From 4f4acbc7c7d7dec539df88802932a30d53f77668 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Thu, 20 Apr 2023 01:33:53 +0300 Subject: [PATCH] NAS-121476 / 23.10 / Add tailscale to `community` train (#1122) * Add tailscale to community catalog * mock key format --- library/ix-dev/community/tailscale/Chart.lock | 6 + library/ix-dev/community/tailscale/Chart.yaml | 25 +++ library/ix-dev/community/tailscale/README.md | 6 + .../ix-dev/community/tailscale/app-readme.md | 6 + .../tailscale/charts/common-1.0.5.tgz | Bin 0 -> 54671 bytes .../community/tailscale/ci/basic-values.yaml | 20 +++ library/ix-dev/community/tailscale/item.yaml | 4 + .../ix-dev/community/tailscale/questions.yaml | 158 ++++++++++++++++++ .../community/tailscale/templates/NOTES.txt | 1 + .../community/tailscale/templates/_helper.tpl | 32 ++++ .../tailscale/templates/_tailscale.tpl | 138 +++++++++++++++ .../community/tailscale/templates/common.yaml | 6 + .../community/tailscale/upgrade_info.json | 1 + .../community/tailscale/upgrade_strategy | 31 ++++ .../ix-dev/community/tailscale/values.yaml | 23 +++ 15 files changed, 457 insertions(+) create mode 100644 library/ix-dev/community/tailscale/Chart.lock create mode 100644 library/ix-dev/community/tailscale/Chart.yaml create mode 100644 library/ix-dev/community/tailscale/README.md create mode 100644 library/ix-dev/community/tailscale/app-readme.md create mode 100644 library/ix-dev/community/tailscale/charts/common-1.0.5.tgz create mode 100644 library/ix-dev/community/tailscale/ci/basic-values.yaml create mode 100644 library/ix-dev/community/tailscale/item.yaml create mode 100644 library/ix-dev/community/tailscale/questions.yaml create mode 100644 library/ix-dev/community/tailscale/templates/NOTES.txt create mode 100644 library/ix-dev/community/tailscale/templates/_helper.tpl create mode 100644 library/ix-dev/community/tailscale/templates/_tailscale.tpl create mode 100644 library/ix-dev/community/tailscale/templates/common.yaml create mode 100644 library/ix-dev/community/tailscale/upgrade_info.json create mode 100644 library/ix-dev/community/tailscale/upgrade_strategy create mode 100644 library/ix-dev/community/tailscale/values.yaml diff --git a/library/ix-dev/community/tailscale/Chart.lock b/library/ix-dev/community/tailscale/Chart.lock new file mode 100644 index 0000000000..5d130ffb66 --- /dev/null +++ b/library/ix-dev/community/tailscale/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.5 +digest: sha256:cf1db8c2ae650987a3e3d8d98767caab62c341bd0fb15309213b00dce87111cc +generated: "2023-04-17T12:58:28.51235027+03:00" diff --git a/library/ix-dev/community/tailscale/Chart.yaml b/library/ix-dev/community/tailscale/Chart.yaml new file mode 100644 index 0000000000..882880a95e --- /dev/null +++ b/library/ix-dev/community/tailscale/Chart.yaml @@ -0,0 +1,25 @@ +name: tailscale +description: Secure remote access to shared resources +annotations: + title: Tailscale +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: 'v1.38.4' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: + - name: common + repository: file://../../../common + version: 1.0.5 +home: https://tailscale.com/ +icon: https://avatars.githubusercontent.com/u/48932923 +sources: + - https://tailscale.com/ + - https://github.com/truenas/charts/tree/master/community/tailscale + - https://hub.docker.com/r/tailscale/tailscale +keywords: + - vpn + - tailscale diff --git a/library/ix-dev/community/tailscale/README.md b/library/ix-dev/community/tailscale/README.md new file mode 100644 index 0000000000..0421cf0b16 --- /dev/null +++ b/library/ix-dev/community/tailscale/README.md @@ -0,0 +1,6 @@ +# Tailscale + +[Tailscale](https://tailscale.com) Secure remote access to shared resources + +- When `Userspace` is **disabled**, `Tailscale` will run as root, with `/dev/net/tun` device mounted from the host. +- When `Userspace` is **enabled**, `Tailscale` will run as a non-root user. diff --git a/library/ix-dev/community/tailscale/app-readme.md b/library/ix-dev/community/tailscale/app-readme.md new file mode 100644 index 0000000000..0421cf0b16 --- /dev/null +++ b/library/ix-dev/community/tailscale/app-readme.md @@ -0,0 +1,6 @@ +# Tailscale + +[Tailscale](https://tailscale.com) Secure remote access to shared resources + +- When `Userspace` is **disabled**, `Tailscale` will run as root, with `/dev/net/tun` device mounted from the host. +- When `Userspace` is **enabled**, `Tailscale` will run as a non-root user. diff --git a/library/ix-dev/community/tailscale/charts/common-1.0.5.tgz b/library/ix-dev/community/tailscale/charts/common-1.0.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7e5b3b8a5abb7eaf1704844b32978626b59fd0ad GIT binary patch literal 54671 zcmV*RKwiHeiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POu~ciT9!I1bNie+oPt_iwDewk+?reLI=scGBtG&f*g%J=Nwl)GcusdL5-3z*DO42-RUw{CaJqXwhB@iq!b$R% z?w`S6FgQLuWd9BZ1N+~>!Qs(g_6`sCP7Vfp$9so=8SL#J9v}V%4DJCJ=b07+=6@M1 z-Ih(}ItAx!R)A;mRSxr8z-Gq=%;G;#Uc@*(1+)DPm}TY9 zy^RPJVIF6M{XPSUs2b9$V2E=N|Np_u;V=$kn1FLgV1h>*6Bwri#wp5+(~TXF!U;MB zB%h)b78?Le^W+qa3CW7n-QAm;o4)we5AkGogO}zLc!S(#=v214F_Vbx^#}c{|qKmRNNB-XjuOz`+JA>`ajuUum6=ie+4@`U@O95vHR-r*`w!=`;(}*F-q_i zOejN0;1x=WQ}F3-0|1>_@HdkVIx%Tw?i-d-V4;0Yq*I2{3$6zK1&?RbLllp_N`63cf$EKZJ2I&C%;|j*2l(qVh{I4MS8E+Lt}{B}XudzYc`< z*%!J}$TV9BoudkD_A9YD9@O+t#Vm^_aD*s+Im&Pm6P(|kf*_z98ytzhvT2fB;3N)j zPr=jS3rsF@RG^e>Y+S)&{L}}5eo!zD`-lDggL+6AF32cHg%_Iqs37hg_4n)H`Kc{X zIL%{ndyZ3rJ`&nah{b-&2kGL?(?_S^==eX`uQ$)nE`L7-!C=6e10bKKXT=MgzQUOB zeYbr5ra*aFmA!hB<7uY7Loj-oCbzWquW^Ek+k&8p1_veyzPZTbS)8B|dR&Asfm}Wq z!ldA3GWj{u-xeqg@g%#*@i0!1oN#=Pe>F|%Bod5-eF|X)ui_*oF;a^KM$svF`%e6d za;)Yp06XC9*)!VVIN~pdHf`d?`52}nB*)|>>!{~(F@Yo;b3~_EmY@kr2~1dxLN!|4 z79mOa?}`D;QGus<$dOLsNi11Wm`zW?;b1VBu%8n&VKe7HpTuk~eVC%cD7t4AJQ_Tw zC13pU^wHC^_vdF9m%Q)}9g`|-G910klq85!c$J__&Uv53>2*;K&=?ow1tK>%zb;?q zi17#6S!c-&yrpwIN(=c;uuydeC`IZlW1h$Dx~#yPHBz)K@c3N>_0P&owwo52*1 zvm}NElHE>lf^xY-u{SxNF6Rj>iWdwZ;{tF>@B~j&A}BlyL;CAAzDC;oBq*Q6DTDVU zhatK!nc9K5-KChIf^{YPixM(MFrw?|Gb7-y;2$Un@dN>a!RvgAUYuQm%k#5mkJ;zf zW0+opTRi3Ra#|3WBy`jI^a=F2hIUr&z&nPY!LYnAZJeUG1g6-6t1s%F<6R-bmPN`E1br04A*Fm)3> z_+x*z*XOgW53{VVfeFA?6o&)^Z=OC1sOklRC+aV{dj=q&_yj$0celYzykLuK2{7rM za$HME8ElCS_*A~>Z7}`!&C^Fz;0~EGXV5|L#uHlNNnHs+><-=EU5;TVP2K~IAb4?&6v*qTfW@*6A!S{#Bb$4d@joPez?k5e)P!G+fC z=V}J-fVZ^fJ3zrvje|<|cnIG9P`nGk*1vF^f?yj2vH=|vltwxc@epiX$7%Gmpd&DY zNgM@ykUVHrqeCmaqxuh}@(OVYFYq*5*QznLb2V?&TpEujPanmoxb-q=R2y9`_ZUx~^H1C2 zU)luQwS{D|QQ5TKp5PkB2nCy}N&p@JUaPXBnRz%)M*!cXC@;owMx}^yFi*9?Vyd>7 zg~ps7qj z($ehunfGbb|HNU{!pdKx{n4^e(<@j7cG7dnnD?h*IuLBS$VJ`sUD4`1s&*^seobKW}n*SIhGDbPq!RdZjVp__C z0O!WOX^LB-jIO)WNl7IGGDZ`ol_C_OsILJjNoC-A;18;z@I%JpR7n}^V;ehwnuVH1 zol12+wY7L(X>C?eWm|SK2rgug?f`Cn<})QOfGiV$epy>rgEzIwK@rh@YUsF&!GTZ? zUJ0grr@<1!vIZdj$PO@t7R2gXue8GDEUWB;a>`K=ROW?5kQljZRQQdQ7+YblzBr%0)r_>@NeXsY8+KmBBX5Gthg zrBP+%r3^KfKc=!PRvuM(X+NkMeO{~|W>cW)JU~;2z2*5wy$VWazvg(NH@G9%;43sV z@c_a>fP&VRjRuW5d0F(BK3;X>2g);|KMA#mmdrPhLH~eE;V1@vA$qGX@C`VKT-Aq3Sg#5`;3a|6fe*4y*x=zdy1p zf3t6$C@M*vTMUJn8RoZ@|Mb&O!dCv%Pe1j*XOPAz6$QXC5PQ@n@26iFkN$6bML8)y zx84yY;vpEr;&*iGFy|mH-f$@{Fl~8O!M-YISo55wAF#3V7zvfyFF)=6C_O`{0C0_N zrD-VRo^T*efr-Pm@Oy%30d5f64Dgf`afHM{@YY3+ui#a33(lYRc8>W;&3(n{R~1{z7?@4TOQ`lk~swmE}&$5DUgAne>bC?il0i;8d5V-S0a$C?1VT za0-IG!1Fmm2_k4GW4>3xDPS*|FC~?N?48c?-g<#%D6iN8U9#&|<~Ozr&b?)r)th;- zUA~^lEwe@MYgTFg$jx~FNqkQ`u7}xLjMieZrFoe@ZMm)X?zfkhukT!@Yj!BN*X0Nj zszwRb0uOaKkAAsRI%;6l&PMN}=_CU?JJA*Gfd@K9ub$n3ogL<;M*Bq*uJ7)4P4MqG zw<1Uo_>Uj{XXl5>&JWT1AAZ~U;rY%Fm%V=RApxI1OYZoae>BW~$qihV>9R*Z8;vaXXB^@QX1X@@f7g#= z{|^&b6ua+BU&bX2|Ke%z|Jpy?JF)Kn9UmT_tnL4+c=+Zi2OF?!5{quDZ0hvY%u%~) zjxjkW9|N!n0(|u^6p}}fzyNHPKlm;x3Z8=3V+80Aw!cx8RP1`}HgSKWtVdZW=h(DL zs%?k*@)T*oMAkR@gLSRd; zAWD={0v-My*z(VoB);lP9QrUxp0V0NN%v>w&;37ek{C{1>{O}^%p9c=%007CHV`DT zN&W|wTS*>IdYo!8X_WBX*TmXGP~q{ksZW`jzS4^=*kRgTpq2I-G}_gES^ejjHyS$e z?ruZQNBW9n3D}ain6#dY7`xEumEiV)vLb=klx0!!n9-8t@NYM>Q=xS6) zI)7TJrgHz!ar!TO)xqxH?Eiguv~TbKd&leZ|CKy^m(Owf-}tJN-Jj2!mF)ejDF4m( zU#=XnYkvd-&dFF^L15ecSklnRZme0*E4i<{W+b+mCM>F4lRY$iCisfg=Npg*eIm;hS0L)v@~W`9e%zJ`VHO z@oG1jwbz9@nJ$a8*dG`lSZFjUMLLoL`{3$JOX~OYROx?_@`+ns1#Hs)j*kv({qJON zegAhQ57YBX2goi|z;fz*Wm;fKW=lm-r)2fIVA=YT>LARrqSOX8Z`ZX#xK;?iafPs4 zB;DzRQU~EEvtVz}3?aQ9w-xF#me6u6d<+eJ*41TKrN^#Dhh2^S`c><$E7x0Xoz-5} z{|PMYY*qD3si`YhQNJbi^nO&+FQ}G!Rnk^-RlL%*&{b=oj_2gP$p2OPUsq>;e`%rr z?Vs5C-_gNft^cj$VM<;{XMbPcxnKJ;zb|y&*ZEoB`kZgA)_n(RU8iS!Ykg>~53Ti~ zWv1j>A6n}};7_3s{n?%>{V(O|9nJ`W;dp{l@`%dLF`YYe>xGT?KMw5pzx(@#gSGy* ziihcXB9{j!M;nyG-GydYGn>BbEsu-)UR&8^eq!9?e8^Y`Jzh%`}?vCvg+}a_y zuWKjQ|5^0IH13CKIPAx`R8wD6W3!C*IDKeJEhQ*!Z^!HyOmQt+$LVk93i?u;~Z4h6PV8VGrqeYypJyy0GE6RSi3;dTj zjpB49*17t%UheDVzFzLea>of0afVuv*prT5i_<)vhgb}YzDKi45IYS+3z zw!?P+TxwqBQ>Fij9EF`|fDQWJ;oxY`zW*^89If@gRXj}96Oq_D&;a?g`La5on7XxE zU|FV(9$1#(bR>xp*;-w^ab$p1@u&jNJZvC~hJf1;5wqsAC8 z6sTBE@;DtmGJ0~+NLUNR!ZJ}?%gEpTQ!W29eQy=YF%8DlP;_N;#C)61kwMGm%`$q=@EuzZ>?>Ur%5w!% zttL(C9Td1c(W14xIrnL4j(mY5#5nCDNT;fD=Qtaaw`r0{q}cAW1TtcRFfeVWh8;tt zzWeUs!kChFYU8CGuB{vm`oB2uUCs>9c>m+j_WwLN8m!}gujDcGe=*t}+5xKl1y*_> zXw2n?gF(A&y8}YA);wkf)kXK7`{UAR@SBo>*D~dwK&C8_r8*}9FyZ;kV3Ob)Krp~F zl;?4TK+Mb&8OlM1BX9+axYz~>B7ZBu80L}cPJ)HyYLwtBm?R=&Ae<6Bp=-cg5wGzz zN@dQ?KZ#V}?Ek`qw)-BXvq#emosUs?eXslf-qC@b|KsFvf4%>&kX6=~4#X+{m*g=Y0>$R(Ab9JsW1hHB zJA|-DN>F@)sE(4Dir(r~+jG4ZMxz(xO~4Bw!Fu(OBX;?bD?&Cf1iQN*K^uTFMkm)>f5jAM0DwCIMR zpWRtm-~0MJoLi5)*ZtuFM@>6Jd%`;1B=`XlgUt9k@3e6|8V6tif&||LV89h^;~*>L zhgkAV{q%uz_AEbHE|mPN)jlbf$IwG{N*@<8eRIFxcTNLk!^W|gIc{gC34 z{_;c)Tuq52C(Gjr%x}Ha7{`;MTt^63oGe=7EZ~}_lIAR=Q@Hdo*fi|f4kq$MRZLUQ z1X4uNVy`imdFkTN>+z9g2bG%tg;s$6X{TNh?K?-(dP8oqmfau0Zz!37g5Vq#AWj*d z1;YeGQm_;D5T`Sg6Tks7WtM&fS7?ZHDxOX<$i5gO?4|Po*dkeCzLQIv9o|vE$A=!m ztRV*G**&|Pr+7_2!8bjyCA&;Ev}Kkko2y7-qe)>U8{;=VoNMO1A>{)OyxO8t^B9?&@3YXHpzbnCyxF9x01)O|L-ub zB{}NMeW?S1t|MnGzWC|{HPaa1TJ~!&);E*VmFOl4ai23*K>TSgZlB|wX5%%Evt8*& z+a5~ay2-R4j}Xevads=L0G8Y*MMS{6U#R&p82wbQ5hEG8y1rBpO0p>7BOEujwVgk^|EQ!OI zB)1IWrShx;AxuGzhA3z5k!ETA1y; zM9eG8Rmp=&)HKNl|4T`DQ4yfY|6_mez~29lPS*Y( zD|z?^ug&s5EX8Me31Buyf}@ru9vyre`%M)(^SWMmqS3{X>j2SaH;f+oE;^O%z%;5e zcFnKv_gM&ftS{wVq zkDvcjk$U$%i>uf{1b`;}@8H0R|8;P@*8f)WaQ4n!ISMeGrXhDp9^xE~P>OO$s7}JB z0+5_ma~UC)ul+flI-rGi#k4j)!%}8E(%4_0L1BSA!Do=*883H&M5Dvfk4V4;Zd}@O)YjKp6{nrlP&UvnWnBaoY0Z_GyzJ+b& zE-M7O9MS!rbu(YT6wevIG6G=1-JPy(OA8CX4Ke4?vA>N`v*)3<(#7B6-U|2(a+D=7 zL?HN&00i%Y`DWgiW~|@HQ@j6TvWoqGZ*b`B|A&L)_5Qz#r_EBv%1+oAt(VsrBgn20 z_2;P+P78u3b5VaCUAEBjhPF|`AEj9<(#E9drLhBpVpJX>8YV^7-gB5$7!+x>29sjF$uLrbP+=$Z zA;6newm~|=F-~EAs~ZSs6$V1q;@T|uMV~7E&#(6EzK8i}X%(P}{~rvT`(Jy5wg2x* z9>Y*Z2OF@%*X5YMxCKkWeO))UTHomP5z>{LZ{3+UZz(_@Ne<8G-zG=qK^&}Gy593{ z&wZ3W3l73k%47-X>k%VV@=MJ@PXx$PP!bjkuJ8Ev2|8fTd=kt?*xTxM=5-D%_d+3%NR>N&gje7fY&}2?>8*X zoKWlR?hZ>m78sv)e*`bn`D}|&4=_g{gas;i)E{o{5*LBskf0n)P(DHh zJ2bySAow|rlZSyPD1?D#oU+DjR1IVw$kaR1Gk>O~+i_JE_JY;q-Nk|Uc13GL7G0(R z_%+9qQ@!_cG%R%AXlac59o@b{Ll&(&%n?yPhcQYb`lm-RWbT6qY$YfKTbncR8C;{= zqSpg^J>gd+^hIYF*l$EPSS6%e0~LWXSj7j%RgKbT$tf;p zjd36{_oRta!FH$^pl(w~;D4kJBIM1Korx*OAq{Cuon0duy8HaB$e2j|Zhk-nyw68%1|VgCv&umgSRH6C~H~ z4O#}$@uK0dqEes|j+JwoMa|v3+(ODtU&4|vPVIe%jpVE^zw&Qo838D;@5K%^6X%t&QxQr5InC>9(D~(i~rxU?i_FmmdwCC5lN^dlMC@Qotf!71g zrOSt(o*|1NSu&$VFyyu8LQf{#Zl(YF{OK0gQlti=1r{$EgbWK&Mx}40%GI`NOu>F7 z@JrZ(&5&tSIr36m8jM?;Ds+y~tqN8(6q@eA4lmiHmKHWU|IG`pV)h;SrnHd%pT)&; z3Ba2CKMqfh9r^#{WG(-%;&J5vXPx45 z8n&W^l;`1P{7~+3dC&&pLLAMR5!=7O=_DTovEj&ma1JU}2N^89JesqP^=NVSu~+9s z^R2P=R!W0fM6C!2>YytAVbS&Kv`e+#?QA_EOu}ixViC?C$<)Z5w#j;hVw98u9{ce6e{CsHb>Qp&)f19f zOY-&q>QLT1KfC31Zsvvzg|Ac@ib#ecwj-dARY!@Pm(3ud*XJX3&@>4 zJofilmQgIkJ25Y>0}#CaU&;dlI;C_T(5^BYXi=a2y&#D9mycgpf#HV5Rx7dGa7Nj5 zAq665^35;IgiP`&>h(ZC|24Irc9aQD_UP5qKOVoL4DIZfr_Y|ge){;5lPbAZGkXUr zIDS4&Q>uu-f=fGezO%^|^DF^d1AucdVljL2-Zp!eBQ`?-N@upbz?KWnwfSE%!hSwY z&x$t%%GunnF2W`rEz<*ABP0s>*G#K^qgBOZ;85lV@#gaJtM|)8SsDUevl7IU#XvlH z_43Wd`{luSAyiBc(c{n#Gl4$4^Z8}a+aa#~Hap&3#oYEo-bin2D`&W<89=(70;@SVafA#XE;5Wfu zP$N)TMi&lr=SvzkO3_@iY`Ff{>}{1zgIh7?wOcgl|M3Klkc{EEpb?-!|3BE@cjAAX z?63VlR`NK364`)jfgHLq1sK!lyRZjX6m{(v!oa`e&fZF0FZCJ`1^Dy<2v|uS0VfNT zfvU-56{H9DWxhH!yCStf3C(Cjk@CP7_TH)W$rr}5jj|~A`H8Bo{b|!`mujnVP6USvCN{)8PwDE^<_$l+*;++01B#80n@Ovubdb+`!v{DiLUg z^1#xEOuLH@Z`H(7yu!T7&cy@w5htSgEqRr!gr*sWKP_E{lxCE&M z!QHpX6t1w9BPEuhcl|9!A%*b-`JAWjjY!*5y((kXT3Gvzo+kM(!#PYw6AlH_bY#q=jvAUIZ;&1gU%cOy6(Es)i4y^kh`+LWS zYyXdxJbM05lo#L^Sj1s>X<(%KWY3~SoTwSEm`iDMTWzhOHE4OtuP%*A43qfZ(%s*1 z?j6HI%I=mY7#d0X7qI`zJzUI@XiThmI zF(e%+H9M-I?)+v8);3L=c&6)(j$rJO5p_pa>1zu%Cj&KC$Bx9o19^XVY8r~ zYx@qtdBwUUbY|RSy#sbkL4zHPTX~KoV!m`oZH~kRD--UaMqp6`VvW{n+CL@s+v0CW z>?%95`hKN?qIbsvlK6DmtvaD>5xVdeD=(Hg4opRO^K_-6tGrY-D+yg$TTprGcT5Te=gM~%}* zIeG8y*ydrmfB1;=`bw6zJVAKsJyfqnQ!UiM;Pe%^Hf)2Ix@8NHKqA?pAX!8AH!4q- z6m=z5+EOJeQ~uH=Pa;RCB8q?2CMm1g(te56 z8iuGS^jD(!vRa1n7)SEAC+vn4c^MLh=SDi6Tyc{f8;FuJJ;J|FU{F_LIE0=gY?xq3 zjt>J$A_<&aDD6e%hv4T@ScZT%<6ID-Xetz1%h1;0nwX=m4rJ>+Wmm{M>9WK6_Bi#x z-ZG@y;ABVa0i5#SpsZ-nC^{QblV{fP(>q0mrv$BNPfV+p{h3y=DX^;8pJ^3yVp|o= zkF>Zk?XA+rH?Y3s^L0K=_P;Xt#(mxY+1uYc*mLgxtnFbub-H1if9#T?SuWFFz@muL z5g2TPn>b0Bd?sdEOt!%UK^E6%nzFj((U~Nx@6VN6+rA=aITW-`tHoj!5t?e0=5~7L zlZ!V%BGEDLT9~A-osDtAx^jq697jgl;w8$TI=>rbQ@Pa`Vem|q>B+^L8YlP=CWsEZ zM?)%WQW||aK;uz{1Wy6@gCuJf@uJ#+SuD}KK$^eoP$|ETe?^J8$H}-PLU~|EFD%y& z-dQccm_25Bh5+DLoSV9g4dPVz#qxv+suN8lDsqB3?heucg!@JFL>yHv{XNap>~)mZ zDD--o7A?K#{ck*O(c9v$(s2PtyB;SK-J;1{Dg3_w^^VfDBvc-t6n^)9V|kkKxAZR+ ztE`RY&!(Kk8?32KLDHG5x9D91W%3Mjt(%R_7M<2=5>1cM1A;TS-WK|)a8k^A2wqTn3cr>Z4NDth>u zS#W!t`P~K$S=}Qm)1JC`a|+nO*6HqUjz;L?-hef?o9{k4{0&c^?(UUNRJ%Wd=Z~LP zR(SE^;*b4DdIg5W2(dkw^`UiJ0)QZ-TYK<-TZ4c8v;TH)=cjj{+5g`Tc7A&IV{ePT zrGI{&{JpmsxYfCANFiv|w%$Izc>U!0@9*Nje@5)pfAs#oX*wjJJjeO-VpNTqhThgi z0^<}sO$i#Y<%dRnu-DrLTfZh467gctKccUm$4N{jZ~pRVFqrgQ#7*S4cv@Q&aY_2| z?#1rw-6y-xcYl{{J)w}TQt|FZy!$%deG>0Jk9U8MRoR#pHc^gKaCJ+UkSH_QKcs~o zf6Q=7g;??W;1C`6Ot%X)jco4?-Zg@To<}MQAweUY>xrkOro+qgDfJJ;91dYpU;v{C z1YCOv0QZ0#f*S;GU`n`9$=v|S7)>0Jr1Zqlv_*-;0=8w1wU%q`hvH%2gX-P7L`M*H zzHfBpj_pLM2&kcA(++O1EIAfMZUZg$f;!h3d*s#l_WTxrbA8s>{or`N=o+%Bx#LZN z-Z%;tB1~d%u{f{nC>J9RqC8hhlUpDHiu2t|O4p`Gwnr>rGUF@COP{lf5+}-B1tMCO z5TpH`KhIa269#*p*a;Hp&NjqJf^TTEL!3__Dg42?*x3t@K*93`O8zUbw{Z3dL3Ou! z+&6O^41a0E=K5*%G}-^{Fzt(+0yNnF_YR%-uX_ha>-=9Uc?>gJ$*(TOumhPtp%Xp8 znoQrtv4BHUr-uXP6(f~JAQ&b13MK)-8FO7Sl!LD*>jfP%Ex1B4 zFRB;|Q136tlP1uD-T>roC4ZdqySoiYx8aLCp2Z0op~poC6Q&Y6AgT(oQ*!w_a;lY| z*nvF?Lp;eYay*O^=1WPpai@}5jJu}lryD#lMs4xn84h7G#svv@)kOZ5jW;x!@qdBs z-w?tKUd2gFV#JP8N?TJ{&Z)9UpXw$I28^OpTf}dy1i((s0fw@us0P5>cb@q8^%zDu z&Nu}6S8E*0YV#n;nsBjn%{S+AVXmBO*YbpKo`37qb$raL44*9%;TS4eJ7Z-d%<9V- z%kMN)nRS|#;p#sO*9!D&I;p%( zTx|AloHx(zz}_cHz~`UPodUEV{Z_rRJ-#BW^YG&`wKh*jRuVC1Lw~vK>Cj0nG%o+6Rh4yMqBnz5f`%4vp1c$mUNQDClx*O(1Wtp2WVh3(R#s zz_V|4lk&|u3}{N&HUB!$!KiLx&NJ`0425DcMmcz^klzL+lJ8i;4uZkk!90sv-@4cN zC)m?u|0O7&#Ob1upZL=h|7maU$oBs}JX!mHujDcFf0cvXjp;xG_+1za40<{?4{Yka zFa0M#FhNBDN9Y2QaR7p#d?C{lnO*{pQmjMWvAv7?8g$zWtjvp~gD~;gGB3S1?9XPC zWhy4)>OOyc`oIs{DQf0hqS|i&f?vh$#n<>59u+Us$9azPz}{Zn3;2~;mgW(9bdG7z zIfqK}=lAn8?f)~JOeg3$o~DbZ0ceWU`jjQw95><+U4Xi&ckA;6%gYaw8U6TaAd7bEN|>>0|7xF9GEk=IwS^3u7y zKTy_}ag540<=qQkgaFNYp!T1NBLo?o*>%SmfJZQikYi2_c-IB!mSLT)4VxrTNrC(@&u%h`((NH+p)0TD7BUm+CnP zn+tzWeB;Jk9QBvUw(Op$nxCS1cGS$(U$F_2F(l&L_zE#zOSuW%EsG3=@h}dn0upNz zU-1F|fwuZAj{yvny_8kW-?_O`)zCByn8Cy7lq+x3$<#TpMfhlwy)AsJZfWXW%I7xg z3rS5ElC)+^Ftp!3W|UN0%xWdwuyh~tlP1{sEjtY&jR{OjGjo9Q2pc{GH95m$CDIv} zhqAiUtV*V(s$0xT!KYlS!3rk#5f&jE4dag>*bRIr)}Odpn@EWn-8@*-B+hUkzAnfZ&%nigUzb?7_qhZYQeI{?BRYOF}sbjn4NN`fZpNnu=$?(WQFr9~78|;59wAqfzBfBF)W$wO5A5qxW9@udHw|8)8$A3CFIvK3(f2(*5`yU-tz=yaS z(_cem)k@o68CP|a|MArt15FCMvIdGmoOV_~{OR#f(nMH_A+)5+`R=e%<@09&<{=Ao zNC|t#JgKz7*s=QK_52L5J%zsd=77`Tr=-y5s*x2R8pd9<1|! ztmHBHKONM2;s15v&A+2fKo6mQ|C>P7E?{H^U2qGaFgX9GG&S&l!vS07GW8);?p#ie zQU_`NhNo5Fe{Z@yD0Ux;Bi(W`l`Jz8X)V_~LBq2s{}(A2T5SOh{QqEZV&DHh+&?~E z^Z!*m2LBg>dM{f*b&ihjXai70eqlwR+bw`n)zuat%Rn-wWrAI!uZnPtc;W()ALib6 zjXIafOt%l0=vJio@%!TYOuU(4)NSie$OogHWtR@u&$QoAi{dad8 zV)~y}fga;ROE%4RY73+d(YL1qkSW_>RvPgblH%GrN7%@N?MH}^>^B4>lotZ8@`ZEL zTVz>Pw*f7Co;qug;fY+&(Z+?xBMhoh6qpzx2aV1FKsTk97F7B$SgMb;I7Z?oqUv)y zP~q2OoLoQm{wym0DUGg$1lXwmpV;=_!{fnP{#(go-v5w;x;6qVE(2<0eqWXV5_Tp9 z-j^Xj_5Io!(DL!}fAo={JcY^Al%RYFL$v$8jD|b^Er168f4FyS^Z&h*`k z#K#+`0oTHuEVBtX6Ui3YRuY1488_n`b-SS?*uPooI(N3R*nQc4FlBlHFD?%m-aqSD zJOnpmlp0+a^D7B&d9io((-3`VAi?&_v*&F^uX#Mp+E3#u>V2fzWLEgdxlzHiPPDM) zhMm4+tP#}rBUBLk?)1X6YQP@y^eFo1w$F*eFdIRFZlKRuc}}bZpt&%b+m(4OcYn2y zSN@MDaD*lL^vB#$PalMR9}kNGteRVBn?Gy7uec!lSYe?b<3%ibPNbCGj8}NZe!@7gy`< zllcT_0^>whWL_??Q1pt9+!*~s}emw=jruwn17g60xi>Mz)5#Dq3 zJO9i0$U5#61X~LJsRGjjSFk|Ghh?%KDSzB;+=;a-mIb$BvlU?VEGz(vS7N15(u@3A zW16(v|Ch1;HJ|?+AKURi_73;f_P>=pE7|{-F#2r(kiaXHh}>@c@5;R#0GOtja5a+G z&|cJ3yFXcBNpqpCg*#gz*Y}>%Rsn4m2!>XnghB#a*sH8d?pFJC2B2C*c=O88NM}Nf zQ<&fCwx3yru`%K)B`Q((#z-xt0&VlxwpOt*`NN>HYtwe$n^9Be?gI08E${?kU9Ar7 z<^K~zASHJ9Jxr3base$E0IGri503T@?f6e8`|JEaD|xs=q47v|kOFfAU=;DAamxMq zDkzrO6y&7pn{z4vo8a!Q#YuZ*eYsdDQqw#~DM@aHd6jY%mIg7307Wt1W{Vpkr3=;H zQBrO4EC@!k%>C<|7Zsb=|1-AbE*$)|h5R=-8JO#T@8tMkeg9`A4_h{Th*z`pd0Pvu zdRdjOwJ}O2{bIb!EI-W4qsA49S%;_?Q1HLS;-xTlax{wzbw&FXN)Rki|CM;F`$obn z>t9c=P@W=!ihhiDXDBbLJiT>PTh05$i@Qs4X`xVxySuv;mmtMT@#4_n6e(`SrMML@ z8eEFIySqE&+`Ql4y?3pXf3sFHb7tmw_GjJ;8-Gb{ruUIfvwDl^fM7P zyM6LFdM2&Hy45_8Z4yj22Jsq1&hmYDIQDo;P*IsL}H&%_~S}YAt^GMOe^M{qFBuFZMjoK0ktV{mG9D?ri)w0^I%w6&g z{0@F?8h&Ww&Trys^w5I@bGcP6F&8P7dVM%fO#V#fnW@1DWBu4FYK4)@`Lb9dn^uKY z)L*43{N$#aWFLbI?KUTu;`M3p90Zdx65ReQ)z6Q3mls8gN^i%G-LPQE6BIanFX3TF zi-{Sx|1Fccj?9(y9;SGy<4yWJAH5+mARv6_t@Kh}(LoGe@xFan+^!oQ5N03C7GEQ~ zSuyj-=U1n3<`_?Nw`ZJ~bmkB!;1y289Io(f5;rJo{gekvnIk~yRf$wx0QvO9yK|lz2uMII0x-Aph%_B`*D3SYWyxE zmzp`}4cp;hnExMtwx7@DNBbpggG_2lTE!Rf1h6#O|l&9qO|xo@5MZN0G-t)$>oa>OD{6SoVFQ zSpYR<>ple5?_N(9VI2dv^4wab+}f{c)3%D;+0R16tFm(BH3UqU#SKiV{^X-|Z0?d}iTK8bo2NtcJ2cS?N z05n9m10;oZZn6D>!)3h$m%6V@HLfR3iP%>vb9WV)lg1erzh933Xx|4K?ArSu?~uYkNFld7j1BSoCEEjvhH{Gc>lI)b9VCCSZ(W$R5w?-9eK6z ze772`;*VM?4g`i@l$Fr~RbRm1^%y`@z+eC{9oY?j;{ zYp_vmIUP>n6BPpThZ&Rmnig6}j+dXVyj-}LR25)Z0%{zY!?8Vb9mwMRZ9=B&)(Y20 zUMBs(1V-uf=hNaH^W9C6@?isOZ}&QOt$cD>uN!8wll;h+Q3&qB3K_Z7QUBV`D zE-`>N&}5-;)xz?B5(o$du70H^n{gX%*Atp&&6NV`VJ z{XY7&z_@IuhN;9Ym9sFZ`%3h7DFsH|7^VnP^O*Ih(fkqL~CEt}7AD=r-mG z;P(D`+p*FAC@7i*==!rfqr5$g^BNEU3Z=zLNw2K2$v^aWT^5rhcT;SS%7uYa(a|8S80vkvVodo{H0uU8Bs z%gKaphQd=tQJZqDLW_!t!YVAWVelZutsq~=6bqjjyS`t0n1>H&Tk}sWmeSdYr z_Z~1MAvb&s`R-0j#8KAB@JXw=n-47nG6asE|?=tHD4e-3bKfg?#&p zV#|nDi-raMJ5X|cLgaXXJKK$!J@x5z&)SgRfr8&PY?r5|+iD5#=|iXHj`@q9?TCj3T9hF5fO{iM2p|>MLy}(lx^bQ zqp)UzjL^JhpTYGP{^HMe3qULm>f9@&y`aGTWnfk$>=l@dQl=d-=J+Y2e_PWWQ%XK1OwOJDz+#Eo zZ!6Vp@EVwgDsK_%b1PB49lM$GyF)f+l(l!mn>hqwV6n&og4W1 z=F}z{^D1ay1>OZdB=h|{s0t?14byFGS~Pf@IGPVR&c`lt3|!d|Dy#n9ag*|E%{M=_ zG0>z6?$1pQAN_TP;Dv?2&T zar|`SZirLh|M2Dd`-j~Pb)BxKUpp~Zu>KJo5^|8YfZUCG$3;}<9D20Gs|D54<)eM8 z)_63no+l8#_0|T#M;`NOUCVIo_Vn-TEq{UvVJX5#H|^8`rCllfnVSYS&2t&2lJ(jG zBxkk0QsRd(#PP#ne0U>tB}oV>&eA@Yny8z|P( zH3&hj_-=`PYxC*L2l1MmV(NF9%mHkIl_Z->cP3)9Pc$T~A>zw*0_~>yRA1X*@cGwe zaO@rK+!KsFmj>Lz{S0=;Lmx(ug2c31bg@Md|G4UbNKln)?`RE<509B3nBW_-ih?5Y7i~@bg2BKhAW;>A<3Nl|5W$P!2B^%^f0G zNUT`Lkm)ug+{rO>?sI&HY{ktRQVyp>0cPF;fjT1Q(6Lgh&y#o#TKK6#iiYCrTiOr+ zbNO6!01y&c@Vo;WfblQXo^>Ph#mSWFW=*T- z>J|*Z%%UBpKU)~gUj&<)VRC#Q%Dyl*?OVIuZu>Mc*;| zmpwvSgohIs)QT-;mxRdD}FGoAm71mF(Hzp=;=kV0! z-aoYLWHEUzlkEC03bPus&X?FF3~D4ArRe#to^~7FKT*q_aaCo9S*ipe&f zH{w(X`IkVrD>DQ325RN8Z2W&&a^DpagsLI*sT)#{P7Sa|NE1C=@?8g}kZbxYP3q>R zoFU~ThVp)4Vi+6TTsiu9w)sw~@t-d|SxlKw6_i|3{b1r?XxA#eN+r9C5{~S1>!S%FG+Q^f(q4GM3K*&k3*hp_fpm5PofhZ<+Y*-)@1L zCV|5@tVSEq)3dXpw=$u*RGv8%rCR9;tCdx*#|6(-Yr@nd_QmsuSfv+rIN3+icDqt3 z;kotD9vI(>a`YV;m0r4}&ipEG+IhAvsaz$_ua^HYT5qbC>DM?RsNVLS)~?#xEwZ8X z7Rd0R>1nDxx~1c}Wn)z@>#$9VP(=D=4q15`&wR|TmZce406EDwXkw{5V`;uy#V+2O z-1$vcL?#AIRGjCE60nFWfNSGmANE{C%Oz7HV@p8LYf(9qT3ZA6p(vR71)SGWC18S_Ym9&yic8o1rAj;dyQ_o?;UYJw% z%0EDa?bp$UDlFg%U&f7T4Cz6=V<1UA4eK!b3`|KwC2%huGk*vCZ*xJAmxvL>3+|}k z%oTjM-eivId~mRUM7uqyALdtX5EhDp6P}lBESKqIt zY4!A_be@)&ZQeI|c|$dRF<1EctZO@*l5&AUsR#4yH0>hDHkwG0b}8>|gR~F`Ir3dU zb)`p5u;6IIH^ww}t(j4rOanN+X2(|PD?u5YN;>g>;r@Ks()@_@kqrl0Ini559Xw>@ zFD?5zUqV|!-~s%!2UI`TOS!s#3y8$sNTSVN1@3tQ z)no;fm(qB@NU$$1Q1Btl*%#g=zonQgOZF;yF!ju<#Ss_F!ft*sDOT};?!wlqEEW`0 zxTYcaKeejnF|`UCZ8Vn7SPI^h>Jns>eO0;CvYp#=%~jWCIMr@o?6pJt8RXxT$pKGI zJ!f^bIO42kS|d2imGnURp6s8ABZt(ERJS2tZ}SNI@3>>e2b8bxf4q~cxEKAypNsiz z|4eNZPM=NE8Bts7PbIw?9h^a%#l@yK*zU@YAmh3iyWuizk0*Y|fd}aV0v>gprma&RPDn=Dsx`T+ZeB8Wu{1 zTs|5`e>CGL<`lA~+^T)pp|!`+NCkQ^ZYF%--Nd+|h!C-%J3;?AonY4fo%a&DK=)tz z87l%_n+nKWC3^rCB^8YHkA`Db>`(K`pxLk>l9E?JIoDzjjmVH%AvCHsB(s`7)UM`WAIKEB0{mDbtL%oUin6O??dNKAcCvT&3 z{WVP7MaST4?U(h3k8oYyG1^b5v9>qn4Kn544cH5r$1umFF|~;jDep7zpHP{__~(P^ z4_~vWhRHtw&B-~9&?Rs`_Y5dey8-*sI16c>uJ|L_GV4{O8+b6jg4XcQd8j)xlK!W( z*2>h}p($OC zri_gpZ6YjLM~&iqG7#G&1NAhF(Y?RFd1pf$<)XdGr+H|~smoreR^WW-@8m0!Je*gVCV20ZK!&iuC`4B7-Vi+76KjcG({znlCLv?l_1@6#& z*gEvWXz>Ptb1zFF;EdPZ0{W_6jH%WQ|Qbi+$yX*lJ@$+T8vUHZumbs2KqrBE5^JSzDUvDL$d z7#v6B-H4~~y}MvTSQ_$q$ryZ%3F_#iEU)WwDx_s;R-}Zs=I8q0kF<@uCH*#9ctYce z?o@{5jcA>FP*6qUf1zQ=!Js0MdeOg<-UekyYoRf^S*$AGwhSGOp`|H6J>|Z-D``Gv z(!j`j(&9-!{6LBwNc%P&GjtjX9eRSEf1#F!`kLSfnpxsJO5`?QBbNUj?i2CgNzgm0;*o|W!JyOoqG5PrcPt9 z!!0iBqDO>!SizUieigooEJ^V_xFtK=FG&Bcn)}HrgC8Bl|7A5j9nIR%j>(2g-H8+R{9Ce7X!@nt|y7xutCZntER1M-deaboXEnF6DN$lH>b&-sO zLy8qwF}DDP)Qehwa!UDgvYexXL;U1O$LwnyWxrxm&oH|_+W+?OgVt7+!fLnRf(0LQ z%5f|()IX*;(eH22ZqCNjQZ;!hJ(qi_`_Oz99Sn7h8$u)PeyDbkzV+y^b9BC)6xevj_J`|fGPm;Ld%POg#t|mw zwSRXnbjutd?^QvnO{?Im>J;r{b9UJ&0jswLi2kMbK5rr_Zie$Ti?EKR5%91Gv4$?q zCyajhgjWv61kh%wRcV~5z)|66*uK$H9eaP)Qq54Kn{>{Rgjkn4ukiP=oF96vV5%A| z=sOPVCEwn=-!^217V>+C#zO2lvus2JREom|TgZLy$1~Mg+osBQ0W!6s#6mam*Fsh3 zz5g-ve(iE|^9g#d1e-8GFz#b*EhJ5Fy<(;M;#_}^ANPPOiNr-xgFOF;`LE&I0l^{o ziRvGlg{e2aKV3I&DB*T_g{hM8BTB{m5;cGRNs~8vQa(d5QflxJ$NFDRgCYGqpHM%E zP?2@em!Cce>HMoavt_NTzuQtzGO3>y6Y*jd#AKIUsjtZPg>87AN-pCx8>?3tssy)o zY(kOWEz?pKT%_~qZ--lDy6bFOd51O#v#nUTRDLnLdyx;Lb~U1cKKgcv!HXypG+By3 z^>WI(uNnjhGZPc!mOiBDSPsNi_VL$+!YtWzVuVcPM0GV>-HD&rWkouC^#?up^Krku zzdltA8NdE!nPE~23NrZI2S%ZfW!&Ia*yfR9!lx$f*N=EF&xqhu~eBBq&kF5@3w^ZoGB7#m>_;zYh~03 z@nS~FLMUU%#_IhS6P5~ezAS)}a^Vt!8XkQ62wRS&0bv{IS4wLs!V@|Ciros31|8AD zXd%&2{kIA#B~(RKiyg3#p1I5pk_qpPoW_T8@z09Z#AmqhdR=AXc?~I6y;kC;+1#h9 zy<=vdcC~U}Kg;cTa6>QC*yN#j-?oK z`dHDO)Jv~rM{2wApria}4$dVfSw?Mgel!6w_e?RtYqt~$xgob z7aXW(8zLqaPEQ%U0j&Lxdpo>vEfHq1>dInVB!#94&V} z!j%qDwA{my>p`6#LtLM?Hl0pBT1ongd|v;7OO8Ei?QbJv8N~39eEfT+kSE-;m@s@) zg4<8O{=mkSY~Fz}($!3aj%B0TS*(Q1sZlLj;?qby;iI@Pll8VaM=J!Ks34|cj*%59 zXw8FL)Fq}k%s8yKkRpikB@Vcc#W}ssNlfe#0*?QCMfRn!8-KT#&R0@vls+F0 z+vjjBo^wqr;-v-EbqaHT>%3_7SH0pyGOA{=rrj6kOnuko*TyNk_|DA zEtdA44rkg#pw)ZAqkaEL_}f2U91+iW>w-KU4r$*qO`PDG`{8}pX2ZiSX7ra4p6~2 z1u}15SbjXD;s(9^y}i5aJ7ydQgGqo_Zi{MY!TtRx+*f?RAr(PNl7T*##0-W79LldI zYT+y!Jm)_LT1i@~J#$XP)?cYk;CPOL+Zo#(%u*vg*|%2bFV7Oa?!DWdeJlR;*I)d9 zd}JPFFVo+a_a$*wD9_>b6Wg(5YMM$r$HCIyR_f}ub`@z_LP? za1+ed&&qv*J#|B6Yx-yCtygs;XV$yic=Gax5xRSfaJI7E^Sy9C*!;m3(2qi5@ENlD z7|I@~h|BU(7!AXv>c8{!2>8-^gk8)i%ury9>h;+`BqB7Y3_8Tk z@lL8HjP#*i?8I1nt=IsX=z7*Z1b&teAA3B9c0Ij#zK?wiFzJ+NKUVkq9vUSAN?LP8 zIaaFT>7u*O+)y6ECO)8IR2u{~6D&R+uF&FbCI!4zUmd6|cDOd@la~3>!6EIM1{EIlx9{2d zC1=Gaew%*ZP;BYXke5QO|8!-s$8pGHt1`UxmM&)4G+G6=Nqqcidq>H)AHh(h7-UF~ zdm=%^UW`w;<;6jeRqKJ^^Gw|GW?~-U>He8#7HKdoh&tOG`fdt?c^t|z-`rMDjc|X|Gg|d)hrQK176- z`j}}XC2$Bt!-g_1+q`=i>YULz?}C(`IYjemh=Ge1bUI!7<)AUct&F8Gq;g=bV(xH!ea5 zPNK&)#~9m4UG+_;BktA@=k4V+S!j25dY=tZOi+t;=YC_KdbDUDlgba7efWksu_;sA{7l>BgJ3DMYh@9J+Cp zhyFB%Yu;TR@3xY|{ekZ2uf_JxtXp5Xe^=-&Ko*@w$NEl#P8^Kk?6Mn!NjW&yUalF$ zhz}{orWANJwzK4GY6t9TIznQHiMro<#g zc78)V_Km_GlGZ~lYEgK@xfnzmf291$U029^Q7XIha)ng4zn@(<^psHSe&i9ESUeU3XM)&l+y!$h(+#(I6Gc_Lga8AWaI*@5-C{j8 z4s`wL0$hZ4-ZAd{9k|Qs34Vo{%>~5_{^Q$%0Jok2oWHq<9hCPrxldpB>c_4uoKQ^k z!9?LUXbsyJC}$?En{ofIMeXMKGyMnxUNm|c_R$l=Ku|5>p%p>#=Lug) zN}nj2{hyGgzjystc-4}ta6M>$`unBB$fNjV2D_;Vh$tlko>r;-v5}2=ewpMQ)JCgK&5j9h(^Ov)` zGS?u$$Ew=YrG-{k4wCJ|w8Rf!AAB#q!!ofenT|i=<&Asi_~4PK^f;2TQYHJOYVLp1 z@XgbDNVk(SZFd-^*AWRsp`teQwc}*D9^6yf_4{WxqwVK`(>_{!n;ZDe-{9kP#{FtP z(JiG@mgI_H8P->Rw(^BxnXu%WdPD(4(^89r_^CrfrsT2O7!SR^PFqgN$pF!H!&*cB z$(yJc-mDep4!xN61{S}5&v2FI?xbjT$9Ea>p-DNs=p_{WG0UfUtz2fTE@!5Q+ryOY z!))_v>$}YRaHii&go9I&*xa$Id1tQZP3JgpwkyXP_x)P8z0kcU2_Ics%B8*0uc*g% zk-w3;saDCes8y!exX zMt1kkp{y??xBnJg?^F#Gv^M~-LeKuyzGoR3b)wVXUZhi^eY*}W9Q$Ck3iB&hJ%w;? z^#;0of;D%P{RKfP1Cv$Xh2Yr_{_&xR=T+q^KXh zDflmz`IWDu(Ga0Zh0(IqNPk9Gc(m+IJO;_}PoUFjq{TP{9h&GlPvedE)?tl{L0H1SjLOkO+%B{e-ZlZMN zxQ-4#J71{$kZQo;4Yv6?-p&4g2MwK4`8LuVEM*P(b^LIX4?1og=?+cBK3A&xp=<_r zc#-rL*JVZ%)5N|+$($c7(pKTDRw7H+MIo$<2j0nXh&}&!=WqYd&tcgg{?%PMR5$qXl>Dfe_n(-~ zxbD3<5tkL1CSRzT-C;Oj&h)0PWjcYK-$)JLH4>~VtOZqWjXP(2n)R}Zd%xb)5+Cnt zA*qC)gDry0<0SuEE_{>hUBsU!@)AgOoV?Wf?yTKs_2Cy!;s8Gf%odL|9dW9v>cTrU zWQ8g4{9+lC>@oQ-_?9;&vl$)PQHcQ(9{*&eDQg|q`NY(_67-+=z6|z=9juZ=03RO_ z$~O>GXODkxRZ+*uDMdY<@O&jcAkl=GslU^>30HYOK1%id_piU1zG^vD%bOZ~SF^kY zB$Tu}e!@r`_QeQ#YQ(Pk2q{PN=HUglm@VC(fM6+Talz)~WeTt?Q}Y0sk;T1$2ch4S zygff|K&q<&C5Nz2e=43iOB!0Ts9XQ@W!JOQLS&d|FDR#U@JIbeOPWQ;^|sdbzdS_K zh!?_WE(Zm1fj#+RkUYyFrCxm5e5{t+esVzxv{Owi*9a~dZFY_)!hM~bF z!Z3)U@*yWY+{Wm6e3a<;MP2%D#m&Qf-CnuKEBB6`?}NRT(>U~W5tz+>Rn0KXdfZPz zHLxoc0(5G-3wtDH{{c34uj5^ti+4~k-Fr{yF;cp{3x1PpDjQ*DKEe#iPfc@rl`4g# zlbhqY2r~+qD(Cl-eBbU)McRLQEF;%Wh`RRG{pq)nWOt_Mv!d#r=KRp#JfZ3*`hAmp zm-i{$=B5lwG0(2)mJlG1dVaB?4{M@`1O!9`8eSo|V`FMfSAbmP2sqp#l1X~=pM``R zSugt=)Tz!qRhB`n8NIJ}mmvn48!{@*`vPY{XGt0!=!^Bklh419hOpcv^%!UmgQ^(M zB4l-At70D*zRGJ>M5GR0ZLUS~@9u@z;<4BK3kYtANm=02vVPmH7{&3ckjh>D{Z5^y zRUj8lpZUQGK%?MCf_HEZzOo>IMy(jj4jR26l_UaV7_ji%&7nD{6P>K%IVUGAA;XIkn~xcef;P#l33@nwt>&hAD$XGgQd$Vfian4t=W#i)1`CV?i*1e29r5OEWhY zts3Yh@lf4DWP|jgX<2OIZv|L(AHQaVd{Mb&kN-mp0%5Ms11E47pcy2ddT8=~hwl}i z*qpsSV$7|$EY0_4RXMBE-7(BnCOXleWYmqP9DllRM`OpWXsM=EGw`Rk$^}?e*u)Dft zIYz@xpm{I;lnpj<{YAw!4W?l)1gZo9e-dNllu3aWJwOLOqQ<-Cwe&y-h9~lIzZhfH6pozrJ(Ag zK;mREf7o3j=YMlC$O!hO_=x8C%0Uah5MN^q8WLvWdtYAi%uqbNGfIWXKa~s(iRgvI zt>+4O8y9!}JJ)KvR*MUMHfZVHg0WF$eZN!Y_*cnZUc^G~@nC`<-Vhswzgu!|Q_1rA zaLmqH?A6ip+y~q8tC#I9+B6B2$A7yKeoJ}peeG!Jsb>n_m9ZwM9%w4;W-#;a15>pC z_{#?1>G5?R5D^wyUIIJ){-OQ7uog&-e}2SQVIbURqNaOeDbt0W9!DBT7JdHvTVyGo zdZ9`J$$Ry}6Y(g7&!5xo@cTHgvhv+I#zX8~QtS^?)f5RHHc$cu(EHHO@%HFQduS!# zi?|nOu)g=#ecrR3Le7*9Q$d?*dY}%KQu5$I6b(DqltkD<3}eicqpZs5y+Y`WJGLZ} zfHH;COVzo(Jxs^E_=;f=IfgYROG`Kz&G5HGyclaVfD#P{v5%Yb%7nTO&@&yk;r|h0 zaVd&J)*^c;VVcBUNU$(^gFzH>K;1{iL-P>PtNA34ehZKJNq(FWt53X4l05MESg(qN zb|XHChP^m&uVybP6{1|Nt1xW2#EkEPH`)pm9&s}vd;^_es7+BG@ashvTKXs6QPa3 z?&G>U;zgB}1=^ZPXq_`UNyD(-V))oP3vW1JEJvi>bs^#)#3RRr(C_79W+_T7Qq3+Q zqC+f+OPYUl312%AC1U-BOMmhoKIrSREn}8G!KWB&$NO$A&P<2 z8qP#(&M|L-z<>3Hs_zp{P21j^5@QhLAMO~EWJ>P`h-@2!82MqI9wbyvf~|td8!ok% z|DFi$aqCB(C!<0_I!*L?+{L?_Nt>NmN%hNmf3aWvPcF=pX1o6?UaakFEcTRx-;2i| z6^S%pv=mWZV#U8JP~gWc{-BqJ#8&dvb-Cg;?{X|fQK<#^ar@BZD$ zaq7u3Aupq( zfIbv(zfWqHj8-2-`Ns8yUFqG>ZOP{M(4JNycA_=M%YslwR07vf7h)Z5?vbbCoHv=B z`|x4I-t#xNgC8|m+l|xTk+c2P(z=-nxxjf-a269qw;3K4?qR>C!}?@S&=H*%&ZZe1 zQ7!O0^cjTSkpAIk90Pm;*WDE15ZtWoy9ntaWeYN=ker$VxdJ=?dh+$Gp3FC5Ij3_Z zk@91x5|pkrDyDknAXPR)!KFhIJ$yej&9;wiQIXsK95?XlY?`Zfa(GVF&dRafONT-_ zNaP}w)vb}`#s|B3poGjv^PkFgAtO*;UgVeNc15pBU|#Vpboj7K7rLx4vf#XPuw$MJC%G^Yqkox#q5y<3J^5G`n2bX;bSe!+5k zZxwbVm^WGK>l}2ecuZe(BZ`7{1=q zD#M<>v%S1tS>1gfdsENYoY*$^!D(EHh>m(+{cJ?P+H7Cf+qKw%)T})At7XdWyFVW# zSaI#^W{G~K6n`U>7IT5eLprC+80^CpN*Qj0PV81OfNn|h^{aMSJh4EZ(n2`0Ne+rc zXD}*t>?K%7?qz>Ph5aSDe`>Sy3*(hSt84;9cob23Y=)A}VoZ>793 z-p;J>9Liq4b8BpswXK}7m*yeFYh$G8#s7ABBmkiW6Xtt-JAX~9gxg$ie=sidE<&UL7A1SDWa~bIxM#;TX6+zBYd{X~S-8&f1F{R6#T@)bVxL z$c~@c8D@cnhp6;19g8f3fYtjk9o?t&niNF@Aq^T@;0cL88vflc8o9aaFX2F?06OI`H@;BEczNvR5d$$gZS?=pfy4 zhF3Ft$8zS^T1D!0(-aKA7TqsMnJW{wy@8|e6b$*u?%@mp$i+(IKyl-v@Wf|OY$u2((NU+G~ z!!?OUrg0mGy{roTUfm+Atx-!F06|#vlzMni;E&yI$cC zNn4mF+JuaczblkhE@)_{ty6pq1VQ)^qo{IRi9=6QO~;X6WnIF`CgbHj*y~+wK2z}O zGguajNEf|DOQOCuix5ecZHCJ=Q}y$t6{S+)K0p`yAUCez54-ino4{duv`^giI>N}Y zKTxuULh&8vjn|NiB<;_?3xMa!LLX3kus1q1A}~8;2Q@?jOk#M4JeM1posmkQY0v^lV)WQajM z#}Y-uuiX5@U*jvAt9}PLsoSx6^N;DS$by&Vt*m9I4*4bU+AdgreLxiVb0= zTPTfQlJ-?J=jMIrRk|D5HdtzlY_RIaRuX=#gjHSuJo{}fxm#6Q@Utb)5(9=U0yvEH z=4~)*KyVdmFkGL>1TTYD6DaL{Dre+hKjv=S1@3M=H*#U&f2NWsvcA%;_tSx%S@1&)fCyoa%!)ymFx=wk-V&>^A%$~}jhjSIr z-;^wfRV7*Cx61aPGf5;qzWbzDr{B|3yy%L*UToo=AwcR|g(Z31(N!V4t#k@sUf4^jNcIqq#(*B_WvG*vYkm8F zFLJBGWrC$ubig*kZ(`|WgS6-UNe{B~yW+Th$&%qQex-y==^t(O_@aB{I#!RO{ zrkB)!B~2rPPKa+O9fwQ9(beRw-Jfu+s(ZR5@@Yw7J;F6GxI5=wfY5y%SsmqEBY;*G zQB#qiBIjK1y>C6vUWxXQQb}Sueqva@6d^_nS(KVDN?wd8nw43zTYoNpR$iQ_{JV&b zMSu^hCq>+g2=;rM9A8o=5N5Ifn*ooPoXsvi=&^NV8^F8}21ji4b#WVF#y53z!R}{L zM%Y=mTw!{qF%taY3#u!~QARq>-lfMds9HkR>|8ij-9SU14S78B)AM>;#+9vOBb{UJ>Dom1VPYoXE52k;CB~VA-rAF8p9|awJ zW_Vy^zo%I;tEjtBBJp&tEN4T zkp!36KkqwT)dFJbHP_>($aCd?A z?gMN7L7@_cCd%HXG0B6_RsGvbhn$PU>?<3g17)Sh#~kD>V>jr1LEUBqE09CwI1byO z{a)6Isa^~?@^$6E-x);ph-DSA68>rsUdxcXb0Da1I^pmP{aGnKe5==2`T8D1vw~mQ z4P0$^5S8;>E_4S}6nB`8VaGmC9ZoE5OYnEcep^IZ=P%+y;mMFHnuFjfq=k|!A)_b9 ze!z$uh`tCIzQSo~{fNz-i)6;Y@}~PdEt*+H3U3SUM`y9mKJ$oqaaRz+5r^&vBo;nb z=E2wwk|M%rg@TBsUL4Fnl3eYfHFqJ8)@&kwe|iuf?@+8aSY<@VAQL6$GXy0!bsd6U zf_dK-SQa%&DHOVzU@!@*52YK7A^?nZUmduh%Uu@-C3wK;=M2Dw&MHE{VQc!B3Bd$* zocC$vS0`Z(`(~8FMRIY9USh-GMsxB@a=%UkKVR9m$SupS=-o&Rlw$BwKbgk0JIQaJ zj(cS4Z-a^KZ@;h4jNEFz;<%Eq`*nPY#Cy};VzwG5`l{h}!5{p)M;=$I<4x^3nrG~E z9M&rQ2FyGDJB9$_0)jQ$Kvp&-R?{=U5V;VajK|XW>U|V9^61{jipijFMS`kLG~#OB zHY*vxq+p8>Y{urAq+(8#hu4X2Q~uZy++*b5qGG{?$f0uY$3$TUsxL6!6eSoK#2iW7 z7U?;IM-3djgJ&Y4CWSYVgTmWLdJZM_qY2=AaU&w`81k551t%6(^&mj-fp)&o1+u5U!byWn^Iv8;E&I6z@m^ew|-G;+Ufw-3n_b+h#b@ zL}>bM)SAJHUidH-3`UkPYHo=*4vj@Cr#Mu?F^RgbGt(W>Ev-z`eqEic7DO@}dvwU9 zSiGHNSR)TAn{?l!#Dd8_uMtHQTTF>`E{x~Xk|yZ*uwSS+zxS1xlvURt{rI)7KE11X zB$k3M9qHY#-|0UQkEPXa>dWaa#Crg;AjrxvPz@_4+TPv^sho9ElGwog82FxB_6l4$ zd-0Ltggqm6v|KtUSk%|@!F&yyL-DXSh>+mw89>1#yg|Sfwx#iv+I7RKXdnX#RSZOc ze{;6MnjbtCv$AVPAWLseG{J;{;7k!m(d^~o)rx6BBoTK0I5$$%??(ERMTM7dRN8YY z%bC70KA74%13ts8HP(xlL6`Y}0*^D9%kB03_AoM@)ZL?#dngQeIl*`kD9Y+$wSL|L zMSQn$zCQN?y_D0aINd*rKQXrB-g8UvPqZq(EBQAG5-gh(OJF^Q9ki{-!Z28Iv3xDLy`(*bH z)cE-CgbGK+MnK8}Qt!J>*k!;> zox=S{cA8YgC`Z_F>&vmj>$YQljrQ~A!t;hH_nWAaJ^heKT=fh)9zz`kky}cVTQYwT zC1-kG+*=yj16BAQZlpbWcy2F7v(P4=5Uz~`osl%Jmhyu#GCopSCKSKa6!1UA;QFI1 ze2%x064af<>0NQ=>Uuk7KHB~7gqGHeZ9QVQ;3J&wpR;`1d2XP#_iIO`Q{KO}eS!rZ zlG0|8j!t;!;~C;6r)bxm4_wbyA+`U--0$vM-J6kJ}(HCy$h=C(l|W<*vLgI)8^ zI}TBrC)dDg)b)Nf2+JCZv0O3@P!gTMLcGTtp*a*xi(U5>NBaBYGNEewhtr_3_4a13 zYgeQyaLZqW@$W)lPi(fT&Wxt{joYYe{`rk3)`v~xzg}+c{?Mb@sQrz{zE+a)D$wip z;k26kc{ZNk13Ge@-!;v&Lt0cGqR{Gng#0~O#2-ej#Ot!0oxDa!&+!fFMv%X}WKu7_ zID3sql9OeEjNi77&~w0w1?~#%T|nH*=owTAcupFbA(KYUoo?>V8)%LWKw}LQ5}s{j z!rIjFZS^DSIy|C7dEB zMdf!=Is+`7A1!4?1@^^hesSK-t@Nv{lon z1Ar7XO=Y|SF3qX(mb%i!X8?W&zb1qsAk?g)Vgx-2CKvZrJkHk+;0+4sC~v}{Ew047 zfwn$+C4S~J9UgzHx1;6jUzoHQ`@rHGK%M^Q_^^=w>v*_b{~IY{{a>3`WMUgY6hO|S z-2@2|w=IIJf+FOf+$40AYQe#9fm52K`JD&MrZ_Z>M--DZDBV!hRLi>ni%Yco^af2` zxm_8qx1xsnreL(1+fFju&_Vhoo&astr&4(KyPQAiX>U z>RQu!?*zm9?}8~5PRjJwux1gr0;P3~2O|p?M=vY{%wIG@-Y7$=M`F-Jzh(o}eI_GJ zU0inipoeA=o2M`PeF;zM$I^<$E_(Wvte^grtEw%(^BT zVg{%h`Oni|(mYk%wxmc4=|cn5oPg9Msp}r0QO((db;}0VnqSuP9*E1M)JRex+ci3N zuZ)-U!t8_J0gLg>7}-PFoIbPbCU?!@Zk+Ak&e7heG(Z18iD6rW3#ilo43AH3|KHQY zZTydo6mkBm#Ng6e1_61w%Qpn*`y#?W3@(Y(g~R|_EI{L9U9WrNWHpZWd(*Z>yp(7d zC!~Ckv*~@uyL9?&wmLm5zg5OMO0lW0)f@B5%9yb|PbGziu6zCMru(2rDudSA~D z?%am0SrfM{=$~vy{BxD^{Xf7r`{J12|737mYuNvX2WLlx{7=K}{=bo8>VHy4Fk`$+ zH+Q3s+|pwb1ZsziVd$R+(GLkr$N*+49;sdG!YHEq z_XpjAp0(2k!_-N!EsE)fYsc}5L53zt(4LM|eYpurE{>)0fvm#t1~PBDe}8a;7b`7KfC<(5w1Bmfd}mf#Frt>yy;M zRk#aXSs2UON*klQV}?<2e5F3h;((06UuZY`d~k>6#xJ2B0@*E#_19L5QBfN0|8g3v z>;Ct+X#an9c(T3!-AEC8)r-%O_V>>vxtA9CWm}ZFxi~Itd)i+<({%dSWBsgds52z! z_iBe0H$U=DswV1Or>p9oPTs6OcYf@JqZea1Vkm2?6QDMA2_*I0ly-zNbWi4Fn<&RkD3Dj! zR!@uU#(j~gVMJ@tfYLdjs+7L3m?Po zi!m{+eAi)P*xBj$XckP_+A$_2-=?%r0;F+H9ry{%NpDMIX_F!w@f3?+6x==%TyDuJf%R>ro8Cm@^c08>Cw zxz(hjR|{^9%~q?mNUe>cuvjxHWl7Ys^_u_Mv8=bso3FFf@c;6FLowa|gu;6qlTav0 z+lc}-{QuGLz>fbeLc(nM{|yw={=*nya1Ub)Zvs@V^i8M6!1(TG^_j7^q3~Wm6=Hw3 zlUdt7^`>Z+hP*_7NAt``EVT$Tp>@3}^6pf<08<@vv!B~7%}=DN;K!KEjCAnp!bN7> zk~_Wn@pm-W*zFk>negELImQ=FxdTMFqNnv7JG6*s61fjmH7?$EsK1AeyHnlXJQ ztczBn-h!klR+I{%l51zzl}PFIFTek;p8wQs!@L{~^?6?;pA!RP87TFewG=fI;QG20 z)4Fw^Yb3L=99DB=wd257aug$qD*RFm)L;<2c=V%USO}L60SfQkPAj$ZPa|g9%vO!T zmp+NMg>NxkIroSkE7w1|Jz8>HUY74ITmBAvdScJ7HmJA2Tk@~ z0pyv0vDy7LMiHTyk$Bz(T?TKvpc^GYa7hB}rF@sbZUnl9=SB7%_~VZf89O4BX#soB z_*OkvAF91{WK>}A7X0x?SGIeZqLXv|$gteFja>8fACY)LC*ZpK|Dm1#`*3)0wzdD< zNXf5%X(zwr`q!TelXIF^L1yOq%2?mvPC1wIc~=_ii+v)iyzpirU^%u5ZLHtr;1uT4 zv|eb)_wu&=0!(J$FP*r|&x~5R=i0>H+)*S-Q$m^c-O_&>Q1m0Qub9UAMM(0N<&Qry znMpthtY-f|JQxlO_P^Wsf14@!{olBH(!Rx| zJHBBvtLw_W-szQ`dY6|wW?OL@miFW{u6oiA#z@34qx+P_kfGc8z6RH%pYq8k8X-^l zJScDi-_(rZAiY4-@5P~_n;eN6mL7!I!@w(6_(63mzp z5%IsHt>#5U{6{u7@}A=^NIAcjR-{rFcLv3Bj8uyW<{841834dVt0s2rf_^e|KxQKE zGQ4!I=|N77x8)eVsZxFZhlo9p_zs7+`=9*9oc|i=e~yj|{y)RRZT_E)6ln?Z<_bJ( zv{z*lV&I1~_f0o54Ce1LeMb628c*lmwp6eG z7*UeM9-{l7JhWi+hkE_b>9DZ=4~N_QuNx_O7KX(M+MhrbY=#dxo?u~*iYb8i5C`H~ z4~GDMewMv0za>p4(0~K`q;BxmpcWpuv^?^Aj_BJ+a&*S+TVBJfdG36_KrfBXV}lYM z`a7CyYff^-VjSM~%dE{ZHqoG}$b+NrIHmbnGfF-R3O-RJ5O!;e6RMzXFByxpxm^3a z@ms{&errZ&DqtKXHv#st>hkk}IdVnA2vsSH@jYbd4i$9yk5cK@c>fp1<%`9DsJ;KQ z{XY&5jt{o_pN$l;Hvs^^J2lk67-+p2mG4DaWrO|ekvQ}25*e^H@K?M#O<&$dNsfgS z8jch=XZi$uI?~)>6;Nf`fgvqHwHO1hv}Qqt z;Br#?Qp{@g`j_X%5~^QO>iEBdqeA@OPQS>tjk{NnUl2Ao^thfA7b0jnS zIM0K*2%l*f-PH@I7S1{G)b0;IbnIv5M(lp4&kin~?}8`rekN?E?aCRP^h%G#2@)SD zhSg6UB1LQWv&>ke=!KVhTh>-ooTF(qAEvRNXB@jr$foiIhm}4uZA!!&n%rd1)sO7E z+}om6il`GK=!?L@;)VW|!N|WaGft^9SxFuE#6%RfG8{1xom3A?xlXEl!qN>-&=O`S zje1=&SM3RD+VYpoVb`?GW@YK@kzbNnR-Z*|{v5~PN&2TEo2;xKj=*oZxYN>?P>)g? zu3Ju-fqwo%B9q2e)l)Avf zUJ0oC-Ri2n2h64!rF!7Ui?&qB7(V0gDr$qezTV}Pmp@?nZ%1gWew=KNSze=L-ASYd%a z!&wv{IuIc<>@H|U8~PRWgtdLz;bC9Wz7Ki<13mrtcMzbk503JnG&rF>GRR^#r<0bH zv{xKi3s)B^hsD}W&}o3u0Y{1XH=ksrzEAfgaG=(zu{5lH5djgue+sFCF!{x?AnA>! ztDSDswJ(w=8(hVAG}{L1S&At7$y)TtTJqU)OEt6k)%=9F^ht+fa#@2M#>IQ!M{}=c9CHG zjSLogHxPKHqzCRfr@w?(Bhg zKb${X02u#FgHV7MM@a*^BtBgL$|dnNgj820sys7qY}D%szI_d&Jb?6Z)*~-Q%*Itm zauPK>7$9KSH(C%;Y*l^nnV~p@0k{YmiYFpx@)&>Kd-5)eMz|;U-*Kn&J@`>ac?Eml zgK@r=2#6`ce-F;XxvVF$z@pC{LO#`jYoW(bOm}50MK+De1ArkAGRq_16#qm;?f*XU z=-Li}>iz%d^t6!w;qdHq>;JQnlJ5UvU4!SuOJ*pPCY|Ceco~oz7zn-5b9sSCJ2FNp zk=D|HPDv8@LZcBP8GiakgyRiwkq;si>pLR$QKj;I%7f%XFJc76w=y=4nXfsCAgW+ng7S*2CGo!>JPRWYVITXS3L zkA3X1v7|2ekN^9><>UYOKmQB#-i9(HA0S~c@5>tF-~Je@PtVhIqCh2jklDkdD46qU z1A`#VEAFJf)d4dt^rky-ZnWL37mg0haG2&?ZqorAa{N^X{?Gpc`fp(LNLL2q|7SQH zj^(e{IK;DLCNez((d@ZYHa2S6=)eR9!4358^qw$?VseAjx~%KKm2{(H1Fh!x*eWVa7(p1ar^ZK$hK=&x9>wt<&eW|0otgr)M%sjgTI{bGURi>;P zx?=4JsEQ57pk)WfX_oM@qXU&=U?N}Jfe6JEQ-;FYPPFZSHcc7lrcl;gbtlY<4b}jj zA(FUuuv`bMU8rUXT_FT+P(U6WYe2WBZWT&bL6Z?MJ23blet!JwJ21c@W*7#~Q2^&x z$RnXoTW_Pz4!8i<_F{n!L@36@*DYituyhCVfSV1#A{|g;oa@0#I$!}_+Z38W93(Ni zp2mnyN#L)n0|mfMy0Ab8XySQ@($#mM0JvEPI(vJ2osN4a7KT9r%&?}W&}>eQ+pKjbGvgRaG>m3@s~v6umb>>TUipdM&ZPX z!C?sor^8Y@jK^a&iZ7JafiZ59!5w8$djuE}bzCsm`X`G58H_W{IYMSA&FI#(0`@En z#9*{Xfb+wh4)1Gj;c)0F7drx+>EvY2vxOtTJmayfn({{-04yeEl$yn+(2dD#Pv`1^ zESpVb^QnABl}+rz)c%qP$tjte<}J}VDZ%Ej6r0mw1%0v!pXo(Z?n6TYBq4~1PmS2A zoz6KI31w0>xqm9_Vi*g%ivY{JH7+??-|m8&gaHqR;06IA4gY-<^4fwmCH}r8=M1EF z22()EE|`-rB%g;N2`#TsOM!S4oB@H^mp+rLSu?gOw&(1q?%JQp@>aeG zvk-d99lRdpR3d4E^1G(+Yg%`qEZyVFAwOP}2VRtvpuEt;*aXVbv;XTrIYz%Gh?Y)` z$2c)G$|Y0dF;lr@YCJ}i-~4>>{Nnu6v-8U<=SKjH15Dda3=?Wk_}^)+L+HH3QUCJt zJ>Rh-NGbCBwJ1l#SK)H%`nlL#*1(Ipb&Bu5m$>tAQ?ya-4)*@_iOSDlHo= zlowlmHqf5bv&fi$Qy8;nBxLBb${r1a2RNsI!8;L2#zQ^|J=8Bl877PfTkE{R*fqIB z;li6-HPB_LER)EJL3|lQ4_)R|>f-*gT*q2EF)D$!K)Lf@|MT7+xPJTm?Fd}VqL_%7 z-l-%^!QS5Yd0nij#k>CJ2)w_3=8nk)bhNGG;cz(11=srPODxo+lKnEO9#|DmhOc=| zgFlg#_xMTQ$*9bq7LV7F49lau%hfrSJtAg$8e{fJ}AW__xh7$a~rbZV)t zke9@m&4F5*TaDC;HB!csTdQtrIU}U?>Y;KQBvms`9|p}Rw}_x%&+SUum7q5$+;OfC zyqO6wN%R=di%6|W@hTZAmrl3_y}`tJmYL{% zu|v&3@0swUD5?*?>XjaaOX8Q)pYKBDl#htt0sLPHdSX+^vEWDGtswVnOhvLk zWs7I6Jes1eX1(~G(*s@1;4Pw+s*T@E{HogNEvgh0jeMVKwGX+aFB6tq3%lGdy=+}y z*kFo{m|4QB-4Ci8d6$84G{WF*)|15>xz4~i8Zpw1FVo0n5(GfQSyIs~v$6}FttO9B zi!ykt{)&v`=@*kXgk8$W^m3;EL#Y*&{t#xKS^_o&i3p+2rU*<3-)i_TkA(Lq6uV4@ z%L9q;P<*j8M%TjP3DfX924Fa6Q{JKorN)s8mDZBeNrqJey>SR!)dwf9bGKKlbb=7KTd6pCYP$>ss**^gj0Z zzv*|%RO4e$|CM`V1O-qvj3>F8Iwn9G5Ub$8|2 znoV(lL&^~J0hs^@rZDzB;v-*vnq5y&!~hmI65}$%^6@}2E}_qBitElBnPM1v$Okub z10_9Eg+Ii&2yP5i4>)!(kgU&s65YnomyQvGwFFHt{r}BLzREW0;(rd$toWY?M`x$Q zt^fZf%1#!Sq{YQo=_Qxb312ge4ez;{-*Gj&&$1piz0wkRq)Vcf9+oOYdzI^Ac~U8# zazPt?-RbFppa4=4+M5~_$rfjJF70uC;bRRZH9lP_CO?tDrx_BGk;2wcRb!$f$}8BF zdgG##t`O*WT^YiW0uqDgn99F%1ZseZ8QY+IbV_{wQ<@l@iUO!^@61V2gNYfWU?rHC z0Q2b7VB$jtTg(&rplZenfXa#>PZaIncOFFu#uQ+A?577`T3gGgD&&+1nU7@MLXf1H z3X%kRv5ZJ0`n4ybi>N=%di`?mw6xx+Bh?@VouqWGX0oB5F#XsHPG}9?&>Y@ui-Xd6 z^eq@200^6+c&}Nv3Q&Ge6(6%CU>F2AMCl`;?vU+p8Rtu%UfZ&4vG_k*np#O4HT>V{ zQ6c}|@!8Qf{@+H*PNrAxbj~SFW=Q&L@y$Rfe5Q~B2%;EG@Mpf=kF{VvNQHHE!bHTs zijX&MX++i7W~vP**~(O^tz}drCQ_frN+&rZB2QLa0fuP=Gu};@Z2dlr#AqjK!DZloGOGso)YcU_>aunouH=fghKl#1&$8 z*C7Qa;5sBI^Kod*2^)!=VBtpMVTw2dz`HI77f7Ha7HX6RNH8|fP0W=b!GUHd)bogS zyUd`X2jy&~E4pVXL)q`_fj1=Fb9}UCMfj{_N)6OBSNfX7NG90iJp4GVG}flI6Ox3! z+<~QHlpobF^gs60A6hX7<6HW%$N$w&3?t!>J>!RdAK(e{=3an4_R>F7-Dpg15dGMb z|EG#bZ2EWGOZyOKuMw z$)Cn+v4#sDF{S~DJBOVea1ml=oaxQa;kBH??v|P#&1*TB%TH@;60hRKUiPfcwUa-u zoz$wqD?P;P4lVQKtUbQ-NG^mIOXpML6WvKK0Vj`7kN@1&`tn_%bme`1u6z%!k|-iE zlXnnun~llLeR(9dk?+BCg5*5|=NHCmm5%wxyI`E|lj4EU`H$rmDIQptA!Cl)SYjO~ zd^?};?LNmCNQVdpV}|?z|3dVm#YX}O63UPx>hnQotmv>PAoclRlly9Z7A>>4?tsBy zuvJYoFK+o?F%v6lqelKeJUAH^85N$X%iTCpm8jcU3HTgLsoB~M;P%N?*EKIRTs7~l42e*i8f(&j|EhXd5@nI3H91{m%{m1%`PWS#Vb*`&wqh|jr2e~9eQHmb`^00C9z-Cm%Spb8`WGm2?}4=SQsNmUEgGN?^a z?R?J}P8^ePhC-H(4K>rnj8S+$PW`E<2SfgXvmJgS!pAddIn((b+#vRVP$(^))pRo) znJAZJ_La5BzBVrr_nnTcv;cD{8ccBLQvk#Hpz}Q#n+s|z?|rTFfTPN$U~I3pvG5^d zM6V(h50i@YnD;6>zb|~(I^RogP>&@rOCAVgLxK@Ld6jjE$MERj4F946-_RXzuL7v5lj-3XAy5re&Rqc2xztQ6Mfc^6SS8 zFJU8hVk4lp+#+J>aWMij#Gnru960gIw$%~1KiJ@nNvZxvS?H~zjT-&WF@IOk|DSC2 zKbt5*{{#47KRzYU<_r?8cAIK{HfNmZR{QW_tEZtA=&00o+okUjEi9(+F>q8;NpqRB zoiSxK^wu~oB8=uQYStl&S~xBs+U4x@*CN;n98+$ip{}g8lS>8krgSu+v{sVUjw?0m^F4f0Y{BLiSooH)2b*x}`n2Z6%X*@@?OJBrHg7Gv zTs2xztV;8seWmxJMaINzM&6hfnyD~NDru&8^(wfBv1(|XrU=#DzIt~4>V+`N!x47{ZPdm87#`UEKPM+gr`z*?6J-bd$jACoSb;T;K${zRe!>B(h{Kt6hMIsf7+N@3$3gSR>>*F;Y^x~M6c8iRC~GSiyZ za4n@>Fr$24{}cRC?1|9@U(L4bf3B(vW}>6!UC4zdtx3wndt`J$#BWpGkQItO>7A>1 zu8gQUoXrt`eY$#a-OqQyOii`wE(q9SOiH>SDpdD?R~dl!S1;aux_G_|-d{ZL+oNFS zNp8W*+w;er&N-b@C0#J<7J9M^5cH-1g)E+Pt{ED>cokL^oc-0kTLb^wmhIL4@juMd zUTYPh(5>Zyb0b%e1iO6w&yj1r_7u^i)FA@+hSq!#dH+BX`Y1LC)9>u*bO&u$)befe zm9*h@uTDR`dvX5!)7v+%{_*ME+qb;^gRwHI73tr`?sN@fKw>a96G0g2UJjYBvEAGn zYudGRg)h-F&XJpa(3vR=v_--MiS%&H5q`<>eEII}`%8iGOOEk1k-F`PuFkR0OEMxp z=)J&Fk!~zs_1egYDb14?!Aflf&);4A{Nf$o5zc?Ocy)1o@#1RKaHClr6?L3(fgYq3 z--c3onuE4Zxi-b^+YxMam-3P=-`Be5GZbSF?!Q3~pZ-DOyS&I*$dsEE;b{~lEU#S7 z(zqPuA<1kn-Qgn^PPb+4#V!AvQNfmPqelKeIX)`r|Id!L_CFgbJK&Wb>n|?w#{dl4wiyfKYbDV9dVS9(}Xo|z`9Z5@MT1^9{P;D zT`*-VlK;{^=)I@X%N?pvpPbv}?|QT^zM}nxJcK+p z`i4lBwy7`8`tBY?B%4PPIi1B47(L*`Y1;!S{lsk7M9ZXdhS^fHXi6wsbQa}%kp5-# zfJ5H}cYmc?a+AuTx6i@F+UifPlms4j(t zIR*xF9CB7erVaxU#4&B%x3vbf$Ra;}JK|^Br@RcQjtN_^l$kX7{!?%)am2v@X3&c~ zczw*d8{k82z2Lje2>f;U*P-=-FX9mhhzA4yr~R4mxY+0a+23UouZXpgMB`5*61(NU zH2CvM+NhTQ4vtTb&TRSb@N6spZKUjgOEK1uM)=M)eUov@VTn8ej!%wQcZ~pN|+c~OtuSH72J$kWvRFcFCvx-X`(wTlakd;QhRxT z?@@?o4Y?jal{jhAzKFgxgirxHqf(5Zk88>Fbx!OlV(UwC_{6kx4d`hWQ7IbE#D^9Dqnv_~q z7~M~mn{BmWWmGctRTeVUXPkpdC2F!JWzjRPow}`dZk17qa_LXx42HpT6u|iv@<`}Y z$BL_^lIvaGSa1S^;0AhkN@}A6fyy)W|0ksZq46=<5ZR@cMh&uN#c?i*#c!VlWhm)LxWXi5)ud8mc zatID$^lO4BqYEMEc7{noY9y_D5%sndM>m24FG?h^=HWLg(Gvh241eyu6Uh<;XJ|&^ zc?$$<@Kf*#ni9K$J7`G;Fu*g+XvG|?bggtFsbCsTmAMN-@v>qPx)9U@>=@z-1gp?9 zM%aa5`2d$7sOa4a!Aks$5q2V2I>6fN6nayo$z)T=0G1h)jp!@FkuGg_to+R!o@iOL zxLd?PjG_Q~$d|FTGfy@Rd0gnySj2GCQ&V`WJ$)Lh1LWz`U2uaum{24jl7s=wcEMe8 zgW?b|B=npz?e$ppeGDMg*ejR=@XHi?Q*l!fAn0>ZR9KJR@Iw=OjN_{!R#O@-k9;o0STARo^7!;d{7rH=OZWB%}9crftD zY(L(Ae*6hu*UxL@c77%|8sUY+}eL`r0jqzHP%24_Tvx( zt@3*=6u42`CZLUlMbOynbBzX{ZR|bWA;+6Zjw`XqT&G#5poF#eRE>xgO4=x;W>aMW zfEop2xCz!_hj z77`7E7)4shDk~s{lNQcsEmBU*hY4>@i-uHiBT$qpODZmrQ_@BX1_61vjPX4V&@FmF zJs3c-XD>~QW~3->zo14bt+^02T(pQZaNAgL`FSBrGm;o+l&uk?%DUEw5w&O?v}mzi zXe=^f6!!~VXK8AIf{$+>V?e@k+@3yt^Y;4bQ-R|Q#ka`sd~e|>g7?Q{ zCJE4TpZfrPf1jiAaXbJ&Bw18UVgw4Etu=VOJ!IdGI^F77UiWSCS`I^}RE!;glheNz zUkRzs@y;pbIN+Cw0IvL#8H?NmD%CATZ9J4*oPZ9d7+UL-7oUVkWM@0<13o z&*AZbZU1$2xV8VdDmF0e!EI&JO%m{FFN+PftF&~5J4X@*m4e95o{fcL;zKpr%OrL0>MFyZZT!HS$0DN9U*p8cvVQY zK`@~xRtY~>f?x`7RR~6q(gzazt3oh^w<-kD4B{Z&IF?6H!mF8t4H0B8zD4W`1;}IP zK~R?&zBF!BER%Wv6@Nd`AQbd>fKjUwmK+JV;UB*{J#e0^aq~Y+mV|LPUI-q*q+C=)_$*{muY9 zgCUs0djw`lz;F~G0SqHr-8h;>Y+lo2WsbpxJ&s0=L~KofRG|xJygxF)mHgt#k4X@` zfitxC?^!M_5nS-(yhhKpL!<7F+!d4gb*(mk;|6@!3KRP(x>i;)Vc7V8g zE6Dtf-LO;Z`6UeGZIQmUQ}r@N>7sQp^^LwaRJ>myq;5!3=0y46ana|^+v^us16F0j zu6r++-c$s1X`$?Pw69>aq`qw5ODH3=<=R&;lsb1;vPHKfO)IMKgP{*5gfQhREZf%) zmT6zXXx0B}4oBdo`5HCd4Spk(SJy!GYy^H6=fMv61qB}A92@~x&(2@TJoML77~X+7 zk$%58qzncD=al{{KZ>4lrf0wz9Pq~<-w!%KkyGT52dZyb3(tv{%upzK4e>1ZMBQ(2 zwv@xwj-(Tkgg$@_3g*F~vkQP;!KTGbNnieUBD8Y{~S`;i$9~Uh$tJ`#DG$6>TXi;QE7CT4AB@E8kO$*+`Jd3fU ztL6%6VI1@e(85WG3}i{15GRYV2uW5(ivlaMAb&A-ayVu2V`QNJn^nw;71E->iY$1h zj@=wi#Tv=67|Rf&r42}NXEtp>_=zSTzn1$Iv5)Z8Scxca)f%)6I~WIIIim48njsq) z*Cv{}RC5)S#fis~7!6t(l9c0@8IqJCsjH;OcD{Fy72)$Cp=go>(ph;<67T>eBzb^9 zK&OzCx@7PS_l(Z>;4SCf9xz3_0+ezEOeiXL+IeU*A|lk|3HIDgR9`F^OSGBUjG?Nn zF`2PyYIB+I!S$3-B=~bVKV~x$g7F=i({akpKYeOo_Vg*Ilwsh>>+S*^PDnhHTQ={t zvK^tjfFi_MTQRFNaqe&^jPcA(NyHva6$&4F>7Rp{FG7rpDfS%4AA9;Q{YI-MKBh_v z{YI-QKKArq`i<06eC)~p^;4>Ht-%%rHh} zQBWYnqm(%qfqnV0c&ztB)AiSFog=Q_N^n;5RBE~ zw@J-xz84WAWyEa0mm)I)zx`o23Yp}w^1Hi8q@YQ2r6w>%%{s^{AaO$ZIv4iHw&H1N zB0Fi6^&$IoxxsMIby=c*>D#bBUn#r)HFx7>+o-YsIyyWn`hO3%_Fo$*JDEd9sMBdTga)prY1RMtmRz*osWLs|N z1;oK!wj(S%M>#0v^U@s0#)ul3jF&~UG%0ceMDy`%e#Yp*lCsDIj7`apPo)p$^=rqWfLdMID^sNJqfBg$87uO&$4~Vcq7OxfmpkN$!Z(xWu#VwcrHdqbB24; z6XFid4-Bh)&Lr}G4+^yo9ksp&v-+>5l<|M5n7o2EYWTl{)3Y<%{_k`f|9>-O2Rs)e z-GcdBU3{MAtla7X^3FEu8JeiM`Bi6bu%0rhA>f1P?h?gB~xmbUB(!vX%c=GMf1^*D}SAKljYP~69)x_OtQv% zuSK%2UC{0JABz~Hk*nWK^ZIYmyAhB*5|231N8s?~HjSB8%JzTb`fTYoYWM$RJO9_| z!QnRk*G9@t%3y3IfNxd;cno_v$B8qy^?P|bAwetF_&JWnJ?8vv{47S0ZEqBtl(PNb zFsxX*joSVHu#o@%;CRdbZ=~!1J<{9#KMVLpk-D2(a{tf6`cv=!_;dZvpH4-fLIx?? z@i%)ginhD{%1hb)PgfWMxYquo5dZ(=^l-S{|2I)~lq2WX_~R=!{!p>|z8%XC)uFA~ z2WW2gVF$llXwcVb^U)B&##n9*J`6K+8HBNx!%~|)uuMIS7>-*zk3Us0`M>xEdTR*( zSQr24@c78i|8RJ=<^MKQcEGzI&Y!j7{z`ej6(@SA+H{-qX`4#?P{R%Kwbhim%O`>m ztt}qvNFzM>!2hjrtY0=Ugur#lctkFQOJfkNK2b#D!L3GEJ3`hYTs`Q**SR5G4rP zDLPh)u$`)-CDv|)gWw9q_t-<{o=1{UZ$GQdN&rQs1knh9x)qg^KpBqdnbJ3AhZ|w) z!nR&KYnG+J!m^mLz=>xyh2tbZu06eoaNR!aKzJ;mk5j+!9DWN<2?25dBdl!uR*P^7 zcPwRMjd`=4G(mXqLF8%p*go|~`qzul$me3B+`3dC93x7S*h8zPa0++T6ixxJoWcgm ztEBKfif@Yh@bVNEa2KL(6NFRhf_hC!V+t#j7b@<3I1$>0!p^qzK0MZtB`vFW+yxLG zh~Ne$!YfD+H0D61>L^2Bri)pc!UIb|yc&c<5s+d%2`vwDG#~Q@9cp$B;0d+wD;uQ59iNnBDUx%6#+;%wxbRJ=@Mz45!jH_ z9&@^*;!-lO6-Qd8U{1LxGwQ^iOq3u?$^}?8>QXKNAWpaZSGP)S-U5n92n3lYE!p%A zW2ne+D3UVm@jue9im8rDz-s~s5HP}fxBOR@ovC)3Sj#R$Oug7sVoP=}u&N=5h)>%P zn{QYvA?s|Ob*6%bf1Zm6Q~ysr7@%h;W_W@<$X4Y2S!@4sGA!7CpBx@<_5T|wJK&0s zIxvR)5ncv7K83$P$zCv3R9arC?->o1==NPm4L9Xj#l_24#Ez3c3n-;0sp3HtR& znOfOZYhufc4r-Aym7{CXwmLAYMGE`ooT`?)*q7p1qBwT$*V9WwK@M1O=VFJakJ2W5H#YVKr&@4bA|DcA? z)>SI_Y`bj{Q9}=c#Y|;(5sI1C5zj#8HIU()dbbY(tVAnTkscvl*$}isiYV1?yC8Eoyp_B3fd2!l8g2py@?smossbN8QB-l_Ia~>T529rR?0oy0VI}IE!D6}tzXp4w@h2oHfpGC zMi%`_$eq&B?72J2U@lQ=#{B045SPUhtQbmJc8Ws^db&?4j;oHgJVmisbPp&9c0q*V z42iyL9xO1@n;=7{vjcu0Y$_*Hj40=`a0p-;ic%!&Q+u=#Sb>$&^Uos%{dr44{(JG6 zp*V!WMaWP*fvboCR3rbLo}3i?zmAVixANa6ikAQMu!D5m7fS}1mj{iKiiY{xYxWl~ z+gc>0U#lF$>vt^3VWx$J!iudKpZs;2QA~Lus}Aan(M1dkJ$f$5YW_^HS5Jl7xh78Y9sonNiU9rqM2-e9n3ORrN@MySRKN zqE#lbkxDPWj+Ckaip&Y%FE8J>q?cxS+WLJr6tzvv+N6y&gqm8+wD9ta(4XhM8p;V$fmvk| z*F|V{Jw@pjEK;?JhN=nB2)$xn)tWFtPEP3BPJvp9Ukm*MY!CMR$!)w^jZz! z9h$3)?FeEs$1x5w!>%$8EagFX>qS;bGDxcb`jV3qvq$?zl87vOVPS@~<9zayv&i)9 zo7o4ibn5De_}{7Pxm&~lj3N~JNHS5vQVfibkA*}3xERD*#L(vKqh>M51BeM>0ix8( ziwr%FKh!;Iz<|BHd_S(?mR?@Im;BLflxU`82V8{zl6@08k*jCtuU>%n7yE{CL|!^S ziP1!T6y9SW!+}R;`y3SL9(3DZY3*47q7q&0ms*dMANsSE9RIh%m``S@jsG+(@PCJA z+xUMQDLde*dHkovjQtuheC=X?x3KJM#@Na8wJtzSYcoElj#o8foA6~A3_cj~SU%QZ zP-FCEd)uqVo&NS^7_7uu z2>zOgJFaI5Wn`vXbKM1$VjwL0n$JYbkw^2 zQEAl4;w@EqS4f?cq_zalx6a4ucf*Il0V8!KY0%vQh~HDzPbe)xfWyr1f}zh$HL~Rc zzhuetf5Po&U%ByJT&{=}tn>dkIk4kDog5t=Z~4DXlpTB!)NrdL(yujXMlD>^azwPTkyEc512C0MyO( zo&^|%?Ba44ydhyTOM^xok@u4WPk|pWJVPX5SI8rwPbHs?!_ui$*AWFy$RoN7j@}LT z{(5>m92UD((Gh)badFvX+Lqdd*hV3B0i<$ORZrWYvhvc5NP`dAkCG)=YM5bLWz0aP^E4L&KPVY>a=0CqhjeyuXTo(vH->^wikT~<|=Rd3qh2n6y zhs4#8brq3*Oky?ye;pdo2qPW|MqtWVWP!U>wf{Q&ie*@r{P%|Vh<9#7{{N@L!-D_+ z!P(hX{@X;^0eZBz;-4jeZN__r1Rw&LGb{CfoAUyC)e3h8crB3hF*vO)>0K}W7* zKC)iTF1+j-N&CZOb0AXtusURR!7JjypmeEJbVNuBgAb{U@Np0-p2pn~dyTZ)wK!}c zDddA8qR$bb$k)*uLgJVBVLk%EmLn%*oyKylyv$5lMX&-n_Hl`#&c!g&9MHEVt?Czg zm5jjA@avXhw`I}dlK<0fWkqdN%l`*Q$0zpv@A2`$*8gK8We2E$tILT0?d$?wCAAfF zgI{$lh~>)?YKFzk7@L+ggqm2snA}@?Qn$9cbQNWN=5D~1vSZ=wNh>Mk>~4c^TN{bG zN+rRxF{z~0lG&S9QmO= zVP&SeUy59n1gj0DvRQ%^EsMVh)hY<)4nbmm+tR?fSjMSgo0DeFO<%?-Nk808CEj-7 zN(yaN=q^eGWs?vKCCDGHggd4Um7wRsTgIF4)_y+NP%(tAeQ~jjCpAo~kc}3TGjv1zOooRns z`a>E1FcTOAH_*FNItZ#$LSE`7{`h0;m|-afy(weSuF$#CUBJ9(7bJevAAsI@K#3%n znt7SOzuX34=yNzXh|2H90|5xYSX949F;f|qyoevsF#;h%KJqJXq-(E4mglePM$>&~ z@&q-vx9^lECLH@99%`Pq2^tr%!i55{fVaPoJLuaP{`p z`|B64{_*rF2$6>jYrSjw4gmSDL^8j2gkRPAZ66UsORNeGhAM{&xz@ruX? z@P^#iUeY%tSXo$#9_<56?YI;wpax7B*;Da9$^%o>`9#VK!wsY}Q!3+HpUSkBcB=dy zTu%u_Vsn$DW?p-8Q56OOc=}ZJ<>}Kw=X+DI<@I&}4ksj@$ryNi!$j)Ra~DvA3gPob zdPXuy=P@V6hg8J-*fYJ|c&|TbneSuIFof)Xqc>xY`yZ7LY*Y6?!;_=ok$wMjcDjxK zu#uA9{{S`Yk1+d_xxGHNJW%dC4xN#*l5)#ugtA(zzOpEyH~2td$(=%L5w{R#BA58Q z!3{wbdIb&s@~NxJ^zg7`E}u!y#U!?AG+L!?ZHyj?Yb_@oE7uWYFd}|2=33d_);0uh zqppAXK)gnR` zniL5#>CIA03)ae}1Cd)z3>G5*eU1X`VHV8A_gI1uQ<6&xkx<3>Jsq^J4{jh8+AcN) zWBqjSAs5t+3%~wVguFo|&b20)sSpErGq+yhoBI-))_*AL5Jns`IW5fT5bOepDYiiNVNKmHhl zo;YRuk{aJp&;+;DQe#RedxIE%TMlSJ)pZF~%qC4D7!V{in&7rtYDnHw5&snq?;O)| zA!?M6!qHxVBAOaaa9b@kVni8?S*3^nf(BtF^vJg;NO2xKzKOzU7{EhUk4P) z`q#!BwPaFMHzg*?!Qrrz;>Q?AB0dJklP*J=*3{7Jv^JgX+ULekDJC*KIa;17i&JCpf&ZCm!!|!R zK8VTjQO=GOt?@FnX+#Y_q_t7Z7NbVVUYa#1_DyBP_#=*K>Z_*rjpuK!z-2zzj;OZ_ z%wNA?HvLKRY5zZa*Sp)cZpHUGPeCLf<^+jmCrw%iSb!qyunucFq%8)l2qIdd9j-Fz ziE^6Ui~9!m74FO3C%F*+NF?>gBCR?tV74C|QsO!Mks=QddCoajig)R~DsV+3rzy&M z>{I-{l(yAHBg!%Pe0yln6KH(w!CUX-ibg<}#m~CkS`R(Oz+Xy*!=D+56kib-z4`wN zrpMsTBWAgi{f0XlUs{fvEHr-q?bpAE=5Gs*FX$->s-r7fMvd2i`YVVyRIQ?&GaO=L z{vE=>8QT;PXE@Mo)))_S`>TqHhTtm-M%VPsBZ^l!D(1-#@jXgbDN?>9tDMGf$Qh05 zx3g?Mu*6}aQR6ELJSy$Ai(Qc%FVIyA8M|)TBMrQZwJGv-Wqha3J%n=smfiG=GQL0_O33J0unw1}~-3$E<9<@Zp6 zbR?#TqazRzlm~eE@FKv=yA@ex_yMPAj*`12&GI{b@)T9(9!9T9bAy6zO1~nOD-(}@ zbB7uunt@38*1$8($8Lctq0-_FC5M2l7SjSz4QbhyR%Vx&%xq!bD66Vx_X%nYKC52w>|-%tGhzCqon+;4AJH7q1#cM zQSv`JRrx$m{q4e;P>VY(e37)4R~fgXAgCM?RCWTKt+)Cl-1g)_F;$oO9l@3rZ{Z#Q z2A>1j$gDSgk#ML|v$h69nT8shp6a+6V)y~qmW&Yadjzteet*C$SH~V9V03{_)St4n z^Gr1alkr%qMjr4~%{c*hSv(Y||CKlKim>*)cxUm%Q1*bbAf+)(twNU549<~NRwFd& zM~K@8bx@na_{(a^jIwfl4~-L%s?>BV54feEpkZ)u0ww|fXXTB9v6jaW%;I}wy-C<4 zU=Ohh?sJmR1;iwfU+$jS$RHss5cLFXHJjnb@&UTE1|YATj|P&^oEdQNaT$XB)BT3W zQ9_vNT}=_Gj|HXs4drQpR*O)QhM?4uYGpN*VF=DH%8_KR{&E=0?31|2-&0T;`<03{ zsbmPj`Nb9b+Ml-DT zux_>FZDrNH&1Ukjs1e~(>U?L)u9-VcdRCA1}~Pl=Nb`HCB**$nf#M zbys^GM4Xt7DT!BEhDclsH`kxp65YSkY>Jbp8Q(go(d#s&Uys2JTBa~Y$3VQl#v)(_ zaf*_E(kc4~E`+3~f8hl#{X=$z`D%!c1wb^3%r4Sc?jYraGF!zlVr;fbYjt_CeAdo# z2Prp}bC~6r%>Ra9l463i(^VgqZPEtI?WCMoj%gti7SrWBJId6Wv0P(0x~AkUNzfxI zN3%7S4N@cdEWa2ee;@W?xe&YQY}V92UIXL2ePDEu@p?$B}r=x9V>IVFP@IZ8Y+J&qJxlFHYJ6bkB2Nj@rZK|NYq zj6=W|V_w+2?1kV|Fw(lhgh0loYo5?6Es8!Dh2UIrq)(|KkkhDD#?<55ho-Vx269EV zaoAMFmSW4Wzz8dgi^_S6Ti;f?sLswk0`lL!!4&xUmz`Ia?WM;3zoClWoW`2{|Jln6 z+yBeO`1HkY|G$lN0ID+xe-ALON&r1|Ie8h#xr?_umra!gEomrEE$enR8O+gq?Gt>{Y_r@<<+PX7Z|zV{k*$6qEU1m@V`etdp=rSaK7Jzb0phe+ZXM*y&Hx8itu>{KS>CTvuDw<;@nMzC zk=ARyMdx*`6BWw~s&>_1Y$_U?TIM@k+?>wter3u z@vO{4=Wi{_Ys(4X!sRl>F)XA{`S$~6m=aT*K9l0K=!X!f$w9oLcZm{O%^|942W9`N z99^s&NS?J?D9?op0>C;2R(anO2$pQ!DE|$3_VcG6^55CyWi9^icz6D@m2?1n&wl#L ze42#kF3|bNZa!k0hfLS5hAuwJ@XPyL#^veiq?>WJN> z3A + Same as `--authkey` flag. + schema: + type: string + default: "" + required: true + private: true + - variable: hostname + label: Hostname + description: | + The hostname for Tailscale Node.
+ Only lowercase letters, numbers, and hyphens are allowed.
+ Same as `--hostname` flag. + schema: + type: string + default: "truenas-scale" + required: true + - variable: advertiseRoutes + label: Advertise Routes + description: | + The routes to advertise.
+ Same as `--advertise-routes` flag. + schema: + type: list + default: [] + items: + - variable: routeEntry + label: Route + schema: + type: string + required: true + - variable: advertiseExitNode + label: Advertise Exit Node + description: | + Advertise as Exit Node.
+ Same as `--advertise-exit-node` flag. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace for Tailscale. + schema: + type: boolean + default: true + - variable: acceptDns + label: Accept DNS + description: | + Accept DNS.
+ Same as `--accept-dns` flag. + schema: + type: boolean + default: false + - variable: extraArgs + label: Extra Arguments + description: Extra arguments for Tailscale. + schema: + type: list + default: [] + items: + - variable: argEntry + label: Argument + schema: + type: string + required: true + - variable: extraDaemonArgs + label: Extra Daemon Arguments + description: Extra arguments for Tailscale daemon. + schema: + type: list + default: [] + items: + - variable: DaemonArgEntry + label: Daemon Argument + schema: + type: string + required: true + + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Tailscale. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: tailscaleNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled.
+ schema: + type: boolean + default: false + + - variable: resources + group: Resources Configuration + label: "" + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Tailscale. + schema: + type: string + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Tailscale. + schema: + type: string + default: "8Gi" + required: true diff --git a/library/ix-dev/community/tailscale/templates/NOTES.txt b/library/ix-dev/community/tailscale/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/community/tailscale/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/community/tailscale/templates/_helper.tpl b/library/ix-dev/community/tailscale/templates/_helper.tpl new file mode 100644 index 0000000000..a9855045e9 --- /dev/null +++ b/library/ix-dev/community/tailscale/templates/_helper.tpl @@ -0,0 +1,32 @@ +{{- define "tailscale.args" -}} + {{- $args := list -}} + + {{- with .Values.tailscaleConfig.hostname -}} + {{- $args = mustAppend $args (printf "--hostname %v" .) -}} + {{- end -}} + + {{- with .Values.tailscaleConfig.advertiseExitNode -}} + {{- $args = mustAppend $args "--advertise-exit-node" -}} + {{- end -}} + + {{- with .Values.tailscaleConfig.extraArgs -}} + {{- $args = mustAppend $args . -}} + {{- end -}} + + {{- if $args -}} + {{- $args | join " " -}} + {{- end -}} +{{- end -}} + +{{- define "tailscale.validation" -}} + {{- if not .Values.tailscaleConfig.authkey -}} + {{- fail "Tailscale - Expected non-empty [Auth Key]" -}} + {{- end -}} + + {{- with .Values.tailscaleConfig.hostname -}} + {{- if not (mustRegexMatch "^[a-z0-9-]+$" .) -}} + {{- fail "Tailscale - Expected [Hostname] to match the following - [All lowercase, numbers, dashes, No spaces, No underscores]" -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/library/ix-dev/community/tailscale/templates/_tailscale.tpl b/library/ix-dev/community/tailscale/templates/_tailscale.tpl new file mode 100644 index 0000000000..2157ed1352 --- /dev/null +++ b/library/ix-dev/community/tailscale/templates/_tailscale.tpl @@ -0,0 +1,138 @@ +{{- define "tailscale.workload" -}} +{{ include "tailscale.validation" $ }} +workload: + tailscale: + enabled: true + primary: true + type: Deployment + podSpec: + automountServiceAccountToken: true + hostNetwork: {{ .Values.tailscaleNetwork.hostNetwork }} + sysctls: + - name: net.ipv4.ip_forward + value: "1" + - name: net.ipv6.conf.all.forwarding + value: "1" + containers: + tailscale: + enabled: true + primary: true + imageSelector: image + command: /usr/local/bin/containerboot + securityContext: + {{ if .Values.tailscaleConfig.userspace }} + runAsUser: 568 + runAsGroup: 568 + {{ else }} + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + {{ end }} + readOnlyRootFilesystem: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + env: + TS_KUBE_SECRET: {{ printf "%s-tailscale-secret" (include "ix.v1.common.lib.chart.names.fullname" .) }} + TS_SOCKET: /var/run/tailscale/tailscaled.sock + TS_USERSPACE: {{ .Values.tailscaleConfig.userspace | quote }} + TS_ACCEPT_DNS: {{ .Values.tailscaleConfig.acceptDns | quote }} + {{ with .Values.tailscaleConfig.advertiseRoutes }} + TS_ROUTES: {{ join "," . }} + {{ end }} + {{ with (include "tailscale.args" $) }} + TS_EXTRA_ARGS: {{ . }} + {{ end }} + {{ with .Values.tailscaleConfig.extraDaemonArgs }} + TS_TAILSCALED_ARGS: {{ join " " . }} + {{ end }} + {{ with .Values.tailscaleConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: exec + command: + - tailscale + - status + readiness: + enabled: true + type: exec + command: + - tailscale + - status + startup: + enabled: true + type: exec + command: + - tailscale + - status + +{{/* RBAC */}} +serviceAccount: + tailscale: + enabled: true + primary: true + +rbac: + tailscale: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ printf "%s-tailscale-secret" (include "ix.v1.common.lib.chart.names.fullname" .) }} + verbs: + - get + - update + - patch + +{{/* Persistence */}} +persistence: + tun-dev: + enabled: {{ not .Values.tailscaleConfig.userspace }} + type: device + hostPath: /dev/net/tun + targetSelector: + tailscale: + tailscale: + mountPath: /dev/net/tun + var-run: + enabled: true + type: emptyDir + targetSelector: + tailscale: + tailscale: + mountPath: /var/run + cache: + enabled: true + type: emptyDir + targetSelector: + tailscale: + tailscale: + mountPath: /.cache + +{{/* Secret */}} +secret: + tailscale-secret: + enabled: true + data: + {{/* Name "authkey" must not be changed, it's what tailscale looks for */}} + authkey: {{ .Values.tailscaleConfig.authkey }} + +{{- end -}} diff --git a/library/ix-dev/community/tailscale/templates/common.yaml b/library/ix-dev/community/tailscale/templates/common.yaml new file mode 100644 index 0000000000..7f46c93af7 --- /dev/null +++ b/library/ix-dev/community/tailscale/templates/common.yaml @@ -0,0 +1,6 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "tailscale.workload" $ | fromYaml) -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/community/tailscale/upgrade_info.json b/library/ix-dev/community/tailscale/upgrade_info.json new file mode 100644 index 0000000000..767388094a --- /dev/null +++ b/library/ix-dev/community/tailscale/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/community/tailscale/upgrade_strategy b/library/ix-dev/community/tailscale/upgrade_strategy new file mode 100644 index 0000000000..3455360789 --- /dev/null +++ b/library/ix-dev/community/tailscale/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + +# Minor part of version is considered "stable" when it is an even number +RE_STABLE_VERSION = re.compile(r'[0-9]+\.[0-9]+[02468]+\.[0-9]+') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/community/tailscale/values.yaml b/library/ix-dev/community/tailscale/values.yaml new file mode 100644 index 0000000000..7f5640fb54 --- /dev/null +++ b/library/ix-dev/community/tailscale/values.yaml @@ -0,0 +1,23 @@ +image: + repository: tailscale/tailscale + pullPolicy: IfNotPresent + tag: 'v1.38.4' + +resources: + limits: + cpu: 4000m + memory: 8Gi + +tailscaleConfig: + authkey: '' + hostname: '' + advertiseRoutes: [] + advertiseExitNode: false + userspace: true + acceptDns: false + extraArgs: [] + extraDaemonArgs: [] + additionalEnvs: [] + +tailscaleNetwork: + hostNetwork: false