`wNr)Uli98L<=Dg0g!>5Nh(4WBfKX>O2;^~XhHO9PB;0Aq;z!izpKMF z2di&?$1;oirh8vwn(_GJ=9pRB{DEjAcWt}4-=QRQhv#Tow_c#t`6097f*e3Ni{4B+ z%bZoY%_$f~O2JY3JcX^j;=0lySRX5?ow@S?I7EmL)SWRT@#+)3u2)GaH9lrDr@b~6 zlu5~4Ht_*qUDqwGaQ&!~I5IA;eRn0CFt$7H{d%@5bn_|sz0ZV-do#av&$qbNF<9$78S^M#@a zQY}RE9Nl;`xF|T`{A}Lxw%aPaPM@ne0=!_d*<{RC1AA z1WhN~xIrb8tpb}soa$xNu59iLU1jb4l$a=72>MkXdk{I=t}^}JRtB#7wS+MaN7ko{ z6P|0EGv`Hi9I0d!H(lu1w!iQD)ezH6q9z>;c|=T!4F>li&TZzJHY%F_g#3(>prLkO zTDgWmyiJ_qaKzDCh;Gu`QnfY>?&2TDO7LO8sgR(Hl>;x;{=>i!&%@fG5zhmgg3LCt zgt{A~(^ziHOp`6;ZM4;YE>M+jj_8tR{ye4_lc=x!wADMa%6q-D$sygR{U+&&ft=Ti z_>c=yUz+%y>~3d35?bm#9Y)}&(l#OOD-NN{{@EM=WHfV zIJ-4pB^kz*D+-|QTvBcta#}rUpp#@Ax3~v%e>J!Wgp;LNGgQ$@T1aHvI;+#mLw|I* zev3oi?Ku3xtH-CGp;7?{V%E++Bwb6H7ePsl3?9Lm$Fu;Dx_?qNa+&w2% z5gukdjc%w!cg+?L&K_XjarlY-WX9l!K^I<;1@EYJ#783Y2x!{27e?dO_)U;Lk1~URw&8{>`RA9uhfG-uI(i$5 z4EFtZ!4W@p(LNxuowyhF66vodeytFN)v=IU6fs%`a$Zer&Zmh)eTTH%`o7rmcl4nA{ zFPmo@JhL}WPG!}-puJ8tv6E*EK9bksRatEO&~bL3$I;9>jkF?-wtLGb#_jS@wL@1{ zmp|qg5$dGnh@GM|vx3p9S`^$@HL+7_^{lFHMN_eAa(+7S4nHyy1^De3HWh0-zl}S@ zduHcGPXU!qz;<=n{cP#MImza6lTKqLocm%)I)VQVFecIQ8If&CX3?igyyWM{>xn3C z?Pn^@e>#C7rHxn-MOpDZBy8rz^QQ#&rRu%TT^BE_1A0Uvz(d>HR zBp56cE)GUY5kpk6%q1UiuedVAm5D7-R6KuW%0!c~E6;*UZ^+WaRhLYdL!E(-9=uGV z!}8)Lks-2b6H${1(z^$7a+CE#=^*hVnH~FyyJQDWksfmhYbb`z!i>I4y(dYlj^QkC z02Ta*Cnr!Aj1xnfRd{~n`$q0dHxio zWWdMPa8C9|=@A(!Y+Pv?Im;WYHGz}`*iUOp)Lhl7wFq^pX0Acf6bF#tG1z0c(CUDQ7{!sSCIuX_=GO9)dZ(Z3+?)r zV-x=(&Lpbl-y>rMfd^UyX(TWM56;(V=&;8^Nx`<|^r_r(*Dkpl;B5Cv=M`&?k!6(Q zaJ=E`?5XzFso)74m%Yltv!z$r@rC5Z%h0Y8GJBj=7$FS5#nxzadSa@&&yAVtE=2nN zs5HvqTYj+MW$pU>6D%}1q>cxcHC>BKXTAiDg-Vn0CoAcRG*zv4sP;$AcY=+^-9$W< z@PH-&_?eTnf|)ww?rixI-M9l1gS=>97P79T5#R3$*6(CF8$k6wrApFiFi%TD?R@9I zvOMp3P@=Nypt8lnz=pC$rAwZ0n{a$D(z^n0PL>=Le6|-SRSIHko3h!$~3ctId zIrnEpUqN~y9@RUJZnOj|u4NpC4smzp&(TSPW4}75el<>g(gYxU{DU6bvE@~(INZ#V zj_gv*`y!DFJM2&+ttENf>Co+K-K9Bkl(~}0uc3?e{Dw}3JwwC2M)@m zaBnEG99Mf<_LZh&&rD~}{tk(YnUq3?1LQKbQD?>8y4Oo8Z*l*v)uVN9#`M3v6Zsva z|CIwX#-G-6jeEt_Y^50pIvy`nGLgGG1XA3br!?WeIv!HsMXKVVvIjLb+FbE!W?1I3 z8m;CV`f5?kFV_(%QVz8%H80$oz(LYqZ_gfwb@)X}?!h0sJcNUov&hAz+VvLgBk?M@ ziW(30b2pH;_3bk2C@p>6mD9AmZX|vkYxfJMe%W>$7#R^~cP`5vIF049*>|$vDJ;67 zNy5?=H~t0?pZX4gk2}zE_rkjNiMgSP-uxQ?dP;sy9j;OJj)fu~1HAD{JI2CZX%B2` zjHj7dtK?=Y{1n4P{N+TKT9AxM(4qLr74vYMODjbB<3xHRMcTj`K$QklYKNwCPPE*@ zNiQrSn(h!3J5TVa#Vu>kj!C+`Ad4n#R|21*X(C}V>m`abJ-nR|{wU#)LYY_Ob#c%x z+W`yi^U}{=)P+Lq}m!{$jAs1m!@Bv}d#gy#bXq`=t zj`t48UYsiXFP*4~N;&?;bW{KY*b;j0wM2%)y=y__2EQb$;uC-)+*iPzsx=AVK{;cL zLmMuo%&q{O%VaJ1e!O_+fMEXVooI`LbEe(Bc1Op-C@i1gG)08Ygmt|v5JV#=w_h=j zS!&q2_5j1GSmisoHG5=_`gTWiDaopQ}-0*08O(+;}0iQ8eyj;8?L zGM8bQR;e_ZGacQu9&B_kE3-I|>=F}=?Ez@^4g#UA>X~CiKr3X@ChFi67^Mk@j5Z|i z!Wr8{T`!7bm6P7gjBm4X_dJOsDm$2x(j@G3Hw#3HwA1P{0F!?~haa=QI+_ zy&5h>s_b!Tqc6;!ncbdO1C_2`rDgc7zPr?x0zFWbuB9xnl{zz@p8NdGd#^kU-IYAc z^>a-lP|ul!T3xRi04LBHV`<eL%L^x8^H-r>#0f^cOQ<9wd0Oe;_43FMEiChGzncN#;2$BCHFAH>bgZOF%qcm1m^ z+LqMV^)-nZ6csLcT=~<4;1G~ZR2S#OW2m*)*&Zy?6efZNH^48}CYn`b>CBWagbg`9 zO73q~!FfdIfm)2r`su#f7^Qkrj6x;T5}M<#XW+>V9TnNLH_vkPmOLR#zX$uic1_wY z%H2h?yQp{&4)_#mkq^j{f20 z%cDOW9sk3NXUBgaM>||+>ys-@q#t(9LAQQgCaXE0X3(;@x@6r?WV=Re#vvO@kNg8IE#cMuDFTXV~yn%_p|> zb$C;_#)j_(xVRP$u23QaeKO0gfUS;z6@^DJVJBUjUc4sU1v?jBapVf2LVmouIw#O0 zP%SkpW80kecImQLp$a>3;H!-J^|R5Pg}>I;*0Z37qq&2%4Jn4(SzB{}n@68p zjE@8xbkWak>lWnY2E$w1I_+%`oBKpJa_hHH%(V0 z63ZD+y%=VNFgucwL=K^JK?!#h`Q}@Pc2n5_E^~7!3O- z-vOEdP$6fP2Z^BZWJVL3Mob>`tk$JHFdg6hu%}3L!;@ID6bwZ%mn_l=TEQ|AD{^+; zcLp&x0%k)aQ}V;gRR%jK zK+F}Hx8=Vno?&&$u~PYuLg^nFjk~KmqN6|K;l4F0bE=OSgWTXC=x%XOA?1`+ z$azw-F0v_uue?s@w6P-?3fUMKQ9LwV{oGjt-Z{kf=P3-^4)9W}lxUE;gpJJ1QMp?` z!Tsl+E9b9RlU^`IkQu&vm{RsRp6ZE^6I@lvfYv3od6$CmOM$gVv$H=1-0=lt;gvxuZJImI|vX8oUcAs_lIk2OZnK>N8z#&)O>$X?bfx&R?3(`xlOMybjgm*T(LjZg-5UUe#$+XO>DCT5DPK|AR;}q7bA7@)bU!qYZd;W!_>@unCG;qtZ~RFyrCbPNx28XQ zHr2yAb<5$m`1y(Zd^e65P6#6*Zh3EPOf6M~>C^-r9Bw_>tTSEn7y$m9CO!MvIPo8^ zuFfHprjbL3xepqYcwR3;H!cXf0n|THJZ9wN{7fAX8x}Bd$bX}E^b+RU4>7U^NA8|} zy@z|c^&fWk!AX0Ki4LGv_$az$m%J-XrFE`*m$q;DY(k+%^J@k*_J_^7`O>mGmYBmj zU5a0Ml29m7#L~&fOLL*s;h)*;(44YEl&#d^CDRjx*rA(TKYb?~K#fItbE4DwQ>|2M zkpE6@gv0khMV4G^gZ81;OG+3<#V~L@NjrOjH0V(31k62zaiP_oQN87;rua*@y557seWK z#js8QMvpCLEH)$KDp-u$(laFNTF<#3rY`yNCbO;?Ou)?0_yXJm8s2oyr+p^6slIWU zkX*gHEFCiQcbTi%-pxQK4QyODFBCDUFPIX^U7LQgyo}SJeX9{8hyiKYROyCr62vJw z4&txfo=Gi3Hu@{A4O3`zNTVe?{I;B1*-ovQ*7jhhSS%@TD_>g%@M~<^XyLTOl&ayk zK%<;pxm;*!>vLx3(F}@C<7PQ?7z|_Go~T_N9wdkqyFB^OnpR;5hi`@(oL=I+`F03& zm`pII{sa#_#7WWi0>-uJn6;OAPONWAXae4{pmD?5b>eZbh;>c9HwnjJ(%YZ%qZiwE z4}no!gKp8!*tF~zQC6Z~y}QI#2XLR-uu3U|OGYJKGII$Ws!8_{jk*BeV+PWON$YwsgX%2sQkOr23K`otSlHq)T39r&s&Y53u3cB!s#b78@bHlJ zn0D=$%wi#E)rrbVN#M+yVB9imaGo%#AZ4eOFhHpDsH$aT_xUivN;62l818}jeHqjP zaQ><>4+8HIgXm%KPV39I9PB~xS?3t_{tfxtE4kZi1JxpN%W=3xZbceJEYmFhPz|-S zRkB?K9sC(oye0qnU*A|P760PGhyfQnBc3^^D!)V3=1AQ&-%ay{TGqJ=C2(E20y+K+5bNNY(cVX z#mEM&9Y50a6k)P0P1cF~`WcYah1c`|xmd82NgmZy*$CPWA^wqvvi2`v*doZ+6?Eh{ zyfKLNQ3SE}p`Xta#%eIU8*PUHq-NNr7}DT#-Ek8TT)M*$(nk_C`I|u|59I1R#w-4w z;uXhOyDt!H2blF-3N0eh6FXKVok7PEIL#6cf#Frp`gi1pR)iM7f+p_kyNWEh zYc5dR1EeNZ7edDa&JNr=E^*#!y)B1dfPoIcn#rZjQ}LQ5bR9?Ft4i03>Vn1zx9+4p z%YthLOn_oq9oS$!frW~=R?ZK`To=ZqB0P=JuG}-Q%?KSO0xZ)v48q|Ip@?WkXFM_7 zVfhQ5shUq>9|LBsm~AaM>YOdEbx@l$M5-9Dg*5XukYqH5{{NY>V1q zXhDvTj_R?MHgb}hu|dV(M>qWLqQ83!Ah;qayJOOBz)l>4cj|~;RIT%_>%EeqRb4vQ z^`!xAmNe1kN8txOA)O&|59}uW2)&`9L>x)zib?W<9Fk_e3uay1iQ{yW@He_nkFL|B z>vZpAM%U@>RyVp%|1Mppcc&ch*B?KCli^N%3py^U`9OTpGS{}MwjH@g-h}P|KB`*Q2*cK zqn9t9*ZqHAj{d)&n{J_kFUG^f6X)y5jFb%=J6Nv|NZ#-9QDP0 z-oK{d=>0o-|Bl|jkHGu)wUt)nN(xqw4T8s1A#3Jw$8Rj0C!L z6Eu#`C7bh4ed@v!*D%l|(Ksd<{#YQ6eytKn9zh4(Rp;ZSZ*VQH4$F+q&GycHA*hBC zxnAFCtA^@m9OGgR*LCB~S|C`1qJx8S3OUY6Vz-ZHjrB+V@Kw>fZ zc<~M*2rT;JX_Vx#k?a!duCEfRZpi*&i*x<}?PjBNFr$h`C%JBLX(}I}A6&!W06}L$ z&5zq0Aj!of?VGS$$!Na+Ot^0 z+#$+pA2z(X0hCbT*9D_Kuf@S0i-WxtZTptB*y_<{;pToB=_iI7x*NGEcH!WBK4-GA zz+wdlyM`eS_P=e1g05Pt}QyF(Jf2k4I(D$ zXvr<{@Y^N*WG6Ed@oKixRkoV+qU$C7bb&+sAmY^zt48Zy9ro|*-6|0epZGGjn5@Qd_99@fa`vQ@;%}#i7=E}x>wmo*Z(M2`Po&u6~k6#`gk^M6#J)QaeR&~g=+HH@&>wq|pm6S3eCO-Lk`GaLJFPTf3DBMk0>AVEVXsTNX^ zlMk=S{{Q(uZ98Mg#m^UH|Ns5Jr@JNSurB7;ya5m0!B|B%jX{i+pxm1xj?#wohe60T zC>I(nTl6#dRCy|v(piGSEAAwbELY~Ya91E04r;|VX(l)W@n;@>dVBc8YSxx>dlT%n zrq|TWLs2tRY{Ep%D+mMRG z?R9t|ktO@!l)_V@G)?2#3U&1@8rThdY1lgKLBJSrPpRxgK`z&lFBVK%u1oSPYrR#l zj*Vh1=QK%-X#d)tr$=!p-c}~%0OT|A7-75MEA582iRkti0MmI-xi?{Gxw86x$s#C0 zyAKR2b->>B@vxs+Jt|mVR3^1MSQ`d61TIxX36T=2tf0$N_p%+Y?{o{gP_B1JiEiPpwJMjyW-dI{mmMA3Tl3(tyxuNjpTS z+E#gpr;80Z+uobo?KHUL>1HB-L%*`3jHjq5TZ+6D&SH+r0N}u_pbzTNWv+BN0>vKn ze#O)A(X$twHikA#*m=|aaq8p9ik4-05{{1f#8y|Hed6d+VI@mDx|A$3H0p-laUn^b zYMv0PNy2EOnFf6i0F02j&-xHYH#A*fkPjvET<6mJ^{mS?(p-zzOtWZ+$>zj24${SV z*Lgt_hW;kk;T3GlpMW>>fbh9XDTtmYhACv4%vRQH4W@|$aGlPzSW?X++MfJRVd@HM zeQjbU`5lW3)vn!PRR}dsA%4<|3@|d~ptKu)53Lixj3EH1wbJ40+D1%7$_|KR3o7Hp zkQZTOYg=F4E}6tUM$He`Q}Uy@XLs#!4Dd;=w2(aVbG%0fESlWYl>+EZV%$9_mTotz zbEddCW}uWOXo*1jz7UqbnlWLGkg zUw4^$Uv2)jhA`$j=(by2UugLQhLvv+QjS66U58=)aB_3>*4u-g zP;v|w?-+8!F!CWGZjF3-wNb~i zi-=lVdgDxc-CH2`TNe!XQHw3QNRCC(G>r@0Et3kOXOTT~k}>G=){z~ygS+O@ZAY=G zibxEt%V!pUQfO9I{fZg)Y+r;7KRt1uZolKhNKhoiEng>D)+uyof(8yX92V;oNi)Fu zIZb*Bgw-bdDJ84+WB_oVRDb*n!pgjVlrD<viY1cWL{TPm`IoGQVab;nAvp zrp?!i-Lb?Rujx|!%9Dgng&gihO^Ux#f0e=oV#2I<~0NoYz~8p%~=ekm$33>XrtuNe?t_7qnmYn}B$ zwF8GRCR$R>7DMs;rEOmJt`RgY5_tI`JLVrKs|tE|A@Vf75Hs#Q%V0mOeb=S!=or;n zyq99xDRvAvjeRN32BtRy!#G;>?a}I(eW8;B4h!&7P>G&aR9P;K$39KF_;qXDlPuzj z9e~>hXq?${#-Mx@&Yr~xegg3CIH~B@CmNh%(vo8SOgl{hX-V2x-Q6hxvlU(T2$`!A1`$1zMcY_k)rca!I^AI-0!v{`;o~M6`O9 zR0D{BvAq{$|HaXZgBQntI&g!0Zuhm0b7J)zLmV^S7EJ@Aq8(s+*Nm7YMw0i&Av6eA z4C0_x>fqJ4w*A=UY~-9l!Kw(|jQRMWq$QRKT7j zN%4Kdv~*3>uV@D*^AK%*YyRt&WoHB5*~n?Bu{>^V|Ed*o%X(U0d<>R1e0XQ-6x}yn?sb+zY5>|Ta zHY33xVU;_s2>YZZ1@}C-M7L~3u63fO5xq8K;5wqyNb2jY1Q+wk^`PlHJRCf&5++Uozc9(?LnY+1TE|AcM5jw8 zu{-IC3I=ZB?o{^rX>{GW9!X2fTxrW656@3^RqNH{W(i}H{dR4t#l24f`~PL~){%+H zA3Z7FB$ZUhl5g4=nr%u(6xpkx1n@)?89%-_0i72 z{<^lr0J`5(bay#P5^;Z8xQ!0s8@u{9-J)*x4#abpPH`PC*7mDYU*Q^Daa-RKsmE3m z+iYTGm&uQv!U^WHB??TPDP*-wKmq0BQ9eKST3hXVrf)>N8Ki9AA&|nRUo)V7mVCj} zcU%n$qUz{w^TAkY3yhU?mbBd(0sXAqktRx@6U;qN;)u%Fz9&!q_~dZ`X{b=t1t}Dc zHUSrSCTM2l8PmZhVP=qqJPh4et5nlZWZx$`770xkU~tK97l$BIWNk@aKO1o0e9FXH zvVLpluFHxIzjCbho_;!64DlB~srM@9$>K|^m8ZojduZE|f~6{=(M=mKxP2xo8ppp- zxf;v^o`mfi*GysVs;NL< z9TGwF(q7MVv!=i2G(lUBMK^7buu1=7v7|gj$LP<0>St2iD<=P<)LWkDK_}q{+vV~S zyEKUcG=@Z!I2qz+SIS&N`QgOuE_-3bT1IrwULHAh*$q0RLbWq?znBC>$X$(UWLKf6I1}T-Q((x zrFQ(@6?W_uh$+SC`o#=2WR*?*N_(~5Da0k9G$-zulsvZM{7|_pHYxLF8w#_2E9sJ1 zNUyivTF=Ug;r*~pY+o=8@|vZq?N>U)yhCHmd_|w4m<-aF%J))cEirL0P14vdLT4sROgZnM&5g`Stc38fWHEt z+H)qC9Nh&iCU-e+H&XP^g^bwc)#YH`>20Y)7Y@F>y6jG~!0uRDFiL?HfGhAs+6?v1 z-8~<&7>^S=X~`P+#}kp)Z$A9{HWcK>uw>x1K3vH8vD&BU)PpM8nyFezyhvi30mLwW zW-g#^M_#7l*8TYzJ+5A(L*SC7LzE9^Vf&`7UUJPB&W4hw_cUz}6K3-{i;7e#AqRax zE-&9A5{*5gl1^n)%2Drk|i`^HU*Zs6bFzn1|0S9OClwS zh-hLqsm<-ibOERBOo}+iONP8UnEqEHC-{GHbA6zT#6K63NT#qDEt6i zg-9&3glPt6lK}V2(?#1nFE8H_$uLS#6@avQ-UFX$hATolL+ko(S60QMLu%{PFmHIf zg12k1&&a4)|9l0pBj}}Xq(vvtIHIwcKT4L*5+41;1})LGbw)Pq3^qVO8NNWAB0rx0 zbl!Ho1<9nr?wY(myLwNk)-<}czFl)67c4H>jW${r*!(1ugZJ;E)SrSZn8CG z=NxXaJLqF4+W_X~z@$4LT3}oXj=fo?0F?l>Hdk*GR^!6nM5}ciz-Dx$2T{rAn?@Hz z`bp};ai)8hm+uCVXLN#8N<^HtQzFNoLS_bAlq*IvK1Bm8(g{zf3t!Nd5p%`nd4dEB zNe-StWCRr1XP>CS0I$fC(Bx^PQSqb=Mo&PK{G=_BeV;q6O56e18du>DF)gcxNXxLok2wyoPC=?x9=82{$6L}jNscjDWc$KpiW^mkr3PVn;7tg*Y zSE9}R_dQKl zPFd);d3L@FoR;0+aLp2~^x?NWbCcaRGCO8jQ>afX^j@3xM6)DO;kw-^3YqV>t)Wrw zu_P4=>d{-~HX;$2TGSqYm?Fu9;sZiP_m!ryxQcMH&5`Sg9UYchr^v58x(z7l22iKg)DJZ@Ou1W& z8n)?-y_KP<>BI0ea~IWqtvTm9^)1BV04*$8s3o-D%7r>W$!ji5s77saBvQp=HZ=DM z3`1?ad{5<|Eq$iDxZdo~2Jtn!^HnjsZ(2s}9(8WT@X{z^nO5YGNH)*0euU$8L!PKW z`wfHcln|`T-1ZU6Z3rb?g_iU2D2Zf0f$SlU4?`F?A&Ldr>lk=2K^#I12NA*ziQs0y zYA1jLNL(*@TO*HEJ6Y?~C<2bXpy?o|$jhR2IkO2XNuCDW`z~s~qnuaRezvko*3+}s z7Y2xM!5>qcdPbGHdUtsWxZ{*HCABK!vh!+(0HvA1AY?FzrwZ_X!@SF+qfRK|*zHAv z`Q&4&X>kED8o6m)oB+%vh<$@Fcc+-z8cCY3>qOzV%xBgoBj)SvcBto$b=Kqi)zQy`|v=T4RYn2i=C=&o8~yOo}_6c9+bpI*8aVT}yPse(B{YCOJ($ zfX!r$C0+*Ix|SIZ|7DjtK!uYEeKKziiKxNggKgfm{trTvlb+nZ;le#z_6tpTY_LH_ zyHZpSS$it<4^Y`=_`0xt-@>rf7hIX5ZC3W$qAqEZWj*l2%`pSpNurs=;s6~B0|ujU zbq(WS>m96i&{f^&nj&*J5KV*&-*QC=tf7mspzYym?VuxDyCGX^;rH9*Yj?W1uZ6MQ z>7pMYXS>t&J#yCe!PbfhW5X3==azL3u=&*|@)=hD2s!(muJ4hv_B&i_FK^$|AY(&n zbe_L?PZZOtk6Q?%oZ3{;hKlv2AKN$wQkLWk-hjM@`fQi#-ei)2W85T9q4?|s3X7?h z3OE%-H%z2bQ`~E&ahm<6&*4gD9I>f}Vh6M&)$AQ#HsQWXiB{JzP}iHz=zQ3thi_OH zOBGn1z%|_$`2}Yx$s%SX2TJCY%fN@v8F>#{d>C!01!RU67Vzj+1_SY36st6Ah9$4> z&v?fq9hPMSTe=7v=geq6eL!Zb!f!0~AUSL;_~Xn;E+lWk?^xgvSFV_HbYPQAL$#h( zkviCUo-WWmQrg^rG}0KP=6vVOg!vtZicWTAEd$S1vLb3plZ0dl2r&o$#nQ&Np=m*m9|}e|o0j03_UdaxDz6Qwx>mu{ zFc&DG73K*C*Is*G4?-;7whM6XE0@()33){%`DcHv5B(`0vg`Bdy&je20nfGZA(h~ zZc>mjxuorS>{^xw+N`+_pltaeKXA*b*?)d?+=7?;j*}diF0`#)g1fe`S+G+P&2-*s z)MPHNL#=Yi$BTCxCTQ>{W6(N$>r!c8vjh?IIo1sSc<~Nuf6`VPCg3-APqYyVH=X=| z%X-;TDYf~w+ES?v*VR@`-Np~HxUZh~w#+sTe%Mkn)QBG`1o-blb>b$0pZq;s(e^5@ z!>WF}qq^w@>nheeuu$*Tv*^4jaHG#@f03(;qG{=lVDh7kZdv5Y4&>aB^-WPX!lO83 zF|}x|RAOb>1P8!6Yk!&8na2~H`>vda?TpQ**1t-P0IvZZCR{p}<_9b3P!*zYt9|Nb z;vVz>4P=eV?c0u0l|$MD<2D>93daZ-r8aur&N}V%$RMw@?z!2DVn5mx zCIwSc0P+#BAHl(a-*JAR9&OXdqkcUs=wKHZlRGLooh2LPa_YP!jZP@lo1x{ZbREp! zttb`Fd&4YCHvs$>1D1nY<3pk3)_iHxXObC>ZdrS33W-@0tg(nm5(|b2Kn(m>Q*xq+ z5+e1onl00ps(U6IjUyF-ule8fV1+P%IVHQ zp>$8V#w_=p1dn|}mn2RTIM`x72bTe+Y%URNCE)H$T#<+-QJ!=p^D-ypy9dRsyXQ%p=DgTL!k0@HbE=uSOIJQAxtLeK)O#wx1tc~@rq*%+#cH8mET$Zb zU7)JPlteM+?@M;Om@dRLW_O1M&flI>so3kz`toa=Kst~m)a*N#Y|eX`iOZsCfH+|Q zD1N}V)v+wa9V^9avDgmG0wLV66o&3R2tL9RhVad`u@WW@PN*8fYwo@Et;@av7W3wb zwiUT~mKiwER{s*47|L|Sf~0sBz;s@e$>bVMe219JE@cr@iptjd^RLnHgC}akL}_mG zhVb5QpG*9=`%w#f&Z@jn%j8=*q%RUP8r-o#T>E9EecNr@1=n8OInRifu3QTv;VYqwxHZ~g^NUgL{;k@pE%GEHNuY4DT5z~8hEgxS*qYNNCOXCM5f zDEN+66TGBsV%WwQA*>AR!p zchhI)Qb`8guZ*~(=`wpo(i}MClrGsTQaPQ)x&6kV0P{^SbDEp&-(cU;eSYtUxjMxp z*a=tqr}{fz<;h+B@&pi@@Dvbp<)y(0kuazT&`CxkkR9$Ee)z^9E?m{!F-@`?dW^$G zH*85A!V?)wPtMPNd45^?xk`jflXh-vrx&k_gx|>1gPO}(^-a@a${``xhD?e(Chs`A z4=7_ZMGVefi4asujGv#`RwZI+!N_6@FH{3?P-o+XDK0Cw0GggCU?xW+0uOxLnsB~);k zv8Z%!Vx|l~1zIwO=%Cc0%nr7*vM$N)sYn}K6f1h0qG@R^r5D46@kg4Nwy1xjYAI=> zM5v<1zAuv#WSVW$DwXrk2Hyb6@K7Zgcamo=Ofy&7_Tcwj?fPzVLNzCY>Mxu4H6()? z#jEitJuUJdnr4)CiQu;q0lVeD<7eL;e^-|Oo*g}Z{$iB>KF9M_%769Kxv2sffjB#r4a*rRuFvgf4xBD0y*+Z7{^sp zLc_wgvkj$&*X`lA^88N}EsN*W@` zcA>E@2_mdzcgZ5jnw&MtsbK0o{N$)BwoVkh0nW9h9C0m25LB8Y%d2;nb;+SsY8c>q z)Fds$T+vy=e!RLmf7Y|!*FjU)4~x7WK7$#Dk||hj`#gpkJaoDYw6^{pPZx$Y5P9zo zy{&a9ogVFeG?RCiuGvhE(M%3`+I6+BqFYdnIZf<@9)(lQ>ta5RNhq`*;7X$f`qkvA z=1FTPcc9h?9mbre7gnt!hNqh)T-~%OE;fjl<#EDJMVdY)sGgPQRE;CI;oj!xp~GQo z0ui$~EMauZST>;vzbmPbY)XbD|ySZdi0{b!Qod#nL4!AWkK?z`;jA6v6kvBO{<&2DW7;ERiZUbBFs9mZ*PR zyVEeUZv5T?M9lMnSR4ZA?U}bFo$W@?^CVf3d&xZ)-R<$TkKWbj>7~d_#H$0iRB2n7 z{Vu%-d8$~HOLlq7vtO9x^FIIUvs#CO2fDm`SIY5tXWpBCHlDOD7H3I6Il7_FnQRWK zEt`7kJ)Fj+OmKjV>=z{D>HnX-^J{J#MFRMJ6sqP)An{Lj;+m<2r^H4W8U)RcrrV}OGFW58;xt(^+ih##INefO z3#IsvyPH6z=Uq1?J@rLi<83rwxZE?UbhQ^Pv|$T;P4vOOxC%4A)KK@@N7dH zq2I~dRS;^Y)1Wo*sFfIn+#%DfDf#TDrsNYT*aX=VWH+UsAo~d*dpniH(DgQRELP9T zZ8fi1!?;M2f~?N*rt7w*kF=)Mk~)Jrk2qD-rZ^#jNn4fSU6Gg8-j~I8P3y(3Xl(e|l=!ul zHz059XBC{#raydlR*S^Zs+z2SUDHVCS!G7yGHV zw{CL}9KUHd-sPN?lmE7C%+X&9<0R4+QSiGlR3v1%tDoq+ZC-dH>*XKZ%A~be%4k`N zN0wN=O;QE;A6C&9VRble?h-#V=@yq0%wL=An^jRBO6_x-(`o~)P3L&kSMDY(RRvU! zL}W_ljPv55lvmXGFGT*x{q5rN;#~jl()jO<%?pI~{o84G$@dGZY?pjJBHI*ItXSHd zJ?HS%cP|#b$Z_JqA&Lt2^#~PW?s(4X*bA3N+ak7RU>=_tdIrfhtXdJF;Rj?qRxQo7sw$S+$z2*bKd^%-+3!_x8fo74~BQUKNX`E^M)<%r!#g8wgwN`=!Ty z%{0TNx{2)*%F)P*qdRACq=|FlzC8*0AK=}V7L7UQNbvSMNpAiNEqn?58@m7d@#E!1 zpZ~spm-z2V(vQl2<>)*D|1KJ}#W(0Ld~Aci_=`jK%VjwyMZZwXG2|B>m=e?1xw6$D z4-}lQu&UfENP@p0s+{W%^;;UC9CP%7kidGeXFIY)ptjDQC~2MDg_= z#B)w)wp^=^)~w9!v?C*5>3*hzm2Fnky+E#f*c9S}0IvEtJuIdEE3IfPW^Bsw}pmLwHe%wa*04pg*;!zPz z#>8#E`eLGH88(z;T7Y$}UY<}Z!PqrXace>`YXb3V#BxzSxdO8G?TaC+eFBi*fx<7% zxE*y?27*A#Mh&UM+$|^g)Fl`H!9UfF*yAXWpZ~mn`}X~tzW=umA3r4ibBgq1@}J)5 zJeUIEw+k$%&w`9EheXJ%L!S#7-=3BZ8TF23L^8W^LEkKhsbvk06B_mlnUJgPw%n6v zTCCQfz%5jeU{;ZmW%=YGE3;~8&dw9^xquLlO`Sc$5o^^&7e4gvzVv8a^O<%-WLf94 zpF~$r%>GEkClMc0`ic0Qg7_E{N)-1oo`|JC8<<{-Y8ARTrScio=suOR#c|uM;TX2o z1%|R-4e^{(rmgK)$!B4uuWZ9_Ez4g&1$G>p?As@n?-#{iG05O^m)mM=!o?R_EOZyx zSyQ+x*bDyz;T78N3N8bRpGRColvj3f+=y3F?my&wQgAZ4G@`DPT?LWVowrU!Q(h}D zH&!#ofDDJS-Kxf1hvv4pLz8Rw0rp~+8Y&f|^BIq|3kPH%kpYC= zZ=t19hrf%M+;1c%|9h$OM7*7tqNqUSjXK*CfH&0aIE+gG@JS7_?oa6G1WFzJ6{wd! z(B_#s3^Lm`ukln-_dlhg>qGZJ_-Pm03)Xcp_iq=fYr@aEe=bdPU zs+pBMqIZ3^ZZ&S1dxxPYtK=)nS(D$@B-*3G@>qX-RAhK|C_bbwG8{qF{8-w$2a7L#bPs>E&x*Y-R5L~Bmx zHT$;jI8?a4nuDZFf*P7_FbX|>{!cha%(oE1!4hjNxP~PhxBUqj?jt>@l zd2z9^+|MvmC8vsZuq|8;e=|p*R zefRF|ITS-6X8CgwqvHf*-S-+BFV4QZS=*+^>Lb{dI?4$B0Rn81xpu=|ssj-vs(Glj z=dW_IXS=%fJxH#z3N>BnWtTWF>|q+afX4MfQ!Kw)Tqt#^A23ejH%Bsl#4)THkK6rY zdI6We@Z%Hp$ePkgvlks>O(nl9Za8 zVZPrKjo8sKjC@UKwXFABF!^e4T}2i8b1|h;c=;9%XL)8C^A1F5F0l$uQ)dlb#jgwt z`G85SS(cObFu5%>YT@i|9r7u;W4kK9V-KBS8}v?lt-)I&D(W)e?S^dv%5~Hz#l!Px z>HLXj?YeB_@w?CqjFqtkG{>$W&==kj9D^Br*1Uu$^9t92QfM6eP3qk1#p^)z!*IGn=I$e~(I7oA zz60?5Rj~Qtz&zL(A0&SzJboA$m+;$B=13&o!`^`*8Gzv);O!ok9t<9gH5Y;_~=Xze^LrAWd28MTv zk%aaTHfyq1k0uaDWv$fJQ>u^0dU&g+L??;$lU7fOJ_Z}ZSUp8s=<7JT>M6T*N)q6z zkv@c+Dw>a?z6L)%l$=68#;Y!)nQ74dR17D5H9~q28x5F)jH03=$Y)5B9@_ajobyD4 zGrSOlsOGEi%s7%6$1umzOQ}}`n90j>%UD_yW|c2QDIgnV(GFB=P z1adrkYq_bbFj4SIAxmJ7^xTONNB6F%KKbzA8G{WAdKR^QbTKdpsuB5+@b9{yta*Hg zTD{q>=Po?%2KN8iE|<^0?e)VZ`AuY)R)P0|wY&9-qnrEo*7UzFS>hM=#WqH3cV4&D z%+Q}_GWBo1e$yuT;F-+f9}8FXnSKk~f04~~r4_H#qS+tU2}N%_S?I63Rx#FyYy0vP zk$F9b`m17R;Z%ZBfDQ>CIjpSsy*ao(f-n9lL3xhnd*PV@fw8 gYL){T&P86DOQ&4AZ}!)of#LuEDByVw4EqEa0EZo)s{jB1 literal 0 HcmV?d00001 diff --git a/operators/prometheus-operator/1.0.0/ix_values.yaml b/operators/prometheus-operator/1.0.0/ix_values.yaml new file mode 100644 index 00000000000..e8ff1e894d1 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/ix_values.yaml @@ -0,0 +1,302 @@ +image: + repository: tccr.io/truecharts/prometheus-operator + tag: "v0.66.0@sha256:27718c8079802791e156d885ecd5ecf7efc1b15574bf130e248bbacc5e3ed883" + pullPolicy: + +configReloaderImage: + repository: tccr.io/truecharts/prometheus-config-reloader + tag: "v0.66.0@sha256:6e9e61d0d545fca106ef7f7438a488bae616f5c0b6fb0f7fc571b5f12af903ea" + pullPolicy: + +thanosImage: + repository: tccr.io/truecharts/thanos + tag: "v0.31.0@sha256:d1f694ca4040aae878005e15baafdf16ca9e52ce836e5eb64158918f35acd34b" + pullPolicy: + +patchImage: + repository: tccr.io/truecharts/kube-webhook-certgen + tag: latest@sha256:28c6de4c7fe7527daafd761e2d33aafe1094004e77248fcc674cc6e092da1017 + pullPolicy: + +workload: + main: + podSpec: + containers: + main: + probes: + liveness: + type: tcp + readiness: + type: tcp + args: + - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ include "tc.v1.common.lib.chart.names.fullname" $ }}-kubelet + - --log-format={{ .Values.prometheusOperator.logFormat }} + - --log-level={{ .Values.prometheusOperator.logLevel }} + # - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }} + - --localhost=127.0.0.1 + # - --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }} + # - --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + - --prometheus-config-reloader={{ .Values.configReloaderImage.repository }}:{{ .Values.configReloaderImage.tag }} + - --config-reloader-cpu-request={{ .Values.resources.requests.cpu }} + - --config-reloader-cpu-limit={{ .Values.resources.limits.cpu }} + - --config-reloader-memory-request={{ .Values.resources.requests.memory }} + - --config-reloader-memory-limit={{ .Values.resources.limits.memory }} + - --enable-config-reloader-probes={{ .Values.prometheusOperator.prometheusConfigReloader.probes.enabled }} + # - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} + # - --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }} + # - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }} + # - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} + # - --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }} + # - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }} + # - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} + # - --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }} + - --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }} + # - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }} + createsecret: + type: Job + enabled: true + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + podSpec: + restartPolicy: Never + containers: + main: + enabled: true + primary: true + imageSelector: patchImage + args: + - create + - --host={{ include "tc.v1.common.lib.chart.names.fullname" $ }},{{ include "tc.v1.common.lib.chart.names.fullname" $ }}.{{ .Release.Namespace }}.svc + - --namespace={{ .Release.Namespace }} + - --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + + patchwebhook: + type: Job + enabled: true + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + podSpec: + restartPolicy: Never + containers: + main: + enabled: true + primary: true + imageSelector: patchImage + args: + - patch + - --webhook-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + - --namespace={{ .Release.Namespace }} + - --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +podOptions: + automountServiceAccountToken: true + +service: + main: + ports: + main: + protocol: http + port: 8080 + +prometheusOperator: + logFormat: logfmt + logLevel: all + kubeletService: + enabled: true + namespace: kube-system + + prometheusConfigReloader: + enabled: false + probes: + enabled: false + + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1" + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + ## Valid values: Fail, Ignore, IgnoreOnInstallOnly + ## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail" + failurePolicy: "" + ## The default timeoutSeconds is 10 and the maximum value is 30. + timeoutSeconds: 10 + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + + patch: + enabled: true + + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + # default to be 5y + duration: "" + admissionCert: + # default to be 1y + duration: "" + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + +operator: + register: true + +portal: + open: + enabled: false + +metrics: + main: + enabled: false + endpoints: + - port: main + interval: 5s + scrapeTimeout: 5s + path: / + honorLabels: false + +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagers/status + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - prometheuses/status + - prometheusagents + - prometheusagents/finalizers + - prometheusagents/status + - thanosrulers + - thanosrulers/finalizers + - thanosrulers/status + - scrapeconfigs + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - "*" + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + - apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + +crds: + annotations: {} + +serviceAccount: + main: + enabled: true + primary: true + targetSelectAll: true + +manifestManager: + enabled: false diff --git a/operators/prometheus-operator/1.0.0/questions.yaml b/operators/prometheus-operator/1.0.0/questions.yaml new file mode 100644 index 00000000000..e4653ab8c34 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/questions.yaml @@ -0,0 +1,45 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false diff --git a/operators/prometheus-operator/1.0.0/templates/NOTES.txt b/operators/prometheus-operator/1.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/prometheus-operator/1.0.0/templates/_mutatingwebhookconfiguration.tpl b/operators/prometheus-operator/1.0.0/templates/_mutatingwebhookconfiguration.tpl new file mode 100644 index 00000000000..b670a779cd4 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/_mutatingwebhookconfiguration.tpl @@ -0,0 +1,77 @@ +{{- define "promop.webhooks.mutating" -}} +{{- if .Values.prometheusOperator.admissionWebhooks.enabled }} +{{- $promopLabels := .Values.prometheusOperator.admissionWebhooks.labels -}} +{{- $promopAnnotations := .Values.prometheusOperator.admissionWebhooks.annotations -}} +{{- $labels := (mustMerge ($promopLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} +{{- $annotations := (mustMerge ($promopAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + app: {{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + {{- . | nindent 4 }} + {{- end }} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} + failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }} + {{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: Fail + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "tc.v1.common.lib.chart.names.fullname" $ }} + path: /admission-prometheusrules/mutate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None + {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }} + namespaceSelector: + matchExpressions: + {{- if .Values.prometheusOperator.denyNamespaces }} + - key: kubernetes.io/metadata.name + operator: NotIn + values: + {{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }} + - {{ $namespace }} + {{- end }} + {{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }} + - key: kubernetes.io/metadata.name + operator: In + values: + {{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }} + {{- $namespace := .Release.Namespace }} + - {{ $namespace }} + {{- end }} + {{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }} + - {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/operators/prometheus-operator/1.0.0/templates/_validatingwebhookconfiguration.tpl b/operators/prometheus-operator/1.0.0/templates/_validatingwebhookconfiguration.tpl new file mode 100644 index 00000000000..d1e6080cbc4 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/_validatingwebhookconfiguration.tpl @@ -0,0 +1,77 @@ +{{- define "promop.webhooks.validating" -}} +{{- if .Values.prometheusOperator.admissionWebhooks.enabled }} +{{- $promopLabels := .Values.prometheusOperator.admissionWebhooks.labels -}} +{{- $promopAnnotations := .Values.prometheusOperator.admissionWebhooks.annotations -}} +{{- $labels := (mustMerge ($promopLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} +{{- $annotations := (mustMerge ($promopAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + app: {{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission + {{- . | nindent 4 }} + {{- end }} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} + failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }} + {{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: Fail + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "tc.v1.common.lib.chart.names.fullname" $ }} + path: /admission-prometheusrules/validate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None + {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }} + namespaceSelector: + matchExpressions: + {{- if .Values.prometheusOperator.denyNamespaces }} + - key: kubernetes.io/metadata.name + operator: NotIn + values: + {{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }} + - {{ $namespace }} + {{- end }} + {{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }} + - key: kubernetes.io/metadata.name + operator: In + values: + {{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }} + {{- $namespace := .Release.Namespace }} + - {{ $namespace }} + {{- end }} + {{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }} + - {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/operators/prometheus-operator/1.0.0/templates/common.yaml b/operators/prometheus-operator/1.0.0/templates/common.yaml new file mode 100644 index 00000000000..8471bb41d17 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "promop.webhooks.validating" . -}} +{{- include "promop.webhooks.mutating" . -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagerconfigs.yaml b/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagerconfigs.yaml new file mode 100644 index 00000000000..eb9c4df8c3e --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagerconfigs.yaml @@ -0,0 +1,4484 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + shortNames: + - amcfg + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to + be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired + behavior of the Alertmanager configuration. By definition, the Alertmanager + configuration only applies to alerts for which the `namespace` label + is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to + alerts matching the resource's namespace. + items: + description: InhibitRule defines an inhibition rule that allows + to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source + and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist + for the inhibition to take effect. The operator enforces that + the alert matches the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts + to be muted. The operator enforces that the alert matches + the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should + be muted. + items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 + properties: + end: + description: End of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive range of months + of the year beginning in January Months can be specified + by name (e.g 'January') by numerical month (e.g '1') + or as an inclusive range (e.g 'January:March', '1:3', + '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start and end time + in 24hr format + properties: + endTime: + description: EndTime is the end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start time in 24hr + format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: WeekdayRange is an inclusive range of days + of the week beginning on Sunday Days can be specified + by name (e.g 'Sunday') or as an inclusive range (e.g + 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all + items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to + the notifications. + type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system + that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further + detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. + items: + description: PagerDutyImageConfig attaches images to + an incident + properties: + alt: + description: Alt is the optional alternative text + for the image. + type: string + href: + description: Optional URL; makes the image a clickable + link. + type: string + src: + description: Src of the image being attached to + the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message is HTML or plain + text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered + application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient + user's user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with + each notification. + items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. + properties: + confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications + to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with + each notification. + items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If not + specified, the environment variable `AWS_ACCESS_KEY_ID` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If not + specified, the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered + to email endpoints. + type: string + targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: Telegram bot token The secret needs to be + in the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is + from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted + problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a + generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook + message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` + takes precedence over `url`. One of `urlSecret` and + `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook + URL to send HTTP requests to. `urlSecret` takes precedence + over `url`. One of `urlSecret` and `url` should be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat + API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching + the resource's namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + continue: + description: Boolean indicating whether an alert should continue + matching subsequent sibling nodes. It will always be overridden + to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels must not be repeated + (unique list). Special label "..." (aggregate by all possible + labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert''s labels should + match. For the first level route, the operator removes any existing + equality and regexp matcher on the `namespace` label and adds + a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to the field definition + above but appears below otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential types + for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent the limitation. + The downside is that the Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. MuteTimeIntervals + is a list of MuteTimeInterval names that will mute this route + when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagers.yaml b/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagers.yaml new file mode 100644 index 00000000000..904654b2049 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/crds/crd-alertmanagers.yaml @@ -0,0 +1,7253 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + shortNames: + - am + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. + properties: + type: + default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. + enum: + - OnNamespace + - None + type: string + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' + properties: + global: + description: Defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + opsGenieApiKey: + description: The default OpsGenie API Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: The default OpsGenie API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pagerdutyUrl: + description: The default Pagerduty URL. + type: string + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + slackApiUrl: + description: The default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + name: + description: The name of the AlertmanagerConfig resource which + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. + minLength: 1 + type: string + templates: + description: Custom notification templates. + items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted in the pod. If the + service account has `automountServiceAccountToken: true`, set the + field to `false` to opt out of automounting API credentials.' + type: boolean + baseImage: + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into `/etc/alertmanager/configmaps/` in the 'alertmanager' + container. + items: + type: string + type: array + configSecret: + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to `alertmanager-`. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." + type: string + containers: + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. + type: boolean + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. + type: string + imagePullPolicy: + description: Image pull policy for the 'alertmanager', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed + objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + default: web + description: Port name used for the pods and governing service. Defaults + to `web`. + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + retention: + default: 120h + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` + in the 'alertmanager' container. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used + by the Alertmanager instances. + properties: + disableMountSubPath: + description: '*Deprecated: subPath usage will be removed in a + future release.*' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, + starting with k8s 1.19, it requires enabling the GenericEphemeralVolume + feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: '*Deprecated: this field is never set.*' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: Defines the web command line flags when starting Alertmanager. + properties: + getConcurrency: + description: Maximum number of GET requests processed concurrently. + This corresponds to the Alertmanager's `--web.get-concurrency` + flag. + format: int32 + type: integer + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object + timeout: + description: Timeout for HTTP requests. This corresponds to the + Alertmanager's `--web.timeout` flag. + format: int32 + type: integer + tlsConfig: + description: Defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + object. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/prometheus-operator/1.0.0/templates/crds/crd-podmonitors.yaml b/operators/prometheus-operator/1.0.0/templates/crds/crd-podmonitors.yaml new file mode 100644 index 00000000000..4ba5fa6a762 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/crds/crd-podmonitors.yaml @@ -0,0 +1,683 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object + jobLabel: + description: The label to use to retrieve the job name from. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean + followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. + type: boolean + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before + ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/1.0.0/templates/crds/crd-probes.yaml b/operators/prometheus-operator/1.0.0/templates/crds/crd-probes.yaml new file mode 100644 index 00000000000..05a52bed5ba --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/crds/crd-probes.yaml @@ -0,0 +1,726 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery + by Prometheus. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of + the request + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + interval: + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label + set, being applied to samples before ingestion. It defines ``-section + of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. Default + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex capture + groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label + values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured separator + and matched against the configured regular expression for + the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in + a replace action. It is mandatory for replace actions. Regex + capture groups are available. + type: string + type: object + type: array + module: + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client + id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + prober: + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. + properties: + path: + default: /probe + description: Path to collect metrics from. Defaults to `/probe`. + type: string + proxyUrl: + description: Optional ProxyURL. + type: string + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + targets: + description: Targets defines a set of static or dynamically discovered + targets to probe. + properties: + ingress: + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. + properties: + namespaceSelector: + description: From which namespaces to select Ingress objects. + properties: + any: + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Selector to select the Ingress objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the + targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + static: + description: The list of hosts to probe. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/1.0.0/templates/crds/crd-prometheusagents.yaml b/operators/prometheus-operator/1.0.0/templates/crds/crd-prometheusagents.yaml new file mode 100644 index 00000000000..2a53b2872f3 --- /dev/null +++ b/operators/prometheus-operator/1.0.0/templates/crds/crd-prometheusagents.yaml @@ -0,0 +1,8269 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: prometheusagents.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PrometheusAgent + listKind: PrometheusAgentList + plural: prometheusagents + shortNames: + - promagent + singular: prometheusagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus agent + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: PrometheusAgent defines a Prometheus agent deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus + agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalArgs: + description: "AdditionalArgs allows setting additional arguments for + the 'prometheus' container. \n It is intended for e.g. activating + hidden flags which are not supported by the dedicated configuration + options yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supported by the + given Prometheus version. \n In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument, the reconciliation will fail and + an error will be logged." + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: Defines the Pods' affinity scheduling rules if specified. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiserverConfig: + description: 'APIServerConfig allows specifying a host and auth methods + to access the Kuberntees API server. If null, Prometheus is assumed + to run inside of the cluster: it will discover the API servers automatically + and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' + properties: + authorization: + description: Authorization section for accessing apiserver + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually exclusive + with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth allow an endpoint to authenticate over + basic authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a + hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: When true, ServiceMonitor, PodMonitor and Probe object + are forbidden to reference arbitrary files on the file system of + the 'prometheus' container. When a ServiceMonitor's endpoint specifies + a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), + a malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` + to 'true' would prevent the attack. Users should instead provide + the credentials using the `spec.bearerTokenSecret` field. + properties: + deny: + type: boolean + type: object + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into /etc/prometheus/configmaps/ in the 'prometheus' + container. + items: + type: string + type: array + containers: + description: "Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to the Pods or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and + modifications are done via a strategic merge patch. \n The names + of containers managed by the operator are: * `prometheus` * `config-reloader` + * `thanos-sidecar` \n Overriding containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice." + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enableFeatures: + description: "Enable access to Prometheus feature flags. By default, + no features are enabled. \n Enabling features which are disabled + by default is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" + items: + type: string + type: array + enableRemoteWriteReceiver: + description: "Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. \n WARNING: This is not considered an efficient + way of ingesting samples. Use it with caution for specific low-volume + use cases. It is not suitable for replacing the ingestion via scraping + and turning Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + \n It requires Prometheus >= v2.33.0." + type: boolean + enforcedBodySizeLimit: + description: "When defined, enforcedBodySizeLimit specifies a global + limit on the size of uncompressed response body that will be accepted + by Prometheus. Targets responding with a body larger than this many + bytes will cause the scrape to fail. \n It requires Prometheus >= + v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedLabelLimit: + description: "When defined, enforcedLabelLimit specifies a global + limit on the number of labels per sample. The value overrides any + `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: "When defined, enforcedLabelNameLengthLimit specifies + a global limit on the length of labels name per sample. The value + overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: "When not null, enforcedLabelValueLengthLimit defines + a global limit on the length of labels value per sample. The value + overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedNamespaceLabel: + description: "When not empty, a label will be added to \n 1. All metrics + scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` + objects. 2. All metrics generated from recording rules defined in + `PrometheusRule` objects. 3. All alerts generated from alerting + rules defined in `PrometheusRule` objects. 4. All vector selectors + of PromQL expressions defined in `PrometheusRule` objects. \n The + label will not added for objects referenced in `spec.excludedFromEnforcement`. + \n The label's name is this field's value. The label's value is + the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or + `PrometheusRule` object." + type: string + enforcedSampleLimit: + description: "When defined, enforcedSampleLimit specifies a global + limit on the number of scraped samples that will be accepted. This + overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, + Probe objects unless `spec.sampleLimit` is greater than zero and + less than than `spec.enforcedSampleLimit`. \n It is meant to be + used by admins to keep the overall number of samples/series under + a desired limit." + format: int64 + type: integer + enforcedTargetLimit: + description: "When defined, enforcedTargetLimit specifies a global + limit on the number of scraped targets. The value overrides any + `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. + \n It is meant to be used by admins to to keep the overall number + of targets under a desired limit." + format: int64 + type: integer + excludedFromEnforcement: + description: "List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` + set to true." + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + in the namespace are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` + take precedence over this list. + type: object + externalUrl: + description: The external URL under which the Prometheus service is + externally available. This is necessary to generate correct URLs + (for instance if Prometheus is accessible behind an Ingress resource). + type: string + hostAliases: + description: Optional list of hosts and IPs that will be injected + into the Pod's hosts file if specified. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: "Use the host's network namespace if true. \n Make sure + to understand the security implications if you want to enable it + (https://kubernetes.io/docs/concepts/configuration/overview/). \n + When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` + automatically." + type: boolean + ignoreNamespaceSelectors: + description: When true, `spec.namespaceSelector` from all PodMonitor, + ServiceMonitor and Probe objects will be ignored. They will only + discover targets within the namespace of the PodMonitor, ServiceMonitor + and Probe objec. + type: boolean + image: + description: "Container image name for Prometheus. If specified, it + takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` + fields. \n Specifying `spec.version` is still necessary to ensure + the Prometheus Operator knows which version of Prometheus is being + configured. \n If neither `spec.image` nor `spec.baseImage` are + defined, the operator will use the latest upstream version of Prometheus + available at the time when the operator was released." + type: string + imagePullPolicy: + description: Image pull policy for the 'prometheus', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to Secrets in the same + namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: "InitContainers allows injecting initContainers to the + Pod definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. \n The names of init container name + managed by the operator are: * `init-config-reloader`. \n Overriding + init containers is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice." + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: When true, the Prometheus server listens on the loopback + address instead of the Pod IP's address. + type: boolean + logFormat: + description: Log format for Log level for Prometheus and the config-reloader + sidecar. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Prometheus and the config-reloader sidecar. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: "Minimum number of seconds for which a newly created + Pod should be ready without any of its container crashing for it + to be considered available. Defaults to 0 (pod will be considered + available as soon as it is ready) \n This is an alpha field from + kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate." + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Defines on which Nodes the Pods are scheduled. + type: object + overrideHonorLabels: + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_