From 10386c2bcfea4e3daa59a806a63e425e67976afd Mon Sep 17 00:00:00 2001 From: afeiszli Date: Tue, 19 Oct 2021 11:43:31 -0400 Subject: [PATCH] initial commit --- Chart.lock | 6 + Chart.yaml | 29 ++++ README.md | 124 ++++++++++++++ charts/postgresql-ha-7.11.0.tgz | Bin 0 -> 53745 bytes index.yaml | 53 ++++++ netmaker-0.1.0.tgz | Bin 0 -> 60499 bytes templates/NOTES.txt | 22 +++ templates/_helpers.tpl | 70 ++++++++ templates/coredns.yaml | 85 ++++++++++ templates/ingress.yaml | 236 ++++++++++++++++++++++++++ templates/netmaker-statefulset.yaml | 133 +++++++++++++++ templates/netmaker-ui-deployment.yaml | 25 +++ templates/serviceaccount.yaml | 12 ++ templates/services.yaml | 72 ++++++++ templates/tests/test-connection.yaml | 15 ++ values.yaml | 124 ++++++++++++++ 16 files changed, 1006 insertions(+) create mode 100644 Chart.lock create mode 100644 Chart.yaml create mode 100644 README.md create mode 100644 charts/postgresql-ha-7.11.0.tgz create mode 100644 index.yaml create mode 100644 netmaker-0.1.0.tgz create mode 100644 templates/NOTES.txt create mode 100644 templates/_helpers.tpl create mode 100644 templates/coredns.yaml create mode 100644 templates/ingress.yaml create mode 100644 templates/netmaker-statefulset.yaml create mode 100644 templates/netmaker-ui-deployment.yaml create mode 100644 templates/serviceaccount.yaml create mode 100644 templates/services.yaml create mode 100644 templates/tests/test-connection.yaml create mode 100644 values.yaml diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 0000000..035a2f3 --- /dev/null +++ b/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 7.11.0 +digest: sha256:849759b9fd9d89bf0d47a271334889601010d1d11dd5c00562c18feafd93356d +generated: "2021-10-13T14:02:45.428151972-04:00" diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..e036b10 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: netmaker +description: A Helm chart to run HA Netmaker on Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.9.0" + +dependencies: + - name: "postgresql-ha" + version: "7.11.0" + repository: https://charts.bitnami.com/bitnami diff --git a/README.md b/README.md new file mode 100644 index 0000000..8aca577 --- /dev/null +++ b/README.md @@ -0,0 +1,124 @@ +# Netmaker Helm + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) + +A Helm chart to run Netmaker with High Availability on Kubernetes + +## Requirements + +To run HA Netmaker on Kubernetes, your cluster must have the following: +- RWO and RWX Storage Classes (RWX is only required if running Netmaker with DNS Management enabled). +- An Ingress Controller and valid TLS certificates + - This chart can currently generate ingress for: + - Nginx Ingress + LetsEncrypt/Cert-Manager + - Traefik Ingress + LetsEncrypt/Cert-Manager + - to generate automatically, make sure one of the two is configured for your cluster + +Furthermore, the chart will by default install and use a postgresql cluster as its datastore: + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql-ha | 7.11.0 | + +### Example Install + +``` +helm install ./netmaker --generate-name \ # generate a random id for the deploy +--set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/grpc ingress +--set replicas=3 \ # number of server replicas to deploy (3 by default) +--set ingress.enabled=true \ # deploy ingress automatically (requires nginx or traefik and cert-manager + letsencrypt) +--set ingress.className=nginx \ # ingress class to use +--set ingress.tls.issuerName=letsencrypt-prod \ # LetsEncrypt certificate issuer to use +--set dns.enabled=true \ # deploy and enable private DNS management with CoreDNS +--set dns.clusterIP=10.245.75.75 --set dns.RWX.storageClassName=nfs \ # required fields for DNS +--set postgresql-ha.postgresql.replicaCount=2 \ # number of DB replicas to deploy (default 2) +``` + +### Recommended Settings: +A minimal HA install of Netmaker can be run with the following command: +`helm install netmaker --generate-name --set baseDomain=nm.example.com` +This install has some notable exceptions: +- Ingress **must** be manually configured post-install (need to create valid Ingress with TLS) +- Server will use "userspace" WireGuard, which is slower than kernel WG +- DNS will be disabled + +Below, we discuss the considerations for Ingress, Kernel WireGuard, and DNS. + +#### Ingress +To run HA Netmaker, you must have ingress installed and enabled on your cluster with valid TLS certificates (not self-signed). If you are running Nginx as your Ingress Controller and LetsEncrypt for TLS certificate management, you can run the helm install with the following settings: +`--set ingress.enabled=true` +`--set ingress.annotations.cert-manager.io/cluster-issuer=` + +If you are not using Nginx and LetsEncrypt, we recommend leaving ingress.enabled=false (default), and then manually creating the ingress objects post-install. You will need three ingress objects with TLS: +`dashboard.` +`api.` +`grpc.` + +The gRPC ingress object must include annotations to use the gRPC protocol, which is supported by most ingress controllers. For instance, on Traefik, the annotation is: +`ingress.kubernetes.io/protocol: h2c` + +You can find example ingress objects in the kube/example folder. + +#### Kernel WireGuard +If you have control of the Kubernetes worker node servers, we recommend **first** installing WireGuard on the hosts, and then installing HA Netmaker in Kernel mode. By default, Netmaker will install with userspace WireGuard (wireguard-go) for maximum compatibility, and to avoid needing permissions at the host level. If you have installed WireGuard on your hosts, you should install Netmaker's helm chart with the following option: +`--set wireguard.kernel=true` + +#### DNS +By Default, the helm chart will deploy without DNS enabled. To enable DNS, specify with: +`--set dns.enabled=true` +This will require specifying a RWX storage class, e.g.: +`--set dns.RWX.storageClassName=nfs` +This will also require specifying a service address for DNS. Choose a valid ipv4 address from the service IP CIDR for your cluster, e.g.: +`--set dns.clusterIP=10.245.69.69` + +**This address will only be reachable from hosts that have access to the cluster service CIDR.** It is only designed for use cases related to k8s. If you want a more general-use Netmaker server on Kubernetes for use cases outside of k8s, you will need to do one of the following: +- bind the CoreDNS service to port 53 on one of your worker nodes and set the COREDNS_ADDRESS equal to the public IP of the worker node +- Create a private Network with Netmaker and set the COREDNS_ADDRESS equal to the private address of the host running CoreDNS. For this, CoreDNS will need a node selector and will ideally run on the same host as one of the Netmaker server instances. + + + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dns.enabled | bool | `false` | whether or not to run with DNS (CoreDNS) | +| dns.storageSize | string | `"128Mi"` | volume size for DNS (only needs to hold one file) | +| fullnameOverride | string | `""` | override the full name for netmaker objects | +| image.pullPolicy | string | `"Always"` | Pull Policy for images | +| image.repository | string | `"gravitl/netmaker"` | The image repo to pull Netmaker image from | +| image.tag | string | `"v0.8.4"` | Override the image tag to pull | +| ingress.annotations.base."kubernetes.io/ingress.allow-http" | string | `"false"` | annotation to generate ACME certs if available | +| ingress.annotations.grpc.nginx."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPC"` | annotation to use grpc protocol on grpc domain | +| ingress.annotations.grpc.traefik."ingress.kubernetes.io/protocol" | string | `"h2c"` | annotation to use grpc protocol on grpc domain | +| ingress.annotations.nginx."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/"` | destination addr for route | +| ingress.annotations.nginx."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` | Redirect http to https | +| ingress.annotations.tls."kubernetes.io/tls-acme" | string | `"true"` | use acme cert if available | +| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-entry-point" | string | `"https"` | Redirect to https | +| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-permanent" | string | `"true"` | Redirect to https permanently | +| ingress.annotations.traefik."traefik.ingress.kubernetes.io/rule-type" | string | `"PathPrefixStrip"` | rule type | +| ingress.enabled | bool | `false` | attempts to configure ingress if true | +| ingress.hostPrefix.grpc | string | `"grpc."` | grpc route subdomain | +| ingress.hostPrefix.rest | string | `"api."` | api (REST) route subdomain | +| ingress.hostPrefix.ui | string | `"dashboard."` | ui route subdomain | +| ingress.tls.enabled | bool | `true` | | +| ingress.tls.issuerName | string | `"letsencrypt-prod"` | | +| nameOverride | string | `""` | override the name for netmaker objects | +| podAnnotations | object | `{}` | pod annotations to add | +| podSecurityContext | object | `{}` | pod security contect to add | +| postgresql-ha.persistence.size | string | `"3Gi"` | size of postgres DB | +| postgresql-ha.postgresql.database | string | `"netmaker"` | postgress db to generate | +| postgresql-ha.postgresql.password | string | `"netmaker"` | postgres pass to generate | +| postgresql-ha.postgresql.username | string | `"netmaker"` | postgres user to generate | +| replicas | int | `3` | number of netmaker server replicas to create | +| service.grpcPort | int | `443` | port for GRPC service | +| service.restPort | int | `8081` | port for API service | +| service.type | string | `"ClusterIP"` | type for netmaker server services | +| service.uiPort | int | `80` | port for UI service | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | Name of SA to use. If not set and create is true, a name is generated using the fullname template | +| ui.replicas | int | `2` | how many UI replicas to create | +| wireguard.enabled | bool | `true` | whether or not to use WireGuard on server | +| wireguard.kernel | bool | `false` | whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). | +| wireguard.networkLimit | int | `10` | max number of networks that Netmaker will support if running with WireGuard enabled | + diff --git a/charts/postgresql-ha-7.11.0.tgz b/charts/postgresql-ha-7.11.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6c79ddd50c41df1c04a80a2d730d8b6b29630c17 GIT binary patch literal 53745 zcmV)UK(N0biwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UC_aDtQ(%?s#GY%)lJn}--OO3FtRy<^hgMR$XYTC$ z6o`Z*Y$$?FKz7_|fA`E@WsyqT3EQgAC3fMF%j%Kck3Z5_G`z=>ZJG z_-DJ_Y(H0WMjsNN@l^ghE0w6JVE&g|u^W;&Mr&%^79^ zT;ZlmRwwH30|2gL1kKOQ&j%i&ZiGW7UI`Hea}t4}6y5QEpMx9Bmf(FCz{p)Hg+6vg6Tt-x-~vSl031drTrHv_00R#U7a<}3QS)F)IN_Sc1!l|j%%n|` zeZnGyPF9dI6vdxXBk2IUoLCLXY$l`>F?vE7bU#s})(KuMOdz6wb9&nPeER%FGYl37 zpU~|Mi9EsLq~L)AWLx-K(GcVFfdf383ztn;>8lcYlwX~!#-xW z2P=pJ262EQffKDD_IbbRm;Yt7>j0>3|50_L{FUYkCF{tQGE%~1^{?X*_Y;boR8w`e zo12?v@}Wth#mPY|Hm{rQcC&Txwa3=?@YwXfPux%Y#8ILDTQ>dwy#1*EAL6-3)!lCK zsR1t#WgS45@bu-Y4*UVWn!kSa3eMYYuigH^J@tM-u#MpBnfK~-3%>XPxu>sQpSDk1 z?fHw>sO7fi(0x9C`NON(^V9!m9V}3QBFK=}0gcnvY1?VHoYw0}>t(0)s?&PeY`u8? z`iIx;_KW}5cpU#Vp7i*?hW;ASeH(zKh&2q{P0TSpNJn6_E`xI_W59rjZ0Iwl3CBb8JPq9T8q9K_?eZSZV@daB@Nw1 zitoX&Im3Y$-hlJ7?hx?5?F==F7DC#*IRdG@Ar^>MZi;nY6M8EgBqAwZf-ZkqAdQx4 zRp1jDG{M`&&r+=fe1>rfeui&c1Iuci1CZ9=9nfeT0Py4q=rYl46L^8ln~1BEaVHVz%ctX7{v%$)dz9zOAlv@XcJ9%iejM_2qh z%|G>;3y>sBifwsm*%PvSN-E-Nsm?3|c960pgq5B#CCr(W%Oo)&$NCXZpeFr8oL2E*X256y$f2vIf zN0Wt>L8TlmXM__Aep=5^6d;Bu=*bU2e&LW(MLW7CUzbDQgeXYrCLTP{6K{aw)Z;CI zo-m`J?}G>_7YsP0>zN~$asWn%TW{R#qS!+b@{XFI&+RO}(h}xJs--!^9q{EYN7y-> zAwQuRzsO~RB2N|&UPM!Z4v`(HkSYVT z&=uSgCLS20=o-5SbX}LM1FpY7gyzZW`BU8SO-xQa;?ffa=_h&;+q_OlJSTRt8SkkC z?LZ0ogj1p3DQrsJsm7=C2li>6TJh1?M1k5hJr;UXZEb9+TR1e9`? zLya?ngYn`*7sNwp=}mvjO0Smzf5_EI7?BxLE6-Wn`JPzTapYW4@V|8drQAIf)RE5& zK^oXU#JcRCLeB|AB$+fgQHi_U!UKg>!IBfP1E`NsScV%$3mPNt@*mq^3r&u+1d^x`8stt+R$SwR?7IrX<(&zjP&FC2%q?UNG*7xcs!dda5&huMr5$pz#U zuEFzww0E-#lrC2SjKM`Y6b2V1)x)*#4~dW63R-wM5Q>5o(6onP93mIbZ-LrQ*~G<= z1?!>NdJzM}b0A;%WI+L4lC|&gVWq|pmyHa7j&Lb!^IgdSCK*SwWk*fzZ~@N5c;C_S z&-+Ltr_v#x&wZ|O7MhPZe5eD#cLR?40o1LRXa zNs5)*v%&n5uwjHK3fMD=DHdzH=H;sbXR*c}IuQuy$&--J?Q7r1!NQU6^hiuPzXMEE z64RB~`V>i75ZA)huf^x!rU@Vv{!T$i`Izu>MdD=8zGTC{)G4!ijXq>a4;v) zN^S{r)08aYo)7}9wZAaw4A+CH_0p?A+mLB0llMGp`Est08Dwa__Q!~2Cir-IR}}e) zU0Z-BB;I*FRNNNH8WdT4F|;z2Y7e<5tf$NMYK9^%it4ptRBNbag$_6^g1Zhq$k3QY zkfFux?0^vw zLtD~Y)W9X7tm|V)5d~-Qj4W(K{s}<&O;)ed3T4VtCqRt12nUN3=y?tbScDOE7!e~B zG1uV;sKcie@u#D3o#;jxv?asJDsJYQv+H?S>L+RGCZ9I!4{pC)V{~((njtAw%d`^% z?uj9)*+pm(%@HOMX1BtRb15CT9?)-rE1dnJZf%QNYe0cq7}Oe^6GjNFgwjq(%@UA! zuk0M2OM6UA1T3Y7IFr>^5Q@)DFjxd6QcE!dkS-^dVxnNz_sI?N?0r% z__&0T_i@8MqwW%UYcZptYb=b$6S>wAQWp>pojkz-6JZ>lqv>&A;5jg0IDTVxX{zZ} zdTf!J%hm=RWA?|IHD~UuLKjYY%JB<_k9&pA0G*19+kR zcCMlx2+*+uv@X$~&~1)pF`)zgg%PlV%w5(dSmRa>Z}ImhblU-qbf2M9 zHpsG@H9_*GpcU$)Zb*IB+ghS}LI322plnDx|LW9imhQgdIV+YE-MHMo67i_vrP**) zr00U%c&He~KziQFCV=BgwRbGM9Hm_u`#rGgq?;uQ0A|lbm&9HHRi|t^<*>)dM=m1~ zxQxYt?uDzy%1I~^DiE2IsfoUfOh$YZDKlka{C$so&zC_=^mBqdrrV$=5!Ro6pnR>i z7KTWV1Ppy}@y7U7@5fJ~W=6DP#aZcJn7jZtuX!71d@tQKSI>*;2K$H$6GD9HVhV!Ja2Kef; zbnV6z<*Syd0a<*6podFPMf$r9SGsaFvN3}ZTZaXxsQhX}WL7LiqrA;I*oo-qB8O|r z7qn8_%b0kHOL~szQPvAxHjhRNT82}6uZ>VRpi8j%c#hm#*GKOO`9#6F`BQpy7=X$0 zGo^_EjQM;FP;=3gVHZ^H5m9iBAsF??6VM$Finmy_4<ClWn7r4HGHLk4Lr-pC7zC8@ z)-2b%;EHgL7Z)&;x}b{C45Hpe*)q*6se(P!Kil9+1uzujlVNTY^ab>5^(*Ze%WsL8 zRV%qC%UzIlz|wfYO1?{Di$_TlT#{%de6efF%`nb|k0$DmO$$L1Q5jX-ZtEo*KYiuw z#LV0ds$xMJNEtecJ>p-@b3F_vAFN<-okl=kj@f`!`{qLHJ0xOOoKrW&b zMz?a|5up{imSMW?I`VJ9EP{ePbA}@DEXLJ&)-3iZt1?a5uV5lVF*KvqOU=TxnNkWa zmKh09{6L-o+745At>Y6*dcB$`XT=;&m9b_8Zn*A%)0eH4@ot4yVrT30<*N&9u3S}h zIiZ*c5|Enut#QNv;%Un^$evM~v9*miJq|F4XU&r*F&ani(HGD7hE12Xic=r!LEy>^ zL;no<@OF$`5_l90Z@CO?fgnT?CY}a86u)+b$?yu1HPb*R^5?ElRanVn z86mnPz6ajQ7l6fYwuDUAF4qMKryQ2 zfS2NJme3B6o~0~nI^b35K(Q?q9(trisTE0fsHDHvgt6IR*$PGFaM=oKjRCV2+?qpX zE7&y$jRm%tmr~2oO@__OuQqD(tKNqmGt^jI=X_npw_5c#8!a1yuN)~GL##1MHilVq zglr7A=IF@56%qS}2PHi+bWGn@7#aeM3K8}&jn-m&7|hn*0DgXpp1B-0*cEH*%j`2mzE{EqAt_c!2a~x6T@D=|dMdAbm`nRKGn?K#yGRCYa(#76l zAL+=rkK8c$DE4Ya*p?YYB|A%aF6O)n4k$y=6N3a&*iqJQb||Hb00KQ@G$fs}I_(|8ooo*S0s9##^dK7O|0y5GhKeQ6rBnr#B8Ajm=q!95tNH%_Up;v9A}D zQ6xOLvAZY*q5>Vg4cv5UqEAR2K1yElLd%E*WKEU3P;mJMVg}X$!+zX+ z5m%u~RrarDr7VZ zJwgV2s0!7DIS3evuAyHF6YD}bq7U*%Y~vFI)o)R0ed>& zdH$nrr>yzp3Fxjp%;H_jbX>wF_Qw;*0cjup0RZB6$$CP3Z~A2Mo=_$RTG#V{>tjCO zFV#D$w{p1Xa)qAqWhZqFCqy~2Ufi41#OITRg9AXqIAo_BuK}iVu@d7x!_+NCPu7gq zCm;>0CJo_2^!7Pf2;^yG9Fep`I9gRSnfgrp37qoazAV-rWRRob1i0#NW%|f6b|k7= z2Q$Ko|7pT7rw{NYfg&a3LCVtkhK@IV82XDwm@Z#uahDW7$1BWY6z0g)+|_l`Hklnz8E$XJr;SZ8>myYrVk?v~ zw9E~ELMVhjzD6{j04Kd6_!Pg6=e#(i&{nBF7SBgH3|_LX%N4E-S)L5afR-oXZLrn3 zpc27nkcmZ+Hf6^8g*IIb|6i(Psgy02GdL1k*Ke`UjZk@vH#1=5GMF(GN!_eAyXO&E zDeXL6&R~-pwt8}S@&p{Z;>-#+uahtj6$oY2NS63HVk(1N1~mdc4zl~!Po4lvW#jan zoWVWfP_ja783zIg$Ei5R31(}0J0qWy_et#7Gmktw2G8QU&;FT;Wf{~CFNrNIW3^yg zLdg1mCu^~ok;%d^O%@hr%!A(L=W-*rSH#+!!;@gH^osr%K=W(7yp0nO0&XdKfXF3i zNle$)J|uPO^@*jm`-SNwLYtNoOBZy&?~d+vN|#e2+{*OLGlzi2m_^uS+zR{&-S(Eq z{lur)fHZ(}{Y=+dQ#3Uexl`&BM&CSZ#|4_rX4;C+5KufQ(o4%C&+IM&lR@?k5JJ!t@FyL7Mn*&6X%&+R?H< z`A8J|qip15Bi}csfQS>YBI}gz1LIMCKL9|hDgJlT5<4>9%UsQ*Xn9SGfZ1rPscL!` z`MhtLh}yJj62}@O=*z1~zhgM};xr!RQ{i#3-pd>W%D2lpq$*>0QQ#qu!vTHuqj>M@ z5Qd>FB94afwR~iTizh{onqaUBeZE-vD5GbGC|Y647r9h#(tp%B4e$#4Pz=DL)*pk} znt`dtKh+C&LBxFsKJ6r9NetuT^#HN-a{?;cQ`jdQ7_N~$7U z)TA#RKnBEi9+(lL&g@KVh-|0o(O{%kIOtGNwX_gaD{ zD((UQh8*b3BSe=D4k&|xtJF1WE|lD*SQD=fR<~3BVJe&4q{|NY-Podf@^2?I9GuXl z@ea950vcxo#7lx^L-$k~Ny)j2RKdL9)#`ylu}cBBlD2^qSxz|AqfQ(GRr@i?f-&20 z64f9#yLmo2AKPP0m`_W5!px`HFewg+MQ}dHE}-jB7;W6{L4oHe(<<%vi9KAFD4as1 zVT9%=8l&hMMLirY`QrAMB(_B-gr=gvGb-CB$^lswi6Ht2${I^3Z7NCNvlLktR8`(< zPN9n;hUeUTL^PB66$bg_uS*y&$>r9XSwH3I%)u>pI%-2(tv-Lgi2!5oAUxyByyj=^v-B*d4)*)ZvaoSuxw+T5pL zcB|vyl}mjEpvmkc+TPH#VxwIqs|^s7o9r?_)CmesmTcvpMC*XhzYe9o-fB-VB57AX zORCCvTaryp7T7eCny8h}q9$HvGpHFDtQpf%m6B{}>1wv@Xhubm8O^Mb$%JMUHM5|Z zH43txWoqstyu#eARiw5S6QAwZkT z+#aK7gTq&d}c@B_*s1ceSTW7=E}BUVWnn5pRF906qs6%$F?GM}OvO69o} zcgvrs*eJ!d42>#Mfhh&32-|(9*)Xx(Yl;mM(LJTtP$(WUwT8Mf;{noYs3G*dq}0%N zgnZNKH1b5=ODc^#n)^$mVc@!t6dF13_mV!tLQ7Hh3`x*~WX@3P{~oetq%owD^KyG3 z*f>FNyI^koP7=Q=dcT9DuL)-}Nlew!tTNfFnn1qGyrmV1UJa?sCwVpaQ=Q=TduCF3 za#zWQZ#}WA@}U+bbuDg$EurfUoe8RvxfT*C61f_5RwZ#QAo89PxE7MFlegw5FHhXM z0rh)N+M33lN!S{X`mdg>wLoznm#Qt5q_wEKc1_Tlz%5SBx&sGyP0T9ED^1F}|Ni|R z60&N)z!u3^^~OOZwBp38lIMSfM5}uJzTYIP6;MkOtV+(_PeRo!@W&*1f8Zo}dR@1N z1bJCdkIC_}$?-A+>uV;)(>}ZHlH%EF?=2yo4frm}@NDpQON3{GxO);j8`M8w0=$=n zgW>BXztgH~+r)R)`uj_IX9d4g!aFO(9h2QzVeTQ(ofYmkmE`W_Jr9hpmETU;`&;F< zv((*JUONlu9dg=PpzV~;&H``eTy_?ik9q9udF+&rq%4PBQRccN@=nKkWjqJ96WAq0 ze68el1_ckFxGoddl)BLn#D9n_HgV=T^r4FY7ug|4Kf4uSSR}9>OWXY7#blrB4x-QO73AUe)I^gov=<={1$;ajISHg(LT`lwESg2E3o=n4$#EoWb@|JJ^hQRtB(srO zEtS;h0Du&Rj{K=#7iX1I=59Ju%Q;!dOQv%H|KM==Zg_QdKJ8z2e?0F`&#&H1dsmm2 z{oZ77bvd@BN2_t>N)TZ=wRljR{KeLUII|6>KRFK&XSXp^zzv2#ol~_n>HXDsa@oD; z-%ERPNpx&&8KUTtcqqw&z}qA2X<#|%64V9nJ&^N+I#FcphPo(8gtZ0G@6(P=b zKgA4RBauU8fud$CE|(uJri07DWZHW_I6oWpFZVC=8MYMl@Ctqw2U;fL#A?b0AameC zZeyg{j{`ZnT@G0DFmBjI_it1F$Nt-+2rZOUPR>O-J5WKJ@^eUen?xUpmfh>bVrfBX zW6$v%@g<08CLiq}NlGU|c~G>%flA37%WArbcn&aA_M}Y2lWFz&;B9|88QjOjlWIh{ z0vdQek~xtI+UmvG&;ZmOY-tLMUKImUgrh_v+F%2#T_b?A-T2t6) zBZX7lJ{D>#KU!5tmvKy5CpL_m9n18+c6P2wh06kp&I$B>ggy*hZVP{)v3bfrIPsU* zR?pNZGh>WmSHUk4W(Xv8xqb-1jd%+c17~Onud$waNWfP^9q;&3Z@{kyb1oI6f52<7H0$bC>xqW-8^4lF%YC&R&}T~H;T+hswp)UA~PVPop=FFk^i&`okAs8FVd%a4#C zglk6L#cIDN-KP}!bBE$ZfIQg{BaJ{4^yKQvzXc@lZ#7*M4Eq;_i3n0?DvA0Q6E-B& zecfaYX*%|ns38sZ9+EVq5&SDAXb{Jn^644!uQktn4~AKdAkRq2A(tzfzAPn|LrhDg z96?-i+sM z3s0Qr6ad9vXP3DGIPg5hDE@ark?_VS5<8}|1*uQSr*&u`lrORcsY^o5R|F%MPcI}y z*<#G6BlIipV_8<{oF#HU0dXo?IGs`>J5xWPbP!;+h{!smGCW!yj26&zh^~0WC4<-D z^F&UMTW_>kM_B!3T&N?tY5WLp^bf@w^;5K0{hc&Zy(pr)10q7$aX@|7OUwBMVi9&} zStgQX#X5|HfrHi*pwC=v_=LTe3?(Z`Mm9xB4b-;OB^hW*?vi@&EICb55JggxI-t_Y zPEs(;Y$tU<*|VVJK<*(8N($!2c~H#S8zw?gcD$oou5+Tan(bDzWhO=W;bnTo@|YCm zF)7MklA@H4#I%l7lAg|%qF!bVfpWl_oZR&BHBKbx7HoASp}Lt>Xi7rr%R46*qg?Y0 zgFV8&48dc#{U0~nUW?^E;_dUW9s};P0rzF&>?=m!>#o}}{N7%DU-9>L=sN`9+X3zr zfo})7a|pg2>>n@&|5d&5@znzI6Wz9DM1BE)y@li#z~3b%zX0TJLHPwhcaO?10Q^mb zMZw0t(sJ<2GA2wEByZ2PSxa^gy zNhZ1MHdnGflj-PWwvO^8*eZjJ*U4wz==p2PP&61;U=;gj8)6iWc5}msM63h;qy59{ z3S8L(3yg{x{)}EvG=^|&2BXk3O|Kv%8sJO(-QDEjI zN^!?glp11^EI$hxpUMu?7OvcOtJyj^eNn{gRBh?-E8{x)%up0Se-p3*%XQ^= z-(Gpx6Q-B=aH?4@e6Nm1B6#U&W(p6npd(m_YhmPWs3ZH`!C@*uz}CoEm0IUFBX=73 zhfJvUPhjS7t9ICdq`&1c5+m=L+K<I@@h0 z2>=q&s~yl7_s{#i3GkX8RM#kvg~R27S=%0`KpauGuXPg55bvnCch=RAHtBV34z*E=yYuW?C z01m+6Go8J&_3RkLKid3<=I^tkM#79$hGihRSJHe1#BG4$LdnK?_s9NuBm31uGIB^> z#$`)5+(_d{8d`|yUH8Mgeg&p6{w<%{7zaQ=j-!Us@{tXVinjq$IZX97j!N=alC@Lh zJJ$*u*mlOAJOLD;jR$~%&8be9n#zEx-svQ&!*|pE--cJCNq;mw8;r#%qO<+fF6m^ z)!3AgK|mSweerL!)~7hPi^Aphk(0>N6XttS+&u=)I6Iw4UA`}D$)65UgVjlvx-lI; zt!L=|iP6fIriQ%kHYpsYY19E32=(M3LL#@HNWYy?Ova}s_?atTt`AUQR_;=J$|VsZ z^u)sAlbKIunj2@tUGr&0rB)1abLBlzgvhBZy%iKwSZ(9$7R%S8;&$f>e50+;(J6S4 zip!Fjt3jAtb!Z9E8f3CmCnY-kbMCgp4(KiUx=JX2awF2q2ObdNV%p>hQAEW_3zkaB z9TFUvF^oCbnb55?X{xwmHm5Lps}OV?$5kJ=C6ucGJcEncaMN*J1pti*uexyUL0%>B zcL?`7u!G$!W=kLRp-be)cUZMkv0A6?AO0x8T9UHIFs)i)T3S6N2|?5PE3ceVE2zSo zUiAtgouOZ@sbCl@En{$fQ{h$lb`?iJRjUmZBUKvmWCS>=O@TDr$7rTMY&26|*!B_E zR0j1cL^!ou*65@5=@0vhaH@+V72%Y=@Kc*r=}kCp$c4$L%+-6zhphJVAcN-joQ}&M zyf%TUV+lPU;uYv7)6fbAaDlvpTBZ$AE{3AGQXz9bT5%xG`TX3ACp0~e#Sm3~C8d@1 z+2t8o2cDAEuJ0#zlZXOz2_rS!hd=j@mG>u2v>2yxwZDQkHxa}UH+5AK4uCjjCY1LKNx19$!)q`_LsNCX#1T>D{R<5+$Mz2pKCla*#|d1=Uhny>yE z*HG3^!)e$mH5$jtBjjN!9g5y9H`H8tJd2OoSOX2_U>zt5z@fZ$MtWD|Wr6}xu=f39 z5Re=)!C!!>c1f~hu8s-S$+WaikMW|YnQWaWuu7RKRv<&jmZH}}{s)Jh5h_uNcOg3l z`TMdwJQrsTQ(L^!){6;>@pORYcyS?latr8!c!+{?bETJ5xf z{^yWT;e^kvzSa3gOK8QDCkIAYMZ%g?FvU-?9hC~00EZvr2#Jr!;Nzu=0Fbwtm?<(o z#<#xZ11s`4v*8pf(m>rc6R{3>`QrJhwQ3w3VIf(6+c2DJqiBfuehDKIB2Q%|z(DM# z&yvUizMf3+8Pg0q^%70mX{lr+sfvt9S8@P-G2`sB=^Ai)uQ(1?wS^> zbht`%lc*RVE@27e%4CV4C%0Bq|L;?5^pxw|l6B;eo4~=LqcWu&nA;N8cpjAzDILp` z=Yu`cLf@z%6C9|8eUh0lT< z$5**>`zRzHmxG8~yiP=BSaIWLbq7*UW}=FPrJh(AD{d_qC&{FiqPGJY9Im}jQ}e$Z zlmG^|<~^XWIA)|IJ|t@uB+RtjfLjhWf7k7kC*V?!0wsj$xi>JsrDx#Or|hCC1+&a+ zWCbQPXctE3Z>!bH{M&xtgaqXiz%^}sBtRY<**P$;=@!%muD|vWXz;fr zXtL0kcNR7y6nH3VfI|9TI6XdN_pQw?gA1EW4AGI>iK^s=PJ$%R|& z+TPtA7(7rZ-J~^w_-KvDdJ!jDyv9)4CcIabsHfZ+cXvALWxT5b&Msxpt+YV+@Wug` zs7SAHIUFD}-5gB8b>xVgs zZeZkz^K~aO>!~GmY#8AcjBaHrcd2=K1xFZzW_iA@S0LpD4t(r+Gg*^14-O_ojA;Q> zUm(EA`tk)F7BMCMrSB1FfF@Tgzpe=rBP?16inTHT3JkBtlXs*3cslHk$G=>S&fYvd zG*yZUPN+3}OL{B*mF!8&z5@;c|4T^_LbiO<_|o(sGmAUA>30qAyGX_K>IHBd54prc zM>{fUB*t8AR*m|@i+7`MicwN))L@cM_sobKW^v4Pw9bxAJ;%zn>n8GYCfRE86OC=o z*S;Ubl;EYq~d$%{cZ(gkB3H0|ngH0{?TM!`~f8 z+bNC%Li(!@oMlb*2%NA?IXfR}G1nL-;OwOtNInDE5@Oq+FxYTtjvRKszym<7Ar+z0uLgiIecUb4m=2DK07*3^STiOmHhh9^+3H6Zt598n@e23BmF{-0{&F(VtD$h zxO@@K%t~%#(jKcVCyx_$q#N^;#_JP~Xv5`9p6a+@d|6)S4KVy@KcU-(3B9Q~(*O-g zN+U&6V~&yUrK&hamBjB>#=$oLh9U2A%eOMpb0FnPvu@L(ROzY)X4ZiFZCr+MCp`@6 zNR`a~y+4T(@T#Oq6e?%8<$lI0PK(0#B}HkHEsQSK1#fZ-j_bGxZ7S#VYV9)|`lu;% zY3!ud_!~Crk_I-91W5-r2e`OujyBifB7z=@2PVy6y3UZ@C}~m3FU}Ev?QNK^_7v^^ zO_#_IQAC?8^moNkzW?{?<%@Q9|L@iF$Nj&DdA@u(`3tzltBwdRm}4JtQ}NA;v&CJa z4*1K79G545Ie5GF{af(s8v5c?I9EH$%bxOPABZY^B+G!};z_$<+78;d({79_eLamX z6Gk{-bI|yA>X;x3>-`Q`v<_VG>bdw6ug2^79DfE4C&4R>=vcP~YHrZ+%FW&qMoex| z#l9UIX{H%2p``b>s+y20yfNJd)Kb8bvRdE+uk`Oa@*pOhN?A}#hHd3QuQT7?s zo#JGdugdIG$1<=ib*M~i@pD9o;UUgI1dWAHX3)?I@;5lD-!Qp(yFsHwg}pT>fwqsv z)VW!tP9yDS#rM!&JK%4r>E?wdduXr;ZV$~o69@Ex1gFnu1LIC9TGhVnN%hJ$hGyAA zqoMq#@Cp@;PMeTd2!f4mM@4+A!8SuI*2*PVUuz{!M2Y9*F9+|DzXGStc00LQkE4N< z;)TrVMdkpigG`KwKV{Y}edrJ106^n(nz-NT_+YkXKmq>`u?uixgUpm^*y3z;5%P>r-;fi@T76SyKccpg36g!k;`tF68fg z_}i^MbEWR;3L? zWraZN0?f_6CZIY%YE9p%!(S4P7zD|!Y_&&%c1$MjEsHgGuL2QfDA-UiN~@O&h}g@I zZoy#$1F!3cOL)0nfp+W2)=4=uYP+FE(WC9e?cvF*6yAp=sh%aP?v1J(5=qdozSnYt zL84$JF6nP_kO*E>%34_m8#L5Io{$O5NEyIbM13u??I##ZKsO-%5rdi8AZ zT2MAJ!pk7mx5A5{Y&QmKPhQCwc$~ey&KTHewNX`X*Xhd!KdY@RW$teR+nJz!Okq0_ zQ9gk6sX3jpx+k()TtK<~(JULk+JV)(XxRMt>TAP@bt#JP-pt7r2Wm5-a&y%;k(0=^ zM3r0oZMv%N9^O43*8jGowtH>f=!PDnn&U z=Xy!y{kd#1NQ&JQ>4Fd8zS)_y{kn2?BB%DSH!V#r)AANs4zOz2%TkZl=2sro4RW|ODCn0&GtV=WA{9b zZg31?Pt)gydkR}ko3^TZpE9eFY&l()1Kx6~lx*K-n#>*fe4HY`zU#;)1N-Tv(403-MB4Vwxjm9v}vgkWwr+6@Oc zT|6#b$6(0TeR`Dd&@?P3Rb?ZKVH<9u&kO|~^7g>iz5>PBTg_FJD!ma?GgWKwRM&VA z=BlZ7TYgGotB#1uk-NEg+UxC6G}EJg8?nRzX5LKak=;rh2Li-cLa3HUoG!kRKxXUK zV5O|$s0Qv)5_JRyM}VP^f0F{JIXO_3h^HNRTJK;@@n0vEy?WIlicBBb5vjJ&*y0^{QP0^RGPxg;;vyrxi zpMzt3^m07th|8=wH*;^;AXGUws_K-Xt&MM6$A-#Mv4vZsvRPZTX}6VszBL;;G``a& z)lpC|3?mXo7&87h{uxD-55PHz(zj(*DXdHy?HE$ZUZQAqjiMe|g)l;(@z*!)<_o8F z4F0p-eC@OvpxJ{VoM9g`jA-+x^$aN}&3Bk-(m1?^SVD`m11Hz*8Dg;ANcpfcnEtKJzd#AS755Np`~34ZRLf9Q|F z&)xIES$8tHy6pT31Pz)mjy(%$4eva&d{Y;X``g1&;Y!X1-r)`QQc;H+g2< zbP5(I0&EEb&_4Y^T(AXQhN4QHQ6Yg&{!qkQbxx&L-d-bru>s<}x+irk6Fuvkt;U*P z-=tdGucVRi259;-Fk7vr=p{>2DriflqXh$pJ_^!!js(v+t5PI(z-79_#GG5wpNC(* zWEyaHcLdO97a@D5JU5a$L8k%_jx-kVMvX**d~U z_5~ZHsNf3@JTEu`hvK%7lC_@gTV^Z#=*T84BC8(nzCj=wtQLZ%$68&`DVoQ7R+Lcd ztYdYHQOxOvZffILfNjJrY#i$!qEQVwJ2s4FG=wD*_hM6D3#j{-EzwHd@beTb`4UiE z{^t9+-16Y=4&<-dca|`|oW^k|V!-S-ajA*z`#QpJ1eu+alhy5%|23s3x<*mMR-Cu> zO~Z5FpwEymIsfO_bKj6?VJ|Fr@uuMhZ^WTNQMhi!@aBz7?_6c?ZKm+w|JcoJ!-!GF zBK}`=jiOtb$z)H1N=@RmMpi+5WXM5GIDK7TUWQ|la`0ymE~d*F6k9l1t+-30rT$aG z8ed2*Kr)gCaVWd7h<+i5N4xjvMA-JC6*B~20M-Hib&d2Tgt8^l)ZwFAov4Y|D;xG? zkxO}n_9okv36D#UG!m~mMOfL!#iaYUpe&v4vvgPVeQ=T?uU>P?KYbYEr@ zDAL~jw|o)COPklF9sVcCU*s}wjrM)MmcdTu^1EzuoRnk^*AJv*NvJwNH>RWs~ zd1>MSuQC-a_C#{*x|`bqhpJ7ReQh0TmF5VtQ+lV}8w9&1`pRp-QRaa~7Aa zO{S`}_!-)vYcT?ZfEXMu&=j;%Q>42Hlypd?*xC|PW;T9y$V^#yXOg8qzxMek`yqy% z&N*##E@CqjIq;Q{1RJ8LMzD>DN&9$b0V}_dYir@!|H*=SLbW5fDuJqXoM3xlssO(S zLE7HlPXs+@^Y6{dPT{C$X~$JcOu2np*f}<&tn9tow0UmSv1@l`$Y%CznjaaPwmyX= zjV>`IzxH)p5B{W>Z`}WeKC=iqKBlaB3s<{c0at$iTdUQ6^)h?^+w0e_9`Ap9h)3uc zaYeHpFrw$rQ0S9eZoN8=b6~l0zB1N09ZGBrvwy`=_U%4J4!ARWT`#T75;Guwl7X^X2vhKO4nkrJQw1D-5L<*pJ4ewDA zHA=G;kk$)~f4s9&7zxZXRB!{MSX3M4T79_B>&x$4<`_2X=K{XRi33)GtAEu%!?5{jJws7|7!t>)T(SyDfCAPrV&@J3zybf0 zN(!EUuJ4l@fP)!X2OZQHhO+t$YRym`Jqz5n!?u0DOHr>eTE>eKh$$@=koQzB?ehJtSvBrv@t z$F%6cUMKlk$hq>r9T6pl{n>!^YW&>MLTT9a{qv@)|t$E&&~qZ3A}|vs@S5PS(5HcU%Q3Zt=C-VnM+4h z_39%T4g&vde}y&1s(?hmeoNVDshs)A4Fy!m*GXZ>w}1Ps+xGsMz5;Z4MgctH$PWi6 zslZmJY>c3UW+KVazBIHA3(x%3i_KWy2dSKkNj_~@Jkwb(PFXyg1^u#Yo-fmt$?d8a z1)o2efFA#GFgBZSfIH!O#^p0c5(q_ViIlyQa%QbRG_F$b1~wJy{wG*+;})fZ=2`Af zPi33Y{8xN?PATTFF^BcJu8Q`lf3i_oi4dV8DBkrrwwY)uzK2c`ir)YQ53V3+ZA$~g zX3dC49Y&9l08TqLS1V>3lX^ZbP{f8^6tRNcE1wfWFHt|22$r$&7y+^IzaQd7FD-#WKftY4?OSGI~g?gHLCdeYrDL37K!6 zn&LJZjis)Pg_->eorj+M_q)dZQVI#WjuYMQ*X_{e`f%~9i-#m?AjO{rq_g+EJwR`}CRBgQV3j_2 z_#(nb5koo>8EB*%Z+scGz9<3itvx+lR$5zQJ#=Zap|woH}zg$_jvDv zA7@OOYHV+Fc8D|U4CPGqJlqdIEFRM9SvHyRWIXS@c=17>)8J$*pQKDVe+Y!faLH)1 zJz5%PRZDnKy;OBWuO$7Y!jb)QHa`mcP&sH^jP7z*SKUxi=G}7-^IOJ+VzP1E+M^8- z+S+QoF8VNX)9&+&q$fmSKg<$g90>%O!-{~$o zIq|$tpDxoUj!9(xV!%>n(T)*?zus4@r zZ-lmiNs`RW=%NCk*XwJ(2+s#%YdTCizZ)mE^hXwWw0(9lXwQS&)!Bvh1RLGJg9cn2 z1k@-Zyh4ae1A;=B?&Qs#(GY@KdercvCoow~ycLq|eO|iRltj; z9h}<8%UQzcstu85Qo&DcJJ{%ghlw{{C$AejjLz<_r^X22m)Omfy&9O(B;Qs`D zJE~HnUEb_hIy$<~UWxt7CU;#5)6%&#p5p>1RK(PB!ylD*Mb3MxM1(z|)<&O$-{MsP z|3|WkE_d8a@jpsW^C^Nvc1SxC?LQh>hd}VeETg&9SpDUE|4+5~WHK&XpIBWaq_IM6 zEBBbP_CkcJ9Ov`4FQ`txxbxBfwqB-ZGxR%e9rB#|)k8c?PvHK4gp*=AlB`QU@@Mxa zKL))M0_sxLTa`I&v*1h zeH-SkR8ZRubK`0w-kKM&C5PWl92EaXFt9Y$RNe9%n zC#rYZr0LnIuuqh@YiE}YbO^%280t^v+fF|nL8P<9J7Tu8{&lTWrDFau-(Wr(o@g=U za*!FP$rPXpMMDwO-Er$LFyrQW?V$CF0v9-A#A^r)E5|!i&z~NdOD-@-Rh1h{SU%_5 z1`n>$yEF*TnMu_%FHHp(MTGgDUl+*t}qqs-9}Qnp4y8U?;jmbuL}D zM4&v|4EKsBFInzQ8JJ6stRUM{T2Dj@^dfkA-3UCJ|bY6AfrR+={)xA}~ zacc39O+|vjidq92n?_n2RG@HHz++&s4!=Em*@3ShUjK!M*2o1m-`Ew_Frm~T`XmFl z7Yna#;stxXiv$Mh+r0g%M4c&AQ{RrpBQGn z7S`r$iViNbrB7;Lv$Yv_^|)fQ?K$pg9(1b}+iW3Fa8L4OW4ZHrgHqyfbwEYO@LdzK z9T{$iTrjHBI(CU?&SGr8@-eK;STYnd_YADYRLmX8bddk;HXZYjUF>nJq@zMS$$J~b z^1e~MWlgnZj+I2eP@V74HdkV^;I?VEQKR`_-2GN28srLFIS5zni20K3>EQYaZ8fzc z>r&^9pnS)op;dRm&>MG+i=l^Gq&o7rV4==jo+od!qI@(!!Rgn-tCyzd-BY$xM7I@Y z#&O|KPkLDI*s*hy{)oC4EnDPwHI*7Wn_KbFJF!lgMmab^!=&yw($f%;4&Lwg7P{t)nD+errutno!RS;KkricMYM@IWS-No{e6;fZi{v zOhD(?#na^J&!n3Wud{uub2}O-Y2T+rHubk)j&`eAm_YSz=n(fHi)N@c>}T6EI`$3% zp4Eex$+r%bQ}%ePdYUT7nXb^~18ZuPZBIQ}O4ACJQM?AS?>AB(+`v+&U{Xp3Wl?c@ zKYOo$-Qd!mS8hMmBcMg?yC{e1%kQ1b5AbjDx$xUBOe{Lzk-L+;BybI1-TEw5=kcNJ z0}$7->zOIHA)xj`Q17Z%!O-HjE#-lCTfPJ!qMz%&0Q@e!Qk4bp`Mv#@Iz=geSg?x! z^cv&YWxuF#?-nbp32Y~5ZTe?iPEhk#-z7^^B;+VW(`QBz?a6p88|%nFB2FRN!$Gwa9m4tJlaJB~UpnnTGBboJ3x;Xv%`EE-QJ(@uT)B-CBpZ6<| zpR6WbziDM0p4g%3zb%ekO6*N}Y3_qES5t@B@mc63^f9l}sZe4ZR;q5J(z^(E1PK6f zG)0(E=wagzW*!(Ri)Li(QpX!es~v*Q%3L|1;J0HOBDK33S`~bzEy^k+j_?X~`;0N3 zYd*MI?QCorQq8Y{1qfi2sM~WKn6EojdOX?_04V_SDLmaHc*i z#eERcz>h&~eej|R$Kp#gnRRrUo#esgCfea9AJc<1f1@Fd&g|BA!=PWImvPrkULg7{ zx3&oc(L+nrPvr*C<^FReoV-3y2lIdzf>_#bYD|ode{X9PSyj`5AL*6MC@&lqfJ&K- z{{pzsUv9R7I^-l=C>?fNZEGKv<^WQHf97=r{VSjSbb0);qX9lYdYS+Fl9`xHc0#lm z_!oU)-XIibQhc36YQ3lLz1_jiG6yN52pk7k9)(~oBeULL4q>M-p9dZO6=0D|{y-43 z16MMtMx_Y1GiJyBhu-h@>`%|TRleK{m{Ty%J)Bu034lDkH%NkKh2W`?t<(LY_(<}(l3+ny=&GSJt!sWivQ}(_YGVT*5(l490*e8>g-t|Nt6D4iG9qML`8uk#PZaKyZi35eZeML_RL z*delD%RGlGC`Ygw&W)3c2cM-!Vn%R~B?1!A*Ea#1LJAW?RB}JzAjaP-4_Ec>;+6*$ zvJTPK&i3KB>9sfupkish5Ey?SS)?!bTE52Go5uF>(2P+^c*iHy0r7CaD)9$P7*JNK z20s;DQDJo4OuMU#3_Y%m5&+!FHet;nonlDyBPd%IW1G(9v5-r=t&t5Aqyf& z){Y1xgknJ%ju>@7TswuzPW~9TJrG#?RyR6Kw0oVQId&=o^d1_683pSIHUk~mdEWa9 zw8lGg9l|kQ99GDapnKh(U|biUN&y`V63Ron%#Oem-Ql;1sktnXF}5kZ(q7@_`83MM zSOu>@C%7*9_bu_tJ<~HFQuW{C z{7>gA-2y1NLe%9gf#!mGYpZ|OqoZ?YL(-sZjWP%Pm4pB46{H!Ub7_eIubBhP>gAfg z0OaI0Yw?}{LOhtb`R^N3G4;Jr`%|>vF@n!!4Zo6g@PaD6%xW3i*z)|cFt!Gew6`w@ zvSxr%mJe|IIUfzM>zS?tXw~iUjskea zl~MtOKL6=D@$+1K^95hGo&++;r71u6ZtND9D_Xl`A0E>A!oLPIU@QqOp4 z&v$R@litTM_2l~vrMzdo%-R(d+U39~^nW*T~2Z?p63(5)Vf3Z&KTy{=Bn9aF{#- z`8uU2@VZM0Wmw|4`~>hKQpbc13V>#li>@qF@h0|R%dHEwqn9_+Q?UHb?BWVzN+r06 zppII|_GKeoS@A&WJJYo>5P56{NA8uJ7pe9NipB^)rR8?SHifFg{1$UQGq0O12y;Pxx}G z<;kqFl(N@0m|tz?`}wgRGkFD0R@QkOSS$oSX$gbGIr=72#E zl@VByYBGe9HM)STNvk9W#VB##D{sNSsE{Q&D3i-9E3@_3TmS&Qx8|9Bm0 zwU$TMgqL9j&dy3K58l4B!# zdD4e629zG05vU}E<0?pmwaz!&_YbSnY8Y4nLrovZ%kN|DyYZxUpx zKdeqh&(9$(8GIkh@<*muYp5)6ZHN#Z`MXSpoS5)#{J<4Q6v~qqMIK!Mr!FZA9d%vC zGLn%zaI=cKP5bGVE|`N~0p2O@jb)d79FGz5v~3dY4(DX?l^JM29GSOR4PJx!B;zOX z605-c@30D~b6@39O*krn?Ug#h)rJ7eV4E{nh#FrOfZ>*FgnEZ4UPI0#UuuWz`gAID zSE(1+UdVnxbw50kNL21SVJ6h%_4VjQ+GN<{XGjE#iqZ%U0_UKyHLz6{`gI;)wM_$h@~HCzH`+Qk17G_Z=X;3o+?OqrCG0%I9_5F8QA`D~w!U6$n-OaN z7vf{G`ya&T@_!JY!4KkFJ!Rp}D~|XEnrL#`Cq!} z9JX~`@Cw3=CKUDxRguFE4&Q#0>9#^_(=1cqLYyVkiJvyelfH5}H6RC) zzH{NgfxJWJ1AVihpZb?O4T4S#M8hJsh*@;#eQmly>)@t#N;9HrK+n(fdR}c#7-Taa z!995cgPiMSzVgm#3xrbn@fChwMduX`OcysCM`dbFBn{PKWwA8Ucw*3j2x7X@hlN^K zW-nAr@rYel|0{e6_MQkc{j{;Ojf86aw@qF z`9&P$vAjp+ZDHRnD`pYsYUmCTAK1>=8hIU;F!wCi0zOVgaue|3U9my^Z+NQ}zXw*{ ztAq{K_qVH>=E!*Mw9J9@wxm{@`YxI#mTJJ-*swZS$JVNPWc!H;Fi|lFF#*ZGCe2l3 zVkS9KZV7@5`5iR(C@ijv5nV3eZ6d@7OHXWf~ z)fIC+|1EJw+VK|HwXX&3`DDILOB(!tx2fuZ0jKI6br^(!@i6k zDspm(d>w~(^lF8T=bQZ=yF2vJL~?PGA5MxX%!Tn*{?o^rGP%)Bt;ib3HtZ71KksdW zPuM2u5Ll{QVApw%mFC zQOTI=0vkMWO%`Z{*jOTmegkbXpj)0%zQFPST-!S^HnCs1N82Oyv+KI0Z{U&}~I8VC>-z{jz5ChY~rJ_b;?tguW1-5$Apr4Z*g*sKI0N}L zIsRy9&)IzzJG$-mMLUxG&j_^+7Dt;vav#Kosb=)1v+x@eALCSQyYc*OZ&bmJWi1M( zBN+KU1oeMaC$(O74ZxMTmW)XR67 zgXnwxAFq}0dvtp7P7GOB*p(aXvh-SCC~G9@Y?lqTf^bi|A7Tgyxz8A5@9sSpysPv~yq@Spx0>+3Mg{8s$hTw7Vq^I{niSYri!a0V? zf@Yw9a$mhSu;sLP)fErgsP(!pw9g805nObq%5L-|Zm=B9>7%F6ahz&a95(dde{glP zWg=JlU2{iphnM*&_=e zN{~JBF{8>$2U4x84T(>)VftXmm25v4YUSZk{wFY!Enqd#>7An)leh0DZ~w+@ZQVit zn8U6gl`1(#LzaqWYU@fI9kjj4@zNyuO>u1R#?pQ{`JoH@qzx7X4k9}FtB*=TaWf)$XBo^W^5WME?^GRRc4nkeLfZLXAB?IhRbUl00whG`^`0oSGM&hLeMxu{~1Q3e9pjQzle`d~Jh zG+NEJtWA+a=>eIm+a&hqD(>^|HC($t1+;0;Cx~tE+9rwiR-Gdq`}c#x&Yv%nJ0J7Q z$IGF2&P(_?h@RVq)zYiXI}H=!nZ$EDT8+XzrJ84OLgrP;ho@B6yVQ#%VIjRV{ULD_BC>6t9dWXU55+IKfTv9~-cR+rqIX z(z6ey`-sx$6#^-6MU7SEIaY{w6t{5f4N&MqPU)X~MtNTmtlmFsj8C;eMQ`d~U-OIm zJq0*{W+678C=L2DK7!hJWw-1B+o$CDymzcywq)4swdFBh=e~ITnzQARVwEQ$_W#Db z-@i)3cG5NYQ|Js(r!xJ^@)L5nBPy??(r}x`Qq2yMR+IQwe6=Q$BAezXRA}hsqJL^- zLNHtCvX;1saLKxQIwiA?!%D2n8!1`b*T7C?K!ONIoi(fUG|2BT33Eq&7Zs7 zbvp?YG6I+}PbB89J)c4H(uQ^l;?d z;eaLK@ak!hTrqyGvl8TvBdAuLo;)k67W^Vk@rKg?_xMO~W!eO_LPab~I>c+Uqk(Xn z&{ExR=kBvFuUO98qhOEW72v=ghV6dP*6C)lZ*AGHqexs`qPzo)}i2gRG?F*E4;=h6qdcuZw;h~~4C%%o<9R(s|^+O)od_l+6$Ko@cd zNj9~tp&;eeMXgXX;j6i^D+$$5ee8^>WhD72g@F|rt!885-6e_;iETsfSq;$Cm!?Wx z(dK}C7WYBzh7WqfOW+|}rv6GRSRj>{ykSUv3cFJUS@^J>Rk!cnH5xeO9ro|kDzlPq z#MJbsiQLvpUAu_9qPQl7e;TJKJ+B%=O>*v5hM}4!#5tK8YjMGU7<2Aj(q_u9sEE>t zej63siFX$@<+RG~u@mF<&R)EgI%ycoX*YLgU&`DZcD&n(d&*SRazVW6^1LI8ePZpc zw{+BM9!fYV$T1n!>za6Ru3x@Tw3@H_&9}uf1GM12a%C5$xs7m+-;jtB9$me^BpU&= zZQ{$ipu#*}(O;Cp&eB3U*QqVX)|t`8ZIfec&^38LD;}tnXi(5!;c)LI&3UKr(&yda zDvTvNcYF@+_#vuXL~C0@5{#vscSKfjV$ph4e z((SIuNz<84KLw}A*}<*jG^JNc(b?oN&U)?n7p%4nZt1hcVT5|Rqg~tgz!9^-uu2pY z4EEnC*{(2DP`bc44=1ul?=&4ap-n&He}X+KS~P*?m`xXZAjo<0iaXh z!%?|R2k<%xcDx53r4^wK`P0o+`5uX-j<05`p!%^#Oi-+)kx8G|;1@+zLI zebW@L)FW!Jo@nCtL?Q$9>->Mdrx79FcpYQP*KJ#yB`0*->@xSCztQq1tRu%&J!sM| zo-PR-LrsfMNeI-DZlb@|O$sI%0xG`fK`Xn$I&Hp(Km6QYO!#^MAN22f&j6t$aJfD) zB*rf$`=%)wAq%}|hK)_JUnqEZM;TA%Q1t(TcA(tm8&m0NTzpw=G&s^(8~oDW-w|RYY2|1&+w?13i-DV}UD+HyKoG$#wU_Jo!oJW4MJKST_LK zm3(cLr=l)H>$b7Lx(bjJ-XTJ#$~MPA%oHsZl%v(0oawLGbG`{iCIt=bgh_?I(NBI* zx4luaOe?ozzp&xb>2Gnae5D~^amJ3}bwq>)hYF+YE0o0e$LMUv8-nlol$8yDF0_jb zrp`)mOibM6&62CMYb*cm8nxcWAMa|qSU9*!ZOAj8^|O-<#LNzkN<@pP7ytH~_lxHS zi%7W0GvjXG)I(5T&&nBlJ`Q@X~fGn`*c3_3Q=C}Dcx5`$mKR~P@EN^^W6$2}N<3#Et^OmgZE#~@F!5#$?f~E?J z69YB-1RM1$UVbPGs?Lu3u`uopjAugGPq#F5Mgny&UT`@tY%##JfmF})ozC0ew#1pG zd7#u^;A)r^`K-GprKaY4)5yD_`+U8v1zj?3J=6(EQAS~iIq)dy=S0jCry&h}S3S?Qe-3C;Gha9>bGC7>W+};Y-sHm8W%HDR={%5bxm0!= zKPRWdok(EQr-m0xPTY}%&kl#z z=jr3O@zxtUxgGDDX>S6PwS!O~wU{_RjyZR}LonM1uw>z~?jyMMm-o(HXU~pQGu_=y zM)g2UDk^1I*ljni6SY@L<``YrXq+@kQCC)eQrx0R=CzM4)LXiu;>J#6ik93K9~7i= zi*4{71ODO%hH1}kij!XleMMq?w>}k6h>-o>Qs+saFB1d0lV{}Spv^&G@s`n$YQe%m zv@B+fC`#y%e=_zNRJREr7aDUB{%SZ*-9?EH{C$6be#g7UmOuLRj_dmP=9XGW*a;1w)ccWI(8KP*KNV*QHofK7zjNvH&}U)fPkpIFQC{rlSAlD3yQ0 z2sPN4BylkiX@Mj-zr-OL$Pn|LKct5LRn+}=1!p2DIln?9QPqCkA;~6 zz~767LCi&eQs|R6T}`~9xTX(BRPFo;{o8TaO?2$&beZIXc`j$oU+E?>?c!Gw<^tZ; z>-#4%*hf}~{AU`n7$N1~AgHZ+VEiZ0X@Mzv4XLRq`9&Rx3HPgoTR&3QE&W#qvL2+m z)!hL1+L8IJ$P|ITR%4X}NEe&^q}0Bmq2vkHNJMcX)p5k0LI?e*Y}^+8-UM3 zAKAO)0+X!ntpGp=E)62sgt@ORYSIj3`EQmeVwKBr+_CdIdq)RhNF7-HQv9OYD(J`0 zm1Ov*ZHsQc0#sRRfDbjprN2)*gM2nWO#BYSg2I79IvNJ=M@&qKlZlu1d#k%qU;^06 zBT%cD4AQzCcA3AGBcvBasOYX<2-_}=B)k@t$p+cl4;{jZg#>CeVY;q}Sf6l%dk`{` zKb#Le4P+@0iijP)E^c369@bj*w7wxk@dHG*j?WFTehQAqS)gd?1ewZt4#AkH3yR+t z#Mj`SA$h7_sUMysQoWDtAyORJX-tr?{UBN}JSO#octJ1z0kfzetb7^W8D%EvnZlWt z=Rg|j=VoYaVF@;)$yy`tM-G_UPs-@nxGJ*LpJY=X=blb7 zMSKi-|qo#QL{tzMj&zrQK#>jgjT8@kRJw3r2!s;ZaCKB8+Klux3#hZnqnw^AOZfC zhG)e{a(4t=+8XE>3Gvml>UVPW=*?8barxxt`8mv7IF)KZ5e?i12VcHIu|NohFVZd& zlz4|tHp_ublH_rm4885VWs9wXhiw5-R^V@??Xl3r_qaX-#bvu;Kia)u$G zgIX6}$L=L$xT~?Vnxv{7VQ7A0g)TIL+ZF>GP|j9cO~rX5Xecq_U@u@S8>p9kb)YM$ zP&wv3Z9rk@TTYdG<$xTL6qBUpyz*P-is6XNsM69oa%ZTKa9{G2^+|_&ppd%NyiRLS z$q^%h7+=bfkTb=YsW(fEwDSSIJ4jPJ&GL;J)1XYEYN5}^?-(6^2D8oO%;Q)(iW5#I zJq{9hI8gb9xj2=y!eq$12#c^vi+AYfDmAlBA`p`|_!@aj{?Kkv9j*!E8(55&bDAJk zaP|pyIZWB4yZFho7;EN1Ww@V# zeRendES+zyG}b8MaY2E&3VGW!pn91Ttf?a)9hx%?mk$nqr95N6kX8>XA`9ggb&p1t zXmJ}7!~LBi*LZYi^2;+}0Q)ZGyd+pYy2~rWg-_N$i$KL$zQ+KOz|o0sM~U3?5p#O< z{&qBjJ5Qe8N=q>kSCfug3Jm*WXW_O{I=A{{?x23VW6)!7XN)KIQ$(H6#$X^~*%T9O zKa>k3am7HQ!S9~k2F0se()^8sVOc*(<@on#rs2p?LrwJL%??ki=F1^^k`_xGPc1DJ z-O!w-=aeSK5hHMSZX7v}I#5r0;z@~q&B3zA&g@n+s@$BD}*0GM{_17v1QN*j&TcAcw z6AQPLWYSXFcWN|-BoZR`C<;voAzRmJCTt^MAu^_KqaisfIL;dOWnOfKBuAWocumN# zOfjHeOHAl2S!r`6?>i3dX3Q^2nwGdRy>c$GtQbEJ!B{BXYDUyKM$Bn3;J1MKN=fR= zaxJOyia_yTrA2EtFg97&eRQIop~YIbVAuCwXBmdhzTOVu2s5%N4xifKA)1#=?AU6} zx+T0)*=4O8gGs@wNzBzY+D5X?v4PQ8KE;R6 z=7v}R%(+IK5NVjd7dozR>Wty|j;V{4Zi`(v4MTKJ4<#u(E^QbK=LYxgk_haG-3Hze zcn9@$z^)MKf8Dj&M6nb-(%NoR?+Bv_RaT##e5#t37XBEc)GTQku!cx)i^UeXVo2sx zxdUgWao3_E!mlaxD3~+fgN=cp8{@L?9mVg6;g?`b+{#l7u;jxED{*E*@?h4k*L_QfuMgrY+v==XH@;|24@2Knjk`EI=Qg4iEZob7`CNfXAT*(nP~ z=X^iFgMQgWl%D5CstM1`hi_UVjn*6Ri6dX}wnhub_GYyTv$Aj$3 zrx*vS-4CAY+9ogFW(xYB%!0B%lRv*><1YV#=fM^%HKFm6v0x<0)l5U?-doIxmU|M9 zKH{2R=-5)@SmRmU!5I>ZN^O#AwqZ0X|AYngO(@aD;!a9m609Q~g_9IV!gK(b5RN|7 zo65ZkGziYfPjF=&wrN|Vgn^}SKLFtkFR7(Nq}D>*><;elJL@T11QdR}`~h?@Gf1of z=kUUx+!L^Zkns7W*Sihg0$VvD=FdBwuu2E#NZrHOX$F=-BrnSlpTL8rS+5+&$%SiG zF8s~buF(ef-q=I}0(Px3ke>-V_mG->%~78!?T~4ewYJ zmZI#tYg)|<-jtSFjwilZOIIzlZ+=ZiH>+V8LbB$ASpTIs}+{ z>gt7tvM#`TvNLpbAsCk`f7icI_H-!yPXwB^iwoW<6+6M2M-|&i93&(|l--msh&P zGQshh9vh`MUY4o8Pz=r;9!#${z` zL5i)hc!afAm;6lU8jBg7Q6vXy9p*rUmRLM^jF)0U>@Sth!L9E>e>EKRg>smiqskXM z%F6H>;NGD*f#^KVC%NLOLWdyys-RdSXTpG4D-shLDj-1`D;!kj4rlD2Lq;ovAwgpp zGNi;~j7jO2XW^6wcuhzio?610Fc#G1(;~$Ms8DU;9L5GrY)0A+CLglWlEhzO>&g5 z;o95kv1gud-PK(twa)js1>A9c(GA8-(Y#ooEW-&oBYa6n27tTC3Y6`@WqsU3Y7#8V z8{Ro4br_D+wkS>*k7|1@6_l?1^CP@Lz~RoN-C|psc&z)gZ(N3+BY6>{$E->p>Jhn4 zN%-8xR+Ak}NnySMt*v$JjL&*5kd)2a9HNl6oFFHh zg%WYhaZ>QY&ORSi*LFY%6-a)v@$oFU=p+#o5!~)SoEue5Crgy~AvL9%rjC3grAp6E zn>~sJ6$0x&@W_X@k0VVNC84sW3jE>xptxxNqHZzK1kahqiTggHoSJz;utpc0ZjCqj zN_g1NZ7A>aH}M_-i0z@{IonLRzq9-6bC;c z&3u|8;e1?u^Y6ABejzm5({=Z#SRCFf)>VFG-gs9}7Q144Ir_LGcb*brk^>4uZ9Zb+ z{9R_nKBGFmmQDp_j0g_QU%mpbtoxxX87Hii zNTVIYs8((o(fzfnz;;*HS7;%k!BSkR1NfBN=H)!Wg9Abc?y9CqtXF~Ot}hHqwi+8Z zOsvH>=KK}jyms>jTo!SV_?5Axbdv^WVobHdis(XW#@}Q0O*kP4h!y2$=(u>F>0{=| zA^#zboV-SfA$5PE|5=)glp3wc92&%g{dvWg59tx%+b5tKC|l_^`1Z>_?v=ShORf-r zpC9mCGk)i?aceFYq0f=Yu}kpYWj=xADsL0hxcg=W?V3K;Bh)(e_Y0c>*mn40_{al) z9*}&|-6AF?0np)dygGMa*<-)2uk)Zj4?f@iE2r#E#$Rvqa~qzmO6nom?gDps^8PouSNL$b0cU=s)3PxOQ#tsSO`wla{Ib5cKbbGW z>)*8BpZ1cXYRz(~ihIo1^6=HIR456*;J8@&mON+b7bf&Liwv?11Ig3?3vmJlm)2f*yfEP4g@Lf=|t(${j{ zTBS|Y{I@l!LB9Q$0aPbUK;cfBr$Jji6 zNFmZI#Z$9sf07U)7tvpUTtPk!O@fsm+M7XXhB7P6=FO(WTF9`lvAIiik-g)_V!5&Ea^x{46py_V) z?fj|b?1K{vEtto&Qb+?<-7%LyYpF?Z*@b<$_kL3oj{~`Ut(~7^jE_SgLBR@;@B0)9 zS`Sd6G0}_ji#A+j)2UCPBt?e)SGft`&)q)J`A=%qX!*H`Znb4S9W%Rdm^h32J~Hl zCp5}bDO=D0))wR~ETbMYPwXJ*oh;HH{#NlXJLrQOW+&5MQ?)iBOJrN7Hi@Zhz`iyQ z5p4NCt@oypoZ5)>$~rNkk*r$y^FcC61C6}$zY>FWyq{hA^&!u?mUR3~`^;vUiM3$s z6*j#Cl)hRyszFkJyC_k;2@D5r}-7!94Ec{5^uGw^vDhm8pVc#>)A1ISV_*yEuz@2{CP-mLrEz z<1Q%pd30BKF-#`cRv@5{D=KuaU`xmsk{5%e1|Ogo=J5lu)N_#uyR|vwlkq9A2WYW? ztX;6tsg}s8$3OuL;V>EcJ%276u1=F=2zo`wt#+duZ)SITc)#pFPxdw!4-rf4dI9!7 z3^en{R-M>tN0$;iwHB>J*WJtE?PTxC;bEMm zA+3HKbKfpaF5y;*U$ao`RsLY z__+W0?%yGM>T;q**jolhT}$o_M(+O5AfLPvG-<97>Kf`IOwVE>`zZd*Ol&XrTWlxz zgSFtp6QQpSU#Wz@-e0TjlbmhDih?^+ThK$yp@EErzSAPAUfC5B(u0UhJ>*^c{GIV| zkCGUonItf=;80nT0+4-vk{bEKw1<%wTNwtvLHyZ;Rx6b+iaj$811%mu5_j3ySRRBJmZb?C)m$Jh~gSJ zi{O195>wv6S6oRz)aD!uz&Ic@MdQDdr}iF?UZ;;k6N!gq<#cn^uh*g6$)T*!-m&%Z zT8tfFF-AGbh2y3h;`?&ux_Q2tB+qPUMeNJIl}g6wSX3_CO7TP%I*=FAm-dMis{xD0tC*($_lpnc$GAis&J4>7Ky@r6+Y)%-OrBJ?k_~El8@6JK2)l2&N94uI&i8esCm$s z9Tu_E0!{>rvyWoMcHH=o?+LLeTlDC*V4ZePVPpo^WG9T7sIt0>e^sV2hC>Av{zxbF zG$+KQkM(6}h?O`B5C>VGHUA#~xj;t0_-Kh%n^@}$)qIb(7w6v4-g7zK6&`lgPwze-d=;l!`u?kAs%!fUtYK-8QlU82HG4GHu(X)!+CDLB zSX%7WwSAD*uvEQUGheHxx<=2}8kQ=5Wb?Ips%!MvtzoJ18#iC8r@BT@;~JJ*GRnX~BWl_EBWRvh1p^(-X>uW!Y6- zrw5k}OB)Vs0vdIjflN!l^yBDu=1Yc(7X~`a;nx?eBV=TcoUaQm3)+hhd8*@ zuE?3&*2Yt{og@y;_kY`(a^O-f<4zSX3Xu%mIf0a$TuIrfKR{_=-Pf5BjK@!<+lLbn z+N4sjoal3x7JIc}jstreZla9WMcbDwd3i!m!4=~krrLB>4XwRqA(f0*Sq$me80NN2 zj0%CUOS*3(!m(r=U1YjL8}Qzfliy>?i72_i)-Nk`-%CBsZFQBLnJRcSM0iB9ZmVx2 zL%zv(bTg%+sXJXN5RVfF(}ybU4;wpG8cM>iage(;|AF10G2A-Bg9^!z7;zktWXo>E zf}r8trcc>IW2^%<4Dkq3lB78K+E%*T1M53aRnNevr>Sw&&?TA~!ZZ^#`t2$}Ubfs} zs%24|Z_$xn2jDq3Q!Kw0I+h3>qdAMwm<0j5L5GZ!w-+u^pM*lu>NmttFTLbhjE9hb?ct9VFyQPTGl8Tfqj4s3}Nh&@fiNygxk z<2Ft$&vVR@+t`*AU&h=i<2NW?Sw3S`R^)4{RFF^;57isa&?PIRk)pvFP2$tqaSIT!9hh5fVwf*QZI z<=oY(kHm!#6x_*{^CGK*z+}QFTu>oNI3g{0_WixE#lmMhX#&PH)XweFynrEjDL_#u- zCj?SA4a~J#Zukpb1s&cgXH#Q{AeY-2mQ(91r1n{a{}&cE0A-JXjsL>TUAUNhg?4Npz3YyAPu)ED(P5SD>(NgTcJo)hdt zc$2r`h;-r5D6Sg)7s+tL;;LzaQ5Bb7G7Zt+zAt$LTEtP-G*=DLU6Yp82hMPDlvUW2 zP_KVT^DntC@Qd(n$SD;%=TVKIU#)0aj&2OH==fvA1X!fnisGx`?paRWOa@;K8_)Kl zmum6F;Vt?x9ugiBNpe?%8_u2G78<-sZmAeY12+cHU^92Yml?YHA}?bvU;2vf77boJ zf0lU^wfJJKbk??do1q7%f4n@gcz- zzit#aDSLsE8Cnn!WDkld(;#k;>5b+}nY7(yQ= zhnkVS6y*$hJwYV8BJ+JXM&EBG|NM1;FrUP5aU&TTOi3_L}j94gGKssL`wD7f^9sW|7^FbexgJOy2`DEalKSdG-_D1j3X z*)>U$t_vb{IG&^vg|=9!xC7e(T(1mlg@M=U{1d%-dwINv-s)(CR3I?oDi)@b%@ThL zQTRJ#0JNZrLL^fa!-)=Tgd@mNt5)Z0VMWdnCq4-!#evvDB381DNWv%!wNsNoA6sTY zejvfjLziyfBGbFuDZ*p5lxYs%E##AcNWEvHR93Rtqc_fe5}VreJ)CRx7v`$4$4Sp5 z*QIg`X~dOGZ5Y!)_GpM82s0IuV@aWPDU+DtUZ-;q0Ew##!F&s0^q&W>Pa!Cd z36-7%ga@rbC$6-bxnA5<3_~LvDs3Xtd`X=+G$5A9EH%S~?n0Vl1BW-qvtTh9K6zqd zyCqrYL*MqUfAERKG!RTMxGCm}=?2`$tD=zhd0 zz>TisAS4_QX+Wi-QP4s>y^ikym{Qf%4BP2kGNp7X-kaM-31s>bDssz{*lk862 z&P2G}){EVPQF{ip+nbq%HRb^|wQZkVZ;R=y)A?CRxat&Fm;=D4@kAS{hD0dp8Q97L zU{*X15sSeH0k`HJIzTttIbuvd>Q$%0jgL2Q&ctl$dxgA;uQva_;aliL2Y52<4-HAc zZnn@3Q3s^brUzse$@vlGgVazXr|3n0_w{fOn5ANUopi9h4ni(8dzw>%5q%H&3OQQd zupRGptUNL!K8nu4`ri0-&n*wSe&Z5@85$ z5B_6Zq77Bw_Ot1s|77w1`#=9zTkx=zcoh2_X+_LdwPS4Qxv^LZr8YQ|+fveoQCbwf zz!q?FwwIU$%4VP13l>h^RW+*+VD-DevOcw_EcUH9!M_$La24w^n6gTBEnGm12mWud zkeNFkHZBTgnxZ2{L)qyZh?K{JPmK~9Ll*WpV>07;VuVtnWKGPC&lL=)I$$^IG@R1N zo*E_cAOxPrGJ6rC1uY$v8EmCAlnhaI@_p-!o=T5Yq>fyPWZ~FHY*JoiE~x;}jC|k- z(gmZVOMvV#!HUnPa);u}Aio5GJGQTm5IT%OZSoXyv8t1ZrCYAZpF~bI z6cWPa-JyGTw-{2J$OYC^izi9QJsQHRAGHhMDDpa;|70=XTWh1{OvsEnoGZqyH%`qJ zq|$3Z^)s}mv97q2v25x|U7lWaI;RBl&@#sNsTbbm>4jREsnRdBsPgN^_CNl*kD>re zb+~^36aQcTS%2KRssRhPHHbYKfKX~fQg%9-z>7w>x3Oj{cZ79O7|>EtBC|kfw}C5N zXl(#o@$~jKGNT7q6WYZ`eQ=sMS*9}d8*vs99?a84$wi5Dq4V@P;zpYU9#jl2>1F(o zjETTYTgRNLmUju+=%F{vZc*WMJ;Z_}eVgEnm31N1Vp>}VR;;TX-DGQ9t+uj_33Ql+ zNdH#VCKTcWP2%`{plKk#q?b$}KQ9xV&*=za876Jq0EbmW%RqeKI%r|iZc&)RTwfhW zAJrn(5Q}NYC7S)N+P&S5C58R2`q$p}_H6z^{p*7s#Z*uj+wc0LebebLTmERD@rnHm zYq;MXh5N7>;d6D>=w`nQ_3UqEf%dyB-Up2L*i}s*)r+&=RjcreUItSekiFj(@zDI> zAb7v)lNk>Eu9oQDKnARUP1Fu3BwjFhcT|}O?gowNOo`0c_jRj-*DhxxzFtO6DqsX+ zlI)?glsV9F6vV#j8SF~}&D6=NSdTJWrKB#Zr%zq-Mq^Eo9DZL+@DYPB7$HqM{scG)YNi>^qNC|+pT`QaY zW%6M<#OYs20s*khfLF}OhO6&%KvT@S#9FThqXIFwliUJl z*AWOnY7MnEm^>y)VB8R!#w-&A7TDZs3S$nU0{JW?u8fjbV+)xnG@dKcR=D_8Thhv> z)S#7J6V9!A5pi-&S#0MgtkezOyapbdsX)p03b9H>(aXfLq2>*^+5!-^~qY39T$;IW$-2@(nlo6wa>?4^`@sg%8zvZzTc zl%*+S(rLICbB?ODkz2{FA}-7cT-N_4cp4a?Lu-daCZ`DUIF94sf`F13aS{=I5)WKo zF~;qIGq5}^0c{KUNh58vhN+H}MzSGD$yDIJWYbR6ct5~)*A^ZH>cA6IHAfG|hk2=g zdXs+*tho5}X$s=gr;Z=0R%GF*fNm0PQ-Nem4Nsry`8<7!Sg2&HZ`7)m%9jgw_>+Wk zXgKNNUPx|wcB^Weee+HMsBDL7)AaNP?-`;@E$wWKCIK7bAbl4II~DE|ModZ4ACVZ5 z5Oc}|7_nz~j;8pU7>(Gf^^z0lPOl~jM^trX6|K^{@^7;KPv4Z+y3PIBDQ*4@Lg*0W z<9_~I+V5>$zolbjDkUAJLoR4h^W(a=xGrl^^5b>qn-a8qQ^Zx_r%u@lmO}^@=!OIVTtzYNYtyOEkYHt9+U~AG zc9U0YemKZ^Q82~u%;^VelD>r2db+XZ89xTQAK}=R6-GeE8sjR6$v3vCrRR6zY zC(!p=HrQ?2ptRZ%mKdx){;mKq2hxMrSQ^ZdV`p(sixf}%6 zFjrE9z6%1q8oV9SI~Cz2@40ZO^+IfU*n$G{+4;6NwkPaMxnF3+_7 zliapw%$+g+Yk{zFnTe*WV>{=>tGSEypufcg!w>7nmv=%;QM z*2FkuvCP3>k@Nn_xfOFAI8wbZt>ICoO^_oNjz}a$&V>RCK__7^Vty}VKG}X^M+4I& z4khi`UzDU=a_#2o750LX6NQz`NZK7NVtz88E&Z1}gw`A&DSI;Objz9h&G*S0Z8n>^ zvu^i{Ter6Jr9^C6m$S?Ch%?Lz7BFJI_3VY@6jJF0_CqLX;iJ-4)OR(X+(*|u1{~v( zvsf{`DPxNKI-M+8@C;p;`#zuGKyzn37X%s51w0j(`Xn}ng#Y({{;vR!M3nG+^d6K` znH?8RV(OC`N1X{|xeToPn%lfLCBaM|Dm^MhOoVpDLGPjo$3D#JM1GyS=*}9*>?Tdp zrfD52B3$7>UkAp}9ULawiOskNz|&Ds+CnC?ZfP{U#sT#a$Dz+=!5mF&vd(lU51o@4 zfs?WdEaTT`sC-c3_F8oB(N>qUwhQ=@*$P_Ec%C_UmFu6bt5_$4w>=V44GnsDVztwtbTxa91!b$ zf#Jn6x}ky?85ct&kT|k_0ANu_Rtu81`!OfhSbfRROYgb2)9G9|S!uQ1)t(I{hDgOF zDl9(3IbhDv#teb4D1gz0rd?x@Wjr|>tW#V1;RY*)Fk{!mHzuud9P0ebfnu-fJLLUU zu<0YqI$Mi0v-?~j1h$pX&nHKLlHTQ1zkWxdcJ-a3F_EKbO3F6NI^_k>C@FK}NGy8B zFJ#L=0!Buuq%dp0BEQG<8VBkicU==*0S$Jk;{*&wBk&E4_5WVz>a5QwT5e z8yU$>8&Ri4M&VejN454 zsgtQ$0=PWTf}fu1GktBvteMt`Q^`JsT4n}_Nj^CboozByzKSLs3 z1NaSrLr;SDvg1~pLBjuh`n1#Op)+emH9s5XOocmNMKJ>$(VujkJ#^h4pbg6;6dHze zZH9zKyD+_H7WYm^YGv)YqNL_bpS#6Aq3JWQ0B(Bd{SSmYM=RV0i>a2*B#WpL(zLh& zH^exiW>UQ|C4s-0NLu3>(Evz3g=>JIt=H+H*X)|4MzwjSEpSpWM;bCxGNs-#Pb~pG z1sv$#Iz4m%FBWX1DE*+s>0P5~u!XQ~7_iaRQ+;wKKd#NQ2a4k>#ksQZr=Qbq^ zC3M{B!7Z*sylUP;i=tuT=;Ka8!!pGJ4GA&k4dNplL{mH@iN|}0Fq*O%QxL1cZ}41m zc5{7T?`l#y5sIV_)yD9N6@K$)z2S0Zg*7po+ev#b>Bu>5-PF6)j96&pyoP#As4al7IGM zL3$%BluDs@rTL`JR<(F`4w9kkXNp+f>9_O&4X=czg-QWj#_H_Ef!O9mu;7}2*u4w? zeFm2Sy%Z3=&f89ZO=eP3eHgIGwyr^XY7Sc1zuxUhX8!qXJ2@|3c)RMnJb=d=?wbcK zQKAi~unGLsTrm5fc2%sSlF{;dLsC_XAgbHs>c$}?V}0$d$ z>Y(ww4w^tsJB6b|7Kd`bUscP@QD1H!Tb%4m9uuu%^w7l!2Q}*fUc8)6z%4g5cbehF zpBk<2-@JSM?eY1Cx8Hp@KR!D>IXt*{Oqvo=u1SD{uvDvqWDb^ALsR=lZusaxWnG*;Z z@4kvKikVH|Y!0D?%b|Wd7+;JFf*e4o6e-=*~f=s+oEWB|nFFMm%?GJwe2q zc&SkC)V+S@{oU)|;XUzvY^?Gvo-zUrGfeCq$g}RdJ4b%D(*jjkOTN05vqaaLd`(TW zBKDP>iHDFhpvT z8Qu1o_tB{Z7Gi0rG_yrgUhz!xii2XEtQgX7B!*-Ts0?@MT5T`m=$F*+1XAET~)4%pSvEpQZZhDX!%3=QU4PhP}v zs13#5R!&m?In~TV-znsT>;@^u1~#zlaOM4)$Ba56 z2joRgucSG-Cfv9_4#^Z>Q^xb|la9gGaUj=2UQ`Cc+{$>I=L2Sr#rK@Wk$yj?M5@jq z3k3uK9}xkZ^bG@({tf270H-u8DFg+u77;jt$j69`6vnjm+uC{T6+V{PXjQ(@a2X7N zM2cO}M-e8ArF%aQPYyU-D{R^ApGc$d08-2tlha_Xsdv!#K6)Pq$sy=HPZ5vFhoG8J~*S7-674_NoXK&x0ei)#LlQI3M18-RG!7Xhl_Tj}%`ikz|`H8ta z*On%DSOd57>hp(p=O+W`f?!{9Ks!eAG1+bXhR5~Jf34%Xe~-s?|52SQkLI|3Txk8% z9M?Pg=Jh1Z*$rJUHgk8F(m*eLoMuit^Hx8B4eC;n;SLGoaTFSROL3N38xn%p*+PBo zAlctl=ZEcc*L$&LVhp+M{_efZ)_Ue8eg=M4wLj|->H19rLy9<)Y#5K7fA&V5 z9{NqN5dJYCOz4llslR+2fZK)@dmK-%BiB5hM)vu!!XXKcOV@qpeWh8u#^q!)l`Y`r zOD2|;bka#UXqfT)qe5JptS4&f3bTTkG@EL~?}sac}}YHFaU3oROfj%$1V4 zN3XbD!r)K?EK}=TXOM<==MnV9G8QY zjIpz`v-9%#bNJt#ot^yu?(FQo`b+^w1AUFZ{t5CB1# zI42|7$wh99{Gkq|rqk5zA<%L<+8$C`U-Y%6eWN5 zz5b53)A7@!1AFKIozfx4eD3-m0%PGUj%+X+7D7m!5gHPCqZC6UfFt`D38BkOAmorq zW16%+irPQZ>rB~<)IK|2_>`hUM+$P=g{uqr>?RBt_QiI^ZS7{>_1;gG>}kqhfXR zUuMWehwLpzgsHQ)y?t|YlTmy+avqUA6zKKqT<4bga}(^BveHt=|5v34E|UNHFJI>Q z|ErffU-gAXH{}APm zKenHuYdYJ5i%+HhL4e_zLd$4M_R!PqPoFv+RjqSQWXwZ^kziwq+-IT4Cz?K3h&q4# zVXqlbS5uPbkdJC6Jk>)NZ9wFt?iHDLQTMyIZ@Z|g&zvsW2&j;#`|ZJbSN->YbvHLr z@6)Fafb+*6Jw4*W5mb{1Jmxv^k06HK#b`?WIH2L=M91mWKOcW2BZ$tc#NZy%jYv2m zHikGP0XzN}ah)Ycq_M?&=!(qu&>w#w?~2UPr%z4*7iO}rD}mbiSx<8>6X`|GibGUi z>>p42#M2y}~nkC`O-uc|o-ef#qbp_8fHL;a5Z&?_$F6m!37Aselu>fnCYQIDXS z*z>6QGO8YI9=A)vXGtjcN3@nTt9OTmOV&*7_Act`-EuE0s25MqiH;HZ9YG9pJEoaA zd~L=xJf}kv2$Jnp(@UFPb&E`|2H!Qf2Nvi&so&1MqHn$)5%Y8WaKvU23rQ%GwSYK) zuNBeij8t9Z{iKES{1??49E!T=tH$f(fMBQnRRRRs+fSlubi2q)KO}VvKsZfcPMfF* z=<=*N#k$(mcH=>UD!bdA#1H9^d$710`L%$C!kcB#Yp}S9Zc#{e%$fd9cAFZ44w*z7 zkZ{65+Gf5giZ~7B7`c2-c2pP`vPMOCL^6C+@iT)p@7#nue`9MFdzLI>0h`Q!RO~j35F1Urv?0gU;CNY_iuW}BL9> zv-7t-AiYBu&L7j(p6$gBP}#G)sm&;>8KIGCB6W&C&LU2+RR6XYcQ%5VeR&Y+9I(w+ z%v4T$%dDFqvunZ+*(}1Gpzc5V-fq9Q(=DF+)l}eZCLO}rjkd=!uu4#xNr$J*R^`AdDQGvtmDiP(z3~h!fx5Y!E%1r%pAc=-beiIE5WNTL- z#~wYVTFob?hon}6DprpEJOo=l@Zaw|a2Y#Y2^ao?wTC{t&c8i4Oy6TP+*N#tM=kix z-OqbHU@WJMo3M+mP*~S|b*MZ%KWd7=5%*i*@9w0BBbt(ZE7VoAY>qVno}o4sIXu16 z0kzWTDbKuT-*}xQN3->|EvtQlwO5=Ia4-%fO&@SQ^PYJ-`b|$(^HAOVWFMN{OzCK9 zoz8SnOOvAp2dMkUr%zp!Mz!;7G-(AEqzO&N25(tTCgdZS!`$byfBXTbNEHm|(zEyw207mk{vL z#1hp3?Q}L1i32wITA&#X=`0S*R^#c@hT?}wN9Vwrp=Ad%-9I+2-|zJP{_Ez`_y6Cg zU!Q*Z^i>yaWYB|dkz^MV+^UUzQ}qMnQ%7xW^#6wTA03)`3Ez*uEVlnV>p#!?f9$+^ z`NjV8Af=i82iVu;l(Tp;HIZ?05g~PmMQxQ&!(W@bZ%8Huuj_R{DqYX(blwR(A$$7T z0(|V@EIL*L?ChYu{en$3tt8CFx(DeShzDIJwr2SDBbb;YET^7i$vfqpoi6I?aNEg0 z-ryPOqAmp8geJObZ)c~Q9vuY;`}YN5zXgQ-1i}I+X49Gn-(DIjya0(it;7yrvLZzk zY-X>x)LD0K{RZuTI$nm*7e@KfP!Aav*F(0YhfWm$Z0yul$B&bykHcBIrI@M?fUQZ7 zN^}F+5#^M#8_WFFxCTnpOR|5vZgqYAF!eq%I*Yr7&A+?xv= z`X%iPS3f7>oq5ae+8@6H7!6MM_EGnj(7s#0K*#6jZ_oGOK{D(|n>^BFfZ$xmqfW!u z7ec(-Y}VcCLHCWUl=-pyONjC%%```@Nr_@nekPa649^t-m~^g zdPO1#mRn41KMF9NiIsr;UCbf%hZ};}r2R|60AN`i1GQBWg6${il=h4-JYcE7y;evr~a z{&SRmrSjW&Bgl9X6vPihGw?rMw4u|acHz%+h#6+hg;xHNQ=)65uD-pqB1P3{oE;&N z(>R$>A^BX%OzH&mk}*B|$*pWdVwP4<;$BOu4Bv*n>FMbrPXspn+V30blcym z{K!mo@RnycMgsW7^|ayqLfJN z=5|uzusyYFh`g{fR!-_UrEmdxm%y`_$jw))*eRZD|D9QATcg^!#4KrPy%lVbf~8tU zfiVr}iD!)hUF5m=vtE&#>$1%rd^&5iSwFY9w(`(eODO=0?7z=506DI&{YWgjnQHIvcCa)FEv)eooCsguKJ z7RIpe07?PKc(NK)*$!zav%PJm-^KyM^5ygVcRL)AYH`3@MPel#^%zKCRt%^X78C~-6RTWdFif}a7zqN;Z& z(8yWNd%#Q$a!UiZxf4E5a=o?0Yq5E~7e{;a-V1g=_X+%YOGEk3yw|!H`)|MB&&z*1 zuXet~|9X(p!v5>Xazf(J$K2P?|3oE=Fl1w^>y21^l9!xud1e5Q;5>&H*@S*N(R6ha z_-@)1$Fq3>^fBkYq${sK!y%p!zc-v`TbNLR=t@)`V-&MxBdn0`dvUQwpgKpsNq zSQ9Z4z*I0>Z%&=`2O^rKsTF{cE}DQjP>Ppcy}ycXb|U)URuR30R2+CjQ1_cI>VD`h zKPj9bZX5@}9Q_{SfQ~8g5so60&hTfVdx!c`jiDeHiEAxnd2~+lRBO=Lg919E(xzRf z0&N&n9lg0wb-@x6k zLMc>egm+hk_$o9v!j0+Gfippe?j?J4Ca`9HZ4F?a3NyXwaoZ4Ez5cn72%YrlkC7Iu z^<+(r>GT}Jv@t@|Fvb*_)-!%tx~8u4lZkX-sV85#@x@sUOzviJ2CdmKwY65TZ4&fk zhibZY%0gZ^z?Xf!^HwVDb#+_nb07OjX(<0`C**s%|LO1U7UMtm`(Nb02PrM&zvTKy z6NAm4T+KHv(PUVqy->L@{_SO61lc-@r2->Sdrp#G6M`o>ZJdWtIt{gEjVvS{ItT)G zBlKflX&NzoJ79g|H-3wSG?zyS@;9MLMM_8yAozxcV|KT==uhnY^~iwL!h*P7{3#}N z9ATJ03xm1h?KcEX@wJ-9HQ_kO<5VaH>%Nb_@B6GQjTVluf_XYGnPzXTl5@8NL7A@i z^9PPO>Wb}JY70H{)Gtr>>FEld6os3o)V8kMhwd3`VfM<;wBq4kS=9wJ#ekiDx!{@S zJ6B}hi0wdxsXK5T9ii%qfFEP`3u}28)^bJW^wI@sIS zF>cN}3f9THsne8plmh4L(>sMOBmbMV_CVNT@ zb92CUJ@m8Eu_HRVLSxE>Omk%$ry#RGechP`Rj&!^fsaATFBQ!Ci-vc}n2bmShO~J`(fUkm>uG23@BbY>A+gTMwmW#P&FoK8OJIFIDom4h7YV!d9sM&I!cf^tg!kZBJBbk54*-TNg8+BYM>^X9GHf<`RRSo-- zjpSK5Fw{^(|L6!6z?w?uP&>L|8A`eg7`uui)V)^h%E~5R)x`KTYnyaN$4P(gNu>`F z^TmVI?`b&m?E3F7u3QlI)Tre+EFGYtuJdH(77brMC*jDAVfu#?KhJs3kaN;D>DFA& zq?CyFUCOQUF8<1fy*+cbME;F-`6}BZ%dATBJR8v0wP17|h)M{<^>ojJ0uL>hdSzam zRj;@fv2adtvm>p93gWbABA@D-i=@)eCK9e#M6k2%J=Ec} z(%>~;%AHG7`@duyPsqKz|LFH$=HowqvHw3*Y5)G)eWQ4x$pV4TZz)$bbTd*F(np3# zc#aV%x5YUXnmz{44V9`o<^#Y8MjxkhFY~eF<#yhhV;%(-nz>Q@vm@@;H>x#}0tYR& zvOeqNcQ6BIs%+-WO7>)R>*z-hzjS};y6-IA(|%D~EnbvERymt5EPnk;L;jyW@m%5r zSit{xUhd@m|N75g?SA3^4^dk2|IjDgq(hHQ;HJb^!xBrKBTdOeVU&F-Tyhj>V?k5D znBovQ4qmX|U#EtPl=I0buwUFqi$N%^F zPGSG=yzGB@|N9`N#s1fi`Dm!)z)}{1@qD7RY^(Dcn|?J1&~#)>jT0ixzOPrdZO}vW zE41m^9~<(8ih+A+Y)5YI{L5j6@h;hMc>NRRHjNMY7%?tQUMJnbr%(G|ZCu4eGLiux z$C?9rNk*r}d7R8EOrt@g9z(wg7Aoer-~9tDwVtY>AN_s$^r?$((GUyr@;U1Dd@^D_ z*(@=jd>hliMQxFP>eH*}Rur2Q6NaTvv{f625>VL=;f4 zNC@>0hzzNuUNdc{1(@&-u^`_Snt~;;5FsN!hI>?0_Lc_4sH(Anv@y{`n^i$AQoCYh zFBP}5GChFDoXzZ!saJ5}%GF+FBp0UouU0#&&~a)}QnN7^JI)Gv-Sqa|>_Bq~({&od z@gv_3e}g=0Ipcp)&8%iJQsLI#>8Do=bJ&fv>o6zRl-y{?j8IZ;E=AcGef?MQwXq>0 z8X}voOkc%UhCxgNfyM;wqYZo0k^+;Z5a+|bZB}L~ON^!0YW>pNINbz#L^XC(eJ^Wq zsAf=hGm98EHI20rwh&zU2PkA=&(v;0a@E&%x!e0IGVf>U5bo^TQetMjyw8W3z8XLM z#>q9|g8Zm{+}lUyPg5&PWp35{A}@D^=#^dzZDwxt9CFAxjCd6nbye1Nv+2-!$e&-z z=PeE8{~OFh8cvo|0T$YScMA63-B-`Q$o~&fTFC!DYZ^d!$YN;%zH=4?5E&Xz>cswp zd`$gIJgEu)dCr)u}ws+M_*(IbHs_7CJBB0@(Euv>KCzXa$ZD`cmpC(lkl2y7HYR?aL%lbKy7eC zxUfN}W3cT=9Qr*oN>7c_b82=R+r^i|<4;nW@qfqNWc$Mi3xPwQ9O4>uKKEu{Ep;=`1ZR?=aWamWUKOPs8%6K_^m zXy%xa^)5H{v@=FJSsP-N6XTI#eP9!)6T^q-8EEym*88i>Gu2BRQ`3>`qZusHwu~#Z zdgw^&dwY7mm1ksA*a~`;9 zpL*-$pU_xycFxhDuFJ+9t!m-T&P}J%ZtX4eDqr;Gi(&g|unMjXuzE%8#AG?s9r7AS9xIiTbzpyU(4(f;G?Yva;pOere`gxrF>b!<=G& z*xVGfK>mOAqTv7c?D@{l7y17o$};l*YefJ@->zKxw}iDevcH{ZrQ{E<-|i;$+cEA( z<}X2MD~aE>H{Ib_PL~$?bA6SI{FslXR1(ND+XNt|dcLPvPODXiTtA8vs|FQn!#QKJ zLUrKIr*3A{l719_wr&PaAF=s)Vf)4EOMUxu5(RVwBvLh&$NH#y)|rpvGJtZxGM63V>o zwxqvh6#0hTtXPe=lW4K-ORDfyz1&fOx81I}`tGvRHhU~1v)!ZeevjKNGljeCGxtPl zv#~1Lt=KT5_HT=oO{M5ZxvDAn3s%(Sl4UFA{=Vi|FL=_kfE;iF#@@>t+oVduSu{Ynf% z*}f_aLiJ{xY!?+~oP|cE+@z|FO6z72I>HhUvBZHGRB#j4TxUX?+GG%NyN|Mm zNl&FVz(lQ0>bqL-;$D@+V1E^~<%zJFyv)}3tuF9-95H!dn_Oa0V5YUB& z25Ngo<+ya^sZl?JtYn{)!7GBMmez8{amZ6s3Z%eU*vdrTaZMW8RsU?3t;I)VJ6p%% z{+yFcBdRi|MGFGW53=}1q+HdrF^V?wYwEyKZmHVLPNzm4tQ@0l$1667Ia6#&G0U07 zYC5{3Wz1cy$6*{R$b2oAph9lENBhib<^RSrx)<(|R(+RTXD{X;AP*O}W)0mUcaKE{ zkue*zwX9LGW>`tug;S_}#CzZ*uCTfsE6IwxkC=)}=d(KQ<|4W!r_1-cpsN-0J9o5b zd6rkIygp)bshraSlBpnxD7VdBdZ??nmWJph?7y7&v{fLu1@C`f?mo}kf1mYto_(?Z zK1As(V*ox^6!70A$39uT1E?miwXyyJIMs$<_gUp6O24((a^BH61J7YGZo# zjWG>o8FM(^qoTDkNu&B`uU=-|#$B^|)E`dC=qkF#w$@OTHJyDOZ#&lFE|w}Q_mhz8!hCjO?}>VE95IRfC>A*FdgdcXw=(5_FyQa3~CZUaFRz?A+!-?sNhK}sw&G9VA#5qe_b#dwKrETc-b&E;R9 zVJ}(eN{z{6$Er!9UoU+nRA!S+)$aDibE=$6Hy@&I;g-xK7<1)h=bv9T&BJb*oDx## zJ(u}DsR{`&ocTFsWHrMGbdzy)9{YuRCvUM_Hbqmq%&|~)yROyA>!xba zrj5wv{8GFOzb;&ZyV(lWb}&a-rpkoK!uYLynzX`crp z)o##bsz{G?6;0ZEzl6Vp)>-kd;+L>Q2dYTt=xtW`fn{w2x_e0KR$yyMf)?!i=<8lj ziA72g+y6>cH(WqLfkWR@`dLaE>FPVbSp*g^u^t*vo&4`jNid_6ka2RSF&4=GJ1=%~ z_kaDDuXex0e|eDd1f5~2I29yw)r+l;oe&LU8u*HfM|gCFCq#IiC+KoY1rl)-F)jrX zQxXK=5`$(~j;1u6Y#~kpEa|m5Hq+m6=y#r=kW91_^@cWD7-v=V-!?t;HVo#7h0s!g zgd)OGKttknyrYW`7wVAfJVA#*o#>~-3*=KSI^KlJZTPPSzvB)6#kb+V_J`?YTm8rW zDXzoqw4)&&UBwaTKBDu~6E{)ksW-$|ou{6hMV+VryYmG7ggIrgKqp7XqT@xJ{YFNz z<58dBZC#JE-#Xs47%`u0KO%cY-Tps6J~(=P?9Kc;j#0n=Up#;Dyr19yJ1@Vy|9X(} z1bwUXg4x}0N{3uYEr*H}I-LXb{s$7wvOoX2VKa-V6T%Zy$S}4oSwu%-JJ3}>7-D*& z>TH5#e8O2ADVCxM3TKOJ{lPhJjI4WT$NT7gv`#rD8QWfx63qD`*XewlS&?MuNC}8uM5)PHHs=J3j*%$$39_s#Sh(`YXwa z9!oX@h34|~0*wflbWBHB60xP|egc^kLkO6lNK^f(<~wIGM>tBn$jm-C;{PG9RZmSX7GQEbhgElFpA~k2A$hpeOdHh0G_OU}HHzw@4>y zMi{9dkoshBI@jtiEyLC=8o18a-@Sd?HD;DH&GNSg=Uw&R|JB_bpgKsV`2T0`T7TQN zwfJ}a6@*=&Nw1~E$(TA6;e=o%kzngBB2#u>T;5I!v^lBqKAWA$Jk@ zS~^p~*(W|uYVTvzMkg)`!3#lQH`f=1*~Zmy4Y_xqv!273N!^vspoUwdQ!1>;q|7B* zCUjRi!y0anPRbyC=LT|jHFRTUS31QQr!7Qwp!3yFPoE({Brioux{%w^j6*nOIu{-dMN*U|}7{&OL?=rq~i`YgY%r?cO_Tdf`Zjazp# z_VwHjp`j@d(6gj0rUGZA&Ji#tXWCZJ6}qB%jtG+_WJ0tidQ9npFtcTRMc|F85*D~- z{hgrm2^!UBbwd>)2~Q+ic{nmcQ42Ld~Th6Z5}T&qvQI#Hh}s%yR@K zVdrgC0#*afuDJLNrcfs^omTWRH8yQyW<6(6NwHoQV5b_MY1zJL7`?7g0PH; zi@G61nN$R4hf7`e#IBP7Z6{H1Rq{Z5>~s>iXSxm?w3Lmh@Yka{rxd8zGD@ z-EDQgrz!jH29Uiy-F64|G{Af}(|-Ll%*HO)#yGtsEE~0O75!p^fe?1)V-*wGuMlC{ ze9TFPo}9Tcwx<{8-kMcMMW;1GGpO4Px0tuo7B?|&En{V_dYSu%;W7LyMa5k-BVf6TKn`!)A zEAarC?+3_y3;Rc=>{I9Jnk`T6b0*rf4@QyEekR@hMH$`Ctk+OxBa$T5OTEBP4;^(YHU!JTT3ZY4n@OdY z=j{V!P@rW?^`idu<3T?tyJlMzH0VuX&?5Kc%YDOM+n(I5Z`iR4^-vYLhq7WB5k?jD zU(%;0LK2xC3^8T(?r-Ba$AwK>@Qe_1~l{B!>Sj{?hIai!d0RP6;cIV&=f6c#arnu`3;R zW7Vm?B-OClIdG-hx@SkNcXiI~H9}JFKV0P-p4;#Gxkjk&{d*4g-TpW9gagZ#RQT`= zYzJ_M+f=%SU$zq{OTumf0Wq?(*}xuG>2p^+YxkAFuEf~oe)()(R zt%4gXA>_&fSagx!eo$>jyRqtn^e3s3@9Z*mI}LSatB$4 zO}8{2ZINHwWqG5{@(Zp@+=~cT(P*B>y{+;uiTWprmp8gCKcRT&Tg8n@gjI!zW)%*@C_Zuy)w=PF_So+;8i5y>f}|AZhyn*?IwNx|gM0*CRSiBN zY>3oZgpjHVa;7V!Y#Jey)#5sHaaFE(04`^u+o?o3he+}WA@T*!i=3RH48BSzkD>ra zV@p%7d`VE`I{rSa+2U;+u_lnV7P+OEvJ`6|Dv^>U+u7(%oq26~Wni zK^1uk0+962t&P2=f07O@{P+uvq5`Ygwt6ot+UK|yWY(z30|jkTXQw(w=>3K`3}5>w zVC)hD`Up4xMEBvmB52m@Y%`XqR$G7=+S1Dqjnjo7xrnl`v-8Tz*#=X|liEiiv3-QRSE&oR%Qt={m1m{q zC3IL5R_c-Jz0GF?WK|>ylN3Phz!t&7455iA^G9X_B>9{mMdw873a&5%qnzrm71y;3 zb2?mbDJdi)SEgBTA!dXMxy%ij)Y9$OBl(f#6}*q*xE+Vea^?CURLBN>n;8lh#qOUP z5xy+&=aP6Zt6Ca={S};^VhFYqtjWD*F8>>#KMgdwm9>5oI7B! zi>I$&zkm7a=cslv7w-7*EDC*3!%Dc4X43p+1G~a_O%E8mE>>{u?Mx3Wf^7I)l4@g% zmjOcUt_`|lOn<%6*RR08s2{=?16!9Ys%iY&tO+%?a;<^Ac=_h}>qLDq<5bF-y!!IiKheX~IRSXHG8tse!#e9`dmDm<9RPgqWcW z=R_#k5SvBCgTYv@w24$`URm^KfXrPI)stRtu*A(Ly&mZN!=<7-V)8CG@W7e+AG(Sq zoZj_V!;!Z;@}=NHp`e;44-PKNF-cVpA3N-Bh+>chPKi%_sI>vb9DS0UY4V=*{z~+i zmjrtFwWkL-EXm^^P#k9@Ggq12lZ=AOvi9A4kLF zI601@4=)*d!53scCISsl2k7MZK~2$4U`jYLv++qyG;7b~4%HYL&k`58n- z{dZ$RkpcZYF)&Yh<5#N;U0isHh ze4>|FSY+1A@GN`&^0y?49zA*wQFNB@DUY6WMW-aVI??=E`nEM|A3UUpX$%Tz~ z%!?Tw6Gc-nC~$XYe9otY5iR*ETs5{`9jImi(5Y4InO4+{2zy5tV20FSAz&obtC3Nz zbGz+ey=aI1u~gQCeFeewkda^%!QqWsyBR=zCZLl&RA{1yFU%@Lr7Vfuy-DM*TPw19 zDpSI+pxlGH`K(whn_p*~NZq^}u$(nwR%tobWYoPdk=IRI3%h1)Mw2Z!(cNT*olgXr z5aEWY4}3DAumK6hGM<)tl><`SY&(mSKNhEd%<0sK_^9vyj7v%46iXrxt(DlH*whHm z^+9p8IMvGXR+34Xqnxr!X>`H0tXpg#_o`BHL2)jR1d%*nkXRFU0{=aY3ocb$6Jq3i z6x6p%Pg;sY{<O;H literal 0 HcmV?d00001 diff --git a/index.yaml b/index.yaml new file mode 100644 index 0000000..8b4a824 --- /dev/null +++ b/index.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +entries: + netmaker: + - apiVersion: v2 + appVersion: 0.9.0 + created: "2021-10-19T11:43:01.375725537-04:00" + dependencies: + - name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 7.11.0 + description: A Helm chart to run HA Netmaker on Kubernetes + digest: 0a9cf7d64d69fb6e2604ea0d42ba762899c423640bd554539359095939647f9c + name: netmaker + type: application + urls: + - https://gravitl.github.io/netmaker-helm/netmaker-0.1.0.tgz + version: 0.1.0 + postgresql-ha: + - annotations: + category: Database + apiVersion: v2 + appVersion: 11.13.0 + created: "2021-10-19T11:43:01.386221323-04:00" + dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + version: 1.x.x + description: Chart for PostgreSQL with HA architecture (using Replication Manager + (repmgr) and Pgpool). + digest: c06171bd61488b019ce3d85f3100014ca810d493a4bc778412775ac126c163ca + home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha + icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png + keywords: + - postgresql + - repmgr + - pgpool + - postgres + - database + - sql + - replication + - cluster + - high availability + maintainers: + - email: containers@bitnami.com + name: Bitnami + name: postgresql-ha + sources: + - https://github.com/bitnami/bitnami-docker-postgresql + - https://www.postgresql.org/ + urls: + - https://gravitl.github.io/netmaker-helm/charts/postgresql-ha-7.11.0.tgz + version: 7.11.0 +generated: "2021-10-19T11:43:01.366929589-04:00" diff --git a/netmaker-0.1.0.tgz b/netmaker-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b9ab98c662273543f427609835ed6b9128093833 GIT binary patch literal 60499 zcmV)fK&8JQiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYgd)qd$FuH&1Q{c!sukF4jE%`^1>fP*pRohMc)OLJqr#*Z3 z>~$a#lCYsj769$2Nxu7i@RJ}3Qk1MXZP)DcG%^Xy3S2m z4Z#}}&42&^SOQ2EgEvEPp=1>#G59GPArd2oXh%|{1-ZlKDH;HnrV$Pxhu68wTf|X) zYnK16p3?Y_lHkMIaV#AFhrQDH-+S@m;A#9n#`9Ri8&42r13;&6@9_EH<-zwa4!<9L zKMubSUw%It_ril0aPLKbfB)d+%kQ7}`n`TH?1%k+7#;?_-r@7Tp#O4=;5huAOG((7 zpcoOzP&feHz208m>-W6={!Ra2(Aygv9Qp@)FZ+l6?_cbBy@Nro*L@oFHIEtpcQDEj z{VE2)g7N?SaDT5n|L+|>jsHh^Ho!3&!z^Mz3IG@<#LT6BX9L_!F$I_c2>w1iKl8>3 znL)--2*x-D2SK5{$U@kZ!AkYpFfaUuE7)JMSPIZ;HcZd)iBESqa z3{DI&9l-w_fbLz-f9W4|6%P`-7FWK74gksMUnpP{2qQ;h7=UgU02hEU$J79Ye=kGo zbU4#-fQCVkWHB>by-rbp#~4v?KSgYc2!KEp1yGg+bed#Q$h%v1Q`iCO*8nh*Aq{I7 z#|abGnCMd&hWsB+atUGw0GO8@fKOjEhzs7VWDKr{ylO^~4^GD*P8gtw0T_o`QZN;$ zcL0>Ez!aG20%R1&6T>U8)3`BxO_D4ffW2O?*Xd-~bip*a2QwJY!Mjt(n2@rp2E`ulM|PV2n2>u& zLL5&x6cqCz8LH0EJ#FA~Te&DIY5=N&T)3q@eH3MsA#!@DtELHIqU!MSR2LTnQFfUS zHUKYsFZ-3kudgnTtkM&b2D0?Q!G5LiI~#C@HP}uE$J{ufrWsrz%~B>=lf+{@$p`|f z6u@IGiiR6w7*YO$MFL2fPy7w0G(+S<3Pgk$MR7ppDf3d2gx!*uiW(zGk^H5}G9@@+ zS_Z-J===l(h%iAKyn{I6$W_e`W?|#wWLLGphf$Q=d))LIfUcmv%L|J-rV$ElM)_!( zA%SBt3Kmh17axEwZ+ur2iYGY!Sb%zkLQJ?kb0TO+r5NrdP&e2f4pV{ zrv<1e9w#I~%dmxa5Ag+41W)Jy+@q0De#ixyMN0wZGHo}XD~f?F4*C!0P~#(j*8nL= zSP~==NMiXSOlA!HID*(2CK)85(azd>;L}XPG+%zf1ij|vI8WrPQ<<+C0sO={6@gz~gRR^O5vmbnal{pW zj)I%8F=a4{kif_JNVokC03QUDd`1umXYgauIK5BE2MX8}vfQY=$58}mmWt^Lj{(Wz znA;Zjm`yFzszuzmkZ{iM46^~~_d1<0rVU&oSuBAaUtEK&qlBR2i|cLIG$sJtB~dm* zfa2felrCx|aWn@pLZO%&r%A+{kA&^cAyJkPI6>F=H#7kKy_e^>(y?-LR>)ubRCRVs#%K`{e2R?K_VHm5?AM#)?Wzj%El zEMc(6n~w;^l%Y64R{I5;lX2df;~&IFDp z|Nj2oi_-f4;IRMVY5o5gPu~Zx5fcj{%ViGUU7dl^+~_nmMHGP`nayAv(n06bCy%Q< z|7Ynm($kkxOyJ8GQG&pDg1|GbY{B4FrL<7Oyet5DX+MQ*s@`&QotgD3c43bi1=coYe-hh5MQj9 z1U&Rn=>3bg$0xU!Z?A4%J=@}wcfcYrK@4~vSAR5x0Ro(mD-j>_mfXk6!;t}{YUSgeyoW2(lv`Q4hhFWl!XX%jgLmJW4piyU%qUYXgj?uQO4oY zmFU9^%>-$bL6%XU+vTgWcU{ij2WC!>by$pCvH-0Y)$m5NTpP z0D!Bg0XSt~2Iqjm4+uaoM)zQb1x1wP<;TJ3}Gr%&BapVTPa z!f}W`0^QS*#YQ~@L2p|OGGB}|Ii9*-9Q~iSWWZ@Hb*pG>?MO6UhZaNe^6l~M#qj*3 z#IH07+lqSxx-d;kMmVqd%E`-|k2}?B!rY7lQMG`Mv#EAu%@Bj!kP)yIFJ|8A!!;zqB}()DZwEwcZf z@0a&~4-a~WPxjwqJfA-8e%Cqqn8G;Bw;+qCQq&th}%YX&1c#wg?p zMiB0IenAqpD9<9Jw00{ySUz{VgIe{tI8qEbO_+mPS zGj0HIRk`hVPWcj2C@cxYOj=_ME;t_(u}DYsMf9!(Qx^Lbix*D|-uyEvL@ zwcpz?oX@@L_cKBK;8pt`&1p1jkU+{)pQN+!a!KM+f@3xY-T$QCf6{IVmPFcKzT7{H zVrTUyA0#TWf%m28Qzam>R0KyTYUlT=~j(Xb69aJp1CQV+RXv(|F(s*oa zl)YnpQKu-2#eB6tT$--78dpi%b--e~jh24WV7ux^W#!@oP|-n;HUB&8zaSwfjMo?n zw7~v5*xxJ1{~R9l_Mhy($9PI3hWESn;z>=BhX=znrMq|i&IcTa18^*S<}(ztj$XA6 zOaw&>--D;btOJw|lg@RRrps05<`}Q4^_&DVgDjYyS#Vc?Y)4o0JHW(=C=6Dk`4bh8 zt%ME$-5CDlt8x9t1CUHC6dv$`BpzFT?~){8yJ1Xa6vXaPLeLnSjej8Hk_JHG+_iC= z&zG(cC$(Q%*wgXss={4h(^haB48Y;O4$fkob11qT7bSNh$y$h_m1i|oa9L=rp64BeGcp$5Wi1)Z8_zp*Cf=*}v zBPe6z^`4)80+_-PjxZAeyuf;37#3f6;Ns-w_J`Ap<6GsFD|`+~l9nsLC{l02m};Tu zUL>&zO9*3nBzQF_NQvChEl}hE<0IP$AfbnIsV^eBROW@8Wdi;Jb#U&s9;C=t(Vbdfn87Ebr_3m+jwu-@Qy5ATZ5F0Y_4PQatuF^)Q46oY1BxhT z^l&`JF=q1t;Iih7LJRb7fr6l4GfYqjx@AaPS|HpV1?Bwf3 z^)s%GE|goaSyvURygSvENzl>Z2%@Z1@%7c^(c+2|k_J}A3}4@g zAY?m6LGLoksN=jaN7_(aM?dEkII@NcIsiJaAk?dNz}D+?-BCfUBEOW*X)2;Su!wUK zQ=8tu6*a+@2!Y(u;f&kedJMUL1;$N;Y{dx!TNKUi5IIU_DI^GV|Msfy_g{LwF7S^m zi`D-r8zD7u`mZrlKexB@s0}QG{I{l%{)FZgymowk*Bv}9Nb6c4pWSlia?Y#_t&vSl z;U;(tT&(%NEo&;vaursH1v?3QAbi2=6Y!qRO?$BeVgF z@<~IqkH5&zP=Ib1Y%f9_(ORTRlx;NXbASl*qzj#JX;g-}Cvi)&u|$ijHP#>6!dA_b z>Wnw3R^u7omh{#FJ^3&dDKROqZI=NHr;Q~Po8u3MC1DGOC})nVcrpyz_QY5=z8xhf zL*D%itFS&*gpa^u5r}RA!vIAALF~eqnh{DEfp9g|)L-D+0^70I<%c6`%TP zp!f*SMdd9}G2aqGZtPV6*c&-c%4&qlU08ZZ+Mtwt_dM^(Ja~wCU=|He2Evnp@MIt~ z7zlr23xTh{SF;f;_2IMJ6eon@)5cV=T|Eyq7V2rKmOC@i9Kx8E%xW3gU3^lXdcBo%~x{C*lbGO4f;`bk=E|v?J)rI{6CLNpTt} zK5eWMdtd3H)=51r73*X%+PY1Tb{Ysc!YOpZ5ETfP_!*zTVU$i`zc_7QB^g6EN0*N= zeQPx<^v|VCfue?f-Bnt!!&r<>CA$xuNFPq6q9PJxIl4~ zEMM~(vrve)=mkIrepBGU+Ul3*iiP2kGGbAY@kb?xLapj{-_*-3Qc&%kqKP*X;D4EQE z;&hb4rnr?Ls@3&|>zoUU@9br@l)~$itDjGM7L~wBu*+Z&)d)a&0&pBr~+p7v#rV#`V_`kfq{jYbYM?c-ZyFR(Pz8oH% z+@79ao}HYZT-*$APTyWs5gV}HBq^XTIX4PjU(<$zgZ)YqT!;M}V2>}ZZ_nQzpR|;y zqqkQlyvp$S_^MjvTOQG{8|QM3v}y2o+->TL_A|4^u(Q*Xi<>qqZX$XClm&EaDCfiL zo0F^CpHBYn?7He~U?no}T>vl7hBrUHy*jUgvuv25iws~=ph34lYuEm} z3%WY@X4fSN90%8Z55}UCiq>Me99~~P7>iCo>cnz9yczy5ympK<4Wnp(Cq(+5YW2c4 z*s7aM3chb;ZI`br7|6>6Y}2ZwCYmdHoToy<>a4T2XM&e885bQDcBF|j2P+Der~8<1 z8+hj2#X@+?X!cK^z%!Y_V(RmZYu1?~YkCgubjy{)p`>kD7PtR9)n*6^R_Ck~8;{hJv1^Hk42mQmc|9Ai3DgWQ2 zJWD5dSt-XshL<|)p5bOEaE2>>;B_T`5tM$VOfLfV;v_Fi@ktX=W9NAp7N*`qY%iCs zY|y~1P1655iD+HO5%_XK>zSt z55{lsIP|~jca@B74QT)t=>Ohfubltu`HRD+{Qr;gR5prS8S~1KwB;l?s(9PXCa&y# z{?~}7Ew#oz+`Tx&)(!s;yU}0s)Q|u5B>-8J|M{SIP|p8x_@e(b{vYF6DYw;%fk&I| zY?{sbv{nx5L}lpE5p0bKs}@vuB(G{s@}kUDn-1LS3WLqnlZ<`Mj^LJP8{G*LR zX}H`v{lZ4%FQ<`)Aeu^r>o+1LPA(my>zF{7Q%XK;nmgkqMEIrt3JB{=5Rkj`h%dOjEa;lDbc zfo_o?f%+rNVmQNokj!?~Z}1ruqFlgd@WSu+{T}!%D3Xeb)AAGIL~vGv&)`^HUcrCS zfZ&wbBvong3Z!;E1AC|aGZ-aF1U`fJB4_z~@VWIR$3Vlfv;2Mrlo1?HIK-~Fthmcz zE`9H@0PeUW$$~Bb>vLJ+iV|~clfV(1z8?Jx1&jg#Q%o&>YC>g-FlE?`fPBe;sWKd# zs7Ngs#1;?>MtOTjK)abDSq<=NyuF-+Tpr~&5jbg~U~p1|EhB;i#J6_KWp!R$LzYmg z88gMEi(ivAQ)IOFxa4+=c!h8Xw8hKQ_3h4JcyxXuPKr@+*3TrRuA?GPHsE)cx!}D- zm$>Y`O4gz~-J8kMXIZ<=H@=rhneGMaq@)FJ2)ZYjAy2N?O62ScVnRfj+D+q2G$JHf zUJ(BP#FR!JK_Mn6D5GU0lX7yUz6(7l#y8i8^(c5|cPyyf48+_e)s z)3y3X9cLx+p4htd(gerlhKlACTWT7)F6=2HGZ>=^?kbZFYEvbeKbVXxLLQr^W&U46 zHkBK}*Nos)5W>p}CrANl!z2S4U&}I~`DM&iMvzH+jK|_^Pytx^Bx_0MrhzXg5#OYQ z(`@7zWaWMA0vwoP2?nMZY+apP-)y%9mf<3(5Yp)=fh3dwGu#NsJ_(((i!*^&t`xOS z(iV_Lh*1;=WS%mvGQ+N^z05qiU=)_|FHfCSr6RI*;PRwRtJf=)UBF}>&4O5}UcK}pZtx_XyA;>5Ps?B!s-Q07|X|dzS z4Da_i{%LX#W-y*});k1{SFY|gRM}Kr=Wv7K7fjG=UXvSYN-T;H)iJVGD<=-|Ct3cN z*I+B>x~K!PIO5tP$B8Krw>3tb?r!<)X4%NhJw9Iw121#AjgzS--L!VE@LC@&8F*!fs&#*p+vhJ~R$wQT*@zemVZ*Meq5O z|L;+rl7Bsb3{4U;AAnHuKw)$RKq{g0h6_eBkW5J@pRUP@8D{;xBsT;2=;B*7GOla5>bTXGt>LdJmz z&Sk2Z4ggyOrLzgy7IVs_IC{73cczI+bTruAonSW2MmBAFlrVzOt~>&1J{3kz2M3&3 z4asgMq!cl_OBoD4*yC*%&n7kyQNY{V>wVnYKk(Cd()obq+_)1g&I@)tAlt&OWxY`~9%re;MqBFA?k`_+k`3 zf6;>nFHx}f{KZ~>uh$omW zo)3D5e(zxa#mg7{{=xs-eH#BQp62l{Q^Y*f0Bjup{pY>C=jHhS7yJ8rPvieFo{bIg zf2oYs0I#ED1S60_0%wRJLOUB9`sJ~hi`8aOv4p&6ZilZ+kz5Rl`{u+#Fsbe&<&}3- zPzATrY(2D-yKO_g(&hChk`y779Pv>`2#T5Io1ZiiJCJX#&;(OP<~#Y(_G^&|kP2ha zzQ?q)u_3lg|E~a|!21O#P6iS6v8Jw#vRGYLRQU_#RmuQTaUClm&;ik=S3|qD-w9jU zoDl}{knk4Wu7Yy;`z$NlyxY>ZQj*@*54O^HjY&bw0TzpT7O>v zTH4s}9Bh$a7ILQupcS@D2d5OaMGTY0TCzehy$XNn=)4n z3}-mbMN+&3L;kWx8XeUZfzM^o2JaR>N3{m`A*}S0DPhl~g)PHt zxe34$UY=nXMf2QnkV_GYGBQ%=TF5>rOF z)}i1=eF5?lu)p!?UW6=AiYM`m+uu}{f&ob=m8lHX00(fE#1k-vIO5%{^5r*)KDb&S zT0s&AC}ni_J|Q2X1crQtFaPK17I~5)E^?ag-HqxyZ=4V=nnIP=azl(iPT4VrlQ^NA z+p{D@Kq==up$rETnnLGEh>Fr%{8pCUumpaKtCN%@BcxWIBh&ezSk`gmD$L&$P|7_- zaU1z85u}0rL#)gGDfFB`l;o2JCn|TBJ9wb5>hlNc&;pGRN}F&)GNA_XkpHm?R&lyP zp~SH~f>)f!%Udj0dht=7)|J!Wt{@Dmiu#*oBVYRUh2zk*eX`5ogzj2HFaLC^qGQz} zxrV&jHFy<}3A0@QN|$Q@#^9tG3WJk|>Q>lrBNP#Vn~H)9plJ_-jM)>`VRyJic_9kyb9^i~A*c4~r*yfJRq)6q;ZPU(Tz9}&ov36@- zzAEr084l5|4Da6ENcr5JMG=lCo_wcAVp^XtePaW>P338XXfARGiRP)k;&Wqp<)W5C zy8CAtWxQ8rFwTn8c5EW@L<&g1)UK7R72XorI4>pm4l-l}ZdWbVKEhcVX=R_TvQ|qg z%QVqm(N!Y26OZ}C3hsqOM)(8bUnoM#^s~-*0B)Kl6VnqyptbfFCY|Mau(e)s73dl= z>R1~%D_g#t>(=cGr3v0l?~0-*w`*(gq)B+z4i&dW$_7OlpMlndQtcrh3G3;?#01$P zQ*yr1Q0)o>uvZ5+OGC)eH6xIr$y}UDc_&^0s@|0yLe?cE?c~>C5^?b*NfaR>_T@Fa z-3>{Or*PwZz*gxTfU86dZAouk1E&dP!w5r)sFh(&*ogcSfbyHH-li2guF%VG#N35p zD8kDzq8>}c2t_RLM8ucJrxfwiQ@D0@qb%C;VdWGzd(AlvLoD@EIXHL8{^0h@9Y*)N zsu_|}wM^T!;O<(YT3&?K(M)h60)x$!V|=Zq-vV(HnXKE|qShKvAQuL;2Ir*&p_x$H zIjLm=a_^O!!zv|$mdPO%dzy^d zdyo+DehNwWe#t(g=9&u+-CpUFF0os=64`^PYSxo5SMlqJiT$QZ}*0`0!Tm1guxO4^WArJoM<@c_rHpsHe zH9_*GrWNX=Zb*C9yINvjNTUov*^qwq)t=of-F@|QmXQm@cv*f5K&IOh6 zuwWDe>3M6K0CpCty&d7@XzWVk_rR)??x!dQm~DzKF4Btk@)DL2;duh{o|8N@_C=g1A+7CpJJ{`8UpeQpV;gG&p| zzve}lKHwx?p^t30jzOiA>{S=BeNgJ7JM8vKFU?zF7}M7z$xNQW(_@Sy zMCX*DnP#Fhjl6N&nR~w!q5-#1O_F?|;LQG0dUP0o`SP=%i2*cx-T}y;_%iH* z$~__q?l1&bC)YP%czIgC#iD&M1wxwoML3vF;=7+Ap=!rbafh=(x}Q*dhe;xLgYF=~ zVuwls{4pT_6&z%FcI}hl)ydWE@ZHTD?I_c^wbjs*8yFS=O}w?s9i4MUIL4E6m`Yu+ zh|m(Eqw}U^nq5)_d#Ha_!Bq%gsK+P6+$cB^(A9MtCC^xOOT@0akb6H{_lFel$Xh_l z*vu&L!9_x5!WWxSZiaC#yth%m_ZFe|&678;d7GD|bzmsY_CYP$Xffs9HQIYC?( zqBzutEw$f0pDc9Xg4*(n5WGWj=UHfwAc<*!lT1+;OcNX+Gxc(6d~hR5M>GLA4hRxH z!C(sGK>kY@73p!3*d82Iic5qUi;!-*B4!8BESPcv&T))67sT<|d6I!J0rxO2w8g5H z#j?Fj9-2+~vKYq`2|nTz-wuG`zcMNc%s7S^1&C5e=5pad&@8!=VY)#^qB$55DA+S* zh=9%f_MlC_-lwd}__AL`Vw;@N>ZN93(M)LsXJkeK6n~)50_}#`u`fL`>(yL2E9P*j ztTihL(rf_s4tq1}-3-md&eq=H^K)#kTvc^_rBaR{2dSxF8HWL2rY+YX+oUdIYZY(0 z2{16T=I(|;B?4d;bS`pT$y1Q9is@&)kP2BRK5ctf5{DO@s`WL3J6mB z4hbM{lz1pihG!_rmSaP;B;?Du4_W$6+R`L@Wy0XUR5uapQK0O?sOvt|IEHx3lnQsJ>j3Ms5e%0s32 zwIz(@2Fpq)77mw{ptcw=E5U6!WLARRa?m(ni+QQA99?GE9DcJ=Q(g5w_L!m8;=1DN zvc9#dzuah98vMeMvNXgNqhx8AEl0@Ga9fU!3S1GfZ+TFPBSXjZeS@JPz^D-65L1%L z)S9C#oFG>8T$r7`aMZ9vmWCsprl*>eC(l>|YcMu?a*gRIf!K_zrDcZWp*e@gmmjli zrnANDa;63-W^kesWrZqjj0zefNCd^J%|#U2G}wSOf9t7$AK%6KdBAh{u^k;VIF~U} zAp%(rpg>0fbnbsBYCFpTWyK5CP~3FLu6ED6;q+Wxou*@PCZffh{IISvE}dj4onxu- zj1*7xIL`Pz`PQ*s8EUfP+>$oDcmnea`%HzyW#sCr(^F+nYp zs$zE(B_o|8#N^iAkb&m$#Dkt@rnrOIOJZ+~31uE%@o!NiPC%gl*v_~4i;Zn!Oh%C| z_9Kpvj*L^;saPW2Q-vTZ*;&GKG3HfpOc{cq7$lI&{&G0zEa9;+HW6ozKJf};CwY0& zMp-!0hv(j>s?K|x!1v~qBd3dgH{kynanA4ahH)sMU{*w;!)tShQb6-FZYqDX*#xJ* zMxfvO-#Z}T+V&n(v!%N25F6PDk)lKzHS*YUapTa_*u0s@Q6sKgow8YEe7&G4_elY8 zgh%PGUOM3*a~K`#*qP@2;*QcKFCm+PBk9FY`S1HFB848&o6D4OMif!nP#PsSoe&rz z*&`<(8Hz9J0lQ)(nE+orYNR}^1(t=ghJ!5 zE;XybgnWZ>sadlAkY}nE>9Cz#lzIi09@yzuZriRn*p39lQVROB3&y=CLj_o zwvJDJc=vh-oL>C+b_ZO%y*WKP*#W-{uP#n6UhjaDtE;zHJ79Qra&@xB`KtjOD z`N`Gm?Piom@+J;#>np@6^EJrt>CpBq*y3iGG;$Y!zCx<{Q0Ln%K_|$9uaok&gn1e> zMDAeJ2ovi<6{0)UBev!Qf%A}U`G{?)wC=fq>KpT+$X~fEsA10l>{mbPcFLL?8(^4) zn3-M5VqC&9_QwX~fV2<41AzFuVLc(f`%yA^lTaoG+As`35Me&wPt`lBw{p1Xa)n;- zW#@G*Cqy%{Bh#DI#up_M562)$O~_6&UJJ~^#frgwjA>AhKFJtuPe2h?OB&LN=W8KNSOVx25|p37RkLco5G_L)07OVaT6FUnj*-lx4Q}+Qag}yfFAfAHI7T29 zF@gwlkT1?f)+r7*&Gh?)uT=I9c9 zFt5#=XF>{HmD*zoBUHf<=Igpj;ntAl$)FNwc_Q8gTb&DP5PSxiSQKef=32kdri=HVaixmX&bQMM^toZHCx?vmyqv+OJck}y8R%|d7!pJ&qTm(S{Lb{cNErVLY#tu$ z@3}-FXe$K53v*N}3DU%e8JnV*X-CWY^ECj-m5XVQ2yPlY@6 zdara4sM;>)kXjhSi{cQ491b{9f7I`NZNW5^Ma0oCzLqC;xOiT4+Xtt!G~$bu_cD6+ z5|J4e_kx>yi{9&;26%=eCvzB?W8hZfztszOLB!V(e0i~*_SkqV@kYqw3n~

ai(|JvK$2;)Mk-R~Z#s&2ZixEFpqnlms7cwd?K`=u`c120z~NkMuT0 zTq=c^c za3^U?NRi`&Lp$okAyBm+lP?&{4Npi5a?6|NH)q%G7!wxJ2A{BfbDRp3;*c1D<1r4* zEkE4uL2>9Q)2itAF&-{Q6izMDl%O#p*W!w#Bb-k8;`Wz3wnZm|mUk#^QrSLH4#=uV z1kn>HYfPcEsU(4$1+pBd7J08Zg#jWAkGc7XXesk6jH}6Cr_e0P<<^>Azu@Ssz-@Lq zYFd885fWbeqa1*+GStRc0f8>u4)jlG?u7mU&1*4Ob=o008s<2LO^pDjV~~>M4u>e* z0hg1@B#Gp3woG~vC%G*)y9a)O?H_dY8S=3 zQ#OlsNfz_@*P}GjTkQo#`d2f$OZ+77C`G*Fc8*;8_}wInxlDWE(jba_;$v(4`)pN_4xPnmcj<~Z%tND<*wh@-#Oeu+K^ zs3R%FZlm@L2o&I*akr2pMTE_PSUiS>sMZ+W3#_{)MoXo;5>!ZlniP8_%8_>^rdv@p z?B))8a|T;9uxgA-0(G#7+9}}n7)3K2B$2q(v9fJo?@5VzWjot^7=TUwyVw6e;veM% zvqCc+`vH=sJePbcnnW&KN|OMK*LiLGcp?RGl-yNT1*Y%-Z1Uf|{{IpGSI zQ=nA_LD}%r6O47@TeDNmIkC-dUPUG#E{z@-DtRr4YQBtAXoT`pxCEjPXih=bppzkw zU4yU-2;w@H;X4$~eTUH31>MS)QzBgYCJsusyD+3V)pGCy$_Ro&2iP%f0f%8!QVC`u z`nW0GUn#wY zLh+cXHPn?EkC0YF4WU0uN)3HS$nQFxMwQ5~l1ihB=If==uyB2i6dD!qUnPBpgOaEM6Z_ARg=70{8^mf^^eS?=H#xD4ZruquF8j6m(;bs5w3);59my=D4A<5p(2s1 zMdzXe1%DVpk{Uan~)qa5$lCkQIgN4xQ6R%31{}~dk>h=42ldLX) z+K^yXa`x*aR4oI4N|N^{PLikBb!$kFR|fTz9Iu=luQaf}Wnw(-vs*1Go~!oS65_dl zKO`BR3*N&L;kh6_JPDo)>Yp$H-eK)v_;$(fwCY+l@tw2&`jXx`!9OVBofF~%lifLC zt|8H#6YlRS$=%^s9vI&$zn!x8SITYYsJpJbb`H=F$Z6+*_Mm)r4tNjFW#@qTl*i7U z$4>c3nsV6HWvq>D=g&Pfl`60I0#F^(bf&l_t zWG^}T(OiUKC9(5Z+VU4K=KEZ`8~U2s4o6nA3XXq}{(l`07|mTRyF9tNy?A?ka(jI&OXKA>?diqo&F#^f z)3f8NlZ*Ase2Fb}Jv@US#etR^abmS#10-V*KyG6c+K*#7x&sba^UyTxeE8qD{Kxv+ zqX?~)R8G!$F*{IAo2qk2bDKmTiI#oUiN(=^#>SrEG2%-Q(M&$tL7tROgz_LV!?8-q zY-F|AL_7wVDSJ{T;wiQI?DWTz+ndv`G4T`{(X4<@!wAWoNHuK@O*S+Dbq71zMsXZS zZ+HYLQwb?egU?P+E^cm5kNL!OdVcy9=Alw+Y8!2(aBADfLTyz?s|x9|j!EmphNjs@ zroU=uSDIA2ETHHtf#DA@f^ooY;dj)Sr~HFwz8G7*RHMm^v5LKoe<7G5kk{qdge)Dz8V^UeWGIinK#l#-v6bH3^UZ2&#B|AnSWM!^VL^f=(-qy$3_%a|g z@i-j7duLnfgNDCWf&;nK5IV5z3gxz2o@c;1wo=J{z)OnU2kj*4&zj}H(Nk?Q94y-f zi{x{)EC`Oetui1iP5swPkDw%UnH&i!l>7ri+5hlk?g{1O+q;iTXVzY{;qmw#gcbbgV5=LlNv(NYYS5@b8$Q zK^$+Yre~ECT%~C7vXn{=F)fjD1aUp0aH|uYWq29Evc$WqGcZCE z9E)>O>UgL)l=+?){0IH#V0ZVg+VT0f!CyIbe|uksCr)$no?`jz*wEGu-*6a^oEI2A3N zPKA+OsvlE&8e=vgNtRL>9xV?>3urn-SG?kq!RzpOqN2y0H`-(bt6$cII+B~#AL+gR zL-9uaDcY-k=gm|v>gXN-k|b;=rcn?U<@_8mf&-dDaun)l(i&9X&#A19jPR}m@P%UEE@vN zfHgUl>Em0RNYE`<=}5xjW-db05K`aVIh7dYmS-5;5%x_8p2F?_yy5m*EY}flUxoD) za9<9%ZyIOcF#2A1-HPG&?&|A`zjs4_KmfiQ;DaLY-5?(vg6{_VCyc>=-fnz+vw-|u zx2+hFUjtxmA^A1%9}<&a1M*=(`87Zv9+h7M_;(eS|G0yt5Tw6);Ofd_Wu-8EXXQ1; z={sSs9;ojG_mD_^C%}h>>N|n{X=C-Zdr#$yD_^;qXOb&#bLHzZnT}3o>u6qr%}U64 zooeQdqbQ>ck<-fs7{&hCk{E@f-QF-t2pfR!`!8QCKo%z_^zTIW}p^O$an!mt~sj5Rmr>@+ZC#2m^NjE|R#olazm2NM2+G_bjGS z({`4?5SW;toWeD-of9@v7z!(*0>MkR@LH_au3$VV-Xh(;t!lm3w!zZn1BHI@U}|!1 zda92sZ%_~=S?H;KI^vBnLH96+ZRzl9;yU`s5Q$-QBX{20`P4Pbb!D?}uRQEI(;Iv^i&-vwubxICcEu>tyB*{KKq7i|0J_&FXD3HDAoN41u2H@g z4)+~!G`v0mzq~oQ;1JY(yZ#hX1MM~?_zp*Cg0@Wc9k8iFLN~X;O{ua)$t}gdS=F|| z$=US@=z)`qV@?78dOMmkM8S_&Z_jIhfKXlQuW64H25=0vHg)#S-sTQ4fAskun!lUd z-JBV-63ak-ucZA7h}!_gg_7N~;SVQg-SXEE$;csj8J8>JaJPsfZ)h#1*TZ+OPZnUh z#=lil8{-%V$R=v2C?Dm}D6)Uz_l~Bu>mMTOAi1Go3}V& zY9RxvdZ&}9UcSCP`R~iOS2rhDx5uZ~;uO*G$&bT#XE(R!CpTB8N7shWD!Hmr436}w z+9RmeL&9?{H+D9ON)~UcsJG(6?1Yr8*z+XDEFlYwSyjrc!SEQo=cK*gQQKt{Ko>G_ zU8oPXgtMHWUo%V)1@B9nKkrq@n}ogHI^e5@TC;U$wg~gxJa9k7!PKT13unCw0nrG4 zgi$nt!3UGlIxnwx60$hr>mI7keb9$a zQDpA0>K9_Q_WCdXEWuimvZpYuR$*FNJ>>~Oi~6gooC+(b+M8bW3Za;xU#_WOYLu2W zxPDjRRn>OYM?fuB8!ASsG33b#a8jEBMYvDVOn=&FrmC>5Bd)0l>NkjR>i3+{NBzB* z>x*z|i=zQIf@>lGR}p<#&^a z0(1(A8t#`rAMGgbPmyRbPEEDHfj&18#1S`jRT7SYIA$mYq`avR1Y8UF`Ki>q1&agg zigXKi^&q6hTFMdvCrDiT;b7yn{0xrr3rK8M+O_4SA%C@B{ms-+)=$^#x+-DELWL8)vier%8y%q) z8yg)ftRiPkA(-MPV@DMNCcxHv6Cv?_2fV*f5diWw6FWu5dvohsHL#+Jvm8#LA`R4C zGlUJm;lci%v#JS>aFDFOEg4R=R5XOSU&4xns8U%9Fc7=xqdaneuO|z9#;Udm~qzGbPc$;S8Re+T_Fk0oG1h$3{CC~anPC1vN|z?(3HBFm=>Df zazXTH!3X--epAfB#)c!_pu$8)tU;BXd0>r}jXYvTozGRG!&PFCN5uef2}>+jCQ}4M zxwWGDf1P5Zr(AEIWW-DEV-KgE%9PTvw2=2Ep^t{QF@K9gj}T;Qyw0vONjdq81*%t%9gNZBgL znd!Izw;62puG@_ba3M#562ju#8{6NCGjQQkc~Mn>+2l2H0u!3_L4Qp(ln}OUZ1Dm+)q3_XPtO{k7_k}rz%{Gf+bkqf+SN8T-Mx5wb8_vok8A}TyxaBi165e4l$g>31v9oYhR;;zkKQ37(i3VA)z=2gkz9b6gpB|`>0NH zNcARbNS8+_oyS7g$Q!#2%;XM{dx9B5vCyA`j(ttHpf(PoEJUEo-zKro(n#J}=o1u& zh;+eLhywnc`H(t z)g66ALB^Nlf+gJU2v`Irh{+P3mq#3Z`ULzdBqYMWFmJzn0bax>F288B=p1aX%GCrp zLw(pnnoHs|zw)Qcd=oZlHf8)}OR5+Kf4vxj=QIWh z3FSVL@+#_7p7~XA>im#OXttv=%J4$FNy?1JNGCiSCsBxq&*@bgoCPCCK~pl)5gs5H z99u8TJdnF0@3q*G_vy54C6dKHZ>mL&a$vNlL?&-(gI<=@IJt0(UE42TIu;L9N;heZ zAU;}2l1)sa#XAh8ZNht1iF(1E@#TxodTDl5!109)x|J3PAKp0T5=Hb1XCNE+=~F)3 z3NxR|D%Ax(`0~ZC6DXhF1^nZ)ilXc&>S4gtc2!hxMU;$Pt{=t;xrZba=j(Q5)>B97 z*p%QIBy*X{U20xl!4t-yU7oM&6-ar310Q?gNYpFV-DI;NPv z^gRMy;B&?DYnCuE!blb?*2(}VaQXK7=JnOd_3h>G`udl*SI4iOZP_YC1t+u`z74%) z{>t~HW#0iW0so>&oI*Bz)&1m$klDpO-SjVA@L8l{dVT;rFGN8SqU{GV=}L^b)~vcZ zxjcV;^}Aw})EX_Aq|-gKL=H0(GflGc*wk~ZY`bnEFK3gjCO^?wf1E{8Y$(-v6g`j3 zfaftb2Oj2sA)&-xZC;=|L^fMa2{I<470X0yjOLby;=5Pf%h!2#RYbijppM1p-qO0u zx%k`$TXDjGyG&sbw9Ogd$u-@p?s6P^B|@)-k%3}vYk~ji=M6{UJH}>RcmH)d zGMVYM$bVjRVqmJB4V4AHbR4YK=X!fg#?=?btK4F>=3_aR`D(&etY{kJVv5~D z46=;+Ce1W|r~dfT-L8;u`S$9jM8qoSX^H|dYy>{N*YTxmyu~dCq@d5zOkJ01(qsIY zVj>^K&rECn=%ZHHnFYzR_c9u#OQuOal~-#q_yGY3#^@f*aGWtKc%`s6BsT&00Mqwu z`9`(=BDOk(FIb3`TyBER!t8$6b_sLeRtRhc=&JP+o<$uW&qpCCedoTQ+-}C!_ZWBZOu2>#!sCO{JA!JDMLJjtY z^1?xJm58|J8#vK5M3raSvj15E#YucZNJ1zWypnz)PXT|Xb}>SIRa~`*X68a}l+qrn zEvJwZwyhiUjGFZcN3`T}rb@LbXfDeeyaJXV?I$$v+R%N?nJ(x`Qo042x?_x@uu#Rb zs^osRCJw#=Fim-vJH9oMUI8grnr)j#3Z)k{u(SqTZ{tdYd&ObUMyh1?@AXNPfVW7R zM4@JOJML#(#A#9ZYe`X&WCx?`b-}C3g5%BJ6+V(>Kym$~-L-88ZQN-$##?x%ew_PGn>x_kTzv5dqzWk`xho@|gK}u=XiS@%McOpdeO7!8?R5kG zJvH6F&}0n_w!y8TnaARQK9Jz_`D|d_DMc5xuY6K{VH;Ds?3UF~{-^K?)s0SkTFzwmMBpvkbP6xB8R+-6 zU7b`xqqZAb6y07;+#a92g~I!|B(<|-)xA**heRGUtnam4Vvr~pxl8(YIYLta6<(o)3kyyZ1mNpn5Tu2W7P} z(0cO9$H3F<^=-z$Qmc(c^&UEXx!{+zwWG|}o4_7S&^o5D2NBUcfc2?4owE8!WVJYl za{I$?8o%0sb#&f!`SI1)t`+N27vH^{lgk8Zvqa_QYHuRvk!w#%#stb#xMOb}8CJS> zD16fwkG%{mATBGK2HIOfYSd#cj;*ABngA`-8+DaeS!>FmxE0*Tj0;^q_X2gn7E7b{(4IML86~0% zrE@t_mZxDM_=TtXjH|0|yg#JDYiO;zsSj;u5 z+_)86_CW3LXw!1j+#k7N%bNNsQNA3V@~;_8m$3JbYzX#tquX!@ip5RoHU>kv?z8P` zhZbRZg(^!~46ASxePk#OQMd-So+wb9y^Fbu3Z<7~YN=`qp6VKp!dx}guF6koY_$#w;A^JhCf^wHM_eqvlt7m2wqT{K;;9C%Q4)0o z21kHlgnyF)s5yC^Uw67HFB_Hsbv&_Vl}`^y;=BNSC2z&DV|I0^lgG8%NSqve%S)TP z-Z~|1nNh2yEX^7BP+_aGuu0Gy>{yqO)q`GLz|M|`mtchBu=P%F6vFgrclV(Y_?(N2 zWAAw>pZ89B-y-JTF5P-*vv@nw23y*Iv_5^c&DmwqH?B|Ck8-(@wt}C7V|?;*JnD!m ztvQ!-Z@3^Va&9cD(}cD)zEvF?Doe!*ZjFV_TB%JBTlrU8vy?;Q589+Q3JRtvNm7C# zmC|S%NCkU|qS+lHN69RO1cC0~UiJM0ueSsK+V@|0y)N*N zUyHqF{cgdBUBdMLEsY?*w9o(WQrw7g zr%}|g6{Mevw2mLPGf1ChBr0fQ6D6|YzeiQEfd0Yj^)KH35# zs{yg{Kdc0xkVL~Rlf18RB<{Ba8WzB@n8MVAF+-HX36fW=2fW}I;%MPqT28{M@jp}W z90^qIFFIkPc~>_gi+Ds%aQY^pOq>WPtYp>#zn}ot3iWdGW(3y{S|x>)p`s^x0N3NW z$84Hp%zD|ab{;SIuLQ@S`#*8lD(YEx0+_P8GB6tUf8w8qXYWp~!Oz39)8paI>D!CJ z|HNGHno6IAlr7e(KxM8}x0H)Zq%9xPn<4P*zh&n8sg@6JAaRpt#7(Dof(T$!7=!-a zOL4>YE{b;be-^s0vbTlchCmE7{+%NJ0+ zX5X7ab2*LYQN)1VZ{kuD*Y}LzSAxvJ?(S@U%YWTcMD7sjx{C9*zUqd-EA$caCFlR_ zgu$zXOx%S9FJ5(n_?0*`C75tZd&?>OH$MzZ+c093F~a|k?hu*FOeSj@ zRB94$HL_~rBU29IhSN8Uy;&Yvd(65OyyUSfTJXf znVim@ol5LtZsD*>yYYjq39CijcS*`S38%si(ZxlUikp;@xHU(Ms!I{Pvg)eg)T@4d zIX91lye$y7Ys9R}QUK(le}_pT9eI}HjvL$*n4McamKJYfG^P8pn?RBF?*GUaVZ5|` zUE0=PLG>b++aFKQPPU8Qlg2yNmfitVL4zu3tGJIUqb!+;0Z;WUKB2rcvBRs}iWY|= zIdScTx~P=XN_Tnnz$T!;M16??=yEFYSl$uK8z^jM zO!E>#$K0G<103t=r?LkpkRif;)BrxWpzuFwbMD^79r6LqSLqaSwZ*sWmk%}pmHilZ z-~6Q7`k?;#3C$m`i;jk?4V&S&9XJ8388_`gIKuXH4;&3m2efCb2^HtvT-`FO4IN*^ zbXn{sa&6#0l;^HcY0U&B(^Q8{KPX~)Wszf1%UR8CcVnT2Qpe{kE?dh?RYmc$w8PM0 z1PB4KI9#JC=t50V>>|+6Aq&OUm6)=$@$-Ppl(lyzIr{TkpO11MVtCLwr=`wCEQg{3 zeqkiRk|-7g4Km-0r)it((3kpF6b4T ze{EKF0Y^Ja+f->V<<@CoSJ+Unve#p5 znRDya^SqAZ%K3${#>G%#Ync5zjz;|Kg(8cU7I2=BC;+st;oYvIMrpPh(uQ%IFnM3D zECuryZayqYs*PX)y%x1>o}vMGo5Ei+)X`lz!f|LWAr^hw6fT+{;P5%F(enco2jDaK zHA@&Odq2Llus=POr>*{1(Ux9*Vyyinut@*+_R9Ky|6uRMlm35<$KkYAU0v~5>-Tc= z@Lc7;uA3xGUhLNMgqb%Wd@kdg}Adj~jRDun}Yg@5uma4s6-8+0(irOss zJDf!ede5P#pY-&<)6-V}tFsHKJd3g10$_pu=hlAN{(rImWdA?PQ__#cBRAGUKq~c% z!totj?{kHtgr)s49--x%r-!;55S~^NzpJT>rYPVYm?q&hicr83G7v4AK^9EUOgGi_ zl2xqOQP1;3lQ2#F57`Kj7%?P{PX);=O=1+YffYN~0RYGRCzTXzfMFCR_W;MEB#T8F zm>313f#SOd#F5v5*>RCC2H@~uf3H*6YO;6cOH$2IoO~1~f~~92#w3{)0hidLADc~u z51=@*8is=xL|Cw*%SeX0%VKRBL$$rrKLCZjBqO^y+td8wWf~Beq6J+4zW?&YlP&US zPuuxlhv}@a{9CyGJLvD1*MED@51!`#$9U?4mWpA)uBfC^ex>bI*MbkqzqBShpm}nU zNkpIQg|*oWS_Ujh8i3E)KCDwph8C05!nddR7SC*A)?)cwv~Cw-HeTqV}am~RR?cbkC8KDH2$ zDfn-_ZMCHS4@F$a48_ZY0X6IY!+!t8UfKRX>_5f-Jjzq@;guCaVCS~6I=|w@lZyV> zlvpY{z^L@HMt@v|u9QTyibij;Mx%;GU#!rdW}7v8Ce_JX=d@5hzYGBVHcm_}nr^|& z(hxFq%?M;@GFODEza)oCdw%YE&0COe)H57kAsEiDQIN!;>fq8#7iXRI3i$LCqd0A8 z4gRdE3SQc|_S&k0dXAU*9^&;7L@4M zBeTNG;^ZJwn_Xs+x}l?fXt}vDO(+{i7*b@h!g{$DR@g|E=0hFja6HB_W^=0t)tj}@ zY{0i9IHJfwi4jgN4UOcfDpHVHPY=oRL zyk_bwh!3VPPD0e0JdqTtnLZnyB+lpMKv$ffUR?MCnk%WPp2u|*mnG|(*HYR!T)j(` zm$l!nMd}M^);3gG5+PF7x7N$GkZvPc8|5j%3BhcB6hTULE;BW5%AZ^ld_(<~6i^go z0)lLj9dsb8l?q5+CNo@dR+S2Zt~mkqSzAUcv5Lw}Z^Izq2BM2V`@7+kzEpo}aWKPn z9WGv=o=!dpkK`FKQ*O`P9FVmhQc^3?rM8rcZB0zIxW5Rf{&#)pG#Zq zK?-)+ELEq-z614%3MzZ_g5~H}umxCh%?OSsV5`1$6`?0tJf!a^B4B$PbYaGlZaG^t z0Kqi5kAZgu-s2E>+53U`_cizof{Xz#1YOVt-gxi*a)cLW_6jnG7fp-Yb!{uYd>K^h zl^Z>#uSt@n;LDdK364V-y|W|)&wITlNp++%DGBM<@5#mLY#|cRHCUXwt-n`oRJE6# zgtVujE#7ixNyz71z0vZ(mAZ()d(Td#Q0nO!uX+jDbYP8ECm`9~ZDG}k;BwPhQ74y5 zKm5WD3-k&$zy=s*A8~{snS(nh(_N)Wnu)RE$`fWc{^5DyoUm3&7wZJ{b&|#^?NXU# z%Tnf?F&q7z%g>Tly@gZbipEwu4Ygn*XtumsX^9f~A%>GUp$rG-Nr>EJYh&O+L#>2J z!K_`z)hSxnC1w)R`bjP!SccR!a2=A#1D7`?EF9n(_$|P!nNl0{8rW>_x3^(+&2|MI zqhKCH=uMJ*C^gx9TT8o3m>$Z3%1adAxebCJPH!%T=cl*FCqKM({{^nEQ z&`w5jMC#&Oj`lda9E!I2jcy_3nPh$DBf)NvMAU5b0H9>X^6%T%*w@=9`F*%`qnmvt zDVdrGyC-9@aj7a43WY+U>f+*b5XQP}f9hXdoDDwpJH37y_U~g}#-=FmoS)F5hsMia z%U;T5M6zryE8wDBqs4J_m0txp6VLN8AQ*ZMEU`q&$s~dIkFEAko%55y`Nc^m6;}bV z3dryr?Sbc5s4#P%V=q(x`u6SXS5Z-&xzaSNZ{HfGN;6(1J(&IR>sK$2_P%~Cflt3T zXn*Xqf0EppxipK_EfwkZlV%n_ALl$cHH~nXW(T2>g626_T zFSAF=NxKND2V4)~Uu7493Y#1vyuxw_(LHHhwSH{%Gw7dUOQ13{&I#mj1X=VjvS7T< zdF#j1&L9k>pEgpsk1P`CGfwyDA5t)o(Q*W5b^J z`-ARz_v%CM;?re+(EV_J(d%R?Wy?_bjCFm?CzQ+s)}8o-A{BFdHJFl$lz`;Cb(TG4 z#hdU$ZolcF-&fy$*V=WL!^)??u`Ro<)qahgw{>#XJzs-qB-LB)4Ew8ajdo0`#4!ru zb=gH`VOft`;($E#fu$^)#1UPALyWF;(K;FY*g9>Ux4Y*hPT$K~Q#9MB1iC*$5Bd)F zCzW|6-Z~%nlWso=eP?iSKKP~Ay(+C_diH=9{x1}-Dy2hOei*bb&d)pTtM0{l_P$X} zOpi?3(L?4UC2JXqj~D%`+=X8XgfI_TWn9Hp262nzT^4-wyf>)DP;3pLa{q<+S_0 zGq~#J2%N-VYfYYvgwS<8bSje|765qK?VMi?x+g+3b{`|5O^E!+0Ms>Tk7-%{Z8*^LAdVa$Gj72Ij{qY#)$T1CdD=mra7n96o|w@J!kSt`|G6W zyD6jn)cMCI21|1e%A24>VDS=EX{`-rD}yRItF^Qsl3}1b{>{&D`J!qAcZsp?OWq`A zUmGr;w~CQU6FiOyRFQf@^D}&4^Lt&H>QM%nIFRZXxiW<5-KIjB2+;#h_dBPZ_7ym+gTL;(=w{!ad)_MID!~DpkXMN= z*A!TZ-qx2`i4Hd*vJzdcDYJU9-f|b?=A>3)(Crpmj6=%jL5|R}YizNy5JO}WYcJN} znkz5X*ZS)&*4-vnU97`3*IeJ~D~FRdx87m{-q&hd5>t%Kse@Qjrs$vZq7p=HH}-(! zUd>VFF^R05Sl0#5NNh{gT4pt|pxsel360#3?Xyf*C>>@?zWCGfCkGvuIM;|akk9EN zAlT;(HBQs5f=V8!S?AnLXm#MZ)qqZETN3ojo(@G9^+L*x6vPQ9hHC7U;R&%Jn3nt+ z*8(oTw@OS@b{29;8)BPtU0xc;>R0Y78+jPbgrU$o~-Mucsj3zuT~^h6y&X1;rWlDcM7%Qc?Z~?r7ur{}10R z#s5A!c>DTE{y#)XR~N-JI}}0X-e=2nl>l=8=5T~KH1hqDxF?v=c_5^~k8^iYF*|rD z&7Xw%qZH;Ql5aLM&9L9Pf!GsgF4f%rB{i^QYO6dF*$v^BPd-cx82c@A$ds0`L31O6 zSI?kVF*Nwbcd&}`zii5%SSgbKM{k$&zrKC>B>x|x=rxqDXSd~65ZVK?75%(KKTop% zcPaZ*v-!jgbY&kB8*`<0WBd0_%JYDwviz5Ef;KAuUmYDL?LS9vU%!2l{|`|z#JHU0 zCpo^R9M8OTR`lH4Wftyh;}b`cjcSh)L!eSR@J&Olg65-f)uZkO>{!bkDXodoVe(c zP;LN3I)(Zbh2t@HQexnm_Ng`Fj}p_smIN*fcOGr}(s{85{fW6z%lew?1X~X`QH?I1kJC;CA|wF!MqEocJlLJ<&w#0Y&tz#wAMx~wnd+R~}uBEj8AO5~y?$XyP1^WNd>%-Rx{r}bBll|vmN<#FdIB_Yz zrFOcbVN@-{6EUg~Og@fatef4$t#U?Zo4Hwzby+O|zF}Q1N;B=NhXnCaa&~cU#NqpTnGR{4qu`DJuE|bA@1n&orlrhUA^SGS~ zR@nc=$;)?*W2<>$h*7?0*kZ()_=og<+;ztc}dg+OD*jy*j~RPn-6? z+onx!5T#h=-?;~IALHs=;2yVZFH=^K|5HM)Srr%HqWhm$FW)BQ|J#FuH&62aArl60{Y)ZKnD~x7$-rKO+)eg>_24Q)i5LvLmV^+K$M~{nA<-EI6z~FJ^MGG%zcJ< zO?3rMWOgQ|qEpJ>&==%@mw)}!Vf5Flzy9gSG&m*D1*dpKA;tRHOfx;!hKENUnV9$* z*_Esvqp+?%GP0=wC(5%pp8G1GtNeo5z(==(fZ`dXivdN@UF__Fui=9piuj!R1372! z4#S_FIi<+wi?F3nT=cH~d`FEum>?eev|G<^Iwg#YrpTER@I19=a0lS+HTdDHT$R{;?2iekFE=}FQtKI1q_02!8q2Hptq$J3Gs)AID5aqP5wa;ziPJCx z#8(i;P))5kwxX`em3x>HV@iHFN_-gO*aE*)YqI~hQ}8Ekr^(4%nz3H3y$Sg@;i8Rx z9;nBG1D~zA69CBQyHu3+k0h z)c+5UUOnmm4^i^%KY4EeGip8XJHV%d#qaB2vDSOQEXI9$6PQ_6kpDBpDRx++v@dXh z{D1lOD0%Ln$l~A7gFT7tNMz^x;F{Uls1I&hr@tQ` z+)Ni-gLbAXZqgGlwLzYzYkGsog|M{CYqF#2uCHlKRLK*xppl&_T8&nXaK#R^nZ4!v z?N6f&G+ z%aFGmeIsYtB5&EOmW5uk>A-HW_iVJYt)|GXp#N2l0a0}RfBSMN{=?g+_zw?LavZT9 zI0i&QJABd#ALl_nD;7kYv8u#_C~8^Ov2caB5XG&xA~wVto4^Y4zj6$SBLDw`*U9t$ z%QtVI{Qn-L6vclC|GL*05KprIcOm;zV?o$2ObX{;-|wrm$9c*0w|X z>VL+gRICDEYN(2(bK6oZ;ryr=(SSukF+ei1aLJB)vei?}jeqa5(*7^c#*Hb0u7_B$ zB2aYxd-?ih(*FPI_0#$9LCXDE_YHe&WHW!-pzpyN9-6h{X5Vw-qe>6*tsJkFp58yO zf$V!PwXH0x%m0m?{|;ZjNjd*L`Tsmfxi|U$bcV}`0~JL=Neu+GlrhipM31$&1NkAH zejj_&(@u1MWp(*KBR=MYme>Z0{D0oOT6+Kc^5F1E{y#)X@&8Qv0A<{bp6U6|a23+* zf&EF-AruiQ9QKo2jP7LJohHLiCIPAFm<7<$W|Q#GysP7kwlVSkw9h@_qtN}`*_2~S zGk&7on$BEVgJd{%C7_Nalq%1g$aiJ3)o`y4vi(X50LDH?^agqn80MEUi*>p65>_QA z$DuGlS1MC=)HwEY8GthSSrICVBo|_TV&(F(eq3`^l^C^BqOU5bsh@jk2rhlPA2gRC zsEBO1Q}mZ5%Q>{tdNw5E^pJ-jL(Ox0gLyco^i}jf4mldnJ%)HW8$iDP_x8=(qon`O zt2a;Y{~xBDA=G0FJPSIYv^62`4^krZ8G=uzCRCK$WfnD$kAk>_JSqnbgPGW z{j1PRJ@U{+zkzxWDObHzW?Swe^q-}~6Pw&8S;KN=Ov?F*j#eC6&-yeu!lpG1l(gN1)5L_2+q$1 zQ8&R73YUctik&NSE$JRFDPoAru9UE>+gwx6LgDbhmQ!+Va(oX^TD@)rQlGe}G?=1t z2{`RO6_EO6$~9V)ZE%einxk0RCaQK8sufm*=)1pU=(2y^*vg0vwb5nGiHB%XQd>W6 z3(cXPiRp^BA9IR9TN}vqz2?w^^2Ph3FAe2(gc733ZTrYnDMcjI5`l&_%yCoG*!A?qYuf-~?cw&w_miQO@>X#N%OEHa+z{(O6R+{RVab zCw)$_KLI=07%r`9I`>=b6GIg2?t(g;b5f6ED?yx+TOTxfV2EANm=BNTe?Ndb;LJH_ zxS$T|pfNrgRtG+=_ACvUF5n!)f&ENuzI{7RZ<{2*n0=sR9)NG(Rsi02(_o(w7rZ$* z$m8Dl5@{pKf0AlKyu16K-C`MDI0&eRqofM+!=q)SmS;T`kn%8;9XB~)s^>Ey&slOo zD-lKEZ9^~s9%Bb`#1gYT6HPB6pB`JQIJF~-0ZR6l$Bq?_w*jIIGmd-*g|b*a7Z?AR z@}}G3O*;&8#tZO_+U>L5U2E%Hor|2UR*AH20ZHr-54t^+fHVQ*82fISW}q<>LMz}? za0nVR_$BF7P;q}0)pD*fLH2mts3>4bfs4fVmryQPCJ z_el|xu}4_EUHEfq4#2!_Hony)WF3fa2j$tXn!z}((r3tZ3cK-YRqdehE215TKo2no zZ498@%*&;`B2r(>oerH}A487`H6&FdQY@|_i_ zStDAOh{)1VIflt@h4>4Xl-yt!xw_rPLQ*W@l;*(0kOAX8_Oi*ZXL=C*qt);Ka?v{( zyzicN(&wd~WeL(@e)jWXX4IDuNHe(>!zkOR^R+0~XmOkyG-Mh7Wvgw*&r4MK)bC`k%ZhxKzic+aVjJeHH5uyu_^6QXtFTc; z?$L)rZ5%CTg%il(2r{H(RT1${eq4j=?4k0wuEYZP+v(u+;=|zMMPKZ?8BCRKCW3Pp z^QK289|_}9Un$zD;$yZi&d)pTtM0{lf2CpD#P?OIDpqmilWu?A!A~%AipS4!S27)) zVjo>nG{#>_0)N^)?+h+`o%h|puLQX@U^Uh$fy@=2p??v->^xj`&pQA6;(Rr(3&+|l z7Qv(?{(DL$C6KuM(E4=Jy%NY&$H5wD?KNxxGHAE1T5AH-h8%j?aHRmyKJ9kSuLft` z^TAoC-*0{Btgx;e4y6%5$^*SeFVVqvHP6nslAA7A{w;B{|3Mq0g zDe?$(!?bqQ7xxT)v4vAH@Mo>RuPP1`V{K|Nn14onpJH)JFTsjti;EB%oOaK;S5>ge z8h%sgxg(*uRYy*!i(;Q#3%T^cH-#E^f}aoypoeb|>n=UY%tY;~eL484)46P&c7N{l z2i^0lPVeW|X%)oMhrS=g++uw>1*wxPy}1lRV#v)RqdHEp2$eymeevnM65lP4xhZVq zBefaw`O<6KOl103t*g$N*fWF{aPg@UCQIXOOzcgjBiKVTa)aJukH_xCGEuqw@bSmi zpw~IO__-sFW>=kFB@v!7=-LWF=e+gfX=iYCnhi;4LR%nK2X&vM`^8%Rew8=E3}?X% zn6FOzQnBsy2K`R&=T2|X?p}V(BW8IN0*c0n_7S~7w2gyl4v{k;Yj=8AIS21bu3;&M z){Ieq>ilC!dU2{QatP-tS(VugU!LU_zmb z6cIXKIPw`Lei83$V3cIL>V4{84O*w!xMs< zwxQQUi?q9ar_dL@wxIiw2TfM9Ej>`9%Dd#BkCkQ-8d*C?+$M3-0 z=h(}(|ulq;KCE;tK}fzBS`j(k_XbX7cora*0KFU^s(iee7P9*D9ZP!b=CfWhwQs2|H$P*! zKuSwf=jTo({a-Dm6i*C(k})Ic?!K1da)f{9Uk9W!q0>Z)^gc~wbcQv>&q zHUYM{*wT2RMzJ*ZDu=AZ*hR;zsu95wE@4oks$WZNBkH z;JMy$h?=PulQk}$s89WlBvOI;mwI(yYWR|Biw0qE*}D3e35R(x7H1txf!J>b6G6uu z*bHE4-op9R&RS=x-`EXLKC&mRtJaULe)ScdGSbHE0Sn*JI*HJ>OPm|dKb;Nw|2S`d z>|LB+eCiK+oy*g1yOk}K*?c50EA+J41&13$OM0nx{F|TQvRz<9USqK#N_vlFV1oRc zWua6Kx%S!elsP7kc&aG#b6&6J_q^6DD5%n?W18j%oaqJJ03(=qKcjwbASdP5A98laNnmAz z`SuM2>^BcIZb9Qysr}T_Uo80m8tz(G@BlQX;PB{e^PqXqJOm8~)cc*&PWuWR)_;g0 zD1#9|?*w^p(HF{`n;Fk2K0hf9lS~>QiiumP*I1Kee_W~7l{$>KN%qL*j)NGxno`83 z#BJ7D$yU{zx95zL*{R)O-pbjSJ9o;k>$-Ml`Fn3p&`<|2tGR$MvA?yf>|J)D0aAt zqVJ`!Fb&G1V_BZ12~qq{)7@ViH6a|`QQx6B;H-UCSS1TNwaOYY9tTrZbFgxWbB$;N z`J66fmVt&Eq#8y=ux1%?G9hj#^Ui93r?jmMe#z?#i<46A@uh;pmcATHsFW3S$g zg|o>8chg}K;=N7@xn?DpJpEBRklXo4)yb+-V5I!nlI{0tFOH3~j?wsQdcKI9cyIAM zBcRN)W!+`lGFllgX%Uy5L{!$=z zV;uG1?;u0ra!;3Psr|2aqn2~evn&U}@+HrI9{%O+gI@9&8mxE2Gvz$^fOwLp1GRl7 ze@#h0rAm=qARXAXtODs>u4)rV?`;i>KzfI3*#pwMEMX0JK=Yh|aoy{H2jBQ3XDnV+L{gLl08ywMHjxeI0l@~QT9wfrl@pb((*NM*^U@* zDIk5WH?#$}`P&@PMMDVS`W~oj(`<|vWLCxcuPZF|Vmpd`NrPSFBu+XTG6jWQuatsH zNeD|gl(KEz2OhERSHdM0sw&HvRa$-&%8t-8GA>#3&iiK6_F3YDpMpz~J+o+dJJg%q z#cJ{1fbp9aOZ6BWynX#TN%bwiu_|+0wZfDpqMpUaFP`Oly4b38sa1q^@x#qd43N@T zSHB^ubUUPeh$F>98(T@#y2}8qgI|tzRZg=ifz;}T#;Odu&h=!utI73wvm1wToyjXm zf|HYBqQtCG^xGU$GN>`%beX&=~q1I(fpw^QWH8km9bCL-r)x9KE%eHC8{ z%J^s}m>z?#In+$qkkhhQq<;H?8OQ#l?LjMk+yNyYs@#Aep1v=<03$CL-CD$wRJa*H}vM3erGL zE*fjR)U2DU3H%D zp9aGkHx(FApLk>hz38L*JLU9Y%~rMi?`8A<>-2O`r>85G_urKK{Qn0BZ;#$4^8dd) zc=h@z|Nlc2Yct$2T$Y~pa5pZ!Q}Pu`xeWvSvtVK3AA_62+BNpwW6+OPuG!Mtq~=at zH)ZntFCT<5vn_^8<*{U{SJ=tO9ZHn;kcS{c&2#g!Eksul0%g}f_sn62Ra^YU>;LHJ z&0%8wA054Y`LzBYq7*yD7UKl*t3ullO|?3TcS(D zhAqhpEm9T<8xG}`@LyH-XGrr?*)&#VJ?X7GED+oY(fyb<8omh7F}R+O5cLs9tci&b z`86}Qjt~XX`%rL2Q?kw-7`=Igd?&8Q%kz9#mGYvx(tFI*{Ru5ntFElxK9z!!zyCL< z$eZDbPbgYrj3WL2_2KLI{(t!PY5#wq@(f%;E;ehKc1TUNvfYj5*mJQz0ReQb;RLZ} z?HRb5Vg}eeknV?oO_ApTaVP~d$ek(nCwqV*4|05iq>qX9JM`V!GvK3%x+vKRWZ-w? zDjV2;>^8xL?=1lFWlI4P2oMDx_EEFeJn0YmoKOG@LG->$jI@j|6jIoDU?M0K_2DKN>5xlOwX!2Q5 zd-4C(o`Ihs#bnMv_oTyW&47}BB8S(S*hO$()uZH}k5M+|um4`Bb#m5e&fK-e$X)+O zZ;xKRO0NGmuU6J}uUPZ9L^bkVHUo;?Fsr~l)mSE~(&Lx=c` zc&PSV5O@YC3W%6IpwR*bIK^j8{j<%2rYZIrhn@#!i-tZ)ffU+Ip%_&H(e*hc?p)5H zUL>EzDoN${NRQqZqZy9YgEH_rn%=1W?d`37FD5CgrtM=3KrVUP{HoXe@zYiJ{6ll*N>-Ljye;8MF!INiqWdL9 z@-~lQj+j_W){uwI!=pdf8mgC<&BNw_rjo=^aG{u3*?q01f0aMQ#!+*jh$AtDz|4j` zk`ANk86JOc4*2BbRP3$@n43@gF7gmpylw+;37}LwbhAbyn9~WeU{a&ETo((*gPyn8 z6KBeyePv;;Wz-Y2p;$o-aWTikYlMQ~9$1h$U{f;pTrh+FTyz60NH2eGGd<;y!WrU- zGV$j#@Il@;fWZ3s4oCw;ez^lDNZp$Yk#`^E4#-n4xU1cPMqvSEDy>z_2oj*7x~FN% z7lb`D!Hmej1803H9&oN{+AQxuB3#mI+b!?3y~yv#?i zBQ{`)#YQ(wYg`4g0)UL?O)5aSN)| zCHg3Ut`tC*;l!l@R5Wv{TG{z41<*-2acKY*&0M07^#C%SA4(z#faLx{#=v|r5{MHq zcS&u<(1m3|n;2j>6(G-rL34zCH@F=x!GC(vx&-25`c&C%HztQLn;7VNRz_ zTGzY9Qzj2WP3X?B|0ymR?|?cbftL7~vB1)rm!?(`K$mgJm;fk!fu%Ly1VCw%76O!< zv5l1oAg#F}AJIyx+x_coIlwDr&iW-^t-F7HuENlY2?Rr5X!cstWcr-SQv(t6!Ld}p z4KIRJcZJA_bmta}V+zF5?@}u4_8}>sWer=zDLXWyqyTIKE2@o=!88yq#3{}eat$sNKw=?XTOS;wZw4W zO=Y{6vaAQjzLqle6)08SJBb%%u>AlLtg^1LY134-cD%FPjGq7mYCV z8;1uC`ue3l%%@Q(iUGI^4~fbkf%Exngs3?4>iV`F;n9^lFg(hUDG3VA0~d1C=M-`@SzIlGl+}3$KFL~u z>1xR<8K$|3ZPLJff8`Dgdqlc*D7+FT#sr0?gz=V#Aw${gOq|QYqh&x`AQ}OvT0I0x z8!nahG9iaj?Vs@;BcB#!m9cE1kFZpf)D#mLs@a2#om=L%SdW*)1*RsDFNg0LiF+-} z=DgU~6doFnv5)yes+eiwI_~};cu2PZfo#$QUFq+w?4wrark-(?YJ!&Mkz3>{lO;O_ zLq^7Y2nYqkDU2L0?zdE@kk4^0m6j>wbKH2mWV$mWmZFePToflylP5Q{7=@(&X@WXH zGVYp6uL%Bj%rB?NlhGFqlHk5j#6#67c9}&VMTII9UY*ner^PqTVVGQ{>-ZO4MoN22!ki z9Jjty;~|?u?XxT%YMXG#O8t4%^r>nevMCgQrDOM~V;cV+$g>)SbP9#+Ro0PI(TN`t zm(!bf)4cDp!YZ@#rl#I?*c4LfVUlzTH@7A@Cv+w~#OKTe*crwq;&Is+v5$E>bl=UA zLyAJ8uI=mlSb3?UeMl!<$+yBP3hBC!o=DXw6h2vLdU%Gje9*4s3la0UMb!)s`j6y9 zAC;=!F@{1Wrgz$2rYI!8BiEwU<0Miw3Z>>QUAlAC7PMI92SDYXN;L~wVZzj*=&`GQ z2d?-4m`=baIOs7F?G6lI9<0biv4n=hsK-nB`=cj~F4D%hB8B2v8lyKpSL*lQ35o8& z@O61Fz5I;2=E?bc^*i8U`pCyjqdPEsvnqv>nK=!G`s(-J4~4SK_^G>nTE^p~?}y&Y z;*}o&m-{Kz_Ojw6%fsBg>@gCpnjFeY8EwS`THebZBWZN0wwL8*!49L9r0r#omqcsv zQ0iuuwU<3s8dclN3i6(73Z?I5kC;Lg_Oi4D>C1Pn#yiHUeD8SNU#a$bswgkJ^8Lu( z%N`@qs>z}3Jo9!0mz2HiF_K1?YI|8u@_g&$nzolcUJ|XrL+Qt|%)RWf(r67HN(@7|)N-ealyic|gbGH11= zQ^?%6T5DR!DCNsIjO3dR0hqV+AGlPO)P^|kar$O2J*-s117+UjM0v=>f)XeelD>#z z>>-%|0zp@9b&x53OYzFOS5jn@Y7`0smJ2$K(`l4Kp)k9P4*Tty@X^B{?8l1DA(I9#2n0hj=hk*nVuq@LKfrn5-BSlVYvfC6Iw9sYo?^mK6|85=rJEYR@uu=a?c)V6nb2; zIbK%bp;IzBMK>rzRNoo0cw_=RQ4j2#bbkEwVGnfA-(T#3^NXu)yR!#=Y4y&#=O6Y! zr`Nma?Sa;5r+2jn+P&@-AQW`YI=v5D@J#3q3>Cx`DAZO-3AMp~`Myk3Nar=Qa~Nvl zKiI*(vGZ>M4f0FXTWNuN4{4-ZoTFKgaEM)^5JeV^pl;n>nfj}M|rK)L+A%#vbb25muL?JTg>=Dyw6$%BDmiX@}NsXVYC={oN zpoX$Q$P~1yy>+DB=2A^#Oj4)~IrI{Qx&xHkt$OTonjwd%FO*KaX+ri8*ipk zNEsWoq!{)QP&xk}0=*5CRaTitCPJV77xB|~d-E|y8lg@z4rjq5QWj;YMj^RW+)Ii) z0^L(QqLAX`eZ(E;%UXg{WL9*~)B`&*s6~UJ08$xNz{8Ahx4x+ETqlw>_Q3KHHc6ow z{F0*ynI6r(Jttg6XfO>P4699+)$Yq8GM(ZX=1EDdDP+^eEI8A{;}O*rZ>2|{7@~Rf zDWZ_cD)wjyRFOj534TH-fF8arlwexKT_}$ld;2Fs5XtPqTyR2sRz!kGJf^ze4PoZhr8OthgVKwN#C2p)L7Ql&%yC zMG+~jU|x^5RO2Bhmo}zH>%Q!FK&7g3=;H|HvrvLU%G3zwe2RQ-?(iQK-PYitj6i59 zS@{!z(c%P>5r*#-$Ms5ONsW9LxdP=(s~hO(TG`8O2L^$vBE#lm9}sFsZ;Yz$HbHk5 zco;D-R8g@m5uIVi#91bM1bCluu2!c|=~#LeolN`3w9cwgNbKP5s4w%`X1S@}ffFo` ztB}fc->MBzNpQD$Ic1b;@rPm*%9KM19x}AyL_0tM$iWy>#=(e?tyj3$;Gqn+^LRYQ zM^2vVCs&VUJ(0G0)NiG)PWymUI38mMuz3&=s-BS{-)(3u;4#=AtKBFH3I!C65$z*- zgJ>HE)8xtH4*U|myPGrR(a2==ADASYBU=I05%L|x0EMc>6e@RFMZq7ofo|3A?FEG# zL^&P{KYD?ong0*=* z^G&^V@G|nn%3fkDqx%=uR1kZfiZ00Rc6lo$MbjKRORoChtrREDUlRsBPnspNSlDT zr$z8*03Q&S-3Qp^foF)`UE8B8MfKljAmshzqQH6%IG#*n+L2k@Y|T8t2Em@aQ3W?0l&40t;ztu zwK=EC0Iv@Z8LqpgpQ|Y{;StF=iZ8;6hIf5f(|}Kn^qA1+TfR?tUdsHK=|h}hVbtOt zzz%^gK8#RIWNvK_GIpNzEc%kTz|;hesCsWeTfi5aK8V{IkHu14NULD_0o>eA2&(Ja zAduCYpsPYy0X&WrCS6AcYm=2)o=0wx3xqC!*fAI~GUh`-C>Ty*YFw1E!22BMA`l1O z=eY3z7~Gl9Il%kGMRCZRd=a2wD)6FmlJr1SzX#~cP(B6tYqUrb!3JL18|0OzbcEy1 zv>fCW%Zk7&x(xGySCvBeOOn1C@WqFbaDcpi40nDnO6EZVc=;RXo`j}$4Y71gUNDYk_W}Ij!NIb66E}Tm4Y8j+1tH}l zo59i?+z0T5l+Og7&ixkq#1I{VJ0Sj>Liqd4oLPqQTbm)ZjI`O>Jq<<^;x-;zOXGDlD7h0n717$^y0&y zeQ|!?XH{3;unl9bPh0c-ksPv{JW9{!#{#piS(qrgU#7Vw>R&pU(5Ugv%H@9PEgEW`8p zA%0Cir(u9!L2K3Kp4|_!qVdLV1Lrdt3u}r!m!hovI&qhkfC_1Tja)5-8r`mbrVav1 zga(IL6LdMi3_y>Cu29aL($e>CWhg&`UoNA!YgzpW;Ae3afsBCzh3*oQJ=j-kz!AhS zsDylV*82NE{G$v*m0}w)%2|GJ)=c1+1!q3+?T_8l6Ny5xG%XGMDIOznSjt?m0(f!E z0#Pmo>6(S;4Es8(aL7S%!0{MhuGLH(1~QJzY4?3+aMewU(eewn>v||Hj%fk#ZWuEk zKr;_1z%uMRDu9Cr8Q1xuLJUs3o%5?f_e6-(?pfDJ&r-l!L0GfMUxM;-NiHt|?Ko$J z2r^kVLfAw8NlZa0m6)MZ0^J{>2YmtKJn+>hzhc~`%|l)i_^l18R7Rf{z{5Ew zACQma+uT%@xGk+;fFW<(V0hvqR|Pq;qV_aFTPcm+0ubL@80;9h?3}F--={3_TN$dU z%qF$9QIyK^{8k1yssjAh#U82x{MLm9$_8FV?UAqEs>SSCGfqz;;!cS`J8K5lNi94>&n5PtGD7 zN7#4WRIS{Mh<$hCBL=rcBd%aq&K{9@gj^>ahGQcNs;WAh!I3#6$O;IdAIn1O2&In% zm1J1vh}>g6^qY{QDd$2lqErl~$hihGaEUaTmDyf1NAwx%`j}5BnFmZgg_x`0HF`vy z++K$~se~gXgzx#xbKGGlZqE>>*kNl#N&7xw(n^-BXlnXvwU}z(C#YJ_&B2!5W)olzkSF)4{Agxg?Gz0-#-xdE7L9eq=wcc}C-7P)r z%17@$AABvNn)?1L1=X#623E3^NU5-l>XtnkD_JU_y0uTtN|p+1b!#7_l`L8B*7VnG zRJZ8)TFH{-kF39Dqq;?p-Aa}$zj6IF8`Uj(8dtL1f#I8#P~D=3bR|ocXSDtr-)y$@ z*}~>BfXNP!dl(hCw(PL1qr;h4**M+)n|2ko(q;N6(sQ1J}xX-DoEh1eTrDJ zR5_Y&>%+y8rNUa>+Gma>O9ctMwT~i8mQ`nUo1RdXEUV7yHa)m3S*l229guw~a$l^w z0<)R!%tUvWasBQMxg>1Ewl`-S(e7pb^;C$e0D5DnR&xzmtK5O%e;)qjZ8_tpLe(cO zy39bg5LFq)?(*UAi@{cymMw{@lg$OyXH~Nl=w9A4qAQ{5Szhua+H zNzrd}Oc6`Dz*a9SRNpH-&8>8m979!lH3ZN>aktfrK(lZ79o$Z_Gqush4A6P#VERy{ z`etKL#Xd*$26~BG^N-{fjODGPd{Ds&U=D==3YYB8oFOn;nDi-oU<_5jh7ojRN|J~s zKbT7EJ+NLIRfT~*o<_z|&6i-N8B-&w&$pWZdDXH8s%cT1@4$(g2Pt!Ir;z`^R4frZ z1`9F=W8!(_7PJXP7k!(lyFTO4^W=Z&+{9m)avreb{rw5%)A^|BklDWRD08Nea<Z(d@Di#^wZ0$1MW`xIVU^Yd1c=TsW0JSla2j6GYdG7Vx2iAiiq5>*trSnF4N$4yqut@9$m5iaGA@@A*YR;`)eu$u$(N8y9j2tcn|;QQq5N8zTKWukArR6YHo2 zX3(F@)MPX0!wGUD2H<8JhrSDBi%JmXJUg`@Vw_MoK{9pIP+zMhhVQE?puJYkrqU3} zTyB?;PmQmTSZ4v`Q@NRHXxO3vMC|jPrldq&FqUd zL{Q$-oDtX94NrBhYxM!l#24|mWGoHgiZuFM?;+^Q@Fo|&gX(hASe`ZfFBFr8%d@5! zMpRsR$`nL@`H=DkbeTqR(_A)0>n1JB51e7sD1KlQO1=6a%D-g4z+Z-Uhfgt6IgfG_ z{p^F5k?7hW3p!r{!lXs2sw%!2=^mHl<#h1Pi1BzYYO0Da4)4HE^AVyx;wW)7xMSVf z?SbKWcuPen7}_y_hP#OizSz*&7kM#z`N~&xcVPJX)yvqUsN##YRIE+)Dnnb+Ha2wj z?T?C|1V+}S4j#uTk6D7iD-RvNjgh8oDudUlAQ+G$0CmnbDbWoWn8l+!C5E=N?AXxR z*Ly-RaJjcww|4s3eEE`tb@s(fl=Vo3iBTG)7+)s1qc^4ECdDsMVnZ_|71`Eu$}|}_ zh*Ki>OBzC8)LbwjdtuIXA)o@{iq%EQ+;La|xc zIhJAe#m(|1OfEkcazuM*>lBwVv|KYC z&2iz@cS8IhxVafHbFFgv$$*$;!V|@nT(P;CgRl&J7;b7>_Y#~lY&00+;2JI7$!+xW zUii;nhXB&aTwdI80)|uM&14i;=y}5?cuy!mU*Ih8&|a-J91b1gGvcAzb70p5vqgg< z4?%{&f7b+DYQ#vLYnm_$@4|Qrs^YTd*O)>vQmrNwPB|0tC!(T1QGtzM zAam4;+4+GPmD8cfMLx&SV|#$jg)YOwFv?7<)G*M;o}Q48$eT66mEAXs^=@|x;8;v$ zl*4xqxX43Xt=S;bl}z^Noy(uut}=a(7V7vbaTU~~sG*bVV!j6y;Zjf=&9TQD*atEQ zGiIDZj&B4xh$mxGhB3pNwOY%QEG{Z|i#-6rKU!y}GAND?l^zC!m!}4mxYC@=)#OHM z7;vC3P7{HWOJc{t9x_a3xLG2!4r`7z9L)usdBtq_?3s@37G|CIUDLbz!9^Tmk0~|t zbB`!kf9`|sY&Pdo+Hg2wzlQe;E^$~>4=HaKqU_E4Q*ztjWPk3vh%yePn3o+kL>~>S z=5DQ~;>$8li9hicfFiL{kngG}>SBIz3JVw>2+BC`ifLsJ z^1hKXJHfT!L0RoaECAx0Xvi`ge^_r1Fg)>PR1x1m%_QGD6ic|l&D`@5g(K`?E_hU) zLYitGKS^LxkFI*yTJ4I6L#L3viDeW*rY@m;OYH3FHL-~Gp1?%ePAv(JBXe*h;i2#D z6B_HsGC41`w$0gLCr!{pV`a4zRX;1ryTp-ufx3peHY#Av+1l>`$cHDViy;blYmd>6J@9xAttzIXetk-u%dGxkhwHM$XoL! zXn|Yh95KdU)U0D>$HyC5dtyBGy&zu3SCfBV%Pr7V0iLw@10&>-+dXiL#0Du&(?c{1 z_~Hc9VPvS`Q}Fum=xlT>g{2UEwP>*88UQvl$4XL4Bl0jt`&^${Z!MJsn4rqh)a`FhSzEh@Zv>y z?0oU!SRMZLZe+AgA<}_9m^7r!tQm^g?GU<*a0KL2qm# z9Lk=X@_Z9JZ@;rn#8TNHglP@MKJ7In8s>DJgN0N8MZF)G48P9-l;Q2A{}|<9N7Og{ z>^8wa$o&8PpZ}{Yc+hA(LVP;vAZDtXG4>R0WX_p5Hdx5*32j3kS_HkMEuedO9GV2u zu#fBog~;1S%`5_#^POizpO{oKca1the_+6~57ucg#ShiFa7kutx&NFq9=qcq<7LH6 zadbei&ug_7i)6g?sS!$}Py7ZYgvUHjv{H(Mt_i93xsn5l4#=(84W~FTyGDvWCEN!LO=LBG}^ZjUz9%+x5MUGsdW?|V!Oj2H;FR3J;G5x?&q?f=}ur|R* za*J*RFG*sL5fpMh(mRA)mimk5*<-t63&EqgJT^52aiORas-=6j${$8f)g0o>%e%IH zcUKIlN#r8uRH-Ln$UW@KS3hDE$gQYZtNnw_CB4;YRPPC~QAZ0QxYfeRxq=ku8hP~7 zyr-xxq?5L6Dx|JX`?cCBg48#H@pI&bcXiqqGcy(E3#F?3y0iaZe|!f54|1`&52T6z zkAKbIZtbH1@%I&o4em*$)P$t0)nb7cwQ_G_%^2w@=S5IJX+@#VB15|kZS6vx2Ba&V zTHab`Y|5(%<>DhgSWT=fQ!)MxCj=k5@lA`BgjzLw+_yjSyzTyjB2aEig~qz+jwnrs?BVp10BX8Qom)j z@fjQ7Fpl2aEudE4-_Ve;x1d&lUsmuYnpxR}d6?S9hIvy3_yObDejDPRwUHhwti+ z|4uGO`8m64aQm(<>zUv51ih=1`8!GR2D#4ZBYSe*)x|9Qx0(iBTN3+Soy|x32aCY( z>Moi=->oZ+?p$WT^2kK2fThF>n(o$7CXjc7+H@vVX6U-ARqM=_Y{*s9s8~fBfe1&( z;4%^p*mu0SD|(jpB?e|62TNmq)3*@ViJ0ASy?vYB5d zgXsuHe}xGIq-92W#W*HheXS;s{nBQlZABg<(M~D0MCsFx|D`qVDe+JurGV(x+Um>+ zH_E}kXV0pbww^>G(TzRNX(=1_Vh5zWZ^7i_2(}Xyk|!)h#&|7j_fY$aLnuWoAim@j zMZcwMZ)S!6=On3ZNrMp&TS=RMw)e`B<-MmSlctMklDZa}wOZE?t@Ua!%m9&hl6%tG z)sYI2m_v0M3?Gw(Fz&EjZI7lai@6g5pG9%^0->m}HSwOUuX3A@rh ze+!i{T%Q{(rnhEenPL)c6`xwQ6WaUd`w8d_ySq=Y9LxR?%siz#xHkyu_Dis@mSo1cyFe4OFcvz4{j z-kyjUV^`;E&DPy8kp_TZOc9$ZJG1W~bsO^8m`p83lxQib@oS#ry74;I?vj>1uf*W4 zHahCb6GYVqJ!uKn@0zUSAUGRZXVydtOza`5e4=CY8GvG0c88GBCEEl1zlbA~>`%)=>EoDd( zS}0Rf#zbh?7jxE8YbP<2d&{)YJ8)Y6yVBD@D;?@|I3j!sWFE)y-0LHGNDL?nklKld zwyzkWX2Tg885e@K2i&lcGFnSi9dRPrVJHO^d0(SO?cWAAZb&>ix&!?7cT(ug>Lm{F{`QiW#I~c z7IF^uCk@!}(QU&lRb{g;->C#D-l14D4Yj}4D5c=oZSD)r~1hNC$k@xzg5lkm2?lm9>WhgyOS+T)U*#@cAP9TTU>f??Mi(p8tn=yQ>u4J69+GC_eIeaU;nAu{8pY>K5%B}^U0M`Ci}J&6{RL7_Yc8* zYNGAARkg}aKwj--dP$A%7B2RdAT+0~D389rq0rlSxE7>}Z@(&0%U4~$u<+`}weEj3 z`jc%*l`n1zOI`-w&TFq8I3BT~R^6Lu>)o%Lf+73BRCawCJj zbv2_e2c>9O2rWY01<7-@^md5uR9G{7&jo#TF0{uno#(unAXKtY-a8Nd7+C5S&{IkI zL&x)!%QJQU32$2zsHKm;E2wJQH>@h$^_{U-$4Oq2^R{;7@qizfVd5x zxM=^G8BLldq0e!{{30~vlxsKpTwyLKDH2qPjilVc0^)}F?5V%(A=Jr1CS?z?j+UIh z-~1fD(I&H*jditW+^V&~7bCW7T+XhdElvw7Ie`Ijjc2b+PQk^wz6?MXrQhG=dwGwnJ6bV?H(YXj>6MC*KY{=%6X_T!Hl<6^4OY`h%rG29efh$Ulm)A!A;fJ`rLtg0sc+ z?0bODJ!HHupnS0mZZShz$AvNy$UHE90Meom&X!Ex?#?MP#_B5q-ZWn|4{Ei(m6cZ6 zUCrK*Vu%z{BE#Y{T1d)i-k1UDD=NXL%cga0kR>$S8;nz1^x+l?fiNRC$kisT@!VJW zmpvg~#dn$aSHPyWEaPm=qRj3KK@hpDn0h|xctU&UQ}y~C_{!CH0mg_s(}* zK*K1_jU%+^X}^#?4T&@|a-oG8`xW|aj&GnRHgelF(N@spDz%(|rO`Cnd&K!mj_DmQ>eaF*H*-sX|*~Pu2We{V*oH`$QuKSCXj|=&XBBg zaoViaUcC54CgRnA-y*r`ap}Emxz)yq@IPO?sMQ+a(pXXT&ssQRX5%Y3W(WiPv#N6p zZVrcF#|Q~QhS5TqA!VZ@iQY>?d#fWcvu0lrT63(=qvbwj)0ff$xZ4DuKO$;vt@1XQ zO_g@WNq~itrqmUALkt6~k!p-F^4#4}(;DZf29o6?xQ0NsZPps#jNG8esJ4i;m6BAN zBQ+Zdol>ot7lwgeNE)c$Y7NkmFBVLsDD|Mk>Rpj(xCfwV=n?1og}S@K%-Vppz0|OV zbS)44ku1k*>oz40rR=!Ykhi!N^9sC~QbqmH(Z@zY!7_ymj1bc14depo1yeXep~t%q zAefRF5fF>PZ{b2oc71(d?rI`FVS=UGVqv(*D8I?QUQ0PW!-|>p?WDPvwDcUiZsc8U zE)e{1$20nlUZ+YqSI$xX4;+l4qh6FK^{o7m(UTT%bEMaWG3J{0G?7ssvUqEkASQ-4 z0@AF0=r05pM_@!)#HQQyW1*(jr~sSg!5t??pfo2MbA%`3F?KNYRJDxrRN7j-IU3x& z9L(@UpQN6J|7^?|YB-RIBZXR(`jgmO#pD?rH~}{=1+#ooZ|ObkUo*uEnF=_ci@g(i zY@Z@Vyc;Cd?j!lXFXd%GBLYOt^S;$z8B9{Dk32HjS2a*W;GmTKo1+FN`kycN!~ODg z^GNKME%|uEe)FI-O0Xj<>`Hm6FPL3Q626n z4@4v6mH^f*N@@NL^VC7nc^ggwIqd|E+GOtYcZXTEG>+0}0WlsGPoOW9M z&fvUt)*0?LEvX{4aCwF?lQw5a#ai<`I%-h3=YM}vDSx{v++HY9B;X!&^wCyKi zV;do9chKrGMKWZ({VGBq%ov#|mm9O;>ocRWJ1MJ{-YY%gPs~rl#=)?uu(A|LOLrr^WJp-sYX+}!9Rrls)^FN!1YrH4EkA;=K#3MnVV3vq|lKQOu?#|Mm4O;Rj ztTbQM%9^4Z#lE_xo{|XvM@AWiO!!voihx(mgXWi7?PM;oh1wVirqFl8ZO^n;5?Y>O z8H$c>G6;pkm4P7;i%g$wUpBv3wWNiZYc7o~kw{j&RI;MATqmxE9F|f;VjVnYWkizY zo|F;U_oLZ0AB{5dxXAj*m61q*92sT9_QsS>QI)(eWeekSDddbkLrL@@sGH}2brszL z1_33|nMQl4w}^Z40t$U~z((p_%uu&9j^uJg;6gML=U>QFh8uG#N0I-WXx0Sp1#x_G z3xr^kHn8|`>HX@*j4C3B%!?ddNmF!#sCIoEp((tjk=Rk=*Tr70veQfR9_f-%XQ+xPSG$pMwu3VUYxhuWxo0Lf;A@Ts>@+&esM zerbLghMQos)&QN>sAjqvq>99b?FD_n*x-@mepN;UD2$h1k1rXzh=C zMB0ASQXmDCa59>Yt$#M0S_Ax(5nujef(TO||0(`*p(ouojM`&)dY#zj@hGy-PZD(x)abER;2p>@0Srr0>x)ZYJ{jf5(-*52|pTTQH&E0JxUJ>4Rc*Al*SZR!dgM))NuU^Uj9vmDb|9fz7^!5*juMS_n zeEsI|&8s(mI5;|Zd35*(aIkS~Q_5T%F#d3`_E<^e9!VL`Jx}P<7y5zMF_4bO-y5u_ z@<63<{j0^_h=TE{hg5+(DlHI-*8l65$@Ty8&C$!J_5Tp%8Ms1>haoSqr-IFC{}y?3 z6g?A=ktl`Ery`EdL6|5-4zDF5w*~GW+at<N@ghc*>T}hiW+tVCT!`jq2C;W+#lHAo79=&GqfqK2R!#k-hYZh-C_x3{;kgHMew0(1;K zHGj36#58|zhJ7j)t!wP(+2_TNTEsrOY+LS$=7mGvJ!@7*6n z&kmbBD3S&R>;KK0qon@#>h00N)B1mi^7ZTf3vh#H$MWJ+od0Bi;h7+dGeyVX#s0T% zwVJ3_>mfd;K7fFcF$eauP~alP55xzxuV2kI1E?#`XLr1`3r7%50_ibNk$WOz*!7($ za_1iQCtVe%Q~lief*cv0SE#`apc*0HK_-T{Oaj*V5>S;Theff)8{ir(j=|Tjpm~iJ z;M+GVfD6&t*M&lD{jAVDjzxMASWy|(x2ccgv7W>@VhC^tew!1Hl3zu0d%*~h@bNRKL)M#2AB9EbXuZmx)^r~9Kde!vKp}iD= z)|2}E#4Gyp^AQj?ArBog3y6<=9?pe~19&EwR%N8BgXYgl8Bcx@t))Xz9Xu~RPZkIU z?dKs7;P_n_Rij=9&FDi|cL@lqiNt9aECaf_XpX2Z7PVP;GC`GD?N;K4XvkwZxjV_Z zkPTUL79+2w;x4!YK2|Yj4iDnXR5P?sIM|U1CoH1vCaZ#gVxNye9R@)&9^WEtbPWE; z>Ne$ZkH;KmIjttqXOulnA{ZdOjE7d z(;?5#P0i(=ISGhICX1hhxQ!FUL=&&Lk8N%>#&)&uvl^pq@8MQs^$oU>zUnr&=Kf-{ zV(A69{&GuMY%4Cc(hDsyGefFYeAZhMKDY;##_HO4VQ z9O?U`Xp_U^a39sN^z6lz{Al-KSInu^u&T-RZ2fIE$Y$Gy^QWkF)AV8n$n4o()OwW7 zj8N)m!c~etN&<=@7ymXFcP4_Fd3g}19I)kPOjnM2i_IHDvl~R)WEMb*K>fcCn@5L@ zgZlEmpUnl$-LONscZ0eba{uOVgg88`$BCL%x4tn-X}5z)R7zymElaGoYtt$U`&^D* z8c^&{n%94kI>9DM=TPGRlZ;9d&D4HK-WmyItsJRL)y$h)p5Jk0XnrPAj zESV-W99w$JQZzwdq&dufKKu2n+(oir0N=iW5ptkRdh-9X_pRM+<4S`2S-%2Hrzcjf zNn5t#p7D%lH=X3(>(kwd*G?yAx6|8(L`XtR5o~~zqua^;_B|*(2);y7mLHjGen?~z zk3v-es45hyWXmR$ryTbcQI3SBERE5B90UhChNR9H??F;z2ofhTGG_viNf*FFE=e(OK` z_5XhT?b+9_Pdv0;Ko9zYQg)GoTeY@t%65Q#mT_Ab{eMmSj|$big73$FYq$R#3=S*) zAA`L|`_G*`tJ!~G`Fc0yESpSqWSmk&NEKpHS>^Na*ZS-ml1ahsdKHjLl?!^kUj&|z zV|8o+KK8H|y_Oy9?V;n7icK{yB=o_00O=b@08Lt3Gkp6IOw0*Rr$Nf>J>|VU4|yuw zw*B!2&xnUS2)YSXR8fC#&&#)t3WS5(f^g6Q!hwab0*aob`oedRhYGJi;ttE&;cF;T zMM1xK#3lE-bK^H?I#ls8ggP)P_lA6=mpC7pngRMr0>H*jX}SG4Y5F+qr8{y_RRORS z>(LZlLw3Y;%GtG9{AIryO61$@-)?_rI{l13TxneG+fbU@_RFY(W4KR@#&B#`#e#cs zf#a~Ie&y)rRQ#gv^1JrOCjg_y>G28jKE~$W`UQG@e*X6S7%n8kd^E`;bp`=CD#g_Z z&Q(0>JbZm6#JkC6?KO9LqGhGROYdWh%1@qYj?77nu!_k`+?(<{h(%!`m&pt-Bm?Ml z9x5!%!o0mA2?WcnrnVnNn9jsT!2WB-A@zqFf>@{hvta;m+8hJ5QxbyRt$gslVm}|U z3iy^Ty1b^0SYwFal`84e(?YQ-Lw-SHOrwW&p7r>2d)AcyRHTW`$bW~2&&&5e5BHuw z-v7Rnr-S_GDE(69H}OW0_9Uo?ADTztKM!rIG^rl^c@8ndjJeRrKk1aH(#TV%cSfXW z+Kr1nSUHW82^A?{NSR6QfPw8ZFrVDQCM0HUaT_nwR!H%rR7$>aR5jOTT7QtK&n8t1 z1|s7MQXRrcLyg8$N9Q*kml|`e8Dr#qCw9LR$KVK4C|1S`47=Gb0xg+lmQ-BDqNJJY z6~v%Jr@#<)%qkHp06-NTYwOvZWUILS0He%cAH)XV=l@i2f3GP4eO;rnQ1` zBi{~on!oM$bFMC)QLn<{1*jY$(|IqM62OxdX&*}T!OUFG4$f=tC`@}U4o+k#^(5+ zNF@@xxt*jqYFU$Y? zhmY}J?&Rs>|MxeY^a!HR${9goxg~)ChvpG!BchI*a1^-?f-lZaodB@8>9@K^Y2MPk z*wsYGThW$K{Z;>^znw9j=HK*RW&7lrV~up$w1&t4c2~s45C+~PPt+yN*xlN)A6t9( zG)@BqujCSgwi(x9Ir}!-uBsNG)6{0>O*xK*jeVQvfr5}bDkdUC*D>Z!tnHzQaS0}k zQ!*hHQ|Bv*IM>ekPDe+UpUvT#nbuaEU~#hnv_c%K7deN&$0sePvvpo5x%--h^)l$vQ1*!vw@@gA!St0)}30e3Klr8H)`rEOM&r#DLLWyk4RRrZ!I~B-N zr1UC%n0o-V02Dk~HL6U5G){}H_49Azh~f0;u>9S02drA{@QY-znw@gFR(Gb(%u_DK z0Da;u*8wRqzFQDz`9SjB) z`EPIkG5*(`JRR)6jw~lq9EX^P>iVB(Tp~1^nBr<8RgoogMqi|~8;{V@0sN%1i)=impONQRWjY1q zO9&mSBSr$45@zGgsgnLcM6*1#0xYC$1JD~v_0Y@zPI$$EsNY5r{Q{{t@Q5JqFCOxK z_tqa2wul>NQM5pRWH_Q@N&i;KQx#;c{RLYhVuQ_q6Kf-&oWIG{=A$e!bvX zUU#m@Vx?sVB23+2)lm_ut_b)sdXG!X-7GCvWKn-5=#67@kcG^O0ae>4I8f7aschi* zM8$Y5Ox&7zQw%&;nK{K8MYpDEi?YX`agrEEVaM}I!g7LW9Fot=YCW+)H#<+YPB+s; z`)sq9xEM#Aq@0pDfh4eWjBvyW4i`FKPq@;o%&$x-tGeUfQMmAC)TZJrM4rB}6uvLU zj4R)v8`RvZ+xPm&i%2|4ryd&Y0S%d?A)F%?wYb9Xr4A%|@>e((`307Jswnx?#uh-= zHW8%7F%?LpOtSm3xln4kW-_P<)-Ixu4|nSRLpAoF#n#HplDX+){7P$v34yK|@*R%FGuuJUS%t$c!#`f=pK(8)uLwPZxw6gLwRUi}c`CJ_dy@;ZpXbO6;_wnNg z2OG%ypC0<6QkHY{eAUKt84sj9jfuQOVakbVHXcW$cJkE+$*c@qBI->xtAMwp$$GcJ zf^eF+EZgh|cda*cj1o@flx4!%#r2Fd5-Nz(VioyRm28tr?@c7!u!vwr>)+Mpw9()- zkI#*tb?yHt<9I?ga{ps6I4Z|~ezgDJ)zkg{w|htNLa_k?pWoV5RrAS67RWCd+VC7B zQg4fM3aok=ywp{$>gW#uBN%<0#)HDgnw#5YYmUAYSgGbl@h|pxvb@q#6Dh2q)mp}9 zo%{i2;6jmp$*g2{R=140^zhO9=(+bS-QB*et`aZmA!{7X;}ZYyo;BD1{L1GFJ3!0& zzjw4(iT`mlIDB0H@8apS{>LHVIvskZ12L84FhRi>Y=| zTEQ#!`+07-$XC8JiOd)GQh8nW0Jq9^Ft?_S|BYu+zrOYZx>vmB{8xst&G`Qw?p5ah z!S@G`_kZu?=`jD*Wj-3KIIxt(U_75lE!*h4+NR&U0w})Grp5_L^}JuMY@48m`YqJ) z&C3v;YibCbr0d`=iobzUdcz}K%QPqweJAsM9+Ajg;k ze4Ei}VJ8>ARkR`Vhu*D#Lb@z8!vo zJZmN6zb&SzX?v=i+B@y|)i8%%qFjeLnNxDD95dpSa(yVu#^~vH;;FVFA{rx;uS^}q zH-iK$j+DznDYxujoy8mFp2i)e}6RGrHj9Lf>Yoy;P} zbxCclgee4v{t=2)n6M4NO#Gv+As9!kIbJ(HeFcLHz)HPYx^`t`&L;iex?)O`SY6wMJHvMkjB-#LpShzyM<%fx=mF1q|XJXsR{ z^PI7C**ag_nrkz~afr69Wx_K~haPeQdiHfpv2ygzFY1K$uQU#k=kt#r!@oTFBBpr% z`O&eb!i{}+asKA?&EJmEc|Lj+l9Y^65~6J>k~@JzzkWTIZ)BOTU;8^q3mdVGeXRoe zsDtcifjE)FByp&2KH)i|VHMjt=S2dEHy{EviRYBFSh-Dub7pe{YKz_eA$cdlEoiT21aKCl*QYxoephF0}!yua!^Qv>Umn)hTb&0vw&Wn7{)K(Ca(cdW+S zxJRyvTu1vXxxUxvGI$r(f_r1hE3l31y#uh(2e=t71+SF9K8?>O|Qp)x{aHGMYwD#2Vi8 z+5pQ9T-9&&ZiS60&}+DGmPIK|D(P@cyEUGRt}9^ay4BJH=iO($7ujbTQOp-;oW)8^ z(k5$2WkM&@)Y#G(FJ0(ax^}hB1amQb$!c^Dt3oT-1iwuhWg;}HMTLURs*z>^Us70ySKr;`w96bT$ZWT$yx-z{(JQN@bUcjPM)>w zKa$|De)tzoCjY*9Bar5%hhqeCN84-(QefZE7UXtyO9r7Tdb=5fbp4GOgobf_rqHsz+V30ijyFS$VEu{taC+sX|d4 zoko#EsZMO>k|}40qJ5&Ki!wo$AiJyc&{FPOi2}FlNVI%p56P^to?IW25e-1PM$C(?YnNE3)v}*f-ynZCs66aUf`rPV8f#4I!WljWyI}k1DOw zjl0J35fml+k__GuG_|&r(~rZRic=s3PHQb4eaAIv6sdl1maX$%0 z=aS<8l5!l9%{zc9c6u<@UjV1s@C%=BX7g1&+>W`og3Q$nv#Q!^HrYns%t9kqWFdkC z%9a{}pmUhhe~|D!;iAEYS7^+s63kT{PsKrPwqmDJ1mz2~UCNPG8i!Zs&CzeIRjok& zs2!TI9X1)h;q3BT!D3x7qso#X6Q;;1G5d2Y#O19x$m zZS1(SQ=Z%Vw{N{}vqh;zblHAfzwmdnK-IT#L-kBG`XKF2YFAUS;*B<@M!zzq!7QUU z$6HjiHYRB_Z|%)wR&`vOEl2&!DH&bmSv~>Z06(<&R2Ym3C9|1DTFptct>psrpC@Q= z*k73vwW7rh_`kM2_ws^Mz%1&;Eo!@iT-8_mo!1~=$qsbb|26lHGPKJ@43)mFu6uXJ z+LWLVSx^42`fNb|celb?D?nTP-=l-Qvj5lN{`Zgi|6M%msQ+3SmSsTAACju3uOxRU z4^#dni^qF=kXN`Y4BB)b@XBk_^sTRh7M}dQJuN^t^fuURZv)%gD#Bos45$*G)Z(UY z2-V~#B{HDI5d+L9>rEW*raGZb%8ZNxP{$M96pbC(C0O8DRETqyt9lLAlw9Cww5HVe z>m=^pT|K~>&i~ZbzbdB3rhy4@itD>*c8gd+;?FlRl`AH&wy}aL)isxYg@*%6=thl6 zXUAHSM1Q&TWx32Gn_4>C+sD*67Oxzlu60Tl5{$WWvh(wC(%kK&DJdb9)=Qc1ZBa;o z;f&8QBg+vcpqq@F^Vqk}owCJp-4spvjBC2wsf2AaFvmjWd9Kwd@N%`NZz8feZ>opk z^U5)}o2^hz2fdXQicCoQGUJ@Yxk=HhBtykGFL@hx$VSgn9(Sdt9XJ(S9n51(Az@qrc@x2B?;rHKw?Uw2wY;&45yMgP4Ypto_fKrDuu5+sxmjv^Y9pclNl z`29j|a=k6|61Wk)e|dpI%0(}j&~z96Rp9r6;Xn8;{A*rJC%f_=^QV}{yLm%HJi5vf z(0xSjSs<>H-m_qcuX@jdbe8m<{lDH8dXG6}nLwwnUW;CkaQ2Ce(q2GAf_GIp&OY^m zxfrpK?0!S`iZ1j2{Pl}hKfexUVaGm}&;RF#&kqNs`9Ij-d%XX3C(jo8LFENAv*9N? z)*CbW-+-V1Y!yq#&%Pd(2>}URMFox^K8j7eXxvAILi{b zq$q|$5u4Bv8j|#y$OT6OqUr^`-qsd+_tU?>I`8!^FE6EJ-3v)V;*i86O0@JY_ts%k(e1d)WZISq+G*x=k4@#MG?!UejX($N%+a4bb2I2eF? z5OWf-1jXc9(?h4A18%6$zi&1PG{Z5T5FYe;KNQGW=m1vyUw_Po1Sg5eTf5S4fE(7bG zws;yRS=wHq_r+iSw0+-HwJ*Id=u*#kY%vwYEF^(o`(QAFqFjmO(PbJS;#WU)(h$2@5q!DmY14XaL!j zzvGnF0cIf?v01`m5~miP+(2|$%()9ml7_RT!fbOP+ZpiEkCm-Tb4Uiq+JpbXv zOT>v_86S}@;C7rxVLg~D!};?3)f&j`3TMJ1I$G3$x+=-vK%uqs#oPPOnVbL6hn-?bl? zb1Be7{Z}jb$bE$<)){9}grFo?-l`PPyaPqf8B0AYq#H+}bV^iT$TRnxpIq)BK?wTw z)KvRzdke~N#?roZ0~RUIARt|UY6g&GQKYU2h|Agmykes(!W9pqb26bK5cf7$f zBG7h75>7@qCE>B$pir?3PU4X8v%DijW04XZ_De&zlcjO=gPrDY`~4g@#dsZ;bpx+J zwf^u;%#-|zmaryHvH3yPtq@97!0E=9RdN z9dAo}#Y@VEmqxykCEm^n=QM-~znpl*(`i}$B`0dTG4^fwae@BGa3s+kBAg@uM%8|^ zT4w;ZW=K^Q29-ovZfReMWR1L{rO)NF{Dz|1Hz=ZYe3q|VHx#|TLCLM-<1)T-Xe~}^ zE7+B%wf25pP8%c8RYLUEXgTHZ0eWJ~74;$;!wo}kwy-~4T?mxn*M<7OZEu+dg$`?5 zqZV(1`zq+WA`5HCwdm7s&R3*^LHS1Lvq3&VioQ=AEgPYOzT5<;+-xpu&}Y5#8AqI? zoRT>KpG`VOIN}6{3p9eAAq-q~qHv+Z*TLY57($-*Rtn!2odpb%P2U5r`flIrBQGNH zB%OL_u!lU6au!eWurPA{*WDC;=S;kVRQ(;K>Vo}9m3?7EU1joQ_Rd5d_W?!4W#JgX z++vo>8JUACslB~nP;1bq>IbM5ef6FL-_m3D;goSaA)E6Tx}QyVb6!UGv+EU@S&<|d zNmb90(_KMblMR77m~(3)WiydV^}K$ebPCj%RL}CSzin?hWgE<@z(Ma46)kd8vfKlf z+BPI^Jz&Ag<-;_IY$&TZBwVqg{3YzwM7TsI7eh?r-1=KM7s?t~QC-C;?gI9HoxRtG z#FS-Gh!hAabcX3>$0`+LPX5S9oJI>%c~nq3E}vY=T~lf!nrnYaX}gW#b`N+r#^@{9 zb#Ia7HrBMudo?%Q)UN(RMxzjscuqNsXX@e_r{FmY0=ha9#Y$x8=)Ry>w(hQLmrcGp zjM7~>YvO|gA+Fq=g>_ywGKspo+nE;H3N)r%q|Oi|#NaTG z_2t)450!CUR_lWxEQ1&xp_s+KDeVrUDpX&Q#h^Gi5T)yer&q1_`JLM}TvG4fUF8Aq z?RWjG;i`N8lEZ!X|9~EMVQIMv@1B9J5ZvK5nXVw0trV0ch;I@C;!^KsJNmdv>h<=j zc2S={jnN1Tu(d66@1`B+nv8Nrn&hXgQ+92(O=l|&(1lcH-n$`Pe%szMVGiahCS(i! zit$A*>*!~SGzaBDrzzrkZ^1}Ru@qpHZxv*$1eYrtz@iKNHWSt6ay3*v$fu2drO+lq zpJu@IG?$&4JnVo%CTC|cs`C0|tx9JaPCuV@OM(wx=5xoM{+bD-OlF`f4TJ;Q0PBk9@BWzuFbEY zx!*{+ZdFHDQ2lP^a^rCIwZ=-oSrpND@(xer-mj5`@Q`Jx4vL^lpcGGFk+)vqm)*U@ zds|!RA|WG+BSZm%Vl*W)ES&oYvZ*}y1lKN7$32A7MM92cgEXG>5DIg09UH$YQ``wI zr@Y&#KoJ8^@*YCuGoB?8IYuGW3MlLKoH!aSU7g#Kz{t7(z1y;mx3L>fX#Ba?OYx+w zS=CO8CvG!?U~m)+{E!SOj{U)&&yNmzy(EhwbpfrdQ9$;1fv{@+%vQ9~u)!?)^hI=y z7vd?R;~Wl&v!~!{o<7}CajgYOq4??e4NK2B5hPBZDtNTJQ4SF194~qZ(UhoYgv%i{ z!Std95(em4HGEXK2vVLDzb}kiKN1bOWuAFgPM%v5z&ne$#HMXvZc#$TZPaqMSj_m_-~;8 z7IMgsTuSt|kQ%y%NC!~aLe8mUKC^VF_*Oib`0A=Wa?UIR7YP!Ny`DZTNBbP+gbWKU*+4n$U$rg0b2+#06=fSd4pyVyI=5ZZuBgf@D0(+`-Nky7eov_!%b&jbYg+w58wMKu)SnEd^YWg*p_g^GuZ= zY1{;af?plsEJe18sboRjLN2gd2wAC87Ba~mpAjOfB0*w7 zA*db9MUXJv&_p!0M`k-nuo*!qoe?1$xW+L|%89I|ua85ev9f*;Dx{sh)eeP|Wc8|wgl`l4M@DQgtDG8t{^^{` zYr+2u8Xg^zcw{p>fBo7k3_47re8fQz=y0PXo*&yB=O!@N*^7&d4{y(3^>QI|ZjKL+ zd#>!MPzfn%#>Fp7(B=AT+JLc5zJiU}nV#qfvhH(57E61)aw62O+MzkdwCRn$eg*vX zw%qW=fY#ECDo*~k*@OzFTs^_wynXljB1k{0b!x<7!6I^#K=FHfcN;2xZ?HzN_!XnY zx26udaoBjE&FNUKNMpuFa_3~io*L-<@o*1Yu32#3nh>>=;fU~56v(Ed;=y7pHEkkN zG+XHC&k!=VM5+_d+bLo5#PfjXpO%WQ7?Zc$!4ospf0s>^;`BDh8t&P7M?NQvr^spM z+k;>AT##Bs6m|sMk&~%y&AgwMu) zIwii2^4i})>68jI!=D&;BY&ujL_!W*i!;`WHJajhLWBzBry?rK?|HmJJ>x)KNSRzB z7*CjW^Us6pjR{UOE}IHN6?jh#^+3r}(2AUuS^x$|5!;m>0ivlO(O9Zjn1@=*uqb=| z_NSoNd-m)Dc+qLVuL&oJ>Zp=LM}jXS;eR}P*6aD`%y=~G*FvGgL||0og{wzJ@#GS1 z>jebRFkGM^OQ)*RJ`C@`;NEFSQdWiFgy9$4+^@E&q9P&|M~i-de*HV)WO?{f6Sh>c z08XeLlyXn%gAP2xvE-=`%@|-Q*L;;xNMiTW4SS>fz&evSt0*&nOU6GlT3wxq;VIz4z1H{7K{|ura=ixFL*Zz)CGQ~rZ(h*E3 z5O=3+#wH{tlJeJhQ82rjpqfsAPRU{~C8LIf>l|GWGb9fd0+WPVHd4%Ws?82siZ-!7 zN@bPXm*ZRyHxd*hn0TXl-t0ho%AqrUnxe5>zHq!iREUg-)w@*kx}HUvPsNDDm{Vqh zy4hQ?SQKlAj0oAiS+LA(#PLGXF$W_bh4Q>E&NX*vYR*Wo#WJ{y$k6)Ik}f<<%UOW^k5-vd8kBK31X6rFdS_Es55 wO>wxtu1XMJjsg1f=lg!j^v{EDDHQnQ^Y}bI|76eq4*&rF|4t*%{s3eK0E$TYSO5S3 literal 0 HcmV?d00001 diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..53b369e --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netmaker.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netmaker.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netmaker.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netmaker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..4e815fb --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,70 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "netmaker.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "netmaker.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "netmaker.masterKey" -}} +{{- randAlphaNum 12 | nospace -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "netmaker.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "netmaker.labels" -}} +helm.sh/chart: {{ include "netmaker.chart" . }} +{{ include "netmaker.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "netmaker.selectorLabels" -}} +app.kubernetes.io/name: {{ include "netmaker.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "netmaker.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "netmaker.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/coredns.yaml b/templates/coredns.yaml new file mode 100644 index 0000000..8102ac8 --- /dev/null +++ b/templates/coredns.yaml @@ -0,0 +1,85 @@ +{{- if .Values.dns.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "netmaker.fullname" . }}-coredns + labels: + app: {{ include "netmaker.fullname" . }}-coredns +spec: + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }}-coredns + replicas: 1 + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }}-coredns + spec: + containers: + - args: + - -conf + - /root/dnsconfig/Corefile + image: coredns/coredns + imagePullPolicy: Always + name: netmaker-dns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + volumeMounts: + - mountPath: /root/dnsconfig + name: {{ include "netmaker.fullname" . }}-dns-pvc + readOnly: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + dnsPolicy: "None" + dnsConfig: + nameservers: + - 127.0.0.1 + volumes: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-dns-pvc +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ include "netmaker.fullname" . }}-coredns + name: {{ include "netmaker.fullname" . }}-coredns +spec: + ports: + - port: 53 + protocol: UDP + targetPort: 53 + name: udp + - port: 53 + protocol: TCP + targetPort: 53 + name: tcp + selector: + app: {{ include "netmaker.fullname" . }}-coredns + sessionAffinity: None + type: ClusterIP + clusterIP: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP}} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "netmaker.fullname" . }}-dns-pvc +spec: + storageClassName: {{ required "A valid .Values.dns.RWX.storageClassName entry required! Specify an available RWX storage class." .Values.dns.RWX.storageClassName}} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.dns.storageSize }} +{{- end }} \ No newline at end of file diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..c26df0f --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,236 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "netmaker.fullname" . -}} +{{- $fullUIName := printf "%s-%s" $fullName "ui" -}} +{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}} +{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}} +{{- $uiSvcPort := .Values.service.uiPort -}} +{{- $restSvcPort := .Values.service.restPort -}} +{{- $grpcSvcPort := .Values.service.grpcPort -}} +{{- $classname := required "A valid .Values.ingress.className entry required! Please set this to your ingress class (nginx, traefik)" .Values.ingress.className}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullUIName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress }} + annotations: + {{- toYaml .annotations.base | nindent 4 }} + {{- if or (eq .className "nginx") (eq .className "public") }} + {{- toYaml .annotations.nginx | nindent 4 }} + {{- end }} + {{- if eq .className "traefik" }} + {{- toYaml .annotations.traefik | nindent 4 }} + {{- end }} + {{- if and .tls.enabled (eq .tls.issuerName "" )}} + {{- toYaml .annotations.tls | nindent 4 }} + {{- else if .tls.enabled}} + cert-manager.io/cluster-issuer: {{ .tls.issuerName }} + {{- end }} + {{- end }} +spec: + {{- if (not (eq .Values.ingress.className "traefik")) }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }} + secretName: {{ $fullUIName }}-tls-secret + {{- end}} + rules: + - host: {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullUIName }} + port: + number: {{ $uiSvcPort }} + {{- else }} + serviceName: {{ $fullUIName }} + servicePort: {{ $uiSvcPort }} + {{- end }} +--- +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullRESTName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress }} + annotations: + {{- toYaml .annotations.base | nindent 4 }} + {{- if or (eq .className "nginx") (eq .className "public") }} + {{- toYaml .annotations.nginx | nindent 4 }} + {{- end }} + {{- if eq .className "traefik" }} + {{- toYaml .annotations.traefik | nindent 4 }} + {{- end }} + {{- if and .tls.enabled (eq .tls.issuerName "" )}} + {{- toYaml .annotations.tls | nindent 4 }} + {{- else if .tls.enabled}} + cert-manager.io/cluster-issuer: {{ .tls.issuerName }} + {{- end }} + {{- end }} +spec: + {{- if (not (eq .Values.ingress.className "traefik")) }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }} + secretName: {{ $fullRESTName }}-tls-secret + {{- end }} + rules: + - host: {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullRESTName }} + port: + number: {{ $restSvcPort }} + {{- else }} + serviceName: {{ $fullRESTName }} + servicePort: {{ $restSvcPort }} + {{- end }} +--- +{{- if not (eq .Values.ingress.className "traefik") }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullGRPCName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress }} + annotations: + {{- toYaml .annotations.base | nindent 4 }} + {{- if or (eq .className "nginx") (eq .className "public") }} + {{- toYaml .annotations.nginx | nindent 4 }} + {{- toYaml .annotations.grpc.nginx | nindent 4 }} + {{- end }} + {{- if eq .className "traefik" }} + {{- toYaml .annotations.traefik | nindent 4 }} + {{- end }} + {{- if and .tls.enabled (eq .tls.issuerName "" )}} + {{- toYaml .annotations.tls | nindent 4 }} + {{- else if .tls.enabled}} + cert-manager.io/cluster-issuer: {{ .tls.issuerName }} + {{- end }} + {{- end }} +spec: + {{- if (not (eq .Values.ingress.className "traefik")) }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + secretName: {{ $fullGRPCName }}-tls-secret + {{- end }} + rules: + - host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullGRPCName }} + port: + number: {{ $grpcSvcPort }} + {{- else }} + serviceName: {{ $fullGRPCName }} + servicePort: {{ $grpcSvcPort }} + {{- end }} +{{- end }} +{{- if eq .Values.ingress.className "traefik" }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: {{ $fullGRPCName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} +spec: + entryPoints: + - websecure + routes: + - match: HostSNI(`{{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}`) + services: + - name: {{ $fullGRPCName }} + port: {{ $grpcSvcPort }} + passthrough: true + scheme: https + tls: + secretName: {{ $fullGRPCName }}-tls-secret + domains: + - main: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} +{{- if and .Values.ingress.tls.enabled (not (eq .Values.ingress.tls.issuerName "" ))}} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + acme.cert-manager.io/http01-override-ingress-name: {{ $fullRESTName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: {{ $fullGRPCName }}-tls-secret +spec: + dnsNames: + - {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: {{ .Values.ingress.tls.issuerName }} + secretName: {{ $fullGRPCName }}-tls-secret + usages: + - digital signature + - key encipherment +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/netmaker-statefulset.yaml b/templates/netmaker-statefulset.yaml new file mode 100644 index 0000000..9e53849 --- /dev/null +++ b/templates/netmaker-statefulset.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: {{ include "netmaker.fullname" . }} + name: {{ include "netmaker.fullname" . }} +spec: + replicas: {{ .Values.replicas }} + serviceName: {{ include "netmaker.fullname" . }}-headless + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }} + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }} + spec: + {{- if .Values.wireguard.enabled }} + {{- if .Values.setIpForwarding.enabled }} + initContainers: + - name: init-sysctl + image: busybox + imagePullPolicy: IfNotPresent + command: ["sysctl", "-w", "net.ipv4.ip_forward=1"] + securityContext: + privileged: true + {{- end }} + dnsPolicy: ClusterFirstWithHostNet + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ include "netmaker.fullname" . }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + containers: + - env: + - name: SERVER_API_CONN_STRING + value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 + - name: SERVER_GRPC_CONN_STRING + value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 + - name: GRPC_SSL + value: "on" + - name: SERVER_HTTP_HOST + value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} + - name: SERVER_GRPC_HOST + value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} + - name: API_PORT + value: "8081" + {{- if not .Values.wireguard.kernel }} + - name: WG_QUICK_USERSPACE_IMPLEMENTATION + value: wireguard-go + {{- end }} + - name: GRPC_PORT + value: "443" + {{- if .Values.dns.enabled }} + - name: DNS_MODE + value: "on" + - name: COREDNS_ADDR + value: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP }} + {{- else }} + - name: DNS_MODE + value: "off" + {{- end }} + {{- if .Values.wireguard.enabled }} + - name: CLIENT_MODE + value: "on" + {{- else }} + - name: CLIENT_MODE + value: "off" + {{- end }} + - name: MASTER_KEY + value: {{ include "netmaker.masterKey" . }} + - name: PLATFORM + value: Kubernetes + - name: CORS_ALLOWED_ORIGIN + value: '*' + - name: NODE_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SQL_HOST + value: '{{ .Release.Name }}-postgresql-ha-pgpool.{{ .Release.Namespace }}.svc.cluster.local' + - name: SQL_PORT + value: "5432" + - name: SQL_DB + value: {{ index .Values "postgresql-ha" "postgresql" "database" }} + - name: SQL_USER + value: {{ index .Values "postgresql-ha" "postgresql" "username" }} + - name: SQL_PASS + value: {{ index .Values "postgresql-ha" "postgresql" "password" }} + - name: DATABASE + value: postgres + {{- if or (not .Values.wireguard.enabled) (.Values.wireguard.kernel) }} + image: gravitl/netmaker:v0.8.4 + {{- else }} + image: gravitl/netmaker:v0.8.4-userspace + {{- end }} + imagePullPolicy: Always + name: {{ include "netmaker.fullname" . }} + ports: + - containerPort: {{ .Values.service.restPort }} + protocol: TCP + - containerPort: {{ .Values.service.grpcPort }} + protocol: TCP + {{- if .Values.wireguard.enabled }} + {{ $count := (add .Values.wireguard.networkLimit 1 | int) }} + {{- range untilStep 1 $count 1 }} + - containerPort: {{ add 31820 . }} + protocol: UDP + {{- end }} + {{- end }} + resources: {} + {{- if .Values.wireguard.enabled }} + securityContext: + capabilities: + add: + - NET_ADMIN + {{- end }} + {{- if .Values.dns.enabled }} + volumeMounts: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + mountPath: /root/config/dnsconfig + volumes: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-dns-pvc + {{- end }} \ No newline at end of file diff --git a/templates/netmaker-ui-deployment.yaml b/templates/netmaker-ui-deployment.yaml new file mode 100644 index 0000000..b105786 --- /dev/null +++ b/templates/netmaker-ui-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ include "netmaker.fullname" . }}-ui + name: {{ include "netmaker.fullname" . }}-ui +spec: + replicas: {{ .Values.ui.replicas }} + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }}-ui + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }}-ui + spec: + containers: + - name: {{ include "netmaker.fullname" . }}-ui + image: gravitl/netmaker-ui:v0.8 + ports: + - containerPort: {{ .Values.service.grpcPort }} + env: + - name: BACKEND_URL + value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}' + terminationGracePeriodSeconds: 15 \ No newline at end of file diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..f44de45 --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "netmaker.serviceAccountName" . }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/services.yaml b/templates/services.yaml new file mode 100644 index 0000000..8f5bfbb --- /dev/null +++ b/templates/services.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-ui' +spec: + ports: + - port: {{ .Values.service.uiPort }} + protocol: TCP + targetPort: {{ .Values.service.uiPort }} + selector: + app: '{{ include "netmaker.fullname" . }}-ui' + sessionAffinity: None + type: '{{ .Values.service.type }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-rest' +spec: + ports: + - name: rest + port: {{ .Values.service.restPort }} + protocol: TCP + targetPort: {{ .Values.service.restPort }} + selector: + app: '{{ include "netmaker.fullname" . }}' + sessionAffinity: None + type: {{ .Values.service.type }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-grpc' +spec: + ports: + - name: rest + port: {{ .Values.service.grpcPort }} + protocol: TCP + targetPort: {{ .Values.service.grpcPort }} + selector: + app: '{{ include "netmaker.fullname" . }}' + sessionAffinity: None + type: {{ .Values.service.type }} +{{- if .Values.wireguard.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-wireguard' +spec: + externalTrafficPolicy: Local + type: NodePort + ports: + {{ $count := (add .Values.wireguard.networkLimit 1 | int) }} + {{- range untilStep 1 $count 1 }} + - port: {{ add 31820 . }} + nodePort: {{ add 31820 . }} + protocol: UDP + targetPort: {{ add 31820 . }} + name: wg-iface-{{ add 31820 . }} + {{- end }} + selector: + app: '{{ include "netmaker.fullname" . }}' +{{- end }} \ No newline at end of file diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c0d498c --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "netmaker.fullname" . }}-test-connection" + labels: + {{- include "netmaker.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "netmaker.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..d89c316 --- /dev/null +++ b/values.yaml @@ -0,0 +1,124 @@ +# Default values for netmaker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- number of netmaker server replicas to create +replicas: 3 + +image: + # -- The image repo to pull Netmaker image from + repository: gravitl/netmaker + # -- Pull Policy for images + pullPolicy: Always + # -- Override the image tag to pull + tag: "v0.8.4" + +# -- override the name for netmaker objects +nameOverride: "" + +# -- override the full name for netmaker objects +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- Name of SA to use. If not set and create is true, a name is generated using the fullname template + name: "" + +# -- pod annotations to add +podAnnotations: {} + +# -- pod security contect to add +podSecurityContext: {} + # fsGroup: 2000 + +ui: + # -- how many UI replicas to create + replicas: 2 + +setIpForwarding: + enabled: true + +service: + # -- type for netmaker server services + type: ClusterIP + # -- port for API service + restPort: 8081 + # -- port for GRPC service + grpcPort: 443 + # -- port for UI service + uiPort: 80 + +ingress: + # -- attempts to configure ingress if true + enabled: false + tls: + enabled: true + issuerName: "letsencrypt-prod" + annotations: + base: + # -- annotation to generate ACME certs if available + kubernetes.io/ingress.allow-http: "false" + tls: + # -- use acme cert if available + kubernetes.io/tls-acme: "true" + nginx: + # -- Redirect http to https + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + # -- destination addr for route + nginx.ingress.kubernetes.io/rewrite-target: / + traefik: + # -- Redirect to https + traefik.ingress.kubernetes.io/redirect-entry-point: https + # -- Redirect to https permanently + traefik.ingress.kubernetes.io/redirect-permanent: "true" + # -- rule type + traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip" + # -- enforce https + traefik.ingress.kubernetes.io/router.entrypoints: websecure + # -- enforce tls + traefik.ingress.kubernetes.io/router.tls: "true" + grpc: + nginx: + # -- annotation to use grpc protocol on grpc domain + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + traefik: + # -- annotation to use grpc protocol on grpc domain + ingress.kubernetes.io/protocol: "h2c" + hostPrefix: + # -- ui route subdomain + ui: 'dashboard.' + # -- api (REST) route subdomain + rest: 'api.' + # -- grpc route subdomain + grpc: 'grpc.' + +wireguard: + # -- whether or not to use WireGuard on server + enabled: true + # -- whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). + kernel: false + # -- max number of networks that Netmaker will support if running with WireGuard enabled + networkLimit: 10 + +dns: + # -- whether or not to run with DNS (CoreDNS) + enabled: false + # -- volume size for DNS (only needs to hold one file) + storageSize: 128Mi + +postgresql-ha: + postgresql: + # -- postgres user to generate + username: netmaker + # -- postgres pass to generate + password: netmaker + # -- postgress db to generate + database: netmaker + # -- postgress number of replicas to deploy + replicaCount: 2 + persistence: + # -- size of postgres DB + size: 3Gi