From 4b8ebf9702a09c195448dbeeb1e0c2d1671a9e2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Roux?= <47380500+loic-roux-404@users.noreply.github.com> Date: Wed, 22 May 2024 23:11:03 +0200 Subject: [PATCH] feat: move to nix and terraform (#31) * feat: flake with nix os qcow generation * feat: a part docker builder * feat: added CI configs --- .editorconfig | 7 +- .envrc | 6 + .github/workflows/release-helm.yml | 38 - .github/workflows/release-nixos.yml | 55 + .github/workflows/release-packer.yml | 69 - .github/workflows/test-helm.yml | 45 - .github/workflows/test-packer.yml | 52 - .github/workflows/test-playbook.yml | 81 - .github/workflows/test-terraform.yml | 27 +- .gitignore | 49 +- .terraform.lock.hcl | 142 + .vscode/extensions.json | 3 +- .vscode/settings.json | 10 +- Makefile | 52 + README.md | 217 + bootstrap/nix.conf | 1 + charts/microservice/.helmignore | 23 - charts/microservice/Chart.lock | 6 - charts/microservice/Chart.yaml | 29 - charts/microservice/templates/NOTES.txt | 22 - charts/microservice/templates/_helpers.tpl | 75 - charts/microservice/templates/deployment.yaml | 55 - charts/microservice/templates/hpa.yaml | 28 - charts/microservice/templates/ingress.yaml | 61 - .../microservice/templates/persistence.yaml | 26 - charts/microservice/templates/secrets.yaml | 9 - charts/microservice/templates/service.yaml | 15 - .../templates/serviceaccount.yaml | 12 - .../templates/tests/test-connection.yaml | 15 - charts/microservice/values.yaml | 106 - contabo/.gitignore | 34 - contabo/.terraform.lock.hcl | 132 - contabo/Makefile | 35 - contabo/data.tf | 20 - contabo/exemple.tfvars.dist | 37 - contabo/main.tf | 135 - contabo/terraform.tf | 40 - contabo/user-data.yaml.tmpl | 44 - contabo/variables.tf | 98 - default.nix | 10 + docs/1-install.md | 148 +- docs/2-help.md | 4 +- docs/images/archi.jpg | Bin 235097 -> 206870 bytes docs/images/archi.mdj | 4894 +++++------------ flake.lock | 234 + flake.nix | 203 + main.tf | 96 + nix-lib/mkDarwinSystem.nix | 20 + nixos-darwin/configuration.nix | 107 + nixos-darwin/linux-builder-docker.nix | 13 + .../default => nixos-darwin}/pebble/cert.pem | 0 .../default => nixos-darwin}/pebble/key.pem | 0 nixos-options/default.nix | 57 + nixos/configuration.nix | 189 + nixos/contabo.nix | 12 + nixos/docker.nix | 5 + packer/.gitignore | 24 - packer/Darwin-arm64-host.hcl | 1 - packer/Darwin-x86_64-host.hcl | 1 - packer/Linux-x86_64-host.hcl | 1 - packer/Makefile | 23 - packer/cloud-init.yaml.tmpl | 52 - packer/config.pkr.hcl | 8 - packer/scripts/cleanup.sh | 13 - packer/scripts/remove-snap.sh | 24 - packer/ubuntu.pkr.hcl | 186 - playbook/inventories/contabo/hosts | 1 - playbook/requirements-test.txt | 2 - playbook/requirements.txt | 3 - playbook/requirements.yaml | 9 - playbook/roles/waypoint/.yamllint | 33 - playbook/roles/waypoint/README.md | 38 - playbook/roles/waypoint/defaults/main.yml | 46 - playbook/roles/waypoint/handlers/main.yml | 1 - playbook/roles/waypoint/meta/main.yml | 62 - .../waypoint/molecule/default/converge.yml | 78 - .../default/group_vars/molecule/secrets.yml | 16 - .../waypoint/molecule/default/molecule.ci.yml | 22 - .../waypoint/molecule/default/molecule.yml | 39 - .../default/pebble/pebble-config.json | 12 - .../waypoint/molecule/default/prepare.yml | 26 - .../molecule/default/scripts/setup_dnsmasq.sh | 49 - .../molecule/default/scripts/setup_macos.sh | 27 - .../waypoint/molecule/default/verify.yml | 38 - playbook/roles/waypoint/tasks/checks.yml | 16 - playbook/roles/waypoint/tasks/main.yml | 41 - playbook/roles/waypoint/tasks/manifests.yml | 38 - .../roles/waypoint/tasks/pre-import-cert.yml | 24 - .../roles/waypoint/tasks/restart-coredns.yml | 5 - .../roles/waypoint/tasks/setup-ingress.yml | 25 - .../roles/waypoint/tasks/setup-metallb.yml | 19 - .../roles/waypoint/tasks/setup-waypoint.yml | 75 - .../templates/cert-manager-chart-crd.yml.j2 | 35 - .../waypoint/templates/coredns-custom.yml.j2 | 23 - .../waypoint/templates/dex-chart-crd.yml.j2 | 59 - .../waypoint/templates/metallb-config.yml.j2 | 23 - .../templates/nginx-ingress-chart-crd.yml.j2 | 21 - .../templates/reflector-chart-crd.yml.j2 | 10 - .../templates/reflector-shared.yml.j2 | 12 - .../templates/waypoint-chart-crd.yml.j2 | 89 - playbook/roles/waypoint/vars/main.yml | 38 - playbook/site.yaml | 8 - playbook/terraform.tfstate | 9 - requirements.txt | 1 - shell.nix | 5 + terraform.tf | 37 + tf-modules-k8s/cert-manager/main.tf | 113 + tf-modules-k8s/cert-manager/terraform.tf | 10 + tf-modules-k8s/cert-manager/variables.tf | 32 + tf-modules-k8s/dex/main.tf | 74 + tf-modules-k8s/dex/terraform.tf | 10 + tf-modules-k8s/dex/values.yaml.tmpl | 46 + tf-modules-k8s/dex/variables.tf | 42 + tf-modules-k8s/github/main.tf | 33 + tf-modules-k8s/github/terraform.tf | 14 + tf-modules-k8s/github/variables.tf | 14 + tf-modules-k8s/internal-ca/main.tf | 50 + tf-modules-k8s/internal-ca/terraform.tf | 10 + tf-modules-k8s/internal-ca/variables.tf | 18 + tf-modules-k8s/metallb/main.tf | 81 + tf-modules-k8s/metallb/terraform.tf | 8 + tf-modules-k8s/metallb/variables.tf | 14 + .../nginx-ingress-controller/main.tf | 39 + .../nginx-ingress-controller/variables.tf | 12 + tf-modules-k8s/waypoint-config/main.tf | 48 + tf-modules-k8s/waypoint-config/variables.tf | 41 + tf-modules-k8s/waypoint/main.tf | 104 + tf-modules-k8s/waypoint/terraform.tf | 10 + tf-modules-k8s/waypoint/values.yaml.tmpl | 28 + tf-modules-k8s/waypoint/variables.tf | 29 + tf-root-contabo/.terraform.lock.hcl | 84 + tf-root-contabo/main.tf | 118 + tf-root-contabo/terraform.tf | 36 + tf-root-contabo/user-data.yaml.tmpl | 4 + tf-root-contabo/variables.tf | 76 + tf-root-libvirt/.terraform.lock.hcl | 65 + tf-root-libvirt/main.tf | 137 + tf-root-libvirt/nixos.xslt.tmpl | 26 + tf-root-libvirt/terraform.tf | 23 + tf-root-libvirt/variables.tf | 44 + variables.tf | 103 + .../roles/waypoint/files => xchg}/.gitkeep | 0 142 files changed, 4495 insertions(+), 6452 deletions(-) create mode 100644 .envrc delete mode 100644 .github/workflows/release-helm.yml create mode 100644 .github/workflows/release-nixos.yml delete mode 100644 .github/workflows/release-packer.yml delete mode 100644 .github/workflows/test-helm.yml delete mode 100644 .github/workflows/test-packer.yml delete mode 100644 .github/workflows/test-playbook.yml create mode 100644 .terraform.lock.hcl create mode 100644 Makefile create mode 100644 bootstrap/nix.conf delete mode 100644 charts/microservice/.helmignore delete mode 100644 charts/microservice/Chart.lock delete mode 100644 charts/microservice/Chart.yaml delete mode 100644 charts/microservice/templates/NOTES.txt delete mode 100644 charts/microservice/templates/_helpers.tpl delete mode 100644 charts/microservice/templates/deployment.yaml delete mode 100644 charts/microservice/templates/hpa.yaml delete mode 100644 charts/microservice/templates/ingress.yaml delete mode 100644 charts/microservice/templates/persistence.yaml delete mode 100644 charts/microservice/templates/secrets.yaml delete mode 100644 charts/microservice/templates/service.yaml delete mode 100644 charts/microservice/templates/serviceaccount.yaml delete mode 100644 charts/microservice/templates/tests/test-connection.yaml delete mode 100644 charts/microservice/values.yaml delete mode 100644 contabo/.gitignore delete mode 100644 contabo/.terraform.lock.hcl delete mode 100644 contabo/Makefile delete mode 100644 contabo/data.tf delete mode 100644 contabo/exemple.tfvars.dist delete mode 100644 contabo/main.tf delete mode 100644 contabo/terraform.tf delete mode 100644 contabo/user-data.yaml.tmpl delete mode 100644 contabo/variables.tf create mode 100644 default.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 main.tf create mode 100644 nix-lib/mkDarwinSystem.nix create mode 100644 nixos-darwin/configuration.nix create mode 100644 nixos-darwin/linux-builder-docker.nix rename {playbook/roles/waypoint/molecule/default => nixos-darwin}/pebble/cert.pem (100%) rename {playbook/roles/waypoint/molecule/default => nixos-darwin}/pebble/key.pem (100%) create mode 100644 nixos-options/default.nix create mode 100644 nixos/configuration.nix create mode 100644 nixos/contabo.nix create mode 100644 nixos/docker.nix delete mode 100644 packer/.gitignore delete mode 100644 packer/Darwin-arm64-host.hcl delete mode 100644 packer/Darwin-x86_64-host.hcl delete mode 100644 packer/Linux-x86_64-host.hcl delete mode 100644 packer/Makefile delete mode 100644 packer/cloud-init.yaml.tmpl delete mode 100644 packer/config.pkr.hcl delete mode 100644 packer/scripts/cleanup.sh delete mode 100755 packer/scripts/remove-snap.sh delete mode 100644 packer/ubuntu.pkr.hcl delete mode 100644 playbook/inventories/contabo/hosts delete mode 100644 playbook/requirements-test.txt delete mode 100644 playbook/requirements.txt delete mode 100644 playbook/requirements.yaml delete mode 100644 playbook/roles/waypoint/.yamllint delete mode 100644 playbook/roles/waypoint/README.md delete mode 100644 playbook/roles/waypoint/defaults/main.yml delete mode 100644 playbook/roles/waypoint/handlers/main.yml delete mode 100644 playbook/roles/waypoint/meta/main.yml delete mode 100644 playbook/roles/waypoint/molecule/default/converge.yml delete mode 100644 playbook/roles/waypoint/molecule/default/group_vars/molecule/secrets.yml delete mode 100644 playbook/roles/waypoint/molecule/default/molecule.ci.yml delete mode 100644 playbook/roles/waypoint/molecule/default/molecule.yml delete mode 100644 playbook/roles/waypoint/molecule/default/pebble/pebble-config.json delete mode 100644 playbook/roles/waypoint/molecule/default/prepare.yml delete mode 100755 playbook/roles/waypoint/molecule/default/scripts/setup_dnsmasq.sh delete mode 100755 playbook/roles/waypoint/molecule/default/scripts/setup_macos.sh delete mode 100644 playbook/roles/waypoint/molecule/default/verify.yml delete mode 100644 playbook/roles/waypoint/tasks/checks.yml delete mode 100644 playbook/roles/waypoint/tasks/main.yml delete mode 100644 playbook/roles/waypoint/tasks/manifests.yml delete mode 100644 playbook/roles/waypoint/tasks/pre-import-cert.yml delete mode 100644 playbook/roles/waypoint/tasks/restart-coredns.yml delete mode 100644 playbook/roles/waypoint/tasks/setup-ingress.yml delete mode 100644 playbook/roles/waypoint/tasks/setup-metallb.yml delete mode 100644 playbook/roles/waypoint/tasks/setup-waypoint.yml delete mode 100644 playbook/roles/waypoint/templates/cert-manager-chart-crd.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/coredns-custom.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/dex-chart-crd.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/metallb-config.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/nginx-ingress-chart-crd.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/reflector-chart-crd.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/reflector-shared.yml.j2 delete mode 100644 playbook/roles/waypoint/templates/waypoint-chart-crd.yml.j2 delete mode 100644 playbook/roles/waypoint/vars/main.yml delete mode 100644 playbook/site.yaml delete mode 100644 playbook/terraform.tfstate create mode 100644 shell.nix create mode 100644 terraform.tf create mode 100644 tf-modules-k8s/cert-manager/main.tf create mode 100644 tf-modules-k8s/cert-manager/terraform.tf create mode 100644 tf-modules-k8s/cert-manager/variables.tf create mode 100644 tf-modules-k8s/dex/main.tf create mode 100644 tf-modules-k8s/dex/terraform.tf create mode 100644 tf-modules-k8s/dex/values.yaml.tmpl create mode 100644 tf-modules-k8s/dex/variables.tf create mode 100644 tf-modules-k8s/github/main.tf create mode 100644 tf-modules-k8s/github/terraform.tf create mode 100644 tf-modules-k8s/github/variables.tf create mode 100644 tf-modules-k8s/internal-ca/main.tf create mode 100644 tf-modules-k8s/internal-ca/terraform.tf create mode 100644 tf-modules-k8s/internal-ca/variables.tf create mode 100644 tf-modules-k8s/metallb/main.tf create mode 100644 tf-modules-k8s/metallb/terraform.tf create mode 100644 tf-modules-k8s/metallb/variables.tf create mode 100644 tf-modules-k8s/nginx-ingress-controller/main.tf create mode 100644 tf-modules-k8s/nginx-ingress-controller/variables.tf create mode 100644 tf-modules-k8s/waypoint-config/main.tf create mode 100644 tf-modules-k8s/waypoint-config/variables.tf create mode 100644 tf-modules-k8s/waypoint/main.tf create mode 100644 tf-modules-k8s/waypoint/terraform.tf create mode 100644 tf-modules-k8s/waypoint/values.yaml.tmpl create mode 100644 tf-modules-k8s/waypoint/variables.tf create mode 100644 tf-root-contabo/.terraform.lock.hcl create mode 100644 tf-root-contabo/main.tf create mode 100644 tf-root-contabo/terraform.tf create mode 100644 tf-root-contabo/user-data.yaml.tmpl create mode 100644 tf-root-contabo/variables.tf create mode 100644 tf-root-libvirt/.terraform.lock.hcl create mode 100644 tf-root-libvirt/main.tf create mode 100644 tf-root-libvirt/nixos.xslt.tmpl create mode 100644 tf-root-libvirt/terraform.tf create mode 100644 tf-root-libvirt/variables.tf create mode 100644 variables.tf rename {playbook/roles/waypoint/files => xchg}/.gitkeep (100%) diff --git a/.editorconfig b/.editorconfig index 14888e4f..630c31be 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,9 +9,9 @@ indent_size = 4 end_of_line = lf charset = utf-8 trim_trailing_whitespace = false -insert_final_newline = false +insert_final_newline = true -[*.{yml,yaml,yml.*,yaml.*}] +[*.{yml,yaml,yml.*,yaml.*,xslt.*,*.xslt}] indent_size = 2 [*.{hcl,tf,tfvars,tfvars.*}] @@ -20,5 +20,8 @@ indent_size = 2 [*.sh] end_of_line = lf +[*.nix] +indent_size = 2 + [Makefile] indent_style = tab diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..bafa5057 --- /dev/null +++ b/.envrc @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +use flake +watch_file flake.nix + +# vim: ft=bash diff --git a/.github/workflows/release-helm.yml b/.github/workflows/release-helm.yml deleted file mode 100644 index 6c94abe5..00000000 --- a/.github/workflows/release-helm.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Release Charts - -on: - push: - branches: - - main - paths: - - 'charts/**' - - .github/workflows/release-helm.yml - -permissions: - contents: write - packages: write - pages: write - id-token: write - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Add repositories workaround - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - env: - CR_TOKEN: "${{ github.token }}" diff --git a/.github/workflows/release-nixos.yml b/.github/workflows/release-nixos.yml new file mode 100644 index 00000000..6e3f5a38 --- /dev/null +++ b/.github/workflows/release-nixos.yml @@ -0,0 +1,55 @@ +name: Release Packer image +on: + push: + branches: + - main + paths: + - 'nixos/**.yml' + - '!**.md' + - '!playbook/roles/paas/molecule/**' + - 'packer/**' + - .github/workflows/release-packer.yml + +permissions: + contents: write + discussions: write + +jobs: + gh-release-packer: + runs-on: ubuntu-latest + name: Run Packer + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - uses: cachix/install-nix-action@v25 + with: + extra_nix_config: | + experimental-features = nix-command flakes + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5 + with: + primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix') }} + restore-prefixes-first-match: nix-${{ runner.os }}- + gc-max-store-size-linux: 1073741824 + + - name: Set outputs + id: vars + run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Build + id: build + run: nix build .#nixosConfigurations.x86_64-linux.contabo + + - name: Release + uses: softprops/action-gh-release@v1 + with: + tag_name: nixos-${{ steps.vars.outputs.sha_short }} + token: "${{ secrets.GITHUB_TOKEN }}" + generate_release_notes: true + files: | + result/ diff --git a/.github/workflows/release-packer.yml b/.github/workflows/release-packer.yml deleted file mode 100644 index 09723927..00000000 --- a/.github/workflows/release-packer.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Release Packer image -on: - push: - branches: - - main - paths: - - 'playbook/**.yml' - - '!**.md' - - '!playbook/roles/waypoint/molecule/**' - - 'packer/**' - - .github/workflows/release-packer.yml - -permissions: - contents: write - discussions: write - -jobs: - gh-release-packer: - runs-on: macos-latest - name: Run Packer - env: - PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }} - PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Setup `packer` - uses: hashicorp/setup-packer@main - id: setup - with: - version: "1.8.6" - - - name: Set outputs - id: vars - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - name: Run `packer init` - id: init - run: "packer init ubuntu.pkr.hcl" - working-directory: packer - - - name: Run `packer build` - run: >- - packer build -var-file "$(uname -ms | tr ' ' '-')-host.hcl" \ - ubuntu.pkr.hcl - working-directory: packer - env: - PACKER_LOG: 1 - PACKER_LOG_PATH: packer.log - - - name: Upload packer.log on failure - if: failure() - uses: actions/upload-artifact@v3 - with: - name: packer.log - path: packer/packer.log - retention-days: 14 - - - name: Release - uses: softprops/action-gh-release@v1 - with: - tag_name: ubuntu-jammy-${{ steps.vars.outputs.sha_short }} - token: "${{ secrets.GITHUB_TOKEN }}" - generate_release_notes: true - files: | - packer/.qemu-vm/ubuntu-jammy-22.04.2.qcow2 - packer/.qemu-vm/SHA256SUMS diff --git a/.github/workflows/test-helm.yml b/.github/workflows/test-helm.yml deleted file mode 100644 index e567ba78..00000000 --- a/.github/workflows/test-helm.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Test Charts - -on: - pull_request: - branches: - - main - paths: - - 'charts/**' - - .github/workflows/test-helm.yml - -permissions: - contents: write - packages: write - pages: write - id-token: write - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Add repositories workaround - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Dependency build - run: helm dependency build . - working-directory: charts/microservice - - - name: Run lint - run: helm lint . - working-directory: charts/microservice - - - name: Run template - run: helm template . - working-directory: charts/microservice diff --git a/.github/workflows/test-packer.yml b/.github/workflows/test-packer.yml deleted file mode 100644 index 1ae5c0cf..00000000 --- a/.github/workflows/test-packer.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: test-packer -on: - pull_request: - paths: - - 'packer/**.hcl' - - 'packer/**.sh' - - 'packer/**.tmpl' - - .github/workflows/test-packer.yml -jobs: - gh-release-packer: - runs-on: ubuntu-latest - name: Run Packer - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Setup `packer` - uses: hashicorp/setup-packer@main - id: setup - with: - version: "1.8.6" - - - name: Cache packer Iso's - id: cache-packer-iso - uses: actions/cache@v3 - with: - path: ~/.cache/packer/ - key: ${{ runner.os }}-ubuntu-22.04 - - - name: Set outputs - id: vars - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - name: Run `packer init` - id: init - run: "packer init ubuntu.pkr.hcl" - working-directory: packer - env: - PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }} - PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }} - - - name: Run `packer validate` - id: validate - run: >- - packer validate \ - -var-file "$(uname -ms | tr ' ' '-')-host.hcl" \ - ubuntu.pkr.hcl - working-directory: packer - env: - PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }} - PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }} diff --git a/.github/workflows/test-playbook.yml b/.github/workflows/test-playbook.yml deleted file mode 100644 index f7645015..00000000 --- a/.github/workflows/test-playbook.yml +++ /dev/null @@ -1,81 +0,0 @@ - -name: Molecule Test -on: - pull_request: - branches: - - main - paths: - - 'playbook/**.yaml' - - 'playbook/**.yml' - - 'playbook/**.txt' - - 'playbook/**.j2' - - 'playbook/roles/waypoint/molecule/**' - - .github/workflows/test-playbook.yml -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: 3.11.2 - cache: 'pip' - cache-dependency-path: '**/requirements*.txt' - - - name: Install python dependencies - run: | - sudo python -m pip install --upgrade pip - sudo pip install -r requirements.txt - sudo pip install -r requirements-test.txt - working-directory: playbook - - - uses: actions/cache@v3 - with: - path: | - /root/.ansible/collections/ansible_collections - /root/.ansible/roles - key: ${{ runner.os }}-ansible-${{ hashFiles('playbook/requirements.yaml') }} - restore-keys: | - ${{ runner.os }}-ansible- - - - name: Install ansible dependencies - run: | - sudo ansible-galaxy collection install -r requirements.yaml - sudo ansible-galaxy role install -r requirements.yaml - working-directory: playbook - - - name: Update apt cache - run: sudo apt update - - - uses: awalsh128/cache-apt-pkgs-action@latest - with: - packages: dnsmasq - version: 1.0 - - name: Setup dnsmasq - run: ./scripts/setup_dnsmasq.sh - working-directory: playbook/roles/waypoint - - - name: Setup vault secret - run: echo "$ANSIBLE_VAULT_PASSWORD" | sudo tee /root/.ansible/.vault - env: - ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - - - name: Enable molecule delegated driver for CI - run: mv -f molecule/default/molecule.ci.yml molecule/default/molecule.yml - working-directory: playbook/roles/waypoint - - - name: Remove kubectl - run: sudo rm -rf /usr/local/bin/kubectl - - - name: Molecule test - run: >- - sudo molecule test -d delegated -- \ - --extra-vars='_hosts=127.0.0.1 k3s_disable_services=[traefik]' - working-directory: playbook/roles/waypoint - env: - ANSIBLE_FORCE_COLOR: 1 diff --git a/.github/workflows/test-terraform.yml b/.github/workflows/test-terraform.yml index 6b71fa23..a3efd3dc 100644 --- a/.github/workflows/test-terraform.yml +++ b/.github/workflows/test-terraform.yml @@ -5,10 +5,10 @@ on: branches: - main paths: - - 'contabo/**.hcl' - - 'contabo/**.tf' - - 'contabo/**.tfvars' - - 'contabo/**.tmpl' + - 'terraform/**.hcl' + - 'terraform/**.tf' + - 'terraform/**.tfvars' + - 'terraform/**.tmpl' - .github/workflows/test-terraform.yml permissions: @@ -24,14 +24,27 @@ jobs: fetch-depth: 0 - uses: hashicorp/setup-terraform@v2 + - name: Configure Terraform plugin cache + run: | + echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >>"$GITHUB_ENV" + mkdir --parents "$HOME/.terraform.d/plugin-cache" + - name: Cache Terraform + uses: actions/cache@v4 + with: + path: | + ~/.terraform.d/plugin-cache + key: terraform-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }} + restore-keys: | + terraform-${{ runner.os }}- + - name: Terraform Init id: init - run: terraform init + run: make init - name: Terraform fmt id: fmt - run: terraform fmt -check -diff + run: make fmt ARGS='-check -diff' - name: Terraform Validate id: validate - run: terraform validate -no-color + run: make validate diff --git a/.gitignore b/.gitignore index 6ba21815..e8706862 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,39 @@ -.DS_Store -certs/* -!.gitkeep -.env -playbook/vault-password.txt -charts/**/*.tgz -# mkdocs -site -# helm charts index file -index.yaml \ No newline at end of file +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# nix +result +.direnv +keys diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 00000000..c82ca499 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,142 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.12.1" + constraints = "2.12.1" + hashes = [ + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/http" { + version = "3.4.2" + hashes = [ + "h1:vaoPfsLm6mOk6avKTrWi35o+9p4fEeZAY3hzYoXVTfo=", + "zh:0ba051c9c8659ce0fec94a3d50926745f11759509c4d6de0ad5f5eb289f0edd9", + "zh:23e6760e8406fef645913bf47bfab1ca984c1c5805d2bb0ef8310b16913d29cd", + "zh:3c69fde4548bfe65b968534c4df8d699648c921d6a065b97fec5faece73a442b", + "zh:41c7f9a8c117704b7a8fa96a57ebfb92b72129d9625128eeb0dee7d5a09d1110", + "zh:59d09d2e00727df10565cc82a33250b44201fcd353eb2b1579507a5a0adcce18", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:c95b2f63d4357b3068531b90d9dca62a32551d7693defb7ab14b650b5d139c57", + "zh:cc0a3bbd3026191b35f417d3a8f26bdfad376d15be9e8d99a8803487ca5b0105", + "zh:d1185c6abb3ba25123fb7df1ad7dbe2b9cd8f43962628da551040fbe1934656f", + "zh:dfb26fccab7ecdc150f67415e6cfe19d699dc43e8bf5722f36032b17b46a0fbe", + "zh:eb1fcc00073bc0463f64e49600a73d925b1a0c0ae5b94dd7b67d3ebac248a113", + "zh:ec9b9ad69cf790cb0603a1036d758063bbbc35c0c75f72dd04a1eddaf46ad010", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.29.0" + constraints = "2.29.0" + hashes = [ + "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=", + "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113", + "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578", + "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195", + "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac", + "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff", + "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25", + "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723", + "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3", + "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226", + "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a", + "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = "3.2.2" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.1" + constraints = "3.6.1" + hashes = [ + "h1:a+Goawwh6Qtg4/bRWzfDtIdrEFfPlnVy0y4LdUQY3nI=", + "zh:2a0ec154e39911f19c8214acd6241e469157489fc56b6c739f45fbed5896a176", + "zh:57f4e553224a5e849c99131f5e5294be3a7adcabe2d867d8a4fef8d0976e0e52", + "zh:58f09948c608e601bd9d0a9e47dcb78e2b2c13b4bda4d8f097d09152ea9e91c5", + "zh:5c2a297146ed6fb3fe934c800e78380f700f49ff24dbb5fb5463134948e3a65f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7ce41e26f0603e31cdac849085fc99e5cd5b3b73414c6c6d955c0ceb249b593f", + "zh:8c9e8d30c4ef08ee8bcc4294dbf3c2115cd7d9049c6ba21422bd3471d92faf8a", + "zh:93e91be717a7ffbd6410120eb925ebb8658cc8f563de35a8b53804d33c51c8b0", + "zh:982542e921970d727ce10ed64795bf36c4dec77a5db0741d4665230d12250a0d", + "zh:b9d1873f14d6033e216510ef541c891f44d249464f13cc07d3f782d09c7d18de", + "zh:cfe27faa0bc9556391c8803ade135a5856c34a3fe85b9ae3bdd515013c0c87c1", + "zh:e4aabf3184bbb556b89e4b195eab1514c86a2914dd01c23ad9813ec17e863a8a", + ] +} + +provider "registry.terraform.io/hashicorp/time" { + version = "0.11.1" + hashes = [ + "h1:pQGSL9mdgw4qsLndFYsEF93mbsIxyxNoAyIbBqhS3Xo=", + "zh:19a393db736ec4fd024d098d55aefaef07056c37a448ece3b55b3f5f4c2c7e4a", + "zh:227fa1e221de2907f37be78d40c06ca6a6f7b243a1ec33ade014dfaf6d92cd9c", + "zh:29970fecbf4a3ca23bacbb05d6b90cdd33dd379f90059fe39e08289951502d9f", + "zh:65024596f22f10e7dcb5e0e4a75277f275b529daa0bc0daf34ca7901c678ab88", + "zh:694d080cb5e3bf5ef08c7409208d061c135a4f5f4cdc93ea8607860995264b2e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b29d15d13e1b3412e6a4e1627d378dbd102659132f7488f64017dd6b6d5216d3", + "zh:bb79f4cae9f8c17c73998edc54aa16c2130a03227f7f4e71fc6ac87e230575ec", + "zh:ceccf80e95929d97f62dcf1bb3c7c7553d5757b2d9e7d222518722fc934f7ad5", + "zh:f40e638336527490e294d9c938ae55919069e6987e85a80506784ba90348792a", + "zh:f99ef33b1629a3b2278201142a3011a8489e66d92da832a5b99e442204de18fb", + "zh:fded14754ea46fdecc62a52cd970126420d4cd190e598cb61190b4724a727edb", + ] +} + +provider "registry.terraform.io/integrations/github" { + version = "6.2.1" + constraints = "~> 6.0" + hashes = [ + "h1:uDerb9YJo3vAO+wKw+Z064InX5aXom+nKLDry2eGf14=", + "zh:172aa5141c525174f38504a0d2e69d0d16c0a0b941191b7170fe6ae4d7282e30", + "zh:1a098b731fa658c808b591d030cc17cc7dfca1bf001c3c32e596f8c1bf980e9f", + "zh:245d6a1c7e632d8ae4bdd2da2516610c50051e81505cf420a140aa5fa076ea90", + "zh:43c61c230fb4ed26ff1b04b857778e65be3d8f80292759abbe2a9eb3c95f6d97", + "zh:59bb7dd509004921e4322a196be476a2f70471b462802f09d03d6ce96f959860", + "zh:5cb2ab8035d015c0732107c109210243650b6eb115e872091b0f7b98c2763777", + "zh:69d2a6acfcd686f7e859673d1c8a07fc1fc1598a881493f19d0401eb74c0f325", + "zh:77f36d3f46911ace5c50dee892076fddfd64a289999a5099f8d524c0143456d1", + "zh:87df41097dfcde72a1fbe89caca882af257a4763c2e1af669c74dcb8530f9932", + "zh:899dbe621f32d58cb7c6674073a6db8328a9db66eecfb0cc3fc13299fd4e62e7", + "zh:ad2eb7987f02f7dd002076f65a685730705d04435313b5cf44d3a6923629fb29", + "zh:b2145ae7134dba893c7f74ad7dfdc65fdddf6c7b1d0ce7e2f3baa96212322fd8", + "zh:bd6bae3ac5c3f96ad9219d3404aa006ef1480e9041d4c95df1808737e37d911b", + "zh:e89758b20ae59f1b9a6d32c107b17846ddca9634b868cf8f5c927cbb894b1b1f", + ] +} diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 2d583e58..2a50732b 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -9,6 +9,7 @@ "HashiCorp.terraform", "valentjn.vscode-ltex", "ms-python.python", - "4ops.packer" + "4ops.packer", + "pinage404.nix-extension-pack" ] } \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index 86bf7726..2911b64a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -6,6 +6,8 @@ ], "vs-kubernetes.kubeconfig": "/Users/loic/.kube/config" }, + "nix.enableLanguageServer": true, // Enable LSP. + "nix.serverPath": "nil", "ltex.language": "en", "ltex.dictionary": { "en": [ @@ -13,5 +15,9 @@ "precomputed", "subproblem" ] - } -} \ No newline at end of file + }, + "files.associations": { + "*.y*ml.*": "yaml" + }, + "nixEnvSelector.nixFile": "${workspaceFolder}/shell.nix" +} diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..c1413843 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ +SHELL:=/usr/bin/env bash +MAKEFLAGS += --no-builtin-rules --no-builtin-variables + +BUILDER_EXEC:= + +ifeq ($(shell uname -s),Darwin) + BUILDER_EXEC:=NIX_CONF_DIR=$(PWD)/bootstrap nix develop .\#builder --command +endif + +bootstrap: + @$(BUILDER_EXEC) echo "Started build environment" + +build: + @$(BUILDER_EXEC) nix build .#nixosConfigurations.aarch64-darwin.default --system aarch64-linux $(ARGS) + +build-x86: + @$(BUILDER_EXEC) nix build .#nixosConfigurations.x86_64-darwin.default --system x86_64-linux $(ARGS) + +#### Terraform + +TF_ROOT_DIRS := $(wildcard tf-root-*) . +TF_ROOT_DIRS_DESTROY:=$(addsuffix -destroy, $(TF_ROOT_DIRS)) +TF_ROOT_DIRS_INIT:=$(addsuffix -init, $(TF_ROOT_DIRS)) +TF_ROOT_DIRS_FMT:=$(addsuffix -fmt, $(TF_ROOT_DIRS)) +TF_ROOT_DIRS_VALIDATE:=$(addsuffix -validate, $(TF_ROOT_DIRS)) + +init: $(TF_ROOT_DIRS_INIT) + +$(TF_ROOT_DIRS_INIT): + @$(eval DIR:=$(subst -init,,$@)) + terraform -chdir=$(DIR) init -upgrade $(ARGS) + +$(TF_ROOT_DIRS): + @terraform -chdir=$@ apply -compact-warnings -auto-approve $(ARGS) + +$(TF_ROOT_DIRS_DESTROY): + @$(eval DIR:=$(subst -destroy,,$@)) + @terraform -chdir=$(DIR) destroy -auto-approve $(ARGS) + +fmt: $(TF_ROOT_DIRS_FMT) + +$(TF_ROOT_DIRS_FMT): + @$(eval DIR:=$(subst -fmt,,$@)) + terraform -chdir=$(DIR) fmt $(ARGS) + +validate: $(TF_ROOT_DIRS_VALIDATE) + +$(TF_ROOT_DIRS_VALIDATE): + @$(eval DIR:=$(subst -validate,,$@)) + terraform -chdir=$(DIR) validate -no-color $(ARGS) + +.PHONY: fmt validate build build-x86 bootstrap init $(TF_ROOT_DIRS) $(TF_ROOT_DIRS_DESTROY) $(TF_ROOT_DIRS_INIT) diff --git a/README.md b/README.md index 3a38a2a6..d961693e 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,220 @@ - [Documentation](https://loic-roux-404.github.io/k3s-paas/) - [Original tutorial (FR)](https://github.com/esgi-lyon/paas-tutorial/blob/main/docs/index.md) + +Compatibility Matrix : + +| OS | Status | +| --- | --- | +| Darwin | OK | +| Linux | missing builder tooling | + +## New Nix system (beta) + +### Setup (Darwin) + +Nix installation : + +```bash +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install + +echo '. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' >> ~/.config/fish/config.fish +``` + +### Build + +One liner to set up darwin and build the system for aarch64-darwin : + +```bash +nix develop .#builder --extra-experimental-features flakes \ + --extra-experimental-features nix-command \ + --command nix build .#nixosConfigurations.aarch64-darwin.default \ + --system aarch64-linux --refresh +``` + +> For next builds you can discard any `--extra-experimental-features` flags. +> --refresh is optional, it will force a rebuild of the system. + +For native linux simply run : + +```bash +nix build .#nixosConfigurations.aarch64-darwin.default +``` + +> Supported systems are `aarch64-linux`, `x86_64-linux`, `aarch64-darwin` and `x86_64-darwin`. + +On macOS, dnsmasq starts in background, you might need to force a refresh of the dns cache : + +```bash +sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder +``` + +### Uninstall on Darwin: + +> When builder environment not starting (no libvirtd.sock) + +```bash +./result/sw/bin/darwin-uninstaller +``` + +### Terraform local setup + +Bootrap local vm : + +```bash +terraform -chdir=tf-root-libvirt init +terraform -chdir=tf-root-libvirt apply -auto-approve +``` + +Setup k8s modules : + +```bash +terraform init +terraform apply -auto-approve +``` + +## Terraform variables + +### 1. Contabo (VPS) + +**contabo_credentials** : + +```hcl +contabo_credentials = { + oauth2_client_id = "client-id" + oauth2_client_secret = "secret" + oauth2_pass = "password!" + oauth2_user = "mail@mail" +} +``` + +Seek for credentials in [API](https://my.contabo.com/api/details) + +**`contabo_instance` :** + +```bash +cntb config set-credentials --oauth2-clientid id --oauth2-client-secret secret --oauth2-password "contabo-dashboard-pass" +cntb get instances +``` + +### 2. Gandi (domain) + +- **`paas_base_domain`** : Order a domain on [gandi](https://www.gandi.net) +- **`gandi_token`** : Generate a Personal Access Token on [gandi organisation](https://admin.gandi.net/organizations/) + +> **Warn :** Delete `@` record for your domain on [gandi](https://admin.gandi.net/domain/) + +### 3. Tailscale (SSH VPN) + +**`tailscale_api_key`** : Register on tailscale and get key on [admin console](https://login.tailscale.com/admin/settings/keys) +**`tailscale_trusted_device`** : Approve your device on tailscale with **`tailscale login`** and recover its tailscale hostname. + +### 4. Github (Authentication & users) + +**`github_token`** : https://github.com/settings/tokens and create a token with scopes `repo`, `user` and `admin`. +**`github_client_id`** : Create a new OAuth App. +**`github_client_secret`** : On new OAuth App ask for a new client secret. + +### 5. Cert-manager (TLS) + +**`cert_manager_email`** : a valid email to register on letsencrypt. + +## Apply + +Init all terraform providers and modules. + +```bash +make init +``` + +### Cloud (contabo) + +```bash +make tf-root-contabo ARGS=-var-file=$PWD/.prod.tfvars +``` + +### infra (k8s) + +```bash +make . ARGS=-var-file=.prod.tfvars +``` + +## Cheat Sheet + +## Nix + +See derivations of a build : + +```bash +nix derivation show -r '.#nixosConfigurations.aarch64-darwin.default' +``` + +Filter derivations by name : + +```bash +nix derivation show -r '.#nixosConfigurations.aarch64-darwin.default' | jq -r '.[] | select(.name | contains("cert-manager"))' +``` + +Debug flake : + +```bash +nix --extra-experimental-features repl-flake repl '.#' +``` + +Free unused derivations : + +```bash +nix-store --optimise +``` + +Repair nix store : + +```bash +nix-store --verify --check-contents --repair +``` + +### Libvirt + +Undefine pool : + +```bash +virsh -c qemu:///system pool-undefine libvirt-pool-k3s-paas +``` + +Undefine vm to avoid conflicts : + +```bash +virsh -c qemu:///system undefine --nvram vm1 +``` + +Open console : + +```bash +virsh -c qemu:///system console vm1 +``` + +Exit with `Ctrl + +` or `Ctrl + ]` on linux. + +> See [this SO thread](https://superuser.com/questions/637669/how-to-exit-a-virsh-console-connection#:~:text=ctrl%20%2B%20alt%20%2B%206%20(Mac)) if you keep struggling. + +### Openssl + +Generate a sha512crypt password : + +```bash +openssl passwd -salt zizou -6 zizou420! +``` + +### Kubectl + +See all pods : + +```bash +kubectl get po -A +``` + +See any assets : + +```bash +kubectl get all -A +``` diff --git a/bootstrap/nix.conf b/bootstrap/nix.conf new file mode 100644 index 00000000..7aa6e329 --- /dev/null +++ b/bootstrap/nix.conf @@ -0,0 +1 @@ +extra-experimental-features = flakes nix-command diff --git a/charts/microservice/.helmignore b/charts/microservice/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/charts/microservice/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/microservice/Chart.lock b/charts/microservice/Chart.lock deleted file mode 100644 index 5b617379..00000000 --- a/charts/microservice/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 12.1.9 -digest: sha256:3615da30e6713b58d131a8323d888e7eae763d6416acf558bbb7c22841bd65ef -generated: "2023-01-20T12:01:38.489726+01:00" diff --git a/charts/microservice/Chart.yaml b/charts/microservice/Chart.yaml deleted file mode 100644 index 4400d131..00000000 --- a/charts/microservice/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: microservice -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" - -dependencies: - - name: postgresql - version: 12.1.9 - repository: https://charts.bitnami.com/bitnami \ No newline at end of file diff --git a/charts/microservice/templates/NOTES.txt b/charts/microservice/templates/NOTES.txt deleted file mode 100644 index 319f01bd..00000000 --- a/charts/microservice/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "chart.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "chart.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/charts/microservice/templates/_helpers.tpl b/charts/microservice/templates/_helpers.tpl deleted file mode 100644 index 3c0d07ff..00000000 --- a/charts/microservice/templates/_helpers.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "chart.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chart.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "chart.labels" -}} -helm.sh/chart: {{ include "chart.chart" . }} -{{ include "chart.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "chart.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chart.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "chart.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the secrets required for our app as environment var -*/}} -{{- define "helpers.listEnvVariables"}} -{{- range $key, $val := .Values.env.secret }} -- name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $.Values.secret.name }} - key: {{ $key }} -{{- end}} -{{- end }} diff --git a/charts/microservice/templates/deployment.yaml b/charts/microservice/templates/deployment.yaml deleted file mode 100644 index 3af06ce3..00000000 --- a/charts/microservice/templates/deployment.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "chart.fullname" . }} - labels: - {{- include "chart.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "chart.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "chart.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "chart.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- include "helpers.listEnvVariables" . | indent 10 }} - ports: - - name: http - containerPort: {{ .Values.container.port }} - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/microservice/templates/hpa.yaml b/charts/microservice/templates/hpa.yaml deleted file mode 100644 index 548ee03b..00000000 --- a/charts/microservice/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "chart.fullname" . }} - labels: - {{- include "chart.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "chart.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/microservice/templates/ingress.yaml b/charts/microservice/templates/ingress.yaml deleted file mode 100644 index 63c1311c..00000000 --- a/charts/microservice/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "chart.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/microservice/templates/persistence.yaml b/charts/microservice/templates/persistence.yaml deleted file mode 100644 index df3f98b0..00000000 --- a/charts/microservice/templates/persistence.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume # Create a PV -metadata: - name: postgresql-data # Sets PV's name - labels: - type: local # Sets PV's type to local -spec: - storageClassName: manual - capacity: - storage: 10Gi # Sets PV Volume - accessModes: - - ReadWriteOnce - hostPath: - path: "/data/volume" # Sets the volume's path ---- -apiVersion: v1 -kind: PersistentVolumeClaim # Create PVC -metadata: - name: postgresql-data-claim # Sets name of PV -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce # Sets read and write access - resources: - requests: - storage: 2Gi # Sets volume size diff --git a/charts/microservice/templates/secrets.yaml b/charts/microservice/templates/secrets.yaml deleted file mode 100644 index c1113dac..00000000 --- a/charts/microservice/templates/secrets.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secret.name }} -type: Opaque -data: - {{- range $key, $val := .Values.env.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} diff --git a/charts/microservice/templates/service.yaml b/charts/microservice/templates/service.yaml deleted file mode 100644 index dfc5b3a3..00000000 --- a/charts/microservice/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "chart.fullname" . }} - labels: - {{- include "chart.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "chart.selectorLabels" . | nindent 4 }} diff --git a/charts/microservice/templates/serviceaccount.yaml b/charts/microservice/templates/serviceaccount.yaml deleted file mode 100644 index 26a57fa8..00000000 --- a/charts/microservice/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "chart.serviceAccountName" . }} - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/microservice/templates/tests/test-connection.yaml b/charts/microservice/templates/tests/test-connection.yaml deleted file mode 100644 index 8dfed872..00000000 --- a/charts/microservice/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "chart.fullname" . }}-test-connection" - labels: - {{- include "chart.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "chart.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/microservice/values.yaml b/charts/microservice/values.yaml deleted file mode 100644 index 6e8301b9..00000000 --- a/charts/microservice/values.yaml +++ /dev/null @@ -1,106 +0,0 @@ -# Default values for chart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: loicroux/client - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -secret: - name: all-secrets -env: - secret: - PG_USER: ekommerce - PG_CONNECTION: jdbc:postgresql://client-postgresql.default.svc.cluster.local:5432/db - PG_PASSWORD: password - -postgresql: - auth: - password: password - enablePostgresUser: false - database: db - username: ekommerce - volumePermissions: - enabled: true - primary: - persistence: - enabled: true - existingClaim: "postgresql-data-claim" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -container: - port: 8080 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-acme-issuer - hosts: - - host: client.k3s.test - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: client.k3s.test-tls - # hosts: - # - client.k3s.test - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/contabo/.gitignore b/contabo/.gitignore deleted file mode 100644 index 9b8a46e6..00000000 --- a/contabo/.gitignore +++ /dev/null @@ -1,34 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/contabo/.terraform.lock.hcl b/contabo/.terraform.lock.hcl deleted file mode 100644 index 95b3fcc8..00000000 --- a/contabo/.terraform.lock.hcl +++ /dev/null @@ -1,132 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/contabo/contabo" { - version = "0.1.17" - constraints = ">= 0.1.17" - hashes = [ - "h1:fwKCl1tj+tOT0bQHiDJCFyGkhp6NuUvoulBTdtBDr5o=", - "zh:0d429602e71642218e8e1b91a82a667e221c43ede66ac3dd331718db3a4853ee", - "zh:10fce9100cb242ce0da2bf6d1bdf9481b043f3eb3833fadba63292624553e981", - "zh:19bcf3660ac7545103cf999e0066442f9d6350db9654e1496726520cef287246", - "zh:2a6504d2573d4d46efa8e7aa0fe57de95edd9055cfbdfd6318b320e59f7e5cd4", - "zh:35596a777e04633cab65966cbf7c4ebae6ad23049c2fc65688f2d7cd94503e3a", - "zh:6f2789874aea9244f3bc0f1594c735591ca4c297acb643be9a0b4a17b4d6554e", - "zh:75eb75486695f3f740b431a3767a574feafa91aa92b4574048e236858c6ce463", - "zh:7d2ae3c7fc0bfbc39465591134c6631e7e591440ed0c4bb25f576dcca615a33d", - "zh:b5d05f31171788b7b061b47ba7e955787f6b2c6e9e5790b389603cba02589215", - "zh:bfea42645edfc77536cbcd99a44764c4e8b6a2f76347fc2f3258a70f0eb2c40b", - "zh:db1a91021a13e3319e9cb06924b638f973457e12196e8269820abd4e45fad232", - "zh:dd0bacf3ce6e560eb41f51d07f8eab393095cb17f563b5d9f7d8d01bffe0f9d2", - "zh:e00eb2c5f6edaa78b17a9f0468dcd6bdea507a2e3a013586c48f2237ddae8995", - "zh:ea3518b23027a8c10f7849025e1a14ef664ab2cfa3caf66c14b24f4496da4e0d", - "zh:faa825eaed93cbb00e18c97019e6cb6d78d5ce4793d9f92d743d9e094160dc51", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.4.3" - hashes = [ - "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=", - "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", - "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", - "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", - "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", - "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", - "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", - "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", - "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", - "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", - "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", - ] -} - -provider "registry.terraform.io/hashicorp/time" { - version = "0.9.1" - constraints = "0.9.1" - hashes = [ - "h1:VxyoYYOCaJGDmLz4TruZQTSfQhvwEcMxvcKclWdnpbs=", - "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", - "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", - "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", - "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", - "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", - "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", - "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", - "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", - "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", - "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", - ] -} - -provider "registry.terraform.io/integrations/github" { - version = "5.21.1" - constraints = "~> 5.0" - hashes = [ - "h1:e0BrGh3T4gimkqgROHyWdOzFRAKRT3U0SUt7vwN9Iac=", - "zh:4a55c2257b108faaded434bbc4491c5efc39dc41e6514d7050e15e39ee1f2ac9", - "zh:765b7b99d9c7522aede4e200166331f3c8093505ba3330309f2fe93d2a4a7f71", - "zh:80fb20f2e83f9eb786e85971a91e3a5ca141a9d68deac6b786c1860ce9b482a8", - "zh:868abaa9ca998e24d84af85a1e3722901d7c274dbf88a53847964450a6931b73", - "zh:8e9254a1508d0afc27510ec6a43d215a600dc7a870cf541803f5298dc32a6c07", - "zh:9249f58e07c8a2b725272c444b2ff70f4e6e0ba59a95433840adde1295246ce0", - "zh:9613d3bc76f64a54d85ba2feb0fc1feac0205437864ce1ff47d38772a9bb9285", - "zh:a153f986cd88ec2ab43c6dae1efb82f66d8277b597619e7ab6b6d1494ea676de", - "zh:a5b37268078be1739915cca7afff017de8543191527cc995ccf33e324b92fad9", - "zh:aca22cd1d5f2c5e6692c0c3392312b160ec70a7087f7075fccb7c3e0996448a2", - "zh:b15a4ce4760f18d6aa03c17fa1049c3ba797ae437452f6277251ac47ba791b60", - "zh:b8b3b0b885e89b449779bf73bfd6dbc53103b9d8eaac13bad2b95b8a035f5100", - "zh:dc11d7ee4bff6990c81216e96de2b9de43ab8b6a8d82532888f587fb6080720f", - "zh:fb8afed924acdd8d9bb773d518a30857b59ca260a94ac8107c03b23afb1ef3e7", - ] -} - -provider "registry.terraform.io/lexfrei/namedotcom" { - version = "1.2.0" - constraints = "1.2.0" - hashes = [ - "h1:q8qEHCrBXxH+aExaiKGiRHSMMyCwuO2AqTPRj18+x5A=", - "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d", - "zh:1397aedab6d34041543b9cbf09ceccd4d792581805c73520e180bcb98a638282", - "zh:161d4cae0a53820da274cb17e2f82ec19b5b620b2a7e33022ff872c325245716", - "zh:200330d4a418a0198b84a8d18aba1df250469748fea39517dfa489d43f8648a9", - "zh:2bb98c73191bfb6a24ad779d7e7da387ef55430f1584d68a38e91856d30ce0b9", - "zh:31700fbf56dab71c13aee5d74bee53033e9a227767404913482910b4bfa320f7", - "zh:3278a4cb1d8b3a34724c49653c1d63a8c76a4b8e0af730cc4fdc7f5d56a1138a", - "zh:441e1f4fb16735a1abebabdec962657ee8b208a40122b173151507641394d623", - "zh:7300395a67eb871ada30896ff69716959a9ee2c7f12523d52a1dbd8157c99855", - "zh:8cdd220918b1d91bcd1940c22879e099c4a8eb363b9c04e09d1cdf025e412dbf", - "zh:a965a107a3684ec64661521b69274d4f8b7a8ff295df58e2ace21ccfa27523d6", - "zh:b2332a1dde48b8b8e7aa8c24de4880b8ee78c61254a79d0bc9599ddf38821923", - "zh:b874fb56950760b3f2e9ba314d1cc62fb927db6caf951aac09bba00feb0ed853", - "zh:c35d1b82e1002367a75af723a0b23ece7d3a9fc4585de37dd53794903482c577", - "zh:e27d030842d9a860dcc384565ca58876f11ad928cd02b10b9f08c6303c42e387", - ] -} - -provider "registry.terraform.io/loic-roux-404/contabo" { - version = "0.1.17-alpha" - constraints = "0.1.17-alpha" - hashes = [ - "h1:7AqLARj1bkDuuj5xTcxnxYDH2J44g7ihLoNGRjiLuO4=", - "zh:02dc2c8fe99588f901d4fb0864b6b78e84a47c1d2083c6641cf84df1b49e34c3", - "zh:19bcf3660ac7545103cf999e0066442f9d6350db9654e1496726520cef287246", - "zh:29e1a6beae23419a7b412523041a2fbf71b521dd9e6c6edee4df3833f146873d", - "zh:429bc7bf9d8b9532340a377839483101a5895731835c925ed2f45e3aca6f2c3f", - "zh:4e015b2a83b6439fc22f9e69ec99f610b9a77e10d00a1d1fbd0aa4a17a06c95b", - "zh:4ee9e4f51fcdd014186913b07cae04cee5bb9f709d1d9815912126354a3f6bc9", - "zh:5599fb5d2fa98e95db91918198ad5d3a3210ec7d5a853a92702cbbf0f86a5ec2", - "zh:7a62df5ba199f3f42304bbbfb6b0d49138d42255d2fd964326f86803f0d5ea7b", - "zh:8500db4e5d8f8bc742cb31f41776f70548396eff1683a6f088a3e5d6c2afaa6c", - "zh:8b4521b3b6383472c23465b7b5499dbbce1d3299c5a7bd49daf19da98d71ce37", - "zh:8f170c725d0f942edbacf346b01e74e04d6cdc4231da2aaeee42a121c496f906", - "zh:9439073578e2649400fdc6924adb78d70377c4ef4d1964ed038679114a2a07f8", - "zh:bd9c5c8fda0036463950d96a2f0e425eb6d21c7cb5468dd16b1f90b349a03524", - "zh:c59a1637a48312247d3d0d79c54cbf49796ddc52b7956f5cbd0ea15b6e411fc5", - "zh:fc93f9ebf42df5a49725761231086cc242b47f5f2cc7ae9aabbb372889e6adf9", - ] -} diff --git a/contabo/Makefile b/contabo/Makefile deleted file mode 100644 index faa6bbe1..00000000 --- a/contabo/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -VAR_FILE?=prod.tfvars -SHELL:=/bin/bash - -read_tfvar=$(shell grep $1 prod.tfvars | cut -d'=' -f2 | tr -d ' ' | tr -d \") - -CLIENT_ID:=$(call read_tfvar,oauth2_client_id) -CLIENT_SECRET:=$(call read_tfvar,oauth2_client_secret) -API_USER:=$(call read_tfvar,oauth2_user) -API_PASSWORD:=$(call read_tfvar,oauth2_pass) -INSTANCE_ID:=$(call read_tfvar,contabo_instance) - -TAILSCALE_KEY:=$(call read_tfvar,tailscale_key) - -.DEFAULT_GOAL := help - -help: - @echo "Contabo tf simple helpers" - @echo "Apply infra on $(INSTANCE_ID) :" - @echo " make apply" - @echo "Debug contabo with cli :" - @echo " make setup_cntb" - @echo "Setup ssh" - @echo " make setup_ssh" - -setup_cntb: - cntb config set-credentials --oauth2-clientid="$(CLIENT_ID)" \ - --oauth2-client-secret="$(CLIENT_SECRET)" --oauth2-user="$(API_USER)" \ - --oauth2-password="$(API_PASSWORD)" - -# Run it if starting from empty infra -apply: - terraform apply -var-file=$(VAR_FILE) -auto-approve - -setup_ssh: - sudo tailscale up --authkey=$(TAILSCALE_KEY) --ssh diff --git a/contabo/data.tf b/contabo/data.tf deleted file mode 100644 index 16f28bb1..00000000 --- a/contabo/data.tf +++ /dev/null @@ -1,20 +0,0 @@ -data "github_organization" "org" { - name = var.github_organization -} - -data "github_membership" "all" { - for_each = toset(data.github_organization.org.members) - username = each.value -} - -data "github_membership" "all_admin" { - for_each = { - for _, member in data.github_membership.all : - _ => member if member.role == "admin" - } - username = each.value.username -} - -data "contabo_instance" "paas_instance" { - id = var.contabo_instance -} diff --git a/contabo/exemple.tfvars.dist b/contabo/exemple.tfvars.dist deleted file mode 100644 index 02dfa971..00000000 --- a/contabo/exemple.tfvars.dist +++ /dev/null @@ -1,37 +0,0 @@ -github_organization = "github-team" -github_team = "ops-team" -domain = "paas-esgi-tutorial.live" -# https://www.name.com/account/login -namedotcom_username = "username" -namedotcom_token = "aaaaaaaaaaaaaaaaaaaaaaaaaaaa" -# https://github.com/settings/tokens -github_token = "ghp_aaaaaaaaaaaaaaaaaaxxxxxxxxxxxx" - -# https://login.tailscale.com/admin/settings/keys -tailscale_key = "" - -# https://api.contabo.com/#section/Authentication -contabo_credentials = { - oauth2_client_id = "INT-XXXXX" - oauth2_client_secret = "XXXXXXX-xXXX-XXXX-XXX-XXXXXXXXX" - oauth2_user = "toto@example.com" - oauth2_pass = "password" -} - -# Recovered by CLI -contabo_instance = "XXXXXXXXX" - -ssh_connection = { - password = "badsecret" - password_hash = "$6$salt$FT3avWz0MRNdyK7UcXl8hjbKH/mYmhoIWiqFFUfr4o0fJXJbE3r5fW0vFtZsmbzjyyfvIWbykiHAyx1IiUHrl0" - private_key = "~/.ssh/id_rsa" - public_key = "~/.ssh/id_rsa.pub" - user = "admin" -} - -# https://github.com/organizations/my-organization/settings/applications -secrets = { - dex_github_client_id = "dex-github-oauth2-app-client-id" - dex_github_client_secret = "dex-github-oauth2-app-client-secret" - cert_manager_email = "paas-esgi-tutorial.live4@example.com" -} diff --git a/contabo/main.tf b/contabo/main.tf deleted file mode 100644 index 27f9f69f..00000000 --- a/contabo/main.tf +++ /dev/null @@ -1,135 +0,0 @@ -############ -# Accounts -############ -resource "github_team" "opsteam" { - name = var.github_team - description = "This is the production team" - privacy = "closed" -} - -resource "github_team_membership" "opsteam_members" { - for_each = data.github_membership.all_admin - team_id = github_team.opsteam.id - username = each.value.username - role = "maintainer" -} - -############ -# Security -############ - -# Dex oidc client -resource "random_password" "dex_client_id" { - length = 16 - special = false -} - -resource "random_password" "dex_client_secret" { - length = 24 - special = false -} - -resource "random_password" "cert_manager_private_key_secret" { - length = 12 - special = false -} - -locals { - ssh_connection = merge(var.ssh_connection, { - public_key = trimspace(file(pathexpand(var.ssh_connection.public_key))) - private_key = trimspace(file(pathexpand(var.ssh_connection.private_key))) - }) - ansible_vars = merge( - var.ansible_secrets, - { - dex_client_id = random_password.dex_client_id.result - dex_client_secret = random_password.dex_client_secret.result - waypoint_base_domain = var.domain - dex_github_client_org = data.github_organization.org.orgname - dex_github_client_team = github_team.opsteam.name - cert_manager_private_key_secret = random_password.cert_manager_private_key_secret.result - cert_manager_letsencrypt_env = var.cert_manager_letsencrypt_env - } - ) -} - -# Store secrets to recover them later -resource "contabo_secret" "paas_instance_ssh_key" { - name = "paas_instance_ssh_key" - type = "ssh" - value = local.ssh_connection.public_key -} - -resource "contabo_secret" "paas_instance_password" { - name = "paas_instance_password" - type = "password" - value = local.ssh_connection.password -} - -############ -# Vm -############ - -locals { - iso_version_file = "ubuntu-${var.ubuntu_release_info.name}-${var.ubuntu_release_info.version}.${var.ubuntu_release_info.format}" - image_url = "${var.ubuntu_release_info.url}/${var.ubuntu_release_info.iso_version_tag}/${local.iso_version_file}" -} - -resource "contabo_image" "paas_instance_qcow2" { - name = var.ubuntu_release_info.name - image_url = local.image_url - os_type = "Linux" - version = var.ubuntu_release_info.iso_version_tag - description = "generated PaaS vm image with packer" -} - -resource "namedotcom_record" "dns_zone" { - for_each = toset(["", "*"]) - domain_name = var.domain - host = each.key - record_type = "A" - answer = data.contabo_instance.paas_instance.ip_config[0].v4[0].ip -} - -resource "contabo_instance" "paas_instance" { - existing_instance_id = var.contabo_instance - - depends_on = [ - github_team_membership.opsteam_members - ] - - display_name = "ubuntu-k3s-paas" - image_id = contabo_image.paas_instance_qcow2.id - ssh_keys = [contabo_secret.paas_instance_ssh_key.id] - user_data = sensitive(templatefile( - "${path.root}/user-data.yaml.tmpl", - { - tailscale_key = var.tailscale_key - ubuntu_release_info = var.ubuntu_release_info - ssh_connection = local.ssh_connection - ansible_vars = [ - for k, v in local.ansible_vars : "${k}=${v}" - ] - } - )) -} - -resource "terraform_data" "paas_instance_wait_bootstrap" { - triggers_replace = [ - contabo_instance.paas_instance.id - ] - - connection { - type = "ssh" - user = local.ssh_connection.user - private_key = local.ssh_connection.private_key - host = contabo_instance.paas_instance.ip_config[0].v4[0].ip - } - - provisioner "remote-exec" { - on_failure = fail - inline = [ - "sudo cloud-init status --wait && sudo cloud-init clean" - ] - } -} diff --git a/contabo/terraform.tf b/contabo/terraform.tf deleted file mode 100644 index 49dad480..00000000 --- a/contabo/terraform.tf +++ /dev/null @@ -1,40 +0,0 @@ -terraform { - - required_version = ">=1.4" - - required_providers { - contabo = { - source = "loic-roux-404/contabo" - version = "0.1.17-alpha" - } - github = { - source = "integrations/github" - version = "~> 5.0" - } - namedotcom = { - source = "lexfrei/namedotcom" - version = "1.2.0" - } - time = { - source = "hashicorp/time" - version = "0.9.1" - } - } -} - -provider "github" { - token = var.github_token - owner = var.github_organization -} - -provider "namedotcom" { - token = var.namedotcom_token - username = var.namedotcom_username -} - -provider "contabo" { - oauth2_client_id = var.contabo_credentials.oauth2_client_id - oauth2_client_secret = var.contabo_credentials.oauth2_client_secret - oauth2_user = var.contabo_credentials.oauth2_user - oauth2_pass = var.contabo_credentials.oauth2_pass -} diff --git a/contabo/user-data.yaml.tmpl b/contabo/user-data.yaml.tmpl deleted file mode 100644 index c4ba0f2e..00000000 --- a/contabo/user-data.yaml.tmpl +++ /dev/null @@ -1,44 +0,0 @@ -#cloud-config - -system_info: - default_user: - name: ${ssh_connection.user} - -ssh_deletekeys: false -disable_root: 1 -ssh_pwauth: 0 - -users: - - name: ${ssh_connection.user} - passwd: "${ssh_connection.password_hash}" - groups: [adm, cdrom, dip, plugdev, sudo] - lock-passwd: false - sudo: ALL=(ALL) NOPASSWD:ALL - shell: /bin/bash - ssh_authorized_keys: - - '${trim(jsonencode(ssh_connection.public_key), "\"")}' - -apt: - sources: - tailscale.list: - source: deb https://pkgs.tailscale.com/stable/ubuntu ${ubuntu_release_info.name} main - keyid: 2596A99EAAB33821893C0A79458CA832957F5868 - -package_update: true -packages: - - tailscale - -runcmd: - - [echo, "${ubuntu_release_info.iso_version_tag}"] - - [tailscale, up, -authkey, '${tailscale_key}'] - -ansible: - install_method: pip - package_name: ansible - setup_controller: - run_ansible: - - playbook_dir: /playbook - inventory: /playbook/inventories/contabo/hosts - playbook_name: site.yaml - extra_vars: ${join(" ", ansible_vars)} -o 'IdentitiesOnly=yes' - connection: local diff --git a/contabo/variables.tf b/contabo/variables.tf deleted file mode 100644 index abb499a7..00000000 --- a/contabo/variables.tf +++ /dev/null @@ -1,98 +0,0 @@ - -variable "github_organization" { - type = string -} - -variable "github_team" { - type = string -} - -variable "github_token" { - type = string - sensitive = true -} - -variable "cert_manager_letsencrypt_env" { - type = string - default = "prod" -} - -variable "domain" { - type = string -} - -variable "domain_ttl" { - type = number - default = 3000 -} - -variable "namedotcom_token" { - type = string - sensitive = true -} - -variable "namedotcom_username" { - type = string - sensitive = true -} - -variable "tailscale_key" { - type = string - sensitive = true -} - -variable "contabo_instance" { - type = string -} - -variable "contabo_credentials" { - type = object({ - oauth2_client_id = string - oauth2_client_secret = string - oauth2_user = string - oauth2_pass = string - }) - sensitive = true -} - -variable "ssh_connection" { - type = object({ - user = string - password = string - password_hash = string - public_key = string - private_key = string - }) - default = { - password = "badSecret12!" - password_hash = "$6$zizou$5kLDHHKr97WNOkvnTzpnqIQ/z.n.rJmV0YFdUiy1cwxxdz/wIgnI8Rd7lnO8Ry6t01KT3OLMhrFgOZiR7cMLb1" - private_key = "~/.ssh/id_rsa" - public_key = "~/.ssh/id_rsa.pub" - user = "admin" - } - sensitive = true -} - -variable "ansible_secrets" { - type = map(string) - description = "Define ansible secrets" - default = {} - sensitive = true -} - -variable "ubuntu_release_info" { - type = object({ - name = string - version = string - iso_version_tag = string - url = string - format = string - }) - default = { - name = "jammy" - version = "22.04.2" - iso_version_tag = "ubuntu-jammy-204f221" - url = "https://github.com:443/loic-roux-404/k3s-paas/releases/download" - format = "qcow2" - } -} diff --git a/default.nix b/default.nix new file mode 100644 index 00000000..8447762c --- /dev/null +++ b/default.nix @@ -0,0 +1,10 @@ +# See https://nixos.wiki/wiki/Flakes#Using_flakes_project_from_a_legacy_Nix +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; } +) { + src = ./.; +}).defaultNix diff --git a/docs/1-install.md b/docs/1-install.md index b2fed05e..d2789c2c 100644 --- a/docs/1-install.md +++ b/docs/1-install.md @@ -13,13 +13,10 @@ The optics of this tooling will follow : For this we will use a technical base composed of : - [`k3s`](https://k3s.io/) tool which simplifies the installation of kubernetes on ARM machines while remaining compatible with classic X64 architectures. It provides by default pods (containers in execution) to include features often sought on this type of edge computing configuration (reverse proxy, DNS configuration ...) -- [Packer](https://www.packer.io/) to create iso images of linux machines -- [Ansible](https://www.ansible.com/) to provision this image +- [Nix Os](https://nixos.org/manual/nixpkgs/stable/) to create iso images of linux machines - [Terraform](https://www.terraform.io/) to control azure in an IaC way and to trigger all the PaaS implementation on it. -Translated with www.DeepL.com/Translator (free version) - -## Docker installation +## Usefull links Docker architecture : @@ -31,96 +28,13 @@ K3s Architecture : > Note : Here we are only using single node mode -## Rancher as docker desktop replacement - -[**Rancher**](https://rancherdesktop.io/) Download 1.6.2 (macOS) from [github release](https://github.com/rancher-sandbox/rancher-desktop/releases/tag/v1.6.2) - -At first start configure rancher as follow : -- **Disable kubernetes** -- **dockerd** as engine - -Check command `docker` is available. If not add `~/.rd/bin` to `PATH` : - -```bash -echo 'export PATH="$PATH:$HOME/.rd/bin"' >> ~/.zshrc -``` - ## Installation de vscode - [Avec installer toutes plateformes](https://code.visualstudio.com/download) - Homebrew sur mac `brew install --cask visual-studio-code` - [Avec snap pour linux](https://snapcraft.io/code) sur linux -## Python environment - -**Everything here is done with a `bash` or `zsh shell`** - -**Conda** : [docs.conda.io](https://docs.conda.io/en/latest/miniconda.html). Run `.pkg` for mac. - -> utilisez la ligne de commande ci-dessous pour l'installer -```bash -wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -P /tmp -chmod +x /tmp/Miniconda3-latest-Linux-x86_64.sh -/tmp/Miniconda3-latest-Linux-x86_64.sh -p $HOME/miniconda -``` - -> Pour arm : -```bash -wget https://repo.anaconda.com/miniconda/Miniconda3-py39_4.12.0-Linux-aarch64.sh -P /tmp -chmod +x /tmp/Miniconda3-py39_4.12.0-Linux-aarch64.sh -/tmp/Miniconda3-py39_4.12.0-Linux-aarch64.sh -p $HOME/miniconda -``` - -Consent to agreements and licences in next prompts. - -Then run `conda init zsh` (or `bash` if you prefer) - -**Relancer votre shell pour appliquer** (commande `exec $SHELL`) - -## Ansible playbook - -Setup vault password in a file : - -```bash -echo 'pass' > ~/.ansible/.vault -``` - -Then install requirements : - -```bash -cd playbook -pip install -r requirements-test.txt -ansible-galaxy install -r requirements.yml -pip install -r requirements.txt -cd - -``` - -### Test waypoint role with molecule : - - -Setup mac os networking with rancher : - -```bash -cd playbook/roles/waypoint -./scripts/setup_macos.sh -``` - -Recover ip subnet if needed (ex: 172.29.0.20) and edit `metallb_ip_range` accordingly : -```bash -docker network inspect k3snet | jq -r '.[0].IPAM.Config[0].Subnet' | awk -F. '{print $1"."$2}' -``` - -Setup dnsmasq to wildcard domain to localhost : - -```bash -cd playbook/roles/waypoint -./molecule/default/scripts/setup_dnsmasq.sh -``` - -```bash -molecule test --destroy never -``` To open UI with https add pebble certificate to your truststore : @@ -155,74 +69,34 @@ waypoint context create \ ``` -### Debug on rancher vm with a better network +## Libvirt Stack -```bash -rdctl shell -``` +> Define your vars and secrets in a `prod.tfvars` file before. Consult the file to see where to get/generate them. ```bash -wget https://releases.hashicorp.com/waypoint/0.11.0/waypoint_0.11.0_linux_arm64.zip -O /tmp/waypoint.zip -sudo unzip /tmp/waypoint.zip -d /usr/local/bin/ -rm /tmp/waypoint.zip -sudo chmod +x /usr/local/bin/waypoint -``` - -## Packer image +terraform -chdir=libvirt apply -auto-approve -> In folder `packer/` - -```bash -PACKER_LOG=0 PACKER_LOG_PATH=ubuntu-jammy.log packer build -var-file "$(uname -ms | tr " " "-")-host.hcl" -var-file=secrets.pkrvars.hcl ubuntu.pkr.hcl ``` -> use `PACKER_LOG=1` for debug and `-on-error=ask` - -**Simplified usage with makefile** : +## Contabo Stack ```bash -make ubuntu-debug +terraform -chdir=contabo apply -auto-approve ``` -> In debug mode you could need to do `ssh-keygen -f ~/.ssh/known_hosts -R [127.0.0.1]:2225` to delete old ssh trusted key for host - -or for release : - -```bash -make ubuntu -``` - -Release image manually : - -```bash -git tag "ubuntu-jammy-$(git rev-parse --short HEAD)" -git push --tags -``` +For contabo cli usage from your tfvar file : `make setup_cntb` -Open release from tag on [this link](https://github.com/loic-roux-404/k3s-paas/releases/new) -## Terraform +## Then apply k3s stack -> Define your vars and secrets in a `prod.tfvars` file before. Consult the file to see where to get/generate them. +> Adapt url to your stack between libvirt and contabo ```bash -terraform apply -auto-approve -var-file=prod.tfvars - +terraform apply -auto-approve -var k3s_host=k3s.test ``` -For contabo cli usage from your tfvar file : `make setup_cntb` - ## Secure ssh connections -Mac os : - -```bash -brew install tailscale -sudo brew services start tailscale -``` - -Then : `tailscale login` - ### Connect to instance : Setup with `make setup_ssh` diff --git a/docs/2-help.md b/docs/2-help.md index 2da39b9b..55bb67a5 100644 --- a/docs/2-help.md +++ b/docs/2-help.md @@ -12,7 +12,7 @@ Also you can use a global flush cache if it still doesn't work: - [for google dns](https://developers.google.com/speed/public-dns/cache?hl=fr) - [for cloudflare dns](https://1.1.1.1/purge-cache/) -> For real world testing, it's best to use different `dex_hostname` and `waypoint_hostname` entries that you don't use for one environment (staging or production). +> For real world testing, it's best to use different `dex_hostname` and `paas_hostname` entries that you don't use for one environment (staging or production). ### Kubernetes on Vscode @@ -55,4 +55,4 @@ And there you have access to an interface to control your cluster directly from - [coredns wildcard](https://mac-blog.org.ua/kubernetes-coredns-wildcard-ingress/) -Translated with www.DeepL.com/Translator (free version) \ No newline at end of file +Translated with www.DeepL.com/Translator (free version) diff --git a/docs/images/archi.jpg b/docs/images/archi.jpg index b7c9fb6e80008e9cc3eddf1928d7582937a61783..0080362d5c4f89555e3afc37d849051931f23708 100644 GIT binary patch literal 206870 zcmeFZ2VB!lmoOS19~+2@h=rz7B{We2hWaRkDqtWXbd(~H5K2M~Add|xCI}Kxgdm+H zgh)vu-9`}v1d`A}I)siiLGj|2`@XyTzWeRB_x|qg-QRce%ReV)X3m^B)6Sfk`Ty+s z`2}#y)X>BbuxAeduxIxJ_&NI91rvRJmm5}=h9=h`{}AxoX}~W0b_@VO`vzjHjIN!t zwX;9>i}ufO%MI)Q&-mZ?-Q~N^{ly&s=u-L{;r}brA$Jd~+is+#-ESafH}hR#-FNX5 zp8tr4{=!}V5r6y($H1)gcjLU=#V>gN74G_1cu1gs;BK6zU-8}iF~9JEU0fUO6Z9*u zU+_!f!ydkH>)l`5-LDt`3$Owh0j}-h|F6Pd^y!xk09;uE0QNrl3(fU80Kj?(0G#go z3r+eZ0C4mH0KjbbzlFK=55oMu`~2=NK2Koy|=vmc-j*!$Zr`1Rbo3%~FG{TCeE zzklEULkIcz4jnvni0|;x!+iWl_zxWt5EM9a^w=@MV|<5?3mrcuw2L46#bnQ~lzV?a zxSQ}8{~`We>i;JEd;<_XxbN8k#l3qZ0lx|E*(EPi01Bdqg zzW291e7oVH#{j=_-t*gmgNKgpKXd>f3fS}8-rx7_KX6d+xX}4SCr(SM+I9)cU-e2! z&1avKx^%?^dMl>k)MYjBwE#>|@ZExvGRC-uRY+p_+cVPYuGqk6W`~Tdv2|$n2N3+; z!>rPG@AV-tx1`PyxeGQ3_xpJUMjj8I?&f^rS8w~5@QW(=Z>fEN!+ZDa7HO{_Ko7us z_Ak@?pMU>-G@u8>QIM~< z@M#N8ipqZ)jI}WeKo^(xIyg4Vzr{P1 z3Osf84$QZGZaSca%qxu=ixq>G`ELTl&wX}~ zak7!gaG6Wxb0j=EkN%yrQsbVO5@L{UB4WxdaZyOks!?`((XJh_GF{&#)o+dcPJO39 zY|Pgv@(^|WMoU&O8@+tBL*`PBHO;AW%AlkmlhYE)Tevvic5CxaD*7zy_4@e?E%|yh z?zvZCR+C)pd9=AS)lN%-JdJ|VNA#q?zs0ki#(Byl=u8_woCTx|BH2MjLCOcrpIYkz zFL;mR6iWx78A&I96FAjhQ$d}PC1s=|87YN6BP?!IB(R1qUGY}*Y@+VeYasQ`w*bXd?+U}IWkti%?1-yLSA!drh2_nxO`L?re3Cnj zA4gdpl5!+WFCq(+kSnpY1&L!ynBvX`)a0QuEk>8Q_XRtbfNJi9+UipU5%zNGTho%F z_Gr1B4%z9Ec|R93YifZV*PEMq>xIxj{k9os(g{}ZQ9*`W?Ko)MjS|Q4yHJ?NZ}hwBrqWn!BIxw|?>w930m@ty(Pat_-z&`)pPeBcV9uceVv&`D z@?}@ZXA*3^pADZaE-pk;;y!xY%)qh>RK2%ITXAerEf% znd?y0-Gng>FIR=@Js<#6K75#~K*#|pak0&-{@p;+Ug=@C7nVKTJm;b5lIzx2a>=z8 zlh_l2n?C_w3ApbEAK&w{3<>K%yA4Fg%?K^=9C=I4%|)G40!Q@Bu38YgU@dZ388?Ua z=Pi9h9aZJ?(pnlzF^OY0nlcA#>ntja<{paF}4|&^ZuL&QC&`~Rj zXT-*~405L!U?lm~>e-+W^bKy&#vefk%!LlLyrO7oB?r!gn2x`Ows9*uSur_=fx+d| zg>kEs&YIOjKcK8W`;bkG4ORQ;w6c2lR|bvCLtI@#qGM(?rQs)ld^9uM+;@m2mE+Ks zJ6lj@3&pY+!yzoWVZDjSjmF^0n_*>D(kOQc3rqEF<^h z)LXY)_g9^b!_$jKjL=o)h3>l7TiSxX!Dn^byyw|04mn0iW|XFF~XxPZ!g zR5rJDcAZ-nO?6}sy#ThYVRb$`+Kf@{!_>93)wQgZy3eefE-rIF(E>T1_YUG3bnTlk zE(I*y4#BKYa?cbD46Tb+Yja!02#uwReIp1joMGX|nu(`+=t~AeeB|Y!=3*_zT!b0*A5V(in`zSCGJ<$`an(zhG%MB{jkaJM2 z#wF3pNtf0GgOf~dtXGt%QWcFU znP2eCSy5>7$IQLfuU2!y;LaNw$p+5WKZca|vCMBZT@+B|h+EL#GWbj@W|z!prCF<- zS8Pd;`&|Bv?NcH_59HXb@Z#*X93q$v^{k@wog4|In}8JT=eHUk@*-P(*tK9^52b~H znt(D^$TjLvLs1btd{|P!P7-KX1I$`RKlR_Hw6apE>ert_s5U*sU=e-}>G~we-cjP@ zdnp^QGhH1vW&Sf_PjV2+BVh|;w-JkGc4ak?){C^#d0)CN>n4bbu5vE6lRoKnn}Vzm z7rrd(x*ppi{=Q>~kP4IpQx*?+gN|LTQ|g17E7(DmoT9x(F-sdI=U=2sMqJ47S^Nn| z&wSjy9on)+59?u~>1WpGRd9&dUKOI+MYoi)>4jX~e z_(HB~JbZ{!PVlfNN0o3#tY^M+%AZH(k4T!yP>{CUCW#VwKQA^?g};+CQ4B!>MN&^K z-QyATW6X-J=MPBbb=a6lrOJEkq}fjw_DYtl5m-{kA+goKx~w+C9LK_`Z2605ioqvl zW=-&|Z~Iy#gFJ$Q-jOQlkGdV@;ZK{0LQ+t0l5Nk1R&;?f!asA5qZi?oHzeULBVl6W zaWuC@JZH}a@Jpk`&{oe(${BBXEs3*|%{bEtq+1Av{h_M85%$`-z(>-&i6=Wa|6Cv~ zf4%vTD*wX~nY)V~F76*~g7R0h3#{ZkzJWK*6Y1MMzIT!N2Xfh!SFz2M%P%hT=8G5z zNf^xq*d%|3ud$OB-Vsw;gf|2^E)Zu%ZplY^yPlmu{siEzkk^7QOfIFO1CmO_*dG>s z4PcuNel(cNBn+~1^Rl)c&Yq0!E<)&QoMKY&pu%=Lt&*0%{ zabO`ArW#vtjtRPh*N1%3=EWgSwdn3Y6hPK84f0a7rm3JEeu!|5#AB?hNuFEUH(|O3 z6kZJuHNY^Y2UH>oNeC^ikVBkxM6ksj2{0>jf9nEs&LyJ17Q^W3Hu}@|OBfR#5O3;glRwrTmLqy;BdnV7@)@NTo;_Spc&yt=ThYj8uFG-O=*? zX$4ML3j|x31SuDxZunns8^e{mf-?vkP6W7;z-ZdAi?9KcmyAt&#Rd`JvD1?}nojRl z8s*-+{N)As9{>k7$<6+ChjubS%_AmWEVz^J@pV}FjoR#xRcfW18@$a~P#Ez5vS2WN zD13(>ANv!qeR#_}bgQ>~H5|FM?^p4^%)F3)+B+!UgGQSdyIO z^#lmgKaSuGH4h6}dg@cz>R#@`3raiV?U$&FGqmoVop>(kzWA^`MfPnsUvOfLptK=1 zQP7?MfjDJ2ROlSb>hRV$GPgs>v2=|CXX0}2AyXJk>OHLyq+E+r ze{#rQI(o0UA4-&svtDBckxfBW2-+zmwV58TIG8E%V0vbHL{KwSL$+W#IC)kUkmgkQ z+C#YOwCjgg{XO)256ur8A2XpWn@SlJ9I6Sw0)efDoNmkT9rjBrOCM7EY8iAqZ8@ZI z-nVL?O4B>1AU_}VteaYph)*C>r371zfGi?p#D4rbU)ei&X`jMe3K*0ke_SNQj?7gWOXfvm>#kgFtq<_P){^l1?TP2>5!k;v1{gzvNb!qyWvW3k#=B< z1_XiX&(?$>6yUs}(1j7fqh=5$iX~9za=Ur;y~X*gI?Lm4X7fDIkRWR}*ob{2+jyr{ zSSvNBAbG+0`nDp6ruMdc#mTlA8*YB&tgvEG?HuiziMisXfZj^E%cO2Px$uLhRgGf| z8xA{9oAm2847!Xulc75tls%@OYGr~Z=bPR}*v)2|FFa6;c%o})ICHv?691V}jb+EA z-|dhLVkaDE>j-jDC~7VJAz85DIw6O0(W#uU`=gHqTq#b{4707rRJCC%p>57x-04}Td>13nP4#u1y0n>zB!|1@=ko zv$NpY$Ad&C^4%X}6Bpn~8tQONg&_P#q-ibDdf@i6n;kRZfwxk0FLHZ?PMi5X{#5tv za{YIQSM#`S7jDE*ZEf8nD(UOtZlxZt{R8gVxtzgk`Q?a#XQdteSp{ju#kVo!?w&V| z6-97}L3ko<_vsA1(KtG++`FKu64~t&Wp%D%?8?{Y`>DmgP#%~K}q1US}(!{&@Y zq0lScThLb-1=IO%M2*AM@i_Z%JDk%KuBhJ7;U2;=<+W7%=DEJV{ERlAS4fQQ0~glgC>3z>yQMSAIyoZV zalG4>MK)rndd&A`5oGvaVeZ3niIUi)gVA`1sVAG#F2;aNGeefL732)HymURu0B<&__CEq4h-J4W7=BQ zoOIwamWK?!IS4s6GC}TiL``9$s*~gf-SQyi?i1^qCnK+XW^`RQOfq1(ZC1^nP?Zca zUWb^LFc5?dodFDW1_7k!85elG5dK`_*mp<3zZ)-BcpGZEouS=n20~LxmSh@2O2J8T z4O6U#5Q}oS!PrBKQR?R(WAohsA+ym+xm$nsXYhK3C~_?JXIO`252J~bh$pEBF@){o zyP8>K%|x(%;N6FPYMy3_n$Ghl%f75PUzapJgif+^!&@DapMaQ%EbJ73e^?-N;Eu&` z427~1ns$bnak3v>JCEup((zH-XpV+;Gkk^NPShTPVMx0ar!Z#1LbS1aV1p2ndY#XFL(M{SwF-F#G?;mZ7z`}~g2u^Vj0so}YLBnAf5cI|XT=>Ll@(PF3E_U%+qlscESfoK!h=?VICkhG?;d?D7 z!vE+mM(_G;BAQkwMIQ6I5hhOixSCsq!kiN|5-N&`jZ$ujpXPdExts}+nCfiF(~QNp zV`WA0+EjLUTl@`}(=0E;3D$m=iWcJ>adwg-I{>d$Qz%rNCL9ij!r_+jJI5o5KT>4R zZn17`zGEw?5VkWB3sK1UcLn%$rv%HaaEs#hhY;SEfm8FoU58Q7Wpml;34urQZRZNf zuR1QJggMxqP^~l(d#V~QBzU@8g|z;)G31e}AOUyG1hM$(NXk^o^4?%i2diC#+ey5;IlkVkLW|gP_6T)xeXGDOK zlprb`Dr}v+*Kxk!b_yT*>1cn*fDN!E)90J=M!bW<HiMK=a4_eF2!3K?#Wd%E`?mj}DkEu0&HL72F> z81h}c@G5U|2X&#+7Nnds|JbeN1gO;7id`8Bl!f^SnppO(cTfik+1O|JRk}6^uBwyd z=OR4Nkj$JSx}S{G=G8-V?${Zb>02A=``!iK_OX&K`zpe?g-^ib7LTQ3yQcpbeBKuC zP0F2k9UPQ4W)e_)QyA0j#&8BhkH%Wcd2$zGhPWo}Zf65y#w|$Wi_UK7;l99~GXGEH zf#4>Uu%Y8A(^f5MBPCpRcP(rNey>u~ThhSIu}l)QfLX%ZWap&g2T&sly{;}c^;>0- zcd*UOggjE+2dz7yGs~pL(y@_Q-t<@ux;3 zP+NlwAI6T18r!ck2yS8v9nFtNz=(6lgPY5l8xaFsx7Ss{af5193-18ii`AO%gI_L- ze9SV*PO*Pv{gvIWc?t|4$VmwtX@_C)%Pgfm#hp5)+`0AQK|khOvK_{0+KasF2pZjQ zSOY(O+_ zem#+SD)Rkn=UVY?V!)4^+nasCIXorhlv`V6<_>pWo0hK%1l1Oc;Ci8O&GUsxvLDvq z$ehrSBhHi5WWIy{1B~t6A}oOp>|AxvtQXGgsorScdn0Q6q{(-v-H-S;glfSaS#guH zO+WwMY0u*3;%=2-_ay1?0+h6^-Qf(!l@IusnzPuciqMH>s;b*(quWbS3qJw;)%p~Rvqw{_+)Gr#oDc+>CD%aQR`xbO6Hfb#uUs7mPp>Qx4d9p>xtZu4e zA+Y97atICxJYV`er-##MAit_`(V(VRw;`*6nqIQ5U@auy&)39;!0|0z>~tU%@encr zmKBM7I6F_@n|iG%e4x&1MyAumk&pkFl3n}A-RIz(W4_E!0 zl0x%z)Q&Tf7qA`huXL{||8|gO`1|+$Xpk~|Ol3k+4dJStt(BJXs#Lt;FPIH2jCPkhXhA0`ggOn4w-yfZ$=6Q%{;_W(m^!dfc@ijUZYB4*^ z4+cn$KV^Na*Au69BwzmoL|u=tli4TXQ8;w8dhf-%j4MUY&@!#;r*ycExsOeyXF~!$ zqI+pN+rUV2!+3lZ3=Ppe^<{_c=y3J2c{##2I6Qw}B)I)yY$kJGHythOHI8= zCLAYj2H*Ow+wEz>)l8o6$C7!I4zy}lUR$w^Hp_S#{dw#RvGRFQVLmzU-h~wBddFJ# z_``m-odz)MnfKp^me@O|_%zKd2s7(Becm|<7aP8ABYTizBaA~*IV8x#gw{OunE%g|zt>C;P3G z23ji<%5=jWud2HE*R-uhR+NS|K3=c;8ah4q6QF{4v;PsNS;P$SFhO70X7h|CH2l5t zlH;!5lX|0vTztgS; z?z2`Mv>^FRlYoYCN5jIt3eAkw-w<=BDD^zZdsG&2Yv^CiDTFU zneBn?`Np#t$1?fX?BRt=OIvZz(`bfFBRZ~tk3QD%iSA;Snjz$wlUrXjbZlO?KF8-Y ztyHZjH~V2|K@RyjF@x&n8giNFs_|gK;30V+=AqhP0*~~3qQbl%S@p80ODyCvJ+gCx zz#d&?#n~e(z_V#YkMMAb1wj$~DyXm+hJsd{lq!jE;Oi%4c@gPXUUS_=GKC$VOSob4 zP2(t)y?uoqGAvG%H0;}qI3ODcN)GY^J zGLHWyY+jSSh247MEqgYvc5a)tE`K|(Jai*|UE*?2!{d1^-GV@DqmGWn*fM$6^R=!9 zIn-&<@+&{irWYe}hPL(@xKtcxNJZpDDq*lKjv2cf85z_2le(OacN~82-lO|`Vx8Zy zN5}UpvWUvVS(i9ZOJ=M&QQ?%2;*v%2l0X$;&5y}M_CS>I`;D=3MF&12HNkGVg;UF| zy~0a2^_rF?$mY_q#A&=?Hn0NmIkIaLycS(>;PySXpQX%GL)%qXx8g?mh)DV4&K>2o zdfi+a#9*v-uIqt8e8KBp+-%AA?U(jyl}_SpzSc`0)i7%L^}d0t-i}Q(iHWR|6uFw3 zf?4yg>C|>u%w&yN;r@MfxEO~Drgz&|_zj0AOnk#UDUF{d3 z_R34fB58J?I>=5Py@!3!R7_gBpIx$pOL8w|8}%L-r!4vnugn{8c^5aOuxQZTG>>kWhe{oF#mes+4mDx z{Wf7-&o&}Dd^{p%1KbMvYQHvX09n|peCN4$Zup5iq|$c3Z6R|oA}|;|$I;ejER&+v zGNRD)y0i4QDbm->Gbm));(m*sqF(o>9BVG}fsIG_xN|{A?uN0*2beQdR3zBDG3#`? zaFUOL%bhoRH#`@8w<=AaY-cWLx+ceBH!hR3jT*NtY6%IKNt(Ebq4u0l>Ndr5bm8{$ zRI_p{-$&gKia3`<2fuPJ=1+ilkhQ!Nkt(#)d-iCe2cptNt8D^@AbshQ5LVLrpez!W zeR`{>@JqJ25u-;k?qHJIy?dcDK2MCg8uf*x5-P4(s@BCGwSH&jR@N)OKIY=d=!BZz z=Ae{>Yi>R)$y3tIt}4X~YICuNosl77`0s|BgZulRVr;4<`qw?zwbsu(yD<@YXDW0U zzggw(7r)%s*t-^-88Q{nI6#-ezVJ0~===g3z8&Q@eDmAGBM8ny2!3-aKBuexC%`G8 zj5oVor$x}6_+#+q{|Hn006qx)=~Ut@HE^ z`|P)UNl_cFfzjDM--A2{QThXWMfQHRfvSnuahvYW>*5c|WhMhiOLO z>2YWKbpLox!l*+m$NW^!N#?C`Fh0n9+x+YEi&_Gcb`p#e5z{tj0$;LY-Wi!bHgTsmgtr<-wLz!m%T{3Tf<#=Gg7=nG|2qD{YS>t z?>v=x=8VghO3@B?bRSI#u67)9m?LN;&7;K@<0NaKU>H&*FZ8>?+Dp*~t!qXBm0xo! zgoQ~8>dz7OGes*_SEYc`9{O^2S|OT7pxIC6V|lc(x=yogqt7~O!!pA*8$z#Jf`Xk~ z)KLzEo|*g#j&;3vRsjL*=5y%qW1A(SA`(Mw^lT1m!xV#9@!YGsn-AZLS3|a{=DUB- zeTgm}3B<82fep>;P|d8CVW~9ELka4J6Oh_?E=XoAFp+I!A_Kclg24%LI)aM^s}#9B zOO7MAKpAH69T`w&<{hl@e0l(pfny?T&8c9B*21al^(j>hgH;ZF!YxRvr{-z@@j!nH z!HA-wGXSd4eTlTlMta_polvLHxIXtqKTgkK;Db^`20XwBzIP-Ek|@{?Bit^dg%5T# zQ>uu2X-b6!fs1)Q%S9awvCWQ;Y%VBfLlN1*VXb zn-gYyg0!V7EVN`9!kWWuaou~Nz*`;=wNEMXLgWOu#8%85HQ0jncM>HfMb6UN`UJED zDz;H0!llp;HPdsdCyxw$MT5I)=3GxY71)(gEmA$p;c8&>=y~*Oh`y1(yOl0qVT30s z75oWbO`#v88^DYt<-W2qXg9YL2Ms5>Y~(7tM_(7egtMWxGsVX{yV?WD$kxHbbKgP9$1< zaA}cI!4!z+DO6Yhc=nu5^}KR3_;DDRvKs50fgEnYuP%T4)jT&Upn4Hw&N^N_t^HTC zC?9De41X>vFOOyS)ep0HoO5Ywv&tYbNvcYtp%*R^|85PWNgOm|KaU;-$yo>KzfH`w zv+>&6#HNYuMBg)|^kj+~5Kpug#~m7<7b1o~O9Z#UoC_3ENA?yek_%Go&c%feD{2Qn zMkPA7Stn2E9TW6(hTp!}&LLJKsHDJit#bK%h`|CIdfSva4``o>y?eWOAi z5q>%*o-^FOfAl{;1O4X0{oyx|v|!rHoM+jta#*ro7Tc5&ile3*SEcz~M$z|9b}UWm z6kFsWf}}dWhh?1g`4+i497pd|-L#I<_zCE|MEMQA(RBw{XWUr(Vi~?=2shM9M#>&| zFi;d6@m{s87gcKC&_BoKa1!6kyvuXs=3WFf$4hbAT?1LfiI1CaGJgCczs3CT@H>gb z8~>V}(Iy2C!4d@p!El#94>=5*Z&H3pNo@JmBWBLP7_H&ZISjbi0tyX-=>PcFY5zEc z_!sfv02!A^jZy0A>^B zg^gJC6maJO)%JPKPK&$=!PB&{4abdBP~f-=6BY9lkhT42BOCB9Rr3Epj(^tbe-jo5 z5o@TWq&xIl3)0j)b?)h$-duM>mBL2MW&&X|)3duTID_Rq+||3fy0L~G@HzUA+P-sQ zxb-Js^)cnozo+hhQ%um#lUbJsPwnrt-l?Z;BlEU@|DG|1^&(tkUHgfti&DyFIFeF@zJAPzjh{_i2Gjh2 zg|W>PIbh+VSAeP8oH^0WKG_GI-Yvl&(d{Qoah1H&lAkVkO_f+mxB1<&ikmWm3ROC2 zYRZERh^?6HA8n97H}$?MFk2XVjn{Oy_00BHVCDG)ce`?yO z=QM-ht(Y|_ox_%O&P<2G-P3DcLjo^rwn-13;tm7eJC#KCc~1&?|ZX4| zh_)LF15>KdQ-t}iXlyxth~NY zmN-n|!c*g(?D=iRcW<@8^C|oIhcnK19oDQZ%dQh52=#Un)@I&Gy=v1j)4b#E2(9Q# zvUD@(sj`V;c!*gPjfp~CUxf)&OMW#A7grDsVZh%j9wm9ribF@2*D7t)Gu9MQ zS~e{5>D~QJnI*ve^3uhT{rxGa9bUrwdweP%s)I%6U$5UXOYO9RnwZAb#24hJ=ELVY zpw+;JViZ*8LUBl41^(!uGJOub<&msJ1#!}Nl_Hfr^Mw4D`6ER0MBDD>=~1}5S9(<| z52Ip=<2T;3w7WXUDRr3U*>xzMC^3=>gN(GgN*2fu&gk3uI>!e*{SwF$C~@{F?{#8M z?1QbI3Uv!SWiR`+uQO*T-C#<^GNUCtv5A1BfYp2UX7t~EqXDnkR=R)vt5T-j>f7Dp zs<^nhzA+-yF`s2!($c4%_ykm1;mnyLz~c&IszY?Dq-<9aE~^EBPZrvJZSni>q_+GX zy5JJWb;@CJ;Foj>ZTW{LM%A3p-zSA(6odtfO-^Nh1en`{k{4a9KtUCTg)^y#f%Xj5M~pE-+qB=`|43O z_H}bYdkAdO2cvs;2@Ond=X$=71P$&GCV=OD*BasL53Zhi?yOMcaI>Uz$S01%_8CH4+#{ZpN7&+jD5dF7-i(>1uX=7A)MpWO#9%KU~qKXjJhXp4n~vp{<#Z zEbl&wP&oYcm>V@{z z>h>-(?AtokH~gmp*pDsX$J_t&_Tz3!)4GQmU!#6V0kh%X!W0=?p|qy>jA=g(C;|#amKx+R;G>u{&#z z@?Zf*ih?atBSfGRo7}bc#m0rgV$bviL_yofG|p1RD6%k)oQnb8fh;$dRGjUX>|6Yy zfBq-HJ^ASRQ%qHP_xvsP+$kTM424qLRpuO1v+^;AL#Mswl&q-onr2ex1A^YILa<>Y z_JtJ6WLaCcj{V?}QE818rMbLH{0)YBG{GKofNKJk5pVmj6`>R_Hq_nFEik- zAmM?Paf1(E9Zucf@ZZXN?s1gE-}V4ms}o4-4WtKciD8)e*(XN2axpb-#5kIB!R2hD zKwuTYexgBb+ZyC%#dN6rbQ#zV1gS{8$)Yjcz|;}vs(QtMrf(IvmC|(|f;_x=iZ1k{ zKMj9FLwyj$kI{sepe+1CyJk;@fljJ;`0l&)o;>SLC+9^Rc8mOMl=GB^$4aa{)C_g& z(Bc%_Ep&)mx;wvNfv&p8eXL@leA?67V0K-{6CH6X+!3ULIz3e3T(XXjce zA-8lnBBLi~1M2qcrsv;7dPpNEeAoR%T2P9N$0;KO>yIW1&NHGS>&c6Ou=#1ns~X`hOKJcA8=w@H$hiZu7|f$H3RSfj0a+%P*Q z51AcS{nD<#ct|#9x(%Ccqa^)y-Y!zTNWCKQGdnktW3B^BzKe$oY*|Xhr{>?cGw>9*D|j1o*YZni$u296?C?xfoPldSzukeOfyF+r zDo(Xcm5&uf*R*bxTVvAtQME`3fvQMQUL$gKrCs*gch=b)YOr3wOM+UGbDJI1n&Bqa z9k_;Bkp6nQgrZzfGG)u`kC4@*!;4azwOt!2&nB2v617gAJ|{4hq|-d36TUwYu!Z+KRDoTt7BN5Wq0 zX^4v{H8i|XpwL&DQz9o^y=9?2M3LtxHC^Ap|XNb%=h!8|+ra`Ot~5ZSqE$ifNKi_XGC#vqTjoeMK_ zxY;wgdu&VBVSUIOv#EMLZOs}xB?n)APJx!Zm8MN~*3a2z7*m@WgI}!v0Q^o(ywh7O zwex7<>`;uKlN(n@?=xDjg6Et!EXA~=JzjL4GPk~zy?T`&3`s&z{J8}aa2OJp|7X9t z0JV}uWoWf?`wom^92FB@-Fk*~Lz?@QegvBLacdmdGvgSk#F{}Jvu3#q4G+Ek?)drJ zUxviv^bzy#!#@GW&4s_B?*Y!8+Wj;9RqU_z0t+D#oiL! zo~R&h>G5)??sNrGEDnV+&ZO2x1IFrMQ?QKCoJ9-X5#=Q6BHL=RLl z3O|r227cm1vB;#|?W$Ru8tbeYr#)2~T9xY4UGw$<1*f;MIu0$VC5@`jh;Shi6v^XI z;)S)Y>>jA{LzpfV#!P7l;)hObG;~+$P)i(RDBY2XnBk^sV8K>$i+Ua7Cx9I?sAI~e zPVLG$DQ1~CjxE@g6A10hF8C#O#wMi7%cEyOusH-`ft4nt|$?$m5(iAX|=XXH_l#C zj4P>I?&tVb-uS8*-%PcQn+guV6n?-^sH7R`sB3TjZj1a61WY);jY4Y#)UDU;EO%zW zz=&5a{pJIHKj=RJ)qw@@{{V;oTohsypWoz9z^(_$0F}l&xi`O7D285%Pj}m-F(VJ4 zrQxYn>1r2Ev`PP4(Z)XYlFOReh1tq2*8EMz5&o0vSW* zSACOPd2yss?ph!-TfIaSDCe+gB$*wgB8Dm0j+?fLyUA_ArwVjxtAD&268qWFds;E@ zbEBQemfa;#Y@f!8R7=LFEczU%x&3+YMB~Y3rog#( zwBm-TG|DHQgMgwLI?b2VXBvbOycNE6hCS(DJmaUm^r#}~=BAB@QfWlpu~HZ5QtqV@ zpUCE6VY5QYv+B}N8$-H>WW-UwBbIlspK5MINtE`%SDFXs9}x*$9glMA1hJ}r&ofVZ z&jR}_A3_WHw5(q8=WA<8!0`G?kp_b`3(cM+5YDMF#LB;5{^8Bj$}f5y2;K{#?hR;j zTvM`5+(GjBSr;=-B16!zj*pIeX8Bi)kN#B&_kM0>PO#>t&IKc$PZRhfs+-0mSp3m? zW;zCx*msIaI&o7=G3i0TCC}Bsz+j#+dVR~-+uJ+G=f>N^UQMHJ*3k@_#pG_qO3GnG z-v7OlFs>`ut|eHmidrt7dt?r60*r&ppW7pcC?nGWXi2Mx>7l|X^zpd5N z7kw&zV1-ii=4Oa7EqNistEg8%JQ8hMkbUK593&zEL)p#mP&=@Y4L3K+Ndp&(=CJv1 z&xDw{CG~nS^%~S>EhykX^=ELXor`0=g)|i>FhItkLuA}Y?!^El_WkLW3;)hwAmj4x#kabhL?TpV zvhv}dGxP_e3JW=&r*{<4nOFNwggq9f1P&j!n7iBNW1i#*qO74L#*r%8sx3?MHGkcK z1SkUV2{%T99UAz}!*~6!HTh@X?gFGz;PaiF+DUKb3)`JfAne7-!&tGqxJvNE$zn3} zPPavyFdS}8%?s}kZ1dHly%>9=$ZS5W?~C{pWdphlB(l}{b#(%xYfpQO)n=C(JJaG$ zceOd^L7Y#0-kmJZ_3d>31VD!a*A%SinYTr%o(1R{CAMWai7k3$_Wt3!H>7tz#l1Y-qi2xUP4qk? ztl1LOLR<4GWVoH27?Cctf423kR1&P!&*>~i*%OGLZdI?pXNny_J>we4nc4~(0B zikB?%`yRaJF#M@h1xRyM$mp$a&Jk>;6o=;~Zk=-7oYaX~pawr%kiW&UL#v(ogag|1 zM=HpZzj(UY*Qhp%NZF_F?k&b-@EmTMl7!%6-mDX-6o15tWw!`tMafV&!@ z=C!N+b<02QZ#VxIv$u=IfmvRDp_pNepCSlqebfJ}O|_g|+&QrQdF_vXXIT1Q1pQap zM|iB0&YK{GcLBoj&{q*rK<3+*^VB%PhEH_m!71NACYd&kmmS$S&>|8nM3NZagbmf2 z^xLj^chVD?i>^reKaI6FM5rINP!cpv_=@`AoY7x(>=&>-lQerW-|m)^2W&rO#iFl~YC(*^v%&?(GZ+ar8NhF%zU#6az%5(n z7_ZtF1LHN`Lr+F*8SlJO4gu$we5PkIk5hmpE{D+=Rx)Iar1hlrkH5cQ1b_!$4<8J! z^HyG@YX!auY!PdoNg*YX-kUa?CIliCc!g3)5}gJaQnvlt=@o)_=T=IFxr>fYhSP9L zCHkpf56yx#6PdZ@_ep{JCA-90FHHpJv0raFrLW(3SN@gFhOGv0i{kd{{7~ZgDUam|H^tRVn+QAf4%Q9?DeNy< z)Vux)r)Z@2qJE^x&8j(pVOor*n-F(zn@Bt52+xlQ+ZXS8osi|vze`)8+8{MzBK6Nk zo)OKo?~tDEdx=foLeWGQ#4qNB+rTZ{pGF(U_GXuTu{0JxcRzC5ky>@r#?;&>1xdR; zcc($5UkNAUhqB$0#ZdWz9oYu!k!1x061@TjAD$B55Hcw|q1D!>BTF8=(x#f+sB~BP zWI9rs&~Lg}ihSt$2YYv}cbmq1YncKMSHt_$hh+=KUc{B5&-$F!d32sFvWiE|s+5|H z1|m1bp}je$H#zX~>8D`cngKFf%5eeuTi@>vEcC>zxZxNom{>V*R{YiELau!asQIll zNzNbTI$x>j9{vqskfb9)FqqU(we3Ftz(aI-ptc-UYn|OM*ZJM~t68-4{Oh68Lub3R zvYwVFe8pM{OsJ$9EmQq?D?JYdeth z;!?v$CWHL0GZaqcb%cXb9bWBchR*m3T8gJso~HB)dk&fs+!HU;TTRjlaM#_J=yVx| zN@2x6bdQ5|nxnf3j%vL5DAHKEi}EF^?+vad!S3`lboV~4xZG_z96#6=f{WP0{S%wk zUT5C7a36Z<#mVNt1VL)Os)nR_$Vc}?X$l0}DR-wv$Zg(AL&0qZnC`dwvas?K2oYQHgNK&xs@tE^8a2uF1*vz#7wc4F!6L`p_xR{eyz$Q66 z$IUl-^i^RrsHPUEj$DA(@xeTyt-y&vz_pKI+F28oi)=jQ)+s&wgr5p+O|!)cZ2Rg zyUohPT)?N>GH`>bWcx}6GQ0jCY+46SXZ7wIAzDAUg*?<*W-KHi=Ma)W#<061Yej{R zypwmSl|CP}Cca^5#Q<)v-=bDL5*iN^o8fe{^CbrslGiJP{bOQcGMwZGV(=)h|M=mF z|K|Rk|1SyxRaoc`?yk|R`HY_OI~na!Ih+EL%*u)tl~%vtJQRVUXM!k?C+6KYksvLT zE3T5pLeZnFiJBiwj~h2Dl+*`T9AmvaD!Bcs6o&~Ix6kl0ok6j?9b1y~ENVvv)}Bj?6R_U_WteP z^}W8==PC$!=&>jwJ-jKQi8{T@^3pix+iqHxL*|g{URV{DRjD3q<6MfMd^N}7ueg7X zr&0k;vE<^8%<1;G&CJsaMY?G{t^;@Y)jP`W;4PljouSCMBpfebw_1AP|H;q%k6-<# z$t>nhzW`4D&B79E^^dpypGULE`uXdrycPP|WsUT*$Q$I{th<_M_B_pu>*z@713P8( z9BR4Lr+LmI&g`HqdqtK%QSjj|Dhbb&!>@k7Hpb+h6!$WR8x{@mXDH8zv>u?Qu}WK3 znr@a%XUc#{oifIyVgqF_h?Q``2~S3L<01t+>fn{50T3|wt!VY2y$`Cg1gr$ESR#h=BuOUR8J%BgdEY`@ph}wKT^im@yCfXd zvrtzI`O0X1KbMs|b2XuAx_=bC68-~Ff>?%cE&9Vvc8@R*o+AGCbyBIp;5n&Js8s=% ziGT^(cvX_j2Zowc^5&dW`C1mxo8K>6hz&K}>4?fyX~jT`vv^FFY`josq}Y`--e5&ZUQB z1Oqo5*Az=Ebld7`&%j*tr(10-gx&Vg0q;PL4=@^`oq;%`t%;P;G#cD5-l2*O@MXny zY{nf^T!OZqUlX-W2f#TyzJ{Md&19II>ntmnaexr-gm3KLSxnr%2oTJhe0pRGI|C7&VBkHQ=j4XwF4t@Dn+B9%l5`E1!)W2WAI25|#$0q! z!H!GxxuK$X$~!j0odF|Bw_18(j&psftWlD|Z1wo{eD8kk8G)0&Vro$i>lUUb$D{do zul$+o=Z23^sHiVRSlG|{0=8V%fe z+57xl^o-K92OeIGZup%j#}X;+TFsQzW-zx`=SxbCEGBXu=4}=oHes?buDs=6F zNYD6s2)#}eE92KCR{9@tsCYhO@rRWMjfU}bcq@Ma%pyCAzR1WJ(A#ce9ke$qk6tO} zGk8nmCa>wwVjFBcu^4BLFkP`E1v|vz{+-S57gGh>HZvdeoKuONtL>3Rqp%~AvgAaP zg*L?j%+KY4@B(0eaL$}gJ2@S5-B$y*Ym6wCL8VwvoTyVuU2W0NZxNge`jn(b+HYmz)3!F8bC}cx_nyVz#P-#*IgR4jKO!PEXEEH}-uS zQEo*-N~r6wmFm?>%N(JPGKCLgE%B%=ZIg$qOr`-rG5%or}Fb{Y#5chH4<2KXo^zY{iKyP*3D2^&3v7Gfo#faK@C_B3{pZ z2iLN*_}GC$8eD*1_0$7cfK|1s=?i&-<>6+XnH&2OpP7>XKO?SR|Ee|L`K#pp&k#1| zfA{|vE&hM6&)+4D|GgjnH8=A=xgV6uX6pu_?gU$n>cgyLi(NlpS)y`!BL~W({@TgXJD6nj0%FO^W_$+pep8wnJ7C$tX-nNzZwfWp zT{ma^?fLZLln+k0>-*iBC)srH=TfDX%i0+P8J?e~CNMuw!K$~eGCyi=`&gftb{*$k z95(!Usw?{Xkrq?0aesWRkKJCIa=uH9)(F`Ae4Q?&QN3sW{H*EYKZoc4$#UVJlfZvW z89%aY{XA74vMzNj+;cKB-T2Wz;nR9inkA`tqY2dQE0?T?N6wicrf!5t2_m;mrN@n# zkRFaQ_kziZYCKqH71Ed0!mTr$Re%Km?i>D?8bkBV^=K|4jky(vSY*KP z8lFcc#X`l?3qVfPI!s-n9I*J5SEB)}kQPEHg1g2oMJ9ef&NIyj@wJle`YnCAp9qSZ z2IOA~Gz;qDy%ls9*~gn3$+BC>zxGE!6IcJPskw~#x6~|oY*B8He_VP^5jMBTd16G= znNqnIub6ms09aHNq}YNf4m!!%548iTTKzmVYA?UHH)}qzs~9xrpjbNODffXipUwmT z?4>_kE5Rn+u9lKqST0Vitm{qty=`b%BRomD%2c)N+odd@1~5#+d&o!=vq1FtAU3>L z3T7`D29}{bGGj*uL{qL3d9-Pr{itp3I9v~^bm$oey9c>MT9|ZvWiY;>WVE@;MW$oP zw>KGW$Ql@7oUW_N0Y+MZ9#G&RmDpVq!J%S9df7)OzT%hG_{)E*@34Q|Jg8@-rO1g{ z^U4fVZK)3jb0eMh@qHkN9nqW%ZD$Y9HZQr+*J`mD2#i5MKlS*mqM5_{pj#w)D?lTV z+cQNB%vjFKe3@*0hYRu`zk~n&2WQ^Ks-LG6!MgH}Gy&Chr&Xl(jviX4wA4+a%SGf4$@GNC-G9A<(GO#h!B-^~4b4W$Ay z;GyneeD88v5!8nl>l$5{gcdg`+(!rD&1{S2wQ0Of9A;)>@8o@`nT0a(Hb;Vxj(R8M z@us1|Dq@$+1$*bsonwEV3+YIV&J2!xP~Z^dXDUOV3t1KQSEbI?1k)qQSboSY8AlOZ z`-*g_V+F(LvxtTOef)18=>POt{_~iBrYHXy{k`~e!|6}N z#SxtZ$(kp;nZyCD-{;v;RGhtzw?D;7%*RT<;tP%F4}N)10_WjnG~BTumGFd0i{lG1+HEeEY6b`C!!uRCxlYJL{$6UJQZDPeS@(fbB_ zpwfhn3_0#H*wIo^B7+8wc1*uzYFjj> zN*ndW^%uau%ZW%lzfd=o5pr_3;(6FTvs01OoZ;!C%lo;@*{?AjVkC)&d|MkTG zFINB2ZZ3cukzXrhsQj5Bol>*FzWDQ;{}?d;Y8bt#!5sOxhE($k$ZM8u{&B_VHFN=C z^2sZ-_4m2bMAb=OKdBB$iq<~0_xJ}mZ?w6f?V^Qoyz@R=&CQ+x?W#|wrv;!L&o71B zPA{rPeq)TD@HVPF90`Mt?V0YGLTuuzl-&fwpb5ZJ8O!fK@)%p`BpYA9i4N@#|}`4LjSNMaN3^ zC*$Yx$@EF~beC+JFV=uzj|HxQqk(~laC8bVT+BO3{=#R>oqaeYdRnNom0&B2UNb${ zQBEi~lpUh|uI9*D04J4deV|sZ&Y^`;i8`=k)RM0Bi~9T5))K+U~nJBzW~p zfL#?O7+YAamYwb4RG3>(l%l$b3#53o1svy=IuwnQcNbBXm0Fl;>flh%MQ-5JHgPSY zlk>bTQRm25XQvzvXMchX&mGjb+V780A=_0!-0pv9zP-9rS_kS!T}pC^YHXIAXora= z-l3UxEUl}066}qp3f4n^NV}6|R4(NWta@tsfAOx+Zx$89TWpkJK}7+gS+Z)Cled6s zPJY4&PuU)ZDJYO+Rl63wtc>&o4oLOP)QSH@`Rs8k}@nAa&`1vJm z2N3JeQ+6SWx#NBx>xNh4B8?IXMh9FkN}FmJ>zL{ZdUbwuo*tSi++wJi*~Q?dqOYGj z+#^^8|55TjJwb+In>KR%4p?iuV>m^v+<8c|5plcn*rtete8vjzTLychOOTMYdD0KRVc+Dp0(KQ z<S@ildnX3H@z`a&X@Bx*11g6QG`K8M;^z13}7b|`z#hRv=;mJZb>m0im^ zO;t5l<>>B^C@7oz+LCDOnA?yyDBD4vSAyS7>4B&6M5@b`MiL8CD{N9g2~kWO-&TbY zGYBV5cStc&`M-`j%&lM3)dPE0&kY;jZJJlKTu4o)3#96=Ym0traVN`$sm z9z3%-tFBJ==P84FpSoqYTytk79{YPFBSF_lpE5lIAXimYlBef_U%2C_#)d{&0{*l}P^ABz0Pk?hf0p4buvq;ziANW1}MIIF$A9eRhpIcuz6B^q_iX z%)Z3=FS-H6eX`#Uri{l!egs9-(?*V)N$;KTgXR<0d{zu?V+x&!*FFpr`Vm%WOB}d= z-CeRd#OML;+=Vh*RKSodpc8nm>-7|jABD}r={VO|7%*`;>*3bzqR!CFcRB&84Bc`g zKH5y^OxW&wzmCtmh44tPi5mqTnw-9W$fdg09;TWZS?R%|)aG^f5J|2{;vp_O-bjRP zqsY$Fg)PB*XVe?Bj@)cjKc<6A$K;(VD4&YfTn#_{PBOmriH#0XwE4oR_XS}U*wEC~ zEie3TWSlfH6<%jt4cSd)!COP+gMw@)k@V z(rGLdAo7YQlANT$N8R6?!c9bSVQX(dKSr; z#3p89OIvo5aQq_-QbmN)NS{h$jlX(?g{s)!$)%uIFIt8+d!R8>COyW;VrP(6qnW$~uy>`aHQNLZ2e!T5s z_OAlc=SHU#iE;0IZR1LsuNJRa{{U@N*`?NaSCmXjfAJ??L%Gn`btTe~0l#sFs-}fb z4Zm?eJJjGt+eWaEIy_5T+q@i2O{&{$xVac!T7aLY+8vgXOln0mdILn7uq7tOIRwA+ zI@_1Vk@0S zS(3YqCxZ;MGyqivOxR-@N&PBqCRw);?LXad2c49i#7GWNBgD9;H)Jfisk#lF^Q6sg zCK%YW>aU=D?#Nmyqa{ExNKD$5+)0fL+Y-8V;&kw_#Vba6W}9Zvv)Nw^f4f=${JgGX0gDU6VF77YEC_|wxPnaGPM$(- zhd0NboT&M#8d$jhVz@v9BSSnNZ!xuri|nd{M2cwCbOm6*`cJ%688CBD9~elG5v8D{~Ub5E71~lGS*!4^HkoU)$XH|BF>ZlGQfQj<+r`AOi7qO${D-a z7g&Du!Abaw^3PLy!M~)9-*uJP0PS5C8aKb_{C`DY&I9~0w8r;k9i+m3I3 zp1OC{EpdsF>0!cqF5A;ml_7N3SP9Qzb}+H4aZ8_pDfd*L+NFgbFtP0{EU(jj5+3Zb zffbIudn&F|!y6w73}W{-eN~uJc%z4FQ1v!Us6!+#y$Bl@mkGFPN2C@0zH&$XdD3@)+x8gG zpkT`kMw+i zLQGi*yI1-7IP4jE$cB@5^ln(vz8SjmzSw|`7$&dDPO5kUcYsC)LOD;M9L3*RFP|cn za2jr=d#jlEtGlVYD1w0h3(EJl8X#aOT+GxvmzQL$4XDtIH~JsJ1ij@HOmBnzN6L9(f-m6OS*>#~^wGQNFRb zMFaj&FhduM6;6GPJP-Ls%d>1JuN7CR7)9I0Ccu#5Jt*4TD-Tsv|Gq?I7Jb5pMF993r?!6>vOxf3TVbV{Y=M^AB z*e2p}A;y zz;mbTjUSA!znazu>~uFrlOlSyutx#vltAMoeo(-K?-jLYspv|(tker+ikC=JC|Fz5 z?>seYswTtltGSovChXn5c;|}el?)+VQVJhydu8W$uLw(J+&JfLlhmLMWQ1ooc0cNJ z{dduf&x-h1bhtyu*Lk_W_u?At`kagR=C6L1=XYb`6^ueJ4}F%*6ZRdn z>5+K-Il{PG8gACRo!B*SF+9m)>X~So*R$EZy0@Ol;130h*W1cK`U0*itw5fbt$T)NZgUI6$wrx*zQ0n zrC{r+EUAu&Yu^qAvy8j_Wtf3cwJ%AEl$pTUE1lco4C3NSQWd8o;;na5nHg%`J-`o+ zC!pgWZ(ZRwg$L2aUJH&fz9u;E76b(rZ;?&%x;<;_)yV^LB5Zz72*7wuLAt|m)7_F> zwFT~bveJL}{Xis(8 zSS=$8N+!O;1$7Z370YBk!UjumwkBP|Lq$bR(x0CeHF*r&nSzW`S2KJMJ$rVo*wL@h z`#!F+z$;|Mva4c6#mF;hYX@doXaYw#s*~(MGru+AAeug+>}-QeA7~a}_5lj$^bJ~;VwO#4Oqm;HY@nZhjp zP4s!eJbBK(7E$;wm1hh8r^>U-E3gc-F<&IkL}^ag*BuuYuy=bw@d_3V>z1{*#hW?( z-K12yOn2bs5LlR1X!xAH2mJqu?a1taYH2oJv{-Kk$So)+K#)xD42g=yDP!cqGn@Ln zL;%?G0Fhq+RLjsurDWKI95=-D-*$76K}wEg5*Pvdz@iu|vq4>qCwpb+Jr%{$22{n; z?vKd=^I6nxouqJ*wah*kQ*OxjY|L%Yz`}eA3`d(_Iu`N~Ax4R2f(+VdaL9~Q|4L1c z0i#a9&v#_f>3#~W0_dD0krjuu%U^ZTnBIe#U|F0Z}*+aHxb zjBea@Y1Rx&-nt>K$Q?e6f@RXIR2g7c=AvqM85qp=+rQn9M^8%gin6_|0W(Qn zu3pCcVmg6d#oa+7AsDHpd20H4ITdlHcC0MKM}45GeG-#&PAArehbF_?o`)K$D{W$T z2-R7qndw{ISIK?n6rMJr>t}{m>w5b3R#``3^tA66DtsltVz7s=z*_?w%)0Afomp;S zX4UXQrq6xi{g_dintER4%qme443*bL)vkW-yy0jSrHi)Sd~2*M;>P zuQ_Zrfrr_1rgpj^NI`hFTcg@5D5dF|jfcVbgM<`YcL3U$%QrkR4x8np?J&1Ql@T@z zhL*wkKRg+ar^pZ~*=|ZB&BoB4^&bCMg{t$hIMHiE?FyY81|8{Gif$lQLNYg?2RkC5 zhPxD}`6I^-%p>9Qt~UP);4pLa@NAlk?w;q~0FbY2*@4^awu$K;3Hw2O+iZQz2-+<6 z-9%Bx=qd40{uPP%PiEbpX^D`p*m)DUS$9z;03Gn=7syA0q87gJGypZPRv)QZVfe)RK;eIBY)b z2_WVqd<%UR4lB$rteDP^uJz0>PJ8zf;A+4Fuy%^N{W1mtPR&+NSm-ML(Nu7CVZF94 z-3z?0^ek&;SH;fhFt8}FPO=!VM47zx5L*VXL@6icc9 zZU{rPf9w!J`oHU(F~cP}j5>C>R1y-PgA;)`Fz;8WY?O0w__@BovQfYMD5({N5gdkD ziZ7N@V6W7@-j4k)IB>VoqlJa%8p4$*SPH+EJf5=nb{v0W*DWsEAUm;?wd!&Wun!cV zl7dT(IvzW@sd6KJeOx=}=P5`TT%wS}Q4R+2Ax$LxSa#F##UihXBIvAyV_YMhgQJH} zWQSk|z75XTcjm3MQAl7VRj&FD>Ot}2H34dHL%?nRi(H$^WlGSi?Py@B_5lZ5<|$E) z@kMxQ4#VB3)(4~ZHsq7!7B0xd;Ju?vwV0LI$N1XSnOBa)D7$4FGrMe5xGJp_X20%f zIUd6HF@4>;xD`lccJ^A@?T)r|EDfV98?K-Ptu9;7=fQQD=y4{;FQ(LnW76pB{KcQA zpbd!`{xxGS&6I_DSVlCTK;rQHc6d$Y_e+$u;SZx<%a#vw)R7th-|f_JrLT4^_P)e5 zpHgb$G|T5DAYhYZ5Iq6$EiJFtpEnRTdsG51QD`55J8RF_?c`g1D0pk4ucPtBEN#iXV!iK8K*6w{@20IRT0`S$U++o`kfyT|xI}m^V z@Zq&;pSWY(ZQZpX%l-Fe5K&*S5xm6!tY_Z!<4L*~7b7LfI!DySC03-N5U2y5zl1oQ zkxnD@9{xJ6I~>S(ZHf6JmtN;w+m*B!gqKSxo4zk7EB|g_tR;1CNG-2ej3(IYYf^|K zCZ8rZ`I9C~DYNk6I*koiV%~^@C;e8Vo>(`}Mh~j#sD$)oSmBD4MFD3q=ld0Ao)c)h zv3zhhMI))QN_QS66th6!eb2ND=6wB21^z$XsrQ`tKD|@~E9KlG833-C?t!0_SJ#Hr z6<0Ke3iG>wOihh4ktfb685btA;+?_Q3P<-1+!|+_5L-rBz<{sD>QAx;tFBq^DR47l z*Ir4qiTS|n;%GYn!0ytQ>L!t)QZpC-Ws~&T?}qm%F4CbjpRAYCn~oHQfZ(j3r(z$S zk6xcq?!rU;ulgo=kF#LprX0TUM&A`m3Lo+{7kdod0eYSa)tE` z6g?%?-1vSWF$^(Vv&)LiRtJ``Dy4Nz#GP~%Q(I7B7CZel113S5vsH}5=`Lcd%Q zQ`*n)2EL13&XoR;grAg~n=#?K6u5Spb%YkYA!T(>j@Xy#dNl$F^h_ECnKOBQ^7#?+ zHexUvwYs(b*k-4IliRdr|E*B@nb`5ZiJ%AV@uGm055p0X!}hLV(?!d=V?F(w#4uA`UDcLOI{A4Ie->@mc=*x3hhCsgZUx78{>^C5b-H!kTJWrWE1C?y3j#^ zDJBGpc5o@xeN3ys7TbM$SH*ZUv$S?!btg6qf8S>zMkX2_YGRsRu2o~% zY{Z2hyZeTGm&aMOQqAsJ;))kknA$#s?bv$*9TbS^&*oM&*-)j;2puv-ITDj7%(MnX zUOx)G|J=LWM|igcdU&FhH_H6mqMd(--0E#HQ3$7PbuXxm!U#6>Wv?Yv!rIk}K2h#X zoa3T|A?DJ$$>#5L%TyXcwpy`!XPT$Ug$Eoxrji%u!!(iva3@@0~HZtJb0a5$uOHt?MbC*%rhz~nvHp*y$fl2=%tQ(payMS8r+ zkw~pEbYd=$Uu$P5qE!INYig5zizW^Ps$XMm);nmRqq@H&7xEAW{2&vVVc0mlkPjyG zQo$JH3HhN&Yw|cm!fVWkS%Te}At4|-HflSsCj!{VgnfTZbT0hyGrv{ui|%=){2T& zP}OE_oYo7UD{)VpoeymT_NB8H2*#*ysa-x-krt&y1C+6BhC)~ASCZ{2YBeG#dB8w0 z9Q$}FKxD5nZ_tjS9Rh1;c)tw#!IryglZO|==v5E`Fovj0O`2_n%apX+v*0wFVQQvC z&VW@&{-M+0@r~E&$Dr#Z8Ou9uYAsub-aB;v?GGgZ2cH#dXx58BD;%?#HJtZ_D(2f0 zs{QSD$y<}cowxLhZZ#(Do&{&WvYw{cwp-k-VVY4OJ?1I^G&Tg_-&I!2^1^XfPpj_j zi`hy|Xxl8wJMPsvRX+Nn*Tht3qE*9yWuE$BBV)TH1##x<>hqh=a;oxRf9p*Z z=tva~zER5`Ffy&b%mTRs&X%m{?vILkGM86viN)J=2*?XOJ;VFW9P_flr3Y)yBUa@e zWY%;P)(`dBVI_l)^vgnon+qE@ghZ6tp-?l9E9lQLv4_K_3vOFxKjwo%Q#vrWmG8!l zyB7u7)dU;4aNRUe!{gLE6)Y(HpvVPz?tQ%NRhQj+FsJyrg}6hGM(BmLzFb zyIuUGW);=7IJue`3p@klz(p&>HfY}xtZ+_!Xaoi-KH3dvO0*B?RvRN?~)h@wU9FLYKnh1fS1Gzy#6}Lhq5Rozwemcu=hUG(b{f%+i=54;#fWq8Ll9r%1l=X}Q!l z>Ei)ik0Cx<{BCjQ1+R3-AiWfeDOcLbFuMgTF#Ko%y9?+-+o~XDLj>4_hu&#UA{>OO z?7VlV%q|2tyP_DJl4O4@Z#4eSyu$)I;(P=bf8h9W`88atq>|R@=vGH*30&rI$BA6T@8#^-XYP<)|3veQ~JfnK# z6}ypByN%B=0lxi|i%B3IA*D0xcZd0yoFM(FE=lM$uOhuqBB~r}iMEWrEy~<`u#S#H z&ah`~*2G3Fy{Y3&2i9NtUbm%nLG6Q;@ayh^9JN`H(LBiKr!iBUZ|0B};mlN8WPaQ9 zoBO%-r~T<(Y4+m9{zPDYQUSuUHblE}ho}wBB*U4K6IgZT-tQr7#-=PU%P0aj72esg zuqE13(Gn1>Y#FR2(hiGlK^VNXtQiLMMqEi3{oq`~&0SOPGqqwBgygacR;sq5cFbM! zg4=fNh?M`41Sk&xU>?hmvvjOf-ll)cca19?y;!^Oi534ORw|Pcd$kP_ zN8Q<&ir$F*ENr40;}rT#|Ta=9ID)frzeODL{0=UVA+UhIFN(6u4*N^@@Riog6;c5j54X|E*a;dY^?jqe-%4v zss`3F2(P_we-S2XM@}sH7q9`dh3_5Ju8kr-n++|aZ<|5DJ3dIsz$e!2z}vcbnFx{V zm%Pi;;Voz7X0I2<4r$2oF7Dt}9a6?5?Pw=1I*to!_4N$R)kuE{>(U-)+q#(t=^wtMAcXxnbir*G7V52!U7~r@0{&Ik2!k{B5r)CDeEqc zlvD7;)a?~bsfSsU*W5rqPpKJjuRC_r6d#?6t0~{3>|&0E$6By&@cKBW-PXs^_W9s3 z?njXk=mN8|Pfl2E$#aSMlfh_c!SngnUr(;r{XA7&@wx8%euh`a)-%(!t8PTAlZOhI zXZfEWs-Nmz%c)8}0EDw7cptyd`DF1=CG_7UsQ+U9pJ!oyIcmc0smAPj5xCWohjLJt zmk#9no2uIUpDA_gO^zGf8XvczjHqF9!^M&d%q9gRHS7TL0vjy1f=6*7)8}YB7Ws!s zUn43#u;tZuPncFqg0z&cKhvy03|15WUhNr@um$U$@-Zh@*j-FWlY$d}nOwPJ6^%|EXUy)$R8P7}Q?oWgh&n z9*SmM(>$&fRurMwPF0Ab?p48L^qce(Kwbokm@%wyO=|Co(|8@_*p3`|p=&!+!U8H< z57|0`C*tuuA8Z$!JTv1zYY)`s2@E%Dnr8$3Y$bw6KjR%AL&%f~6*au$HMv5k%bW3H z+~#0gIo8qu!*?^-c5ogyGQmjOw#-pz|WjtTQFdEBl;3G}&s|ZD&bMm9=<^F#8v=l{e1UPk{}BI$=a3 zF6s|B;QZ7u&g(|vyKo9Oc5fFgFH3hf?<_i}SI-Xp63F&B7CNx)rQTreJ)jG` zA-XPALVDwRvR#YMGUX)B{fH&*V}=bl)+c2Vmv zVq~%F#aXJwP1@KP8>`%r7QUmPrpauKYgXof($Vw(obmiR)mXYsX%hJSw}FzHP-o_} z6S=coNKE(0*S4mrsALa1c8l8f+tEPUIu73yo{O_Lm&LZ$*(lAX_-GbJB$37>N{UfW z61O$o^}D7;`iJ+D^o!<`ne%TQZH9vP-N)fNpEg$(6kP^0p!8eJQJ9fr$!yNc49Ka& z`9A43f?~#c9sJGIh5h!n9Xyw3;fZn{&L)V5?X6cP6i!qx95?l^wSO*~WDHaE{$O`_!nN}XUz}Ph-oxBVhnjRtMZvC0p-+Es zGA|X$*NC~k`6NSQyf$azW=5^_3j-q?jDhWkiGfC|-WpA1q#=@i1Lm^462k06>8I&u z>YwP=@N7u-0ol&ca;wCsuJ`6J%&mcBMKK#V4JQ(XD)hgkYl5etD4{7~5&zbyco{GE zC@XE5wC2>o#{_!~2kGC*Y4DDU*Iswa0-ny1@Q$+OjFI>ghWNvqp5r1AFs9 zzS1^Z{I&Gslqz)IL(Q(@&2yw-adbG}UUI?U*FAfU7Cou2*rW}z2{QaeXHdA)q3y5? z+HU+&O;tMj=P7fttMTVoMC>cueC@flDS1(Tzz$lac&Uu8Z4#=jESI#@p1Ncy*(+gC zF(weuKg#2-WlUb|1E58^WXi1!qz|AL#SHKahw99)i_fM)&C2#h$0KAUNHDIlc(h7oQ^IW*UJhs!;Sr+1*u^S+2x-xG%jNd}Sl}XP3~O9WQBhHxr-u5-xj`l33^=$=$#;4#2!!V{Ntv?&KeeVWA_jW|n7)W1 zC79427SGW=OyCX$Yd#eHEM7gS)hBgR#@$+KGN`_H%!|9EmTLA1ES)t(z2!OUtcIHM zVzyV6KR*S2xNfJSmkWWpHW3@LEk>8iCJv%5f=FNr87nN`@RV{TWLzbavDPqN&j6@9kF9HA`ZN7a~D`;NBEiFJSUb+3qej8sVVOXX=|lcGo@po1zW$Y)kD*YltQBt*iP#i|2nM6aCua$ zbqsc)iLdm)>{Rdlo93ZLdloj4u2JcO7fn*E?hAVF!4HaZM6KS6fHb)h-q7yQKz^)Q z$Mim+5!e`F%#%cRi+$V3Eb(O4OU_vTOTFZL-LU(pQ>muL zeMeBY?QIm84<7{UT&R+~T4n<7Hz{DyIE(v+ArAFE?s}0Va;f2D3hLi5Vgnz>v;KrJ zyf3OcF3ZaNlN4uV7$PESJ6#SWO|Y0ZN^n@?`B^%)aNc~E#_EgKgFB%gk-_tqpswC9 zV4q%|!(LvZ>I}m)%6R23RGQ!ZUCq~Dc!z(fk^C#g=70D9S03d5jo0UW)oO$K#{0#f zG1L5g2vVia+qd$!o`4a)%7NtmHa%H(K7#t_k^`8#)GI$pWSh&}EIk&Fs5J9DF^1^W z3Cd%NFx8elT$N5ddzvb>EI7Miu{(d369M2CwLZOy$>1e%F<&7ee(PR;NJj9U`J&YG zEB>)H&s_tTj@9>cBP}gMimvt-FnHYo+z&(9EfSck%tZhJYzZA!b-eWRl=8Zm?@ZU@ zp6~-EAH}1)Gii5v{W}xmbq;dUca>|H$er_J{g})|vg~-=NDAfNYAA-IROeo|X@py? zx}NYci|#J}tBY}nsF7>6c6%7%P02tlyu!Y=SYE|*aaD*OdRY#dcd-pQc05YjGkYL7ZfHeD6fSTcLrDF5$!)WS!AQ; zzUDn2QHG|?hr@F&x2}hDt`hU0^>))fbv@=|0HzBqa9hU5p<8JtEWF+;0$}y=yq*nI zaqaxZ8;g}KkL-_&ACOuvR0P+at|*o%T2Mm=9JR)fUMg>*aEq#UMpaF~*qADc`;QAV zSIE67n`pv`LHzQnB|sg#El{mim4wuveRWOP^2Bz;*||X{oB)PeBk3TAmHJrD+e9YLj2f?ih=^n48cc!IPm)!%9}Vu~pok#c(205UYIrM9h( zE&GK-kR{!}Tgs1}{II`T>gDewHSv682%(D&W!Ge4Qf~M(=l7{UV68eqhyLNqsmOtNdaTTR$#fIv?~a#tz*0NOYc?SoW<bz&0ozrtE-wk;={3* z$}&z{gNwfsqmiU7v95Hl0Hk-scP9R5Z0NX^q35`})%(FWZvIDDUTwNmey6lzyhN;> zFVGOVI$Pk>6i#f=1Y_s54Y<4GzfwwHToHa<$I|ySj@`%2J;q`65^)(dHFGajJ)#C@ zWw_Tdc*j1^q6RS`f7wsgfj3I2PdOUurgP({r1qlPF|@QFC)wP-h|5b#k|sZlgcc&x zZ8%C$!u$#Gp20 zf`WQ1nf|0c>FZhLF-cw3|eC8BmN2xj68I>W?zbkQ;B3s}xmJ>Cv%59<-=ThG;b(W#4 zrv_}6Qd2d1GQ-T5OD7NLVS%>u{zEU$q~;B?>yRTAD7{JR_y#u=#8)|eOh7kU-N|CQ zOo>sLoWuVTq2r7?&N1TP0NWLR&NExzKN7f|4Swz2VXELge2qA_kChKg>xvVg%-{=}XhC>Xa8GzUx9*s*e6HG+ue8v57g;DXF4%^}eXF4;wk`9N zC9U1-D$Y!LTG{iwf}UeHtYWLZ!x(3+xC>RQ)u~omj7Va- zq+LgkAX{crfki=LDWV1H71#t0oqJDe@EkgPRvmh;&Z@9ZdTpwQdpSogwvOM}qIj9^ z;%lV8r{94$3(ur(Q5Z0IdQ*3SS>QI zJ4M^#6Z;vKKzPm=04u^wd~u&XMYg{@ur*n=CSkubefq5m(bGi3qom%cO1Fc!?wuW% zID|*QR00GifwIWVejI3F=#Z4ltJ<{~NYlgJ6bWHl;PhQ;+6?KAbh}y;;bxg4w zQ1J*|g(52cwzl>R$K{>>y6E!1P<#II_5bG;s8i>F#k`Fj{GZBI`ZQZDWIBuJRHGmi zG%wGP9;Ur|=y_-45M_m8FiuZn^YTlbbZm?+uIkYEr8zp|4-PDLb@R;l$lBT_9Gu^N zD>a&~U8{L!7tF3Zax9zm-E~M^Hj7s?Kc^k%0@BslE1Db}kXlraKCyr=rIa%ofPG0l zB@mN%Q-yV|6xYT&g**b_;gp)ls*_2%I%>P=!XNxw==AI|@mJXM3y7%{eKO4I`}>pJ zS9~5BXYa_wDNC?B^C7$>=C$tvAW>%nI>!LZ@TjQCTVm$;W443TD2BxuA{m+-)ZAz4 zUif9$Fv~4**v37uc~yJ>>+mL)V=~8?G_u_d>uzcJdam`%N=@Wvw;wB!RCQlx9d}Ip zsR8ND4BPQF!Wz z8*)pms>7~=y?d`*dSo7f`rJ7#9fAZR?AE!wi=BwP%#6PnGarbJE45Nk)dqo0!bwBt zT-Xh2)-1b#t-c2)IM*HOf&4Y@izuM~SM3A(*usD)XKpzxGq#m;h_*gIRzVp8b;*Es zA9WuH4oX|^1XNDPc4kK%Z`^%+ffS%lC?0Iwzc#3$G&G))zx>SpA@efCrPQiPKFNn> zQ?lW2(RqALnT;X-dzc{A*v~~~k7Kue7`}Rbm5*H2Gsc`{KIr(kfS4606WRR9YwPfG z!4g?N>52HMGG}lo^KxiIZViOgPOouUtpL5j!G|cNpg%F}61yzB#_$3hN;PRRs8Ke^+Ql6{2^YY~NW_DQ;YOtyhE19K86xD0uD-W49 ziIo2S>oM4j6UFTN`SJP3qei!!Izz{+3AHeF?SxV_ROTk71A~0Vx%-bN`5zztb0zoB z&HwPzyR8l%QdaoCM(TG~*8M;1y?0oX>ALUF*c&=XlO{715fB-XfPjdj6afi_G-^;f z2}NpvP^>5*VE_ZtCA1V0q=X)DkY0r(v`|E9sM4F@FSGVqd&*gB?S0Pm+t+peIQb(a zd7qT`NqFD;x$pb?`L?p@1$@=8kD7A6bOq@w+%g&d36Wd&)bJnhE~28myoW&iM>yC3 zWC9k;Oct@kI=u3J$n6oS0D+)_JimNBuj!h*Nq=IuaS|6kY=dgQNcC(syTj(%6~`G7 zKPS@AInaEhepHvz9d=#bktZYjM_+N)%TStvZ%f7e^`4rhz)X!Ds5Lh*esvWzfi^)^ z27PHPPLrBL9w9_X$MV-c^;G|LoP5qPZZBu&$7->Cv7A8h^)rM<h6Ft==Byx|P_EahdSHm&0?(V{nSVK}8 z+!k@Foo`-{ucF{9Sa`(He&SM|&o#l~GX-pFhCTcwZ)ZBkiOyb`sw53xvfar5XoA31 z&k$P4H3@l={v~5V)!%sPp1&RVA2ziL8Zl4;g3Yy&pBZnwF+{jqa^J`v)&kIEBd2_~Sb z{Y$OSMW{Ou0>01}P_>qx;wx#3Tm*vrzP*-3GiCQxqq<}wa&$m&vF)*5_>kS^;n(RL zh)hf{ZV%Mfea0%C++PaN-4Z{N-aoqSGNQ9{ld#`Y@{4RmU(c5GmlRbl;bCxT=WW7V z`>QY`Sz#1dVLepU@WJ!25I$g%i$_00|Eh_7+kOYVe-Bo4T)9Sh(KBi{iOESUnq9DE zd$ITWPVHtGg!zj+a+5sqZb69bDzX8;VTvLV3HinifRio?Kcubtcen5hu1edA#cHuy zu|N>`g~E45ekq=qKxUc>?UN?))!_Ylx3i2JgY_gU%tae9%(WDO?usZ;MH@yB78p3b z%ul7v0;sh?uivDPY;fF|N{%0v-wfN}Y`u@W67mza?G5znk>nKV)Yj4hODUcGpQ`=5 z*FBfupH^AXH?x`^@`erX?OtbGx64h(r${(yA3n4maS~cslv`L-X~-u^V)^V05lDo5 z^ogVd;(UR6`P>5VbLnzHu`9wjsHDNM#$ZG1@L)RiSPH+ik3DX|UQpzad>w6+LIYWi zHoJ7F<+GlBAz4hZ+K!0XwRl+iX~G$waXt`m*I7+yG@}MaYf~TW=gN_MRW7gIpC?(q zR5z$5a(-OMi;*w8adCUM3~wzc_I0lAe6;%0Ht8mst!Q7hmiNFR&3J=Loh=1@QP<&; zX#2ztUsqs}iY83P7HMye)u)LPN0?xh!iA%NU(q^osF62w^;?TNseL{0$v0WcGYV{P zUtY+JJ9w0JLZb^eY~l>Y7|1C^4V{&Hnk6%AB80WQ%6s8swW6wZfi#6ocYvoR$)o0w z)gy#SBn_TJH<|zjKw~?{6BVfJk0xnzzU4yWYi#g*Z}g2qIgN#kL&}1#AxAg8dp4-R z4^_|fvjWFN(`=NG>WUvqZ%13IN~?8O_nEB>QO5|lv+xNKB|Wnbkl7}U^8>D2HTiQ2 z1~e>QMT9m_`oMDzxK}u^quA%4fn7#8r7_V+1lIob_g2V)H#t7mud*V*xq-y=G~@;u z)TU5+Xm%Ahvk3JJIbZ!L>GbQ*!W8A_?>-AASZZ8)NQ1K(w0>8VrsQF`3s5k_?Jh2J10c@du@(!&9b+D zjtP5UZlU`Z%uGs*{|Ua3ZtKa90#|^dG*?E3)Xh%=5Tgn z&~C5Q({;j1IJ1&O^fR+xzwtDuF7eq_pBC7wU!F`Sd-)9|q`L^6s@?|tFTv} z(=c~_Cbf+Wnv=FwHqd@*A(msXhOZ#ik5SRbgnrT}K#wA}OKf@T)>jcF_6LcKQ=OKM z=5D}rMVvUezNn5o2wbzz5LN6x-zP;55--$fcCH%x@_2F=RpYA10CHuKKfiSLU$2IC zS(seMsdQ(3@>aTqxrY_vx-?q5V0z#@VP-_`*_d$i{j9XTuxQ3B{w9%7Js3}M$?uLoz z;hIym76a_HYR?IM`pG1q(^JzPZ?TazUb5yhe8tUUGB7K$5F30ZIX!Kqun2%f;ka^a zka$#6-3v{x+T%Ai))j9TSQ7IrMZ%$G_j_)*m2PZJ8Qu9jDc;QCq`~4UtRyoOySv7y zy9p1m_hw&eL@pf%&e6bnq;=z;OU{1yd`U}Bg^i2YA#H>la#lrMnzuAYzeT0xY*kT^ znt?tA!54JRCva%DVbtF~i|x&jz;t6IBB>I$64FhDn_Y8L-aSF81EW75&-$!S@~!HG zEFyHy2{mgxC++j`EZy`+Av!GHP5Z0|FdwB2j;S=mGI6QXx0H0bNzH)$tjFr?lj5{cp)ZFiNJ zhKzxrPu)}e-Upi!vRm~r&E@?U-ceV7F#`vt;L`?@o1(PB#VS{;vlXqJ3FHP4gSo@v z3qV+|uU$sdP1ceAaj5gkrS!`Cz4`Gsnk`IaimV5>rJl3S_&j*bC3gU6`Wx8Tr5SrJ zKxq=1`S5AdVA9y}5k%Ci)6p!^ysUDGL}_~8P4;sKR}fUs_BQA`NKZ+sC`U-0W|moi zV(t5w6JAEuExL~`J=N$*Lp1m^%7&yE@v|^+zlJRu(-Rp{tZl_F-m4KgO#*bm6$g8- z@IfWIjtQCnxNv^NgZ{ZHscZopa7|6orDnp{jnuRhFcBxKWB_)60TyDHW(_Lk?NRZW zpm`2At4IVm?$%wc62p$uBt1mo+2?Y>!KH}HLa!{|flbBw2a!2?>4hs$86@*@%p|zT z(<-?d9~dcdnz^*%o)E^zCHfRse>{Imx!V42*v#VS2rK+!nKeLYt~8LUS>c>RbMiYE zZM^gvLSjXppyh_SH2TsP#)Ox(TeeMXKh^Cvsy6Lo7xos+4;vWYqgzk8tPQ7E zl;g@aTxEM2S1|XzV=b3Dd?%ew-r%~V@rDh#!aa&n3u}w&cXd*f-rDY0hHUH&yIYF- zxmEqbxKLoW8G^gFdsF?I>S|eZ$;J*^I(M`q9#pV?Clom1-^1n%g{Fn6-M(AP{G$Go zD!GhO;=h9y$Xsvi%Ze`qabYT!`D zul0-R?@tiU7JR*sa@V$Z2*T*I z+HX8#r{BZZ>EHEDbLZx}6t0-^0O_|GI|dW4r7YAwT-raK(YA2(>ks{d`(?C_W}Pif zj2!LnV|X*etOgNN8DAx|xb9cBCFGrvPP9HZ5a6`#K9u~2OR7T8&>rA+ovd4D{K?ir zW#6>}o?l~Lvx9F!NRW@@w@sWRNOb7_*1vH!bkTzKb-gjMlqRV zyZuwW&P(@iJoEDhua<_kntmeA|NnzVpcmGz(8$5Ar&uHNPTHhyS7QGEM8 z4e9X-r#z=`0nld3$=c*(t*CBCuHL+P z)IZ}KIX^O~>{^EG)os)yBwD;7M|TMk5X;4!XhNihO{(47488X*Fgr3h;d!o;i;2o_ zOJPGE{&P5`(k1sqqQm1J=$*CL#TioopXQqas2&HXXmfk7lzy2j0AgjZtxp~F6}6}t z9<(d9&Ltbno6B627))4qt&@yp3@H{s-MzDN6DVZy@3W*A9Z)0m?9_tmUNpj5lg-uW zC6330O31}fWrs`#DavF;c=RG!XuvC&MS4BdxaK?JR;X-sjf77m%z!n;u!K$yZ2fFuYKxNRyl&YK?q4n!B?O>W>s%H4gg(!DZkEo zp(i!CM$r7_PL+tFC&k; zs@%P7z=WF(pC{}`SjjLH@jljt6@sAFw2b2)5EItYF#j})X5hn*A@*!GWgF{`-`4-2t^hpY2Owyva*J z4c>955QlstKHsZMaIoLOyulhM$T`+YX;I)G2XEMVm%DZO4f+qxt@TfxIc@TDG-K3q z3VzRO*pr|SHfjp&u1L#J6y0k}T^l>~!d)|@hBvd{d*M`_+SvW}`xO&{a4iHHj$@da zk!7*h1^`f<5M8=<3e-I9%#yd<#g~)ccvPL;G1MM0#OJjrsb7i33KFm)o4J`)ODnpp zqQYgyM<(D$Kbe>XKF4GSPqQ^zsyDf(x&(mmAtw$={@PdCp;j_c799ElM7>-(>Y)~{ zz1~hU;2v?$VFjF1r?qI#$!SaaWUcPjaCP!J8^oxFb)~t*@G-yMhI$zdS`bJf%~jcG z%g_?TF_Hz&oZG`QScIZ%GeG)%wQ6 zcV)2*Sy`5XoRX^;E_E)g#&F$KeJH21s~f3rD?XAZ&`#?po1R6vG;$l9cz#4ev``$z zM_Y)d#O`_M<28o7n6)ua%=)U81J3~~xuy)mm)kp+TT?8pltq04=#_D4=OahA8YErT z9>;iJAyEI7Lg*#XWk+M;C1wu&1IcUzxzdczA(aJ=wy--~_o_M4C9X&DAM! z#!C_av*XX8klSa!JVG_fry`HM;OKo&Y?kghHPSy{_M<=G)Cv?qS+uK6IOJg1J2O1M zMckwfOL9Bn040g9o@~GA89uAvi?N<+5a2cB>*S25 zzsM8cqy>0mD!WP~?tZvfq6jMO0|>6Fe#D?I6|$*}(xkH8p!dJDc6P(@8sbsPIUPuu z&eaMO=#~wA$||f!$(o_9*S{f6c+=pc%;UA>wuSU`Na62rf*)8%PI=X#cMvh- z#MBgZGhdaKa?cZLHhCi4Jjdya^Cuz~Lf&SQLsW);eC|3RaXrTQ^qpN-yI7E*#ysO= zwSs3b=AQaCX)rztY?8TQBUDH6qYzq<)WlZf1!&KqaZ+;HyDS*MR)g;=7ehBYCZry+ zMU6t*l+`J}nWK9E20r!KXht>|a=WVh78K*~5p%+JF$?h>;d-+$>EKb*Aa7A@_jB_N z*RfL{E|upXIS6aHftpSzrjw?%@CyFYIH>h(8EOA2$FEh}{Y#|d zPPADQ^s|^_Lw4?CLUohuV!(uNWW>I=6cZ4}Pqate;P>+Ey0seO)MI7BFjVS>&R#wk z%U%h#Q|}U&$o|s$a;w)+yceJ;(Kj-Mue>04F-%L0y#da)l=R8#J?ZP#1vs+m)$Bd9 z8!&Bqju=FfT9Echo|x~ZA`%s(v%^l*{Gzd)Ie=yOV>6 zgh+-y7802r%k0#bQm2D75U)8%sfUaCqldawQWoEDs^_Xl4kb@w?=!NloW$NXQ3b?X zI1#?_MCmWG_=1^F(=&$r)3iJE@g5ZM26Rf1qSBJyJDb|>xeKS;a`gNa19Dr5N`3;d zz(r~uNh75VC)^1|fe6z&FEj)-eeyp5)dNW>mzhJxaL&BCwqDzKl3V{?+Q**-Ytnie zXE>7grq$%nGYtY~CxLu~0`HZ#VO8G^Zty$N`|1W>AAL$Vl)pTPqB zw++RwZ@4*lH31v9tGA;@>%PEqYuUX@A-|TKH2En%_eFhy`M#tRZOF9>X4nt?Sx>;b zskgyLqGv-x14)KsK~SxZ|Hvu*DYE*fjH};9{4?z+1b*D?#EGQdA_ZNnaBbrSUD)jp z(4gT~{KItI5^!Se?eRqc0Y-x{$i`HFq0FbhZP}+CHia)x{MxigMFq@y%iX|2CLA+( z`(Xy2?XFi(48w*HUcLn+KPNx?rpqywu2AB~{x}VctiEz87J{*1ed8f>kU>IZ4@|l3 zVcFAx&_GJLQ?hn&`nF?*u|iGG4{s9_@$^8rzwZjSUnOu}db)c^!XBy%5<3Jy zmwH+o^_i21X|95JdFAJnmLXXf#jO}PU-@uqFK+QNo@JMr6TR=NO)6x)f-bFENy%#M zUH2#NPN!5Usk7A%UXJ3xisvMj%bg^hBO?>@ zn{9z9xH{kzV{I5sR`z2ejA7=ju+!5yBat&cQ+)${7>qHVkgV4Gvp> zF=KW~=<+e?o#@k%${NBQW6i13Ls9S6+LoS=7AyngHvR4k3bn5%Dh>$^z8gk#aNJA! zsvpzZpn|2s4ZxAcO8gODz!E0DJ%UtSfnkN5e>Mc!JaM8TCohMZmuxN^VIfZOc~iR@ zEBt!jC&kj?P5a2PA*rWV`iN_B9TwVkqE#$_^ejoie$%p|O-}$skJIS!&AZqDgNq_V69%TxOT322v{OVr8&I>;-X1?tlj$1NB6e)_2 zIENj3h5QmRLjU@a0qp@B3P1(#)o%}X^CQ-f^w9`H4Q}r$JICLzaDsD-e-pW`Ix=gqRdUpnlRSNcA#;+GHl zJAQX|ETavi0-HyIu5n%3UO4dvQgNcwCQq|df^zGpTfYVgz#KYp7r(+g7vKv(1HZj4 ziLXJ1j9;G;MA8j&211YH;1lYar=+D5o{CnC5_7|gNbPG=DHK^k3|!YlG! z9n+swkcrR4ZmzA)hjScrny;{FfX3W`d+#7Ex0+|22#<@@JMD}GJR_i5Td}6nX1-!3 z8-a9_G8?sR6s3W%y8FDfA+)T?mq>V0B&3%1vcPa;9buLO1;Md|ac?ON!B&YM{&pby zAAtn@Zhq7f{DWm++$^?>CVi&<;>M;cZjf!zMm9OP4qB$ba@7g3%w{EK{d!~qGHY}}ok~-fFT)x*cZgaLlsn>As0x`l$MSsIU zl7FpYaXPOU?MEZ+-4vK&oXm_tnukPkdhRMHk z&dwp`#D(W3%e&@8+rO4pL0txI6j2=Sh@h!K(je_+G};t>u^KI*)TB0AR;?rDWEJV+f7F?NYrjWfM?5I*_-FKX zJ4Ra1ZXfm~kDkCmym8(X^BdJ-yt0)pD6X*aAXN=;<}PG;S4gxgaC@ zv2_EUr!#Y7S-!lEbr$EU{q*}(VB`Q89g|kKiO2iubC9%AB^nGhT$(WENs0If>4DxF zc#tk9ciO&x0#-qaBoK&onNgoKuV!09Wg&ykIa^eDB_9yY%z`4Y=9xyQ&O*!#Mo#EK z#{>gR9~~R;x9}ev8AcxtEuYKz#-r`NYO*8{omT+M>0c$@}N&zOO zl1~zCvK=m=rts~y(y{a0JHXyGtmb7Y2CM$E}@O^l?!B(_4~T`wUJt z&;G1>*1%L1k<1*KoaC84UH9p6%}I$s%mX`37nSwcAaLTc{d4||rr{yi4&mSAy*h{W z9phY~ouw=QY&RgL=pI9GH+_l^` zwFN~F-!HbYiw@q=Y$nLgM$FVa9|N^)bvM@@?-RGWRRTUr8_Iv3~Uwva4RWcE;sN3)P8EVw+D%dfeNLh!Jl-2pDnlsLdb-Zv<~to z*s0#Vmk%nATyBl(sO!4)OUJ$ZIJF9{xtI6^R^4yIg@Co-e~l1px?iNN^L|y_z1+j* zS-*0??pYak(zttgZZuI+BIEmJmYwgHH0|LbxuYqVZn|{K!yRqyX4MY@<#roPB*=nv zX>AFg!_m{R+TtKByZACvRN*S)s-Q!|SwB}&2 zw$ESa%lZ*gdZP3W6lNzL8w45MO=bq8jIK*px>p%hCXT4GFW@uFL5PdV#Xrkxxn}5T z;m58|>$Mu?n`*sKuS)!psTqB;+bCZ}TZ7nhN#!m~J`S%Xo$uRrt0nfD;n~yJXJL|+ zy3;H1YOAW_KK?JSoZv0tgl0Gn+B-R1s<;m*->aBMWyQAA;}t}s?{NDDQuP?pf`Z`J z=w!ZxtxefHtJvYoQ3%!KptjtrcIBXMwN0f%YwvoYm6gJ60)|)5P0N^=2SRn1;=7wp zESc8*m{&ffHFl)Q#|A}iRg_v^cyppoh8fpioUaE1PiLA=pYbH&o znOtU<=~QVqaBBQWn*2`P(bpJ(^0|?W!*@?xSc&gd$2JI9YuGCGH!6_NHD1vG=EPNnz+0^!fcUr(IA?^1L4(|)-J`$VI! zr+hE{W?TL`q%TNuNYIz17UY)~)J`EJzzmcfMl!T5S;&o-y%pBg=dmq#tm%o3Pw5-d zX@WP5HWc5o&u7ECOb>_H-Pvf7GP&0%6DOVCSTPJlSTmtZx(9dv zbzS5e&%fOE2$G#h<%(lFxm>@ODx(`Ntsno?{Vv8^WzAN+G44@mH#$=9&iTgE8)Mg3 z%3DIwtngpXwO&^a>&Mj&h!oBZ*4it7>DzmMUx|H#J+LVj%5d7>kiVI+=dx#2##>#y zs450b+3lyF2wTsxdj#0^Uw?adH~KVVV}IkSZpNP5p4HoAp|0}oV7^*97R0TISY3U0 zLT|*$9;surJE2`emSBx3}7ULG=3Ldwn@1s#}%N3QW*2cGrXRei|zLI zgTL_*wZ9yFIV643dB{!(w!dB@^NnZLlvSRf&{f{(uCzCMk+Ij5&$F6>wQt{z;;pEq z8`Xc~@!C;qb9NrGbYbs)yrMG{^7c$x>CTam20^W`pbL4sF|2oWUF8wcdsBGHKk0`L z;xK<9A^pYG`?qN7U$>wAE!O%sSI7RMfBtiC>dlPJf3A5xrTDK@(x*EAPHPU>=o&Em zDyaSF-@N;uHvK278T1zulRu66H+TM1q6*dhN0))h-`sG2pPt%v=Tih`$ffp@73@Um z_R6c!F{en126vHHlbg0IlQz7MqzhLqiyr(>=ggzprF*ZI*e0rKQAn73_4u1ALa_Jf zP8P&rt*GbM!+N?gepVMBOj+dWw@!Lq25uB0dN)h@5od-)d!u>Zt57OY=iitWi)0m0 z2&EIT!^FHN>xXaAu+Lr1r;R0(v1sM-is9>0d5ZSQ1=eN!FJ~k?PTs~@DhqaXtysDt zMoPCnd;bj9!~<5=>DBtFo8+Lxm5Y2e3^ikF`H}I3)2tK-DyQ;V*|h8MZ89g%vODY4}pVA^n#_t6rttBO~$M?o80+Vv_V24*pe$t#1fCuhC= z3k`LWnZJcoSv9i|Z-Ah9>8FEf7QL@MbC)W3)kmORcihnA@awZxmadb@(hzO=JTaL9SGc)d~=E)J76}>d)a91-6B3SEYrI!baE}ix+x|8@k zOhP%x8@mec9R|Mf%m~`K4T>33MYiP%2p#?4pWT$(LRLwrD<)jjh>!{>ml)oqGD_(WO7~?p@juoTjK73i&lPmB`#43*un2QVDjvI0s%<2`}rMP;!!4+pGSAwtaR#L%4|DX_b! z#)s{oLCW)lkyn7n>N_7K_N<9@{XzLqX~IbWAaVEWn;5P9!E4iWz|-j)9{@AlW@(z(vO zuz0uPEo|*x+SH>j4?@O8?YU)6|NV`8_5FXj=|GOO39xluqxKoxaCzuf)o|pnPLsFr z1jj&Z63ZBWc%@_^T^AUx(VFT@T1hkE>M=Do(Q*~n2bWU<6&GyZl_TBjE|VA5Tl#K? zf2_iiB8Kbm%!kBo$sjzJ-43 zi99mxTZYre7vw-YAG#mxqlGrwjuq_2{II@YTbQ_o+W&Op{a^R>5BLA-qx9mhmf~-J z8~o3bl+c^MZTYV*dY15Aw3s{ImP<= z516+-7MsdX7Y}qlRhilu%!eP!Ym`S4XXQV|E*ELcPOlDfB+ur7V>u&O;4`#w@Gx^C znV4{&ZA3>oecx`X77twjjVQ%-h!?6kne@ap=3~0Wq(Mc}&{oPE2a3?JRd?5#XHfDN zYLt%m&Z+%u$FjNZ?pJ!s38iu7BTIUX27gI z>S{4U`s6iM!8-?2f~pKyZdRZuTmAoicBpda~FG{gCP$zyNT$qW8s-D zj!m))52MbXG!A%6+sfvhN1fkM^-U|fB8!$+O-H3uR_PKgP3!Tf8#z{ArMA+an>mor z^ZGE7lxeU6fyWr52_o6fn60Sguxb~r37Q#I?;feYZ(LR%@7GqgMKtu zTvRm!?G~5{;7C&B?HM)@5am@>z@+HEeYbR=0Z)6AYXY_} z8k6Mml-7$H4(8tT_c3fej@CQwt$D!Ve)gPfia zIv81@IBOy5YXE5_T?|st&>bTxTBjqudPfp3YrX3Ci@N;9X3jCLLZxalT&vaOam^k- zy_?X)nUlX@uvUbM*`f;vQ2f9-epPD7eJuCuV#U-!Hq1+tzm5MLnC)T%7~C0xnv_b*|g}@Eo0f5 zIE@F%Fx|K)Fa>Q9CTDqWKL zp{>(bdH_GT4Oh~zW5bC?S+N0@ReD}Z#&r)xtxi*BkJ`VHI$6;-Y6|4h)@-D3Y+jaX3kv(bZ<>X0Ik@1g`&UOx^wdH zisAn_pd9-POa0HDdT(V-|LB@`=+`l|)_Fy|(6DSCbveIHwV872T|dV@cpW$V+)c%3 zO1~cNOQRsHtK}3Tx)ff5Km9A4z2BYi!g}c`c9jg0Z)MX?!7TN7oZ0w%BPLk!2W;Qq z$I@IQ?2D>*!PqIoK*$^i(W#@Juu@*|i*gg#&-NO(XX!oZu@uw|=At0Mubxxsr@zc$ zI!ue8L16 z)kn34c>6rd5u579=!)?T%_#ckF;k*8gjv)CGCg62&(X<{W3z0Ue1fhmK_MQW{<|-3 zuz%a{1{dS9-N8xt*S7V%Gw#A&Q!*@<;Q?WO`@l+zekfs1kC59aUP}*84GXk7e5W*jqnkUhCZBM0{ zKsd2A$|DWa&rP3esCf*kG4j|pj5j}B5*224DOTGppb61Ls1I>zbpn>>Bi2fL1)NeJ z^TBmK46zFOTPz{}--#vsKOW-~gg*m9Z%Qc?97`povkskka>$L_!oh0#tfMI^@cgU= zI7#?p##DyOzdLvSzX0Rk&CXx8{Wk&(!tbl*o1tc4u<<3IHdC>Q7wH{~c8W<|dC#}b zFnM$oB9X{k87O4Az1~|xOq#EyHAwjR*1f%(2fq+9@#J7{DCpO#V+ecS*eqPsRyX`( z=%??#8VKAg!=D>$T;Za9pG}6yElbGCfLp+Vm+mGbv6Z7TuJkKg?+xvWMQ6XI z$Tn!)R0Rz5p!D;#27V|@J&5^)cn!!0Exh7jNB@eJPL61;Ae3AlQX7jMPm=Kew0YF; z>4jeFQ{4dPxnUPTp&rHvtD-=Cg#lkLiO%DRsyy^bIL*%?hY@f%OhiG#ZcgGg| zXME;0zYE%T2z0d_q0KB&CKQ!ETDhbP)$_^5KRUShyS!qR^6(DJVki~RF~+~V5AObL zuMakq@3+Tq*AmaXX?}n1lgdv=uAO@I9rmnHHgfT;N5<8PnInBm9<*^GA}mpZ8G!km zYdXwc=mK&S#M3%s$sa%%oK|X8fwv`!QrTf;-}6=HQeM69)Y7S?_9ay?331^$sowpt zidVgR5)}<0km#4Zm5+aLsGs9{aS%q{%`A3q^u<`rZ%l!i4oP4eqoUF%$rq#>&_Dx! z7T^TM5DFc3*F&3WfNtIIzdXFO>o-gVM^1X1VG6-{i{-2jhWBXSgR}cys9aEi1E{e= zqAuxFAJ7mz5D3J^?;n=K2I%=&nwq|JoqUqGSve~kAG03;dW=0N&13)Qw;k3t9^Pqs z#dfToKqreqYYy8xlBq<8?+dLbP@t}$EO4R*A6EejF@3iCzUjNzM_1klm15Roq;mZH zbpkUh7%K4h9Kx)~RWU{37lqah5CZ`Cxv7zI_U@yL&BNEW9N8*+T# zb>k6t+P6K>TJ8y>ApdG>dBR0kXpVczNg9DYHn zq6;%bi2lt@gY@NPY6kCltH>eL#f9Fl$t)<`E7Lel{QKUvB;;8)e|ygVaSrXzdB6V+Dq`<>zEp;A zV`*CQcp14~bFfOd+h;;H)K@hk8rJx*iQN-`>Cg;n4CoBH1)A27J`8`g7{%1k=Ukv@H z5C7{m9d~U>!KgL(aLDM` zyA%BW?jIihLsZe~``wkme;OLee>~Li&qJfUoBYE6G&1r|J2YdnsbmTS00q%RE&|!vX)ECxof0UBG`g-T8gS zblCP`-ZQ9rhFsDYx$V*Y+srle4`&R#C1?Kd#RtQySY)xHz6to?41rQwX@Np1I3h$2 z@m;Z%!P-6+?IjgV+?MF+xK&S!Is9(6QSz`ETX_woeTr7%kw=_|epOJkPP-GCuLr!| zCk1Hc`qBj_k7oB$e0!>&8ZITy(bGp`8Kud&B$lEy;ZBb}-8^!mLX)d~ofz-5Pfg9c zo@Dc+!KGmyHt+Q7Z9%~zh9NJnpsL}AAAUnm*oSe=PIUJ^0Xn5KqoO>7b@~z~Z>Uw! zsVp}~ay>?e&s|KMg?1lQcI~B3W5d^$IbO7z+?}&ej!CsFX)`Ud(XUZ4U@u3R*o+Wk z_t>BFB6>6^TptC(2>%L6MCAD#FynH*>uJ|qlYB>+B$M#UZi(C7(047@&)CaAfb04d z&7_Q9j-5nnW>re)_RkMKCY0+RHVAj77WSEeEoMo3%wlkxl?ljL);LEmGV^>d4XZDM z>@#W@1Bpl6M(WS3t4ve3fzM{VIXR@PgJmG-XhGmYh%Tgu1udq9W797RQlax(J~?m& zbsR9=>O)C7(RF`=cH4P_QmF2sy0M#Z#n`#5&t{@csq4w=;Tjh!(e6SSJ=945cv_oE zW3-z$Kr@}ONQ2wProZRO|r9?H@|S(F}!eH)d!N@;T8w#WO;&R?E7bi zs=3yf!bE;ths*k^*PstY6Z6=E|KxkScgR;Xh!CmWl1eqC2p`K_urh@dGKa@Hfn(oB8HYPa=Qw)otW&>9uVNJJ<$mYFfvevP3cUQRp${u}y zC~>Ga??``@9sAkP`DzYe?w%@0bxE*iaEH9tNX`2ptGtrqqIoyNuY-7 zvPf>?^$CIi{GZIx=5#l@3~oRByvC&Kp$G2QqZmfhMc3@3Q}Gou zliupjAl_>)rcZC6WCpJ9#)MwEJJg$GV;3*RiM1SxR)~w0*VL>6;$p4jOyO{+nsiL7 ze)8tScb~i*lAp|KTC)8zX?-+2sv040|ALxTqz6UcQqai}Bt(4?PPf6DIbBPe<15#0&#B?s zQWjSbTT3DmTx$k$vkNc@I7We#ct zuMpW_MeqsdJ(~qWt=1edL{@c`xlf16#{wp)OE0%84_{%uI+vzwd{2R? zsp_F7!{BL6yb#1)pS!N;;apLxNO$tN?lxXo4|R}W-nu@K-ovyM>K3ogx$P3vlhc!L zZ7@Iv*LE)IEv~MFlpspDh7Id-SBL}qas}r`GW!~WOQDc9WMoa7WnmUlK6iOv4Vi_!ODRLNh= zE02q~x_QPJ+n?!1B8$-+z900eoaJVFK5j7m2+gTvfp$G0VYul;>SiWhq#_MTWVvgz zH?W-E@0%P34c$7Vh~=8OqKa2X6|*ol;tJFdEekPw2X_wI`qktN6O8eAajL~n*rPJ$ z$%EceU**JkkIE;b#%u#&_v^75`Oel@lvpcC?y|R3umVzBwp+rqQQi3YEMQe+*^Mif z-1Xlh>mU_I#Z_(H9-ozJijB7$`=qlS&)F<3F{G zKm2ej_ReCswyoru#jzQdt&vn-;G;#h0qvx6pSv3KO^JS@#k;%y0}t`}^$LnJZymMk z{D6^@k%b-MzOXEd54fP9z%lI~>}X=~ZR=q_tAlfrV~k(4#k=;Nd1&FW72<#s!sGzl zb4hoyA3MOcv7Sy8479DTKzvhvVxeFuf}OG7#>K+8n%-zAGx=bytQFy4c`{~@GB}nO z4;myCrr-_HcO(`GUwf)8u zzyXr}ntFKj+t~lpi1WKYStj3Flzg})#C|A$)wsbIJCx&`<4ttEbp6p6OWool$XwnrR&^wxYmVud&wQ#;+(@=B_^?<%VlB+q&NO zR$#V1u`SQM-Cjhe7yDU}A{Ab(-~o4?MfB$IA7;`<`ukanmN|NpOKbSm-GZB{l0UBw zEonQ=mO%xeB9pqvH=Qa`eR?mtwdjR~RU>Q9 z%P-46ws27nY{WY-OBDf?g|rs_&@x>@eXNiZh&}8;a|k#Ej>vdL#HWo zSh8B~U>imET%)v$`>(}6OJHL)*{~`7b!Y1p?XIzrVANoq_w~2`@s6PYT8aOl#-h4t zxvQ(IoiC$H^=0$tXaZ^aH_|g+ibUF!`f>N%`5HM*K|*uwK9MUo?Vmh2?^MV+RaWHz zI8S=8R5gOfV%+IvtxzH*Qa>vz_=?~9oj$JT8;r}h#OG!2_?UngO5Dl|jUVLo%0f}l zEX@-h6eN%Y3P4~77G~G--cIdjx@@G5A&yr&gXRO$iZ0b)Ux+ooZN6@%<7>ff5Kj^u zxzgnN!9K|j>G!Y~5DlEdizRAhy=5)1XH9BNROL)mtTv9@)2vidW6V6DS3wPecRiC8 zkeULK`h|Qi*Mo^%8M2^TdA>gS|b4K&t|MPtOL zDnwttY_P3&v%-$h%;NU&fxHFZv;C8(%5j4kuJnFyg*W6S)jLfxrBfPfca3rg&%4k@ z70}j5;wJE({IFKxf(~jO7Ze!b@Fr9?s1_>g?kL+PF3#a-JOovt*!Arq!RG58KMu7Qp={@>0|0mt$ z(BT!Dj1RZpgzI5meXjBCSP~59oB}0Ra6+Rw^~JNi*imF|J#spIV=kC}g{cSE8nbt{ zD}|LBtZPG8q}KmG_TB@msdQ}@#_lNUpcLsNMKm-K0@78Qbb*9kMmh;Kp$3q#AVmQw z0SQfd3M2xC5(tbST|gkAgeFo$2}O$1=46-I`t3cl_n!To>s;sj|HpN~TCDZ1wcf0} z<$0gye(qbjv?I57lmM1%I#O*ytH{!6UZag92#6U5)|vI`n=mJP*LHhq1OgBww8Oq} zJ*@NlMo>g#^Cm9ua7Q$JY#M=^MpjI)vJp=-~OMt9wUXa(Undh&LJD_)pb*_HROK zP3O{hRl!;dCudT}5^fp1&GYw3RKg4o6IXO9itFWqREQivMv!};T}{`CH?NKOl<%(E z97lmiuMNp&l&n;mQ?6t6LhJ`Cxy?iJ9^OE(y<fi1*d!qgTGHq4dEED7<^{#%8%# zP1k|H(6b<)?M2Ds(|)7dcl|?k*XkDDFk$u3x9ei01m0>TU>s5Qjf($rk&A`^1s>w& z{<{I16_8vF%#9%7#mX4fs52(12zb5f*GA5wiaz%Qy3B4=~Hl5HxBpe(J}}>zc3$^eUK`~&oG+0@=cs<7`2k8j&oZGVLBNO zrotb%Rc20XaXkxOiQZ~ha~R|v-rQ=yhm5JJ!x*8J(f{9iZ|4sZmSm6h+j-VNtI4UNVd zu_nux*{(m6-;J|^aW4V4Z2}BAfCDG{blqK26=W*Pu;|!X@x->wV#K95cg}cAxg$Dj z;Xj~Tp;01E#_I?PT@Gg^^$TpG^~#Ql*g;VVu&gd0e@BBa z1vFRt_`}$bXV_jWMR*R68wYe=KckLbtKGj%9seP(-u4QbVFp+)2btYczLeO};E$b9 zZonlUrNp7FiM)X~O8b6cDSF>iB+oCG)NH6KX>GEb;TumT6vwCkn27vd^;OT6FxcE`{ktphD*}Duq#GA@SWYn>niwP^GjdZ?~!%$m}m!cr;Ap ztt!c&db~c$V`RY_)~9jH%ET}jpC8beeL3IB#o?Z;irW(+hAM4V4G~ijJANyBIY%Qv zoU8TKUa>Jcbu5}#+PdG9Y7@4VN-TxQry|^1MI=!PnqZ1r& zu&FD~&|#0%nJ_|iIn$?MJzW%A|GhxbZ{0v_e;kq;#LRR; z6NV(WM|;Z0er%P2w(gm8*FgrsBU`KC#Q6DzrQx}XLV7Da8F}RhdpA)3Xn*XU>u~x+ zcsJ&q51XY#$(mKs8uklYx3g_atFWSWZ8w65X+@-4{?;S^{bT>#G3h^AsULk)eWqvj zHKNRIPC{ud+pJ2;QX``wZ@kAokWGwZQPvSn?UD@d=N?%zSMH(b~F4AQ<=cjMUTj z@=Ho;+FF_8DOR#1ItDt%V z2yA%Ev9&zP8tpefBAg$Y4H#gWN{))baPT|03D~Z45b!7fQH(xd&9Z7+3^-n~G-WL9 zKlBNPlXRks5hA77^*PK$qjI|}n#HHUMoKg)c*gdFQlR_(TW=$;lU*B6&pkcoLI>(d zJmL=5zzt-1(M1wvE48=0mxGr>=rav)`U)deeCrb-M2aFbI@S|NDl^3R-CLX4FyA>n zf?0Z{*#W}1@bu*g)i5GUoyO+~pv;=KX|PrcQOp8QT8s6R1^X;sz*m)O7O?`@64k=;vTWp1V?&} zPu_hSG~xyYo66Z!vD5{lOFk##5jAR_sz9;ZRfv7m1dt%#`AQPpBn~axjbtp)3Fdm0 z%}T15N{!OltUEk1$Fox)Bn7dvP~@Ai!*WAv)y}UGX6PLcLb{z-pj~cIMx^A<3>=%3 zmj{JOROo=dFr{!uwn$HiV2gM0Y6l!=WFA0UCRe>)&hB=l0Rx!c0`+cgHHA3m9$a-_ zXv#wI8;)bglwE!92^S<;2(@G?DFwn}GZk~Kt?2Ztwt>eXT(N06J3!!n?>W0|P zEuH95wvL1>KD>745wKZ}6J)iUsaQ7_R~R$%Vm9E}h^)lz72|;NaSx}G+>+uTnXc3Q zsWocsd+0iV^c8gMPrno9{`~>rKOfhC=2i0!OmdHY<%wbAYG(edZEt9R!WqC>c z!lilX4GUe7_`wwGy#dmx`Yt>u)OsM_J`OxtYBb}-(IA!JMKIf%D+P1V)WOaPI!P-trLwUuIclNXiNJ)Lr4oe%KiDQo4b**AFUfz6uH>_R#u`_ zta$-~Sq>U?JNaFxN!AzKin}M#lLQS4LEZ+3PLOPqwv;WI1cn8*?5iv?_nQ8 zdMer_=lziv<-Y+Z$o8AwT^oC_l2PF*Bq~w;g_sfsM04+FLjV<}= z+xAA>i_#!!!Hcb8Z<|m#UPAjuj#&RF@8OohGAB@tA&;po1864FmE>jyz~%dBftVR2 zM3b_7a0h{2-P2Nvyl!g9&)4-NNPD(fID_&GQH+`~j*6TNK9V;6{k|H7PZ>tJ>%MGo zO`pWe9xVAWOVL7969_6zDztt&N-ef@vhZt^tpYnJr=W?C^xQwGvQ^F-(b5i+Tu^2X zko?^2PrmjgrbXE~FQBzI(uGKvi|7*1=r{}2?jQ@jvI$0_=PxXZ#6|TK^U2NpP5tiD z*XM2gTFSdS!|OYFcX}D|oXR~2B7-S_cXI9%1sm@jK_nl>y*IeLqLVcJ{j^oQ)qQ;1 zI&{>x#KX?Y1b_pV!mwp=aTh5*fM_x#$N%WQ?~q!6PR!H@q6rSLam}!I+jaxPB5_EV zZ6(nGuJq(w5=^^#jL(aMuj*89Gp$fML`YaIZP~zSxIA>_)?uti%LY9)5yoY zt!GO$i*tmiwboJ0pAiVZ``CYd;_G_zKa2|;LDdfQ@rMs&?OQW7`xc^xF6-*&ui66e zYRdz(U2D#9?8VQ@*7ASy{=BNqH7g8d!rdV7*e{1an}r9c7lb7&%z*!zQ*j-81bP2v zJ^O^6F%Igqw=;abf-3qgP2slDz2($k7%=cqif&D&%g!j{S7ce>MT zaw!+E#Ptiyor(RIOg7O2_V1X^sm6>&%)an+goVJ@8r4v5o&fAU2)kNO%IQ|1oqKZV2h_TnUSz#e-CBloq1*~LaW7CqaC{nxc1!IO0su4adhku_ z=(D>-k%tVtaNw?CXTp`JI>1n*^(;2uBE_KYEclyV zF!fE_Q9`rKI6Rk*R2Ved(P=xtt9)&8aO_Y2bJ_pAl0OYh|HoU&?D59RMQkW^V!-ez zQ~(TVTQ^A1Uxaxun21)1Rur%xspX*ioN1||P`4*X{&{w62m0{Yw1;pIQO z;P21|q1kRej^hoL*?9^z}6}%JMbG1dw#4Y-16Q*0c z93mEk*pxn_rTx$v8*VrqF|K7e^cqbk91`%i3^(nq@h#Y>KTkcmC2fnUYFiL-sY_N?;OX>Kw7% zB3f_5@JKc`j%CR9&dqTUg|gwlW@>ti@B5oAt?VX5o)#HQBM_a{7R~&L`W7bo8x{P` zLx0Ri1u4D9G^?DH`$h+siboqLgFhtgejFDb+0CV%Y8?*Pid!P9Z2B@urdu1mOe03) zF>b+UOXj6yV;sV6kDy%7(^j4bmt6lmChn2Bk$}}!?ETXAw37qBSNNNC`}Yt2?+hQr z!R>DU>_6D($FXfv@hpO)vghS;L2UUp{K=E=!~$>5$zN`lMNtvN1Q?Jj`{K-J_VIdi zWy{UfK0>Pbisy0aaqM~-t+k{Q8CG5udT+*wm|*1v_~PQd^)vI8j2)j>H<^ITjTn|h zxboDzfFD^TYqW+LN`E*-A-Y#7-}DRK6*|;aG-1L1Cyfv_@yfGS#=ywI#O?e z_gIbqNyCBl`r3qvm58)?Gpom(v}qpU^t>iK#QuuMnwpvmOs|n9)cOozIbxH4+t`!{__B2mR}*z%I)sl-?PUt$`lB&h zq(EP0o654gIvO1Zb^r5MVZ56=c5XqL;hNz=Ojv5NfS+YLTidvB`Pn9r1tiz9|I#EF z3|1mpklFZVqc&^0dN0SRQHy!}5~^gWOa?$cICl)#L~(`_UuummGpmRMgUvVn38$jt z;eHp#CXGXRwsnYs;)xvAE9Fu)U$`PcOeT|b*TJoZo%r2ij5RWR_ZoGyDP~cek1lqMzW{TTs8sSqIn%czI%rx!#j5Y9%w(7=2ETNCdrJ+~9l zpjoT2crNTth4FRr!j@_X6R>#0h$FP)Br=RUf=T`JHAoeW=_r5<5EYF= zf|vs0K23*uOMiR={DtN8BU4{aD#a?5R34v%El+f`vO9{8TyMnnfV|BK=OEj~SLy(Y zn4EvV|9>s{$DB*YufBk!e)rQvnWvj%{pZL|xoV|Br$^1MX)Oz=W<)EMmv3l~0-jkI zI4~0jn!jSY-q0;GhQk8%xo-HH58Lwo`-MoSCDN|;mVGv&I^yHhr2HSjbbYP* z-}e64nEbcPzS+^P!DoL^LQdX@ZAK5NsUvNEd>=?{)(NfDusaH``T=eu?v##aD#LCQ z`C@v`!NLGO4kF7Xh}U$BwvnJRpv9!&-UM?o*MU9*{zlkZxLp}4P^tu8mmga)#IiKL zB7ff-u29pC=qF!lEQ3Dol{gO`_GC|yRTBk)9qTXBW_+$ZZB+@ng!<`Eb^9OL?!dA| z$wCK-(($2?|DVZ%HwHxA--YxoaaLR@gWQ+S9!F&8Lt14*XMl~QDJ!w7?01IvHsfM3 zb9bgEG4ndAmaVSix+9jG9({zw$`wcbjHJFZm;3D|y?}Ca`fGe(DaA9()a;K|SJ7cE zj!&2)h%%=FA=h@sM`Z(-7O!|jVMKnoVyQ~aaLjw9ycz;-l(P-uH~*v+Z6YnsXQGWo zC+8{N=P+lAFya%tVU|A}x)dxA1>B>N@i&+ih-e7%&Dkr@#5fUf{&A45QEYTQB;tc! z_L&JXWOy&)K67M5PwofgG#W1+`QcA(n}tP%Z~I(6g->Yzp{-O9Z@^^@Z*(OHY*Xk7 zzS}GZX(fr(;I$hHI~#Epkt?cGH>VI@nDn!&<>5}<^w}y$%X(GgxJmZ1L764Ib>uP* zR~Q#>AC*rVLJj5th-|?|Y&S=gJc_HwlRsQM$Z%xG8N0PCua3}p7#s{|uSxq&O(Xl6 znQnXK(HV!w?Kl5iqd)lPkD*h)`-R1UsIT0_9L{~JIc37vPRqkXYx^g1^(>tOY~?7r z5`LR)tx9r>_F&6W*p4DI@Y)fef3&guo$>K@LcLgMHvr(_DOWEpm#rwl7Fb?Y`pjIX zuX!$=kK%9}Ms6|xgSG#=;{Q7h!ms|lo4-EgZ|j)6Z*umIMikoAQh5jVWS5H}s%hK> z6~kz(c-aE!l-0))w9lTsJFjex?9hQn5u(Pr&y>zQ(DgY?TW>qIh+&Dq(@2T%{$Q2&Yk>W3_s2}Y@z=hX4B z%IJH+w7xN^bCuIuoy#hlQ17(T)%>Y2S&gmwaZw*BEenxV!WsJld3o}Rx2n>xY6kqX z9Y3~c4QWanam^*@)MvCpg8kpOJqxvEv_Helu(i)=wW=JlJd%M}nLIJN72`Fb2{fOJ zqVG)eWF706^vh2jv-!BOQDP~mH7phq$khOIMq?71nFBE|KC9((^=E#Gqkg2Glkuu~)@Bb} ztUcn2z{wCKNjzJ@2fgU&XQs=`H|*x5vdvtEJ8Dv)nT&!3BP8&+PrcptG9sV5Gsq(M zhRv(Gq}(5pN59MN=+NaL>z{LYrq|LjAe{Lu6fF3DTK7UE=(M`cwpN~vKfcwAR-4-C zitdIlSsp>i1;y=V)2j z>DnNNvV8s77e7kH>VcQJhXcy};Wb)wh1v1S`>HEGb7u0mYFj~LzdiZph!*KotPQe- ztKVq103YtWS`TombZr?FcXCv~D)`RWhZuc-x`dhe=S~-74*>f%ewpaK;GD=)uDk~1 z>T5_m3!PE>K5NRIv-~5c-TV1Kv3N)B$7Q4&?xOxg&<0M}N_gZhEk@YCEP&|1`yz8& z$X__I<<;s#w-FR}LI8PhQ(nSF^p&%}f-11kGkys=rrLP<=FZG=Z6=*=+3H)i+M~nA zl#%!d99N%+dVOx@xW;}Yx3PzoYoVnM3d>=YRqy>p^PZ{Q?d_BqopXyN2j?TKq=FUhZ{pn6 z_IGzXVEIv-0}tzpjuE9By>_f6+faM>w%6W74#CEL z7_b@pI0CV;*Y)iW{e>k4ObSIbjN)E<>V#u;x%+8l{EZ}0un&L=vcKE&x1r{Cn zqsQkyS*u!BEGK($)*5~?6IWK+-Sp~KX!mShz7Ne(bdPKhL-&kV)3Kbi`^#qyh&r@x3G$= z>4u%hUiA)`+fF;(OP$i!G8CUo)zqYWG67RSMDf)Dy#1<@=~+V$sXY2Y-G}6b?kN=^ zt0(7jCa{2_mt{`F8l|8c8(xXMjXfODU>H`0uTBv=tBA(pXBLsSNMtig#BrmN=>XCr zt1Z9cG?HgX4LG%IBYChf?UZONCaLNDEbb$64O`6b1;MW4efgE;?tfGelYi{GqZQR0 zRlb4BPrdc5K9{;^RJoCKCw)XXR3We~ux?|0qGn@zTc2Y$WUwv`!shKgS8HckM5%uD zd3{Gb{Ma&O%TmY%04k63Fk!RZzCBR30w2U0*-pa%c~jQOxIw$%W_fOG)n?3~%|LE% z`G?Q6I8UVi=6ka)As`zY+4T0de=#h;H~S~0;FGua%`nPu#*K2_ORULh9}q4D{vbc_ zo9NNH+m$Q6Xh-Gc3L+N6BMqTKHpRZLdaR>rnX7rAa9V?Cf9Z*ml{<3s%+9#28r>(;7QDdBR1@9>qiQtxZK z8dLXSHB?;_6JQOeRX#SX96(;)wbQW1;%0ROBThZJP}#{?h4T~LLNk9ZKNncRHz$Uz zcN(fUGcmKe-N~<#47}n#W%Yt)C9tjEH@iAmc_lFvDe!*&lXaAi+#JLS{LR< zV9iVD+UW3<-K?D#wo<@x;g70SBsHMHbN|4s{7`{xr5bvKTKt7RrlV$%Y}&nA+PM7b zc#BWHm~*!@7uIG|I<`qHUhCK?{R@ck=CE*S`;fRU@P_o&(f_+46~Ac=@fEG+4>&6a zjmaOW3A--UUA`MTCK0_c!-ITQjLIRxiVIBvpTQRUim&i|s1nWcs}f3yX3oS*k7N9gwS>*6u#3 zD8$yyO(TwXp6_5lurkuD;n6nPi% zTB`WPQlo6%zVREAEHn4}@Can&5)L-Tfa+1LKpnuXNzuyP>KCw?2# z1MrR6EDp2BVl?sYqy^4FABCkRE24$sU@g_qfW5lbn*%Ag*37%B1G+3vPDn(Ccri!p@~hNgUAKOr{A~A#~piPb0^T2htx}xP+>V$P4;+t|(l&RQ-MgeRX+^ ztZsm}D)hHQwZGr=Ib#vAr33Kmz!azmW@uCEWKBQC^?Tco8EfUtnt|k#Xzfl&if6X{ zK%QHmH~b<2Cal*m^{Q>C99LM-1?%Zw?$BGueq&6cRuRs(%55Dkutq_N1;1OHD&oG7CDM$ zH5alPCLtq?@0e)!r3N&>Vb~<2W({?tYi~9PF&dzFASM|LOzEoGqIft&3wv!2qS zQwZ@t>E1p%)3~*ttK=7K8)du!{jOE&DJ8}R`l_$rhywF1^?c^2SPI(j0EkT=NmDz| zdU?5s7Fsc;)=nufT@ZcZ zu~t3p#6+aw?k93^sIh~Tv``-QFCdy*J6W3jVK!G$eFP?x7BxG&h7!98Av;>Vn2ED3 zaZ^=+zaI}jd7U57w^t=v=^A36@o})^VMm$LaA36+eF1tURZ;oQ0C$07J4AEo*lOib_6g=@e}&FBO9KzUmt< zKm}+*05vu|d8^U5@tkM$`+kMi4j9~RQgYGfO3O-OB1Mg1MPJ+lJJS~}Yh9TtjJcT` zYdsnv8<+OxXvT#*IDK6$3@IdT#`o@>^1jxPN)5~Bs=+$q%Gv}ytdP(e(~tCE>%(xj zD8{m|;l>-E=k^j7u1b1vZwr7InC0nYNUFyJ7)-G*3mH0Lr2kM3iX%WFNJJm zEsI7dUV3l*6E0x70|Z41Uk$lW$6j5;nsoAcr)synwNC-Bz){%=QAoy-%g4EkNL__I zty*B;KC;HEnQM0y<8U^1P_cmPWDd(DAdb=;q+h+DIae6GarMP@_X79`UrA`beOkV4 zY^lBCWW@RH2m3il5M19-0LJ=i2 zII+4zqMHnD_S($pd%`qJ!}RKe%EnOs#r$IubSw+sO7FX5vp`AgPE~Qb+SsP7{M!lx zY*-Fw-Mv6{{}%@n+4s_-h-EbwhiGWLj!;==e_yHJzE`MTz|*^%P5uFhnWCVQ>lx+} z>>ID@^OAJ>b&M^Hg>8-ooT9{r+N*=%Y_NE63#voq00yZw$Pc z@UFOP%-~46+&bJJiqn2h%H_%G2f#bvqgg8X7O4s^TZ+c)V+Os&ZHx& zJOlcFuDCAHg6AGg1)5l-MB30lhaA3reI)g1SKo;18tx3} zf=T5`TpuwWWc*sSTru9!Uln0nYGj-9#I7>@PQQw@Gb+gEt<)g)8P|=1YUfYZ?#{S} zLv-9d3_7fjxvCa&nno(?0Dva3b!l5UQ>K%_0t!*a<}{3id91S2oD;Yd`Tlkrb^htR z7JV+EBlN>2e;&|}j2*Z~9Ku=6klKcFurz}Z9{wm*iffH3_5D=y!efnp<`qe1<*2~F})VxPJ zkb4j9-Vf!!@nNTT)BrAF3q6qliv4Vxv8OW=FuD|I9s)igk^JXeX4~L3qGsSsH%=AckneHSP9}NiUb|>6~v_RdF1A;>d{z1*dlD^YfqK zR}OZ*R(1nwHtEoT>%guv@qJjthkxjNe?9Pr!um1>#h_OP;u3FHJyE+KgX%u!6{R-m zf2`1*N_xWu6-Nv;JBLfyha`4sZHS4Fy0~JglBf4giEes84Q8Nuh0-|bhhGz9TPF9e zVVxi4zh34Y+E}CZ=zrPp%}$2=^m}#uw~qg@kkN15@;43aUkm;_(VUZm!N0KF7kICp z!hLRw-6ci4wsm)P>%rd3wuo2xhdWdl9px${FdlHq2%fuZN80%s4!~g{j5Tc9y z_Y&BIyTHREc1|NR@udL2OxHpj`b*jREOS|2S9?4%N7 zZYeHF1def#kc4zIY-90oYo<<9YjNhHWPWd#9j<1c;rL=p-vX+qU)UswNlfZ88m}jX zOmL~*VG^M8w+fzUn#eko3(Gjz@}xbLmFZIND@iz-J;i%9yOZp~Ps@(6rNC!(d0vsU zi_NMXSL=ijhL1`R2_b!Tim+ONbm!seWo+yTYri2IpqncLQK+qG!cjU!R-7ZVP9G}W zP`6GmtrU-(+mxcPG64kECSAAEt-`x7p*w8*eifx-eyh_)c*cQ2NKi&4Cq&dfxu=8^ z;aUDw(1xp&L|B4*kK1`L-SEZOhhWPQ9yQ8`Mt!^Vv)&%+h62gL_K=7e0fhG%cQGSa&uKogXe%d~pz2nHZ6O*C=#Pq}MhopsK$ zB)&X^TS)1o?YIE86h`D~cz^uM@k1p_n+2#N?o|$(p|ZuTlG~6TI9&{t?O`Lbe>TFH z_F@L&U)D)s@Q$^rVBrh&N(_DWm6JyrJ>JfzZK+e4UI%+(R3uWWX(1D$34#fuu(6rj zFS+lk>76EG>9pN+ctOdMKw0OI!LX9R(?;SLppHpi=vzGS>rnMywuk=)Rv9$(WP(*{ zzX7XQ{XJMkPQA375l52SHP7^DQ5)?sU!Pg>d*><&)|^YRCJ`Zd%|_iEV6Y9fuMQxj z*!9*aC{lHe$Vh-JSqK4$6VA3(>(Zw%2Zh(Wejk;R@{gz#QHQ^PHbVal>2LwDAjAKR z`;hqyq=QLd2>uK1qxCPS5b(|KEdGM~5co4Hgd5DHpZu@4(6=cYi`zb0|K4lDd+WtI z*}G%tSzex_{2hsFs&%Dajs(;=?;J6KF{v~$>tA^@WBXkF^6GLE;OVh8df-~pwC*k7 z0BI!7bbP_3(p0;APT>3S_YF~r`&9G`?} zpAZ+A&xh~LHpZ{4tRRZb8eju7YvTj`YZKG^wfm@R*Z+c9`*&ubuV20KP8SnKc(sV(3aiSEv=8Q8d_EKM))WVo}rv~c0^#c%icZ~D#|GgW@xXCsDHFswob=j zWqX37UA94RS1@nQDrYKN^pqiZt3}2sAx}ZLerR?R-V|a#CI0nc|HQ-=bvr0KWO#lnki3L%ov9RMtVj8(-CJ@4QboPe>Q>RJq}eguHkUj`>%Wg;#48 z+PWi|+Lu>*8qtjB^CyLWVfjka-TIZ%;e#bh!roV|ae=SAoDY6Hto{wn!8Zh)$9_8b z3(HroaroW&%ScDsBCJQIQ+`|F=E%U2q`{#@x(&J`%U8!l_$oI2-DxIA3ncRwmh4t$ z=x3c@;6GtBKP)`qs_WRatwod|h>>o2y|!Wu0|Nq_8T9y*!bJt}@tM6l6tHT~*U$Mb zaQVY{<9g<&^KF}AHbf^=iRyPq4srLcbvaVAM7JgQnVXD4o>(B1MpU<@$0;XrJ>Oe4 zFTph)Lz*lce`y0P2@NZw78=PuqYxc)u4O%)wG~gN>w)Y)e{>*i5P|@UhrgOB#J@9B zzB%;|7R>f4i#kFnL@b?rb(E?F-qZPFXt0yEQB`w+k+vp4xmJE$#IN{d&i?o6%>MTs zQ&rKGKv{T_Fn^G!w&J!c+@Q3Qy8%yegLs3objS>VDfr%XkcvLOt~3a;+F_1`IMs z7!YjzVQVGwPrZ&MSjm>EV2Kn`Au^a4>M>^4i9m=!QRMs!eQ`6&ySrVfERFsV$2v9^ zS)X#hBdV?B*b1Rj9Rj7E>u_k~!@eZe2s7+c7;}9^ubUQwMzk>ODLj!by&3VRRXs7l zfcT;*j&4+PwEnvo-W#w z0wFH6b8s3Jf;F|7{*_{K0V&D?YpHeF$*y?VoI};1LUUKmP&0-2zQo5oKuHc>H|W=C zk-deL=AU(D=~eQom&7j&K#hwps-c@LQox3iD)KeU$k+X9cW85}rB?T#c1@NuGklmv zUVQm7q{`UX(6^?~%n*dXBaCt_>%;nW$Z&)N@fEAwm%Cu?1?G5f2arrj8Zd(ofz&uj zmNi;hbXc+E42M}w_^G0ECCcHwS@&~utDwgZ`LyQ}OK@6KQi%ygR)|ooxV0L*kA-V@ zu*2v}Ue=4LOx4nJd7mX43}27;i{b=`5{o)|I~a%^b0IYY3rtpAfd$-QC}q}(eK)TO zv`<}5xVzDyTIC!+mWp;6+86Vgx^ZBl!toBb7`fyI+LsJP2+X!+iXqA_yvH6pe8vzz zu-pr-?*vyaMHye=H=rd1c)(9tV}x+vrCouj{*bl&;Iy39ft=`0x!G`&edE$io*IpK zJY=ZICQj|fm+&6{7~x&H2h`I8(Paf;n}jj(dY0?&-T6gF?_+1vn>mkRYz%r?!vLPH{c-B)ljS#hIP@1=oqZu%0eOWE9_)UxZg!6O$Ee18w$T?Kih=uvn)= zVe@=a)=?kraGD>rRh6miccz>*;&jieWsN2@@W`2le%rN?%(IxnYFSL8?gg;*T*!QE zbnGC)MD+yqUZ;f){r>X)tk0=8m3*)<*DBHaTD4BF$J)ZFog&lT zw^%e4hs)LhCf;m@!SJvE>7XlFM&2aaeiM{OnUP%xF<;ui{fc}IYZ+xQ@w^3vT4{d* z+%kzelt^YZY&-+|A^#oB-=S}S%1s@uP=Rt9c)eq6IVve|K-JnGH|? zEFL39WnPWV4x!|+f{smTaRhZH#Lk+eyC@b)8e{j4$Q&{m+uvUSEd(*F$1YXvNuT|> zPK?wV|Km_r2LJ2+ALR!%Zh5?nO+twxdKDLjK0>X>i-QQ?jguGbUK;OyqxLigs0J6M zP0l9=i9VdzP5Fg|5qMwY@WkA>7f!JKi~8$(D7wR!Yj4$~y?$X?S~{Ybi$kMwxkWOo zBJFQzstSKA3-!mm8^^H}!_&K}gI>Y|%*08yeZ74q4zxX6n6_KU$l|@)V9#{CY=!eX z_#WVcKZReWitW2nC05wS;>YB=--NH(`Y7*8?f#IrX6eAR{k-BK4wb4;MZ(W3+HF-S z;IjEUg4n;As{WJRKW5AR))RgcyY*{9^;0`Lymn`_y63EpiSmmWXXoXGoWGG9gT}+h z=X`&q#*d0ZE5$sfn+yAPZ=Ms$E3+*1+d=}7#&l@J1?!mc?V3&AWxD z-gqeZsR+fIxBGNetcMK{cQJGTMNi+riUXiX9QBOQYV1&A2rOv5-ZNV8vMxp`x!z`f z@Ys7Ba-d+oT!m6B6V%V@*lKm({7ZSCwMqMIOP#o#(t*RHuB7C?G4Y=_oK98Iw=$h5 zTcMIQbvmrNodt+Bszic=k}iL%R45W0k$&dEy;s9BP)Sb3IGTrKAkLGuC_ld-vP|Qs zp%F8Q1RYJ${QUi|k_FB`vifpgJaV|J9HAo2+Atd=pkn&Q6H7AgSk200Q_=}K_yn4L zl58`mE!S_r#EKX(q-z!mb9gbG#1ouFTDt43wN)*el9P<3V(Uh+VPEc-H8~dd`XC zQ!Efk$jF#EVO%o(ScUDT1`Game|`34$Dm46Q;KjFm1=TiD%2IUAqL32gtA<#!}0V- zmj%NCPq#F*yuwu!I^P;vP{95KH@W3FHm+{-^*GI$?>lbtNNdxpN`2m`=-7K(YXrXS zO9HzD0?#y_Mp5#rDs);EXeO~)woGi#rETbw3MglqL+QrQvbJ1rcid93kE@Zi#Is`l>VZ3rKtJW9O$Zl!jaGrkBV z-)i0x&=UK3obZXMj+R?^s`JESCvZ)`iekSV8&PjM^isJ^*7I>EwpA74%!lqMl|`xEDGBoon<9ijT{~V?r`21>JHuE!YCg3t}o7^-_Cb6 zzJHDcPP;p8t`~RMvd%HRBmN1f&3aBt!do-UR7eq95^6oI0}P%tF&`0@IA?T?Uurc? z=cz|GuWL&w+q`hGp0XXE|C$88&4gb#F*?f_q^Sj4$3|xo{9J!J@kt~uRzdFop9-`k zOIk>O_c>8{aQpe3)=G%L_nC|aR;&hhyh=$%m3Zhae zAjTOCr*>Q9-vH5%6n%*H|AnRT#Pfx~mWr$vOTP@svjGpvD1)b+ms4#*u_lfnWT{T2 zQTtj4Hg0hNikh}iynv((rS1i7mnfaHDnWpAtCg3llK~EiqeaeRK%dBN2G7^a3*#*Kd*_;dgaSy>L^uH2&BS79rE;FjPzDv+s--G- zb$lC(6;tijk=Q~73Eu-Ro_30sxcAVGb#0vFR|u=Vf4LYLbS0kG(D{w44w=foqHnt zz-!x7;ZlYTa4tA-9wWKcT4*m=xEul1a+_m7yj8YAV60y!Sjnm*FYkV3$4c*L)Xv{N zJC(Mb%h`pfnjENY-YFW>k8#<0SLPTil1O9}z|)!wX3U-_3NSV{6nW~T`J_b2aiDI0 zeVyfTfjZNG1@|J|rFCj0Pqf8rD2c68!ed}uAg2Z<9nz5SWZSROs${bY z*GY2sdZkvGyPsTWu5&&Bml&r7N3zxB0Xaf6Cl!xu;wo*RvxR7URX<2yL)u4QqzuS- zXoU2!;V?_BE$sHW+PFGn{CLLzZnSygJk|4ZFZzXO{}}JFtti_^0*~}gZ|Lr3l$_BKJfh;iG)Q|o+}m*=oy(X zWAPrZwITFif0BnQRUyD?{3DR3e#Elf3luzXPG4VmymHZ6%mYMc>(cb>GoG0J)C6v) zpzAJgs{_nIt@^A1$=4xIS}3X7Od0720eE5^K@YHA2dldeRR6cYh+n;&-(;4zYy#FI zTK(q$Z8Cc21jr*2NNOt09vS2V<~tW=vYNF>*?{=Tfg2!k z284pQYc?(|7@Giew$vr)#kSFL&H(K|FLPiCLQyF5{MG#_CR;hx+GoyKrwWa2RvRTTz ztIDXYw~DMIe*e_%nd=sh5%J?0=#-MmIdZF8WtEh${x9@GlvAE#V*HKnWYu%wLlSZR zI^zM$KT60JjjPOyJ^IY$bvC0r{@&#)=9NiPaaZ*x@)w48EHaN_S<~q43GX0om$JpB zdmb?h&ie%FCd<$dj*MKIcPDS4rAyq2mI8u5ZdF097!;eGKYlUuE$qH;wgyP+z*^$aSMMw#229OXQRycC0f8lf*;_VL^?e{z&*1wFP zJWQ0IeP3xZ*kRBneIYJG&KtrD;8s?mn$}rA8>sW=zu9G$L5qPV-1D z0*SzFN&~&%QZgLYr`Olqz2S+B)j?%XY0f-@A_YV%-LLjv7;?|`;K;RHA(Y{>MKsII zugt{;#pw0dAnkg}E#i7G@OWL-vrVelxDH0UA%Fa%E&0Wr-3~(ichO&FxdhXLV_7>m+f%llPXK$3IcIb^s=$U}U7Y z`2Fw*MtI1J|0O3mK((tdH7{dg^i6NDO!-)ly|W8O$7u((*iF)EfrP z{_(T_Wn(X56X}DMHZ$Vlk|1Jz>(3#%J;m0!t>%iE9<_F*{nKitGB!g4H|pqKH*6V| zDo5c7^U$DScsF7qVHqVBJ!7?BX#KpaSdFiIFGqIE+9par1(~de(g&EeG?PYGOc5Y? zW+m1du-D%4DuMSj$2KNBs;%!cH7GZ_Svo{2V{VK-WQ!bHngco8?VKZ$c7%IQXhT0J z#8fS!&%J*xcNVd>4ojJ{yIJ30_?$6HGq)69A)VG(ABI=LcmYuRIC%!2l!NjAbtV9| zh9B?UEr?h#=DQH73t%Jwofjm5Co+nybA68sxnFtjvGPm~#a%4F-KDY5B9CNcMJub(J&r9vPk>Oi~9SVM@aeM=SFL^Ir zMPf=`MG6fyDW=}t9_%l-@!Rwd!_O!8?nT|r(ycLwib1hxZa*}?HHQS&()gY%O~DhC z^V3Waw_FFMuiF~QLX03uVNzL%kuA+zuim0eOSW5ZaMitxOg&=_A9Yfup%Kw|Hw6gdLh2xbeH{?a zyVanwo;aG_WeqdI?aqpq3M=XrXaQXxD#G6(HELz;Keb}`+xz)l`TwJp@1aw)4D0^= zKfEp$iYiRuhv3^hJTqmYI;P`b*gFvsGx`$MrhsHoNyw|nf^!EtaTZ>}{C>s>c9$2; z(i~3}7LkimO0OI9!IL4&m?Pm4+pW{%!2`=jWV;4sgox{p+y{>es3-jx<10G^X4{E= zD-QC#u1k!>#le#$F~?>U8tb3l^t~R$vG&OEIM;9c^xmTAbyR8BRWvOTQ=B*r>S!Wl zkr>ncgmsQLTP76*Qg;^-nD@P)RFP1seB}HiB}Xsa0d17fz!C}uxarm7{%}h8(5w4h zKfIIO*36tpFq7sl)@)CTjMq$3(BwyKP}}R5(1|uv0EY%*vh{b(`{ne|kxby` zKFgOMU&@J(Ia6Fkr39MTiVIrdPs(TI9t}ak-r5;yNRjgYrmog{+@yQLJ5GlX+D_A*G?#U1 zM%-ZE)+MA*0^S{SV=P#tk?TyDaV|Y3bNLYefLnyHKEcX8cEIqiBe-zre#0Q>o#Ips zF)|wWjkdP87p*C~L{59G83K?LX80YA9YTWn8=|BNDg9jm`BgdbsXQ&ZQ9vp(wVRDf zw2CaY^WR80@;6QUPl~_uG-qy>I1d+B%w@=x9*}lPj~o-K_Z0ABJgpLyTNSc}@i|#b z3t|$~cp!kgYhE7PHC0zEJ$Y<(fN9>XwS6D-;zpu1e=5&Y?Jl-Q2CNS2dp2Mrgx1sX zTM!-){Qmz(lN-$KQ1aZFq4E9hL_xqa5HW5TlFCF)$uZyEq=3ds}9WMZ|*V#ChI z@@q!CheQY}9h-dT-Mp?jkvrwwsWcObyAHPMQx?O;iTon1`)z^8bWjEO7Y{t z3uPUf4cTnZs_mlg#lqXB`i_gRC_aA#bVgOA@oTBXRFe4nMhr(ZeChB4;pHBG%lv}f zq<^e=^ma!tv&54wsb?&Pe!mnVBy9S(zw_^v|1Ep}kE;F$yS8@Dv6^tDb|8y8hmMG@ z)f_w?sp)P(litSRz{VrVM`182_GpjET0yb#PnD`zZdf&>?Y1zc<#tJ%E!?+NZh6%$ z@GM11sdX%oY-^Mo=-%V&@Iw|ucg+Mp9uL=Q_OcO>%uR}h zg2%0jJp+-_>Z!$Xj2xQ`#!7c|j>n#P!K*R@=KaA>IE{5n`QD8|yUExC>3a_YK1MQy z2!CiAKzITkMMeo4*4`KX_y6&0moZAM^#(y#dS(8^*8a(ynI9TPp5B@WhSqdgw@W+4 z6qyD(AUARt8K2bico8t}n58XR@+3ASt1Z$=F#Uk=-HTdhXk=pPo9OPjdrS$rlPO(+ z7cKeW<+@Y`wT=Kn#RT<7um4o#d9AMF()WG?bx6)N0mWdz5v@sCjB1{yC=XgoAVFKG zCK7#MCdGOAqn%}mhRDc#MUSa3pU%hES4h*U0i8<;8`#Hir$m$^)r5FqAo*!|Njc_} zUYQ;#aLSuxRVHmAtjVO>4tpH7@I5R*AB5!lEvOjDd6XfT>+8=mbABD+>nXN#%=PmGiez)fsSD5+CVOq z5eb*%n8W$87Mv5wu1hXa17`0Xm3h+F3{|3TwntoDkg_2obdco~tDeb6Hok>L8jE=~&=Hg|vXp^LQh#V@;-;8+PtrkD^>Ad*~ zK4-R9hI}7Ug9rb>y8@8BmqYVXjK6rQ&EzFq9Kxl)%bYn6QK zy&u^j=}fJvw5`j#O~(Sl(RzARWV=3#zHvlQhs*O7dxJ!{Ke%hMs-K=FS47ChCy5&1X(j8_$@H zHHMr~L719ZhnNDS2#56Xbgq-mNrVYSoBmizF{WBKPi}bRfV#;^dvXpq=Db^gY(u=t zn-j7(<>vseTp(*;0pE>HZwPdR238wc=3B3Jds@K?t>Zd;nghF2EUvV=eJS(Xn zBzI|>2J-SE0!(M0Wk1^BWOewCPM6-n@=rd!MmX6pojUI0rypo;?X<@WD2FsA-ncaG zU=SuD7*;x0K!&PS$5zfx$A6H{t8s~T?I@ED-SO&h6qusgh|wU%&Tl=f8wGQys&>49 z^t|dJ*}pfc|KOdkJ~Bd_^*@abJnj5Tpp#pd>rayPe}1DiJKHK${{mFPczCYU59p{Yz){-~Aro(@2?1!nm?18Lk%__D1ev7BrWAs;xhn3Hs4)-57|3(k#lV zo*(gs&oP0IrydIY^GaoFJ=1rqOy%E@>|$vU7=^^sROhly;^RAVyn4$91fT z|5rsi{!m3JHQxtRbBwOufEupxSDY#w;))+oG5#@l6Ehn4`xXPsFI*F(2Uk7AQRW1 z^*gh?iP}zv*(&5+^QNFcPWQrg=T+v+`92hL@DVMxPnk+P>C~LlhEXPL1uW-YIj6g6B{g)RO=Bkm|Ggp13wBTO@J{p&hSBL~{)4 zr&M$3iUg}uk9%FWQXF2=$)*tlo5pHbYN7^vCN7BWgb`h`Z~c-YQU@?Q7kD@s&siPG!A|+ualdDy=MA=Q&jy`G9&dTAkfZk0FLJ*?Xtj6*+V0OI=( zM-pS);(MvB;Y4D1R0{}8G3J Ah`XW`jnLMpfD_{qow__I`HPok#h^%NEh0@$K!V zXnHf4j8sJc@|fx30yn-EY_I!6>ah&F{5Hj4m%+}k#al6MG>%PVWO2SW^8SENS+8nG z69!0ib4W{F!8rN|`?N05;l;H-cYFA}hv~Szl|P&At6Y<>Tzt-A*C|X{+95_%0$x~v ziy`81f?2muKA6BCVTuFOAIl*VnP0B>gM0DAO%wI=IYAYO$4ZYrOxJ`qe)b0gT7i=vuV(v37wq8`@@?z74+ zF>2_A5ShiO@?4~h7uCE>Z>?DZG3L`A`+E(=#Gr={)Y6DMEuXngYW#NkC2Qo@%K(z` z-$WPx`wRcwO8@(GjZh!>jS!gU(TirXy9G#Y%!Jjsy{9#*Z?_oNmy-+Ars2~y8V&?Ypm zY+z8MTM@neEsPEI%;qqf=L-#k{^Ohtnu-+pLEI?`#gLh0T?b9~aJtwan@sIf9W^|YN++}PKW-av-D zHbQ^mXs_r^X0f?m(I};?!x5ktx@abr=NV^qxq2^hv<&0dPsHTPL4|uxYEO0ET4S>} z)tkOoBzm}FUMYVViF@jlNSsv4^-fo(CAFwAlg_ZU_hgCD}KF6mRo6;9wQju z7%QiEsR9W@noJ2HVj)N=$fwAwbBkE7-scG2(EgwnXq0gWO!c+P?48=OTnh}AMiCcE zhu+T3VKLIMa{aH>D^UD)-6CY|^|Ue8(;mzKS?#6c$+yeYC3TMm<r|9{4Xe1aLNnI?LY2! zp?(`rnet3p_pIpoSmI!o0?NM;k0H_cvWSy2xXmfPwfwdpn78}fRBSe;SM#tB4IxI4 zwtu0NUA|#d`NR?K6wXnJqoO=@Qm34ma*P%Ay(3KonugT-6`Qm*)@<;9p?A zch2V7#m^-3Fu(3b7FAizPo;S9UuD{am(i?i?Yf*7c67`x#7q>b_re5gsW%z@bk7&3 z-hzire3vh^jfONhH%NI@5+eO%%PrXxo< zU#I(3>T5;&?GrE}J{x|h9zr36oA!4<^l!cKABBtmRb^l0aYU(~;GP@GqZ($!&T`GR z%#Xv(V#xLRVl-$4X9^9x41;0wyzhrcHL1cM3o_2Jm;6~q=N>Jx-kd}iVax(5WWCAU z5T4a8r*_k&m>3wZ5(mKVUBNyP?3_14{bpyHJgETS+Zi<)$iZNSZHB2$0K@2q?33{WPyB#>2@~ibj|Qv6(cr zwK_s7v2buMh>QC$VOKtkU3@2fdYe8(?zmM9vz0%mpr)ymdUa5F%Se}S9c%ucSU>I0 zl~83)ad+(UErDX>tJ0(R^SV}quq5nz$HmOID5-q6n7sm+4Ne>HOvHG{>ga*3XHc@1 zBMqyYmG@ij%45uyzKNTYoik_ay$%|miM4OXr;TOsbT5Hk^(n~Wg7fzEr zUwq?KsP4|xA$bYJ&}NPHjM9>s3ZNkL4`pLX<&2R$XqRKKQe1hZk1gyid2SZ#Ckq&U zGs(@oJt)JLdwJ2CFet12X1TlzH!v#aqnu>g-*Qd5X7mK)xVHk9O=l%bPsWv)H|VhK zrmSVY`hFHaiV@9H12Q25kGq`j-wTUJ>gwCZGjfVod;HiJGRjp;`*VbT;oR8nZRe=+ zM^9bFc+aQ{j83~yAdT-`p@HbKA!eZmqB1tMSE;OD`ceoSCMx4qn_z65_G#|c?V}UU zX_zj*W#<8uAIhi9tSx!QTm&ELjy9BV$jgY6I4kce5_BWuSi4GL15PCGob{XW%C-ei@|n?7DwR19|b$-1Pm7I-3GU!Az5^bYR{ zmlta5cNuc(!5yoH7lUPSBfkt;EOL0BD%`DYxjBg(gm08Uo@KO4nuxE_jDH^a@HcJp zkBgG~?>!y^x)X{ra0uJ1CIW=C_3 zD_xt@9Tqz`J>~3LM4Im+OrZffB$63X#`KSp6ZN*zO@O8gLs!KgJ|=88yH)%SU?s8L z(&-2hUm<4B!DZ+NL!Y@|V?LYGCMB6)xD32B_2RlSY(-WI^$a320pX1!;o%XqJ^(m3 zNcs8SXASuGeRe{8e(I$y$}}A8)-9{4b}--NxXYzCO(Kfp^T$m%J__9qs#xtmhB(G{bu>3cIL%+rCl+6XF)SrobCMrMp%P^aD?m zwFpzUd9(6*ztL`aQcZ+t*fEMhBKWA0Q%))#j~6h$aMOj)NE*LfNlIj72QVapSOjED zy}P=^+wa?|q^O3umbz6_0yW7-is>U#r9_veNdu4))FM__{`#bgx1>UIJrAcVaa*Nf z%~tk6p7fc^qu}erUmy9u?H&%G$t*n!J~NGjk70k<-B%$s4p`Tj@z0kyVYNpB5iZDd z#oD}cG28w#buW&a0AxZ2Mn*Zk?NQ6RckEr_KXVy-tXd`)KaAgkCRghE>A%^lLCh{c z#i@7xPZBQ@lkH}^mst}%1=C`{-+p@f7H%y?e6xWsNJbn179IyR>h&G&m7Z zgaPf$IookSL@KP&n`QoF3SoZl=U*T7pH2X_kdw0^ze(Hto-O3>q;0;ig?L0Lxo(lK z_D2U(@#LwF;fd#+2E+)!2>2ptI+1^rYN{gT`I`c|HsQ_7Jb}YQH4sv%O*nBVIL>>l zwGKqsP3TZ=to+P1fMG%m21v^zVa3xT#&MHqg1Mds2-cTPptDB+m#VlgK))*vCcpUi z2kGCjgZzCJQiQ&qBZ+bZ+Po|z3K`ugUDP|VDR{b|U328ewj}4brM`YPIYamcd;>2Z z2{$40w>mT~EtpDwhrOF%QAPnQh;$9Yix z{-6GtN~QCd^=54oZxvasdd`nvM=88^?}fIbSLqeO0kZ*BeusQQ3_@MszOPR5a(MWR zs#PPZT3UnxaPNd|MdEVjqBRJf|!~p4`%+N4C&hK7l<@y z#hjCQ|7anjVA>2(+M1DD!gi>e&aQ_M3x-Ee8yz2ey+;l9WNd+xorGRHzLR%VO%N%Y({P;Ir`q!e- zUMGwHvD?+Dnl2BHCXl+#|Bq6)O{Z)o=j@hXYUxbh%Du2br9XB{@(A1PFXBo&F;pfn z;piJg$^UiF++DYYyz-R>B&VWaFM~orl-Dm7Ns%~?TUgDJ8IK>QDP}E-HUn7jGE$Wf ze{OQyl-2M%ag0O1PuEVw4MLnMNK=Wmqo;nCu6^$R;_JC9hR6rA`Dq_{ixZrx4~Q=2 z?O~$|ot}a<*U?EtijHmzJx>u|6k7Ga$hq(12AAO8$v4VkJliGA z|1uF)J;~0|o(kW%yP>Iz5l4%l-j@W?C)E1(mHOq6>M}2Hj6qk^P4JYK_zpNfuGjdd zHWr;HK@ak>v|vgbp^aD`H+*|aQsy&Pd{ySh-Pi?&5&mQ<{W--tpSR3TD1qNb(jbK6 zeocQWbIol1lRa!dEh72#DCfCr?EX)reaZ_SB)*2IKjDx!B{HeA4*$$`Xi!7Qctj!O z#HnAw$Nv`42#jd?=~D>WFQz#-Ve7%voy{|V&WJ>hE1h=XKw)$%gW=WRJ5r*F&)pC< z&79vfRQKCk#7bTZX1`6#E1yDa(ej>lldMzWdRGjJ7J)c={gDmNrox_pe>$Fi9a#VJ zP=dBvb#)oE*n^rCAB&68cP!1Jg6$wmaxl@6? zr>_JX4lwxiRyuGmfDMJd1291jK@ivLL5<$cV2zpj4#psuABZmMTvYetE8OEWz@~Po zsG1MEhxDXD3(wu+)s7`u71XsLyxDel^X+D?oVGiFJ>YI_m`-0DgJHgUP6raC15UpO z56)}@IE*;03d%5V;3&ieLIbCJ^_cintzsl3in+EI1)|KfP`PCm@~FNNp{ zOfSehWZeU24CbWcIlp5siI06^_)~?R@qJmD+7D`~k0%hDR^;2+cw$ei39L(2eWK7@ zd*+?6%`~W#NJfk!3YmQs63`z0Y>yu1bKB3SueA+Z++mQ2yopy5eq zpZP{93k|a?pqaY4M_yu{|4MwJo#+of)*~c8rg?uoy zzWSN#vUTETF2gG0g)FI8S1y&v>e#;xA*}UOdoF*!|Cho2*RTJ`B09fg$raoB$h(ak z6j)ruNt5&G!{oIatXv#1`yP8dM2x3$9n6sT29n^vTAn*OQE|$^L#`aDS^DwJW?Kx3 zdCe9RnrMV-nCduXelN!UA=V$lID}B@N4S^SDfMf-k!LgbX5v;M@rH`ijtmmMut}vB zZ^}}0|1jwH*y9ncsOB&+@l1p8H?r;>q9mLZTl<+9hw^yi`C?C9BIPN+Lzv_x@7S z3jv&7yu)^AWR+xliK$tX4&@@gtcK$E=35O{HbAbRjeLNBzv*Y%_AxC9WMcn`>n&x~ z?mdpavE_`rL<0}Etyp3ugpAlI%ehapI$|Bpz@*e|vh@GS-Yn<73mZxA?1H-mip^ot+!gZ)!TwKKwCEnIIPk+$IX9PDA)#XRCUS zn{=Yx%^1pwZbL#14a|G3OwYoSS##-&Br-Wz1Da9L5P06vHd|%2mBcDweLeLwK=@Wc zt#TXp$Bi`u0`&|l{ZWboI?-QSAG^yR@R=*!eHR;vt(G9>;Z?IzA}#>9MYJ6a3Tp*c z$%SL>yrHA7#maZMGY?J)n>-t6)G-WTew@$nWvlN-K7*kB0vvfhX6-_adRJP_@{vo1 z1YzfX(YN;y_}8|^nS;t_rIt6=p$TonH`wBP+P(W_s&|7t>=3HR)$Lc**rp^3j*5$q zEEWn=m}^m!;+-9m%;Sf@uV*vR&9by@?e%(aXC>kE`%YuASI>k}cVcKvkqG!jnP9n~ zxiMiq(%{KKi=CJ=b&8=_Ozp`PFbll7-9;a}cDn_sgwK(v9_sQ-;+p%vt|3mS)leQh zagw>rHZMf*ijZ|V9O74ACJ)-8w(nsD)25O|C|v=q9vf!0!HU>?61l+f4{tMLdayZG znGLxT5z81DM=Rl4=%QcRSMP)^IFw@z?!WYP_#_tT_}~a-{WsV&t7cN1 zrXND7T-hS?O(Lmpi=jU)_VV^&s_Ub zpYjgcLk`CFAMHha)cVX7w>l=YitGQ(^?YGZYlj&^{huNrdI{pjJc;n?ksN(ME80jg zBNU;Q>ic}Bd%}OJ?|`^Pw5vHTvmdJ3!Mk<#Ht9= z>PQ~dU1A8gUhST#%wR3#k>$ZJ$hoKL@U*-#;#MHS$ z`4VnhOkBB{W->csi-RFHa~1m4E>A8_-}p3hP|s(gOeIcvuS~MxRtQfQzdf&kBB7SL z{VT6$OGOSm1;Z9&3_+SSP>pi^C37PQn>fE{a{xJuq;>|6~zrHnO3T5|Q2#vac!yNZaeGAR!)E~-vF)ep? zT!v{|4)?aLnX`L1ET>j7N@3!x-B0-{otuR$V2t2n8ZlNr54#gD0P-cJ1;p^FxY|>$ zwd|py4j;jK(h}Nub@Zg+H{kC~G&|cQ7LejGk`{KjRI@hW4~W1EsAtr|9&>xyV+^jt zYaEKQnjWC&03se}gPk8Qh3Kfr>-&>?i^{Agm5+WOS>I<(bXAu$h_&dCm~b(d60R3n zZ3%hhwmUYA{>;^@zMC+i@)(0YBS+idv-0IrNUY?CmQ=tk$ue=m;O^2pM6sFaQ zoRxyX>=K@O*;@+>@mDUXS=tRMgcqaJ>%_&e2-AUR=F;F~>w|Ze)iU3DpyZ=+HJAEV z$~JvABz9}~nYIjc&!wnWMYS(kg9FQ3`yTZUHHdS;{OayUZ+61il^|Y7o$w`Yq2eWwRxyw}E?>m}+5C2*WneZVu;I^um}oV%A~&@NSC7<0j*$<=^!vx&!P#2WJy%BpWin z4#T$3-NUmQu-U0*n(HXsnBUMLE<##p!!6nj5PR-9iR5G- zDA`~8LiizJ&m*{_&}YB#IyS_~4468{0n2wu&G6v4!tw&~RoTy6H-!Is5!~c3(z5dt zqh!~%CdBC|^s8UWmxT9PL-hWWOX87QN*~WYb`*!n69|1MXI|@~ype%*@U{7_%wK3~ zzg;FyL9O9r!19Md`@dkfRrOxV?z#@redr|j(dYT~camkGQ>GQ@9@m28Y}H&#dt(h) zWnYW5QxHyPmTguK;lcZT1kCgi3Z~k9n66aojtwvh?)T4jsjW(@RN7d-{++6sRkJGT zt&HwU>qKIPiPn>Kwb~+$r!Oc*Z3h^GK;jD+m>KFm0u4Y@%2LNKTINu|RcOCO50FRJ3#MWPMu!N5*ec zPfyQUhR<)XrF6NFfF&^+QHvIhQBNUS-D;e0SLHD`^qOnjnbZImot?);^j1HQAor5b$(kVVvEG{;z%z`U!)1RHfVp+pn@+U+AgYO*+D|73!$n-YXI9RP#PU))%5PW7&%~yj|aP`gp&S zfOQ7)Up1o&Qeki^?8k5qJHbW5HG;{Ma{K5$)bL|Q?$tMoXg#fH>A;*|J%j!n7_)sN zE|6-9Eb(SD4LdoibtT-aI~mAx>F=#UWDZEWGK2EmC6p88uHH-IhdjYyx7<;*E>leA z2n1FT&LVZCS&nL$=TE{G*P)i)4t-_=RcEsGDB5o&It3k`yK z$w|5&3>~m&dP_`%&#+7X;XL$H#uvkRs|>-9pz_aVw-5pMIGOiT#OUXA6L# zSqOHYJ7oLgbLF!i_TJBHrdq9yddSP^!|dI1+xsq1TTa~cMXz7cnU*wZEkQ~y*|7q5 z)R48#quG<0&c|NthAfS_Pn^@*QqddTVyx3Q{em{v$A&mIpDr1vxl%Haw%6Uw8f^;?Tvd#+o#O^uoq?FLw{BLdCj|L zM>^m@zTlwityrZfdDgCOq4p*SEckVHVa>a1w<dmlDpeJPy6%gIIO>pE)`MF zdbHA^HA$Y?ZphhF;gf${wfsZB*lwu#p8JnNX#yj~MT^%jXLnM@9s9csvMB~TQsfjJ z9F7?WuUxH65jwjBaO_ArKhkbdN4xY&I^|D)W5SR?qkeGcoTxWA*3CVd}ie37ZJZ) z6L!EU=bUL4m#`Xu@&Y^%Pq(-mX~AFhlD#?do7VlKX0Rnm&!v!9h3?e{qdArAarjd0 z<(&hbv)teQe5b}X;{Au3kXRFo1%d9NcbBDLCYJ;CZKZc%2=fO0b5oy+;pe&T?W>F^ z4{k&$RRQCU&EL=wXBFtlR~%VZtaqLMcH42h%wW1ip>>Osy+1SoVWQ~=p-WJ887tbO zDv6r`NKtotA0%5K!)0O5P9W8S*1FWLIfLd%wQ%=y-A%R5tG*Ot-%zl6n3+ad z1<4Dg=9Dcu2lWM)xisjZFO*=?rzY@xPqejZR@N`cgnJZ>+d!96U#3@?p^E!QM8gt; zs4h1s_(qaGT@d6kt!g)>N@~#{@Prrs$o0J~>U|f4aq3BY@`(YWdZQJY!UG-nkU@?OOiOsLw6?wH?&GON)1c4CzhN;#yDQY*+^~VA9HIu0y8t z#VoSbN|GJ}tO9#EvT)2~&UJJ>9{tQE;iOs;OP{N~VJ|rPV!?W-pYB`L4L#Sa{^3LWX1}&Py=_UdI(4c*$ahIE zdaLnn;zIuF!BE*m)tp03jXIb;fm7EzP(=Q$U?kfly)p3(&6_PAF%8kiSVV291m=B0kTXg7X^Fn~ABiOVu<9>s( zcR@2X<79{{lZ_VcdGUfvh-9l2qD~9((rogb2ld-~e{yLKZVD6J%c5`DiW2TcwYZGb z5@PoqsN2U$hWGcj4n49~kV%8oOecfRjaD_-o@u5bHamBO2cy^FStV|+ElU<*W?Y#Y zRo7IGh0geOrm30B*K{ z5-%;2{nt#NH;m=8tIND){Wg%^MRmCzQkA`8`Rp@XrZKW^_Yd?J$Ki$w=|d-9E&8*v z<}Ofa2N9Rt5eL?eW}HEAKcv_9+IJ+OqKMvRV$_UZFp4z=HcOiAUhulPG!imUKO3Ae z;Zt9Q12UirX_TRfj9c|_pShZ|ux(=6I7d8?wwh_cQ8nQDidflyoFQPlBss@N7AQLO zPQ!(1FV-Snv%PHYG`z7%RoBF&1WYW|YJcWZYOkPl6Q;foyXq%7o!+mCWl6br zy@(_bU1~I+3lXE)5e|1(>gV3sKWTr(caX%!udFUCjbLbyZigLbdE-(4eSGqQPt@ZSg6Ci@~^3qc9r9Rq3B1_zY-Uvv`ZW|%; zD7NdpGk$HAQObSCaOb*5>2i5jOi=+DY&ZK9KDy|EgAAH7Z=Tn?ZIG% zRO6um0-5w$t+O1Lg|c|!gMNI+%LVmsmnI@=YU(x0V}D99OX{CZ(w>8jyFz_Djy9cp@G>MtygfDyT|H|>7p_IwwT&p=XfMIlj`>nc*JPZ2tr=5Rf@DaYM==EED$48of0S} zTNRYT%R>?DzG8`v=Gd z4Z+WmOLyMxoYPbD^+7k~iGo1E#Tn@U;zZKi00T^ebb#UKKaiXGr!b5EykZSk0*GBF z1+FNEb=F$mn2G6y+)ch11Ncdg0ZuVh(inqmYPyk~{ah|`*8Is~&+XV@j}(VJcvWAA zA`u00dY})s4ZhwmhmFXXG1&ZstotIhU4 zy(QqPRN6%TnY1P%n7?cOS*WhWGio>b%%UnKxWZ+`FDQ-5?9;hFkhRy{5HhmxNdLm;L=4mnrPE(kPv}b@tk&|X&haY`zQ<`!c>=TejMrcDY*&ORJ-ac4OIxDsH5?7%40Gcn`~&w z1ld9V`BEsxFkk|Qg=b#dm`)A+c}^!^`egR)?E|>mBR`ss4wiD=_RuAi&0y>BG%7V# zw|*9jR~Jb0umlkEt7}vqmi*?E3fWt*m{QO ze4AHqY-h8i;aMLdwKMGcA?-~>Kv1v3Qdov#j7|DR?E><`l-73u0JPgDaw-pdC!q7* z=E-HknR-8jCrVf^xUjsx<30fuz`ijj@(!RahE6<{6gAxLS%XOTA3;Ze)kIa^r95xX zxZ)^V-k;aS9?7+lHP=HHj$|t?HB9j~;6A9<>wNQ_KU(hC1sRMBbmVLY3~Re3Erxwy zxA~dN@}M~!FTw^G(NZ6nuYKm4&K5oIk;o2IOrCqJG$!ETB<|BFZU|AcVPwQ#Z=(75 z5i{a1g!pof#B5-`=_AYEWcywNuDjU=&-0e|V(<5xF4UgWK;=~KqZWb7&UxlkpE8yy zZIpcHd36AD^s=pA)xa$ZQE6&Lrj(kI15cQ;rnO@TIekw&Uo@OZ+lrW*Rwsf3v)k9g z-4qQK$>0QIN3iYv2F+wuq+LXdy*Z;K5YFlF|7v^i;7#U1#Ml7g)3$q+3r4i{UKp^u zAvaTQ5{yT#LyCL(gi09}8!79hfr%ZGF5hk4W2s_}H2MNA@SkuhM-xUjRA+STp$*lW+XW(GkI zIFWN-C04+^MNjY6$lXGmnJ(MjEarxDsOxYYxV?BH?rf5ODEov&|{yTv*mYhw=|ZK zzHaCG>b%>;rz{WieL1F9*%QLiSQoLWW8RHyKlXmY#jD&u{V9ws)}cAxSoieLlo3F+ ze|7wagigH0)CVJB^v_(+cC_|RTyy%Hvhf_Q-~(Opu`O5_RY9zU>!S`P8Mx$-RCQMBa3#7)ie<4DG!U9Zz(X@UCo)44;M+8#m*0wvB=bHG%2N z>Z<<_d+!<5)Y|s@vg}Jl7a|~iNmW7-CG@gXdKE|lBow8SP=ru}z_Ne>0){GqfYM1w zkP>=P>AfYC&_oEG(0g%by=AXwzh}Q^KkpvzBcv>&#O{=vf8+bWzohqqzWjS* z{4-0PUykcmqGRH;8Cz@cUkPC2mb?u^up#WMc>a=LIu~1#E?a-McZjADO;oj$e#ATI z?*z4kWhvF5a523S`hF!pI>88VdVB%9xUvS_)8*~XOgE%Td0%$un}2A`sI0Q?wv+Wu z3KiG73kmgG^m2^rip3PK>L%eyCysTQfT_W`EbEE!^AVBG+=+pdcdb|2d@^BDBKDE! zT@~!GsNUFMb~G`u;0%zD(}@Pz#MN$Z!mZ0ZFG`Nj1-);MSO8mJNU>maHm|uv&IK?9 z_}&L#uP5~yle=*$ymM} zfs-x#!JiBHVz!rT4CAK96v=MM*V>3lfMyop*#Zxaj`ln7C*VpmU`M+>C@2t-Mwt%k z???|5O`Cc^Dk*iQPw@R@@`ILM&3bHim)2)8wuaYt%84jj#ol=iW-JtI1Y|ZPB8yPI z$_4BukFuHO({UbVP?CU-UtR7^(Wg=}9}u&@1vSK($Z(lx8(w*q19~qQQodJh-WJ&m z&vPJXdYa$aqT62}V_(gT3{96cKEvcC!(61v30x4>6bELX+^PY?UbB%HJ7H5?X;uMS z!YV72un2l)wHFNfDuIf9G62JFm2{M#l<;9CFMdaN%HC*;0#H`r#c9Y1@+^2dU_R{L zAON5lWz@{z}KQ5o<+F4{9}>5{G%y0=ezVArfC~&k!~BK(>1Issd)- z-w!TXO;zhe&Q1)`j{q?_RzjMsUKCGRi?HjP#mzV1xCkYoXA-wh6`r3bsd z3jMF(cr1E?!J>_5<6oBv)}XK`4d^r93pVO@+i%7}!w0m@kvIp|c4f?bxhOul2URX# z#hq5f;(dJiISO2eu_x?auFcZ(J~W6Kd}MRvu;W8OX;G83d1LGVRIHVp#c%>mWzG2Z zN2fnCT=w3$)xd*f>zh9+_1g-0hWr3e!6NVyfH0x zl#7!ok&_+%KwMF5Lwdq=poWccgO;o>e_Jl z)=O`3wYO-9^yzg%LqAo#WLeI{H|ap4uW!J9H$sa2x|$rRN7G)7rr_;g() za6?o(+Vz6Kg8)np0|wdb^r}_hagq5h5zBx;Rwr6_)TEooKl$bL!f8SOGC$h|uSemI zm9-3B;#v0tO@a#`zSN%&!D&`$Ungl3G`N9cfxTIpTQ7OOIpxu?sx%s5ca^Av@Yqo# zNc!pxdKZjo8uM7p?sMiGE3#z(&AV^^c_Dw;4e50tU73LSC4ax3hv&KT1g54rXZY8Q zUgr^E){}2uO%vAo>!mS4T^YJwt6I&U^@HQVJC}KnPhsDX5Yb zIKp&kjpbW0i^_W9zz+q{`|hnP2}(>qnK&xO3Q~-XIc@ZcP^5PZ&J&}Y=@bYCubDRe zcWKstN~}HuT>lgr&&P-)7~I_31v@5a)!&fbw9jr>e8qp-QOJDz7_hwH?gQjh#=70` z@$phaMMli({0J8ntm+NIegoz+%0C#QH1B`zs)tn^nu+_G-qr7n+3=Mka$`>jE5u=! z>cyo}On%0c@tHlv1b1)$ngLwK{4?|g-C|`*!`(_m{l}Ri44${cS8Lv@WE_&NGhLKx z@xv2wy{>>fnOmi39LBDC8?23unJJghYJTv}o&y83&K)-DfGR0j3@Chzh-kDJV$`(V zT6pnaR7v0>elkIK-6NNc3I>)1mKt!CqPqIArCh7)g)fzD5f7;;;!6DVubav#A~dt2 zoFIkcNm$2^e*lb~!JUf$7h8VJ_c54ETBPu_=9wgCXrEXe*ZyroeCEsljzRGMNdoc} zWq)dX_`>OlESo9m!UkWFz~>(as+x}a{npAVw)}U%3NugwmgFqs`xeSJi1h}C`v#mKFk5p@vLDkq-FtD%U8)uEsa?+%7PE& z!h_YM*`^-3_Y_6fw2;Kz;|j1aTcbT8!Dx0m2w_E==B#25IeS3nH5VhShgg5E zR`Fg`dmx$+l-6kgic>14gwV2-&xNrO9GACH3QO}fF?tfebdN_p^eykLsKX)re$DgO zPj}9|s|}oC#auMA63@@oISLr#>F19l-CET0!Pk%DqP;6}f+gFWxHB5Y_< z{_$ajM#8?Ykqqp@Emz-fB}tCKrlqSo`DxPcv|G(Ek#Fgo2^z4M6BZRb!IEEH#qU6J zISfZY_cJZ3F;RWH$5)L4K>O@B4*%e7?Psy+lC=*U%W1z|7A4i=rBoObhuQp)!)fzg{K)LdfjbOte$&n?S^-{ijZJ(|DYItJVnk5z41tQ0B zf|_By={jIk%G4QL2rVdtdwv^`?7JX3Mn}mPVuo?RDnrR07D!G1_+tK#Tp!PmZv6K< z84=tp%JZkn{cLpejnwg9g}(Z}c0z@gb=t_M|Bx^ASmm3e0T!gTulJLIF^TL%iyVa2 z+kyofxUsQgkN4W~I1&?y1Y|A!7F_k_ zkTPL)(LOCQ(nsSLnE*K%iPH0<_1B{2_UoqjYx}!>p;5j=kx;!4=soe|V%r-8#2A@j z8rR{UnVILEu<-Al@t=8>JzeyjEcKu|8)x(}*0!^l1CKIESrXu^3CTe% zLNmJEc~4>Vx8^uY?iTqvMkirA=-nYAsIm6wZg1~M2Fo(!-X9ZcB~PFS-7&X~SYRfN}j2h3!MMhSt#qB>VTQk_*%lj<#eyK$}+O85C zM|s{^SUH7o%)-S)-kghV5fEbSCXT1;^3)!wR!8ayySC(h2H8OPo`8%@@=91w~$qp&9 zF_EoTou5E&dl+kIE<|bsp{*w)zGaG;l4^Ivf4}kNmZa#EO;F035O7dACJv4-h7i*G z-ASS{m-SRaJb$#%C!f?%s8aqd?whP4FXy_;0$|;J~_JLm77ka$&r9sRJos z)v<))7@4aBGrVt?RJF|8vyijwe`)U-4N@ejVe|*#fg*fvZ(R~d;o3Il7#!a--NJCo z4O_V@1m^(wJi@vW7}8bb*kGqabP&1?o23Xc7nCxqFeJMU(e4zH_enLsf41F#CJoqn zjYqy|qC*aNiCVj8p|mvd;)OKn+XRp|FzC-=^?%bFW?@o@+uKw8>u(&m6T|JQ!ZR(4 zRV9*H>xg#{8wGd7!Z#Dy$j|m<_>2Y2gnVkVP~&Ohc~`9%gV(V>|41P;xt!LvWSeTt zBY9vbnW>mhxE7wPHknjZt}Q1X!5yd7Hr|SC9FI%`ezE@8C>w8Ti@)i>6~FzHNv4q_ zFz3y9TFFQP=gmXDR@f))n(&$d%6#1w*t4;ZgM1|D%8p`h^&U^TE~pFwI3E+$D&=p9 zhQ_$DdXsH9w7iK(vt%G!vLfpvk2CIr?%Pik({o|6p$dbBS_3P@6Ska^fjK{o%$UVi zK>s;LW7&R_MxqOPF_A>NTDQYwIm3n~X@cYP_mrM2=jbf=Z@AXC(6|yPx4$63Ryl1q zi`AsdhMuDl#2&EZdF#B76$K0#dTs!sIc;wbE6F0! zP#ndGMpLdv*BQ_2Y*8@oH!6y8QW4JkEYarjwob)7{w*$DBy*u((MHvO<-}I5nVXW_& z-6MWSTuSkg_`t6Vg{3mY)q=xB{#b8SqD?w~v^`n@iGF5fe1x|GnZ+?X^it|tg zdFyv;nQ1#$S$GFc#SYr0+;>2C>7bx*X*$(G2Ow?1EX=H?zX4;^`&&H!H$*Ql-Np4& zTxKSu^@gE&9o>eNfi(h~f7kd!{WB8N+h9ngzcRU(%F*Ey%ZhK7kry=dZ+Aco<1~>2 zVj*>G_N%7y0Q*HGnj1GS-}5aoNLYb=Bw?TCNKDG)T1qT*H&l07 z6hp@>XRq?olk%?1zqb98+2I&~cO{g8Il0@F?kw6pAE*gql&r8@)&8Z|J-pPjR@)72 z*#DzIE+uD(7n;XGD&e}Pk98N(AUz|!4`?=a+BIq${ib#sM&YSUoH)+&vYKnylsh@L z1fRtJ`K?UM8>3jIuQ_m#m10oAP!s9j0SE`zXQJ&ByO-cz$~TGheTEZJU{mZxqaqJ~ zj=|%tb5vq1%=ISR2cnQ=&*4&|n~ii>G^(ff(yg%8K>CRM8UgmM zuiFCi>SC)a5NWt@eOgziERp#E622RwlZ18BwUnm{N1Kr}mY*ZW(@19y&!v=LS8ARG z`E@W5$^|RCQA8FKXvG2n-Oi_cNAOh(m$IdBthZq6(Bxi`RK)4)X%>@@YOGjLd-)o! zCT%F~K4(tL-9t=}ljW{?)z6ljf9lA0IvL{4#?0)SiZ`3gmBUHq;hDJOOZFH^BGkFk0Ej#hYiJKBE-!(e zF9_x(caF70n^$By0Vfzjzm3+w9+h~%R2qelJCDJqE`$q+#ydikb3TzE$(`q0;uP(J z0dQ)&7~0`QydvvTp(Y5ChLtoj9&|aJNOm9m>YR+Y!1BPguy$nYqTD5q&+U@;<4}<| z1;`__(VdNsU?X1aLVCs@eBg6zWrV3U0i)si<{;Py(*IYL!ivj>1`nwbI%F4ub-G%9a9r*#Q`epdiiv44sB<%2n_CT~< zBZ+hgz^X_4{A^7&n5K8L3FCjt!`?3JN&w5_K=3-H2={cAd_{3VF9g3EUn6n()pS z0m$L5a?NtXwz%udB3oB0CpKGctV6@gOOC7xa|$hwoT_ib0CsTTu}?*giGr~%X33Ab z&1{)+Z^;im!?_eOHn23haI=GK+(bv>sR`Po!V16lWyO>pRn(ag< z_{+a78iDmQK$QFWeu)b6I~(xvNGp#QaQg~V!5uwXkVOnCPrU5|aT$FqZQveMX`}G_ zo8~ayR-a?JM7g&8>FpFDc2C_rq-X5+Ax4uZD zuDO1Oi5K~g<%pC|JYvhk;qlndjSOdZtG&7oMq-mueroa?dM~-=7&S_&?Nl0*sswTpSoEx+;8QW6Qj3a7lggO`!*VBL(m2UtkKONYpF(}gAwv&qXgPxIwE zowNh0$3^n-Rlwdk%{X0N8Umurx@srQvXauOs#0_`tu?0hW;)d*`QDeZ8UALe5lV19 z=5mzkIgn>TP7)}Zyd~ihbw3d4U{nw06EKw)r$1bZlK*Uv^7mk*W^;!fKkEC+?owPM_X7k&D>=AT32qIkY%7CQJ-jSQ-X>A}ERmN`mZ8AVx6YR|hH)fZ}U99%02qhtjQpJj&vQ8Mz zq(44cXMqgzK|bYIEhc@OsRBz14Jf6!?cIhCT*P@t$Cr9>Ez0FunE9FF zMc~U=o)WkXt2KQBH+=R<_Ucnds{-+dOR6(O-nde%jn64! zY);SVu{L@@$+?TTxPl?a*BcS(ueYl9ugacgmqDU&aQcGG@swPN<7a2eh(y9}RHo_J z(yAGwp17DI^KR7RQIf`f9;@HcOeU|k_=Fju?%^sNc7SF zW2r5FLR_&wM^L%c9LO4gQqHTvPoK>sp;!`PTVpH=7&P$v_}hiv<4+yGToZA=lBWZ?bR8Uj> z8eEWM!fv8MUN(Ba^hM|=)2-?ZYretfGt!jS_Y=m%n8kXpg zIhg)$9yEXB&@6InPp-RcLcXT@k~I51nX?lyY?7!Pcm#coNdZ4ODht0&g9`?C=rCl& zWA*<}ewqLDSF^^32?n?_8W|3Ea(LW~uRNMX)3r#^I&caY9E4_7W265=vovo_U097W z5iFr1CA$#mF#D_;Ofo`_QxaN?k?mjCySy?&JLXnp~qyZTrPC-Hb zw`aFs{wgl4Gh;ku`{K6;=Mt|Ad*!VaeR&%M+TIw{?rS>P*$4k|!m6NQ-1HBA-TyJ} z!7tgm>yXiXqVv4vKX}FP{)2hUwW~?!9b*lnIk5?aUHfRXj8Jr~puouAH~S|kt`{oC zor(-UR*NJp(bObiX#MCuNdvzn4Vwb1A_QwMh-S&gKH;q%wisRH&)mx7_G-4qdR30u z5llbw$u1wuxAWNn`y$J4K8YykOy8?w82^f)a5zEU#v;n9>mZiDsq_tei+=c~8W!)G zn$(L#%UE%sJDT(YxX8uLkB8a{_Ea((rBQ`?MO_u$d2FuqFc+gy;qFcSoua#B9>-Fl zT86Hb3?9eKZwa;w$9R+Q!f$trIm34iX42C^a!H$ep|LQziWFy<d?y`dGETc!JdIXIiJ=M9m9k$wa?{IcNPJ`*HYSLt zGed|{=qY8}f?fXhTTvK~+o3?XyOvewnZb8KH)`y`yN52~65FgM^|?uwrt)T8#hDV_ zv~IN00mvs*8qz-F;Hfkkh@wQv&%K0XbXA_Rp?$X?H4 ze6FVE(|~;6p5U8@|LlBwXyY5NQ`~Vx!QY~&XpO?68`(AI(o6OXuauAEXcZdgBPOGm zZDO7E8eaRG1MtN8CTVZJ;J$h(#sezha=rmHotl}1ZurbMg_n0?}8c|1Jl zzc|@;ZNxfrU1k2>F;w;o_yu{t9zM))hh$d#)(!1 zSW8X&q#0%@cG<<@uHr#_jdro}9Yt@TS(pD0QwVuA(fwO*3I0^ZbMT52_n0V~iC1nz z`P6kQNd0ACqWBajdX;xxr^!5U8~}#38efXHG4$ycFNc+5cTCHP6@dQ3+3Xsfog-i0 zMACqXVu@nV6#0GAWX{@Requ*0E}u`e`~EST;VMfT@S1F~Jx4_s)oEzb<8J>SB~|P& zZe0LoGDoY5A+|Tc@5hD?Jj9%MlRO&zm9AxeST&Oha8mT}z|UTD#@<*Lmv7>pWw1?f zWCn=-UQzt|ILpkPF^-v4fOeXLqTl&S?kWj+H!f-LJ?mAl>E^IGm0f`Ph+Cp=)sDoC zi`FzINjwNVBT4nhTe_O&!FhL74v`FjTVK7evrLJXv>eJUd5NZL>M>`X{u)nEvcmVG z#Q3BTmacz~PyfW3Vq$%FfkSm@*0Wj4SpJX-@y=$dp*T!BnVcR6#N=?tk=~N0H?}%C zzk`(E&p8W28skiIY6MFjTf6cAM0EhJDJrf)oJkEi3kBq;Nrol#*@xe`IiHQeyxqYa zdpvk(lv}wysVKk9Ved5|*Ir1gXE7@_M~xaC)&)Pk!<+HzM?V^xUSwGo;_fo|E<)ussB};wb8 z5cSr<(@Z3K6;efHq#W5z%r@hU z*%;??n(|~*F1p*N`$*qd`Ho|2Vvc6X7czhUxj$+H_d9%%{0OVmDB6g)OW%0;0$&06>YIZvcBIN-rDk*xXli5 zY-uC`n~D|oaFZ!sS<*n7eYe@V+wWfc6w2n`>uC|)vuCcB>EO$y+F!x-1O1+2Ft6D4 zLMS?Nq~E4iD3QMHO*>=VLK3qk{bcf{HrR~;D-2|*6Mv4U#!hYGW7HCp@y+(aNkDBM zyvasZ0d1PUt}WWeia7njXwa#LE$}EStJ*nfr9u1^S6&`w&F!NeHww4^G)7kIORM6| zg-I-C9fzA!3`z{R{e1ZALGFPR&Vjo)aw)f9krraJ+le-r9=#4LAbJbp@Ut4xy|j*b zKs-LoT+xJ^2)3=cJR%yg7*a3-wACY4`SHMN1s## zq@D(Oi1}`44}tUp^a2+tR>PTQx&!TeoR=rd1v421M39P;WEaCN4_(rT8`!T_27A3} ziTkx)+Y(F~F{4^ar5AvYH;I}IC2YXV>pv#5r3uzi&jHmOD~Vim=(PE{GKmJlQBHGX zQA|*EHHVZMKT3`NGG1dl5d(Oo`KmSFGTmv!`T1&4T5bc1`OZ8mkL2@asM?MS( z>$KQ=H5SjkcYIQo2yU)}gA{Hhj0U5onpF_K6WERLzmU9wFup6P^O3UB@R-DAws|CL z6yE==yQqF4=mVp|#o{Kzt0BO9uLd6m_7+sG-S=gFQjNsGyJsvm2#?7p%5@Ii_MRKl zRoANe#t&hG6hS`^Z}ChqbLIhjXQj4y)uTV$b`IS5ub;S=&nvw`bQNun1j}+NlS;;^ zmjmY`hIV~+C6Q>p>t1Zhi8i^){R{Wk&egsh?#!bcc z>t3c(Xh9_r=bE^DzmZr;0o-27EVHJzd2R?#ln&6ST6<)_*lCBYF-l`FpCo9LXmizF zI>bMYwjW*yZ(;N7TAC#`%#8Ht|B$0DI)IV=U2gDg`@~*ao&Gmf=w#B~FY4}_^N&yi z!9SU7Bz(8G|$T1*s;(K!y z^mcw`WL&B?cX89u`rA1wX4ao(Q>17Fs+8QIF!-@e~xPG3?aZevD~O?9@1IQ4LWcz~6Vn`a-W!G(%eZvWrZ_!%UPBJ6Qd-01B3|6- zUG-;AtCC6=FJQAydr8LETRGIL9S3#{^-e=M4PrIH$8Xax(4*;FR1spayPTmmu2U-b zBCII~TF|0r+ zH#Y)Ti<7(E&rJq{x5d6)ynlT0w}<0F=1ZwOrj`IkjnlC|9@;_DICVre3^~-_D111R zO-;#G9&U0Kh87xa>BH-??@UQZpq=xU_F0LZ(GTaPbA+R751FSf40Ov3Uc!AJv{r21 zP#|8lUmCS9GwYN4)TOB<5y8welpo{IyVVM4%?|hPedn2hxSQlC8&$IvBu7YLl5eUU|eQ};tAb> zS^gauz_(sJs3t0w6_yKKHKuI#{c&zcT7)pH=-RvY(b% zeuyJRIpQ$kux5LU1Hs5Zdj$BzyC|n~5mlsqiPvL%J4LON94!kK4>Po(1gtjqQPJqQ~q}J2iZApS~7La4Y#g9vwB~O_yB|_9^~jNKU)T z#L3@PXzH6{L0`mvwaxB5EhWX9e`R00K{R&G?~fJLqde_3?AIO03tj%MqT~xdNc#;V zE3!y6M`WA^l$hF=tDgM-Ps{6j=Dj;lLZQ}hNSi{ zigH~Lu~q_6EbKoIluxL%%_#~8-_ssdY+IPI$$=M1z>hDTTPO6 zYi`zCNs`|-dxIcyxg|QI-~5X}X<`D`#N>Q39&gW^Gm`y}OIbRX=WtUbtz7c~y8uGT z42V!oHs<_|^v=P6Ntx*Bay={O-&zSt%BsxZgz_VIVIOiI z(259R5Ojd~MDHR7p9ps>D(TW^eeJX3fb*^@|F_ix2}a;|VzCfZJS4$Lud0&}tZnn+ zI6OMg_Rag>)z9R5MU53p9O+4Mx)gY~+SE}TaSjlpL&#TNV-(PA@0wBaUlhj--I|Kn zz3J7n2M-t!vZq>RetZH0ZZJt=Z!z{>v%8{Xdy%8#kH}u*^X`vq^5?VW>{;pB04R|b zL}4{g|26&}(_~L9|6mg8y|6Y(aywOT2n{p>Jv*)Lofg}Pn}6lM1}zU2m}+3yzbk}V zJFmwderfxAlNW;g%3^TO4D_x2X(Fy&D9EHc2&@2NWau@G|HMitU+qV5+|O5fHd+Kk z1!we-Vw&Ji5o8W1X>B74we6R%ra5ia3o=T|;|2bf_2qg&0yxnbIU9>h3cnGCP`mgT(q_=f>}%rEz4#aTr~H+rc*dc z(?4%rANOVKwU;%XOUR;RxLep0BJ;W0ABfie);0$~=SK|oF`X-|G|Y28m}q1$eYB84 zMlyJAm>yM6DfP9fzI&BfwX8$gARb!ehUm(VL9nA7(F%-xjk<)ok^c-9PQ0JAoK*0A zKSU&|hjh9TF(a*T(FPh&@_$X*eZeBL%R0{ag18D@4UD%j)j_*$-hx z#`=y&0<97s@Nm9IZn@sLx@F;oSo0#Q_SUqhF;!GNW389?=3&_y_mDxVjXPv1fAhFH zJbl8az}IZz#`{0oM!DrgY?5%oGJBc+>kaQle%Dem{+x;x9R})qpuPr|=~U5Sw(tAR zM}?DoGIe?M$_5lgVni&tB<0OMq{Ay}@I5vv%DFEBG&iv#oA5TEviA4J+=}u>Sd!V- zXK@E6@WmBM6f@?1wYdiN+M1`S_(>@~nLuXh0yqd6zqGbgFgIqo{i;4krr(vL3 z?fr%)1;B?zr=%Wawo%3e&L{8FulTPr*%dJU1RLK{KwNGvEv55($so`iAmmoQ>-U?G zNze$zTQ#3dQ@Ryl67Zd{(+fw5RWXN!H(1DYbPmc)4maPiL>A<}n8+kqQ}1zB6w%pY zg83E~z;e-<{qWXRkRO1(95dxn@uh=7MRG~yz5B2w%aZ5jBtwM3IOrOGh~ZcYevqpR zJ|KdfoYCW@X-SbVU*Z~cDbV_znPL&bzCx?m&ucsDC~*~4#N4au?R!)cI#zzRLIqO9 z-w3I%uU<75`L^}Ex+{L%gJkTD>ogG;^cD9N|BGrM-rzH@=>PHTKSq16Jmb3g*9QSr z<>nq=?{=Pg`PcUT=XZejzRxJX*Zr}Z3>FdGR z5IP!|1Yu#WpWZY(*r|@!#o`dq(}YkKbm!MTYtnLAgwg zrlHF3Jhf4-I(B*Mgjyb3)wfzbDs7p;7^?R0>D!T)#33ZRJlo35x=gVgdvhP1{HRX8 z{fV|4>#9po9GvQccfkqf=jGcwMp~rDI=u7tX2=BpWu;xPsQy^y%YXDxZ`^))k*tGm z!Tw~rd@8KEevxKu%qJUsg%N)b1D*Ww_u%u-pZ#-D^Ir~n&jIhY8=5hTghTMc(W~0P zRYongNl+rY+SzR;BM!bdE~F?fGM|FmFs4qecOKem2fVMb#4HKj+i$KzDeL)Xt{2SX z#PrQ#xZm1S`-?k{kK9IfBkijzQ2Fh50STPXjfLC5alPmIgyL?CK9_(Oy0qe1Po$72 zi(2)(90b!v^_^t|&*6kqg6^M7^iPZIspADt@D&3VJkMePBzs{52lOC2dZ|T@(`c^b z_P!-=vp0}c$!};{4x2IW&mu$V=IUNmXeo4c2e{r|@?h1KETWDS`#XJ%LT>chKP`vueG2kRm{IfkI&@^5!FG=5eC{8 z=Wm3;KWYUJjN%S}4&2zR^{0cdv8RO2JKrmHpXZZ&cHzxo-8$BQOrtk@6$R`eqm<5} zmob{2!Fq5KmrJ*xP z?O-snJLl!FOL|cvngOm*zU%{6u8TGoqDC8;W!_9=H+vaTu?k?zrlj>+Bal`M*p36) zbj;lxGjFE10!{1=g7KA$M3u(o2#hmw69G1X%kf1%R7sA)5Q?^4G0c^)yZro0PIh)~ zL~-Le2{;g496ilV{);9ttD*J<2$__d${Ry8Ep2p3dT?G|u5(D{q3o{SGxn|lt9IZe zHQFM`1?2p<47+aJ$za;N`+r(c@~<7#_~_%r#U*9B6K0VRyV7Wmy!xb7ri~Mym2QF% zPvl(n`4=BDrE2p!R^GWcJ5>|?68+?med|JCd#Hdy`#e)}En&+A3?sT<%!E!FL* z$fALJe;LIedN!Lc-u#aiME3v6sQJrb{(rnh1cKpFR{uSj%2KmBImmBL7=^JWfDE+S z&xc>ENF)@3w_uIWcZ*NP#bC!hNo{N)(|Z&3e3gzSPpbH&Chu8A+!n1KhI!#&69(lS zI-|o>io~Es8$+f9oy_shV;*=r2dKW4>mPOcD9@thL888A+=fq?DP)LHk6kzO8)zD? z611NZ!jR3MVU4}_P&yf=|PAq-CAf;Gq zY6_Xi%A%a&Y47^sn#*|XGX*)Zs;DRnR8**B-~F9_k_UXr~vwWpGvrQT3#>ZWMlSP4@p(^NRcXpYtzgS~dTmv6ILIPO4A6DZ56y z@aQD$CWpx^Ezm~(mAyZ2gLIuKRH8i6p8^@8=)8-(gh|7v;ZL&}zOtEO;#q)>janX_ zO4>p2Qe3}dnOQxqyd0u6G&& zeR?AyS!i|(1}&JfEiQh?xbbjV{dLAr$lV9$C0GZ|9=1IVi{SNYAtNmQ1>ji4pb)9M z{9iXr|DiGd?d=t5sO*rc-9TENzGwqw^l68C$(SfH$KF=LL?=x>yr#+o)(KW;OYU>} z^9sM=?_ZXELSi-VrK$p_Ze*7ZjLv80YdRnY2aBUU&Gj-XcFK#q_q-NWJD^wY-){Or zGBcxk2Fz|R8nl_0;MUjy#@mfF zSs1R%pEU{yik~(^9f-NxQ}XocwZ`h+UIXwIqB>p8I|2UX{19b}ouq-HB*>bZN_=_o z(qN9Qko#m);Qx!R=eB)TGgDqQMBp3U8E7w{5>m20mA5+)!t19T-_!|Mf+akBbP6@h zg?Jg(s#a-0))MCRsgxY&os`|cn-dPB`n~5>Q`) zKEM~de13!PkbJ-k+NY^BM8JgUp{WM}X9(wVc6F!4yK4wao>|-oL$L|T%?he;~O@5nMp}W;ps|x;w}Z>Bb4kTMTKrQ9qUAlzYY0_G;Xe_N%fpB zO{e7^x??-Dd9xGxx&v~<+v&rfOpb+cNuL7eck09QzU4BwjOxRMH4TuxsRGh!{7#z} zw~~QtS|}#!vTDG-;&#Ew>5ZxGpG{;$*8%uD1I%@v7`qM!GPVU{PbI zsa8wvDI_)O%Gl&<*Qtl!sq$eXv#~LvnZ<*e_ljmLS+O3r9XOoZKa5OFjCJU~S*ZL^ zCdP_W>;y4d4j?Gy=@*9LPI2E;M5NTZoGZSSTv`n#FvA`47lLXow$UAu6OHNX zJpqviXO4a4!CSGXyqEK@i$I#4UViGokAmfaJo&L&Ho*cr$jyIH-!U_>{$%=F%sBJ6 zDDj!Z|H*>l|Gnp2iVaQ?iMlqyK`yCHUp!yl?_A?Rp-|#$aut4$!JvDCk~f4*Kzk~G z%P(cdDqaOKcObj;g~(VBO0-VN%smi@kR{(XuzaIb@hLND#D560?kkHF0O^AR%LP;n}6B3Gq9zd)}3k+aDS`ZKt5)!0@5(p^0_k<22 zy(IK5%$wQ!>}O`r-us-h_c`Z%KJW8B`D@+zB@70>;CQtH$3}D)~93yn{r;YC5GN6?J>1+6i z)T2x3Gy&E4wy`%XcqZXc81{Y&>B79c__RBuiuC2&#TTle{3t+e(CZo*nv;oTV-F1D(&Ba=T|(%Sh1jmB6*>EkzHY|*I6hlgZyxlkV*)GKO;1u2DHg`Eo>TMPo5?WPOda(w@~^dNwhlFhQI znx5w1Qj#HYQ4wv2XYQ@_V zZ;Ey0ksjrG&0W|%Hdwri;xm-qJYHvc`)vgiEnDY)C6p_t}$ffFr-50cok(qDr+c@ zdmlsHKNoi`uXtVan@{|V^5j{0O9x~%A!CjZtu?_nIuAJ?IT4&mQMzag; z{>N?gYlKOJ5dC6B$I@7{2ugU3O(0#H_Am*}>8TzzXQXe0zz+!*>B1z514^(98)Uzg zzmOq$U;N-OcxI^JYkK^?j^Mdv%fhs4y^``-b;Sz6KIkz0d3tuqN&8ildJFc#;4QVL zSf4HIqidBL8eeLE#T{)*ppZ14{fs7ciFO~h*ICEgAGG{v%&rA z8qaYbzRhMUG#Vu1f{VQIe<&HnNAYYH3 zETi$l3W&$4y?0YRkDt5oSSS5!E64X6PygHt{k`s`1^>q$>H_!VzO2#A;d^y^kt6m` zn?7FtEPL}i#j{aIqmTXJi>UUq!0)TDnO8xaBr~-bxDpwTI~~Cmo#(DxoG~q4TGvOy znP!6q3o-muv5eunX^BuPx z^FIRBd-?;3uf|P_^6W}k**H|DJb`QSO`yu2KLjqEN!|m>S25#3eq7GD*SAWIw4YFL z*6~*<`o;YSt;$W{is9IX7E*XaC4sQL+Ic$J@P#d~)VUuJr0aJRlraC5ayF|NPRT?+ z>7ujjr8)DayEVGfiUPE4*ZXsuxUZ@1e|OuiWvMtoP$nR=0!qGFg3=$lJ}h^sq3U%3 z6M~2h;l2JJ^8)0s6?0fqJT)tGDDidw@O60cxEMaKOwu(@rU$x^n*hL1%-K`lBY|OP zKahEKqWE`9K%03VA-NubszKPCo+L5bbqa7Q~tl? z#puj}1AJ=F(z+k;M1agdz_abeW{lgzw~yQ2*)qhW9o$=(%w@Ck{Fjem0v*QXqdt#a z7{)&DZ${$#^g)hW-L3_u!vJxg_RStJyVb@nfGZ)?HD04!wZ{TLFL_VJCz`b2JL>1Muix$lWqrBVtqPaJbV;C=Nc#AOL zrBAju23U2R^iycuiI%MqxR@D532ZOrogY{oz}pWv)H0p#W;*mn#eWh{bY^CWg}OFg zY9tqpx`FtHMZa$i2r6i8Da~#->(d^Kpe^LiYb!sCneV`U@vj>&lz47m;_90rrsu}J zZ^gM`BAQzlHg~xXjp{8Q!G+W|M_ZIkmbTeFUqmz(t9(;xJpRKf>^Wr)02B0~B3H>0GD|BJO&%|@qN1B~5eAy<|WhMnCUg$D*BKix1{oLfBK$7IsmmM)s zv?YHNlu_QopeSRMCh+M;_}_Jd$pSOp`*qU3n`D|{IWG2 z?78LaMeu=XeN*72#PR?Sb*X1+q!rc0e$!Zub$ae$wI|1U(tz*wy8&89)h2qb?ZP#=GO)aPh^^i8 zPkI7XWCt^Vp5!h2yHlte#sMAh{Gq`^_+$Q_;q#jt8uwHM{M;m4m!&e=+_q9Sxv1Te zqNCMmbi`+HRRZ0BV`qFl_y~MUKu%5rKuUyAK(tsjrcoFXZ zE=;2;EKPWxJ`}ozd#(%to_$ zND{_uMH>VRf!x|VeVPw)POY$C`?!FBsKIkA_GFJ@20FLaqJhHkr)3tc363LC#ra$G zP27RdP&MHt%F($a+&+8wr^&9XBkIcqlHry)uU4@?V~Z>r{CBRBD{Fw}W9wAkFP9Dd<26 zmQZkHy?e>L@g?Hhv~f{q;;4v{A(xU4VI$>D&)xw=O{pK(HHEpz_)l~R2N|f)n#!bA zWfD&gjqki!NJUnPa0Rd#4CW+HZJ0JP>-nTRF_aKTxZ3{h%H5b~3%0bMiS$!qBVQuY zS|U!c{^t7p)fYjDFaz=dBClXvvbdDbr{>gk_}s#TYZv&=7SWbJ3MpaJ2!wF`S{WY4 zIKrkKi}ilRab}Tv_DRXrd|3-6-BlfPjA&6DvhG9u;BFX0LYaeaBu!P^Gmh886)J@4 zQuULqcjrk4?E8$%S4_#@olo9al?b*%2YL7S2qU)$Y7p4ytRLUM2r>QbWd6rqQvbje zG~(ZR7W8=@@4x<7GW<+0d8P*aC z>*?+59dx!!zG9IVqd%E?5KzxbbwVO%<-EDdup(oC}%8uSpz<9l(5LQc1aCoI49tzx{Q z$b!AqMqf<%$%0yNw)$J1yOpJw`k-e|lv4=1jlUc@e;j=3BGIns_Wijenq)6QA;vIE zT0Lg3eD}XWocs^2|;aoHzP}2ROmsc+{I;b}lgz~fJ~a13w}PG9kaY|+XN!2x0W^C?XPg-; z+-q$f!*B?^N;ta~qtP8YpUm zGTwkljPmurnYqIA2BI~ai@Ny!x2yHX(lKL}kS1WWL`^N39;a|K@XozGHf^ zo3u;+34JA6kI0VAp-RQ>2H)e4l(ogT1Kyfy)$`0x*9sA4N{{o4J3h#|C*xhlMP0gu zC9GSM*%UNfz^>ckeE>Vc`Qe-{IjzWS%3`{zio%2gRb5tqkF<0$g*~OAkHf-8=YEp^ z{*TA>Pj3IWza@_xQH8}UHEX2o{k$9Xcftd|#tQ;C!JzxOqTzMyXiO!lDXdS2qNug; z;pr+_=p_QCNF zASz3^s)P_3ts+L#~yqzwqb6&zP{Qj zG3frmUS2T?*fJ@S8a6AdpoEX|FhR}&!~x;+_vKgQ@&a*nQp%f}rLKr8Rkp~``(m}i z31dI&>7r$z5mBU+;t5e3V`ckA8>{gK7liM$-@`J2hkg7ogvD0U@P|>ka%!`=Ut1+g z*P49RyyWheRY${6k>u)fh|WeuE~-0>lOah$c_b|u!ruEccQ-8!&ksEszm^c^+><13 zr!FPxWgLg3Yp?TH2B}_Y?r4u+;QCVS7ns$#Y4V9%3|TTvGHklm@dM;a$b$Tx%!MaP(RHLd6W>}t9w!}c7X&pT2SUZ%DNZ{E-exdb=+Yqkdal%Un8DdLq)a!h z-GacuTxYZ8!U!zPEMGaxw&wWbZh7~_D?JB*tdF_Ov(?I}mQ-q^mL#?Kt-AP!PmsvUSK4|0Nmf=2j+g}$7?y-_3asGbrF$cVT}p$;w0N?c9# z>($}D(YD2^M`gq00pIMXhilfJD&FR2^Tk@tvisx&h!!)qIUhfs)$0|7N4Ca7tkNWP zl$yB8M9;~OFuq);#0U>z%k6fwD@?^2;L@-d6bPezH zJIQ%jI8Amu+6&c#)*p$6<=h(cZuyh|a&C<0&VZC<=WwA~k%ZNVm#zhw%HKl5NpoNf zgo^}m>TOae&l(tAHypJ|6n_X!|3)%K8C@V5OVKB5y~oGr7vmD!wZMTK9FPF;T>QIh z;=p`(0Xwa=ncY`j!`q>}2$#9>CN{IZ`>pPrJM9ZZzOq$=8-kLLv*-2R&Bu~#Z;^7@ z5cjXAbH^O9*bSgl^S)cML6aD0Hj!W#nTyI$k3uA-9@(|Fj@{fOLSZB{z zdfx(3_AfrULh#R){1VRPkd0~XHr15HodT-1uYZZv;4`o8!soVJnfpfOUa6-Fzt;P{ zL>pkDmWy%hr+Cx4IES|*s=pjL@YdUx`c6E@VLkQ|X0ja(r>Xb3@<0lps^f;plqa|C z^R+D`oU?TcAnNncMj%1#Yni5K_%=W|>0;)eJjB=v95L(LLsyM(gN{x`OO0ahKOqT; z)Xdcgh)5z|GfxjG;X8tu9B~CC#E-0ILrOmqK4~}`E_>4MHHr2FgBlTXy=HFRKtzGc z@DLsU%aP^cTfy~Kpc;aNDoe?RE4Q!sW4-3MNVy)NYe$ zcNPz709P43_rjurkoq%}#a=##2_B3q32dk|nfcv?#{_|WYu=Z}@N3lZx+1kQwHS~xm6 zx_p4nFCfU=0KG*Kd}y*fK-pZzYF4I=eU~Pqr@#5`p6vG1x$PH={7tzzII{Jf=U?V> z*jB=jkx2rYti7y#clHr-8*svbLkCff(mW9frrmV; zs{nP;q=hI1^?fXxH#hwNyg@YX7u0<5(9*{(a~dyOLJL07Oka7a=;Ujb?Z9fD zaTz<7&3yTKT`}7Fy<)#vO8 zzIji1JEjEjdR|pH=@Z+OYbuhtA6j7litT#wTC2{(+;rqwp~_`ny`qtj3ypF!t7)To zC1oVJEs$6VG@ELTL!{rDx;wyXIng%HMn5U)2gBcXNhd;qbQeFb|cyKY<1wC zF1He*s~I`fdBCc9vdY=1FdRxYNw zxN=L>;xf*xD7#~Rntg%vkJJJc%x{u@%xOg2LJdV&AfrNG^SlcJvoKX^X5_mj+J zf4*1U9Q&iz0|KU<81f;pjYd(X1-W=$%v}~EIs*MQv!}bMUMoS5gTHSMdE-~pgMt!0 zlcY7np+=%1CJ0>`cfk3BCLy`U<~s39meb1ovaR*o1|p zHHC#8zn-Zqf`g%YiN0^=(U@zJoG0_+bP4L2B^gcOVg_1a;Y0d|Z>IgVv~(zV29V?) zJuWdS=u(0!@Hbo7EHDl^JX>$2w?D_W(t^4Eas*V;xpeiLgl(N7wl3qBBh>UAAvbEK zOOH0@z*^OFBz&h+bb}-q9ullEb|Ull{lbOmWd~R9I3-?2CR+eeBm4xY5dkN_2d+SL zjX77EQVZ{5qY?3I0KaQO?BtUZwLvtPOoe2vFpXZ4Fp9`dC?Wd^6SU9XGp8+tkJkVR zwDGXB$Et-8kK=hg-%=}~p)}S_K#ATgdeb|>=s`az2 zp`LwWYIWqu-UE^TjWrmUUgAgD|y411Y5EgNl_ZuUv@vp@=dLDFL}M zXK2x9MsDg77<#}vVQv1h|GxP{-q=SAZsVt`#qB+F%z}HrOmhH!T%H!SLve96jhX&D z_QUV*%b&{M6^%%}hL)bdwS8nI4pjg?`Ie4dcjt_ytebX%R2<ar0Zj3oP6uN;)S%Fn78$R#K7vEvC0bR67o0$X;I$q>gPO_&QIu#$&XW zk4c}n$sAr^c|M!$=`)gmb>==xwT0(lu+q{VYTj>F%lSmQO)_FqGR(6b*tyoyCK~|Y zh{sZTjd<9Xl-nilPRlQ>T%;9H>7Ka-&?EuQNMA#883Xdj`&xrCI6jM(cD+Vv^at~g zGmeviHXNxu`plHX4mlwsft=C{T)Dw&%AH&eVAJy4vuw5JmB36r<$LV=R} zlj+JIdD>K*slnyUQ$?15UO8Gl0vq!KF4?z7`XRWezD~A|mUT7T%m+yVYl96p?n`N| zckHt>UnVa&XuVC69q$a-le9_bKJW(3W;QJ|M5Va zqXnFI@qp#$FLQkv1=E4ey{+a?=kJONjQiid!Fv>U*GEew&=s6dEN*OcC+SK#yUyjcqD^L1h5+fy$kIu>?2mBX&Tr@)5Yb1_9F0qJM0 z+L{>hUZO@uO3jV@`6uzNRtVvu>78lfjYfo}C7fn_+cN`i2atycWa){ZyvA!NP1PM* z6$vAd-fvf)&U2%CUEEWx=L_`%Ri>(~^AN_UOeTv<24D)_3X2snk@HfePjn!+*FW++ zP+HEn`JRUCLC=hoOoq9HY9zwO&xrx!qA%w}OharTxA}jjtW%%V7i4RN_tBC)d8JX( zsX^37)xlj~V1)(DYG0^jq=mUe^5tvkPK&y|%2{u6VherO8dVKrY02AJu`ScH2}Dk1 z(UY2w_rLU?^t(5j#f<;HPONGE0h+#jkL;&=1{W*~_I*qdMJwJ-7eZ~8cX-8KsYNAT z?_z%RK&{3(4H=OFeR4{s7(^h%Oer3QC%|GD{Uw}1oa^^ysR}@rSI`a{04rseWj%NL z08@;F=xGXAN#%y)XKUhwY51yFW_!jeT?ZWsZhXcH&*GOGP1Ym?C0|>4ou*cM6*VD5 z16@cPa+_VfZEu1MBgklB#Ff_f>(JCJnivRQku|R4Mh@V94In#Vuolw7L#>f4+#WRxX4*FdJ5X%rUi zmx3a1Bsc`oW8n8F*7=K)Ob(mFbRaK_^<}y3M(>nAW?3)?6Kn7*cuZGhci#Sec$>D3 z%8s_@bGH|I?t5JC-nz$)lfC`;LVmRY(56TUOxZWk6aeCIPM)HakGVZRy84Vdj(FZ~Q_*U2Jgejfx^v0G9+fkzrXE<#i+q&s&1zmr-JT{xBoL`!n zIq1w#eZuEPd%H{!Y*{`4RPc^60J9 zs?Aulo&~Y7h|?*QAPTbHu*n4y3tVHTAp)(Ybuw4dKsA2J-=I?a%{E{`oL9_zp8XZ_nqzeTK+1F zn+Wq^u_$2q=*agPh|<~~tTbPRky2#^Hq>wX${2~cZz*G)9iR`QqK)78seGrR9TGk4 zMw67+(7PxvF3AaYg$G21qm)NB7rju}h-kC72Ma}Dp!g^B&rH@i>H>u*`-!x5#`Vo+ zSsl}nzC_g`LpeQUjk@`*k&o-i|#=Z-nDQ}7k3aHm)Etc-CL4ezykc7xvJrNN$hd~&iv3(4pi z&E4Yaix+v z8gJ=wd1g?K{ORW*gruK}?~m}Dyv)33U7ZHEuG{N2ih5{y@v||M@Js;UaSr1fm11`Z zOL?4E&Zq4}UDk|{Xsq$zrd_8_6<`y&QK&*v34po;3%Rn_enUDYI`zMF`xj4fw;)DC z=k<`KW_5$Pgn4n-u1?k_GzRUj~H+QrfK07{^k ze`WE0ym1qL?#L*266<1IVT?d>VJl{^EP6kDECUK75x^`jhgTyK$&sT&3JKep(q~#t zJ)ZuqtNFEf^x1qv(HGu~xJQaPDqJ-Zq3JfX+6vi1?uO_zdp+KrG9)nzY%>c0n!jRA zzOq{B_m>a1xA=|#m&zM-_fs%muu5nqd&^d7a6Z=u_&kewg|G9n+A4=E%&K4}UmBhZ z`@{bJ$<4pB4u<(J&M*G)5&SRX^tQyB)}5{00xCcIO=7i>w|FjY`kWN7 z`-aJ=1GW(U7E>hZ;o!Nd0m8CSfeL;AqVah2fyZ8Ag>~cvU&MhP>vA@b@XHZkut5gG z+EPT)L}$*@X4=Be=2a|dvhBcKry7GOH+*fiHBnl@(Er-9oKbepZOhV(y#{r8njdpf zpV-ngOI5cz4DqhapO)v#c(p=O`C^~xh2jRXTWh6fqhPcm8!>o(qI9z~Z}QXEGC`#{ zSsbuQX3;HnXU$Z9@Y*BvL;crxr|o1e*P$2sg?A4h31TJ%Y`DwLlMA#eAo7!JHp~gqrz2jQx$!v|N(gm^m^`k2)8gf((tDs^qUpe1R1$0<^{r=vt*wk*k6v^<*(~MH_rIhd&H#xjYwi{$pu-*PsZk>ukbMlP7RGd z8s&tDO(rjyC7F2JTZ6Ab${+GV_X9Eb`DQOGtuVPBBp~T$G_tjtrR)gaQSSEFs5t-1 zIY&BbZdt*phN(h=#PEYDRJ8)s)6=wYoWZ4jdH}l)U-#2$C03 zZ%w zEB!;#60N%nwhbq4Y=6og?09L+)G#YlIp^q;Z{%5VJZ_g?KgJOleCA797h#XLFt`8> zVcE3C)OVOp$c!=~SVp=lB+;&@=T@yhR8GAqwdKytNE3aA#wD}ix`7;lkE$~8QHBs@ z>rQ^0+WpEw*Ih1hPUFu|XO{2600WS$+;m0mQbDj}kcalK5w6D%%WTGr#SNv;{5*e% zeyBLzjf$0U^W}xQ3`HAqvBf94Ktg)Cw$|6D@&_+Ri-+$NuN&pFw5j%QX@&i;+HR(s zmRxtC4yAd7q{}u75&p3gJ$pDT_%wtrGrkP(#WzTzdT2MBWm}&F$GTKWdN(t#^SNyk zhSgLzH^TWwc6tD>3mnkA+vUwYQxjH%w1szGzWd*Dsq-VWd^luv-k*!*Xl@ZniE5h3 zUuLsHGyp#yc+l`z&i1l$4ka_Yulc_m(I7q+5_F?q2cpRg!+qH%1f7OC$Ex)UO>{SK| zb$dlpw>HWZkp$f7%4Z$u8RI2ss2|X`chrs0;f+%(?v_#sFBN0?z0M1G@!!8mB6 z#~ji)kWq8yYiO6qr8BC1Rw^ip^6?zhgde?KBzoLb(z?a0{fl>ONn&xd|DZ(r01D-1t_>9qyn`W?;oMqlJq59 zAB1--aVbfkETc$j#;$8Sm1yb=T7}mr9mJcGLI7*;kZgTr#Zzb8ON7llP-kx>SQa$8 zHte2|!$Z7E^qCjpw}AsPX#@fttdlQ@h2W{Rrx^Ei&3%Zb%do|Mrf!39fu0IUaWkPR z=Q6{8Ha5;!m+$gSLqR5xKsjMHH{uGgo%799wN_enSn&rWke?Ypu%}1^xU+z7DNlV zI^rJk%{icocc&>~_{_xsk7DC0EhD8iHx&#C^7U>$61S4LnmBD1<#OEDWiN{{?<8i7 z*(k>{TODyeey8j04rrGBV~tAK^m2&Not5A+^(2>)BolBK`{LSLqyb&Sf%oK94Aj2$ zYGPkq<}0)=K-^Da{3AbpfW_z4ceX!ZDC7ayu~xXyn#pN{lu>b+Aw|eRY^Drx!qQXf z??H#9)Z{A97V%@h)6 z%uW>Q<-fRytopp?89CW6(Mn}O5{PPQqMPIeb1%7A8FDNtbvB@dwm@9L>R6YKp6pz1 ze)C9K=A{GA%lVnA*$3IVct8Eeecmy43q?Qb2{VcFZQqXwK_%ge*r6E z4Rmdd&bUXDeR>kUQ^S}xwyUbv^SDP4!lq`FRJ!fK;(1bopQj?-w$5gmQjE+N))Fp8pSIbWBH!l|~pr&?&rh7(;d(iZikq;Cr^N*`d6a+b48Yv4Jqp>cL&&y26x z6K&^T{CL>%b75Hjr@+H|K8S;x4jO|dM;-ra+8XgOe!KgZBR5J04-?(e2ksr`{mbN4 zwYR4jC3dj!%MpLUe>B)TCzL-7>ODZ_y>FYBAbud}6cKG7wYy3TjJQ~hmpeqHifO4W zMDiUT2g6G-z!GU{nr@fG!TH4H&|W=+n?v;T_S}-Poe!gBwlWlFHll+A4_*c%Mbso} z*-ocqBZ=$vo_Ujk`E~1OxX#VAd%b#)mqB_}SgVRyVf(__J~Lef2;)#k=S=9P=BAo3 zZDTHNHee{>x*bX_PNuols$U$L$^PKpAKYaSb%D!H7%vAEJLsr(4;>>$?v+S`y(d!| zh^^y~a@n>+;;5|)v)Drpmf!WN4H3^FNLijQY$natYJn=ArvQ@lQni^yr18AgHZ>&n z)$0o5OptW24S(e|KGnY(dVaf2s3xT0{Px6s8hWpiYNQw=q5W~a##?JJ{CkJ932`~u z=zW;gJWr8p%tY|D$nl!4(8_+aTZ8W|t_W`P(5;*Sbs^&C;M{Cu+%Eq%=BvVL5>pFJ z4n$$N%&W^e2Oj*@{{G&E_(7NZi%o&;TL#5L^;-{#<*#qrznwZm@9w-t@zIamqWV52 z5D0135@TV}UYdI&thwQTDyM9m&t`6mT#pncT5oB$h6t|^(ico`3>~s*=*E8{80A+x z@m9R`RM(B|NVDc&$<@`5NdGH*QOVP9Ab+OZHU61_2l?rg`JX9wf`4M*U4a}Cv;8wD zFL1t^%l6l#JWTMPKzTBMX5eA&|L3bn0>;!_qPbn}1JLBlU>hf{m0J!T%P+E*Q=k$8 zW!qJLv?G_Ztcq1O%c z5D`kyybjX^}4RkVX*6OY>}cZKDIY?Ar9riHDXD0EPo+w*H{APO}Q}WefXiHRIX0Xg$edDr*Uz<=|4ZB(`Zajwo63Y zcLU6-^j6_XCii0aBC#P~F6J+lUB-r4&kBp5YE1iq`|(YIEByvi{a+1|5)vH2{U~{Y zF649oM(!2>`JwO5vikK))#c6Ojn@dN*VBJH`J*ovbz<$Ht2yTFS34@bMpU0GW)Y!E zF#hJjw&u5aUTn{7-3I#Xt6Qf5PTj_zbOs$UKZF;EO#7LRptTIG*p3ha3li7u$ywM4 zbG1A?x?9N}Noisa`i)I#Jk>qUq-ZEbg@5>oM)=}!t}%XWttGOw&%noA8C3>@-Flav zNGNajHnbBaY-b*=`uN*%{oRtme%si&7p{ua)OPo6^$PV?E|=AX(|b84-E0ggok+y$ z0%L!wM69p@T+*vI+~E4L4gVCjOcz9KNO+9n>(wiuMO*Wosw?$~a~7 zMwO|ig8(x2vodBvF`^znpss;|J?QeK*XstBXj*^kRr-S$Ou{~i3|HgbrtpV% zUO)x`JZwdod8p!f^QK|Hf}_*+lo(4lz^!Y@P=k6Cr`#$A zV*c;%|8#vCLi>Y<+3J9}9%h#P_OOjXl5OrjtijQP;AlYPDOGtHbSNWaDxh$t#+$G~ z$P`xAMwkZu4#pR*x@5~%I!n^sd->~c$S+FfJl~Dc2Hp0^b_A-PT|$`WC{D7m1sKQ# z$0gcN@8o++Qct*AoVL6C!ZE+RzX{{Fe*pD@1(0k|IhYYbma!EpY!_??*e0fKSD5b@ zn4@z>=^DEs4-VI!5}HkG+_rN@e>oDfBs6ya=-vG+%U_O=e>pO0^z{OH)Kqm%sj#^( zY%KWX>xAH~n10)@Lfg+4erv#gXI-6*t^FVR{0@Ecf08QkU-f4Fr{$0TFYX9gL>UupXv{k+CjOfzZF#&K z!Wk7p*?0Sr({5=U(ju#$3ve$#PH#^rG*db-cqXcoxgosUVWSkM?KRq%-0w+0!H+~#f3AO^1Pnd89irCw~B81moX5hR6SP0_^#Q2$=ieHX= zUCBIhNnSg8xk##jF{z}T?&gOuXyGws7@KLL60S`8W#`++8sG0#WW?;~Y`ut@QfU7n zr}st$SDINS|7m457f_OBIL#_;RIZnR%|jv^1Ug}u%j9Llu&(=_b?c?oJ&gR#+_`5R zZ3_4O(r9kNl>?+Arp;ORwi7nE>Ft}ZHT~5`g%)y!^-R!8W8z^^GYo}WbFY#I+i5%F zwk^YXPKFWr-Y+FqN1GR8f+ZSH)riLsQ7IED-Cxg7;CX_)Ja~pcUKy^%76%ogWRjNy zrhqtn5rAa)_>>12^7c!kRwCV={$Ox=1bd*s=Rxgv37&Mt$XYl>U>8AbcilN$R)Ut- z+r|OS?6j>KaIQQx>a5C<`5-BQDD3Gu9RO~sSYEsBWhGFd*cqayyX(je*@`! zmT13sJ$50A+UiDZD+nqnoZxDiw0_V`n2)Qnpc8v`pa2AuMvIGhNdiwTWzy z2+Al(HSCNvHK(3bZ-7r@qsd7kcJG;bK|8yF?>#gV({H7}I@0^(_xowfc^#yDjcIwH zU8sDom8Y2??ePI-iE4mnJfAm-zj4n;wGA;;pk|tzk19}xaQQ3jzqhwyC^2=_{NaFY z!fNN^i`D;C{P%yS1m+(@$U9t#&e-o&I`T{rp+W(}4D1X#o-pZIx3K)Cy|VOc%iPsa z3jjwjfKZ3bKTU>cO|EB-&c5V+ZLVQ_PN$H$Y$U7y5>gDp^p54u<&$*1H;w7HgNkp+NrDII=*;hZ%+3?ygvFaxZjGtV% zLpYlG=L7w>N#NTrbaxf|{4W)wG(^{cP1s;BbJy^?e)xW|mKGUjCyrxFLl4;DgoPI% zioM|`?m||lTrD88dQif&4WGltdFmtUs+P1 zyLpT~<*+r^h(QDAGK0zUOW8OaGS3#Vk9|KIoo^)Y(fQvX@_*dxzc4rc|9llcT5}%Q zhD?YO)}juK4x2UZZ|~#}m`Cr#gzeLWbZw)9i%OU(?*8kjKy{T}sZ7XUs8mVI2zdrc zWw-&9L$VxQF;8^FhX zI?-mtFR_ASrfisY&68Q_po`^CDkh;CL3t@>iy3p9+1ruv1iW2b=7AdH+5=Q??HMtf zZnC{U!bBLN-+R-7de65A$1tRNLtuCEUPmX*7x^2nT{9uAGyDHj61>0NE zy#^YDy+)$v?@N!`G9=ZzqImO7fa+WOh8mhTZgzrOED2osn7IaVEd#IqM1VNbFX-x( zw;m@v%C7!wk7B-YDl&O!>AKnrl{y6{#`ZRC>2GD$G%<9L0}eJ;eMSmv8LA7|Es>6| zg6<>ji3Xksv=@uBWN#@@JPU@QD(5iduPE6mMQm)`t%qnE=B%Y=CQFB0q3C4o$ZhB< z5gM0#l{}QhxIj#XzIOJz97skPPD@52t*c{MS7PNE{jA3i#nWZXe87i3l6K*`_VJns zNBg&hw{LN*R%ACtdq^UsPlx4pq6EXgTddm1SJ5B-?&a{!ROmRWwaC?O_}u@)-h0P2 zm9G8XI68K85CNs=ND&Q9x_|*4N(2N95K3rDC!q+TnFx#pq=umcG&H3pB!n0sK!AXv z^d`N7bV3P5AaqaW*=O&W+0Wkl-TORezvaBoUy!xdCs}JH_r0$Bx~|{vTQLHnC7!2f zYTk?21yEbeWlUFvl}QmbG&cH3D_|+gQ@rNN&+|IsuDwfii^4?>0EU#b@N=hWPx+8Q z>L*LbxOlx!@N-%L`h%mzAYWkMed+hwDB76%Tep(p$sxNT|3k25#j9KWcJfSeNF;a@ zU*KqS`U#A@*hNK*h*;G560&Hv88SZwq|o4=6K{qLmwbbV+-Noz(r4|w`*Zw6Y-c1U zme>zav}2ky3|Ii8?kTqH=D6A%8@I7C@W^Ca!svDw>2uFuh5_poJYjlVt&hg{SrZyn z4qSI0oQ-qS8Q5Ibz2j8ZiHq8Fb0^{=8U4U~#23tR*m?LUQv@b4yt#4!O|wy-X)PrO zji6It2G8%y@=Jy&)VPib)u^5+>FlnTL?{+Gh$1os2DfbcsO(q*mdPSQ&!2h0Gyy4J zcP+P5KwM8^ft>T4#2jNwyNxA%XmkTZaR;7}v6DVw?J9O(;<|4I==yh%u*pgHww5l8 z)JVjbJCE9K*54&W+dq-^S?R@1`dr#i4nl2qlVlr9<#VwzxEqWxSw;PvOmb4DRdn$? zVf9Qcq~WK8LVE&j$$`5yfD=i*f96$OL7Vy>aO@k$HQD7w3C^VwU`TzbVwRGWO+DVu zOFv$h(}TX29h*svXli_DE-Y^B6FyV%V!8mflDdKwcexyVY55yR;sw?w&(D@x8RHtO zv7-935t~8P6-m;~#j{!DkqbBHC#%tcv(Mg%8J#E{O$j*Aco*{c_TfKAeByheY^`JF zn%h!Hz+~|9`uc%k#>@C{^H@%vkBJ4N1f!g;5|T6 z^2wyhZye1R7A}emSYFwekt8v*HGW2MB< zq?!xjT47yjH|x9PdZMW#Xkg5rSSb)wHYdYx=^Mt#c05(=#>wRp} z-7Gq&jQYlLh-nncx3{1Fje{)wjpIG({r{=ETThfP_4O-FK73O&C?)5FOuzuIt==O}9X)`&m10UDDwsoRlEts{Q@kq1e6Dv2*lO5^?V9-H zdEHVqMT6>kKlL!pX>+M-5$&gHb*Ub@t<;xyCViOcl2kSV(pk-7z?##}aj) zuyjJCb#_AnjKw8t*u_1fFA-+GCvviz^Aq#x(j^FqW~SopXJdsC#nm%L^o7MZ`NgrL z{PZ&@RM~X&S7h4N*8a<*9@%WO`mJvq#eo98zp}@GfRkr#ru(yYpgjjv;O{I^j;(FV zX=%m9_^|z@5@$mV*G;Sz(nr>b-bp7<2beBWF`uEZ%HT06v8GHk6q=54f%W~gxi$sI zaObg;R#^#795;f5I^jBz^nrOHiRkvJX^FG0o1fPftc z#K7g}ZJ)^<49K}Vqq|7rJsjX-NmeQ*ye*%BjOJ(A>>gR?YN5#m1RlZS4uY>lQZ83srtrJUF<$Z?So|u2EocMun>tVV-De_fuv@$6JM$PO6G;wp&zk6U}Cn z0D+lUvHGF7?snINVlN@1XD&eNnH?yB`KwFOrQGrkX0KXp;dZG&TblkI{d+UR?vI^- zdV$0ACs`Bt=k%zq;qXf3^o_%a=VwctRBTf8tgtY3z?RRcAPh@_j{VSMdoX%4N%uMf zeA6cVgVZ@oGb?sZm2@$0qx_mmTb68@H6Z~dAIYoAa|Klhk)De15cK5R#u zX=}2TB0Z07r8S z584qGn&L=dvj8cnk-&ZAkO_;2iw1`9M|G#or3C>dq7<3bxvNRcvpl=!dQLk_B>q5m zeoKsL=5ZzW|9Ol%-B~3)Q$kwesl2+4y;BGg7*YQaauj+Ier$ z#`6%NeAsYoDnbplr46x#P@cLR{!k-dsccNaN;V&A^k6NB)kcUZdYooRdKrcCm@uu= zLt!g3NGl9jltyKn5M@u*R7)R?Vl-b#7S%KMFM%P(*QdxI`yw?jWHo4W@Z| zy85Nt0~}k6eK3jr^srs`%`YAwg!XzHS_J}?{EBn{{Od9)1Xyx4xTjF zOYZEvy`7tIw2B%>siZYe$Oj0E=Y(7#hMe?bpW2QNh z0Pk=Q&d6VgaKZ4zFLF|56tQ`>0c8nEEkhKlXUut)FDIsa^iBMq9l>TDB zoZdQF1b;;`4*+E1;LEBZPp2#@1A%NN;=5r=|3jx+{*e{F@?g2E$~n>QXJ8cmUY4-% zqln=!wdWoSKPj{^m^0~fqkQP$9qUg8B?H&r;C0A3c@h?}T6Uk9S z+&xFgdsq4FCgBRr-!T5>gx_0_crrGUK+*j;{7KtK7FsD|j4*n5z%}e(#?pWf9fUHb zwrkM@h4|_lVdGMYKyLne^~Y+*x&Y-$!isnnFns$`j8_g}K1=TXyCChN0uB5Hj|4F) zvD5Bc#n43la}pO=Fd9<;Q&F+yLz^T_y z09Ca|#g>I&+`rlUV&SR?vAidbMcP={%$nq~$WH4`MK;@+oQB^*G&Ekziit)zSak6B zmWD}SAZ-B%jL-7-y>{p?*bLHzqjpk;YQc@}v5{S{imU-k$zQfU#fFZ!Mi!PRXJL4_ zAY9G$-aRSkXLCW5vitX$gTT<NlcVTAOqPnBY~L<4@b`?YB5db2^}#% z7W~>dHzN6oAXk+vKSFaaW)_TF z3VJZ-i#oeL?o2J?ViGnDj6&P*V(=L!D`H>tsXZ=oHw>y8UgqB=lqWc~cyRY zHjeuRV(1h<`qy%G^>d-BrBW{yb)CIxk56j=o_@;6n?(vZy;)+4pkZ9ZcSK`8|6A0@%U@GdGc#YA z{eBg3>e7XWxX{G)Rk>@KFxhAaFbNK3M~`f>pwZ80C2!U^^Bc$Zo!F3v7T+i8rE`1H zm6rGZX8l9!a!}R=yKCXt{_Oj|Rqy!EGvoi>Eh((ml@dq$y_@~8!%1vPl+@p(L^U?i z8oTMknSLte3vd=^zUy*15|d|D)S3S)=TN+1P35Zq;#cTkJcief+Ev7cVrk7Y*mnbN zwJ}qU`gz{`#e@WJ)`P7Bh{y9gL*_g}%mGecuD0Q)t?neWGY!8EAMN%LzXfbu$)i8{ z9RcbX2HgvEDke^2Du#Y9kiMilWU=AaNscR7w*Ngb>c5ZwpG2+yP4|b>g>1Fk(R!=) zM_k8n*5w|y!uvVk4?Jm8dX2&o8SNB zDZIo6Lei{wHZZa5Zte#-pGS$NuIcbV*t*IhbF#(dbvHv1@{PklVb-AXx~ej~EB~-S zEuL@#PBks=wK6>~tE;RHR|CoMQhD~Tv4uOcFD5_R{b-M+9O%o-Ozqe2V>R^_mC6ag z3^$XDGMxHHTq8O&W-CXazdHcruDN`>vwDJUthW>JRMW&9qI=8zNhQ^$2B&w4G7dgy zirTu1dh>@-b))%e!IyzEctx?fhxBS#W1jW229Fl;%`xS-ykXhuhCO8Y< z8A12iJZK^%4Gt2;YfiZoDuRcd=&xcap?bOeLPWf9dMOlyNM|F+sH5XGlre zEuuAMqYpNhcYTl*)NH0J7&9GwWEQh^R>p`LqDQq)&&1vH6X9>l%3`c$cr$i-9+ys>)oe)E6dY%1gtB(xRI=fefnophcQTlBrLv&`&CJ6yRJv z5z6Elk*JY5i42s^W-#$kp^&a86Sav}mf{X#kj!x&YwyMy8O<~S3_p{HFDKA;oq1SP z1LMHM5T+0|GpR!LNa58c#9re;wpi@3qeU?FGLKQ*&7LQ3`BU;{hF z9FPwk1Zw=$s?n(3?x9|Kt4A9vzW$}<#w14py%k_md&elQQ&*t~usR@{C!T(QVv9+G zZ_CDb43tE}>nx4%D*AF(W>&gd&3?emk0E()31MkyRDWHTHAPq?8~L@PUD_665chqGn+_x-9s7#f}z8@0;?5!ni6#Cs70oG@+x3R=neqa}r;TXn|- za58-WNU*_Ph@4KN#axbqZG9%S)yF3?ilKd5BdPnRIZJR~XCoIKux>_9W0%%gne6_; zQ)7)g7m^5Wwx>veVr2oDR%@65>qs>=qndja#l_jv8}aDH)%8cYA?GOr<#Sb4kwI)A1`Z38){;l0Eu@ zcVv^C9(%s-_oqG#cHFv3vvPy^I1gDV1ci8nVfcz7mVKK*>k^SN zo_>y`{c-u`rH7t_IY9|OzQv9_%3YGP*tHOYQI|ln;8t5cTI;Va;iks59Cu$aHO7@c zt?oKYJ;)xUN)@z%IIAMRPY_Ee#D#`840LaptA$aylL3U)CPLoa?ti^=^6#ZM!CSp% z;352MnKj^TPEJltm(i_G5fOHOvotD|-U<^25Xe5lhXB21f%i$>h+%0SE2BRj<|v82 zHke9d`moqGCG^l>DLeXCH5_Z#2BG}?W(2vbV)8twJ`5st+FXSR zL8Q*AG!;M~r+)mygXz~7|Ch?O?-U2>$6m5q4W^F*_d_2#as46x%~2T6s`0?|n`=px z>l@ijS|+*0K`%a}bk=PzNK~Bccf_>BgcmU2&`MgMA%r^}^26Y6`tYVoskKk!aVf;q zz^H*t_{6K6v(oG}3Y$^uIL^Y|!IFQ>Znfq8D>s6jqW!A6ni z#K%0@d2MY*>E}}V1-8G7_2zybQkWo-_9GZH=DP3qjf35I_;}?nq3{>v&;RMN|6LpY zhAYT03f*nB8Rx3wm)Bpb$f-Saq0n?VPq-jv8TTZvH1C`arPZgDl^V5uyZ_7d%;j;; zF~dUFw02{KsN1V2``^`d>tjaK2hOD=ApqJSy`5|f(@Dd5n~$Jvo1+DPGD?tv?@pI3 zB=xM>JSul`Gf8Q5MtMK! z0qRayP}|&$io+9HYj1iOQefSSqVu5%K2X2GTMiZka?L51*~h!Z{A^YJZaIce(1_mR^9{ z(@qEEtjFhj$miOH1lEU#@e3kpJ~R_51l(D5z2|y%yb^FxI|3RWS?!^veV;KWDmA{m z*;Sf$t;Q#no8KA4wp$gDpfvGU6^8*_v<1^D8JANJ)LgM~)K+te5Fba<88o6L&hNH#cRjt|Oc;F{q@&)<|g^@>e1X7I)W23g#5K zuT$J{cUSo_E9FXZ zf=cDz1YQ-%EAw*S8PpTks3lmQ9*Lgo1-APdMS^4tU=8a5<|gJZOm*4%e^G({zVNT7 zmGyn)Pc``L3I{Iwo$qKh0O@L8wsKm!sAwl|$jaB{hHma$ZnjxDX8g3p=Es#JPx7OF zh?z*{&ansdc}xzKrw^u%@6B1Gx7^*;Hj?GxYM9pXT0Z8vz6Knb zP|;RL#SVEqwiSXH2-y!=iu(2_Y+RSI->er&odNQmfUeJ*GGRC&n`@Vp2*HC@Q6X8o z*>orBG7JB4+Ii)JpB9bLAwB%@hi;u(T7zr zKh&|sX7)Evvw}>Tv4rS%U%Cy;Tf3t==|1(FuR8dcv=FKB$C^#)GRLK>gegMN9+P}{ zh#_()sA23J8C&IbeuY5QXaiAgR#v|EIjeE0v=7Q|e}uFxNp%)P#seNNS2CnK%#0Yz*lJ(ut$seutMvsKtdD_G*0Pus=(7Sfl+rZ84+>tK?Zvx? z>M3eDm&`R?5{6;N@vqH6q9z)JadC>IIOv=M0@6U}24x~m@ycl>l2P6_N3TEbiY|!d z@0PknuMes7RLn=@#XA!r9r~SUGpdcC(Y%gEXasi-*z_~%*`VRBvcpR&sU2E6LoD6h zbMkw?g64;;pHu;PCP|GZ=C>$~!gqTmQUpZ2jE1ZWOijl%`9?-{!AXId-q!NhJ1U>E zS*DkNVA;l=DFvO6YqyjijwL3kKrV`U%v>d?(ae;@Po~|io)&w4AFli~8%fU+kZM_v zM`H{1mEhvE_3my+$^1*5Pw{v2`m&Z>8Emz=4_#I!C)`*qe&}e96S6vj>EcOCOSsgX z4~^K2U@Ujs+qIb(ohxuHQ*h&B6 zR~>JL9jEFWAmX*gg)DXwr@_RJ384YQD``T8Q{wyQKJTmbj2)kul*Y!ze0KD`&{DGP z=AnGe60Eh8m#I?{@P6HlP2r4JButrl!KNoM+V>LlZ!9A2>|M7!lg(IC7phdc+U$oc|H&pFohLHD0k`HP z7d;_C4A?WO&gvy&{tNARS$*&P_Yn zUNF|(xwy;S(;yKHUje#yanO#&1HZRLhC$?5@=Yl#6#Ye#(z% zGb>jF$-mHsW4K24a3AAc#b1~h7k{YmZ`)A2>-uO1Ye6!%&K>!_#%kJ+Ua1JB07;>a zD1na$lX-kE0@%v$wl`yP&9)={MdOD}38V%E#&s!`d-JL7HqKa(iAtwR5TFtmUdbw_ zT34oIS>oP~@a`(S)Ll}PEE_L>=(=w#6R$_IeIeC1mbL73;cEPB8GJ8F?|Ff+IqMCGP;vIP(Lu+WveZk)5cp9v$5 zElIiX&9}`4LXuRyX-pFIcqKFUkGSX1UdhdVGU7rnu`jPF zqTYBVqUk_=O6$N;;X8Mf)|{f7BJTXJor;mDc}H`FV#gkE=LoFVb5JWUl!>wvL{DE9 zKtf3nFQ0((#}7jna!Ma5pGH12sBnB0MA+B09D;xnjSUoqJTx>DDCU~8_05=qc^G15 zbtR8A*V=3;{mQ|m&mAsQ=p@^t&;8{cq!A2~l$y*mlT1e-E0+}^keixn97g>*TM8!f z-Gf0w#H^OpCpA?CFx6Aen$bPRs?=2xOtU~ofxU7L+DBq|bh&xhYXil_;HRsmM&d_N zJ=|#XZycE!3uhbzNeFCYzAcoH9y*C;ui8R-VIu)UN^xxINBbolR9e1!lALa(?NPO0 zq76KsAaV{wd5D5eo5p1LqbJd9(`L=Xqs}Yt0uSq@df@@Ije$)IqEYO9^B%b*v=~H( zWMjRik{@|gA_4Pz^1a&MHx?BFNLK$rI#w!FzqypFw0~f^9wk>?kY%xmJSzr~D9WvU zl0o%1kifE3{Q(lM1~LSA_#^xG#_C(Or_!jgW@&(J0ng1JZ{_<_7Nm0QBuS(Fk1duQ zdad-TEUoD8e&^rF_20+;pK*T@3l}TYRuX6Z292^=R%qo?cTdWX%|8A7l=g(ST96bc zKTU05&X!F%fMv%Ee?4yu#zs(MC}6h(HYmGPNCt<;6`3`kr`YpuswlYIl`kI=0Jvv&SAdqES zNE-rUJxgQ%Nu34IAZGAB6}vOvIFyz}J;xg#G^5zv5-iuIhWL%K5( zQ<|3WK=myCqBIfWIKb=uYAnZ06V(J5va-=N=<38L_$t~-MzDMU!s}TUslqCbXIY*C zj~Z56&=rqR&&xj~z@-iNc>exUTr0RBe)4TIA%k%f(%J(iCG$iDF8saNS`E6|S$V1XQQZnjzE*ZudjJBTlk$hb z^k7u8bs6}1cb&%OCq47pOy>HbkCNz8ov%W<+JV6Zu%wWJQnt?mqR_y~ob524lZ*E) z>Nc#Gh0diIoKqt?`DA7Ed<3I)X3A+9_9{ltUf!j^g_!AVXo`!z{^Lw|)sVI*sZy5@ z`sDalk6_Q1$y(;y{#1>h6!eXZzr4Eo%Xk^vllNT}wqlq~qE(KrSuT$>3==nnAJ}hK z|MGQWNPYNCVS7yd8>nv*7F%b1^^LWCgxeIs!M5(+T(3F?WhEK|FPr9KYK`;Ue)>eD zxO=^d)8ObcEU&g8q^v>&ZdIdL^##HbpJHlc9C!cW&X>B+77s(C9T5}wIx0SVZ0|W_ zP8Ar>aDFutICAvjE4Mb8p!y}xh;=0*CNrIY#&pzC>L{8bJke%#v$FJSsftYzH8O`q zI$LkF$YM`RNOeWqvSOjVVsDGB-Pbo1Oo`{=g8Jvr$y&69skC_MiE~1<#`%6$;T!+% zy=TGaAUurZR5fW53I0+N1?+_?3#-0f(AAd!^MJvzacS%vePn9=*a~9Tv5fEerLS=h z`-9~(;BB}Ox%v`SfIg2Sj~uvJm~x>p1#(`mo@QMIM`GAjX@;T7!roSxm`PMFmr2y1 zSiQjArX$7bk>X%63H}&I;Iq=A#SVOU^yIH~P^N6E$n9cf1L;n?^{=3JEwEV;>v}V2 zzHfKYIyncw)sNO8Z{sV2Z!4C#Rqm^H(VH9uAmx)ZMKj&F+PlSl7qXsqyDyb@5Ji$q zLp0#Ff%ZEl&-jX*l{_*6Az$-}R=MdNXlKf>Q)ZjrE7tzFu0mt1v;R z=89~$6nwpAogI0zf5*wean;;Jm};Yzq$J!FIYV{SVwz=_e)&9nHD!sH3{f!m;nV)$ zmB_kF0QYpS(a7<45k}tVY>+<;OS8FmA!v=0_=pzGJ+#jun!gO=qo3xfF2)om3yaYXt3eHP zLEu8bCCuSe^`jO)8r<&NHsGNsUtG&y0 zS!dV-sjHkA>!F0y3IWmwD*F+}-H2QzJLRF5ic+VG=nz`#ok(y3THaf zibrh-ZGAOJN6mC@3ZfN{Rdm1>j3YCe`>JU;ZK}gwlCxdoZtSi?7`p%E=+m5#PqN=Q z)|bCi{VbsFO=)5FDNXU2P@?so73lI-UrZMW6R=>2AXEu&a8HYFhm*~5P?e^9ZByyt zi5_tIY3C1#9$$SoUQx^Ay2_z@HpSG{KL7Bxqq$bc>Ta#a-V3CU)-CbIFe=5YO5L=#&|)|9)O z6A49HJV+<#y%vedf6^%e?xb;t`ecFmBdajuTxz>6b8CCzZooYsBy~i zT|nsPgqB|I&5BElSH@_^;&KfG*Eetzay9_!yiLl{H*Di!Fub7vA?$kx5GLvPmy$Ex_P2SW$RadUM4D}6Gta?M_}dY`$)k%3Laxczt; zJC~mB9>eqkwJkXtL^9%Yt#j~Doz%NAM>F-NqKbS+kzX(WRFN?PSRID7DtB|v41Znl zOELA|eL3K5IrUn?%WRlJJ=Y~Gf~?CkB+ZAIbi|lyGv^^&Cpiug72B2jDy1b9%7xyp ztD@&|red9d)TC3Y9a+ZejZg+QPu$Klb#-pesLpW^66dmQ%js1$ADmixq!Az_2kEy8 z44X@A7_jc|t9z*Bu+!hm4trAiI_Yz{P>ziCzDI*2$+NwS8VZAF9)=CU?c|-SxfZ>3{mo!o=hbEH^aEt62Y)J`s5>}r{%dI|0X23!i23zF!rI71gn%j{T(9#4r znIAlUuSoS;hGfK`?n#|dkr*bsPilQ7Z9beCd5dS>VO zT79}$uS%ahpC{>6Hge8wm%kKTb(gy+(iB$TITc6zXoAsXeh9ED*}vE5c4PRg)QOfeS7&Qw#wqFl*=)Nols8vgM=mn2aCZZ&lPZP#AGd z!DAz$Cz=tK=OSdxk;uyzEq0K*>H|v)j0G3qt<~<)plisoOo5UuU7SXYVV#)T7#}UZZLlP@*X%qaCjFLFyfg;t`yY z+khkq;$p6;S{^w2wsPl(jT^%fTwN_b2|s+0t?+x+_*0>jV%3;o|Ml@DQQugG1DHz% zH9S2z?(;NTQ4_QoQXyDznbhXBDcCvg3E6}NUts2!SS9J+){x1g$`8}%*D-i-}HFtq3JP*O8z`srXFp- zDfw)$uspu%S;Uoio_J-QgYSNb~$q zN)27rAY9Ky+05K!s%Vb~nl5X7_w!LgACNXacrYY0U}nHh)jWh^auNiq^gR(3p6$fq zx!o$YtLtCqriYQHO~s{#q;jKYRyR%=Y_jW=+0@OEG>^?M^MeeOZU$g8L50hvvrxin zWVn~A&LQ{CXveOo*%0HB)G|L%CiIA2GFSu{kf9|IJs>vOGO-bPy$TCD8ylrThsUqGu%Rd1gJW==x5>IRv8MU176CEEgYD>85r&34I(<|Ldp(SI~F zn(-y61tik$xt&w}U_^*=X4o81xlZZh;T+d#}iHLUIOAl--lLRpK~Mx3YG6 zv=KBE*b_#)@HRWLsDO`>+I()K^exjpqCUqWoZj^2K1UCf@$*8jXA)>GtolPP`ps&F z?`x&&`j0)D$wiA5vp$l*46O`AyE%M}bd# zV~rnuZKf2Bko}~zY6U7>_J}lVI(X%Xdcvwm ze{2iky1nRp3SY*H8{iY`O08>8fLf_Bl1h3kh3;KvuU%Re>t2^9QP_#~+#q->Bf{R|tJ^1YOhHKiGBu?>q?v~7)s$;ir+_6THO&n9Jw z@uS1G14Th1AAM|;>m-Oi_tg6WnwFw-UvH3TjS3XgE@NGupX$2jWBA*wWRPT3*NelM zZz8@7Z*KU`deP2g!j%R^$!&z?xcieAHdR1U`sd>Bs%hhidXHh3>U2m*8FNicQ{6V* zMi=L!ah#XszrJ@$b$BLv{PXz53DLz|swPmeDM?gEWznorZTC91k^i8{Y>mETE(;#H z@>%F%?>^wOBv{_VrX^2yNDb#9X<{H4U*(n>nJ4J2)u$^`22T#72I>&V$0KpmndM74 z6=9!5+t#D5T1_YM4@h;IszzpFEbrIJGVKffWk*`$qMF2o_M3-sa<}BoN33Wz?*>uy zg1T0D-`Kpmg7cj!aM-+!!MSe#B}*PvtM0Uu(Oy1eWJGL0WE!4Imm9*j``rSBOhxY zI9<|cfO`L+z`kK8JUau8Es?`f=NGN(Wu#uxA8SpPbv@eBQ!c`|o}FI~oipQK4B#O^ zZxyl>5K^}=(ivfL*p#|>#|VnPUc5%~_OcI79~^iF|NPZ!xY&E7Sg8l%k9LLQ zu?Ho0AV=E6Ozqk32i9#RU&lIUGFfX!M>q~e&j)NPHEV>k!_$FL*Rx0YMrCs~)_={R zehm4$yWRtg_4`7qXFb1he7fkhtKj6Si(F>yEsbqGm-@!x9DP!2W66$^yahj)Z1@Mc zQ8u|K%6tE{_}38Q%d&Al%fA0j6Ul)srQy2f4ST6a>u=YSn!@ zr53FNRDomj*c{xN$QPt9E9vg$hD9;e=1m)Uou?<3VokEq5X4gFJ?iLJT4eu{}k-Ks9X3)9;Xi|;JM>pQ261M;>pzu2EDrQ}VI7%v(xb_wp08Eq|{v24bpp_~Wp%cZA#MOXmS4kC5zQ zE0MyUE|Rup8AxAJ+R>ZJjX@2wM4-Lw9!k~~k`f43ZmE=(%iG*qLU>jvaM~sZXeu3P z<}<6J$~O37E00VP*8$fHd|5__v=JAj)>=@<7v&!pwtnm*)PNyY&}e@h1FV5~jaudCwScscU!~do;Fg z>9s$eqgrhLYBQc;CYET8h&H*msxJ)+(2buAEFH+pBf`}z&sn0}Chc{_tz+OL-Nf#h zOfn$#X(RBfTbp>)mTul!8nSFkNlLkGA}h~ttpiYhOVWu}49kzZaG<6#Vc*aVqX`FO zwP`Ddf^^m(@O`(STz!I-YNu(|uiBZ=OX2uf9lbtb6)y8ot!Wi?$-}z7rFwa=YwPWX zlu9%HQW1iH3-zP!5CO@n9fK#E?!g-b$5$TTIaMjDmXPP`Vd;Qx=ZgeV`% zUtjOR5Jl6nqZB$QmxXBu$PK_6b7Oh=;u&^Q$0~kE{ubF_72bQt$s*0Y!dh~DLorcb zFfAK?x>MGUzeL--G{@v+04^ku%RKCu1vNllA?tLhTkaj-`lW5D-dyZgL`ln*_{2@@ zoLjuvqZuVbc6JxS(|A^h(H+&EHgJFLbeZ}U^=I?ynJ{e+1xZ5lvU%hD)y&d%Fu(r| zZ_#`1#`M;-!0EudTk}4dtD}{rr$5Or2yWFOq6U2gwDqXYZ_2^-5F_EtwH}KpZ5V+~ zwh?Nclidvtb)!?5FKo+6;%@ix1Va@AUo02SY3b)8C~ z^Ri7UZr7$Tk1?xSb3Jjih0$r4Fb&n0piC;U@-$V81AL%aA>ia0FmntDx zYlwm2d@^x@hg!}a_unc$WwTj*2M5)UYy4%37Fsu^LHnhnC1Getpc5oYH_%#A?VyP8 z6AH`$xNE7{=QW%-+8K-oH~a#x<&i{IicR@Erh82-*`!s(P0UxKK0wk^Rjs;JwLa3L z-D^u~n`X$Dc~dNMRRGh`H$<7&Lxy8aLg!E-Ao;}gb%GD-aT|sahN}mi$#JWbNviim zjOYwar>E1e_w4!QyU7cEE?{`w@^05d%pEpbp1JmAz!3l86jxk*tjLA#bzxCT<`q#_ z%&pTaH`pXRNsz&vC-K@^yErja98U;8+y3C|mCn8Ag7t;XQnt#8{iMDW?I%GP$oDlE z%=wH;y!R>+26r)r%cZ@21m|R#w(@YMs75)_GI>df?)D*12JAgNAl-}0KWi^Ox#}X(W3tM^ zJQZKYr5+Rhyi|W@v$$(-?UY}yFLN=UWfn-X!i0!(iJuyoJ!J9E%;5ifkNNE(p!JP| zgi@;Y!Ib4Xx6JMck*RMz?qP(^20YjnYKdRVW2d`PgT17tz3qOq zL+8#{d4J>h_!RP;7NI}?v#IJ;FMZ$nn8_}Db9>f7L9nf+pL)4k?slCW@#%x_G=5k6 ze9YOsGsjGsy%=2Zf1~f)@oyXrp13}c@7T@e4e#F^-O6}5M80ucDbKJG>UuIM(^LOj zDfP<()SK>9Wze1o(k>7BJP_R%+wVKN0Jbz;iK-M7dGZY3kd};Io}2dLAWbIwejPP9hZ@rL4TncH`vT*dPBKe1B1Y|F^F9 zKeinPGso_I<1phao>xjQJTsU({ScoNsjf1g|5Od>_>JSBL&xL&QQ}}#Zg9SuZ&#~M zeDGlI^21zc-`94_gs>4x#=&x27f7tLTJ3C0fnwz_`nhE^Z zer9Y_7r?>!u~v4$CYr!@O^0rJL@pTSbuL_Z-Bwq=xX!t-X971-O&Esq;rac>l?>!LwoYKx!{o`2k79p$tw1@so?#)LzlOI zo2+jA;d7+YmT+ggK$Dc2p~VqJ+JMt$GJg?nVCrjNYZH!0dAVd-FgHIJkbaOPF2ppP zy#DVzm%nq(C*da5jU|?QAiIOMuh=20VP}*bmGj16dfzyjY$~k~ph8ZjS+?>DdBrnK zs}xmN@I|y(cvfsR6I%(O#rU1_?T<0=C@hFjPM|e~;-B5E0FX4zKZ=_`R2{vdSd_=( zCgX+%DJ3z*jLkmZnbW6^hHl6=EnldxnHPaUtmjdC+dO&0b!#LCZd%Ni^)w>&vf1b+ z>%~&v32Qq(OD3P%3!+tUwHevQZ-zEZoEK+%+p}mRQqy2OkpV%Z6?14oY`Ih*9N~mY zVIKm@^au6hT!r3EWb@16dvmVF=XIS79qoP!!3MqgM}tL|W$0T}qv1^6ckUyV32x2` zvqVdyG&@ZL)I%rY8b*QaM|q3ck*x6(k@qw?yXYUmbyF$2@)b4{lqExmhu=9dMeCrE zJvC}nMnkBjU|g%f)i9kZWvXDG;$x8T4iDe>?LWGM{G*fkf5pB_QuUjT8Lj(wpVa-0 z!QX)$%GAwI2C9&Q4VWeh-#FynHuuV$TiScv-5Muw449=RjWR@T1qcQ;rQGgTWf5p~ zVr4N^ZfLQfRsPd!ODL=169%V==DM0c4V0^9JEZaZ0r`?7%-0f+|0!8;I{Fa$un334 z&wtJy{OS8eb}L*zDO!k=lXIXA$%Ed!WY=`>T(1~%f(XUze%A)_;{CZ~ zN=V3dVV2Nd9bci)-2{kI9`2%nBigS<;Ff>XODNzj#@7&P37MnM&8qVF;P#e3<*teD zW7#VFieAo|r5QWw$A>Le$(9p#njWlhV@I?`UBhUt*OWPn_4NONNbMirg@1N$tqecz znT6lk%bh7y*1IMjEVR7Y;8AF!F~+43;SVxxLV!_91j< zFYDbsrAD8k!j1`G@QwMZbf=|VtvQCyYS(9G2)}^oKRkgW>=q)S&j(pmGj1g*76&bg z0XJq&BLtr!%T=a%3-Z9heTHp35Qqse2i3vV<{Dy^I&#jnYYFO&yReG@S~VwA>SbSH z*wQjEY`%vO#iMo;0)cp$>#g9!XO+2PM$fY-WM7o|f4Fz;3Qt$Z1wxEAt|xhfz}buV z|1cgfA1mUtX}Osp(lBdS@F(waqd&S1+&%>Oll0KxPe=#Ann8ixdEGORen3v$L=`?E#5+yFY+wj+$^4T9VvO7_K%O|wpzrc<7 zd+Nu30X^~Ox3C{f%j;K1KVTVXcU!IVM)73wBxPnomLcm(N{VV@BJ3=8L=%C))=bX( z;{vsP5y#45(wSo=X|5FL6-yXE%sLihr|IBeLSIt}gj=K%2$@%Q0@VY&$!eK&mttsR z;}wq%Upb{(V>f?EiN4|8L5`|BomPhua!TQ>dq5wRXQim=cEb z}5q2~DI5f^R(YoadRjX3m+J=RNOxoj)f3TDjM~?tcHi-_Pd_dUOA?9&7N8 z{-A8P&9hi_2E!~owN^RYF^|!f!xTzVJC_NMT=VNMiME6eoCdYlZ-FT%NY!dr+#m~7A|0C6&Qa1W#^6V^?%by{B!=0 zB#VEfw`ho^BUT12vD%kQ9WH(xsx>TK61SFJ)h?fxD4Rttx7CW*#rY}~ij5;;i{BDvJoyMpc( zhW>yaI;UIX`*wVwvw666G8s@ZdY2F9-#yW?hOE=Lp{7%Q^281uQe^Ar6DRQXKLbA< z1NN0U>`SOFlnmBvZLYQ#d0Oc5hiuXNZ%0D;8Zid-a*b*w-SiHNz8CPQHy}(=@vs~r zQ&I2fWE^wR=yM#`FGZ{aSta?rv+8k`gS}-H)2Hvzcs74hM!M$LCi3loiD8=_k9u4+zmF&jb0i72 zkrZ&CFWRgy)u2jt{zQ@gehLfqYMlyx6Da-LuZt1CSGQF7_ByCJ9POL^)zZ6aNWm*7 zdkOZ$kx%7^-~AM;DW$3+;^m{z;yxWn#c6_Xer7vO_(T0_?91V#LSC+@XSZM2&;Z9b z@4<5K+5DBGBu&^$7S{F!J>KA3FItpQyZ+$g8`M7Q+B2N77PWh<5O6?7Wi6=bs`yS2;5Gkiir}wPJd+uou)eUbSO!=G_1bYTe03sbtxUP%gv(q z-D0xeA;5_gFP0XOVZsJ!tLZ@$`x#;)#}C%BBn7_9$9gfAO)Ds^c8`k5lovdE&kWz{ zTu-Kw{vUnsJBpiU23Y{bi0SjE@MGGob<}97M$ST(_jYNB7C6>weCRRT_;9%`0nm0% zbE#b4Isdc2t%9QTM*0XeU*r^VN_TAUb_t^_nq6G9_)Um^^_P8=t?^+4muiO*_8R%g z9n*WwSvbW)P4`6%+!J$hC|lUr%|enVk~eZ{`rfpxoR#gNFULlhL0hQ7Lhwso*YwIk zsz~Jo?i$=DiF4ytJFw}*3L*=$2&FIbP|p2^a;cvU*Hs)Ey05BlY2;TwOID^1#isM# ztJK2W=e&^zla;zk&MR(dC`R0Q8b4JmW+lm{L&;@GL9R#YGcQ`2+)Jy=^n#vum{SKt zOBUt(95X96Y&#DUp?8O%$w=A!Y2J~y-aFNw%Fr)zHOSn6t;a9)Ep0dLy;)uH`WRl1 zB5Y->({@p?NpL?gND;Q`;t(N&t_fumPcXc@Z2ZcVl=ROA)nz6fWM9N7!WB4Lay=A= zIfPOLqiy9Fo>BAlLe|vv&8N$!1^1Yq?HBE<@&nqR(+_(=hl2X9)Zm4}k1nts7m zE$E@Yb&ZKW1|MnO9XYTt^O;-zq$#goQ3jN`?qAvIQES~>)owXqRideFgl0M7sx`Ba zvJ@)VafBSWddaHVywNS(si&r{;Ir*9N21XNPibvna*pU^4_J~mTGcl=zkj-FSXtN& zF9Lmhi(`=APwcr%7*d#{!#WA=Zi&A~EOA%_erg@-W0tr@`2Nwp2BYrk2~v2~m=WA* zE%fG`WQgl<)Xjm=8kX|J z8MZz1^>C%s_>%Y+zhmbe+h7AVTJb@Ffss~5qYvgnlw2MWilpDjh_hq_DS0-1qAs0( z&Oxa}5Y~I`!W@%UVcUg2lH?wfUUy-*86}6)nY3(~QLj4S9}=JeIzQYTciR^2K-QGj zG}jlEuX2X~3o35~4WE=ydm)dR!;7GCq0Z7z>z}VxIMpc`{JA#SJ4== z3Y5q{Jst?6g6A=IEya$X zrx6kMb%O{G_QOd|wXQF-2PO>|V(Hg_uBCW=pl@1(a&_(ddy=>cqDD`;A)vLOzlK;O zWz-8ddh-xlX!JS1C<#VNrpvk6#0EPuw%dpu_W}#POF0;9R@_oA6w7zh;vO_2W;txI z>Rwu`EPl@xq06lM?XwOF*Wfr;c(XxXOvKspy3F2}J`tB`L0YmK^qUZ`tki{Ulm}*p z51|Nwcm=RwwX*~={~e2#)-(Sx)wF=Ab|jx=_(wdWRfJ{4VCyrz^uZE$3|sHF%$3(=r^h zA@|4Fa=Nha z7?p~7(P`^!MrtZm8>U%|T zqV+p~%1!jEsmFTpJ;iM+(e8{2Ll^0LU7;%(R?>~EdPc<^m$vkqTl=xZ`}=eQ9Gu_y z`v(qn8b-3WZ#LYMk*jXO*w0_}ooBb$Lg>9M7r(YLo#}>st)Kb&$lzyswg|Ay)Ln5X zWz(w8+`ED90706uTgWiK%}t46Md>&zqoz!ff(J&T1okp+R%(i82x?td<|?1*xrIu; zq2>Zx&(8u&C3jR<IEJ9uq*{URRRyTIr97W%-+=$x$Hoit1a2qhex!&D>)6!Zy`-lG_7C~ zA2mm-Xp$@tfoB%}yw|sz-*pq!I6EWr+(GsGgMRJEaZ=de9^6OGyl2Qd$oXr?EHN}# z`swm*o@d@9VgCDYF{d0FPHk9yVnO>xQ1&gXY_~G^&&L!PpCP;9?N8e{Sjpj@z7{Z? zC+?TN>%`>y9RjO5%~;|mtD44Z%vUo@73pK*Z3&NiKmJKbxf6kWFPdK5Og$tIUy(%? zx|kIGx-d9$Cl$U^?{^yPrx~P1t;Hov+KretlGi7h6h(RGUXs( z=ZGo5y?P%nAid95JGjmr+o7x_b|30Is`2c@y}TBM(>gCutRc9)k@{-Ktx5&!xd2H8DuNQWfrghSH=|3rJz({`l0>iPVfwKZLr= zl7rCsk9sYi^7pEJu`MpEWe#QJfmbxhPXXdbQeH8~oFvaNq8N5X*+wv)%7za-j`URZCWESZX^3;^?g)w_>e$of9Sjk{yuYo!$r@JNYSN` za4U%}m*zLfiH7{JMmpt*(fS#31w8$=`Oqd+tYN|jF#!upvYVXI!{-&Zt_A1CPkq5A z#B7K}m?iK2;x>Z3sC~2pQru(D61P}|s<2G@l_w`fq9X=Kl8cNNB0EmKKZHX13G?kHD-Fx9diXM< z7AojD$_QH>yJh1=CX89ImwRzc%>+3St)I$9t>mTGb-rYDbUvijCl&K>Vh~(S3Z%p) zt@}KzJ~3rbl`m(1#gT~yE?Q(;grWqF*Ro2Vd;6?6&iSk`KdN5HXuiyDZmxLj8vN3D z*aSUauvtOYmg1a~dprp(aFhO^RH2|OamcJF)_YXgTJFsJ2^tb8C6Arq>qUovI<+Ox z0_m`PBjCcu)`HE}|VQYw*ooF7j~kd~226BFQhA({6m_0Nuo`RycMzi`Pe#*e#9yUtWR zn}S9jPTdCT>uX>;`{dPnwCu7FXYD?vEWl-v>E{8(HSr1PljRC|JHN?Lr#3)qgk{$n zQ;fO3li7k>O5F1{mhE(XRVNalj0ON?0Na18*vu&ej;_kSk7|-pwN-jCtmQ9akGpCd zeguoH|Mop7%4Q?+hMFoMP1pym@-W8&Fu-w5n+r}Xqst=;I!vI!5$^=7YuP}+y;bOW z^w(cQk;$m?qJ3+O1*l5%s_Ity-Ex6Q`7Lx*@eVn5Fqm|SpsMF(OPRFW(h!IOy=T1+ zjntx8S^K+JZW^pY?!tqVO_t0u(Sf|!aC+v!6gU5GwD6%qz3)$JcXgfqbtfN=PY4)X zOLQB`e~vhUcO$@3EBzt`u0?c=+njhxDFY&5M7`*J%(!<|ABn{9&F=&?=t!eEVINkH z?qR35_}c@88=yIbTjr-dKZNoFnP2qQjhImCP;q%wE;ZBusAUzt?=f#=S8jQQ-OA$r zw-e&)^<_ayB(AWuMfA6}fm9|m3cRTDtim@9-R=x}QnT_I;$D zouJs{*-&&<4$4pp!^;z~N%}m(ZuyW;a)-DUb zHN;PcrrpkaXsl(!uu8bq5BM&ONN2QC@XexRSY$3?uwW?Qq1ynhE;ophn)CtjF!tm* z2%RdIatPM1okO$8u?U5q|1@S+Y)E!< z!L`8=<|U?vaxSKaekXV_gH;XKif*(1`zJ#jY#xubaqo=zb|8iS=<#JtYg$NLJBzB< z53aOyCuMjNo|IuRomj(*0Yxw%tPox-2!^NIywtLXb7Dv4?B!60F2#OQlV~=1Q8H$Z zwQ9Nb!76NCa;-VOe|eOduB>}tVOk5CEBRVRS_@A;QRg62)g2_|Pe7wr$j~Kradt<@ zA2m6(OM;%F`^}MnP_w#i5IvebKRVKrS`#sZiW}cK29F>+7itP8m@il6@tq>dOp3b? zo%HjSq{j9RjfgYLIExDRA!zPN8h0WLOsdAn&S2;<@sm?0mzJiYEJmAQ7um0uy>Yq-@c_ zxHjazE9I+?e9qN`Y&1R6LxSL4Upaevr_G~HDDX6Sr8q3AH_YAb+*}_u16;s^f+YI^ z`CFkn`T3(`XNK`MV{WjwPe#k3L!JmY-Lue=?)dC zl~EqK>xgBH9-L`w-2zh^^xK3S`RgHdc~FuYT&? zfkd3+4o+=Dl5t^U9GO{!{K}lh-^?%DgytSkDH}>QC7-C(jJydhbr%`r zagaDlBgTq#p^IgckvFm)*(Qtr?dw-x0mh;4f~WthyK52=t#UKGYDXVix|p+<%)t^+ z{3PTH5kTd(ga~<`KBzl#KEM9^_Cu)4WieisB4mUct}y>dwH+o`kR zE%`a_Hcm<`HLKPgv>i_tB?86nh&bL(yWQ(h7jyTVRCdKIQKoqebE}$wrl=urDiWae zgw;%K?5Vhs*SpH@OZS$*{d}_pjhw1g-&J00W>vvwoaIga-!j|-v(8~?YXys)q^`%N$1y;vHCA>(FB7T#gTO_i+61l z_W5VFVXc&rjUF+uBW6U)qv8;0Pqnb!u&{xZsl8#|3VSG2sUR06p9Ql!DM=+2+D2QK zz8n+9n$PW1T2riy$hx7zHRwCeDW`amG>Kg5T(XXHGhIzgHL`Hu`-_VZb$P@a1b!z( z7zY-Z{fG2t57`&_a)Q5JKy53u`hJV@3Mneet$624(yO#JOJeZ;V4Pmc4XUy#O3W9# zItG1_v1w1KyjFJSW%UCx)N8mP=!LD#`&*mdx4}s#osQ@C$iWt-i$8QrD@$imLQ?KY z&oQ@^n4H-AKDnJY$o3%f_hKJZyce0zhXAL6xmPpd&PLjZ5N`qFC#j*V;*0WdbtqgEvk4B+ z1Xp$q*L4IvYB*3>!p}Vee#-P5@_d^^$e)h{@2&R8c=&5a-0&blz=P|8=5#}f&YHy@;IkQ?fUe(^~*UX=yJ2Dg&LazrV z+g$FjF#;O;UyWImYg_50ziK?bmJmS?Qn+F78>!(plYt=7FmCV=w7CBxlJyrM)O%>) zQJcVUPlt#)?{h~{)%;Uf$N7pXn)+-69jJPZmKfChOT2nPe1gsgcHW2;4M{ow&R|Z_ z*bfb)N1Q*|ng_^NJrtvs+|CTbRcjI05TjDXbBNlh)@H4%!`Mar#F)j;Z|?v5rr>X> zKK}ice?4MScRae*(kA*_`}UF^SdThpxYf8S*y2d9A3d&bCI2iAOMud!xeC_mmG?g- z;laD)aZOS=_<6Sz@za{^4Fb*%IBK`b5Zl~~=``S%VDokeUp1Z_KWEMHt7&WrrMs`F z^KMgoEN#bTT9!setgJe11^(pU&@b{e3ExnPgxDEhKBY5j4HlE#btN9miyY&v2Xn%= zkHE>O&lZ#VKZGEYJr00JTLvss-1GQ60iOqiZ|6Zp29|vUJ zS?A7TCvTRPliN0Q75d8ug@83TP@ULwL&W@D2b;5oH@O4X3{mp6l%SO&uhVJmVUEyN ziHZE`qV(u5pTO5~fO17Ou_JM5yg#`HWA({S=%1M){(loq{!j2k zv!VZbIrt&pB74eVvZD|tl~F+vtjY|+#a~?QQjo}5e?sPRd>2{yHC-4fUtBL(l<{`;AhrufK9$RfbBvOoeN`0UyBXMoJ*My1Mg2i(YI z_Da8HA1`~W@fdzSr>!no6N*PAc+fi@E2@4|6m3(mU2twVSClK+MtIvZ@GDmXs(Cb0x z7a#D(!eVvvu42-(8fTsCJz6i^u5#eZ92&RJpK`sXu>un5oGjEIYfTs(c~a)4b?5QB z+*CvyuM_Bx)sG*Txmb`tS958w?4#=OXv0f9{>(HsXM&{ZV*KLoXV`xT@BB~V%KziY z^YOpF)l?Y7=1PwCaDCunbJVB5|M&kKXLn_faxkk&!D zj1-oLikRdI%4t1H;3PEt(No~l^=c%BN1w3$x~YxVCp9-4LkOEuLlAm5LWHYBPQ{|a zTpnoe>{(%QZ})Zn-bZ2Bb^G)56RgxzmZ9$~m8=7qrqWiL1u=!;J>B@%$b{kAO`)|f zL#dm?f3(;K5xr<6j=7QaoHr1<)xlI8;v$^yoNq{#JupxX5cQreeEqFdQBa z_dajOm8&tH5{O8OpBAB4K@zcQ zm^I@I6Q-zHas1hNe&!=m&k2E*NFP-|6ui1H{le1?8q})N4*ur7wYSRZhFx(`P;g}S z-5pY>Md&m(^g8HwAtA)f6^zLXM}XRn(*=T#q~bA0*$zgpYl+E14{b?VoX6MaLA8sh zi5l3$h6o2-8d7}jYn=~>u(x6P;2fCdi)3!}+Rzg?lmed_XwY_dv^3gQc;v7pWI5S8 z>g5!g(C+F;jC1Rk;#(DPlWb{9YA=GFA}`JG=Qh#RP;A&(5Z@Dv$MLSsg*UN5`T*n#|`9mg0FM+V{hA z^@f3=rnvTlbckP%Rc7LpCvA@!AFx_Q$v z6C{%6n7Kb)DKr_mDTdA3WG+c5h8Qg0z zv>cIXDsD<%FTYd4e`3AS@hqtaD*YTKN@{}Co%p1WtYKJv2PB_qS6bpjGJTSf5p7*3%`pOtO2fk@_{Gf}qM4M&k#z^8#LHu-s zn(=eblh$ZgN?jXkT^+YWs3~oyCsd~YT2YJYp;b^$F=K6Z?@=tY zyI)aGFaDGb&B__;yfT(Ixp5@atEQ*fkHhNaS|r|FO(mtif98Bwo^IZ0O03o~EP-6Jjd7;9U&_UmdyA9kXl zb8WOx+?P_13|OeK&0Cdy7jH;7Ta8^Ba9eqM(_-k!N5emwGXvGd1Ci4JP$xeeEC%zB zJ^+y;csXcxszjU?ulWp3txm9h=U?`*9clwm9kW=cy2cfT<0ShvLoGh*gI6S>RsxWS zGot*xP5DXnWJ)PKX5xgO4A29VR`%B9!|x{E2z$qVfSimdep?xVmR?Av$SU6d4m=b9 zOL#q4euKm*si7qamY@JxPtNAjp{Aym0Z4Px<4f(*eg+>zNl8mmReFY$kTlB%hqS3z zm(si=gGG~_i}|VB)};>oDLS;>Xfqz#$D)41^;A(dhG}rB1c5@=wD=4(sPk{ zx?O$es#6pq;*i09k%AORF!Ev-2?onm<5&)jofO z!c|a80@0BAHa2JFg_CnyX~>qL0wN$jp{Id-(28Aq8kpGdB!qcDXE%YafpGyqnDg6_rFN-FLhTFd7fd|cPe!JqILX?gxx3xBW9?W5C7cINtx zx9z4n7IB^iSt-h{8=UhX=^9d~{vK9$c`5ZodB;~Lr>L1AljYR@+xQSO0ynfytNeq5 zsns8o1vw`6k_^yq*Yx5o3Sm=OI1w?)A%}NM>#ul*OXq(Gxjau-Rcf4_%A3E&tEjou z3v^Ae@_0Y_)_K+sBGG3*fz{IYFnilEIZH6kLiAp+B3eXX;EI*{LAu4yLe4a<;d4W$ zpm!<<{g~o0@r4g3OwR(%wYR(_a*eX}P!civV^-RDp?;~{&SjnGur#OUi<&`vj%R(p z%gNvhYiPSL@LfUtURO&|$7guSLT9ZWfi{07l`7FpkG|(HI4u6M-|wiE3I^0dE(e<$ z-eG*$Yw8{$eRHo`;;f0C6H9y2$Je6AUQ#*h|8C`D4r*E`J;Zo^sig@PCN7~TE#Kw&DbAhoJ2JqwlktW&p_lLg4Cv2udwVCi)8 zaRR|)T@L?NUEOF}g=XP2!-HpP+?|8UvrJEgS4P&jtRCd08s=)CArlfhNwifl5Z(p= z#xc!DCS8LsFE`waFA2<)&9WI8S~!~Ow$;f!ViVP<4B=e5VecB0IbrWlkaT$D78{83 zo?2yR-ic0G(#d7UnLdCUrj>y(j>Xl_w>NRk3;nc7*{ccd7P2ge3C9 zt%~$e1FUc{v{nxk`w1wsbot=LaQSKk`SIeJZM$Qz!MlA2+o#u$J@i}+{;iyJ0VkrV zXGo`>mZl2K9#N(7opb!jqYtP0X^S<*LkWSjU`1i>?_N+JJhEj1^!gwxxoOu zB2jHAcsjZ(K&jT+_r2wscFGXl6^>5Oe=k?(=95`+Q>Rz6u#)L0zvce4bvV&LPRwaA z>jZ@esLVb2CiO$!&e7V}aJ=M=R|CL(7XH+zj3D+r9jOWj~xeZ7d|$r0Ov+`|mTtUEa#jlk+k*;+-&ZcH5Hliwh3#FG1G7mI~@hqfw5IHj z9{=*5^)+oGAk9KVKH;4$9tQp zKaQ-IYA(@Ks+f)OLTY&r4d9&)QW%>0$N(u35$S176{mQF!)LB@c*S=`=b|BcuGNHD zYk>q})qy{Im+W4)WNOK2Wmk1hWpIb(qS#$8^`WSV5!(9v{?XukIH|z*kv0nf@iI54 zjF~vqB84`QcQ-?1=pnQ2ga{k41fmwhHd#8Kyqr_mU!WWvfSAgeZ@*aXmYR>LI9+aS zr4;ccdw`Ap7q9Omq6Du6L!5hfISmji!&S*9KGSZIv|+ z+FfFQ^On!ci3CZihH?~PMVPjhOpqp=3XNH?0rN(Nfl|87>s91+Gn09@G~EtAv8$c> z>{u8qJU&O?jQLex9`my+#YGm^X3F)1|M^4c9=8$!n)c>Z4u*g!L8-XsB8IzrOX#e^5MrZ}VU}b|5QA|Mg|jl}eHv&i>5%Z;xTc&o zz8-;IHUzTZO8qbeZ-A@eFvYnk!kS*>Z{yg1UST9Yp4hfm>mNCU`_JyROLyT>;OV@@ zs#HX7x$aM;o2J0`<9C4%V3>XZ#r7v(HwFy0<@20Z^iZj%+0!8gT**kPh1$evKQC$+ za_#EWm1C4lRGX3$jBe#h_Bu$R&;(bDiAYb4tJE}*Hip&>>A{LPG1y|sC5LYkF}8x5 zn&SC?;DizXIh^oVQC->+c+&v1G8$jht4a|vsoV5#g7QwR_eBBfjoR}5fdV|w!hYdO z0iN%Gx|Dj>EnjrTy@VC$7W&4y>y4=fvYCCI%>JP3t23y95j+?}LY}`+F|Zr_FX?Fc zmsEnUAAtUg5b)GrQh5?Abk^lxV2OWK$Nd8}dRH6}3!lFKu8rv1Bevc-ZpfRa z#%9B@ChakQtd}1QWp&P?GXd)qpoo|wO%Du+Z15Ac2<{^Ts}u9queFgbxn^X0c9| z5Sp!B{$K-zLKRG;WAqF)E1&s&A=jxhdgh(tKkGwk<`M`y`eR^SX0APbyGWovS=Ar{fWcazw440BS5=?3zG-Dk35xO3l&6iO_rnz{G!;^79`c9{s<+MW*)f+H~n0 z^_qFcys&H)Kd1|6_UL!R=*HrMmp&(XyX)Edv|=qEfCXmjc|6DFU7%Tw$GT{kVjfG& z?cSS@(z){pcV&k0vyaaF{JGhSJq^uZst^{0*J;ot+|R3f4rcT?xr{`5teeenEoJnD zPbu#OwvCzYrn|<%=(w&02oU{x2tbjo$+r?yk`l(Up4rg`Sg~<0gWJvJ)zoa~rgKlo zx~i(5*WC@wd)*QFN$97vS@>hr|B^P>{pZqVB3CNVdyRIr?^$FOi8k3jF!8Fxgc8?% zfgS{B>Bke(0TfCFH7C?o50&<`dGTQQ1cG~tHBhJrM%1-d`G0m6v)MNBNOKty2wk-o zNI7uu`d=#1Po#REpc08);91%HtVDtWtyOJPB_hfG`2R&yyR7PycKW@_RxA`hqM!r` z2W#`G2za*9_``GLOQ`g^$Gah|Uv&>eow-xgrkYUKI}b^4`pYFbt#0xAU;TxpDl2>9 zQd31$rElk~Qujfo)VV!=>%@gh^mfYG**KX_-0I#O^aW5-bSVE0IrN&Q#a2X*~E> z+KzAe_wEL_S1r-??*g04-(&izc}fe=K8RP)y?Sh~#Z{Do&o0>CXuAHPhtt+m zY88JS2xt#Vw)xjcUAH?UkRefMGhBJdSt7j4G!UcE# zB4>9f?JfA(a{hej%TlPH%~%p%{AWM^lOMt7S$x(*IIK=phu`NzACD`FXWib|0sB6> z!GVg&EDQ<==7msJ*)Co5F+qUdmIty1JQES62dF za1UrYj&)ug6Kj7DBQDtLslJw^psk#c;`0KP0OYCnYVgRyD{<`Y4VJHG^>`o< zsQwI{gtgBn@t<6isJk#!C?FgHilH$OI#~PpuLAFyJPw8lSNi0)GdO6g-&iTW4*=*L z@CIA;FfFBCbP+=lIO+7SPuFDuD!Ad>yJUSJl*|JaCt9<4`u)R<$o-7(ePTzefqzA1 z5rTnRasko2W#ye}SK=Poo7=jLE2sZM2QSg6WsOI-IY%`8N*x&8h214hun6?Sy8M@A z0RRdR&Y#A0y5CZ9OsA$3O}TC7ZPE(M>jQ?muv_GO7`{dc@Yli5Yn2M^f9Wkeww$!D z3Yraz!j}tr2K0Jo1iA7^PN;=!FI`{onBEiicVX%JC5;72$XO6`xM-f3E*u{J#ImpPzig ze^VYlO5NwK-Jql>of-_*K+`AfoAoV9xX9T^2Y`}YQ&p%jKs@(a?!~8A3xV4=HI{lh1+|yBU7EH{%A4!oS^gu$A6k$WO@=%)y^Hp2zHKS0ZH?PoYYYBD_2X*l1RK~^G~FT zpboUcpF>daJ%&x$ix@*yT%o?ct@EV58?fyAycREZw z^8{TOq_6XoHn!B-it7lO6o@cl*&?Dous@!r%iaz?A}a7F{j#f=7F^?zG-&Km!pYB5 zTKUb;)Y#bckZUYS94Og3;btY-49t6q5wzlZdS^`ozrGv0+%6+p4GxSQNf=J}A;i%T z%a`lf84QN*Jf-~*8u8mrTK}W;hmezC`to|?RE~5aAtlMEwkm8gI{izc-{{s6-4U1B zTi5RYtz!ERJN_TVCi*j+nBV>NSGwg`I#plKk|p0HRR=ddEiuU-ZcXV9aTuZfFB=8o zCy!54GBr_Azd0^jT&hXx>)ib=*>oP9RN6E-KV6ta(vWjU18h~60|6@qxJITv-#Nyh z2DANQLvKmi=B|2Y2lopCb9QRcW&xk`x$Hnse1qJNw{< zbVsc}qT$Lzo>M9ETk|8{L>YT*oUTkJ+m9E-$AvAcfWASQ}y+)rAu-ABK)e%?0FkU<2>J)K6L)4qIpn&L2D0qHzFZhEC2n=If zop&DKTdgd$PSux!T{Dp*jytfz9UXb8CoGJ?;EqV@r!{S-BLu#$%%1aMGW>ZhW> zxomh=kGMR{OO7~L1ZZ5;a~9&QSU2gIrJj`fNxEvGhaplKGkN*En_Fi6vJn-jJyhsxL2|u&6seOWaA25M9c#f97mO$=lmQ+sf=ws)o9i z&pWkyl-hduleBH@{qiaE++&SN$hXZaUWas|gIYjNBQfe#9~KW=xZJJR@Uven?rld@ z_Hvbv&-N1i$uEXKIB>hAso-m;r>|f&AzEBtuXi(8HHaS)hzBm`{=sb#DO~R@@pOS=a_9L3a_%H8Qur2 zTAMZT$LOT+O@iIfzz_`zsCjbUGAg-qy}fR`$kt8MkH2#MP_RUjt^Bd@2UiB|jb$tH z@60a6*$u)PQMg2S)~0lv>^;hZUN>9MpO34>nhW^@Iadz5*stiJMxciKvQ*21yRVET zq@+kTce%&$rZull;K#&-6ENnhtvu+v68_O>c&-j>=ESwps0a8$g zMEB(a{|1NZT1!X?h=DlrU;sfsvw(dhO&>fpbD~0%d+g7)xYIh%f>hrFJ`4d{Yk_&x z_xO$@#D}{$>RTZP&|JJHGen;pIvKld{o%VY+tX-NoTTMJMVy*Ug_s_HDZp)X+S)pc zpsQ;~{lV)u8MRr?MOs(NL3K7ZusMZWgQ{lDgZ6us-hHG17au~kE+hfbD_3H0?iQ!w zG1K=e-$~7dM22)WSbM$dDjjDJJ6!6Et5q0w&*t+bi^?hQKv;SZP7th68T~h zpUky$w!V#wOqP77p5eqky3>F0=y9CbO0s=+d^tq}Sr7*h4=#o~vo%}U%`~qISpG8j zUGJMe9L|4vFtvs0SOpK^Z?_Z|81Ahw4$X}ODd`2hT%i#xtn<55=20o4It#HHUHW5J z7cM{3jnp0+#$5Bt*w>BHUYSx7 zxLO~8IOV?7j%i%6u|U?UR%gWy`dHbrxYnmQrQ2}8lh(v(L79hsr~c_L05< z$Y5wkX=>a_eWfXVEZ11{w3JqkZA3&>H$IOP4r3Z>3YeT1pax?3lKt5*&|Z*1KHNe( z;jD|IS$j^yRe7RlZ*g%ubLZNrm(B-n{yMDuSn2>P0(z{U!5A#@F$E;4*KIwtwq=&H zTNpI^TwGC-nw!?pBmzg7%EDtq4n9e!0;Svq*Vr%C)N^-A!Q6Y$s+XND9&}a-01U|v ze5($(Cn{#aGix$%6|@Bb+!%RP38cfqsIsW;6&RK7f|KSl+P#{SbZCq9a{;2)=V=qz zb!qf{rOkDJ0rbOAdHapZ(VYv}?~)sj6xZoQ_>mExiXq|Oa>zw*u(=g7!0syFC!!SaO zJ@s6LQ|+0wh6?b_Ap6sXPnyD?NVIs&ZE70;3vn+Xa$1A!_)gn-(U*&VWcSoqU}0)I zqo*GBjX!(uDY*R7b%U z`o2G0b?6^w&pMmyL&3T?rPo*VrLp1Fb}fQlQx-}D*Q(C=WQB$j1muPXZFUKPDJ<8j zw%Ig9%m?}CnJS9LKD8!F*Vm@A++A>YJ0~;fM+sm&gYND}gQ{xLMQL&nf zGx3_z>w(2sFIaI-s>`@8#WQF8RdRJ?QCxUUSnivp!ftZeT#Z*n z5xL9@YN-=c@!I56;eR777f!te?kH6{?e6j~t1K5Ql#G7vOhtc(aS(h-~;p%vzgc>z4E-YkgD2p*QxOYsumb^!Juu53&4R5*%n@KrtuV?Zc?ip5sW(1)iJq zgdafKJG(GHmHMc;<{GK5WS%rqN9rLu=`6ATf&%<+ zq~#6z&;E__vA{!`b-m*QkV@~J8|a@!KB(wiCYAC!0~@|6i!}ssFS@1Io=3q1v{^Fs zzmb+-@BeQ<29cegg}M82!~d>XoUQM$2?PyWNQiot(h;p!OntSGT-@m_Q6;b-S+R~| zcS7IJ_`R5vq$js$jvUM-x~yMFJ@B}n2TFlE=>(Rv z3rF1hBVow$SY42P+R1&M5BW8Dy;-NmXgR}Wnk-V}2E`bQAD&C1(-QQY`V;BwKxVtx{*^fii?Ruc=0$M7skn#C!{NVD-Y!PBU_{sU5m~8Ox2#)396>kJs8Ni zPpWUBa=XDelT3-cSjL~$mu+5|!PC(9rYHis%%7fK(rcwvPNUvyUB}F8?&c)T#_@(L zBnw{1)_xcgtdG35kyGGtbSzP>4~>S`WkC_s_u?7=tWfgfeG1*`hmsfK-zV7LUDi>} zPzqvi#+oZtvEqQLibG6XNw8mhKGtCMYd=z8Vf8iR-mCIFxSvE;=vj_6{Rn^759IES zgs{{}#%%REgXU3sV?St^F>mqN#q!!Cy&1xE>Ac}UWbpK2dD<_U;7i&#?x3*%JbOVL zegMEZ1jgcf11UD8`PvrHgHutIrqGcXJM*2(WrUoAz3<(V=%V|%PdRP_h3d}R!Yk8WE+i!fS1VZN_1ce>Ip-nV%SQ5Uhrd1!4xlIUX_|7O(gpi#ouGUn}F`RW`pn{zgZt;mqs=MnnQ-g`>{y_uY=AQu8nO;?7V zB2B7|46VPYR&pYw+0#Xh=PK(Sah6i6x9V<4T}?Hq)&d8aeJox*g1OjOGikOyZZ;gbq)NB>y{OCZR{_L`zkBOZ0x`m}7h>G;(z@P5;ZVvI}t5;IbC+a>ryY zIJS{DUS-v!V|o$5$X+ziT*_pK%p(C68SSF!_XFP?i<%4ZrozH*H%xHEpAFN+CyCZg z_p)oYlA%`cteoVmw}IFvIbvUfzCPuhz`%pFt8TG|yy}$NKRM*ItTojzt~K6;m#}Xv zIJL`!a|Y|8${VJGOyxWuWIEb2DgRPr7Zhgku2Ip-K;+2jWYv*?RK_MXu=Z;KhVgN~ks?Rx|;lbqOj;T?hd~Rp}s|5L!TK zN2W5 zerWF7&g-C4dy_NH45Dt2FNBvJ>l`V2F2KO<94#46D|w4psIg6WFPjcZd}2c_(-W8j zbj+y6oAoyxn8>ue&$c$$v7<3(oxfyuuf!o#e(@QAUF|({i!y26mR_)ZGP4?AtHXzw z1qnIb)81a~I)OrDGhN{^S!2QMB{gz5CM;gQLzcDvbR3cI^c%8a-^gKn(45PdXJKmjBjYFA+B1Ru4{s{|NKv{z9_%*$ zZU6n=^e^fh4bMlG^#QL(a8R}Gwesk0Kn6GxR^PZ#Ejl_b8jKfuGnw4(h4Z1+7PSiw z10Adlj61bNCXM7fFq_*y*$(f`uKIm0=jEInLXTA-AxHZG0TZ`;Y$+N%FM#q%Dc79V zQVw)TtGU!&2#cRTMskl_*NL&`nJ>9`C;OF=X?Zv#NjiFMGHPaCLPcYn0m3v z>o0Al?+mgv$q+1hJET?x`(#X3@9QyC1{$f1I+{`7z$4nQKdf?OfHo|H$K)uCbQPV0 z{uNu!Spd15T%(dt9?1{eSf3m?quMG30rr^gq_1>{pXr8lSGc-y>uhaNoKM>GB?RD< zT-@~e$BkiYd;fKE$XP6F5bK>KcAezNWd&@z-VV<@;EQtemH=T~lue5-6%AjZcEan+wn z8+ok1V#|~H!*+ko)5szIrMY$0;$*biCTy*L(E0hzZ6Xhrm6UVVX*eyBr7*kk4(0)ud?vOwRc<{I5Cs5gb=|$ zO?45x80MiYX%2?;kRUPpMxub^!subO-*p#t=_9m7i%rr>i>X{fMB!2zPd23CP;ej@(d#UoDds-^V{ zN#|!PX~>MX*?#vy8xYyP^K|W@n=D9(Jy$t<>{Xi$;r*Vuwiz4EqL(!^Qc8WS`l*b$zQZMd%#yuo-Ikb|nO2~2 z6DE20QRVo}#CeUU{V;e*#YxJMh0(2dOeakplYYPvjMKsgXU_OZIX~JaY>WwgmRrxT zbOTyGkC8RW!)>4PQU-YSr)}nXj~fh`Ttqng2z!eob{gmVTKJA8|H|t*@`Y?I$rFSb zG41f3SLu`)%{is29&ikXb=!c)4%6?qfrn>2i6~R-Tugr(bx*9>GI(4vdE)z)U(pUq z%{s#IZ7A;&*G>qU965eW&k)!;RnyxQ?oB6HMWGTFY;8*F#I9-{kNAHSm~Y{JJ413; zGu+mn_$A(SW0ADdQ>}Kb+T3`cF|MQl7k>qj&9MXNfXpSz=abs9r3~+_MTY~B<5>Jy zPPNmB??{+wDL3e7amBhr;*&ROevvvZSxNmL5AS61CDa7E;;FW81*N8Bt#!`zk^=V-2f> zkKySkLux%OzPtUjOy8|kcm!fPSUS4rU<1|`J(@lKE7N5rJcgCS`G~G0Fv;3Ivz0D7 zCki|Ava}pXP212$A(1`E6n5=O<7$#z&=(+5ZpA^q{|v;F$vQL)pxe>mdaN> z>6Q6hqN2)pI<`N4nrFcC(rfTIHtZsT3^OdcjqYBxRxvJ7cse-!c6h0~L&-eCn*u6I zxRQ8H$3(MrGq|?sO>?5CZ|lIdJ(P@4tN^(stCNd4X;CNW9jr(~#Yc zP&LqD{VnlVf%vWViiQmhkNtJei`d1HpKK3XcH8&hfiJ2(_Ff1sOKp}2-ud5#t^VE{ z{n=2>S#RPH?Q@!$e<+qa?24AM)37d2@VA=}G<;Kj)q$Qdo%$E8!+RUR57-A0(K_yd z3H=}AKmu)B$ytkq*$7ssQ=s5m+2kj?|NW_RrHF`gTsDkOj>It?T4L{%s0 z>Fa$-ucVpYY0ZDZ{n472XN*01*jU6XuliRVQ{ylGJvFbNEIUcC(3V;BX<>W9`>5$3 zI`l2fa?RON+bUqU_(@vsizOGw1Im*gYqTX^;bm$a{Sd zOsX0%$bG(FOnm1xUM|qmwD)dX@<{bn7z`#LK^xlG3>x)a?FuhEYmbOro`107;gWKU z;lrXJvh$M!8Y_8f;d)15*w19`zGqbvTq?a*5cP!EvHq3VkF@jv&+a*W+TAx4h8Vp= zhwjSkHnFXY$s}mp-`eF-k^HpUI?x=4nuo|ZI8bs&`!s^LP|yIb_SY0a6i|pI`o3Tg zQvW`fxot3{Z(oE?t;H-M1ADS>;X?Qy*9kIS+^aIZ)a-uSS+UTb|?YN<} zO}1!mT5XQeuq}uF)LhP_FYgH&<66CbaH~7`3}})#mTW4A^w!c>(mN70gBeNHeGUgv z?L3#CSmAqbkVmQm-L^(dWd#jG3_6rj%;)&ydces(+NG9Pqq$V2mn^2HJ0_rcS!Een zp>O6?qG-;!IAxWW4-=eVI6AVbo%5FYRvQj4rgxe4cIo7aD` zxy9d6WxZP7Cb`fZxTr3+uN>2z8dO@V#yB6Kr&k}wUaegkV)oB8Zy_$7!I=YxX5baGw?(mYONX<9 zYK@iT2J`cU#7d?hKN`ND^wBm#oRz^_XZ5K{Fv98LDxc710~I}vl>=t)FX){yEzp%~ z;SfNXH)pq^5IIYm;YyqSlA+?Xlci()_p!7%TbmEr)bn4@RnjQayhu=dWS^L#nZXOO zfBi($&(t}|7hi`EKBMtkE49VieTc+GOZ(ysf(>0AkqVWz!9_)Xz^&yTXY-bNKMQ+M z*e~JMi=b+Jyj0856!EN_GJ{TsKq@+nrhTQgXGP}QFA~DVwzbjT-cC7Z+{Ty!w3S88 z-j1LgCTeVgN(cq1*7$L9m~{>&{`z>w-XRri_077)rFUF8JfIJ-tols4EUHv=x1^shSFuHn5cvl zD=?NEw zz{|H1b#9gEakkP?^#PLReJ_N#4aF2`^Q zBnO%kJ!wD}SA-9H73&a3v>8hs$`d49wLyZ<*)b zo5E=|Ra@4|*NRe4>gn^zwSHN3Hr6`Kd-&lLx-lhly2qC`lap(K@LKA?@#pf_h?MJZPORxKSDw63YU z$f7VMKE~|qPEX49Mx%FT^UfTexX~(?34=am66eZo#?q@T9aGz1S-g(EQsqZ2rwdOb zQy}cT9OFD{A`)|EKtZIWIf(!iF#?&K?CgpO=XfPPyjj@kx~`lxnHmx~AiB0AMmP;I z0tcE+TM9$!w#&lVyqr_NEWU9+Y#_at=$^Wc-TIL@%LfUZ7PEaL9V@H9AOaVCFApDR zpB3hw+uYi(Tp+>x7hkRDz8avo6-ldt6)vV zOD;Xb%0yp}43uDZrxn4w%sH#foAWw~QRTgi+4?TaRd6wk_hf6^?efU?{HM?Pr0Q@F zeo=SyU?tc9GR>@D97fdH;vmByIMh&;T3On~_R!D&0&78_@R+Ua16V7~ z;D==@Py%Q3>UPezy#ruv^yFJm3;^}YGtE_<@(;)rF-AexLSgKHqxF<}n2rIsb8J?$ zEEo&G+Td<+o?Rd`W+jOEw#SM+pmcT4F^RadWN`dk>h0mJP3a{d0JP{0oMa~30jxDF z%E&u_wHfy59yQqqu-3V_Y}J-_0BfBU3-FZytmWH~&%Fo0+P`4SJR1OOs|knRmsQmm zaOUlV$B&gz4sclWW31@wd4~gNhytoZ1pw4MHXthHjRj!sKWxioi^HFq%9WtU%1r>M zCj)O;sDd2?(t5OX^p0DP0+5^sgkm8_0opk_4fN&%V6BJM(PwrpKx9m90|TFb+DFLvScHdNDTjl`Py3+gh#fE(kU~P-9 zpT8@MIh7N+J_o?szhI2=0|3^NH(y(Twg6OErE0jk+jq$>*2XQcgY%jhzw1F1(~Gpo zau@|z^YFCB5(I#?|F|t;YyhkkiTTnm3IrLO-7NM}foVYKr`%xPd@zqZfaIFxR6`_y zJCRv9Dhq(MZu58EAQmM}BOZt4PHp2P52A*v8KSx+3WEn30aJ((dP@!d!#1fcb`ijrO5O!=Y;I9@VvFy3gy`e*)l+Xw>O!V>1oDtJ^kvUq^{ik=^3 z_kt9ut8H2NqGNQ|}4-0LTGnv<|}Y}Xm}Z*0@Yo-do~NDCfgtb2TdSsP<7 zSS|PS@bbyAqV3E^o+nX7d4;*l3oi4kjV@t?Fpkvr_MlbYUl%=|%-T}2fL7r-1jEhU zs3<@8kJZ#;O-p{;r5+k@5U|i*@WWDUVGC0zF>o4A)&zIhi<0JMg)`>@#JZHQo85Eh zII9)bo+8-u zhhOGvUEJ-0{LVUfRE?Jq`lDU0vuX*heUeYLbK=a!Lkl}mOS2sdc5T7n(fVUHLOf1si`s6vz}>Jyo=K)nM~uZg3>z!tG}l+Q!t2ZjU}U$k@2;dF4;~K8X6mjm zjGvrn+@R2-4BU1Jp$MfAqyEW{ps|aU*#oUKm_fvbByfP(HT;K3F`!)C4`@vQ-n<58I zBLv+NTb!B+7X$afkMl`Zi!0Zg`h_z&LLd(+&VQNtmeR)mDd zXEKf52FYq+Br}kV9hc5*h9c^;N9wst5O~u}fkMr)ue;$NbNkS0iH6yL*=aB_>Pyh?Zl+t3C1L}31V4mC_;u?p>u(?Va4QZrsG=V^xb$sm=%Rb&z(`(6zK^gE zjMw})$-xZqst@ipO3*O8_e-lp5N#pt#)|P{gNF`zCHR6yB4-ke_k#CJ(=Jm8kHJ@9 z&sibN+x31pOcJ7Wb7AcC+l|~)wc{WuYwuVFOVmP48X*xP(`U`vmAuM|33Nbl53yT} zrPaXbefHowoPStLl)XhK_$)taaw}H!1W5VCQ5^D0N<^7^YS&6uVigo!&d2HP?VNroi7d*lgd z33xwqjv#RJp_5HQ=bO=V?J{2u6>PTA0$kEec>KND2Nk^sViy`S4oau@mA%mKOdcEZ|I ztCpsnDUMn+ihPU6`AzAPm?dL^is11jC#-KRrkyxUOpjv9KI6 zyEkOBeFrPnFOaHOv}#jdZa~=Njg~B|vKdLdRdD30jJ4WunK=$kh}p z`ZlkJYS7%i!UY_P0~Y)rPZn+8qSD`VeuIg@g~RV(5F5>Ep4&eTtbFS$gS$%pUD6Uf z{S52gY~}u}7pL_QZs`z74SfxhG`ORVqIquxn0HvrK4m$H&|zNATq!%s$ez=TW<`7u zt1n;*@FxwtYeXy5k`gm;{^ggF?RA7X8A`bCb*tY`7r#dXJrOc8`I;8w=9P=lDs350 zpQa>ltW^H!*KE`zsRCEzy-zF33G(_&8S`Xn_l$x|s_}bMQ;jHC4)Ja20@U9(;gbOY zc|k+d_tWrwl$KBpGP~t|2%i-S&x0YkBE|bJ&m$z4aX3t2jd^AClB{?*yTRs!LRt>l zuMC+e>y5*0O12S($wNeF_1Azi^-P9-o7Pr*Ng7XqPtH%ab;joqu?ErYOofb$9CVJT zu5RF$r(9RPGyP45kfrpX}KW=7>GBzykS{mq`v=R=_s2+G?(#u;>{92o(sSc$znrmw-gm zC2!m|4uIEx$+>uQ0Iv%H<#+)AUb__EOx;aCfY)R={3jddqQU{acAzNK%J~6dXSJY> zE3C=CU`)=N1A6^eTrYrL{{>@G{!q%Y=4kRnZ~_UH4sxYo?SPZnKM%X;oBYO)dXP0x zU@?ZF0-2`NPKfQMDd%7FF67t_U+k>P)dQ(DhMRTBHr*QcQM9|T?cbqqH%Y}9x(xY$ z4$y)+cM@~Ja~>+sm2LitE&XhWAAiyJy3BAM`n{uDW4WjhFD6GDS9XhMdU6-2YT2!GH^5t z9Pf}|1*8*-ii+Og8(S%!-x}VOcfaWWL-6{?^-^MSMGn#pLgtGWlRh8TgE&h?{$9zMU5~dRxuEv-X)3%Uct65Q?@2Q=X zbr?C&+|O$K?L5~N%Xrx8JnY&TTgY8QV~@hO*Nz^En-5hpzX4gTa4s0dj%6!-ALT#t z&R0fLmRONLRZKCCw%<(AUzo*K4KbO{30dpiv(0qx>fF)wmaiiB4L#D@JNG~z<>{d^ zMHFTyEY9l2;~5I=E=0{v_IG39!E#l63L-z8A>TW;{Kpx)*akfk?*{}XdBnT8#V*1{ z;GE~Su8r*t2a;(AWC~^BV8MRH){*EiP|&-r14#Gk2X>AxfR~@qtSjoQ4O~e<{t{Rc z%@q0`5#fG*m^q@(d>!MS(^Gy6d@ZRGp6`jCP~6@5$@av>J%b6WN1A6m;NB9`0dC3p zyvk%A&CeSK>|G1P+3;va+ghEVv&gfDw>dc>mB&6VyjtXUvq{;M-O3D+P3SV&fU7(r zUnlVkClEA(0YM|M?bkzM1E|lgm8Nn*asdgW8{^ko3qG=3R_B$Q6%^X3N*Chf@<)57q}@=9BTV6Aq?*#?5r za+|$kK3%_MGBw5q;m&jIx?$69_8*)5W4RJ;_&(LwXq%rz@)Y(>J%7mhFXPs|jB?>lJKhWg1~SfD_6W^>>lD zR!OL#ErzQ}@VJ3&I0tH+Qs={o5ts6DQ}X-;8Mr7S!fJ35juXP$1K-MyEgpWgE0b4N z`%T@$60xBv!BfeQZ6nSpij@U_%Bww0nNw~@IL=8EHcxw}w9!McGmb#WA=E%Rb zv<7s#*bW)4U_z&O0B20kd4IDIgnns4GyTT9bUN~wbQx_S6)Gf;wyiV=+ccy=8xrT* z%K1zc%FQOflcil+UHf91N~&Rx3-Cpmd2?HSO=1U$Sp;wI>^8dDvf4}`?Z?^i7m5ZY zzh@qmyTNj~!LW}UIVCY~C<1l4Kodr)yzo=RQkA4k*0Nd01uoHf=kxY`C z1ZKToLH}o_g ze!NDDs)|45ETXgzl87LmRIgTXH%4li`iCYqq>_SD>eiya#ebN3ZN(9YsWbsZnGX}5 z@kjqw*<^|~Zf*C~ULwZ$`odpU<2xs^M3ldHjoevKKz*6$(-#{cIDO1Z;-JSWRrMua zlPSVhYRC-ZVi}(y;;1Vr7THUvwdNdeMNG9nzKHzYwUBCwe@%E@_EZ69_3Eltladr1 zSX7g0I(#6UoXR&aY3W~XOBM`UKcI_?eoVFo`si6}1d%^lA9jL^%Bdenw|vzCvyXZM zT>25?Vavj8LPipQ(?T*A5>hW4nHc#rJ$Yke6_c0H+^AXJkidTa+#R-K&&PAe{P1?4 zDDm?yDT|Mm9eM@7@;}?HKYa1;yuc>+(agCtKaaWnCQa{(Bh`|J$BF1o^Wb;olVz|5tDSi|F#dtLDN*L;uDH?m)Dfg6f97 zM)aL__PmR$N8DCaiiyNxb@UA(d+%9l`)E{D3=StHpJ|}zQrcigH0$4Wt3OWf>!Y_O zG#$BbV6$C=Okih+K(yiHTJe=wCj=kDt7U5>z8~oQh`|AAh~ewtWH;}y9b9vixoT(z&x^nr0+qrIs}fl$=a8zQNB@hKg1uYj29%C zSd^Nxf=~G!5ic$(Dn<#%aKFj|q2LFOxR8+GgUc6!&jAr%j_&Z+|FdEEw=SGO2dY0u z?tgaN!E?X-hg93Bfk%R20?R+ylDW6HI3vdaVX^WK%2cw^T}1Bn&NY`1t&2@Jg8X3p z1PHrgQi`Jl#GvN((uRnn*&UG9^AWK(#3*au)STMpN^zP{)vb>XMX2?Ds6XeMPh#o3 z?6BT`Qjqsb7EVM7cf~M?I4U=hFqO{l|7H8Q-?QueHW`wlq8u+w9OyBzG><%wU}=Je zdClT3aYMrls-S!09EG;C3*4Ia*ZY+4hV#q&$9KET{@$7WnW5uk_UC}S{@cN_*MID< z6Rh_2>EYJ*%MhwaftNtR(}Eylg}eCgz4A-diK&zIR+Zr=>hm3Mr&z%VxA$|5rqV=r z%)uM<0l9%vVxe!HuXst*v{g)<=hqFAu`>VT{;XM;PbPXut|iFtc$BDG&g>hE&FvqO z)BIZ6UzZYV=FkSy>x#QQ#+}ZSy|8QVtMralGnaCPdGEqsYk1?+h;VH7&b0bkuwx1< ztET-sKu6W@d^Y^I;(gOb<=XIt+dy(uIN{FD-%jwq>(QTsnIGOy&9tY`aK4n5oiY~j z*F=-4g=S=k*l*~8;cjxVF8W37n-KJjPLSC=)3#GpK6UMF*-NPwQ$IVv+KG3#CqfWc z^T(q69P&jJKh0Gp-D$SxCmU2%>Ix+n#!m~GlInZ+<`=>5XXra~OPRBm!-z_etWe(o z{q?v8=%IHSaxAtsKv9bSTd&w{)qM7wxX{@PMcg%p6 z@A&QZO;2$)t$j5=6^df<_hvhM{QsSwbG7V5#PHBVlH1Pr;IgNYk7cAkD|&cG%A){cY@g_}hQ*S&RjMo+c@bM!t0>i@_$vvYpZ-+Le0?agJWC zbOd*~d_^$62QMULqRF(%66@(Wr$Vk31J=mUtp8$-?0fO3a=3gKaxJFG9rL={=w2J# z%Ia}1(8etKqeVZ)`(Vxct#WA5Vh@+tWM6ICZC!H32_zvQ>%wQ$*f>#&0L1Truk*WX zf`#XGjD@75cjs4xPW+abukOIHJ@7?c85bPLoYIt54GrToQZ@S53nTnO$7%M`%C^?Q zoHXUusN7D>Modgr{#wj&;2QenhlY|233lXj0uQdw9L&ice#ujC@Xssi-z_bMI|G%j zP%A%!G>e~XkUhxzTe>!(uev-U9NC9=t+?o)jJvn}&n1k0k`m1h6&q@qSsR0Lt{wfx za>vgK{qwxt|Ka%KW-zm<|K0ngKki`QK^&KLwU4IpTXCOx0vwC3Q_6dP~x2A5>vGh**8 zessSq08Rj8*F6I)Zn-&q%Ad^7yX|*fS-XTPx5Kqvz(a>1a>gmk>JSZ|!k=t%>lLoY z?`|Hx)(0=m6zY`W-N3ba1Zh|!5ZIfPV8{jcNc?ny$`VjFpN!ymt|gvq!FG-k`GPd* zlJxl-$LdeE?`(S#p4xquqgkL&AHqOCF!{=V&ZhtP;Q!Fs#e3;*DZYh^Pv<3(M4r3F znRX)@Lt6tQo`|C=;n~f7z7`vL9ua~Xy7kdwIZ-n!v0L@~8)iP~$usrmUN{XB+Arf6 zTa!z_kLIlgxs(Mppu1a}%vd_u{);-+En?k70|-0VP}e9!vEZ9zgv(}`zVF(=q(9#A zam@Bc>86jUh>Nje4+jy7^9G6?=KvWr9{Rau9pAKLJ>op$7z*;S+fm#T&NiZL4X!v~ zK852GGx6Y9sjupQ(5B4!Z~`Lds{{K%aXlLd=rIwe0hB?jD-T;_pFSPk7DF)DKi7sv zRduieP6_QmSHsj*UjN5`?|;YdO4jiUpHwq6ub@1F&g`QC#cSZr&b(QYBfwOf}6hYrb;E)#AE}? zOyC1SWCJ%SGUBUWO!a+OLg;g%dX9{41()K#aHYeyO+j3|F)GoWr4jOL6J+@aJfrfX|ZYkYbE)34b zREuq-4!846f7|JyG4j!rk@ryA{6TwJY@|SWDP#5k*rb>T6R93@?my}`> zQ)5~lRv1gbI_DKMc)%~!+KmI}ABoO_z&@raJ{hr?Iw=#2%azDyQm2libzWNY!WVC| zR*BVO6!0F<&_W=7bTfo6Bi_qQA9@c`MYJ<34}$uOtT)1CXrXGf)0E9qn9A-Mf3tkI9)bqMO$mkU>C_}a zj2X(z-WcMNioW*vRy;F@=t$xBYFuw`c8YJ&WFeiiZb{ zaC1IrRCL>?gkBTpb-4AR3R?>J2hv*;I=yy$OG{gBjo2HTODN!tog9ppG~oUTYiMS`ISqC5@6Aywk7q2JbKEe{ z^|;Q}Gq@HckRgA^qvO1N!x zeHU$VFT3f={M5vvqN?G0+V@{&iszP(E>U)K&=wq)(^gC1J%_4ludbhLjSGK}IX)nY z%ZDa9i9DAGW(q;ZG7p^*Dx%SFrq9j=zhGVB0t9l~Tc`%wp}85r3tz54ahm z*lx7wmfEd-)k_}ljxyhdwoX{Pl}~Mlkh?;u5GVP!(!2V^meVrk5J=mASg^Htc{L_A zUvx9rw(;Bj)EAaj88f5U{ynW0xXSxfvrma)aR%0^j|PSVdxh3789Iq5+k}2>xR4OZ zpKZC_MOBt-ca2KnHi&4!k$-oH9 zQi($dYz0UPKrX!y%HO}HVfe?^30{XiotkVD{fe!5@>m}O*BAEg{)>)9<(8?RY;RV# z?cOq(Q?(URFaLFE{r|ccP8)S^)#={~$~_dO3T(Vs|FutbxasZw=cMlq*mJM`-jb`( zU$dks%?SvboZq@JH*$Xr<5?k96n^Qe8tcE~X7IoKp7vD=(BjngJ)qH1^#i$+h-S#8 zharTRaSrF2mKJ`{S~43qcmgLR2+(x0L2C)&B*)mapdQE0CQJ{Oej^tm&XzmJIi4=AqK|t!Lv$RYE1EY~ zL&NpPZs?mE~i`j z;9#VjXu&JOG{IX)%nDm`heI-ZLCj!PLZ^z=8Gy}5!37B@OoyUfhxevdtp!(fPO+ob zcN2oVaeg4aD73m+PGR?golV{K;aQjZu{Fh`p_zQ;qi&ZzyU(yrWs@O zLBfJJm*_o7(+k9y`!RDFp7{`z4~Ik z3oTkMQxwO*WjWeO;RX$wz3NnRr&Q?hTHR#1M}Vl#D?%#zY)*_7bbVHcEDOcM zWpAOvMnG*f`EW@4JD8Q zQW6MNL0S-yk^rHJ5Fqs4g&)tk_nv+3J^SA0mjC&l?>^tkllNVjcV^8yGi%K%Gn4(k z{cnJC`Z{_#fJ27>fI|l#!2b7N#Pu{a?e3Wx>*(Fp{>y`3E&&eUmvaDsho=w9RQL9; zmR7J|f2RF2+;{MP@Xz=^xF676r~jl50CY?JgXjNI(n&`rZ-;|Siw9pH)IsG3FY9=K zUvT*=9`F;l|119LCyp{V)jY`a?f@5e`2%kM2i)K1fzLsn=AZc;9-w~Wg9o^(hr933 zx_-jXH$Ls;2{AjkTONG*0NwyofG*(n0scP#3;=Lr4FEX&`fq9W$pAoEC;)JY z@wYUQcL2cI7XSdcD?kt632*>NA7FBT>i}7R;{E_Y6L9#KpYZc~_yCR^JMt4w z96NUO*vS)YY$s2gJjr(Y>}j@BXHK0w$pCu0; zIdM?%+^LhN4pRSTRjapKtN76 zCgt{A6qeI7xgXxhEw6CnAs( zzRdso^?zp%XaECoi1Hnnet52ns;|x}%6ki}c_8rr5YC>GZ~ssY{?PiyWy==JS5mjG zE&8~tSQ+7`Hd7BPRx`=NRX3+?WDKI@EEFv>dW)ve$doD!W}6GJ_xnGj_`fUhEOQ_5 z`@%P~ZH=V8!?jOuz6?H-StOVXRBjI`D4&#Hh#qFE4xkc??9wq3SuXWrk8^?_fYS>a*}6cXVA z-4U%z5`N!oeG3#^XeHv5-YIroCyqpbQkhd;25%=;Is{cKWPO^~dj|Ibz{N=BLss<6 zWu0Diq!U}$=BuwhdUx}BW}rTl&TDRyYp7x6%2z7hZ=VR}4CpfE)xuqjs1L2-xiFwO z>g4x3)@FJ@x=|A@kf#T^Y5b-ACT5NMk#ZFFO`!KPngUZ()?T$oS#35if;!I?Pic>CS>8j;w`7 zk!a^gyr&W_&GRrJlR4Zu@E$uc-))aF;se@U?nBKWGz-gU^~}v+y|i(s$>b7e`3iKi z;KbQ+1VP#yp;r6|%`(>xl&<--Cg~I8H3UCI9F|1Q(p&)1*0LZCyWN{k$enr8%~#W84;7`3 z-7hya!H1kGi%Xx2iRtLc^N#tnksbIvFBMtV5w;+I?UR`Ru`sLBLBV2MNv=cbRjXJ= zF&5@q)FLLmWixL4X`T%?Qe$Hv%J4Ly>>6+o@-ojkzP2rj3e`95>4Iu)4u~qm2@7`D z-RTvsP+{b^!m2RHpqDRB+2BiyQnsGCx6k=>!}Kpg2faWPLp2dWZm192(}s&pU?R|&}5pZi)2WxA_|UY+TUoOTCcRty{NiON}K^L z^TlP%orV~X3Ptpf_+7j+ou8--6siU%p$nC2 z%{|r=)Au;5zgSdUB`jH8MYZFalf&KCWyIzw`bxesYqpdAqkdvp zr%Ce3nS5P>nHtduBCKmP5AB-z<~4p(>6l67Nn&a$VIV^mJ698YINUhVQ7NHf{iKIZ z-wb1Fa9AZ zRmbb`1K*n0bnkB|l3blnJ;CMH`pX|{g`>D$ zkWwzSq}ry#hnuT>nx0{Z?qEmvwE8v%he;CpkIHpw$#nWjV7(j|C9eW~>f5A8Ke#<`>S(PLJ0q z2Sq5qt-?y&VgrV-0fE5a$jILvQr{1WSU>XPf90^r?&q71U~i#+@e;_!dx*WNPUp{# zGgm8czl&%+55$G|Qy1x!wuT2%y)%5ug)uDYZ|jstAAzWbWO7hj#R~iUknk7+Y$g8< z;V1CM3y2?{SPqY(hEz6uB(n(MV~28;v+`-1itqKHYEMr3lFijq$UHA}2CG`$mn!xY^tB={uQ|8GxsnhA=L_m@1(vj=b+;Nkuj_L}v>jFs1kyeE zh2t(DmeXX^2HmMYSV%?xJW4JX*_KF~q|Y8Bd6Xe(ts>9bPSXsb!kApgFYr#VLwTS| zXBSgT7i9Zw?keVl60=fYA_oZ+#eZnyGlC1Oi^!wKjT1PD>HB~!y)DC#vRAdRjr1sI z#!{wd*G5i2dfb+o<}o$2TwK&QoTY^cC{6OU-=K&$ADx4x74&`z_GWAe&nimjy0SFJQDnP@?*@Wx})A*M!Hw z-s($Hz~&wYNIMIjaq)c8j={NofFyLgv%wf&q^tCz68S12d?HsY2qlE24m?I+_5pGj znUzDyqdQ$R1J7#vip%BIBy%^SPGHLr+UBQrEn1@PMlhGNIh>T$=BOV3`9i|M_cQJ6AE=k zgP2;&l>UKoqr!^HV(;apwyI4O7Pb zai5ES32HM(cn?AN);jMFoas=NPRa7C!?TbqiR(wnJ#;fQLB6#I2A*g*UwZ4;{C*tP zUpC*@0rvcvvp+8_i{s0zf5j{+-_`2^eR~rpT4tV=MhkmSKoN{}Wm#SG+=*ay?ZdzR z@3M*iZEG|djLbr}j90e`plk-(6}XuPNyRys&^6B59NTVQo&wZjIIc=a1|{~Z!N{VG zyYW6?+=Y&8Vzgni2B2T1juzW3RbT6-20;oXbQG8LOspXfB8!L)ebGUP>{#VM$3RK5 z7v`wtNMvj6i&Q5%QuKfw%?Mvx4T2+9y5urC?5?$NiUmst7b%`8H!F>viVy@%EPKY@|*}7%rkKzYd7aDsS|e@!JWerA;hhQ-bo|^hVWaAbp3K z{oRKAY9M)=#%f#DSMHAutuCPvU`Q2ChOJlVH%P{LVq&MAV^IsC=+5h&&Fq9ltC@*+ z?t_cbONqCOfHGJjA7QK(k6x5JRq$EyeNeZ7bli{vIx>sD>Ee5OVogOpB9H#a!m0vT z2_NF<0#aaw7AsBuC&B|^QYE(K9@{&L&|IE}?CjeCiN|dvB@vRiR30oFT^*yl?wUVX z&990@ExYtP6Wwyzv2oLlW~mI<2b=j0#7!r}d40G0@#wZraN2tHV?!Nb<%H>R9SrV0 zyO;cv3iV#M^4T@q=fN#^It)F$A8&d)S=_jXu_&G3orSy6I+iB%f8z(i*o|<(L`TStLEf8M&87MYWGF{A64bm0@HG_s~Yio_! zv2^PEGBL@o!0Q<-5J+@A0n+2^o5WVZ%!U|&BS`0~3I5oZ7+}uC6jT+ z0GeM>Wc8G3k!pbR=9x7bdXO8}bP7MjuUgu{iiJ-$_EGMP2w|-$IvW_1RYrXl15{RJ za8F(h3cWx3VSraVc6dk{L6{ z%-X-=p7xX0f<%8^d$LL6=Cp+?4iXU53H!XIb`}|!krz=>ihZ04qrWQ7Jo<^GE;cfg z+N-VkunaOVVmS=f4yADv6$7z>AY6gDHeBV+28q{iz`yG*dGh(RPEKc^j75-&49#cF zJV8~Ilj&~gEzn1ctA?**v>JS(hO1SDaK~;L{%*B8cDvV5mPhaWP|Wv*(tDpHXu|zm zz(yKeWpLvmwJ^s9SCb%=p6Cv}z2@z<395%Hpx!5IOV0bO=v||caZMkSE)O?P+{xt4 z80O+q?u2lnxl|$xH8*0)Y#T-jE|KG>4}1FK9gXrbM$B%RX=~W`3R~zX2K3W=AP5;_ z;BfY|7L&c}7`JO@`n3U>!H&^-dYYzC*5Lm+;I_TbASsxcNA;e;Dr0vUUEmCXHFBtyYg z+~VDCbBw`U<=(yQGHb;ADXoZ2+Y;9Ipi2|`0G|eU?gpwyKGk_l!E_@V#8`3cnDV?K zRh*)aYbA=H+P=?5bHID+=-1j}^YZXKMFMHq)ZycEgn^LGp-+9kHG!TVecznN5@1Q# z%4c3!?LY~E?Nh`Q?`&xq1=@sHOLVAS37r~lR&09Lulk6b=9XeZha=hi!7w#HXX|29{LaCcbEB z^CqLQ7UK+T#M5aIU110pdxMFIv7WJ%t<6&Xk!wD2t-`Sc2M#b445e^zfFbu3_MoNg z6%&jG&)zRFM)&jDiM~DwUu_)e-K>$e-SzrPPC z@jd%W>UP)W!l$*6y0GA3thG`AbEz9MPz)1us>9)G_f&+s-crsx>nQv5@Fub}a&_$FxDH*SxzE zqV{!F5&RpHegs+WU^5;8;jHbt`F5w&`<&DF729vr4tK`f;c07+_oRL#k|0Hdsx(ah z3e}%-h>j$nDsCj?H_76#fj-#(#GEVfV#Z>HJX$sw#;0qx#{Nc$^-Vu_Ktddd#PObA z&f6fL7>>nYfLIs_!T|x_1hq5#+`GGx%&(9=XpimQt(3S_!-6u#V6{o zGG|d(sCZspe`a+7dHdXM;5nSv)T#fX1&ZeKBXW9AH}Kjxy}tj1{$(>i%WeQK>c~J zznc0B_Wrafa`Lp1^-CA40)-^ri9=8+KNZMW!nw^i%YKhNr=sT^)7E7-?x3|;^G0hE zibFrJ#xqK%sp(Db&oJR2mf4zDRdt8AAqD9&fi49B`jz2v8Q57Og? zTw0|S=yH;F6g-FW@+4ecUymrn6)FClQB+j@kg(yt{Yv-&(K#t5S|X&C}R88W-|RQsZmYM#tfMA@iq1_5nvM zLf!{(^gdHLQlGCF!amQdc6zNJ!eB0biPMVlnRARfbtN93VHsP*owXReA;U+3IA04q zF*|(r$H=H(Mj>S|#Kg|f)dfb0)kQIS(1cZEuB zs&+z;jp>Gasz7d~Sw+A!6RV%%qCZiSq8)aFQGIGs^1#N?GS6`%vq$v%J$mh-!QF<- z8>fmodGw0m-+A0!0}aa_=`xx+uY-zwGaF5u10zkUDAdRTb|moz?bz!8(P=lI>F%R7 zj~1=@eB-)4_l@W2v)p)XC29Gsi8^g^m6^t-yJ2%(ZSvhvcc{R}n&V{}Tokv#^E8sZ zmy2@S?S7|x|2^xBNrPUNu0IBY;gv{Hi?;E(oq4gNiicQJ zg+QEbIzFhc!WEL~z0!TT^bf%mR+Ehd6=ZTnPYT4sP>az5>l+#w{;Zd)Wqe!2t?B)Z z!eHt0L{YPnmIB{I>W!I)18tSxpyaEhuae`lnHPcsd5R<{2>(aXaMhkMB*M8#AysWa zJJo$X;vg&h+J~O84Sh%V1anB|T4A)xqN(m3mXp;D*7Sk!65w1Q>6}f~H7xuA_kGw( zRV&$S5!JZ!OH)L5SGP%fKTnjI$pteIEsnrXFoZUz^OvNzCS_=L(3C)_%l$iPdEw;^ z{a`yPnPqZrU1`DOl)q#t4VV`KrD(aCZzJ$q@09N{lQbXt=>}aa+j2Jwb9Wza!L|#@%6lcC^f&|B&ac8 z>SC)<$7DrZ#FCIkk@oHplYs*X;&(TtH$Oc;{C{}DDflv(LUfKRB(nB6D9I4>kEnZ)5h=4=M=GA@$A`@ zia6hCY(6ov_wHurQeny-|Ajl@<8T&V#!H~|WZkYHBPz=Esv9|SuD!$OV_eeZn-W?4>=k?ta%El{+=2{Kf8IB{t>#KW51CRp*k zh>v&khoZeV+CH+iFShIvyDymm^-HrQb!(a?uVLQ`tdFJ0E!^(!i*ffgOz)I4;;zik zm#5*ERYHxpILvO8%_f=258Y~zx9yp?FEe+&9!MV~klEZ3iEUb>SLPPRrmrb2O5ZT6 zcr&I^L8!NFiTwaVyE3`VWW%Kc8GcoAk^9qdOs%5vrKODCeSjDm-LbM3{JZO8oA=qI z0LxW5rq|OqYur_G3r9aKk$6b#ktyFMe3v%$(?DSO9#7Az&_!k=A|>eY-PH%{-A$)P zE`*F!^WdWQd`H>kQ|5By`FmIs6G;j%<8nzu-@#KlD*E;{+ap!MktV-F8HmiMGn6MjP&p$(+s0Psa5i9RoLT4{&>GeAKm7%A-!j zK;^rzw$U@)voOU^kpsf|RDE%1WT0|#vK51@DCP~e5DqXJzXMBe4mUIG+skKVSicz} z<15(OWShK|H-@Aw=Zs_w0&;Tk@fnnS3usx<{3u7>h$bwOsYBw8wO8S8_&}sgUyOjQ zL`6H_%3p%C#7-zFJLci=#B>}wy;FFgl?TVXLpOR9M1$j)kh5mLT{l8C|Edrto*cWF8ViV?XKq#y z#^0a{jv=1_svL}jgGhL7viSf*2CGqYEbjic^BgA$An~Q}o%lMIDH-5vWB^!+= zDz_UxGWn{l=a6IQe63vcGuQ73{S7cYyayqKPk4NMNaJ~?CE|gftCY^_vXz2U zjLuc%SyWO}SFGq9uff=l$A}(tBh}%y8(McNf})cODh0`iqge(yokKSX-PhuEh4tMn zCXICxzMzvY^9EhE4;o-R=@|i2tJdzIk)71vf3x1m3$09Gumh<*30u3xptKFVwGYmwdj~e@sbohJ-XmEZ|Hdxn0+wXrZGggi{qD?f z1XoM)tb&^I6+e~imYJ_^So;R~DA}~id@A%Q6Y(h@zwkyTD@-fCL4x%zfq?bSh%8JG z(p3q2l;1tFFcG9qOSK@3GbrRA?Y0Wbc!dn*)VYjNhi7ZIRNJ(Tx~_g1pG`^v4+;U7 zHy-4rfer(@41ep2HfY@7G&uImoF)Ci%mEVbOip>jTyrgrTQ^hG(h=@%XF^N7)No+s z*dGSioN74X$zcX8N@V%t_FF-1lWRsSZ@1hQ5wyiV;4p(3ZN}8aaqYcyUuRb-=sDd1 z0SS%fgNL!EqLo)_&A&EzA@fqX9T@>`-=T_ESA8&xwS)365Msw<-&bC$W)-}3+D3aui{m(*ijnK3QF@BW=tdUO)C^eF2}HfA-TsqjDwgBxyVck9`gfDV>>` zS^MwtEk0gdVJP?9TfXjQDsuqzKfZ1;vR0 zqqSEH1z%^B9)6HqlQ*vf_em1Mlr%VZ17~bO8TxlboU~r$InIcAPTrZQeiTvVL#p!M z)(dgnKAxL8UO7Gd-T$&@K`VZu4f$|@U!hkS7eG`{SZccF@$^b;3|m0@LKJ?wfthIbdW26JhUiniAdkJR|l`jy!z zGOj>;`dzTxonj&IbnF+pZ(&dc7y?DT^UWb$m``6NW`I%@vod+W$|O0S8s)NWx~ewH z+vJ-i&R{NgW6s&)3ed!yxEWnnRF1DL5y#9BR}Nl76*}YS82sB9uQN>8dxK9_y5?KL zx%e=bx@tK^FbB0^H!@;s&wDlQ&S-R3tFUFG5T*TK!6-AqoC$wx70hpyVH+`^0G0hh zUc%9%5@a}RCWv9U0-eIge0#Eztc+qcSh|{__fBe8UbR?$CBIpBwC0FY>m7f7bz8ff zK=1oGc`-a6%ph%C)H&6AMsYN`WRo9KXzUAri6%!n25Y_j9Q)Py=-q31xyf-2LcX%I zC~$!>H8PzV5>GSj`plX}*heY?g)=s?U^K`m7_#c0_Gw_)1FP&`{pxmW>5QVUTi5J* zWbR9e4@1PV6M3%lrz3SgLC(Hf>6!$`mL)(&xuzn+$F=tSR!9UvluF)U1>*AtY!}Ma z!&VU~$q%Z7!5+`!w0PaLlYF1TSYjGd6_TKozW=CWGX5R+d_R}wyH2c=ts(}bS@nnt$V^ns2cak zi5IG}nLpptV~cpNr@psWCTYp^DaK`Sa0FIveH*;_4`%fLc9OyN2yrLQw#8a;h&&^Z za-b^tw;HI-G(Gr~$W!F5;fLD{b-pH2OAl^7J5VD=K5HRUrZIH|vfZe`<2AJp*lvW} z)UW07YJ<*P+U$OUsI{c#HKC%lJ}#yvpgZ0=D+WpV8CVWHPD!aKzTsGIelRnH9ix~y z22y5?5|^te8seO_f2F6cFp^S8m%{=6HMxBNmq}g$3L_*2#4jI`40fvp*%2JZ47YGU z9Ds?GLWCMx7t}%p%82KMy!+RM4*_@oF8{kD_@&%k+LNM~Xr&4K+AG}e=L`RF{g(@8 zd<*OJGz${vY7M;xOvjM=yBG26kC%NmH9YKmG9T^({Axh`c2&BcgZ)46 zsMmCt&Q%)iWprS%wfKy&-~MU1mU8!E_5lPZ^Z!KuufBxsillUJAUCAE1|TwnSMQ_h z3N%h=KXF0YYWJ@fYjz56zlYPRrTq<(LYeu?Lt6L`cDuqMtG~A%sMmXff6tZw*Y^1T z983QnW}W}nkj6iqcVJxixd0KO?1e2{t=Ww_= z()C+{rb-36pC?FFIE)xDFAawg_;@%y75c$z%r%8m4=XhwTBZtXnV!k}E$aIFtc(WL zcyM*7zGOPTmJ!Q+YATy~9txsHZGtZz{V_*uY%{1Ry38^sa~+^uo*rBO!>(7eaM2dmVK1<;~7nTP^z52gs-N{HoK%H$pmU6 zO=8#8Wq@`YE?ocIauwn*Sm>SBpaoYcYj?v`B>OFff8&|)YTU6AXnESxkDSi{8x1!W zEn7%B%tBc56uqpKlm@SK);t_|^T?^3@-vHyF6jtq?wr7*UNl4XHaYOJ3YX&}L#bQ? z$8L;pR-Rt0&HSb2lxit0ct;`yG9aY0%Rj)E{LL ze08Im=qyWye@_u%4mO-^FT<9W^zoN7T?adecs*fu+V9MH?-x&B=o|MUkM)O2+v(|P zivoe`(iti6WN3-D&LW>chUM_+Q1jhb~O5{t!rurQa>i}A!k~(y1&%Ct`PWOU1Z?5Gya~(0YerW zvt)MpFXYEA-N#Lb@~0(BkZ6cDDrLy1Nye3-bCXVG20=5x7C?;9(%|}Rv_q$DNLPB7 zW~Ca%Ug7e#-8GIe$`eT|KlBL1ym?zi`K?$|cxOP^nMcfKg1HVw1Rf=F2;@pPtA2ck zMrZP5VHIs9x|P{ZUfD@c88h~$3{DSqXbn|~N1Qs?z>QhmJI*gXJ>%6-s&=ubTAD7^ zz_g+(EqWBHv?VUYbd0@O31Eu3nO0-(8hdBW$7Z;P_xf+Eyvh6h+`0(B3t=Nd`qPMmKr;~=8y%?r$N@n>D*R9d+r-2v2|bGRSP+RiG9c;PWm>F! zC;e41W4o`v)pR^Ez9Qdx8AHQRiK{puR)Qsd^N3ieGn`{cvMb6n)MO6P6jIwKHCqHL z2`^z&9I!R!R1pVe=fp?Y5bR|kd<5@pNFZlM!iGQc-A+869nTs*YsFOw>OsPxh{|z! z>uhXUx1_L>E@E@XrIChIxic_SpWb9D3pO`U{cqcm|B%2T;GV)r=RV-T%!+{iiv<7( z-4)90A9K|h(~tjw8n!(mGkRgKgZCirz+;{{lej2n8$1+N{cVR*G#7tIVTZeUg8EQ= zK5=qzNL4@*HXRvO6PWyVO)Ce@<3h3Q+c^jZk_IW~c1t%2uTXFIU-_$EOUH*bj?7HDv0AwKS2u)WT_Ri;4`Z?m>z~&67|?S%)ll|E?BjZ zixzqc;?GBFedV^Ei)hSoFY|rt49PG@z}22=TDv!TL+h&jBQ3{bS5RwAr`di!Q+z@P zTx?ef#PiP6qXKbp+y`$@Pa9ss(yuKeuED8;Z1peA=q+|;`kR*;cYlr16|?4xad8&aU5cPNiD8yooFXOA zrrMyZYB9HX*qOIv*5xKbTp`FpPR*)E<%JJPx*+O$e)T3%#8hWHh1!P+{B$ZXz+NO; zTUVc^wesj@Nttbxp>Ai|q!t0D_nc9@?P2NRE&M)TPZ*ct8R?kiZYC1m3@gMTnkS2< zUTK?;q3`;wP}IIpNtd!RmEdXdWQ31_=!R( zB#jFfPU~faCffJckY<5v5hKKnNP)&0ZbRLBEpJGlhQRt3Vh@ef8~jFOed{Uu>7kokDiRnwY+>r z5gJ($Nbx`a=#?dn+pKSeVC_-E$q&WR4VVJ54z#gl8`~^Yt;}t!In%iet&{~<ke5&!Y7qDqK7YRH1<}g;frj-alMZ_Q6pcffY_}It%|jz zeL$c8sG5EcesUn9his;=yGb=vCWck_lG`<U;}Mzc@b-3{YhK)5xez&JuiRkn3mqB@x1S2QD)1Mj!4UgR}jEWUR3*cZv!4V$vl zMev!2)7b^3=7Szzds;p74`NIpm4m~TazaIsXnV{uy-==9L%eBO=LU-cu<|E5F z2fDR>b#YnHH~IVr!P4#(Qa4l273;k*>m=4l4iJ~5f_-pI|KAv)Uaqlg;MT8b7L!`# zAC-7E6pk{0JNbXUme7ARx>&B)H@~bw%ITCNf~@t-1!Q*~%w;kJOvB(Lo^AcDl2N7u zDaOhJxK15f_}IPi*M)ngieh4C>~A+_aU5(f#q!BqJ^BaQFB8yoHK$VifTVxT z;eldT^>7CZ>tS$=>pGW5>3AM}*wyXe{F~VzY`7q?M~5!#q%{+AV%*#)XAEt=4|r(H z)_Iqw|6%cHg>G2Cxb%|psc5yM=#)z{!gdB%b&6DU_FPaeU;bHr!zHeskq%K#*2iAo zx9D~7Zi6`cN`)nglG~JwJw%mB;UB7hoSyc+0re@%2+$mCxgIPjm)Ngv7j7jJcVKTk zAgeRIB6E5mci~p5lETp9Sasd9mtxJir~a(M>+Pi-Mx@*Q{7I(Q?}kXc3!M=$--z-7 zy^5Gl^DPoVtX87uvqy~w*gjsjRVpsy>mF2WdBsRsixnqc;4sys*CgSE5kizF5ct~l zOi6x1V5=LHY_Slm`Ugf62!oVK)w+NW7gu#?J+Nj@=n6B-ZDhBtrbW$-I2>bVp&Bo= z#`2-hHL|j@%1kxA%DOZS3=Dbg!%jHp=yLL;frtoy(80iRsJx~N{0R#x=7%B$idcKk z-F|eKu1Rn47q_{)1a2rJk`uTwC#@ z;`DAJSL&6lLSnx8s_toyJB6|H5G^gOQ84qT9?V8|e@^hyLdNoCc%g7&ryUMurGWEzvwBWBv-}Ml;`&|58jT7wMmVsK z;#-J`m7Pt4kqACe*d}~@B`Cq#MQ2UM_seNtb0 z%&j1$Z*Lale|_S#H{a913NZ6xalXlu4Wo802*eDZ6V%Dk?x{gc{r=INPCc#Rsq`hp z0wfPi=uteSuI3X~bIEC}22*?oPK>Bm#~ z_My6NY^J4_@o+UV4Rno$Q&WClm#s!FQ5)nn~(y<49HwU<;dATa(z6xXu3NG z-Z)U*yllj1!W$(7@p^9j`bTM4E@Cth$O%DCo*VToDo6pMGGx}Haxmuqkw4H$|Mzu{ zEBi;!onL8p6Jy*fd8=W|gfStkl_$lwhL~`XU_V$Tl5omQ(Cng?u2@iD1*8pW(nWct zl+ou`|NETxAsb^(D^LH_v_w1?l%L+!RQ!!C@Yy^*c^$d8s~#7@-P0 zWx_(dLY6cbFaK(s|2q@YpFcVdTtD@rbg1#b#@`3*=<564``3olpO^jr>&c-5YbogW zY3PBqbTR9<%{_?6^IHQ@F8=v`b{~%R!KZERM6@#{ZxuP*gA!9!Ygx{(4*r`sx8M#| z{r+hI5K;ICSylZ*9@0%7{GW)l$Gu~?Kg6V+(F1uYaJ9 z?0eh=1*yajt}2M{S=9qq3Z8)nUW17VMPGVB0?|PXwASQHiaJE8FwT#z2J^x94fs<) z2ma0v!F|BN5-K}nJe?F{kq%r}9GchtLmtJv!)$e{y4tJ5lcF<5t1sCa3OKbs=s}%6 znBM!cnP38m+;l)DRAFTJmIlKRfb)g_Lh^6!=FOjNIMhDZxT#6n(er=&Xdw4+uH^*u zZt3cqbsh^-^I%~UJIF1**Xwa2ES|>xac1)?#JY$1G-8W2J3YTk>UK|k(tz--HJCj( z%k$*Et=&^|5?QP|Txkr{|sa;N4*v z_5q$m^T#-dk4NC$f)pK!(A=d$uM;?$_uCCTB)el&C?1ZIn)*h+)^z$a&T4FR^{v$5 zw8?H;*O3RTP)SBH&RZl+PRpo`D^n=&ChG|A0)uHg@Jq2NLbU{faB5VkHadsy=H^*f0hAfEx?tDTX)S5BqhpK*k)64`1bi-A_I!9WxQ}V?ZBw zn@gTQmNgt6C8(LyZU=7P`=wxTVhg0fHwZ~}-TCd)Ecnd3-fX0u)#Es0&MfH1X>{AA zrbZkQtCidV#R)?=cqUQd7rzP(ReH%-PAleQ%XmGdw`oT2q*YjSLF(n-1vUW>qVksGtE9m|?iGm>EP+jbd3>N# zzGby^R6n6&=yy;_lfi??fLYSl28(9A2AjFJNJRP*#NBZeo{P&YF-86p@7wvSwO3l^ z%@wOqqgW_%cZ2Wy*24sAR9I0Ds=4WQgd{AFr2+~hc+PuQc8{MaJ)A~=yzSZR!xQnQ zk8GA55Dk}zpqxk67>GoOno4HGs;p0?3L;`D)`A9U;WQ|?<^{w0+6Y{`{94rY&T8vV zc}r3zby<0d1#z*COR&Ux83$!yfk|bt2BD$?MDt#@zZvv}`OTtFR71hVIIqfwKA_El zs3|z_<5sEV91mNFn(7A=Q|s+OlY*tl&tC3Z;IU-RHiuXO3P(wYVy)7Tc;+D#A@-7; zYA5DZx_93_`Tamzgl*HF?5Z93yyCJ8t6ZUPbSiKB*bJ)OyXP=6C3#BxK*4zIbbIat zM*pH-&Kd1-dJU)g?*q>EX%OCt|E@k`Jh!kXwsUXI7}&iNbP#yj>ruP+Qw;xW0ET|B zo6DV7+AG@!FqF-3FaM2t`3v16e=}jpsg?&OtoI*G*n)p;!n%f7rw?)ZxUCa!biaB` z$sjUY`^MgW(Z@ynj58r<+L7sLz=H#Q_?!T9E$`Iu#s#*ZG31Z{t?xi=ku_5kuL(Gp z*>0p$svTn=F#8wN6S6X25A{AH*1Qbv#%E=4Nl2KO{k`4!_22CG_>Y%D|7^>~|NixD z40MP*R~Q%)^lqSWSn6~usP-B{S5uQm@s9hw>Z(nqojMY7xs}nh*n{wkd+=H7wHSMY zS8LFYJN4Zs6wIT_k#hcPt2dGCpioB5Czif)u|t{{w{be?%5pUi=lGw9%nP5uR|w|x z2FG9N4tDtU%T=;oU}@lFh;9q8d>)4 zg0d`AfU8BLWl$cgt`Rjy(BxbT@!(Ki+nNEA!EOodqaYHABI zMr?(fK>D`kZJ%+mEW|Wg&MxaM@cwDdnaT^##McuZ4u>meA-eJ7H(SazWK9K~1#bd7 zBug%~r9;k}w9xG85a^WJ(@QLKb*8vL)Skk3Huic&eKw(W0#Cjkcp-PivD;7PM6Uw> zfN5FUzE>GV9gvN^w)QpyppZ?(Sz&*mMD%5_EN|!V^5N?07r$#-O{D@2HQ(tPnn`h&gI#b@+ zBR3Fgv-#Q@Dr0+nh)-MF%;jv0jE8We$}3niDFMP}fv3h0u?GwoHEBb}W5oBB9@jceD5!ZO-nx&M-GpC()RMbx9@97iiW`bjpecbw&cE4=0zrR*7VkQz3;|_5`)XYp_ z+*&u##NgequBSJri_=#b_T5fGgep(5M^*Yq?TW1WJ!D7~8HSoe(qQtvj~fGI!H1@Itc>pZvuM z8O*4Bc?^{J;9Z5Kp_$n^NHEwFm<`}Mj20}CPrL1${w1<#k#n6$-n%d99s*M=iBF4(IrPAdR zXqNapGQmYb)PxXcQ$?FWS)V@zF^6=U=W%Aw6?P5TI##ls48zY2l1#=^Q(T2OVVbV_j{&4rod({9Ub3w#m{1FYRGa#m@xp{ z6KMNBvS&U0kZyhbOQRXXYK$<$Lz}1J!`PXIup%oCf3$VUsM+MVi29iqs8NGCxywDFG4(JEZ1-H2y z3J2lqNUH;jwu6Khh`fm5MlJ`AXY>aTefSvaE({3x?WVE1H*d}3D70a`=l)<;6KME9 zof!X1zdQut%FJ_q@GM<|{M~Z#zcR$hzX_yF>f_WlBDmuAcYhA>*TpFCZ)&P1f1Wt} zv1)!;KmKaj!wVTzJ$GNv@TV|{_WGVabeJ>}X7u3`kuGB*N!Z9-+89zmNRCaquNS zs2?>O^WOLV!Bggkhn$8iU)b}g=GK!*KX|q<$%}s(`|tixe^(njbq44^udjk}XZdSF zO6(pH+^gLSy#lQs6r}0|EjgP9+NQVrv;*$%Z`SUWgIe=gVOQF}&%n_jJR^aK=0k}tw>cwE?{J&`(9 z(L#L8fyTO5gFcolaS;8nel+LPX`fgQWlQ(x07W6U7GCCY66|JX(E>4_um5Zi;xyq} z+&2AennB{h1$b?SJ$R;0uW5N2K@cl6#5&5%53Me!q3YtL3ti^9&SLn1Y=!zDv>b_ZH4V4n%H z>k$q5S88T#`#u&~V=hI5OIuj18#c$)d-ALL>ZS&GVN@6JobfH^C>&N!M{gs&<9^^_ z0@i|@{&kh@2z4AM+~dt zHsP)kWJXv4@)=L*tWB)LFwPb*wX$YoXw2K4ASJxBi+Z5zM-%roA;|6OBR5HB>r2=m0xpU*@55j59w^S!lri$*NYjP3-N0mG8vKb)#rDdU_hq&O3-Pro;#ZZ7AwK0=(N1KD#OeD8uR@|JB%a7Hgv;| zkxi6Hbp~f+S9Rst51zoXU}~0qsr{DlHC!}? z41)Vw_WlhI3$c6e@+^%BoZ_D}_`K1*>)Tg*=+pJ>P8(ymVw!5XQ9*Vd6wrIu!a~8u zSixk&d|pz!twBj3gMcy((osta7(c){URMv$^)8#eNb&<$9J59Dr)FP!Q~bgez(M6e z7E-vi_v(>$MO=R`;p0<8YMxzLtO#cG{J9P1*g#ob&F5mLwq+LuVGTY#Z zsj3=oegl3DZRb*H=r_?rU&W!z#n@fHRm3B{;>rm%_vM>*;qo5x{puY+57T?&$tj{8 zGUpT{uHvr!;7NSqA91FA*?R7>OSclbiCF5a`YnW1_5M*P7ZkQuZj{x#VW^g>PHf~F zx~G8WH@nS7w@Yg6FEcqfxPidC9s2de=~Pn#tu#aj4hXTA{@KukH7*J{6?&u2ePVcg z)6k)Eu`dkI`9INwr_brGGs0<>RvRI5DqGUF%%gDuXr(^uAG2@dV4WkF6 zLZaJBw-u&N)IA*4A7J;mn_=6aZ}T{Eb{oM*wFb%)LU{8sum75QnSBW$TS`oUXUk>> zX8-O!Ga{CArkOM1bq8F=sJ?t^TbPxoru_*2Ld{sJ$|h$1F@x|Ym^JX%7YhNO{qR1+ zI9Ko7OVVjX?V}&Js$!zAy5&K^lv^_>4L2vznw#!J$>y3n^U0Q=e*1o}d6?3vbr>q_ zREs?Gc9&L-gAz;by|I`t2_H#l9@JZmOc-331Z(0;5fI$fM9tMn!ejeB#GL=~6339R)*>Oitq04K3#t0Fi+CSju}-v=?vt`3%&-ulO{~KODk)|Dt9knT zb^s+=f^>pWJe+_I8K~UH{I*;TRZGv^Q*K)iQ~vlt`1|4W`IYty1TP;8fWJOS_VZf4 zb^^FGYUI#hYiw^8RnoU66^ilp(&AE~!v>toQVAgw0B@S=l6S6Q`P=K@#llkxhT7e5 zllXkFzAqu5HRJm`D9_vSqhw|m4JS;X$Jv!kLkpI!mjXv5Dg73QUGpOaDEAJS9%x#6 z*(0A8u_W4j^0n8JB)J1-UD*$w*ge?B{nSE1563O~CjPr4vp)Md^>)_w?p_zwX;)X~ zo57{xlpj1!r|y0~%w2rJ9!7evZ>PgszJ^ZzNnWF25=ni4P?nT8Z*40ba`)@1&quyc(K7fj6Gv4wU}@H$41JWx zEfaM{Wp!$azy59V81-x}a&NQxiXU$Bc^v?X`?qt)7{wFK8NKW)F9Wy~7kh&IkTA3= zv+po))1rutJ6u>*f4q}RqVL)8E9ssJN$~gI4(IBRgovlJITzdkl>r%(a1Yi@EzsqL z9h?;RRy~f3F_w-%2NGfLL8}pGUR;0jN8rf<+ptwz)={n>sh8>fHXP!JF+>+fQ|`hs zws8%H7X2Ggxg^Sz29~4;Bl8x#?3xlDsAeP~zww$GPF(lNoS}&!B|%PfU(3cjRt$9s z1&f$wddMTUll`1Jfu1;Zh{NjpZ3$^qkU>C+iUnf$n`mSg3YHAEQNIONB|Qu99z-@n z7rf#=pG>tbaow0xe>$#Z^R$Oc?NK-@t+-Z5)Au$}&-7JSpNjW23F-NSQm`0vV63v0 zx(CkJ%-o{3V^g`MH>iH@QxiS*OgugkRwPCM0J)|Nc+Q(TU(fpES00+>PWsvYGN|P` z`3f$?2LsxlFIzS+OuFBGkUyl*AY@nnQ0idOK~r83{|_D@#ktVGRQz3PU0!luK#~zd=4$Kc z_~5o8Kin6$h-0y&cDFYx(fn$$k73#=LwEDeDy4YQ)D-jmo03nX0aS$Xh}1WT;Dx*( zbHNLwOY`X+AsXXJ$VsGnIAN;nKG=a>l$W1v^TNOJNQ$7+A4%HvvdU#JE`ysU96LrZ zu#NqMvOU&`0HCb58{bTFtTEbr3q{avU_X;X74*qTOnFVwDReTZg>bwr-iqKFLA1lJ zL3dGdr?VHf#+8?C@-~G+<3UQ*q$BZh!aD8G=2j{_H$L<$jxjJ}c`^v#p+XLDOp+EjQ z*_;@1lc+z#Z40-b3fVvU(B+?t!H2-B>ERor^*iAo_g#L{J6HdYyXG@hf9)NE+RF|m ze(-#Wpq>G9hyU+J@4w>!{@3mO|FTz{vsP4;QvvLGTnXWdZcRnU-OQ`AR$4@~r>3tkqf+NL5FT&2kVx0SF`{;pcvlN2^b~+-w8o z9`-G5R-5EC$t`)^*OmTY%^_MiB&+O~b!8{!=hYB4^>7yPUB<#3F5E?Pyo0j5(g4B@ zdFUjKd)=BCFRA+UOrhfeyhX=CQ&6-_1wOOl_C6R4r4ka2VmpDxIG3O+zvkQ0M~@x- z-DxBBUU*yVY+0F#3JL6d&%{-Bn=Cu8-d>CvBh0IJqf+b$1fkpi{!sq3(`ai5)EfK% zX_OvpAH=E}#VpW4$%}d`=Agbd5@6DiBzzJ{wc{`Yvs~h;Eu>Gyo~0q=Rn~WKJPAb4;I0U>bxL8x7 z?vS5N4&<@M_Ry}CrP=uf8ag$O_;HCUcGn~x`};POuLya{VvP3G0&49matdqwzSnGf zt!Jb&YiH5KViDb1R&s@?#%6L?kpGb(BKjt!H>o^QLcXjUqKCaYwk;(H(O^c^w)7QQ z>0~bt*=?xZXsozEu=Xcvb$XP9Vu#WuQ>TyKL$#fQ8Yt(za!SA?#RDLOS1hnO@VD7C z$cJ10P_gr2n>xz`dGoeQNF!;;j(X`9-_6#z<$;wJ{pmI?KQwUos$&$K<#8h;Dm% z4$SRNph@zO+EyqXR8ghcGPfq|xBm6_{(;?)5fL$Ii~+TPFfaQjYR251-Eo3J8i1GA zetDZZ>#r;E$Lja3c{5|PhxNw%o&&}p4^6y2hXsU*idumZT}hzL5EG@Y zNu;;RAd%y~ui3chRoS$~y3g_gT0;7WRnBiAcAHMJ9%HdR*tvTA3!+W$c!lH1{0xl{ z_Rvp#X4XA7xbQry>mx68A9^wh_Ed9nLwz+2HkAr$h*^D&p`0y(x`(KQ)y5D|r7qUm zCxi0ho=$o6Cd;oN;g^^bIWXy3NiKgmE5&G;d;!PnC|l&fSmL)uSA8!6=8{w#it^i*K zkCgW4JUT6l<7QgUMe4i^{CM>%(cj!S*-^e!8YcZNwtRW&sbfQ=-J&(nE;A)WeU^l> zU-5vB2J*ebu6PzU0=N>SewWb1Xv=!7r-i8W+SS{8 zRk4vIM$P2$h6RA^+JNzkF9g+bhZ|F%iOL;Qs%KxxG~MRNTjAowfqfACiY5Gew)x1b#dr+NnKuT z{KFA4Oh<9Y-eV^m!`c6$hmGAYAD82zW;U}}URR<&AnH!ix=aSO$d7Hi+x&>a6h}A8 zql@`!i3+$5Gu~}z_gu+1r8<=$mjDru*KM+ust;1Aa_eYf z_EMBs5DR6G8H|r1j`f*_0d0p?2 zxIt}^HUJE?9M~R>%7_;%d>6w8b0++Xh}HLX&?&HWrU}WjTb~PrHB{7kTq`tYFtNGk zIr^v`-YrmV52>9!4{aSyv78|HLx6*n@Hej5NX@+5RGHS1OOi&#tT-Sf_;AkcxjC8_ zO6QYmA9Y;w9ldakFP}8bra05ak*0aXie5ug(`n@`^6Y*YreM)n-4G>`RLDgK{jsTN z=eLdU56UDUdqOXH6>MF=qVJIf+HOYHaN(vAaw=dwr@ zI~RE-&_r9Z)r<9K1uyjCH~v$Z&czoW9^9jw$#j+^N8TN zf&O`^`Zu%r4S{ZthUo?#UDZjGL@-@JkcS7L?RO1Rc;*?(;#4Tb5eCXHe9Wx5jX3Rh& zH(m83Yuyy$95XuW|K&wKjvUwXNPbOL&e7t${32>5C6=3fn4@m6X}b4%z+UIm_shXY zY*XuIhRgZhnk?aj?sybfIWW5J4aV(f8*DD8D?9S-c&9hWt`5#D3!ThEyW|Zf-S;TY zbP6JA|CWQtbRnL`UGWW+tf#>J$@322ePxpJ0M4Sk$!+k}8HslHcjz{L?YU8YCrLD( zcTSoVXj-`oiadE$afbr~^`;5V~zrqa)s4&(S(5_}9}QHD8bZ#~=l zO-4ON-8&;RlW*ryzJ>0Se zzm}P3dNgyCU+OYCP%1Nls)5@bO3}@5G}&l8UNc6KS2R}&Im-Mx>)&2C*hRn%Kkm{2iPOV;P|BJSpm zY`x~bR45p2vw=`IIb>~jn4|;pJ~V)rqfw;^C0l68T+Pfpmo!K0WebuMn-l`#rvPV~ z-n1^8r%B|Znb?-ik}^Wc{*>^Bp`uT@Pm|yi zLUZr~k}6tMS@vZ`UX6~7QS%)@$u+wTmOf;eAksUB&tS-EVg%I-%2pcWoEf#*Tk8K*t)lNMaCKr5gA*XwQVif0wQpZ8Te$;KCfI%uR&g2 zn@R~F<<{7~FN&u4G-#7jiuHUY$>_kWRK9!-@BH&;nPrndwUoe(>BU$PZHlmJ`^@}H zZArMlB6^!FH}TE~W&%j#W1O0{T<70h;^dDM3*~w;?7TW0LFUXD49ylG3It$0<%G+H zRCR0d+`ZidB6-B&WN2z%)U3v6?ptvGNU11xoF7o!=Frk&t+kObRF!}FrKBQ4SX;0Q zY#69nO*7B4cvmF>!D<2*{X+QCWc>>7FAXe%i%Hf=n9J5FxG;}~;P0D(Xp3?MiGFwG z`jOwnZZc)A)=gr?h4P9A36Xolt8>gn)W$e(KUae44^)R=ShAaBwG4 z|4zzGS^+nw=WO!4I&7lfiPzNAG8kr;2~&;)o2|Tj9%wvd!;*r ze^zQ8ve1OiZRy3-PN1omCdcOkan5D#S6({pKHKDN${Dt=mq~ORRG7mynTmPCH^3qN zuB9Z=8B|pU*R7qF8LX`(XHr&g=2B^f*YJ*gM6pj*gVnXU;otk)lonc1isZfBNoE}cJ|e_Fckk4#oBt zuKkZrg10YBA-FM7C2=rWRHIFnq=f1ju5K{@nhh3_zf*oC4G>4K|7nD^pygss@1+FD zdpla#?kvt@@II{jT+uBo z<9Tsp-|SVq0szANm79$!TJ^}Lun_x_$ZZ`ir2-jrI{3a7YnU)HDQ7QX0=Vp_RI<2@ zqSML z{7gkD>IL0+u&D^J3xzG9udHK#wW#kptdaHLm1S@A^)i7U2&q$}Ap!!CkXX5*Y#Ay@)| z?kkIL`$Keeg08hG&f8TD{>V2IlNlQ9f&wK!QphG15O>cJpU;0K$h3!#b~D0mF(i(? z$kes?daKxXddLnw6!^PTi1hm+7s7jqBU~uuqCTQ}v;&3#LIefT5%&4aKvctM{@r_=5NU(xcH^! zH7_s{O;Q0iBjaaV`dI?SDBxnuj6Qfi^3a_z1%Q_Lv1;(+Kbn;ui(c19*hJyH3d(8S z2ZFu?!U5!pn9YD4QEAo09rF;=3x@VjRfLf28MlD;!~I>3wi2(@3t0$>-k5qxBW@x! z0r#Ym#W@_*XpM)3N=Oucn#Mm(NR>@@zB!tHM3(+SIv)j}-0KTy(%Xrw`|89>muH^M-ABFO+(LPH6L{r z$X>mkvOC|v$-xOyKusVspG2WQYh&{87CBh0;9_h;_IrA|0aKOrpw&9nYD2<;wEZT} z_)Bqq^TIUt8Zg-S;#_k~%lhPChT{Cqj8Stg9o>@jdITVHw1q?|Em?R{Z%rJ2GW~|0O>r9p_gb^>0|(6H-Z0cxVy;k&eM?@!33%B! zy$#8qc!Q*UwW_T9wVKd|@I9;vW;_NC(uxl*D9Yai`-f!En6RdXLY^MWkx( z0-zBRDiNTefgQfNyx4d7Jz-^(^(|x3*}_l}CxL`)WXtoubpEP+wXsb3bQ|?Baxb7E zO)DnyK+4p!tiRXPVP2c?LB10q`pQ9_#a$j37+3o;52iQM0+Ut_2kan){%xe z^(|SeMq*yo=se`*r}&R=%0iqK)J0Pq@ztl(?0RrRa5Xk%CE32$E_Qm zbpKH0@|^-MLVxh+2A3B_$jor5C5?do`sIgF5l@gmcovrrE0>2aT6`&77S}G_wu}(8 zc<}GFr~eO!zqMn)|EQMwUmf#bs;d6lLjwB`f`?>fWBont^R&ShFQC4KgDsLdNy#hb zKv=J7)_-WUZp7W{3sdPgyA^Njw{0(IKH(ijffup`)?RDv(K{}8Cw7ylDV(%!zj((+&U`iI=Rq3zIn2%K z*hA1WXN?xqRUE%z3{)d#+}hgAOifEpLQ6?Q2gv;tJEZ6v`ZT0R{K_zsYf>2pMEufI zR2JmKO*X`AEaq2X-E;M<7;0*neU9x?Hr;l!U_E_@&q@)O`Rj_K8!N0;zN8{`@M=7IEhgD zARTOB!5GR#Vy(rb%?w*a>bB;#o0~SM=RNWdRC9>d{z7~&;TZ@tH%MpH!lxW+JL=fJ zI{3mQ>P-u+V~l|soaN|&Wa(xM_hV7qN5_YWFG$|m9Qy3idR90_BaP~A3DajJ-c(bv zqbPM5^^NDGVT5b&zpg#xM#Yq8jonBumwRGtYK=Fxc{A2i1M4i)QN@^GSXWTai%Wri zTo8|rw}nrFYjt?P!f%6ij?k|~rWKtxhET56128(U=P*QPu>8~9WuLU0iZm7lE9CR^jcv?kxYLlxsy)vOFB_g|#tyZ{D%+fOt(o?;jxX_%o z0KM8NWBh?B>f1dcx%0@^#^j!`!wVI;<)sFQ~@`D%tKpq_*kDx)f6P4NyTe&+8<0kZ=O1B4S8(Envd)2 z5cL2`^{b%7w+K{$_92>J5JcymRKw-c@w;8uZpgb?T^skW>}0|Pi^>_mj}SRrKjWsy z7blIB3AiM|U-85Q%+xi=VZ?XmSScXsWLkxGwE;K{cvr?0YCmp26& zi`tr@s_-rFI1QgbFD?kdlH&6XWDMPhLx+6kWo6%4f9}=Dt78)v=4?SvUBBg=Q!L+D zB3OA7W<60CDR{`sud zEZCbDx6kSVm_p2K%>iDz;qU%31OKzF;h*H8 z|8u{jD!UQtM;VAH{KUbg#Q-N3=+Pk0f|>zC2ybm%h{hLGAA8XWJ2R`<*IGDMa18Y~ zA4K8j=|GXN0Yd($qXmq&w94qRXPm>vt_|U34Yx`5-zJ8C#}oZM=;XgW5?qJ<|BnWe zFP8t+=AHrk3PZI?AHNGg3XS>IWoBn~*~(isMcEGTObm;YP$9N?@ z9q$3p#n+D4lZZU;SMARIJRtuY{r3k}`D4;wAettQ~rE>xhSZy$joB4psoaG)+ z8Qkb3YqH&JsOI<4nuO|?m!B!DO#k3v<;Y2z4n<6^a}7zyY!65m&kr>SX01=|akXfz z8}3&Ug9N{Fx%esS)6bf;Ltq@21C1X%AI^OEw^dkwmG*lW`_@pLCp|r7?kV9JXmOc( z{yf(S3WxStw(<2lWk4Ga=}#GmR^Ot;g%Y5SC4`unZU-RZ4yw_cN?f2IM8kci1fwVS0ZaLN5 zoNV$q>&?U;s78JNJ)aOr|B3SPbfmH+<$I3+(yT(HdYaJ!wc>p6rwy(o7S;rKav480 zfNlc-Va6#1s9HSy_|%Zgo&jyfnjx6Lg%2^=s*u-KC0M^oSeLc6%8jl2B^grVqGoYl z{m3SAE?|hBzRkiSUOsz1M}x_?CwI2{cfEjJ&)XlUGm(@4qA1j?pxs|egA(d@0TGbbpX9NERSOhO%FMmHCh-#Su-@Jdsv3mJ9cvYd@ zBj9UUwZ-+fGZ%434b+o{kpf$3$46(`=*v%~X9wh<1Q!`PW zcE0h7nfVr+Q;xls+bX9VD-&(!1u(%Zf604P8&XxR10l@l84I?@_R>jD&PqJ1INtR* zh9Bwb7Ui&fx@s|HV(NC9W@s4^X0p}Nr)8hRjbtBFJman4a3NBqOZ5f9RsYKOqViK3 z`v_7u@oL@NJTWIRQEu>F7$P5owH7E!kr1f{aLdb+>FwEyGDc5CI|dMS-r-F8^&ypK z&Tn5RX2F~gag&sLX<`_<2R>z0-rv82yQQk@lG{ySd;g{`y7dhxaN$U+QrN?enoH%R z!?E5~IK#Id2O!gE4t% zN>|8pW@bgss0*4K#yD3tUpvY%Fw_9lUDHqpKAhrqJ>`;m3<&_68K3?qN78bJ`1J?F zl<1v_E7WS&6k9JIDI0Rf0zVM7jZW&6A6txU)> z&lU?M&!J0I)7u2a$QsvizwE?B!s%*~?a0visG*9&cm#Ljg-8I=?&sZ>Sbtx!Pg^`z z>LN_ax7x(y%a4jR5s075=*mrtLdA*f+iisziH}R#U-`Ah1@bWl;cM*#KN){6hgHmj zc?A|->KV*A3KPs%FV$qg?yiPaVXxY?bcpd~)aHTm5=e3NA#lH1NYHfhK($BzUU+HH z?Fv|ag&cdLLvS(cdUS<|8K`iPG?WNVawQW zOdfuzR^?%??Os&*h+@!Ewc?o>lh99%Lo3>j4od=4Cy_ZTYzRdylXi{<)Rv6{8>qvoCO-_bt(s!S*MZF1}+4$GyqyM*kc1#(05B_c7 zK#}d(_nS>FBrjqV#>iTWfFH!1r5}ozoL^C;$IpDvVqJ8tg6+RjIvEpudNz` zHQU<@xc-d-42J7ZcT7NIC-`Ol1OA#@l$%#+X>rHiOiUke&+CP|3tT->sjU$^<1nkQ z4+bB)yBfsGPoLO289RI(D&p@?zL8C<|J7K^`+I<~EI!78K9K?~DHK-JqH^`18Nz%a zJL1ZC#(2>J^yx5iM2KGpX|1i0Shcgu9^#!F1j&O3%(v@b7%f(%lF`}H7(Md?ey%hC zQ}i&^bSrJ)#j5v?SIP`(P$%b7LCd>J3*+;wPrU;S4TIKZbwNPatuFiMHiuvjTnyF4p+%lD>N8osUL=bpI{Xgyqv`O&b_er{4(-cXG6qD~W# zBl@&O!S4h44OQ?4mqxt;2Ct_C&x#HOHxIRyGu{d<-`MZH;`U|IH)z~IdsX7&c(^i? z^xM{i5)*GIuC$|_PGfE0wLj(tB95qx&M{R~Rw-9U?O*$q#2HX^){npcd0$a?)VCxe z=E4u2VsoVSARD?=$$f|8riAl=_}$_R7#M0@yv7`P{78B{%YCR}n_9eISc7U0qzMX& z;&)%M-6ShG$`{AN?THb7u9l^|_hH!XZu( zBRSjzvFSrO`8+EZ{o>lo_zdGf-Ja^ZlY3!PbCK3(zs`lTHm%)zoU&#;c*L#6_> zUwOGWG;;_70$QcTz=e9jcQohNIf+-~<_zl8Bm;>lq8Zuv)8NC-OR5uF>xCLFh(G*6 zm&!gy4PVX=qeg?vx9(S|ZuzKQ%RvdLK&$b2q8aNgGcxwJg9!WZ&1*{9we0?p0-KJP z(@IsZOJ{|MPA+CnE`EuUTs7DHCReoswBiUVD}Y8EynTk4xF+PZqicUn z>ZV6bM`%1JfRCzeC!l)8V6H`u*(`hW1Sk?wkAP=a)W7b-BCUxhr@*CM#MD!&O^IV= zi+*H$lk8jpK2zF{D1r|qAyU0-O9XF$7o6?qK8}E?KYPUogZl4|T8M+ZLV@c$-g=d? zYP&j31SfLY23|0@`4T#_SMD5zNXbc-T(p&#e$>{nz|x6xc88V3h} zY76pRoS3H(PdO3NL$yjn(Q9K7>f~H3Ziwc!e;M-pzbsWLt7ZSm8^c#a)?0>t_8N!;bc>EN^8a{Q3}^`9b#Yc zE?twsdaTgGD#wqIgu@=uSt9li-&4lY?M*$1X%*~mR&@AQ1Py3A_qFvK=(+jw7BU{5 zn(i`Uwhq_KEbiYEceC5W^@tWW7kX_xrq{2|=CSQ?F9T1+8LT$|G^%U{y#jLo0z;8g>;OsHf5ltBc0D?E2m05(2|(YK1Vh=GV0q_aiLuM zM1EiG08&DDuvWC?>M!MVMl-6XeA5p8cvI}! zCq)}azK5UWa*j|=?}mnY4-tIgf= zkmYFIN~RvI$J-zW`gW5j**5Ws1tZYxC);IZ%ZfJEkF=CE9{u1kA!8w}8tOH9loFk& zOWIGqXF#=E;bheK62B4%zrTL+m)GGxnqGmz%hTIa+|a+>JMj_kisav2w)lIN!=>gh z>V6G8@(WR_r_B3&&G-^p%XM0t77bA|6^L7UTM!?33SpB$_63~lje77;JgF;NJAf@8 zN2_lHF@-`3-R~kksgUgrr+k7;p&EK54fJAKr?(W%pzxM z?ANPkE+?@`v?f9c@rqFu@H)u%lcuo@?LPH1Xb!`m&H)p0jG|@|&(cRhq8sfv zKg&NrIjq#xuDjQXL@v$Mx;GyO+U|E+O!#`$h+-|xv>3)`k?Al^;h&pGM zr^-3;mXqIr5yPOFm@%(-V$i~b@I5Nx{HDt0+Vt!{rO&?!YKDZZOoSo3&2p`kJg-bdGmfnD1JR2)6**=}?)g82#zlySQ7E&$B|%Des3!-~rO9M%ls} z9ulgyA)%W??oRo%fD;^5L4O z`0ujH9n>}sHk0=`Dx)YnQU+t#{F<7`ZAs7N&;`%siGPzYsHhDZWWR-Z8DyDyU8pJU z-X*12b!#7?^TB+bh8ek68FdDq=DN-oLk#7SueWG{H{4H?@$7olzMu8@>Y&!5ggo#Z9PTKQ9}oD3Q$P%+=dOoOrSQ;gzAt*b&W; zCX$9>f(4%fWz1oB2_cz4*fN%Fx{txLty-!8R`kMlUyAPpLD_-JGksJY^wA&jn~M2< zhQsFBr*e_}(oiO$9dXY*GEtk3xJQRTs|-pm4R%uv37Rji3P!27nAPo%FPN7-2s*Y> zR?VM7f%AU+LRS?`NI7p`MvAtZ_4^74kRFtPLw*+5Y#AY_x@7i3<|PED}3j1^%P-XEeaayec_-1gB_pz6x@#|)M^`BAmU zC`Z7fZBy>rvM9N_mZh&Zl1YljAVix`bm4ho3L9}Tih!Aa&L{u#R=l^G!Kt3AL@aV9SpvC^m?t>`z@9k8AN^##ivm z^`8P=tFu+Sz-J&od<`GBj09L__gL-9CIaBMTfP>KsFAuHfLcwbU%~^oR6BJ4;3|9< zS5%Ha2cEF4viHSm6f`^cCr(qCJ;I(aj|q{Bg?mURtKP!<`fh#Nj7AS#t?0P+*xS_@0$uG-ZLWm%ajrR$XS-1bkMa?DOl&1l?A3pERFRikM4;9K87H&Y_^d=Tffx8yr5717}=Bw(@%5 z^Sdsj4bGvD-+Kqi8+u2DPS#Ec#3fe@kQt71xkZi(&%fiQejSku)7bSmK!o}J;L+o; zeD@YNb!~(%Ok>mQ00H?Jk$w1U;PVzI(#BGg#JaVY>Hhi8pg+>YrqqWA!Zg?x-x(r= zA3XX>yVVVmC9dE6`?9()_Cw#U-7fqn%ZR*{!bM{B-Ev9fuRcX}O!+^Gm!deHx@{K8_KQ%ew%Jk3A@hX?lr zZ8Je`qJu^R+mGz!^H3S&OPnVesK-_HUBPYcD$ zImI~n3FOSC>MAA(*=dGk)UBDie~+Q;@x2TrW2dhYvr>m4V-!TvGzhc+FWU+bs zEqyQFY3EtclE=Pv*UoR&^uWbNWA#j9>n=Ogpl zhz!~1`hr07Q$M93{nOuZg620Saz0V{>ppGo+$Fp!47x`OaA35(o;MLjd_r9_l~LFAW<3+`0vl?^eAVUA?jSu_3I%2ayji1?#ePQl{zjuMufZwG*70 z+u25TMv88eYguR*h9y)mp%84j)j(G#4O*-Oi0R#?IkkD8`jU~>2FM4NFn6iv#}12@ zT(N;tGtQk|UWMiZ=37&sc=tA?r~catPjV4Cp-uV6pDk~thh0iEF>dHfCJcoby(d_fpxA8DWIcP ztqM7|r+(31{I3Hy%@_{XBb+jUz?4I_%PlqkLZ*dGue)eDWl_dh@?bf{x0L{|bs+6e zQfc{q11Z)z5PI_vVRBXIYxX;RNQ;<~n5Sar`wGnlIx@MIk@u%!4%%vUa)_~#@)3Lx z#$0cn-Khn%-Z+j}08^vzIk>11#Dv&61GV+L6B?b#SayhUeR{TLdBmyw5+&l4?xFDM zyf*1k@M1+hXL*N~78=rj6}-NKRzB6;n3;pBo9{qDGr6g5p0bhXsYBSZs&|URhX%>v z_GXD;Z9+;p9vcqMMc`Y4cr48R!o`5_P8FoDQMQtf_m!=a9Nc)svqoNa*1MBt9Rd=Q z`1(NA(e|p>x_&M-rwG)&DW{_28C3(0j#UPOIQ)!Qmls4d-JKPIja1n^cH?xnw0C1q z7>XjuLL}U7ZsDx&)4fxld&f@COfU&WLHu#ZDy%>b!t!o1S68uBR;e zq`RIsOR^2TkET>Mkdr%Gca3m_JmH+ebka3(piya0&tB4V@75og87v zq42!|j+cRv7@5;CPSZ(jsUl001}3rcVC<5G0?C3R$Jeu|=)E*0tatSE8(UwY1e;AE zh{el+$!jknVa$k$z^p{>CW2H~qH{5twTU?CePXXkE_YrnZOO-i9pu0aHfNV?wpi6X zLZVX583N&fca|R)#$+zn>p+??H(?M!A{U(aLC#v`D6U$;j?(}C4m&Rj7gcK*%efhbD7g}4?NspV&fD# zY|kZf3S@A^TGUB_)jXCmU6HBDaP{~M>c&*uMB?Oc{%pez0(y9o z-Yj0ZMB__Es9kt&&}QNl6OvMS(wNok(rrUX4S2JUy5Np}N#Uk0Kp!v+&r#rC7fJDl z;uYi;L+s6mWn}M!56@sAnEQpMX_<9pm%`w=vE4eLvt;Xt*~lBhQ|^Opdbaa)2tr|W zc-$aoC--yfv3I!Q^s2KNC1W567>0pOm()9nv%&0-6L8HM%d_``gAC}%Wv6D#;l6z~Hk%`NU3CT*l;*c3( z8N*q?P$mEcBS?N|c7=DV500^A7x_qzcKTmk@TXFon#8?xaQAX+b4iPB5EsJiyIA~{ zkw|GPYgH?hIo%rsc|N|3d%G*(lbOWcv>p`<%ehKjPckb^?AOuoorHaM=mnlS&#tHb zx{vfc!duV#a)mdaSiQ_}Nrke2Ej-NL>zEzo_I@W|n->*x;;Z+@CqF?|%YCoKY)br; z`765(9?xNgt``=9`9-B>&iL})sTm=xTPfcsade~ylG>f0h#R6>ygV^e9j#>mDIlsj zNuNPmd8R`Jd77|19+^;uO;&}TWdT5MCB#j6@Mif6x^+tNShuRc^G%Q9kLJpGSM_h=Z?ch$x?cVz-4Cx`O&tpcV z_^_NDTyY_j;Ll z^$iVr9|?Rn!|;ogoK|!e&P8OGg5-s|M6L*V!y$IDXmg*{ABkk3j^2gG31%7AqR8>| zPZomFlm#~vD;3Bt{y9}|T;A2YsL$;b#3qE1QkPK*zj}=UDN{8$WcxUalLXrwiJXjIG;zB6%cIIue7=77E#>Vc*P>CNge9wBw$$dq0f!b&nwV~<@)0$gzhca3$9}<> zi?LrYjixA!x~F_jpV4JkU_=2%bl-pWDAJZNH7Y++Cq2qpGzwLDEs{&+K%r3F8LvZm zaiYwYYWrjX;Ghm8&sJdh*@Shc8KAB}bM_2xm!ctq@MB=3$0R40+OAKNn?srxzOTFJ z0tH5>LV><&>EdZjBZ2sG6-mCgRtef#5TKO)nj0nB%&kejuM8h{icf(Zu0Tg(r_?g? zLS&T8=TT*)Dn<-~CaT?Li2D~>`$=usmY#({#NfRmGs_77ZTW_rOVgo~mBAwhjavo{ zRabg=;kS!H$4CRYue_p1$nb!1U8%cyTiK)Zpjx8`yu;_ji)We z+MN{PJV=hO@jX`3x>-w^cDLJlMFW(w)suSap?cnm-UozyRIXgXDRPrxFoe(7ki;Y| zYl(uKh=`oe(X6;-0by6sc?A=a){(w(+M>u&WZ=hZ15Y?@RL4i`;_uq#7%|elYW)$B zZt6T`JJMiv(aZikCP~S8udy5m%SFm4PYie z>!8eFrkU0Pw^OWv{=nt@b2=t(Vlc&R>6nfODemd?OGd(&nxw(zm(zS|!IPOr=lPSV zQyk}oM9wuD@I`ma+oV}HBwq|YrhZ#FYCc+ScdVtN<@&&2I`i!(PVyGnylEWEk1Xcmy6uIRWQ&4n_fO;lw|8cJ*70> zB~Xa4tvMF1)l1>tM@P&>s*||$CWG7nr7W>pjk&kj754pMk!_(xMuP-^H1OX0(Z5%NJ>ZD*ChKfWGm(bD8 zy|USDMkE*|9he6dKZY%|$HrDu-U(BlPpIm}P{OJP@@u3Wnt~+pL2?}xhtyZGnpQdC z+QmIwwTAgo=iy5Dlj?f)SfUj|WOGXnqKp(`By~x}o4S8;VI*}K>3D0vA5iprr@rLp zYVh}7)WCCnj8Sp_+@pYNZcYrNOg;=kVfG>l+ZOp4anF_mU#j;;xvjo2C6x!kjd;E> zfvO6~Ci{o-8RR;?Zxp#KDy+1FR=izi5bpto-$QlI!_JzQ?|);$FvjeMlEZ8E?>{^B zjrW>t@_2S}d}BH)=%Tkj=Ep&K>y+t0Yc7e9oWS|*j}iALTcXTqJFkNxt7Z=!aPD0n zYJ1iDHg}grxCXw< z0bq#5tuQwn2$j9-fk}OoxfvVuxKTTG|NgeD=IV#kN7-EEL66&X83l0HD1GUsyrF+Mc2i*DXz8E{T?4L9e-Z|4jhASu^>{1*4@+fq_W{%09Ay^`{cp2Bf z%L-Kf97qh|2t2IqvIzXs{`A(1RkbkAB-zV_@CF55rXu9>hLC&_xYX>@C zqtgnVYp=S69p=thLI}`N_^P2$zDq-idyh#U`$hETw4c+?`C)RRy%PsDx8Jv3!drin zUbU{4(>P_5`S@g5DE~BBzvfesb_BX<$P_bYNg*ycysfxU1|)LxJhXv(bSquUw3Sk~ zfEze93YLTPj!d5nM)IBPENG2a2J+5Z)Vr7YsOlQk1I2RNPqip@n*Q^$%w zQz%YLAIBbNd8#1kGk!i1atlUl;^X>)0a=a-W)E2E`}hblIXzk)t}d-zWzV2px+FI! z1W>51(#X3mZo6@p;%IjUd7Tc5y@za#o##0)gki|UDQAFD*-oikJ1MzEl^c4_xRPe- z*qmid5HN>mv`ADBJeM&7oOYe zNLc6)p75S`j51sQU}e_o&SG;Q=bamG9CY;zUK)M%>;c%_v0x)iXF8e{SsU}xt)sKz?6ff(=f zyA`EV+~OCWwub0K+Xw9(^5UBs5R)@M+Ndh2h^yC&>Z!P!_Xsmm*%)r-Ku&i1F=bDJ z=0>NlICSh4kfkYo<(7NH)~MqPqa7x(O6iS#<8z z_QRNvxgDitdJms&(~@(WUePDDVe7Pamz)&hiF28mVLm%T6dOCfWL)#-=M~<7<>Z+N zt|Aw2o6TV7r$#UtMZ)7+IpSD{abZ6GfkpAVZh zr_A-f6NHtlkPjO3b=W=6u&Ko^S!#adIy&K zs^`VXtKgUwbyTSjT|v>vWC}1EN{LO0sls*EB^N}hOfQVE`s{m~q?f(M!9)9Py@RbB zTnoOOXQ?h1z%MoV_-mdpib~r%tCSy`Ql~rF(S%W&8cL?V`LogZ@1jcj!-+!@7~TE4 zUIzU?1C})YaPfZNQiQ}erk0;@wJhJ5aKoSbMZYl}=wYluRaM_N_0v-~r;L%KI+_cMOj7D2|sZ!&3&x`&>3&dV< z4ak|*)50ZBw~SXNc)$~^JI~I64c2|WLt}^G!|>hZ3jISvi;v>D0nN?nW zF?@NIq*1h#wIB73Dc5$N_UX!YY^Gcare5L4Kv0yaBQbh9r&~-%I$AIxa-S_f<%@us z%sZc(8@Dow<}Hp59Kjy7X;~u~=bg}dVMqf}K_3K1t=(yD6Qs@?mvplQyC}Sv}N^=jQ!#Yp*-G1U>%p)3LfJ_k8W3cVh!i_ zSy^tkH%Dsqjc_P(#4p`KF5Tt%+^w`~Kc!%8sX1@xpxC1XpFkE?A0h=XM0%Cy%--B-;Y+4n;b? zGYZOH>=)Z0x9b?__T`K*IO}I&6W%_AXajEiP$v+qmTxfr1y%3VqjyqQEcNR;l6XUM zPoD7REp)&>1G{OSas|LUor6W^tcKdg7y(VGkXf{k-pvc-WF*I^w*?LsaqIrjk#JR{ zgmz+9y-oFv344(lo3LZ6n;$E$jW-G#F4qg95~Gk6-Py+%us(lsp4vaNOD=~O?g%Ld zzJzo9q!~6}dWnD8!>dHY zQ(zFPB)UgpcY{(3r6(hCXt4e&*e$fi(5O_AI!dHmHT6FKc80_3OL=$mB{v)IW@hiW zq(cGQ!VKZRsIG29?WidWIg^fakq8v4!Q?QI`{+=kXA;coS&`$_yds0iHBOnfX(x^s zz>QOvlnUdUSyay}c%`V2CQr)y$ z!so=I4Z6W$AVKnIQML5Kr`Ungr(M+H(SwX7N?^afA_u3IO?tSR7j;g(CExwSksE?8 zB-1Md0r!DW0fw+#FVGlcx>`Dk4;_ktppK3WhKzY1P|Zy|7CJ`|!e(M=H+#!Hk$g4fSJCPMizKhGudsxtU!=)=a7Hp1>a8n=S#8>wtdoUKYKR@l-aG^8w7cv9g}duR;qu*K1lkm&#qZ=KZ_Rdxs89}XIm1%Tmqwx&j2nd*8o3aAAvux;;6c zG<80(6~PzKSpmH*vIsx2;8&jNIic8SFB&JEN40_2D56;lvv89yg_$FwMpGAtTIsqs zCl>`7^fkZKR{v}3UyPZec7N?P|F5k-x_40dyI%YL+WL`)#~Dd6zx3MmyUXNY`rU>= zuwN(ptw<*q*Vl7_ROuRopGAl~MgLvLz<8xO-A>xrvr;S5aFaSyo!&aGloxq}5oty& z;>Uqhu`Wv>kj&799MYWtaHO9Qn8lM=ESNDm;Hl_J@uAv@U_G>)jB}q%S9ZTy*Q;xy z+?>=lkqXN>@0(R&eKGCp*t>1cSpBA2!NydhuBI?uekb~*}XHJKTCAl z-h)v*dlDzy@^diLc*4+xM+sUjJwFrD>eYUnl^yz27jjbokbgWGpF%r)=J8?2WH$n> zeoR@O`&{r@6VPkU_SB(N`|n@(-){e%kMR#>i2ipL{oDKYoBcm9iN3k zHuElb)ouMaQRMe3Y}|cnB=F7})0w99#6(;uJ4Df4f;UpF;iH>dO7KV^SXrNG7jW4g zKg^2;KhWNUz8bt}Pq*9$Lsl=mV+vxeJtsC9B2!R-U!;!6S!nF4YiOKX2G?q_2_-~! zsui%d?X$1qc7D_6zqNEB!vpIR1ubQxar(EAsY0#G4*u%rYA^eGnspN)tO~JcYcYs! z>GkZ|bdU3y2j0e#PBx9{U(?gBdkQJt&7sI_b8KL_sSsq!aP@);MAbdx z=zz>f^yq6ouP+Q`^a;j5*!E=49+F6I$&(LQ&-TKQUxKvo5WQTTLWR9Z7jwf*UedC;*^m%=@i)8oX) zk%e2FS`h#V5fzp^>s|; zF&%aN##g<@6-r^_fOI*0G5}=|AUyErqtpLvnTRYWZ-xj;+I~qJ$IXE1;K$Y1^7t-d3W+keu;`5KqXh5|rv{*b@v?1qctYl-`&`Czt zkFc1#DW)lm@xwGd{3+>qYi4Fr3=EXj%5*&E0d~ESo}QJiR)0=Hg1yymh_3Q8AuRN% z%Gjp;@_^B(iMn&iST`PD9&yri@=FL=w$VVXLIA8rHMcmsoPu&2T3tBQ{nH!scfSKo zl)vTv`>hu2!=Fz1cUR*M{4KNl-QQq#7)!vvlc2+Lf8>0Ngg?@uH%|doaYxUyd2;_q zfj-vkl4>1k0YT=nvJ^?73{Hnud%NM9ctAQhK#uebds<#rd`ebI^PO|;O|@2|e)lZp z@(_$*A>+4^{wM+dXKMH}{C@%Y{N3I7mkWMbO#I#q{wuZoW7VLaYS7#6DRP9uJarR{ zzcJbDK|V-ong+aTa|yO)?c0HIP#X=}H@wb74>XDcFaaXH_2bJ!Q1;~`Thq>jsSA4p z_=jgN8P(c8PV10D!Lz|G{1`R!fD5bc%ip;hxIE?Zi~BBdi9-)_MNj6H~Bxf8DX7@*`x#Q0XG{xVFaOuq8D|0fI^-j1Eapa zX-(%8v`SJMe#=^~Cfa~All$WcYx5-zrbF{-X>&e_)+;wu_IJK9Rb00BGZ%WT*cPo^ z`Hg9TKO0-hgi?6;5FjnST$P_SjVN@wBFDx=xEjN#RHSRk&)tQ6Z zG9yp;*5=EEi+zaWJUJ7f3cLjWoadz27SUoIMg>FEN(~q*%RbkLCHA|hBWdpfU&>Sh zCPqE@#g)JYg!76Eewp!VB)<;6i&5sBRTXENRiptu>Fg$}@$j*=xY8jrc*2e7cA3kQ zb~rV`(Wqbu_^XU}ep7h0@SEN*OcE{Xtzs~n?B1(bi}QkWo3&Ya3*d%tOe{;Fk5jze z44el*_UZ0)h}wNrS9UXj`%a=mEb_dD5a@nhvAX^$#8Fc3(C0>WHi|(WgTHJ1;K9Mx zocU)4G72(p5La0r8H~K1$@Qehb))cA!J^dV?k=!lqv4c+WsW+DXcZmGP3kQ00jmq> z_eGZ}X_wAag3{!9%N!6n@8_rx@0lS#3j=m(62x)tJ~lh-2omjggLewj6hQ}N$1lza z<6%J*qJHll!BM9_LaCDe!mxL4t;big+5Jn!2bV;Sx?)ESR@esl`h?r30xX<2LN}WM z?}eq3n_DGHU(6Vrk^Jqw8X} zKGVHb^{McQldKZ#&3nhLapQPDjuS6?@8<^S@Y1eG!7s+Sli<`wu621?@ylU!RR%kg zJ50%cz$8uN#LTH49$U1(mY0582|1 z=b+}fWmm$@W5LxsZg*JbYh=f!g@uDFdEVUh#Ng5-cCg5b14TxOzn+ zsQ$eEl&%&BDn=+)$2CH@#H_Pl^+81^v}e#+mJ6;Yu-aKV8_6|lcR3FwXBsiW&P(}m ztA>);D5G~{bod2G7MKM!&ZyhAHYyR+%*fExjm+!Hv^Hw&qS1Quvs0F%vnT_i*Lh8Z z-jqeglLzgcJm>5a7dXR=M`m(nqakMPVT`;Gh&ihQHTZI|Tj9dUIf{c*BwZbn<&{L@ zCs~NSElNGxFs!@nb3fX^N4*h1&d)UPMF{K$Pb65yy^a({eRMwKe#IqzI>~V!;YN(K z$MB$)l~3zma^!LK``E@9Ak9T#A|cSJEDehbc2Nd2n(~zp+Qq#jB#LH;o>vQ4vs6)? z8j+7h8||GppZ0XQ+ReM7T`aN=DC%%1nwrdmDsE30oT*MY!Ikf+B>F%E5)r`)+p?fd zxYj^8V|lx{%{ClD;=d*#>ZILjG~f|bRfoN3yo(2kBe+;y{EB`be=*L3z{$Ffpf0SG zNBdRmraEyFm3sm-J|Vnt&bBQ}zuY zgCC~MH&!sv$+|?lvVbhF#83Ix+Ad_5XdQvLr?M!u;6zvpz;!u8&+ay0`T%lg@tjSKdVd2ce?>CJQrRF6=sR<#HS0S z%?^64;7G(6e|cX>sps{1Ep6?M%tXsy1HYYz%1tc=)!_+}b5uGEb2>&{NIA8JH{@_z1 zqs=*m9T6&&Lwno2rBF2Ts|=xB1yNV=AQCcvNV;#mWST#_XPW;2q5IU4a;Yw@6*0~e zj%QvwtrcjU)M8$eu`xMM9m<2zEuwuF7*t)Z^3RAqhNE7C7iwLF$qNPw&b>D*+%=I( zVV6Hg+97%Pd&m6=)b5Oc2I2~u)mKmO=4zE(HEGmhMKQ7dtCwTn9)ef^-uxu#GjOdv z!%!hD3R+*Y^9}`sc0R`q-BTcU%-wEY>(?O(iLqvOJF@YSO)nE9PKIq?KCkxx14=Ko z%yqwyVbAG)KsQfG@zJ}>MN}JG-m_@ep-$OiJ4cqs`aGWuaKI}sm|Rj#nbLtf;A5`* zV8Y&JmDEcxr@1W>>Xn*&6_9&N3XHIChgbi8eB8<`++zUvc;#KZ>YI0a_`y7GUmzbo z{CuhYE!F#ZA;XX(N@YfJ9bPea3+sEN&i8snxh*qB5zq4`pZ<6PO2X2fkijlt<+Lq>aQo&S>uklErfM@sMjM?V7 zMX63a9@qSC1UFPAAbS7R%=r0|GsgqpP4inf;WNC>*p|SEajt~vyoB>`wYQzOsd_a* zcM?*giEbN9AIQZQZmkR~DA`VzK+ZwV(^U|!S|!7KRG)PyPznkN10>Dx=HV&TiJknL z(tq?wRTZWSW`6-2EYEo?dtu75SyaG!t*D2;bG83M@xMFC`D+vZ{v-Ko4NOc&9}flQ zPH=;=Hv6TU=qyK}ugA%Xx-`Y&j@F16JT@WQPCx|uDm}U~5=4j_F<_USdTs`k)tmGb zYRll%Dq<6%z{e~4=Vr77cQoyJpKtjwKJL~8fGc$jV)0=jSd#I|9UFzi)t#^@qppOI z`1p8X9mSQqFCs7Zh2{ArQ(6!L0DQiiz=eWGGhf})U@yYIF)gBp_jL7d)FJs_Hv5rB z4W_gBcPP`BC&>N%{+Y1E&lw1L*&0p@aD=-lO%=hwGy+h1+0ryV$u6(1aswbIS8YrI zCNl`(Z5@nflbnLLa6U}Z-CYS(R#u1i(-;uRo8R~puY=pY8wGq`Rm zJqw$5Hv`Ga6$Nd=9H&Fmw|#v;eb}hU?wk>$_-Un18YDu?vt)osx>~+TQe0zDsoX92 zR8P7H3E~q|2Pk(`r;twPPlbgs6-Qa z5Po^lNh2(?^9WfAW?9^Eqeo%z2v9WPGEEUOzY=r9*8LTsdaHpjl*xwk^X@>1ZB9li z+jlv7_1fTS#SI6+U#`Gr`Y4o zqP;BX>T>^S(uys9NXa@1 z@F>T%?E5?^q6at>NPm=GYpXd_ww*TU`C)sXIFJHPPT&3*U4#xl1JyZRwT}F_o)+ zWss&kFhsA~?UC-(V3fm-MJ}Q1lh(zWB@x;-P6T=7s)^vmvH?3c0BKnsZwJ;I$TLdE zr+X?q)rDeG1KJj~VOcQ6B;eaVzzw_;5?cv>L5o)~dUNi-1>@xt$tW%^=-Te>h! z%eh0zb;x$unO){+wohd#yEAZm%M`o?&E_I(?S}w;+h?rx>h! zuDqR}K1H2wa^jrP4jZ!xC@cfuy#Xkn7+Dc$R6@nFM1*ChV&8^A#QntV=N9?rp3`$m z`o-f&5DCEmz$O+|TH#-jc5FBwW%8zXd@U!l?qaI;WUeu_hu5u9f18VgZlU{D{&?y^ z;qdhZG)^!P(}2f^MSQ6P9%F7QCMfn1&Dyk9T^I^m`i@>Z5E((J;zkLaJ{6e`C>=h< zqrhHBDpbZz=SOqm2Av_NBk3qy78hT2BrSRRhInN6fX|XVlJqqt1{TRcP0DDl6Lva4 zr3|5iwAgXu5H>q6)z>y&ek?eAgr{d~835)1(KX=E;Eh;Nu}Byb6g%F95$tB}_w>fR z|GIu^urERJUGFqrTwh(3Jc~MMdx;I}A4=10ZOKO|VU(7zrSu$JzI*wd!ns!a8!YJ$ zM*5yT{w&>@Hxlw8dC)GPker4#1U0Qw-ZmAroMWwNkF;|)p*4wsUQVK)h}F6^3rd>8 zg^Guq&I%?s2Un8i!|ViuP8b>iNIqMBJ5j>yG$NpN9wOr?2y)d98BuS0(aG@cY3_IG zvx(74tu8BR=d8+us!Z%<1tTZQo?!d*A|{MZa-(+4g`<_IK7$`Ra-DD~Cq}cKqySv& z*ra9!6?26xRlS+h#mYBHcT|^%f&Eu8?bI6+{0h&e`7x#!?uMI*o{os7bz-d&)jrjF zTfi!>n$oAtZ%!Wn)kgnj>+jT{(|)_8_R|RmgSsh6mStUdkFxq5@#(x1F@~eFb$v zXMfnCiImBg@l8}^hSvMVzH9of`!crWlTow1JN!XwdW*6H9DWWhjCrk3edJ~olA+JC zSAa>iK4@+KZpR$h7SC z`Gh_pZsC_)>B4uSI>@8)34;5OU1?ngLN(SJU|`MlIiHrtgc0Qigcftf3o?`pXP)S7aBL`Q=K1O$De^XNGd<_4^6 zZcNfOUY;dfl^1MoBxfq!(DBP`mBS_ON0$>aDf0-t>p+gp56l7ys?y|` zs_Ugfd>V>nF$H!WBp^(jWj3Mj7YK?w9Hhd1b>fThH1x zQSVWR?PM%=)_VGTeRPN9X&U2gW3DTpgAU~2+PqJED0|N>DDio}x2PgzCf=Gm$Y9ia zJD5;$OV$6Kfx$o)gl?Ua_1NoM?hSlsPyieEC%6o7B`nzXv&N z#kNm2y`G*ZZDK^rV^Ex4EqdSWDb5l)=Msdva+66qB;B#d355$VO_1&?p$^b9LLL{UCoY+(%>*mz zsMR%9R@?ftu^>Ts^XvyyT_0WMCrbS{LZ*$xqwa6%rW%Nqvm)V9yB9>sTXSMa7}ZI1 zwJq{4yoM{RyOf*4Lg#!c<8#P(q~D=^fbB%p)VM-6Rj0tlezmg3M4A>eu>HE7V4%3* zUns7p=qZQth3K+t2kCj;FHySIELK`6@&qC_)X-DdCDycM;c7$5N01tI*tI()uhPM) zNCN|peWZ99McfS4T@5o8k_H*>Pt+cBl=Ma{RPVbqqW%`#hJ! z$S1eUhvxr$Lh`DWRdh1eY(fb}9i?dJ{$8{H)$%`#0{y*)ehH!ftKi4KR>;rcnP@CM zajJ4+3j)H;Zqm!rrz}Lc^4;%+0R6UMn0ap+$=g#0Y7E~u9z_XJ%RRd7SUCw(R zC}5~zp~YhzBjgo?RfHuQ)~f5aEm%f8ugl(IJ@f9bz5FA8 z|L$e^hwjurs_75}85q3(sbo-!vPa!Lv%_b5uGGTj>kWy~y>R|v&WU0>n>Gt2f8|K! zBRY7!oh+K@g05r>3;BM+@Dp4S-`zKF&0l|g+cFA1t1gntDJjv^3L&n%BD%Q_Wd5V( z{v&1ojq$@j+CP>9`8`Daz=}!!Gmmuw(h3G$N)+M^%v8^XYJH6Z2V{7VBn3RMwu}Ha zzS6B|g=hD@Ym39jLd?BS(uOoGch8k$=_Ng8_zS1bM&pcY{Uu0~Yi?DUc)BV=m_Jxw z>dPPP$Ir+8A>7VCs`2QRWJLUlZ1&BTBB{z(2!s(vE?UM>3&zO$ z2=E{23IEN?bHiqOD^byV$7e4N3A^fhVcZopi zqdCQoz*X-ksRA$ROb4jsMzmTx>7h+?o`-IMspVpC5m#l&iri0(2>CP6enOQ)h ziHKD^D%8f&&>tGdng04|VZcmo`QPnF{a|s@ zB`1F8}RQ9WejXqnV4bg>JG5I{OFm0C5~~_GYz|n_i=AOO_$r*2#(tgbI~n@ zSs;G$rm5(YOtn%hh99o+tc$&%mkj@@)HdN5Z1#aqZs+D8$T;748*7zxAu+6i0vm3% zx%Yc*{#VQY8x*rgtcj&9TbPi7OKDI1nn45Fv%%s_OeIkXVpn+GN;GLJM73bLhnw9>Y%Tizhe;m zYcs^6DA%Q4{-GZHa?rmtf1$x@(t-->yfaJl2lW_hBYC$jZPZq%mu%j_vqu%q%<=T1 ze5XggF~vs3^<^+J!ubqa7x_%uP3_KBZU&b~f4W2({$a`3W~t1mOK$1{_=P)mC7Lr{ z#B8hSm;U^xH~xbYJnr$b;D=NBPrr)HW9_*1MVwM^^=q)(%ulc|pVggx)as}cV+X{q zA^FD;;))W@%U3A=xn2b`VwvW>aLOVNn48d4kK`}xgUq4JhtG)c<)WG$pk$*3|D!bF zy>{m(>wKG1Iv(Bi8}|vN&#qa$8aqYnXuC{8Yld%>c|E}6@fb6aq34nAu6vHd9EWVl z`uBHSE3LK*aIe96X>U!IW-@?_HR610>@m039QEr`+|~eq#mcAZa-~Om$W=S1cZG5C zvHm-6X#+K(%Zia6(~}dynwntn&Y%K=&A9xP z>kakjR*V_%B2GgyEY&aD?)dZPp|nm+!}D(P!=IklPX>pjJ+P+gr~^64cz+h?er=rD zo%a!{OpeZxhcgJ=&~0UhKtO~{zYf+``ye=Gkj=wkop`31y^wlR#d?@2$ zJrOk3FibK4k1ru)`hZp3lb+Wtob($-4)W7J=cz!Dm6N3|pg&UUTx)`4_`;{vOpr1ZvR#sN|G6oQdyStr%gynW=fzEJkb_F7;jGJ-} z02mZRK#N?fQJpRPo)zHDVZu_@E-kPiDnfRgu=auh!_2QsT7hiW-H;wm%j@f_7{_IusIB3H|3f2k=R%4n?q$2E%+sn9-C&d>X`@8_Dj2g5x&HV?tH#$ABWfta`IeElK~REm{#{!^$smXbJ!cr zMPq}l^D!bJ89jC3k)!zJ4$E^|P4(wo@%W3Ak>*f}F+<p> z$o(d%|G=B8*F!QbWE<^1*`}9vPOVF2d;aN;VP9k-qPayCA(-xAzo3wHSlw-G9y~9* zMevX^o${>4>KhJ5YB^&+xQm4F_GMEui0`!SzL*oT6a-~fP}m~BF{x+jM0u6>IdU`+ z2G^%FoJ#aRPEF&dCmgSRU;`y6Ex2J}RNXZQSmn^nVc!bM@Mw1naonW4*Rz=`zi}2K zGrn0HUl}$kCh7*g!!|IPP^^MXTtmpg>x10lKABLS@N|`XAyerxGao( zY^#*I<%xzhBu{g~ayDx5q0POhfUlY!OKbqQXS9-_jr4lI45tEdV24Ra+e}Kn~KVI~i z5z0U^SQ+I`=U6XLdisDzXKb;U)%Fj)26tFQu;I^NQNgOwGfnB`RTRIM4DSEdBzHeI zVk7*S!Axsvi=Tg^cGK}?d3EhA^q^8KEXKQ$HrSrxt^8v=ZTjemTdxfq2E80Cvl+qR z*4*@hX4l|^lZhTPc5>7n+4C;BT|91=+XmMkZy z@llp@r$nM51sO4=#Az@R&6Wb;u6nt#_rp(i;-CHg6(`_8m@Q-Z@Sf}}{Cu-Z<&SPH zS5K2Ze_1lgTq?^dFfUkBtCvv*viqV)Rmn{)kX(7r9Z@?JJdv@y#JR&g#-O~1fAkA_ zDxYS&bG5RAl8~K}cVX-LmJa@(_3^v^KNvK4bW-{L@Du5No!lTV?$TH8N97`KQp|Xl z!=d1uDu$&z$pGQdIw_OSC#02$t@EK}(mO`U4s|yM+KiUzv#y_PFF{l$;$USYM0)Md zHWE(jtN;kewS2Vl4pv$s%|{_-p#lKXu!m{Miug&~zN%zP{#+1aq|h@Y0k(b~DcHt* zd8Zg7#mTt19NbSM#q;OSF=kf=o<|_<8M)biHfH`mn>vQihz|VOm`VKE)S>kcLjG(I z>;G)(AU97iRu+D;hZlafmggaVSA`b5U@&6iaAmvGu=Dz>Wr}mt=NIYemNIumuPId! zohtK=Z*jRJQZi33Dy_zDCw%Ahl$;A2se-h>^YeQ0#!%40r6WG z!AM{C#L%W~2pj$4z^M0U8==M3F0KOSQ>XW$M3$N>HiqhUZf=Y7Sq9bam~1B$1#J*# zbb|yQ-G5?ampF&Oc6>?ztr|wMnB*48zRe(gB{{y6$CDt>UlMTJ+bBb$yZdxEDfEb6 zX@Yx8_2!*oJxzy_3wUFh81Pq#OME&L9BDSyDJ#xdInghyAj@*by|5|co_%hh?+Sz! zakj0!P z)8+7fGOt_Vu=h;ujC6qJ$MLEnaAZ8dQ(eiRNCiL7n@s31peUC2RC|j1qvLmX4!22T z4;S0|?3HnUVzjB*D1j_Oe=@Q1^IZy|aM4F2<=hnF5J36I>DJK=7=xdA)e$R0LF$t0 z=W#qyAIMP5^lsrj;AU`SbL<$0R~w(z0^6`aw5=O0UG6PWl3+U@VKCFI&{Z*1etY2P zYze!%C2gSOXtnE}D2}Y%$fJ$ET49Q`w7WBr9Yvh8k*7+kNkp2HkiPVR^hXwtFOd-S zPxC>uy+^V4xplIyvnTdL^qY;u6FUdse(&y_b*HXbC4QWl2+1GnFbyB>s_D5_voR5F zMg|#_SA_Ef@DSfN>p*Qn0{ygN?e3mG>;?c}FGhFZ&}g|QI2) zT~b7vh%`ghMJEDMLg*@0LX(6VKvWbd5~KwQ5Tyi2LK11g009N*O(3C#fJjZ~y|cco zv+w@4``mrb`OfeDbAR`q`~yiQGs7^MdEe)K%DnShRT^}SG5Da}%J~ z*SZIjJ+jWn>5gMPmup_RKX~9e6y(=W?`6`vf&~*-^m*YEq1L1NHynTavbyip>wUBJ z%m6_x&}437>}m`9`=Xna5Mo<4$BPhRw)2BxolzWjcQ)px{CI12+Eunh-vCSwJAs-dBbf#&tnv+d;cL^e_@-o^Iy z-FFURK*!75Ke9<#Zn;JVR|6i5UL@(p5Mfn`t&=*OBIxOX;%GM~i22QjfK!%h48wW( z(Et^-Vy87;!$ED0zDiZM)&szdyKN42IB01E9GMZKS3BGJY)k(paOy|VJ6TZI?fS>^ zDqmt-KtDESL9QdZ@$8)hz&cOYsnpr6Gfqn*7hZ9K-~%0=dmj5i7@Eaxs!Rs9$!2>a zhczelTD;#H;9EPVC?GKqSOY|KKS>oLy^B6Z>kW77@qU@?kBO9Kv8V zM<3`vZX{U%wp9}W3JU0VPvxGM))g2r%LWL2cz)^Ev|hH#=lja1prGbt<=a97-JxrL@qf!#M$f z%304%;iAWjb?{WIT}e;TUm(?Ao$ab1tP(J0o|MY}fZAL7lGC!YStb)Yo_6d1PyXuW zpOFalp8$&$lc6TONouH|&!%XLn&)MLDrnBTYWUeo@laC{IW^SPXS4oiK;vH@u>b$A zzLB>`ZIfY@_OLu%H_l=?Y-5!+WM>748d%TrK_Ptya5?D8b`z z6~arsGc?;^6U@GaUFj%{y{K-JAKh2c`qjCW;)e4OT#Tw{+9b${(u!jVO^d(aI(H$` ztt4Ldd`x#V-Oj(6XBy3c9)&FXhO zwcfn%Id+GO>ug79-S(AJ*PQbb5M;dmrtVsQ^nZLxyAReV#*{E6hdKjV42_5%2=3=6A%|#67ut-l3ly zZ!6!$s(2u#x1$(J7k=y6l_m}?O2fU>dz682IE3O8Y1B`PLW#*2T^O0HJ6KEJ7Wo@?TQxFJ9e1ZkPS= z*7!y^!4ONYF??D+B@pRFb_t3j)Y-;XCEFjk*oY-|T9vybUhWfF8fnRd^|mfBWtPHO zj%P8KF28+nV{>;(^qpC+X00#@i+}(FS`wASin1g0Jx}9Bq_<}+Ck2^xS665Cnxt3f zOPz-#5o{(qSL`$KzQeM5@>MIKI`18X!H4vvVq9_VVO|tum&^(0o0X zVU~95bJ_Uih8qL)@EX*~IE^EgzE}*>GM=_7^Egf+1mcCxKH=WDbaUCy&MUXq2X)2rF#ow z`Kpv$0JY#EJzf^$&1qBWB*n?YSf;=&TMs$`Ojeq*)K`k7-fGSi!2zBtPFbmMY?ExY zaVWmxH~mI8J~iGwqO#K(>L4yF8-M~ACpXFXv!f>sc6Hd6)0no=;Smjn+neu|ZDSBR zPQ#$M=Rwh@19`8?l3sfnGAW<*)qAOtl^rCLTIA9zC7Ng^M0oIaZ2bh|5Qhoj!nX!kFf!)lS|*T#D`(UubGePrsCg;!#J*qJGjz<+2G??$q&( zOx%}vn@OX4v1l9FAX}Tqg_p#Y{;1y^=*5>NlH8>bF}w)AJFN~ce+(TS1AQ)n8$Zl# zoI|C(1c#|W%0CZCs#)8BrHtMd^CadFgs!~cxW}jUY{Jx?2OG6tY~3nfD7ZvGBXEoO zfW8pO?~X#P9zD-XCA35|75yQ#NxBE;=-u3dC)hTUcJTu&v2tK5y+p z@03nXTC+em z@W!G^);~arNxcDpm??Z{W%cBDEpL-St6`a4soHV={hN)C2qlk{E(mz;dM}GNcz(~d zF(<4WjC6PUztIiKsw)Ro`!B^PP4wUE!Mj#@jDn;gvry_4q7kqx;Xy6f#?C>UH$yay zV^e(EnC*Cgim}JH;xbxU9~^nY3Jk+gCEO<6TQ^yR`Hy{*DNFWZHI}xOp-N75Q+YR1 zyCt-D8MN5iF!to^U5B+a{W82qg|I*?@pN`C~hc-X3sUv2v+`;-|PiOMi;y}N(+}+f9IO$ZE1~eclXUM03eJ0cA!p%Wt z&onED!x;sGS$eXpO<#V=i^K(8qf@yDhRFm~dwdsMLimQKjfVizCQQTO5j-hh`Q4i2vV7r2A@J#D&xpOh!0%v`V59t)F zY#hFlBG@tyqnq~6e%hrhQa|&tyH^*-va3k`k`cPha<3x z-(hyr&gn!>K=x+2P)yfZXc*4-!B6$i;h*cGp9VcY6_U+A-Rgh;r?Ts(^6ICuE8+jW ztM>@6TSN>^+m;2n_XDpLK*(;0D26zSEU+7nyu23fYFSL_7AfYje*;~L&VoLn>9xF{ zSM%tT{bY?_45}(icf?Hk+E$aK@nAy@m&G8vocONQjFW1$wNy68dUKM{BN$P)GXmwG=N?5zJoDzngv}iWWaA4_*_XsJD_%L? z*3l4cB0puD{=m-t?Mys0?sm~fvhd=h+m(!Q+J!dphKoa0;r`sH6Wt`wA%t^P+G{1E zX=k)vdSi=!c2G=yl6Bzp!+nH>VAY<+fQ|E(S`#O*HEv@jrni58QDd^1D=uh&MUF46 zei2S`PO%mkmP<+OrwvHj-799}E@s3FfDJkb8!Xl_3lgbe}5U**9Z%o6<0g~ z=8Vu!0^k?3axZlEELbGGJ@aJ26m+w2&C_}3wR=_1sP{X}k2Z}K^58k_vZ1c&ot@aA zTS_3q^lt=z&uNiODM7(H5D{fcsN{~H8Hslv*ziTV4{DSMI@GlI#S*O)ux&#|i4-d_ zF#b~gR*;o4$~MZg3Br|vBT$uc_ZRI&Fqu#C|2@Ic*UZ6`9(q^22&^i z$QvRF@j!e~;{YS`%{#MHqCkQ6p1uLy3J(5;WmzoNDbAX%_0VSdvmWsaISp@aBw$Jz z*|{-`2iqMng|UmB)bB7)5BT%Qj_=iUjT=5T5Fckqqk=$e+hO(qyqy{mRv-<1_{@5!Id~MG28uF?}RI(EVGQ+Af zS~Kph{ehT;*YwOR@bWc@VNg-amTgC+fPVQIh@nf&?)KuAx`6WG+)pNX7E&L_H-xM@ z3=uyzj819fzYvQ`dhsGXWo>P_AUm<~t6p(!I?r!s%pR}1^~16%OYKx7KV?>^({@Yo zV#)kIo)*IJzQ9EUDi+B!6?Glk)2++#4_{4TIf-18Eg-*UAAjM?2_$hNs%F-5x8zZo zej7$H54goZH!BUro`VS&`=ptz1wvmZOg5GR9GfcUPc+_2o4z>pW{kf&%FscTDJgTl z7$k<^08iqcJk66F8i(#Am>Qz-CiI?S|GDNH>2A^m15DIr*q>Y}3zqzal5BkF_U>8{ zMAd|2j}HLX*7h8s!|rbjGr7{+4*klJfzP|~XlFR!;9aIA(-i4lT~NWaE4VR)-gN4=;$qw>a|zaJHTh&cGuMOh=-7$9!a~&$E@((;d5(yfFAPqJdxWXmJV?Ud{J-I zS~Cd7x)_>e8LT_5L*=BX><`dgpLPErxua9x{mCcBUdxv{5LKl1;D*7U%*`8q+(-g{ zUaS!n95kZC3xv%md?C6jeRr#jkGV&h2tgvvWmHb*jAM#_ylE<&wNdIwT_B6g5W*F} z<<8DQcEg)Wg5O4n!Io3QWgd?225xzhJ)C-r+?a14*%H!*nxkuT+vDPv_&aq zy8a(xu_<)F2@?ahsG&e%i!EoeH$T=wtCoYOD1$5Jk9ElHo+sadZhdq`e{k*yHxdFMVmBWg)S=-5P7d4g4z)P^#1K|d+5Ps7$9 zKfnm09GY}4Pq6Wp+Gu4izD`B-X}Ff*8PY*Dmkk-#>mEHMXYY}TkpEddbMcLYbTtvLRIAKUZO*fMev>_Ux&y);oN37V)A|Gdk30EhPHV0Y-3u+%q!-aj34Lm1Td zZr+e*wQPQVChMtaET-uywX*a(P+aNko1*(YGC&EZ#`QJnOu{re6}sH?yW6fCLpdBd z-BLwhZh*OsKI#3%9vXREd{TVUIrcgobk1L2t`*k+O9k}+I)O*H#N>{3xZYC(mp2Jz zD#>kf0+9aXB3h)%1g!fc5^Snc%`SA99_V1dGxuk$x|a5LcUqyjuQ&Q4E@|bRe)jjX zoAdKO)l&TH?)1Z)l-B z&_t`^8vpR-m|;}hooWezNW365(m?KZpPXrd3S)Al>rqutk7Wtb@e3(j&ayMBTcbeCpj~E^g_iKX=*L=VunHKRDEY&oBjf)qb;TfEr{L=hWsK=7bS^ zAzy7S3EH)iP}H;ERlRbP)33Y+0Rb}!~H521w>Z;4*+S1WOr z3ekavbo+I2S#eE`RBhee)X1?5>gEPf#&(`kjuqU6ezJc&Sz)zB)sW^t-W_N-ZZJhz zx`%*M>@z7mJhvCO*WW*_n(S5$^R-zuKJ--Q@#E;c<`O8fqn z?X<*5Dz-k+uJy@r;2|NO(mK(E$HJVMz~Mh;cFmSUbZNUZJ(>#?i#Z zKQio}g@(9)#x|`3w{YQj?{EZn@q^{KNgQ(0@6}pw4NLmHjk;WH`h0qEdF#MHJUf0E07hH9 z{AE__WbBZteuFT`{$@?kn$Dn@UJ+t1UU!W&rH$G)eJK$3BMxs-_tjya1~7$>u}?^ONL&Tgt@zn zJ?uoQ1U5~d#Jts{g!)XY!mZ?oWx^D?o1{JjY{ds9>@ICQ-}}%U@y#q{BgF~=syCSf zq3R)J3>d%zPCAcFlg5g?$A;#BLg{wBz56|T)QS4)h|$+&XD5$oAG~;T>N?kvke|Q4 zui6#brH$u^t*|{J9WnSFd3%CL0hOTnshwklS$GZZk*?PFcFfiWJCq*UkcfXvyztOy zivZy;uHZ%SV1rD*dNT{OEds1$i-NfbzgTd$NQ2=eQVM)Hmj`U(q*r%^{tK$q%sO_elG3|p+d z{k{~ekZ~Sp@QMAnXC1&(*bjRQf~6(w{%C0>we{gwo)dzoDb@o50ZB@ICw-7uKUT;2U+#BN|GVh`+Qmf>Jz zwWYtQlm3hD<{xakKNvf`i+G>8TsCXEwjhCb8nFP6xG5NCR8d?YK)CiOfn#gg5DBQ0 zO?DvOHs0tNQlov-`xOrK2@RcaA_46Y_M5(_^~ePaAfd9fpq&)e?}vm3 z{7kxKnG%&J}vniVVT23|;Jo!CsokJjd)n&vhJlB`6p+U5dEZvr*r=4jc zB`j3wzV2O-){@6D@Mc?@N*7>oW0|?^GDq1nG+DKnVP!2LJk%nPr(#kEWiVJ5;it3y z%jdey@@yOb?ILF9=TSkv*vlX`m$I3 zrnIRc--|K#@YP$kG)KB8ZYvp69nxkYP$aKcw7T=d-BkLE7&z=&6`-M(Low^sx)-mW zX?5PT>S)fa`y)oK)_w+}Yt?UX?N6?eJ98(n<;f0WJ;S?3WgDY!$g59i?NLA@QM}q& z-n^)z$Q&%s#f5I`tjq2hU0N@rZ1V7hZTZ%9>=nCS#jP7>U!RNIND!Pc=`BDknidpv zOry~YXIIuEJsQD<)(g%d6=q=9PtsBorS0W6=I7gs;)=6c1npzKCKi~=L3TLP9l+rm zf7K^S>#zSPTNLQKm*MDb#V%agtBgW3{jmWS%=2&WG!F_Wi#sB5V)C0gK})qM1HW^8 z-3rUQAaDuFsaH|8*7B`wz49ad4U#r6Z2og*PPxO-tqT>TC0<0hFlz>+Jac%w%vRQV zABSjgBKO+O_ibGQ8X6k&I!FC#P4g6W7OYb${ENrg93B4buf6%N9{)WDvtu~A?5X{v za(5#o?S+Exivx9Ie#GS~Jo7a?%Q%+7h21qf?x>O3FiWfL_reOUd9N$>DGM2x1;?7nNgh6cJb|y$ zv;E-Iy_Npd@lQ<6Gz%yCLIY8e1RcgftX4&6%Gr3S9HkPO<`Gd}nB7QC>X~fTnU5X^ zmEX(Y$@wY;OuyZi$-1VNJ2oEl&RE@eR=2e6+E|C>q6sIDqrDR_?+&f1>7CCM%LwcS ziud#OQhbzbuIYv(mxDEWHS_f>ddb1)sfHtolm#95cIO!HOAv0^^w%>MXs-)$OupCr zCEZiOu7B9h64p|pqF5EpPcR@7yV$!8%HKRZdBq?)iM{}_|^zE2yL(^~?PF%V&T z-!Qznd4hoRR!=VS4vUYk4UHj&QbLEanrqPE$6~r=yWEEoKJLtSje0Bp3dPw6iB^>) zC86E!%h1k&$ozO=={%NYfxCHNCh5kQ9rJ5b#PC5x)s>?)l;<4U_F^}tS&DSl(#-~7EixbJ59)e*lvZ?mCMwYrpfjdKk z8m{5R9!IM(x-eV}WEazL52O)k#Haw5Pg&-^rwGeJ{7LXBe$Fgqp$Y#}hyQHo1Ksgo z0|eid3zfh>0{}lQ#*O0!{j`>!ae~8;NYKwP!%vI-&&K}3QGPy*9Ai_wx0-KpS|xxNIwrae_HH66}%n8{j`>!X=MM|#vmL$){fReajMysAA@ev znOpZHp_$Ux%3b(vnYFbIMCHl>Hp_jcC9`P_C_q85I8ohWp&aykQCEiRczrn4&aXg$HvMGIKw8tiwKzY)>ly9Kml%6lp7pYf6 z#S35c+*=sDsvls07Z9yd$u+B1%aiLkJ*=7Jqb*2m^A8nITK6RP%U0&Qf1{b>rOqiE z5Lj7npxY(#Av)u=JzkMW^l9OTjb*2tcPj7{Pw^xM!u6cVjEJLHVLC0vul^J$G_l8M zYao`|LT}v^K{p)RRap=1W>W`k{q2mInDeRTIp1W;Z+xnZRYf!!CbCrE@-tI1S*Rxj zSk;Y`i8JXhr1~8uW_3cXzHWMx?>)F!Js$8xW>B_dQ`f=*>|;{XvgrH)EoN1(AcoMj zB0E4FNVCh_2n{$^$EK|k262SOM zyVD*b1^42i$8`=(jo)j|X(AL)u3NF=#yv!UDdd?e+|q2gMVYmY=*UJBy~_x|x%*98 zCTxb*w2uOno_-<6SF+Y?rR0PXmg`{mK4>VWMHd@ zt@3%TGY22@Wu$h=AY~3_8V!M7zyKg>qf)}?eS|@u*y_c}#fX-syd-bI)#1*Uo=Al} z!GWGVtA6h`wTST>|<@k z3KNLO4aIL7gW|^V4&9O8vm1HNh`(b{$d2AA>%vqu_tsUG7=$|CJ= zJY8Z$y-Z-%)6`Bj9B|xh#V2D{JRnQ}n8u_P0Xs9Nc%&nz{bDCn5+Os!{9id|x_XZ7WMxNn%^oy80047tqQn9B#2{Q5zOuzhlE6_*On* z5BcSQ!?r&jnA!Cwm-H;UiW#!DH5IBxIk=4cozH9!sCZxA1#PAGb&XRK=^O-zCu}Jx z_nL8*t<|VJcp%hHJTtuochTO7`x03q1_y$3OTk9(H(QI4^CBD>bt8u=Fn>s|&;2&2 z>itWFQ{r-$(L-aWZgW1LaI)0FUys>UC(snxv&@<=5zzBHu;Dh-|2{Kld|Wu{*`RRK z-a5#Bbaz#9p?l8vv7%6*V89n9=S4zt#Nx{FDw`^9B4gW#+T`)Z#}xQ<_B!9_gkgxf zRL6?$YdQ?z|(t24VxSVidED>K> zC8veHJw7@8iCMB`O4doR#wx`^SQZDHz<7te2P<0@SN2Pra~u3ZgI*nyCGYw41NE3k z=X=lsw+96bH?@2Fdt#cv!oxek(#_ei$HboKG!LMoiVLIPw?6}3SxTMHkJ!GNzTW>{ zKW41rIBZYY>;vcir*Go^Cs&f9g2O`fj=JeDSsaw-xW%`>guZDQ5I7*$bvFYy{cZb+ z&U21=@}z3S##xzpTRi6@%Ho7uu$kpnIK*^iT_gA}t?;C2C9ZZ`^viZyOIL2wtzB=4 zZFpkvmC}tp=?K5MV@WainQ%9(o$!HGiRS&kHZhkw#!J}mC?}|rS7(;nnb*d*La&{z z)H;FjU2wSl?Ub+9*5r?Al`HjwS3z7N1ld4rRh@)aV7UUnn@i;(l{(`_{%r4*XN$IGo{}RzMFt>>~;$xjxWM{ z_s)ubWjuGeZTy1uM)~?fZzP#;a+!ryMMh6(m$SBYK@yw%Gop4>t$A#D_RWfD|=hvYsRq(5688}OvCQBUg9gHf4 z5MiVs9O|8fKNmc3?I78%BQ#(NmoWR@%h6!UsXLD3Tpt$Pq@VimY9`O%jRVP3kd2dOm)?MDFLm&hKCKh&=bULL}c%1RtE8CgoLi5BUF!WIe>xj2^P zq7GbX-f@i`Z!sZatQ2Xk)Hk1ZaJC(R$VbYksaNeueT|q`WZnw^hEmTy7o~9G5%}D6 z_NE=mLj|kndyf!XH$uo>nyj=DpZnT=*%kLK7*+76>Gq{YGgV5-+3XPkBFB*)V1WP` zU;Vx}q)Zq?rDghLKsVTMP9X6uRCXD%4=6;;by?Xc=T$3(y=#EyUThRiwQi(bSo(B_ z1K?Gv0t2OU`FBnRvshU7>iW}W6`112ftf^t&NfFm&vRCyPL68K+pqD_SsNa(o6G;@0wS@7U(@E`!7l^IiZp~`Wod1*Sl+|cJnq$$9yJ_BSzNg0G z$o#pTjh>ooMck<=SOJn<25W9~X8N1;=tt!k!*u<^m6?N!bHz!RKOD21Ft!u#(V>ov zTvFNeZVkNlwooo}BXt_ZjhL6SzV#-s2FHkW-tY`x$*KlipY^~AT9qws3ry!u#B=z( zk1VGtfX=;ZYL(p%Ei(svc_^N@z;u@jnMugmA2dsaytndYt2)i8BquqqO_~x+xRYro&|sl&bNJeeKsgL4eue;j>S}UYwOPQ$Wf5lhR&VpP39aFtJF%pdk!0$mckcY9c(6wf`L!Q4gohuPF^nXv#;JM4*Sm zF7wK~U_4u#^&N^&(KNC<8jl3Na<$c&&V7WT8Y;4*X&@+BNq39~Ox2R?*&8=1tF^Ft z6(C`}>{aaTDO&hcsI<3#3)j-yR~*sH95I1B$(!Pf5| z5?wKfRj;Vx-{DILtH5~2R7)M*aYXRq;rTD6nLzVm;8VXBqrX>M6Wje$K;J}@0H}US zES45s`?6mmcS2m_=Mn>!;QVew)HSbhS&h50?ePb9SHrtL7*{1FH2{c(xZN%Ab&^xn zn;Io4FaOE)^zt{YluKuKPTrLHz{N8i8MH~T)2iQGoRw@9yz%8GRj*WyzpEH%rR$Ei zo=A$CHfW6&+NeTSWzS$+<+2U6U6a^eY9d~hYCweLWJm1?|0ut%So;TPn4AP8Nk%Jd zx@2B8_+YUByuCMU0$TDj$|4kS9ME;-~ zc0?)kH`=^uuic1o-2`{t%9Y6MN-0>|gh@v$B8cOe0U_OBu|d#XRC1Lx`5lC>{tU(Y zwGF8cWpfqrUbJy}WB9t1>JR741#>;TKtG@z^dL3Xo2o}Ex?r%ZnmKK@V#I-&5C%Eu zN{mo(Bg@5$bIH?n+yr1}wnH4hD$Jx%ub4 z*&Q+{F<8Kg!A1@WsIAeNOP*~7k+6Fn3u%V0sX*2?Pc1d!rvhsFO;V7pC*ijRaM<%a%E}@nOfW>` z(2r?bzh{sDBD$q;z%}Dqg*p9Jr2vp{KHz@S{XPmI@#2~#TPHLbt#Rf-YlM=jdqFCt z{7hcoBYwk`Dp!$jW{!E;@$?khZ2xBAq$S(=>9zz^>ZxF@RQh$U$MIr4r+dCoIz0O_ zTTkkByUrCe{4i13VzBGiS($^C$vq8WIE3YcmSLaS)J8 zbXaEX=V%;+S;#&xCZSHmu{UfU=9cuk#N)EcEQz7%LZ`9F>sf87;Iv!HwY~e_1ik)& zT>l^a_MfsF{{0&Mn{@e75Cr+^pvATnBappmu@p4-=*g%4;DqRn(O2LO@uF?ou5J$;4vo0H0Kn;3~Pn{cVsNf+r zhD(fx1W{U>FaK?hNxcXAyEU0$mf2+g>06t+&m1LXZDeQ)%H4K0$Gwm6g`XN!wF+8S zz$5a;(SY&lGobn8upx!WU@af`sR!b%xn`2GX$;+x22-!XtbUb#Lo*q3vYx!Nr{K6$ z0vifAC-Ee%Eo6%f-p4arI3wDH_wb-gA@yy1eIg*3vTtp| zN;;mr{lqg-%~UyfaSwoKQma86yN@HwmPyRddeh-xTv=e~dc8EMu+oKp^XpKhn4uFw z3}XrRZ>J&n*P$b+Fmz0-h}6pfjDM<9%~8UgsHEeq8^aKBt8##)^9_GeXzg=>eyIZ& z3s(2MOYfWHFA`~w=X1rQyqb8Mh^0(#pddr+x3-Y5;&8WwmqP= zzF_OJY@FKh#+w;ObA>{$#rMHac`2?*wS>&uew4>vIm-?*_nQuoQ(uX==$Pp-m0>4Q z;xTd@@uQE8MdrhSvc!`YT~lr2ZG@U_`zWn_<*KQGvBLMi3w`*O#rC)+`khhZy)BK0 zD2V_acIvgAqnKvW?2IQ#K^ScpXMROz(ZbLy+Jxm?8YRS6^Tu-x!jk%IzeS?fPB|nZ z?YoXPK2VrCqbvs_QJvwkk+!o7iEZ4j#@DnA&nGuYgG%H(J$XPReSpxYHpMYy(v{HJHULHTa0TXEmz|0uOxnXs+*zPv?tG0^S?w0bGtd?+8QTH^~w3%;SpWdTRLD z-m}LY7(nQ5TOmv^Jbz!;rwnMQ0%Cf)Vg1kPtT`1s&tLQR4bt>=IMF)>l%xVU`TE@HXUqi9%l&iE)EG)lDo>d7oB#@C&(ezSL*4&6U^|{4GnXsA5oH zX1*+G+}|fE9+B7sNK`0gIooeiTWLDF9L5zN=-$DL7g2O=Q?K&wyZZWuyblWsUMM22 zJ42rI$rCsv!@sKa+d6kdWu*^>YRWkJf?e?1eI)juGhFYy-`w8qD0kl0lGxF^;u>eP zR&SwLe|SGhar{E-0r$u5t+e_;IDCU!|o`#$vNpL&iU0{`=y10sMcU zS@OQmf&BlqqCCU$5U%Bvj%1UasofBxTYhxd64UaFj^g`DY7QW0##x?xGc0F8#X zUt>v0s;Zx)Fc6U-O6ct?brNvWuP;r>vg{e;+3&NJkLi7jqO0svt~(vt2~CEI$-`4b zWRAfVf$~_o`<|=7Bxn*VSXIU7vhIlRU`$0?Lr+!{TXF`Jj!sd;jAD1fo+be%40-G% z+9M*8 z+YLtZgnGR6sL5hw9pQNHeJ*Y{kHz_3M59_fUqnf|vh>y|Z_5j({mXe%O*q}s+eWF4 zt_q{QMA%8@@!su4#QR2vC&_}j{tFp+d^xO76STLvPRiZH;tbc1jcEsV`PZLo@g#W9 zWMiuaIaGIyFBr_DX$7#(GKibP1ry3z7x}LP?v)M5}cDcw0RI8pT_k9 z$<3?w8IDUN=g>G>CFIk`uvf*#d@UaquEXTs>@(cMFS$+Cih!oCr z*33+SYH`5SW3!B%SoX(NU zO|@X*I4}dT!(;tgm5Dt3O=W7~fZWO;YZMw&NOuyI0%hUN1g2FeBd;vit_v0Qglji! zM2;EK8Hi6{%_fi5QMk8KXO2Y8^>Gp*ss;t(WP}yBCzP^vEcNA1HJuq>YFrQH?^`^5 zMzZjosrNNCumV;#wdeCz*wgFYymjT=p4}I+dv57KmPg`E|5%BkpI+5dd~FGNJR2Yl zT)v0P8O}5}4k_*J(>%7?T24%jEu=fH`({72)Ee;jG>|L-2D+MJtix=MqK{eF5sQk= z$t4JWdF$q}^h^DMwoQP-KAeaMP6GP8je4V_cpepOrsT*Xt|wa;QF7(vK2%x$v03-F zzhB$I^cG$KS7aH}EuF|Ga9|e93gSP;tk~A2bVM|lmEQ9&A(BoueMe#js}|1PlC&N{ zHgN)o!WBS>Bwb5q2PuGclU9OKhmo8{Pu5Mks=@UDIg{mT+({4&I~Y=4Z~a#K)1>pf z0QF?Ggw%+}amMS1@AS~N=e|4}+qefANU%{i>AuS+Bn*j;U5G~Yt=36I2yGr(NF@FY zTip8R`N~6^J6xh&#}*fD$q}y?NBb;Ng|x_}TP^!yl%GkP|DJPw*mS0`st-cUhm0Ju zKxq3U+*?fPi-y>km#9)o>PiAAINFTmID!Yfb!V81mJu_&fSN}&cvQN3RSn;`#OMBH zLrol+&`4BKMK9Q#wlBZ%DwGFgAJaAz(@Noa;;lHU$AeJe&`|Cwprq{_XVT%N*qY!AcmbhoK7 zZ-H-IX}Y<-CBS1O-bn!iYF|xG{jOB;cdLB#rLjVHk0b4gaZFm1NWu2~NuTab>9pC1 zmj&w0C7D6u1~_@?5xK`X=s_V1=RP)khVA6~rD(ilteuk~m%3oc7EMUi)itg7vRw5B zrXNV~sh3r?Dcp$*&;De8Lq+wTavghPh&7QOssb{k^)-_8G&&&ANxhZA=)w;HzYFyH zhQ8?SXlIq*DD=P>+Yw5;#KqR=#mcHU)py;vEjLg5sod_%O(8_6v?E>D(!%v`E!zJP zx9gu6zeqEI#Vea*^M|+Zax%<6;;0ho93)gLM>V&VA;$*Mt@`K&Z(@H%W#TjO2OKaBmm?vS_W)Av z>iC-sF5$k?FAN7~#w3Cu<(KJ(!JprLIrre!n0=R#dCq3jxq}OsPzv~%>G!dG{A)Pl|?Z7OKm`0MYO7pjoQHm7eE ziz03h#d`|G)QN}$iHL-~oHNea#S;rdgN7HyJb6J zX~E_SzDR!mJy-$%;N_U|>F|CDvJt)9?opm?ni8J?OHH|gV8#~=nnr+EP?4$wWQNjl zGpPW`aj7%hNs15^oO0WsU%f!4C~t~(1lLW1<7eNU)K{i)&bFyf zzerD@C3C9>`Opeiv?*30Glhhp?3R`6iN}E%Yy@hE7|6WW?}^M;&CgDWu2*`WE#v|8*4;}vP~zDrC&{N+@PK2w{x{M>$sb4^OPGKy2G>YS4v>|ElrpZ7Y^=)1Z9xxk7 zT}AwGuac-4vJD|szU$OpP}$rrKV?o&g9(W@Nt2S=InR`cht)sXWqMtZ?v!*V;W4Sn zU(7(-=Sy@&`GlIvJ0W=c*yuv+NNmjK%kkcgquwsQpZYC&$R6h|_WdvN-aD$vv|S%{ z#yTo83}T^wEqFIp>76SZ~S7^Va*h%XMFu3+yAhAFG9z93|Inq0ouDXT_lM zHusQY=kE!bdg)x}6M?6|hRmIk1XBk3fyE+U(AH5g=$?wuN;LtlPX>z2jvE#cF36gi z@JD|j=gL3FF$LtZ;zI{KPYSS7- zyXO6_0v~{8T+19An9P{%;IHwfbJu2aj$LYy+m{u3T`#AvDoyG{JTB=qF)7LsesXR1 zQUgBw$9Uv#M;uUtBxqC3xnT-xIeg@;o=W{!uG(Vt^H2JQI!0C>=<>Ux3M}P{KC+TX zV(IH9%Qzsda(59H$3!L^ch?p`3z-bp1Nx$1G98AciuFP3SnDDHV9OIT)BUUK&kuPe zY^WE{8sZE>-`FOl$1CrMMBRduTxO?owY0m$ZUioQ(;YzYT`sP()%|J4lrwO zn!?}tK|?rVi;_Gv)h zDhGLw`4w!d#Rn3nvBgH8X4VhpFs68Ye!Af}eb}c3uSQLSXJ#T!D5QkEn(Eufw7soK zYZSMix7F(f`CLo{X$vcn*s5Nr@32QFUsu7X8HMkYmGwH_FYwc!wI^iHR!drSlk3>h zXs3f8{@py&H^S?Zq2CFwQ~p4Bjr=p=wZ`r+Yc?&%i00CeZnxC7;UQz)$lqWKF)<7T zk;$ecDU-jDw$rU7>u@6J!&-^~;4wby*-dIa+p<_~fm%bauaL4P!BYPjwe^2ajruRy zRW)f<0s~{7`b#H9HkVyuCHodBku890BKA){9A&oj^#OJ$<27irLl!sX&`IC^hg#1) z*4Vk>>x4I!m}HO3GMb6pRtQQtLzk_gi=!)=Kw7hA+|oZNC;J6y8d5MP0&iy9Fv42#@8*eQ3S z=_9!<8?ur``cUi?5`>{8>A-Z} z-o!w$c9#ft4DExe7$3%av3W#5Y#tGbj4#Sgp*7o7-Hh$ujtn1MjB5Ms2>+`119)ML zTr__$SB1bvv4+B`T^jN zxXZgNA+fOGAJc@~=qPF}=Vn49E+{N7t6mm(gdkRd$D^p>p zRJ8P2u!ba0Y|PT*$mt65XcYSsJsRcAaq?5pmU5?gC4~Xv(F!!?&A;&ix6$=z-Ei5} z6}~0?0JpQej{ADhkHZ~Z_-`HyLDm13;r@1xf4lTAX!HLXNB?8hGp>K`y=o_59n3~K zVuroV3*B^` zjATB}P%m|`HVYB` z94-xSB@0rX0>oz*H%~Ba+{5)qTB@DisvU9hWRyjV*plpeQqqLqb9`D{gs&jNojvm_q|&j&V<&y!W{3H>3U*(62JT9LRAuoJwd z{ucq`7Oxo1XfRFee1}}L<^}l{uRW#&70T;8M42Zgyfq1;YO52Mw2(-W5)Yvd-<4Oz z-E|BA{QX>Bn)t!pby16l7Pp2jRK zpZyRdSq50tT7Eg0g6e^{tuXu za`nQ0rl|mYSw^2V*^`7@YSkUTKKfS67wT)xk^ zs_1kht*f;X0*(M0TaCT5e)q3Mls}stiQWIEek}M+E&1`o@74dHe*6cuXm8tao!b#P2S?%>!uUF3klaiL1 zzQ7e>AT9C1ysVRj2Nt|p8Hqk_s!|bPGDRJSP`&-rM7|xKr_}c%V~)DEAId;9sY3C} zJ8mWBtU(|WY0sL&oD#{;^%!mu(ATONc6mepHh#{J~>s*XV+{Kss|B*3W`2Jg{M*CB!_T<~Hzlq|u){dy7 zlmo?5=n}&W5M)1M$Kc*>@_JbX_e%1bVDB%*Cq%vQr?L*-sQ-}|j8|`!lA^EpG}i4) z;~m$e&TE{|WE=R^C=fC1C!z!~UQDDb29%JQ>tjiZO7~i0^>8(~^Fpx>Wy4R;hbVb9 zFUDH>ZCJ7UAPe(M0lHs&nw}2<2_%e`Qos!T$JSqu9NAf*tY6e~G9D(l%+HN&8yj)k z+tr3qK_E4RAUijB-o0$XR1%qwU8{7uqoLO%;)|Ie&i4rmR|FVByQ>8wk7_bYRcK6w z{B8tKf>5>Fd2(pb+hLJl6aM?2GX|_DweP%J!(2bGpZExM+mDAW>ZuA#5z7|@e;hu$jHF6q8n^rLe&vT zbu8*8d9}##1p4#iZ-tm}!`vV|pR54ViSd14p8*rK3zcRSAkdsQUV4fLToHUapR+(E zxGN(hJG%^V;yaJ#Y+3;sG$9ign{SRngJM=Is2)(qjsP3heU9+6`ue_wC%b|!jO7n` zxWqGJVM)lGykHZW44ac~twKdNeXBw_*I&TUn)}(hFmIv0Un2o!lgTXBc5gMgz8I2F zwwfL)o_Ts2vQf8rgA|fPr*pD7IJxO&&u1auKR%J)kMNr%jX98*ej511bNO!CbtM&H z(k5{b(q?e1#$5GwSG9iU)PhlyL#mG&;jpo9H^wr%5ejq#OE+Zk2i2ae)Qmewy*(ec zplQ~vhU#Czj{SVuS^iu+OC92K?@RRey_9^XZ4QvVkE(mOfst3q?V^U6^=9Z#I5DV^ zeh_1-<@ruqGHeT+&4;WQq`;cfs4CKjO7^eO6b3}DDUNJBV)#TcN1fv)J8jIiekTS` zsE5rA_+^jx@;(k9o1+FSb(}Qm9=_b$l>3}S@u^-1X@U@R@yw_5Z>Gwr5Y88Nmx1}K z7X_^Hj=Lf`Cf3&KO^)`lXNJ`q=#d$|56k8!RH7O7{`$zX40*pOb8~)Lk6cti7!{QR zqq37s&}}a0v-_Lxb4$ehm5r#huV3VWJmoe1?%E175%#}qXY^s0G@v|L z1E*2_YQ2UUFl^N$7`93p(8g9J`Vtf?k|kHB@?Q!;4*yg5sMZ>RFF%(TU?^M!SKy4D zG98c?pm`aOF1_r(!@tzT-`6rQjYy5vqAzI+`+OMA0;Ki-q1N^PFIr??8_%kV(uzKc zz~DxAGjWKLl9OH9?8vSGj5$Qmh0GyR?!Gz¬q`YGEXWg9me4PY`whoy zJ4fBfLd`qs-M_T^7VcfL75dBaIt8IY}!jF|~Vj`^OqmOQiX^N~{2uD{h-WFL#umaN&F-thTQ@xSe> zGI{zkz^I>$!wj?zq(qUQb)88zqx3!-#nIgZ@v@S;pp9+Wu?ts4(Yh{ZJeX`9hG;& z-9FR_QI#W7u9JuYPY2mL0S^4|U2#OB(me*r%zPNrWYR-_woqdwi_&&*I~? ztzF~5!-cK`=fe-bSONQ5lgg)*YHSE8NA03ATPdok$Y+Bn`Qe8smXRS7dv%{O2T z&a^cb%w6y+fP<1R$K&$cF4t%!o8_gno-TSZeQjNn)s8mBFJ;K#y@l6=GDr+;!0lp^ z>h0b$Zpc`VB;^ufgI8)&0eG6bD5y2eM^!>EdW>Ix+ZxN7vU+&uA7>5z$*#k9-DpZ% z86O^ozUEWL=6z}gxSiTzm7-}p_ZZw@VeewF)Q!g0v^r7)fi$_#Go@@LYqz&JtlGg0 z9|gRnQ;juJKS-4>3s7si6)rzA6)oAgt_H+pnpVtaTvz1^m?BM+0PBXSDI2nL9^PW( zvXdgJO>RX)S6^DwX7tuaBNX1rwld-FDZLM_2T0}^qNpWYN<2l3hNu|;kPQL{V=Pa+ zdwP8(R^LFtN+HD=*z!YaECzNf>hp^@c6N&4bJN78#m#`D)?ID0tdw=;$VV^ghx(dR ze(K108UR&gJyx=yY3jSmX*9LqKdGjw*5tKV>t?zT-bwa~oXv31vow(G_V_Ue&7ED; zTa@0?uSFni7Rt_pW~RXVp9Hk~3rf))a)qd$+ho4lVvf5FF?}$_U4ctHbN%{bLt4bH zmWIPTxFjk)YVx+?kLu!ZB1uTzcY{lB-hUGejMbL%nA7&HioLsDL9W}6ieAh5D^>Cz zLfdce-tE7n)Yla#Hmi7`6sL_-nXZ zJAau}&(HpDW*h!_iHi`^?vLptk;`K}(_}0c*HP2@9QFgD*1{0FNR7IONQFb zrY)&O-cj{ckRoFkW4++)#N^ba={1@kUzn|OU`&_oB?TpqB6GK{T$5h;Ulhc1j9TkZ zkYK>n6eJJ=flO|`6O?Y;vd?NiI2F{Ob)@mTxL@Vo**`q%dHK>&{uAsCoGQY_-IL`9 zodQ%t7ix)5m%&J9iX;!4PiaZ%-ly-H3|_bvN>`053fR2cNDWd{DCz5iiQDJqLAPna zK+PAanG~wO=6ZZl3CnDlVS*yZfx{4ss`4XY-OWi4oT>Ax1bKE3d%Qv(M{_aK%=_vL zraLMR{c388$2QKmiQIT=hxo;<@jRiR+25yh0kXRg-7(y)zroWncq5zmTAv}Td;TR| zr6KGyJ9x_FDZzU_J&1+e%-~krvc4wAun9z81kLLN{!mMi&F+h8lIx$uL zm2}eO@=N1;V6a-=0S8NS|LT53<&ncHVK3!GVs5hS`cl@wA14Q3_zdmtTP=kx0&f-~ zNt~*{$8&FUrsX4=4>rB&J3n3MlTaEIgm0Za+QO8H7%kE3Ob_lEb#^Z+n7CQx$b*%S zLCM{6TbzyU)U*M&W(%@2xL`QaShEg}eR6P#-LHZWN_d!QPsS-GEHqI|2 z8RgGbR0vAvd%>npA$uTUwE?B}7utOoXTPuPG29JEc|JO*tA8Kk4~1xQ#w?|PKc$mA z!(Hqe)(Q}Y!u8{AB-ud@9@_fKm@F62#u&n$_UBFu2&V zf{Gzo`8WFdiWUh)dM>wiF6QyFa!rg>V)Y~{Vmzp@7$VFomPsxt)1<=E0xF<++-@bw zX3}kVkX;tj;8qg_qb_IBOKb$EMmLI|sO_`5+(rL5$D=@4IF~kB6wN4YDJv(tSbW*J z`rIzI)aSD3t%~lqIhb}-8k+!37pxida|-5o0^{MuGgA{bMQ0#QYMBY9 zKUB6Fmx;a5ldjMn0~7hAZJ6j+d2{ZIxz$UYvbG49awZ`%ifvE0l&rtBAK{$V@O*nQIA{f~3(P6^H{y-P7pDlgtlD8Tp^j@l8a7n+$;rCTPr zk3>mWtZPQX1Qx>A-`fvtqI!!-5{sm_mzT|a1>c&jlQlg3nO@gSYDFsUHCMvN&SXe3 zHT32aQKibr=k^dEMh7(KrpesV{Ljxz8tXuamQ4#R3nB6$C-&#MYi`sT2OPHfI4B77 zJh3x|HSg=GGdD4liNEojyVDd`W%`9#yMlEXa?vQaGy=)bNPdtc-E>Q;=P|HiTw%jJ zhj4_T$irYY1eQ3XEDx9cuKSH0$}7q8M!~uI?5KQFyYF*5((4p(XSk*b zh~3F@=6nz%ZWiD z(e}qlnLWBlbS_h$}*6Mo>ca3=2HRG{_cH#`JmySMV=B)cR*fRh=wCM-{Kc{+37#H(Zc&+- z^tHF6qc|Z<^C^*zcaBU4(Aco3$;BsEyQ{*KA&WHg_;+IL%y4lB|x& zt<`EQvf;40m2uCyyr&+a~O!@z~&lcsY?L*)OacwEW;3OMy`GtMuL5qp$1w zVe%Q3u?jC+34Y=}I#;6n&8781vA~)usq#o%FS*PEaafS5+DW=+*!(?X zgk6vQTzd0z3ynk{aUZ9*Ja5^ONzY~;Rvk94s#TMk1KXC@0@}MvwS`5x3jLSl3i(A{ zCn|U`P|qm$H@DglmmA+OInK#G9~5`pMB7Uo7vMP05q?UO^fnIn>u5(9x@4REW z?fD(y0ZAf4Hc{3)ckF1XCakOn=dWyHi@I3BOZ7+5xcqi@dci%6o>pDxF`qj(1o(?| zdVK`z4SA>_mWhcq&v{OfQ*Ep5njfVG`$W7jHSHm|sG6wksHoT|t(=6crpcKwBRv2> z79}`HWwC2yymp!6sH@<+d!jp5()wP94bR_L@boq@kRsOUz+$ph??4xuW3OvCy68`5 zcnR~`3FY;?<^u*U&=Dn6rJw633AqZnfp-YD8=5HI7ZBA za_@m{w}5tdrr%uVC}%fAB8<7X zE4Vn<|1|a=SO0F(qG1ED8rtYP189=d;}oPbrLc^oA#1F^2ZWz9$e69o(Yp@!+UfY& zMJ;=-qj2sp+mSE1za3HwkGWTv`*GF6p@C?DBxK55L0oDY9=(9n@^do<7QlspsMLsn zwsT#tD}^4m=5{WkRKu8S=DEI|RXt`zy8?555;YXwClc2Ifk1`VYGr@+`t1mOr$N?z zKxWDpH|`geEahW5-)hoSkg-nD3&>oD?8ABfU1cBNWOk>>bOd)tRElz!*VJ&$!G4`i;2+U3lPV6 zEMO@q6^0J;$&&X#3n&Ar{tt@ySyrPIkTvAT52d;#d&jRayv~Ywr}D*`PAb5di7~lN zZYH$i?qa=WQ78TMSWQG+Q?>9)_10^yq(0BIjoA00?1DOJ9f%@~Z1p(DJS43+e-MQCMt1gNDgs zg3IP<1JajEhEwv2f|Mp#TA2i&?#m$}!XeKd8?V!mtRxuOFA^638V_8)eN`Z;=h5z? zH!&8!_pB8}TrAm6u0}QAag64F z{q|E2>=9m1XZ8x-PGazT#XMnG=M3?VOje@dO%{-$!0>C;M(^e3Fu~5~|ffhH~kz&RQ@9`D+RB-zRh%c>x7Mm)H(TnVM;WN5FjT07b zJ!+d=!M)jemygXJ!rMn9^szgw*q{%Vrurvg%D>%fb(xC&?TFo3js2q@Z1mluFpobZ ztF0st8!km`pBOu&zPq8~#L7JcWWJwZsw2f#O*a4X&V5Tm{9EX%-gY*+YH577Cdquc zMmBmXDF{Paz4PTwZG%JJb ztYMVhpgn1jHD|7$GAr855H8!+#v;V$7LweVhl&1r`vg3*AlbmCVa4N_yx7?y`yGy} z_xOk0`;X%=xHulPDM(g8IvK-7+RzdMkULK?I)CL|&;UY(8P!_2tt6KVU_2BZj96ln zrmeez%wIJqb%UE2d;4elA_q}0jA_*~mV&taiL@o9T}9H_){+mfx9AW)h&05Y|3n33 zU&1}p1;!FOhCN-}1JEIgV0l<5{OL*1eZ_70>9?%6dYcE>!J-jp?3K3`g}w&`N@DN6 z8aO_&rrCnq!Mw7XM_29Sx_q%q!*# zl4K{>U+(atEVn9*xm17H2SlF4Z51mh>+-Wza3CF!aV~X0s)l75IN!Q7-2$d^ zjVJTkl^7gk7?I9GSx%QFhRaMr*r{n@B^YM>{>!pE<3DuLggd=HD0Jd4r;hWyH0d4z zp15V2PXkC)DJmHK_}sVvE{l@tuHfOuYSE1OYcD=UoBHbC`{kC*2M4AfQ9sR*`-6Lx zqvsd0@g0>ZqS?T*fNw22H-^+fP0BI8G-XPTgJ=W~mbQ|asTJKb76Wu`gNM&o8AI#& z^(NCy3Bi8v#$i07q98@30xo-3_Li(3`E*~8bIE{oVxI+1ar}q}F6K?og9mp99)-)V z%e{b$z z>Wh;3jBP%#`7B78g3%9C=aSs{Af--z!_zr84A&3gh)U}#l_dLwV%(*q%;%EB7_-lF zaaO`WV#~+KUR%}SlX{PTTrA!oU9v7=ak}Chc}&5kAQR$JFfP=XCKb-`ywvWAZsJ{X4)f$DW3eBC)OJ#~${5;MzTCCxpuhw+{?hEu(|YH+hUyIgd3jl_!h2M7 z<}^-;YW)n())UR`^yza`|1{#yWr%>4@IKQ-amN3r*P$#PI0TWqRl0c zX<1Zi$R)z`O1$i862o0U;9Ave^0OOS^4FIN150i2TfCBa9mC1!+*l$Z#u;wh%V62k zu+isB=0rWvN^rgBYyKy-?zElhtFc8t8+IoQ(K`LMmae?>JX8IOr4&2SzfsbOOu8(@ z&+uvKBQ9Hg)xMqOH1oAN-M1Jr_OLCRWIH6&>tE%DJUbF*#o=&^ zu&H~NkY3ahISs&X$@;g}vmDK7+7BAIx>*X`huTdoNT^C@8I)3P((hPxs;33bQ97porAU!90lqgkZ@*+rSR@KC*R z-cirj(zZX!lTB7s;dOIBAp>@dVMe`fbX?W8yY(b|_FB*bVbK@__9rb>F5{cl7sKvf zU-=)S{m+$ulF$Fk7yrKv@BJ4r-v4>2fTm8_p-ASF9*W-{an-2&Oz>#L=R&TfTmFqW z*WlnX=Zq|Eqg%czUgtLj$$YEW@!9K%}tmg&Xqwvsn;D=H;E z7qomUAOUu%(Q9k>|K~{m7uWu7GUNo6F%r;S@O@(fOeVE9VxSmx2BP`tQ{R}&&jlEV z$2O-oud52QtkuIM(K|*)*WL`~&#t8J-7aAnX!lELRo$0mmm1uzLRe9f&o*KSXptC~ zq3Nm;|5uS8;efStu>hVUR}ah>0u%PU6VM!HK+oBbR@)K_a|?@f#}Xvjos4a&Uli{< z$F=O?99g~LU68P1OrRe6(JKth+BQP(EA*G&bK)GoC_*HOTz5rf(cep{bgHEDTHD(yhotb*_E(m2+m~IQnBkDO zxZX`GHH*dr=%!F_0wJThPOKI8)}YhCx0hRKN}Z`n zZu-aqO=LpLo0p)y|QJ%*TQrdhT#;|O2GdLioz+r$YjB@n#!z5rCigw8_ZcYo77ohLW zzhG&u`6?``*umbo5_c)r7kkcwznIO#O4alUgnsSq1$jT(@tZ6Qq%Cxay>urFb?-G~ zI$U&?V)R=oHsT0xdfQuQYk7A`x~D~~>CG+ch3V1V{l}@NzS<~0DhyC#xuWg6In?Uc zl#0{!RPrje6pc`0zor z5h*2eXr6lWV1ZMQ@C9QglBE3sU{XZ{=buzuF*dgBR2nYSF>4leN9Q1hs2&0aZ0@>X z{#RO9gmv12mGtgggXPXjjTfU%Z!CxBb%}etv&Ljm=Xe@jCvtPAeTv-a{j#*jJ*}+T zBiRC9W9nj$^<|WATtmevOblKXy|35w)2FCv+6aetRT*pE8a$;?6YBw4aW<`3aKzgw z@CBcHH4Rk(0)gS!^;YY+&9ivdsIA(RsU%0OVt>UB&>ZXg)?<8X<3S>&6h#{AdZCtY z-)gueF29`0=dAxCh2L*CLb2Fi&F6x3$|ZI$c}wqi-|+SK_zTiB=R8o| z0>NaFLaKH!oiBGQ?>!e&s0A$*)oxTgy>6=1L^1X1-csT{E*`3y3*UGyI9g(u=b^eE zV$Fu=o*4F<@*VRY$Q<6%wtFx6rI(kNl=O?T`b>z>(#G+Y|-uF8OB6L`hHc(-k39WqW$xk zEJNB`0~+k$m7SUN&ej>sNx$Iu18%}}m;{1%hSrsnYxlr#du&F|a&*}Ub-7E##}GVskdw5_@I$7%I<+H5&>;&9aE&4bV{NIt(B zG5_a?Bsu=*9bqhhck1v7NvWt>wYwW};^TUwcR*OCGJs^IQPSV;MnttGB6~yR3!htN zoZj4w!=L*KX+z0!Kv-=X$vzfaUG41alyWWA1tOEFfYODphF+$|AAmq$$;%gC7);kC z_=sGZvQ^@pDN9m`@C}>gR1v5#w%9H|Z!uu3n`F3VK2=8wSrttCI% z?p4YxJkLGET0hU|g%}rrdrUqK+G3;U5U(apyk#d%QVf#KEp?8yHOoK_NbUSVGcl$XIzct z)Wsy(y_#Ia7Sc*&6#2b`J~=IN)Px-Z)?`-cmyjTE6S(SVjJa=BeM=70CC?wtOP@`s z4cjp`n_ee4s}D|C$)iIcKJZO0*WO?dyZ+QX=r)8Z^!3-SVGX^qC+RA|uFmRO$$|sy zV2vUu>nINnrB9@#ZikJ)Bo<9wpw0bK9(vqBs!>KNzB#5>cwoe+I6Hns2H4MAX3}R#o@#;(!trrqVIpi2-j&EqxM!qs zieR^|kT65il%^e?m!Lp{7Jn&=7PyzRgRsWT`@rLQw0eQ_k+BOPpM(l%n8|&%Fg8%2 z^JL}tX22Z5j!ZLh&9k$c4L{~9$;ZXp%R&SiPO|?dPBTx$kE~1H`DNs4t>r9B@hm*7 z_btOXC;qZ!F@3*`!ZqxZ3v8A706`2uW!Dm@7@Jsfvw^Q9-9dij934Ma}$$2mJ(^`}Zq>2btx<8?Eu7FyG^ zYzu){ha&;RxgEnk?@)5;xXTOrmLjcZixx(x?*)pNjM*3(z>K!`QF~YJ3PLl4%Fczc zy-A*npF%57KAlc-J7lR`uljP4#2>Pw@z8;~0KOw-g6zP=Uu$}KZ#w5HTRlf556W&H z{!D%Mqr9>@xxYPlG}TNlZ6t4}K@8+x&)PU2-}3;@S{u5v1Tr;tT2wjWH5KmvreDeH= z52vMkELg(#sZ${KE6Ce*;zAF?fY0aN_0*vqvK^|YTUe^Z&=5~XOTeb-T)f0?Rw6oa zU(vvdqCBVn>%3Z`8|RG%HW|>p>*(NVG!pqdF?p|=DE6Q-bBq%le=0@j^puSfoR^R; z*OH-e#Ai=|$`BAAsn0?UWd1rY2z@rM#>J6z;8->|y!fQ^y0RkhYW56K@VSxEoQdYN zCR7-QwB;Er&4>Fxo4DiS+HWWm0K}0P0r`yuYz^cxn+s7-ingp9pAEB$2H&3xg6Kv~yQY*eY8mLVQ9Ia6Hta zQe2uaxr51`GB>odqFK1djdxvFc6CRDZ2}UrBuVVZt0C>-#oHApHHYXaNgS91jMHq%}2c_;eS{bf9@ZSAHisdpHGD z@k(VHdvxuhMJpA= zph!;X{sa9FMN&5;vM$t1Z9D9^y@-A@llq+J(sUF1ZTAO6k!C7*P`rJQ4P8Pe9eb@B z;WdwIIUSCnTm&i>E3bOD&<=q==@5$iTn5*_HjYdvf!aB`aGjp@vT3i5z%QRy)R@G>bIg4K~$zA`(J<`rIJIT7av1Z)?d$G4En>Yg4-_sf&bI$jJsWCG_>ry^;Vr(!WZ&Wu8IJ5 z+t&E~kN#s$2*?9@YX*riZ+OMy6kE6N`{iSt5&5~Zrpq>OEv9MHgMPYnrw zE8u*y=>T3k7f9?8mNYlGk=D~41J#-wZ}+Z}9#AW{FF}C`yDo((R&IV)+5Tx^(z{bW zq<9<-;Vt!6+hoTcf@W@2hSMO>HjLUK&ynKyolB)Q{!d>mkyVDLkG~88zM4@|g?tsP zUrUWjZMk5^ro$j=X!Eu;bT@5PS|=-p(~C5thY6c|P=S3X;HxCX@)wFf=2gt);XEGG zz?WdU+@c@JT`jR0Jk~MsCrD)#cJP(a4G(bDkF>Qju3KpwEuH$F@lW9MO2iye4BZg# zGeFVhy4X#DOmTm`t2gO;^-ZB%_-egt1n# zG0J6BQ5e;kQ)Sg`Zum0Gcq(iO)GT!&8o1fX>HY@H=%saJ(WzQAvqrg=^>O8G>+^ZH z|JK?0w&f35`u|q~b^j3-yZ17t=24pGO2h&td-@)Ur2TLcfg}xT^VX2&ys#w*4pC{% zeZ_U9z#ZOx*-(By#GQ2^)sC-y?qsAf$T-tPi}+$fobGED%w5Ig!C39H*FUUki}C}B}0$o`D?cazTk`drY|ZC&l9vaftpjRf`yk?lXHHDwi;qG)lX&*ADSrqL!ipH2j_pc^!L+RE^cnja}jWZDv8!& zj!X5+J4m;DzeZ02tr2Md_Iif-_aY2sY;$)**_vl~!JzdgdHkhM849)YGLHwufxL_} z2snwQ5Xtn$Q!shUQQE4_z43~XjEmjrSFDdH#rZU^w7ZNd&>rno4PRv*uU}D`o0GG2 z@Gkt-86h!@fwqx*>#_3Rr%#{#dDGMc5^UXaJ~%Z= z<}Z0f4W()+t*=3z`PNSL?Sl&p8z?$TM2SU zx0|x-Dip9iP2_?o-7OgI76}qmVi)qcQYY6~i9y|fhI-qWcH*i%bE36eH9gx4zq4bQhy18Q!d z8}mPU+*~TIsW&$I;scu}iX_GB+?*)(l>ynleWp2QGVyHvyOxZ)N1N-PGUDc`Zost! zqeW9VpP`ZW+g>%^G)ts!FM@wD$eHTo`+!uzoh3&xgtTkO_tIrnya5w8V?J0T&pd#8 zGxJnAYT6%m2!tfi5)v`ySM1VXzyWOS5`P&MXn7*1{X@|O+qU;9(J;Q4Mja+vYEI*) z`=waQoX$_@GTTM8aKbn6_-7MOFV>arWh;B2{Iv1AieYxiP?5BW(kdRH{1PG|0$6Cr z)egt!aTy zlZn26?W0t@!})cDN7Uv*kiLxopu%cEA=_d|G}zF4U8FM5yHMcE)YEZjdVGJ1)#{n6 zes}C#U(iP2Zmas{Y?LM??&p+t=tm65#9t3DPKr9FU&g<6`d!c!zSR1!LB%}}E2l2< zqg1Y5Z7EiEk-07UZ$C_x|kM?Lqwk2RwOBWh!+}BNB zoHS>fml+ip$E7k%JnyZ(cPVmL|Y(^o#tY`Jz=7*R$v%N4MX}@iv1;pf#>uXCKO?lG) zht`qS_TUxu@y+lFflaSG$5Go8G+ghR>Uh#P^79U4GyIQ*J3Sv4doAHB6IM zFrbMDRjR&wf_v(Bcaq9fv%91&WQn-8K42D@9f-iwu9HYD@gmCcAc&26Ci_0=F3#*4 z<@1tt*_srUffxsqbt7{&7n8*mvW{R4*2$SM3(*`8m`GfI+%mtH-|ssSf|B&@YRjhv zU2C?0YNJ|N{<~2NCS@0U3P)`V2xy#jd&2EPvytv-l|XCOJokytm0Hx+)@d{WV`(E&xdtkkxkYcT6C7T5^paA>Ra{9`urPrlmM>302Y0sYVN{C3yg*R z5@CsZz{Li1@3$k%Ibr6X>i5~C7Fks79Ns&xtfd3bndiO2PS4qCDGXZJIOJ!dpkQ@h==4W2b?X+Cv)G(0yPdav!l zT z2<|pOb>M1yG_HG2celkia+mLLEx}dQ0jd|LWV3!)6Y-NKQsBbE+RmD6Jp38sEbV8N z^&r%sOzw4D)DKyA3_uq5W*RVN_Uz2Uf^FgFsvJr+KJ=V7ipOAW;hHQl;P})6p7*@k{BkrdiXHDL7e$l(VQFe?{b`E+?!~-J-e;I@6l8`Mi)F4Z z2weOD=-^71p0{~#XRPEiS}l7PE}1+DI(khk!(&uN4nHWn2+F%T;z)qEgDn%cX)#OQ z#w6k3wVIq22|Gh$C=pd|GQ}I+i%524CXQB0UrQ`r!0jqNz}OEuxT;EgYtqx$0(cUyrP*KiE_f`fcT{U*kq{C3<|XL{n&9#;MM8zpGNl+oR0G4X0odJwQ4 zdR7knu>}>7a^9H6=EY*eUI^*J!eZH6Y8rb-{%*zPR$Jx=1FW6DrEMvxI5l$_qZi8?^jD_T3_Lh;coOXIoR1$Oc7T0sc3EzTzS{AXm;Mg*HHT-)w{@eHhTM( zzfViZkR%qKZxxpJ!Cb!ktkBgb#c*B9`j*bZ=ad%{`S}u;GTIWbCbnyn6ZG4icUA@q zlPobzjv2wKE-UE`aWaP$kA_(I|6%XF1DZ;=y=kPuoz84D-@!cYRz1%yCC5?VqHj3T|4(2Gb7CDhQtH*?N6Gw1#8x%Zy?zUO@P z{=?pZu=jq}v-VTg`mNtjM|T2Dc|?TJdDY|ge*Ql>7w04QMHcc!)4RctaGxZJ;F1T4 zk;ZFjZ9#YnHtVxp(#hR8{RW4E!UGH&Xg>@P;jjzMKMk6)BNmROI;%Oo?cUss zz=j&~bBO$r?eC|HRMs>(b<4yxVD7sovckg-_@xdTf^mDoPn#N)Kctme(SYkxly z#KZxofhMaEzJ2c!gT{mx`!PZZCvu0s12b(J01{)u zgMtm$)r9GCmUubCEpL>BeHrQ7<_+j@(2ExH=%VPtev@xo8`1n_t`1fVT?aE>5B&60 zJ108FpK$8e)haavLFv%5Lgi3N zMW38Y;-hCU8W&eVDa4peeu8C_8A+D~?a9AREStDIOrWGTdmkg=ZkQPh3ATm$>dn-N zCih05@JZ7q2_X}H*EEF&4`I;0dUtuxiuNVrHd35?sna5+OQ_;S+o|0y7WNv@w8N6# zrvGe=yM2}f7VK>I7BHbYof;mkH1Nq;4C+UfcA5>yZV8OunZyq23)&|Wk|HpmKBOMr z5Xh~TLIL}l7?tqWKGd86RF_li)3&UVu+0(e%7&+c6#0%HdX{! zIo$9y+Jn9QCSTT?hGXi%L*Os@OIqBC`GpqX!Cc9_^6cz)?Z&Q+IZS`jCeYAZG2e8`4VkxWs+acg@ zfAgQz+Ho-X8W@0hu0@Q_7fw~&kfyT^2bGi}g8G3&LiE?`{Qb@1-`?YI&rNpH@?3pV z7u@<{Y?tZr5<#`BEu)Z{x`)1S@OP1S-!Fl~rTugrX3F_%08%$EWj9z97=f~e6k{d= z7mHfh)tO9>((U~ArMw3g1{`EZIFBC~Gz%205s~`W;RjDHI4szXavd>#17xp!CJ?3_`Gp7hm1}cbTPPc{FF{THF&~1M z{oJQa50*~8!(;!IYgqS)B?leIX@}EaTlt$J-fGT1BZwo;`IlDyrg&GMybj*2|EsZY z5I75mznJ3Ec25wr#;Q5@8^HhOCEAvW{B=1MLT|vXYS{_*2V^faRvFwsbWYv()j#dl zG94YHcbzxLK~>kx)%)?RO2IU?FM)Kb%O=Farj#n$yashu=@9_)NJjWK!=|iDUxs z+I5dRHGWL=A=Kq3k^F}@-;GLflS^!hFvMOOQ8e0LHzx}ps#?)g&fD#SA@uqJrsn0~ zLS1L%I`0|E$Qu^&s|%IWR-iSJ6Y5Yn3@LQ)&om%f5g>-B0m8~7!nRh2LuN;j0*0;aN zcbI!S-sMO>&#oOjzoDlF)ZP zr8e%CEhc(vp5!DY`6-KT{8)?qxg2W0v3RmaxxIjw=CiS-TCUs-XSQ{Alr}t2la}r5 z<;V+Gm)f(MgmGh+&^wR~Dj^rIfAhR?x|4;uE3j}T^j_@b{aU;(^ELUFkOsL^W5Z*;4Mc_nlvQn*Rfn~4l!jd$g*0SkA zbZfNrg*W|%pS&Q;5&8;PzO)VHyMJrn$v-ZM;JicCH)}MF8G#&XvdXA`S{MF{Zt;U~ z*|sY68_A`?%`ldS&9Y61YaS*(DIi_l0u3*|8%e;NEcuC@DW)JwInlhmf@Fz%z43E_q>&d;%FzBk`?I> zE6u2DMi&l}fmYct99kcx(F@jzY(MhrpI+<#hl_(bBkLbV{hNOJZH)fYrVW3(_%vs* z{u@dZ;XnJ}x7YFS-a-$UyTeE}+Sn884G1Y#8w?+UlG#r~xLpG7>o5g5GK|~~Qyyn@ zEvCUdzg#`2Sdy^tmg`D%psFCz`1-_KiKB3ruEW0|VXarlj3~v_|$9>0?$HmEoLn}_5>&HuC9r)s= zwtoGuw&ec;WBvCnI7B=Dh*$l;%}~5u##awQs>Egk!PZa5_dA%j{hIO2UFWAF1EG#;H=NAQu z*ly_>rEn^C^-Zq4>|_N41T50mHO<5a9%Ww80SZ zqU8#P-iA;LvM~GkZx_M;%=3S|g!%Lxt6VMKZjG`2o(`;2f~4v`9a*GukW)NhANl5MY800_Q}8Q+ZceW_ONE^wviL<+GL zxyA3TyMcE_5Tc?Eev$h8XS+@xx2Eb`t7z*+YTh7X^ksEgo0f;4#r<2DoA zlvCztqDC*6LE^Wf2J?8@Uf|M@Q9I7Kg_dd5J_SWgSbLtWnDuzIA;Ek>Z}tY85qK{= zuQ%3Gw=U^Zzr2~QN0!B$D@T)R+%DBH7pvn`4$isxXG4EKJ950SMEfpc{ zIK>~1)tw^wJ!_*X8Dz(P@_4FZ8y zYANQHZUKlcmINvyhYE?XJi#PvXsMwT&oR4FV{-Va|Gj1nk?6I zIwned>A)YxfBfA{e?3A|FZAz$DB}t#%J?gU`l3{Ax)#H`*s{Ip+FiR;3pU(xhj^iN zy3Jy?lYSUtpZ_r7spGwZ{FnoZ3L1Wd99quWWBK_xUq zuCl%)T56{_DOWXIsJMkF9&-~VWe}e?&KRGL)K_ZE+ezqJlYb^$@RtYq<~8hW{D3#* z-r5=IW@#4EG9@PA)BFsrwUJK)$?(U!2&Dr+;kUdAprGCo(M&q!W@`H znmMx*MlvTolJ33>q81ijltt^V(+71d zKZ<-)k6#zLy7}|}Y>e4{SooSRC#E` zV(jZJB(ZB;UeGtunm|_Lo7_t-aaUmBi?^lE<<@B(TNOrw`tl@JvEwDINo*Rn&3}U} z@$SFIQSgtn>i6&b-MH`XfBf5{xZ^R8eOoAP?+Pbg8TI2k=HXV(^lxJF!;fSH#OiAhzcSdK;`S0ucSR(fhbxLhHB`sjDsN5pp;DZ4dhnqA>@Z80pl$ z;cWpH@l@}rd6NmA4VkbbSqg7PEY7!JT=MdF$K!hE(}=C4go%axCvh~~PD4f#mPyraCQr3APk-LnA{)Gn9>_DZ0GEgFCR zTg&}+{_T(bqk8S^ai3m+8->%Q_R957k=)Mxd)czKbL4UjILsL?RJddTjs#kuld9GQ zM@MvPzjB?)m<9$dQG*W1<#H~5^{a5z{8;`5#W8{Rs}^ST$O$Ngo9!h=2AK*-n0XgA zHE#wz11DBjKFLWOlPWyWVN_{fF7Hz+x})zyH}7uU1Q0}b#ZUkxFs~X;by{_bgI4Yv z+0q&V(cKt5^6>sMb#70+FD=PD`!INODCu$IR*}_ERJ1U$7c&b~->Zz&E;x|uNkzAn z9wqVDzOq(0#SVJcZ!KcPt_JjVb=~f@)D`3iT|GkH9q4~Gn{%zSGj%(393H3stlxOC z6!g$bY9+#H!bnLC&>VM=D#rfl*Ir)@nv!LGA4Lnst^O+=FuJvAPxJEfj(DwIHr`XIy>91lZ(O3~XXvMn>~!W?-v|M+y6~$;KrI*$pWz&*u4S&8N6Re$qY~O8d;8_1f8LS}5ViY&(aT?Oww-OE*U5oSg$Q zS6GP`!H(_h$;zMAl)OjW$MYfcb`EUPw$Pa|YN6IiKtyN^FfB$zOpRqyrf$4CL_6z3@>hOBtt?Z)l47lQrY&g#h9+nA?##)NJj{;ede1q|wFjZyP zyBmI*;)F7{=}^2Ru?N?LZ<@`<8YPWhd=B075U^N6od-``X7mj1q&y=$89*%bd1eKj zOWwR?s>mkwO2S*jT3SYV#kc^%)TLxdbR9Ux~h2tDq?}jI9f{108rbTd+!Q8?VJcbtIsw?3&8I73%T8nB*R>Kn4 z0Q|M!@!&p;VU>rwKz#9+!JJb_=YFf)L<1j~n5B`x6PDtE;davW)3h{RA%22V^QSNN zLzehkB?6XTe3nyt=^MN9vXAYtG~XR|y!GIazJRtGy%X@2YrB~WLPym+MO)T9wiO}K z9hHvlh0F`*+2MN)ZopguN@C4=TYBdqhK1#+@6U#fW=$eix3&lXApg{s26m=PCu!c^=2Ph0i!DrE7c0M8hRx_! z+LwRGC&hzD-K_#f=z>w6J*|PbjM63X&dRCyGmM8eH%87$wXAMd6B45s3$8=-zi0naL~u827GY)a7(eRA+;!=vsbP| z*sy+sp^~Tri`R~|0rfyxr!^hGn8@CkE!GIouj=H-V~_<$Rpb9hmn5L*1j(Wtb-J`|HwR2z*jFe#hFgpwpuM zO}wF08X11U1GH60Ag~}zZbFmtYl=d&BWdf6V&6LjT z!m_{~XC2kEc~Sn%X}@W&zYOiiit562fa1rWmaf$PWXEyd-pUI~ZUMbgxvumU&D)Lr6*0V_-#wE5tdx(y3$E^S zJ^uWcYyX`eJcn~CxAxBNU(OkVJM9%PT5I24Z$%uPpPP-dsmRv-jq;d7;Rhn)mUZ-j z83*pZNaHU2P{}0d`sNI(G(p}8>vSDJkkH6vFo@ub0H0?B0%44dn=s{WcNZ0?l3I?W zAkmOV<=kNMUgmU7q952~O)4H94ExGeu>28)%Y$@Op0RILO&4vP1(C6S7VoolP3S!w zz>tp4Jd;B%0kggNza9Af2V%#OCpbzwoYJcX$y`ZU#58|c+}${<94VcC1M_Ej=!#3T z*Hh>s`UDBdl=6VSH3H$eB1_uGc4zpG4AMW@XV|}HifWu);`H`F>5$B{BCyhEw|6eR z`Gm;whe!abRPy|F2+H0>>#<7sEFWW32U~k|Sllq_RZdY?n~90ZDT$bC3Sl|84&O0G zGs{$i#a-=TPSqQurAB}GVQM&TB)eNC%XTf?-Y6%r{b}3)Ltz3T&dV<$qo2i>v8GVY z^LEl91U=KdFECz}U=;j;9lXHcGJE$&fB&&d{`d7){`f9e`ZA{&y4xd5u&WuptarsR zhwZx??u+?I_gBD1<`-_dUP@$Q1pmts`*p|^<1rPzYeRA>*(OjjnqM(Zq5dd`@X;-=~e=_e- z_eL9KDR@(8+r*3t*x~3^mA~eh@)u-s==4v<#pUL0RroyPVEa<-rAFRF!k+vyay|cE zx=7(d&w=bp7!!8m(u$EV10LB-VI*n}YQQ9u>*c`qnpNY0=nAz8ff*axpTz%K4Bw^0NLu05X8o_DtaR((joTA zKb+>$5hd(W(mW^{74R%LACshJ?-pC<&0{Ks9<-`s1s08Lu+VlXS!v;)!a9PTntP9( zc`y8fapx>Lt>B4$x9sIgCwBj!4Aoyx7GBYDNAZ`Q3jfLXNvL=+GW5D_UxX!sgzzqG zgCJAF*y@HqY4Y^jr!lLO2OgFTEUC1HMeDS0HL_`?WNSwz2N}KvL^FaDPd)ha?cw4& zbEizG=m9$P#RuB}N~P1FvV>hr$m?r`_ZsCancR(Jn3$Ixrr}u%wK1<*WcU8|m!aw_ z@P3TYCnsyA-MTof=dwE&e70^02^)TbifGYx9o@$v8ypp#San_>Zs`x12ibNrT;E1%+EW%AOiR+iO0Tc? z$@DcP+p=xOjd`8BWC}T&b(&E&eNE>c_vxOjcDu}DwdKiwotK~9^pNW+NpraUK)C^H z$-FqO&?eFJ>>8s(^F`KmOocQq6PQ+{rUX~F+r27m!aLK27ZoQ>ODaDk z=a$XnL#eg*i^3dlSv&d?LHzv&K3QMBH$`_}6Y=#LBaj{VF%j@D4|mJ6FFh`0j*c67 zAH$%kg0=^2txxlwea^a@y2v<$i;z*o8U>^q1{m(Y%j`s0EpmZEw5wsL7xepDeI zkA47ZjjkK*HFjZ_fJth5)a zFp^Q|uf0&vq%iT+lTMV0!a_KC9H?}cTGtD%R zbXyRJGB|ysx3iGI$buLM>^?*wv!Zh`xnnp7oEN0Ila%%3+6b9XeJp+grte>+P)w@m z>ua;MmI<`CKOxqRC?v3WO{=`6ZOGF$DegZ>jJ$M40b?9WmZ+TUy2`1ZOXi<7E~=?3{))nIY$xeH{ijM@B55@tn+U9j?lCJk-To8YpS7S z+B+n7!xU`ZdwV0mtU;7-C251BBPcj#$`@h*Qh0WZ)|q;}eIxxcxn3dgN%j1l^X1(( zFbcBkMo~<7@gwCEIj*T@8>qX}i3`nH(W;=deGgFS>rDReT<=|74gxpQ^@5VQxr%TT zsoNF??N)LSe_rHYL|uZ?a~TVBplqmba>+WZFds4NN1IZS2^xlY7pp;RVfgo0LyUNI zxM28ctS%Bd18n2qbY&5lTav=RDAre5`+^c|E$vI~I(|SZHww3eipJQc{9=!@@34hA zIdos<&g-sUiI@i4vD9NV-nC8_GD#P`h>O&R-apu0&9BkdY>P3onepN;s-MR(ost>= zrIgMpUjY7O2JYoF&2Fib@Vy)j9ikM-YkvMNz%Bb}p<&$ykOCzDwbi89e;tRu(PC9v zv!y+#mq59;@ZK$1h3ty#W4_-hg5s;=ld|4SLLQsFS4JTo12-Llth;MNKON0&BH3h9s%jb7G4leU92guwn(NF z*^N4RDTv+&XHC0R*etge)&t**(WrjN2P2u1lH3`pYhpgwIe;Vgo7WiDOppjhW#nv{;0I}m@Z>XfR9Pyi z<-A(Oa4qcG(qk80U5jEQu#u1kbEw~v7xwU6cDJ>^I!udWK-DHq8VTJKx1MH{6p^G- ztxdsZjizBDg$IC0ukmf^4t=4KwPa)9WKH++-M<~U|K|MLXJZa4PX!(}$o9c}Kd=Wk zt%$}^_aTfM@mO)N9*M(%0L;f6la9rC#pa>Qb>_Xi+xuDSR$b$-*wSXDF4@+h*Po87D%CjivY@6 z45<{hbD&`=r@JQdIYjIx32wun#?{lD=y$dtdrEoG+3IMQ6R>hG+y`!Dw; zFmn?943(MsIlI0QU*gy_jd+{4`92ubMbKuaMJ8}5BvK#1A#JAwpLF=qALx3}JjPj= zUzr;*PCJ`4^p<9u!(HUSAIEDaVHi9~Jt`3&JVKh?zhZhA`Kjge(!mVB6K7l`eC4vw z{Wb|tCdBv+F#S1t^Z~tJxu#GJFAer`$hfA`scoD%J~|2Re{n{$j}xp$RyRHSu$ z&ezJiur2V(e@WfueR{omP){XR4W+I$+tZu&5*m9Dl;`R`9!Sxdlc%f3B547H>YQU3C1PH=yj93iQwOkXK)%FJ?X1J_N&G-WrDR3b6*yAi3K|p0_24dfLL1Ld{4GR{V=`poU~9rs>KaLvs@0)$oDB+kj-`&w56}Cfrc80ARJo2 zeM|KJx57aGZ5&+X_&Kqqd{hY&Qb=1yX#B5x&hs1dIr+2d%kA#Auwl7dvJ@j(gdZ(q zUP*+lZ_9ruMC0s?qA4KL4(O@~U~5x@r28_P-}L!h+HqJe>7$sX=^O33YIVIn*`cpU#vbU`&0n#>^Cn$q2Ba&_t$S&mTTY0 zVE)&FS;S()Hi-dxd+|5JX9b?o=iPH#_Mc2(YjgyZ=|K0C5qpoJEg;$R1 zmb&-&#Dm`z+y}JbZM<&~nM=Ja3omKFz!az(vQfyX>~zRwSUiPeu7!GhJ{YMkWuf_7 ziXtBrJ&M=<+1=B|ZK*HZ#a?kKq0qS_pgk?eft6_W<`WFeE7ZIn;%rzc!a?BCTZ6Hu z@Vl1`|BO;|{hhL7Ww}*v#6kx8aR>YM2N_R$xN={eM~og@%p1(3Z*ppT2TVyMPoNX< zHD%|5@B0e9Lz#PeC!4aPerO=ygE`EfT&R*E!0fl>tWcFY(Eae953JApc{xc$c+6@} zBKxIeR>&xiv0It0MYQ@}{{|2ozLWYfrFX^eDc@c1*}GyR7r#i7t+RXN%KH4`lvHeT ztp)G5&ZTQag)PQdrz>2Wwqt|1=_6}7t34jaic18L7fCLinijcrD+5Tp?UK}_iBZ}X zK-7Gl!*iK7&x)UK(}Y{Tg$irpYTePI`GIMZyk_R*bA(=0J+Ye*=_|PF=h&z_c1hEk zT>NB4>0Q~!Ce3wodG5lE&aG-gHP^yXL5U2<`@7DdK*@gm^dty=O1ON{{NoWYZT|&R zY*X`2L+)e_G1@dgH{UR5NGb?4m5M7_0%^*dOdQGAZ}Ti0Ufkg2v!w=V^74wgCuQd3 zSTY#*cEzA2_+-3OGL$w^LVR4tU~ewy=`92r2j4EYmbHh&m|u`f zy6b~SM3%T~;&nOIe=B@4>WxDox`VX4Dt!1Dux4ZZ#?*xtffV9L5u^T2V#lFrDRW+G z{xg;k?>7_rSS-3pAi50=2I`C85t;a4Nj*M~?}9q!SH$Z`Z%5}tx0}Hjnb-+T7+_Re z|Ab<+^uGNVN5fu#$GkhNr-|+6lJMgS49+7~zM%C!$Je7F+b~)8jJV=2+a&!6u)S`Y zditKZ6{C3Ef)9M+NuFwC*w9L$^!cM;D~7*U)pDc2x?K(JA+2WW(Bv@dzO@dF>^S_> zu;W^=#8)oUT$y(oDaD7=9@?LGqc+^HIUe^|{;B86?or6@(k)|`^et)suUyA_gR?wO zF3EeLE@z}$HE9d|2a$tU@nIsvOK z+No;zFWoIjT)r+6i!bWA%VgNp6QiBi{gxfLFLcP+ns=d%n}_3;%^hcZ!wh!-Cp1e#_(3QR7dOkmpTTR>&NwvzKpf`2rjW!%_gZ0WB+i~P2 zH>EgjogCb)1VC+5ZZseAlO5ufnmL|KSV?;YKJw#nTwu#}JI8{(oF=$s)aCg_4OEd@ zP(L0^PNRazYRMhKSo5`XFnI}DeP0(@WXF`dV9xddD;6tTrPp#IU7Li=mE7Da`D|XU z-4CqKQBIibD6cXQhpR?IOdoX?_r*CG?eRzJnFa!hi1IO+GYQO~1Ib z=ZI$W^CTR~Z3)sh@& zsCJAEoP^D2#D4!|WyXBdUY3XU3D8;_hF-EeP)t_7JH5N0{@*K_PrlRwiAyEkb z=(|+}&(Q`A0)M*0mU_CIPyJk}e3VVT!Zfe)y`ZUin`Zy?n=$=biNzwGiuYw?*Bl~N-9n;9nO=#EbPcZUMtUy3n>T=!BX5h2Zgspo_*RVNADcT z+a9~+*5Wzr0DhQf6YesDITdoDx#7C=i^rmqzDCi4V>VL`yxit#8=5@v{X)~rukR|a zK3_PdnPC+v7i~*YPPS9xgEVQ@6E1!bJe`Ltv`{I;x>7Bb^yGz}&d=*hfO&~&-1nrp zhV&%LZO^KeN{9M=$|)KY&$Xnf^|5K$Ma_}R*yDAgcDZjT7ElQji0sLI!7=)B7TV@G z^aI<=i(m6arLkAo=g1%~J4cZIc+#GWbNZZ;2kk*b;~=JMPiX&R%xh0^900r(~Ie#A4b=WGcQIq zJ={J1=03BP+pK4V-2YvSE4U9a01(F>11sNkvm}z00a*#BdkDW!zy8*#Nq(*$kbD zaARA>yO{N8*OAVpNk?kR-T`;sB_r2F)%Bju5R;}HY%tNpXf7sax)%D*;krHKjG|o@ zY9{*97^E{LZ!hKbN;&K-e#VNG-hE%!)n1_G3%<#duEm#WUMnbE9SRvqSR11l(vo*22S$Uz&T4 z454y!aBD{!&-&T>R#s`2x~OUft!_|`XMI@D8$Q|ZL`kG7`%-R~7qN{+!A`Kag`KwtQ#LTl03&|svdDG_aKx8N z(g%WnkbS3*I!8$!&hFb*^zcFl;ce{$)!IxFA0d_GY3Aw~?T<_V6?Yke`Ieq7!VN$S z$&w=eh7&Ey>uT$qORIKVyXRzdqse_s&|nF>%(KK$Y&w#%Rj7*WqF$NR*;oe$UP(Pe zoLe@>qR;j(9*6sD&9Lv>Css&F&NDN!vLemv<&@lsq(x>1bk|{8cRKJ46v!bz1xu68 zHkP{3Q>$ipcX6gzH{+MU4DXB5=B`w*0dmzq4Ah;yAZw=N6rkyO-SpBdJ3p+u7pkE` zuk}USQ=R4O+--mUHIEf-SYYs7!VvQAlM*=c@A4T z^*0-8vN&Y-(L3SWS3941VOuJePk3Jx4O`H4c>Z~i#T!RbY=YNjiT3tau0^fMiIT(4uUwNHSjOM0G5>RJ`tNAle+TpaIq|Ch2TP#) z0mrsBGoC-y$|AAh*8lZmB+!^;S#C5lrYiDK($J%@!Bz?x|M8AwdDA)b>Y2egcQM)FySb z@i;Y;Uo^Lp-fQc#q~hjcbL!}~`9t1#b3k?4C}>*$MiB|Cvm_pDBs8nUJ0A(ws~^aO zcXOSWYbD@c-dB+sc+b>jEM!s;@&_~L-)-v^AELi`loN=!npCKR?0pTb>BIKJ< z+YaduY&@X07tK;5EvAlk!snB@N7~;lj3h-N8aynJ zNbjN#D)6Uh;oT%(0=;Fcni0OE>eaJ1N%0Gfb#q7?fh}J;o5-1$1N*lE!D(&A`bv-# z^4`K1Ck|i_2o9KbV1qU9QO@TJ(n(7@A=f}WMTK@ zC3hgKU@+IT$;h2%+F)e-EwFh@R3wr+k^}BYc*Ut#t;T7d#Gp_W{%(NJ*eBPVvf`!q zu}%YdAOAAdrZ!`~yMtJ%fvcTSOOT>jj?W_;FDzZHzXD4F?mx606_{7EOy$S2An(IR zo3p^^1kk*LYkAwWpYrRBOW7yohMKQ1bVweLNnpJh! zG#{y>$98x+)IRuyt|AiUk%VZ86^@~0m(`uuED~9ZGNEs2^3@P~cG}YFZzwCP4)hh~ za@1uw`b#_9ToXZw!y3XTXvq$yM72D^a!ck{E{uJ_f_S}Fw?U-~h~SqUa&-~KTeQaX z18uHRK(TJi4HrHXbQ~XhZN1UmA3yBrk1)jSxm>f17H?ODIuX+oW8|-^#p|L?wad}| z%Tr9kQnGt^OyGdrOODKEZD47H-&d}Y(JLOqUL7#T;Cg>Yu;YZ+TA~&_XUIDbd0~^J z|Ep&!8584i37Q{<|U-zBA3knFBgVCU|B{3QijEW{d>Nv&34_nOHbmA2GV$7i4{lQ@Fq z=CAhiI*jt%q$J(0zRS!GO-o8su04JI`ei{+sw&K;m&IX46A|$hxdf8t=%&4Nj(Ke5 z5cSYUdV?rZG3#Dv*24%~U)jb*=!>Z1=5-vtawYsCA%r*_3?2H)6}zLo8+prxn_M3J zv=$!Rw4Z*U_pa#YHAKfAuIek-%X#gtvX`4#RQjp@)C9K>z0A)RU=^!ez{NDSL7RAU zY8xp%!`hthyu8Wxx&46B%1(#Nec;)j?5uA`>!a&l z&d?aR_&vS%HgA7X>hTH8?CLAOc!K}%4SM%2d4eOU23Ab3cyy?CrQQ=?CYNKCQ}2D8 zyJX5Tugi3!lwZ%}N^tX=DTjpMX^E5RBF_}|hP{}R7%Ya*lEqO5thzd95%%;S_3 zSw!zHcY+0s32v3|$OUkw`0qB1AUS1KiU4gr^s9sT)Xg?(7(=ZfGcGpogm?frFgtuTCMLTM)6IVo=oH6V0{@jwgn{o6PoYS z-ZsVV^yfuJD)2AhnzJJWb-6yiT8Xil+yM6(pu;$jqt=Z-`6lls*HwF1XPf58xmPg> zXL)vkc3Jxos20q*h1FeVE{-s6arAM&<7xhwPlXcrz!Tz<1gILeKx7IZHL@iIUccH z`YWWIG#Xgr(m%8bn_V3!#i#4bO?Kxnelt?ermQGO2Ead}&mOu&OB*goTCm$~#`_d& zxq7#9CW;X?eG#uYs7OF4p?fsx3(7ooSYhFDA?)Z{PX93SzT?^s?8&vIhXF=IA7@0g zUq#!E9nLBd*Di1!u~;CFk!)7t^+%LcObZ4VPnpfTt&BYHD;GnKCZqzg1Y@KxUL*od zRPw%Z#Win~avg-P7(G6<1;b6(9P=4JP>36;3SxqX?(GB}Xd9t+(V)r5U2%nTSP%z6u*uB|ayMVy)|~o9_Qqx^d_DGcA$CXg1|8XT zYO^Td#LBgD=&{rQ?nzC`NH$ukDww)hwzT_}MdoN&`%Pjw7~Z&{cc;ybo?#ADKghmy z=>Rq=@F)Ai`#EyegT(ntgLDxe3RFbiQ1j9lYo;)7jh|@b^C6X)vNJEQ=Ht3zl!@=;y||3_~V5CXz{gn->_d?FB)nM*XJu))twOor#_=c%*Tr_c-$Fj z;)yaWuGl2LXNaQp zN;&t)h3-~YrP=~@2bEk@n4EWTra>||IDU|q&W=QOAnot#5bB8{NKZoM&S<*LR=F`a zyF#H-&|ID7$mYh`RKymRnsu0xT2muR9yQkt)8H@%%x&I~0X zYgLXW1f1CWZb6sGwQ6#C8`7}aNUm0A4Ektlx`R5havc2j<+`-#H%PL@(6gE^Y-RcJ zNoFpIy4vu`EsU+#6Op|6L{?PJF+!HwBddWbc~l`}`bNQbU%9d?T&pzD>NI<{iPzgh z>+qhTlEkDuSg;|Y8;t;8X=C9=7Y?g!d$ZOC?==B5oh^Gn!f{*u{GY51J z1scEqARD*a;MuUS&Ut^n@3p!b4>-QA&?nbaw8Q*lpQN77iXQQO=JMdgS1w(d;V%bq z^F>1SE=l06%UfEz0NabaLXP`+lh^4uk3eTl%93UYG)!B62^ziL(){~E{hxpQed+&q zV&i{sRJ)?b4(5_7_hZU}GtIyIePjeV%2?h@>avcSibn}h$rGpY=I3B}gPNK;Adp~_ zC`#Ia@tcgTq~Q5qX+3WzE6od+vkccxZaJ6vSnUv>4D*2Fka25z(O|tdsU~v?*e; z^pg#AX_0ry{BS4wzVhh(z9Er!Rsv$(_ww)V3YlIw{U|FTZLn&E-Vj}GaB2Cwpm9^O zF1T5ML$QUO59buKs^Q&+)5h~HrPHpvcJ7~y=|C}!aNk)iiJ13gISgKk)gRnwj6~ba zWJR0uk~n0!ny2E!p0rJ#FMYrlDEe`s5UoShtZp)Y@Sam(sJk$|(o>;?RS8@JZBqF< ze5daN)60bB=RzT$hp11ebf)w95v{~diWRmvLkIh+nSc7&t>J5DZl8y<3y`F)7I*3c1I|HJImG5 zpD1BuDokR{&tfOv`*GkdoDzNk+(eT2i-Bbsu+_rSz=5pBDq$BTTrX0bo`A=icu92A ze`=%nv?eI@L^vGy7L}7}BXT|{6d_4MX>K$BMq?ck8l{6k5}xICyg#A-@nEkVrXA2??`19%{$p?`U_L?QlB$z1=spsaF`ZkBzr(@c|==Dz@R!Fyt)rC3=_O2PZ zAtMue`N9LhaSNisM;8Q1UZ_~ygx~bJ_CW1l=L@EKD)O&=P?j8eY?_TRdMa0%t*$y3 zUWcQn-$vrkFeg+&JY{D!9uEb^%m^PpxY1ZRe|h2RC&X}M^Q_=q;-G0Yxti}D$;43E zKt$Iunu4Gp0BO3sSs(Bw8E-jr^L54*|y=`u>5l6 zQ!rwg6^nt)4+s)BzhQ19=ShgTYmz(QoMUZ@g`ld-nOv^0D>Qb7zaD`V#IA z#$%T5@Y-o+`7=>BbS(5Gq-$g8K=YYGH}}LZ+i}}xRq$^al*&=>rdE4sK3 zo+;%vutg*wl2xnYje-#^KP?~QMQ(>AHRal@=kdu9^lrp3oJcPSIT$xJoBDgrZ!`58 zXVvl9m{|m4np+h-wzu%w**d=P(U5!@L4(6f+eF&D`(x?sFZ!Tn2~#9+wLuY6B-3hu z)&p!x^@!B8!@w5hKhdk7=%tJ$i2bVQdZIzD84HEjEGm}tP|5q(sH=s7eU#=mxv#0I zZrBuPNVPiX{R68*Q~mSA%+O_cD5O(WH_N&#sHlKaM5&rk1S!&0dN)7_5Q@?X9YSx*h5`}<2}lV@4M|9- zp%(?|(g{5v(p%`gc<0(@@3Yp~b?x__^WNuq@5?_VBV&%tXJ(Gy9OGBMpYOD{@S^ip z)m$2ylW}CF2pZA}dEU|8s|%U7_V$2iR%5M-dy>0_;i(9F-k6NJ zEI;dT3lbh7p1S3)c{MWrN@pa}Nku-g9dC2<;hx&J+9qU;o?C<>jv8bh7|vGy&@Hea z>(x>ik;_lIz>laG1yF*j5kKgD@}WC@ya;Xwh37PFpXLc!hMv-RRgKtZJnv*{?TU{k zc^X>5ys>(>JXmY77o+fmIw;f7P|!gkIIC^VyZ$xF2rnh1a6+tD5*sMf&#K4mXb&4{ zlr+Dpx`DnAoqvrUw^9^5P*LBg(^;TNXr9v+4sb4Bne=SP>axYA$L2T9NHW=eX~+o+ z+ZIY9j82)Obs9dW?`ectiD%NQZ&t36>Cpnm4n1UdLRT(hk*?n3dL<3rUAP_#;SP^_ADIg&V4<9A6&Aju zrJU>Wwny#W2%LSztW$9HuIBLFTGHUvtp%20PDix9zTKOm_ge+6EcL9m)(V!vf-dam z$Bicu8!Y4Gh$2&$j%J#Fa8C;%r+~j3suj^ywx&vGsXAz!kxxF#oC=oA2lE&EN8q-= zud-11VSdvWv(o^oxy!BbQ3I}tE2cH`yT! zHIhw8n3W7iZ4?6uWmxJh<6ix0$sly>o=l=j-rLs@BI#p`v*F=M=zM&amjX2^YRzMTx0k6{kpn2I@(SRp^AK{j7GQaUv5>FXULuJ_C^^K_rH z35AZ2`R<4bty3+_j=J0Xix-17_g(CJdJY>^WDkJe z9Zqj4oz%@H)bgSbdDVlu=9#(~)O^HXY(BhIg=HKG{ytb@-SLCYrWW(N7zaAoR^UkY zXe{5K$D3oP82eZW=wf^Q$X9LIAn^#Y;xl5@h^;4!^gs^JKO)enCmXPS03!M^UdNN~ zMe2lGdF@5cPP{){Yp0Y4@2XfBcecyQ3Fv4+4lin}|0B5KidLr6GhH52l>w;^_-Ux+MwU4fO!DwDB--P7)Gn{;RRil-ea?G!Mt*u&Q0!jx&H#l z*Gb4k2Je#;nsF;`i^)LigPgXRBSdk5{Ndocv*KqH5V4y*`YPaH@C}sCQP*Dd*Q4|7 z5npM=v(Fy^`5T>+FdI;CG~vZM;K<^$zx#u(d7xO!}moF zC~^+rE)(bNr1OK0&*x!*4bYl&V-RvEsQm!{474lfQV_Q-^pb@oMn?gJ#P_D`YXSKg z7k3`r3AP&*WH)U*x`)mC^>%-<0-Sz|tJ!51^C7WqRRXX>Y;ZGvQwD4l*@A11?P$*h z+qD%h{d#~?Mg6Y_e3WN#nFTUl8lZ~MOdQ^6B@}+eI3-;Ao)%r=I8S|dssOOmrD*Km zXl#(%-`BCGP!7k;*+-cEl<>%cHS<wa*-=o z=M0zpIg~GL=9M@gYQWGuYqlO2#1^@GS_O!1#?>6Q+*_akJ9X6NhHq&#aSHC);5Y=0 z)ut4FhD&FZ_UcJiWjH0+VfC??6)YUmxsvRiKtq3%LY}$klXzIi;Gqdhf zDdC7Pf^6ZSUF12Da(kA^@FI(IJHYg-e_?+s7a*RzL0R>+U!yc zR9-Ei3pO`EUkCbl*9U95Cno@fay2r_%voXIwOru`-6L|amQf;N`6ZXDq4s)#Q{EF} zqX=spM|hVdlIYmG`M$41;iQ5oL>j9a&BPxqIU-!`z#x@4x^W@o#fMVcmxZ2QZCcG< z3pl^iPfF)&oQJ(6or+|8I|FWR=TpUW0@lRryH88$M@4EIH>BaYVwD$VvzD=Dg#w*s zTe)Rz@{Nv?{Fi#wRQK<3N9JdTiDI7mN!i1>U7kS~qe$A*SXtA6A|Y2gj@HqEfw>!% zV%d1Y?mJ4t#j?YzBUL=#OOy+mUEU3Fhk&-#oN*b87?7-`HeUqBB*S^bqY=oVx>dLk z>;~LC3Emrb8eC4%rtg{(W_gR|c`d;R5XRgttI*hpQ``Y#QKwG~tr;cDpIIJ<5S7dr z{ftuw2f3{@kp)#bmJB8{l0J%x8+aVRX5@ z@7o)SuO*(Q!UcwpqAMP(vJ!iQM@-8n)J{+~iqKtBwryP82687oa8ZO45tdvL=6tY6 zcs!x(!XUZLAF}8!2?*r?^^7_#!5QbgM{Lp;B|dLwF&e)JSM%ys&o;77|5#cz$Ib^9 z&CAqH+YFqK&sWY*OD~UNod)D!F^<&JFH?zJl2E{gVT{aM#9lVy~57A3zqbw^OWLLk~09*vh z)mMcUEi-B+Ufcj&4F*7(Vf~^Eve$Yh>WA|>WyMEYm zJA79HK9X=wnN7X(NrWlrc<{4}v;Qbg_;;KI|KXX4@NC_;VRbmtnFMm@#7@R2mrorQ z(vtx@wHCa|@;rsY4*6VUd#W5Eo^JlF$dJh3MP|I53!2&xzdwXoj%uwlZUDp;-ux0^ zJe=)g7He;#mN2t>QXrvC>ES&q90pdkY(b97$F(MJOF~%s(g0qxqGa<{2wV+z?8W_b1%iOvG@5x9N)da91Y4>L zzV!1fR`eF|@4_{LTUHWge%{Zg98Nh$D!WJ(CJzbk2$b$Sr5qcZ&Pr&Xd3Yi+@N%x+ zosmr?6)=2;3)7KNCv#~}yQ!#e9LPy25Jzq+1(y%W&6xT^^J`u{3$X6Ruy1l4-6QP& zGMmk3{Z8o?h%Y&Y7vD`3~X|Iw8Z$1PzB3AFRF7*z{bJtgnDDH8_336okM1ob!&C#4WKNzb@7GixGOPB493Jc zeOHt1K>g4BevwbQ;h6P;mI6O1!mEO3H=|lbuQr8)DL`^tk_WYS5<2cP^Gc*A!EZQq z)mH9Gk_Ky}v6ym?7J8gf@*H^SI%f}Mn9)>!j4Abfs{dJAZUJcIDN-1h?_L?vlL|3j-tj`6}f0|Bju zSTRH6S#uGrUX6?X#s>BY%E72_`WfNKARn8XFr$AzOT3&RW}9%vjxV_xg` zq13F*S1i*VATmiU>3455GY$?wox#HN}i>6i%#u6f^g@xcqEb?<@13AuqSG zLz$IIkDf-EI~`Qnk*z#CUdFN|a4&yLx>&WHlZ@wm^4=n?8;@rxGSK7E%?-deR%7N# z9!XW{!<1Ul!@JZ{2iY0>xza&zDBd$6>fLt{Yg8Jc%4>_|gKd_l!fozUe`r-=YOsoc z{;Ws&2Ou#04DO_1#xqj=a-zIL?(SFL?f$-er>{B28L#sQu@{FK-_Fl3me-uTKZ81w z6d&i^0so-$=}QTo$>r!nD_Q-;uKaiX|0l|V|DL%2ug{V*!K1#8M~?v+_nue?%MMWG zgo4; zE+=za849)wUj0Eg5cp@a{S$UG+;l;-0=n^9Yi_mFnE~NBT0AHQpErrAwKObY|c)aCFt`shijet%y&$)ZMpR)OR zerjC43x7`Flp9klqRs5IZl03fhtCn5LwES1Si;X`8R-$bsthDHxZVSr)ke}~`|FWs zv{6qzq&6=k&qMc*g_IS~t?z3+<7upb`Ux9=;#5ZmiNSi%uSx(iqn-Ti>;TJa(`}86 z{eaH`*Qd?l=I$@J5FTkJ^kRL-`d_V6L zsU~(@ZBt0Y{X7=OeD9Oc%s2enHv&nIw(B62|FR3qE?+J$N5-_BaE>!|a zi6{(W znB`#W^)+N4i)|WKKQcadiS;sP8X;CxUrA|hyor#Htng(K#!E?}9oodKYwJSBw?P$7 zwdKoKo#qXJ2eo1J8J-2peH$(YnQhQY#FXB<(I=7PD<9@!#OK*sIlBa`8#nf5WL$e} z`q@lb?G37^{P7)DByTGkEl!N&Q8v!n0%EKxpLpn9(oH3Lx%2jd#jc~*jBKw{wb9%{H^#itxZ%Ap^(-xR zy^(DLEB9iqO%%{12-h@VR|F&pvIb8q;lsi<9Ye}bY4(*7qw>G@i`|Iu?_vvW;YvyY zJ!_Kxnd!Kv*NY_usDr>ZOOkHn$s!|KL01_=Z-=qEk?|XR*xP`&OAwO2{+xT@X3Iy9!p>>_>B1- zd93I4e3p29d2Kh%l1eYt%u*&f=RMM^))E8&nB;-{h*tHD+Vu}z^Xy~V!hVbR(LQn1 zzMd@rKGW`7?~dw~4Ci8y!ZcpcmWo?Tne>BYU7ER!KuWoU-xEelSvA3Ju^Ndzg{q~- zBosxjP|l!+uY}eEtT$Jb)=clB5y5=59bef-P+gIH5V5hKDby@o=ieJx+?@MUmD_|j& znsaC*k%bf|atSN2D%=52CEbC;fA0By(8;kn4N@E3S#A-0kHBuk_jh`>9(OntDK_MI zGs*G>ESgQZHxGWPN{~RA)&gja;Lh{}loGITXS}a(9@B8wiNA;aZWxJPtS8C*O4zq) zIby7|lI(E=+ZTO{rg!;Oh&MBC9Ww5feh*%6xYUBtW5p_NlyEZ+CfjTltD+)Fr~FOr zXKRpL0jHj?mK5XZ65L_aoBZ~wHiU<$vxi6G&5AKfbjlG2E-3g_0+ANbQd?vzLH@Y=1FPH<;&Lu#_B}`dL3b@ar6QcdHB&pht z1&R%2v!r!28=+}K%+wjuxGkyKxKn31E!oU{`13%flDi5^9rtY#4C}sPnfK>AM=rN|J)^qzLo7G) zb zo^&Q!cVe-@KLC6a)j!l(oTZL>U6B`nnpX4GUzjs%mzRiLEBzgap(t~x4i@tYxCfu6 zF*N_tX@HixE!n2Hthd-hm2LONBn?YkDJ5LpijXPNnDFz*k^^Tqj=s;i+orAoDwxWZ z*mH+7OVzI`J`X=@BiyHD%!?BdHrSr;tFjvaQF&*$(m|Irg~!h(e$gD~7{uP*-XK)= z5zLL~4t@zz*v`lZ)Z5XX<{Q6%asK%k9!xI6H%A`|J$f-D|7OBUQ+2}S=hs_*`NjUp za`Z1<=;&@JKeb8W`jYFjDVh`JkXfD;CdtvE!OpF10a_ia1;4%G$fDuhNjy=9j6L*7 zFC7uaGwXIhl~JnJ?k(GEqeUuibzRaulj84=DRlC4h!wi*yA5K-E>(3-Y`3tU6Yw@p z49JJ{OGz0faz4D5@D^>HolQfVF*05~3SjmTcft<4l?|+q$ZbcAWPB9_!0i>oQ|Xw_ zs=SS+w`ig}*~g5%@m%c+?9-XyT840|K~noB>$N(!Va(pDsn(+*cwj-aIzFC4-dJ`Q zx!q+prA%%&WAKlHP0C{)*1P+Sot_##m)!xDzYRZzlvcFta~HI zR=r}mCA%N&2kRaQd5YUV%%6Y<^h8u4Vy{@|RCkYvj6{m&2QZ(kj=tfS{u)P9%Tx-6 zsSC;EXTQmw@{qbo_o_r*D`|FX2U+2^6~W%-@m6Z=wf+QSo&{5!3HXi;i~^S12n(&< z`4ZqMnVpRq_f=FX6`+K>m2{6VMW>+=Ppzo06r^~D@H~@Uf8OYF9F7#th|o_T37^hY!M=BJie&Dk zT2KLw^f}=k{_vBH4*8|4GP*rckR4)68n>az?&K>N4zmKnZi9zc`sGtiDsmr+k9l-e zS@l&xh%NTct_bodYDPR{`<}mcGDf9|+W-Fz4W*eDqLVNv-bM5j(bh~=9w67>FHzuu&JKGMT*~`R;#i_Nc4&&X+fz4D zkNBZ{oLEX3l4d=@pmMCcfJ`BIW4;Ig2-rr?sw#euD2Vo(UwDO1HSokfsgU@*8ZgFO zG0~qONg_a;%eyqx^e)Ry>286)qlx~03Daeg+8g@%G+oSZ6Yan0)gP!lMMLBl%-Zrz z?I}{GmWOehuoKO9+_o%bs~O*^I4s%0^>|bir~`69CTJzzb0gQ5BeB)jF0UfcO$r~qxCoA>dH^|k5Ke^KXL5-W|U=qGvdcSoe2J&P5zw` zKS#&#gYGw*Jn{eG@8M-nrrGj--pY-zyYS4&C~85_)Tg3V;Y7qVs!ox7w%>$cT1&n* z%A6VA0m97Ux(5XUi~T->La_c8nuVDvtj zP?&@K>es4#6tg%wxo%P^bUTSP*sYx1r^__PAy8}#PCgAWSh9V!+8k%noxfq4lpQtz z%anpp?MMez0tc_qu8oTli1~Av?&gO^Mu@2HPJMkn5jFc8ljH57?Mj9ey)r01DHXNA z6l*y&oMm(&X38^;1+J~8_TAG1K56C2Z>wke)!F|>ubFXjZ0^cW+z29mOzT^4TE=q} z@1t^a6a~!EtGHy!&P@vDKwCk*<SD<^|EAQrlO8=QPxt;#nyRmm7ybk47^W_n=T8 zgtyz#R3ft0L!jcGW4}h`8oy~Qh|L%DEt#o*rwVMLO6{ACmFx0n+7z;_U905ucD)>w z=5RsFp{_V3&Db9MK^Blq@Q|_SH?^;}xq1hx^;FdkH!}aGqP*MM09>9>iM1G=0hL5} zmhXF2TI~NabXa04R>9m#nD=C&!X7#oPPCQCg^2fci>sOP!IP#XP5RO#ub>foez5S< z243=+#^jJW+C8IpQ+?->;~<|EBCKLH!taoZy6UgGVf8~<$WYyDBlx$7^e8BP6w1s{ z?IT(weY6Kx~j?HCjvLaz8(W!L3C zZkgPuipVN0Bbv9onSvfMO7wA&EAL(D)9|X07HVBKg4SGoaW0@AF~AE5!ZyW!F4czT?l@17VA3PLf)||$#cMZrWsD{ zBgO(TN#(Whu_pCBjcnGC5fm0dTz1mmgJ+Zy-*ZPdoBO1&sJFIlk(gx-{7`61^N~$I z&+QVjzLNXq{oZ|BVhacsJTiUNSNYMf=vU9tVda>2Fqn#lmt|HM6Fwbcr46We2Hqw# z>zN&}v%rm#C(8gXaCz=a$h4;msb;_}AnuD3WnH#qhA8AVXm2T&0 zh0kuG=F`a@YKXNQH@WlH)rFUfN7AjM7n^XgKX+$c=Ypxym~(O6-mR_uRUPx^{Xf$d z84`c0H8(4s%oFcI!iRb{w%B|qIuTn3+sM^^AXeNlEjehZ@qC9%WHaAu^kzaqea^yx z5aXh~pVSWRuq5vQ$jucl$d`HjdFk!vxI(FBGC_0Dsk~PU+2yxSHimANv|m}KVK`B|8(57r+Ou2> z>;(jvElG&&bYimoh4p)F7s|euX;<5siYJfq-w+abWN3@UhK$U1OaW*XZ=b^VKalWQLG6RGB-5bCB`I-Jtp2>gv)IafGqJq{je-$-6 z856{~xglQ85{_vvJ}V`4KSfqaagEze;R+Cnt!f_!EEE(99cPgIW4&&fgmbnWaF&@W z^Mz7I99f<647OknMW)D2qc(k=W$ZKmq!#fqY3dwQXSr1M1@{1Ee(ZyZ*w|yY{x&Ge zS}NV6bkG^B!|mGN!|x_R4mInYchNIR!nTAZ$AHq?8{LMPxGX+42#0G4ka`@j)&hXX z(w^%qmQa+&y*w{M(;U z$GPY%e`)%3?c47fe2_(vct1{WVfizSg=~(Yp=?g$mySODc47aq*Y3AIz$>xp2{AvX zlU@8Jusf@WkuVeIX9&v@UCvGQDStzh9~RW~fwT~HAf)N!Uut&$xD^M_(6W6V9F*%l zoXJy6Rk(u169|~Rx)WO3CfijlK#7|)1q!(|%^sBNpbaeNd6J}IDc-%Z-6M&bBgOtn zp<&;O0QQI8r}j(~D5O|P=kpZPb$^NlG|0Nz>3*UP68y-knb#%Soah_!aabUp{riGz zY#M2@Up}5mjoSlFG~!kvzp0ccuw~m=OD!sit2po*Bv-ad4GWf8GVaQTWsQtoE9mbs zvCc%P&sz9nE^obw@Gv8)fPI!}y7A!>d6s_O&TSqCS^d@@H9SQ(OTZWt{g_3Mfl-s) z8$?TA_apsfvrDf6ZVv;A(f1G{(}qk*mIIl?EV(5;4RTc{Qz#6C4aZ@JQBMN&L-rFJD;&F$ zn2iDijL9lECMk{0IF1H^I0Ivcgy?R4%1%V}HL9rKR5bZ*g0-SMhzm_v`^oPc3o%QI zr~vWk5qQ|>jyG1x@Dv%OJ*H$_)SqJIvzeNODo!x~HH5w&D{n|O<5(z}W$g<1>(a}f zTM-Y-2eW4aMelm)Kdw`s{r;U-jFG|0Z!Md&ylgfp2F^=@KL`MoGDfQ9T=k*8*Ifx) z4p}lNWj)E~a1J!3rpv@BA_`4^u>z5qbl)?h*}nC^-{fk3%Al%uLaeZhV!G*E-XWlP zt}b3n>an=h%%n;KDgw5qT2p&k=T3=431|de>UpDb?x4TqYs}Y=kz5(bj(F3aK`|U( z0LGMhW(HvJIGKHX5_28Rgz2}51qI-zH0N8uY$ex>Tya?KYHJk6bVxRIP^~ozpKMvf z8C{HZBsen#qRm&sgFaZ^?HjzC5FR0RSiBScoxB3c!5QpjxY*4|DRWk|j~nAhrF;|< z)*Q0zp#{{UWjvbfS!Nd5&%-mMk~>DoA(Em)+W^(Wql^&VO`%{dMG|xh`e2S`pYkoi z#m@O*wr^(mHFC90k9hIATS(YRbQ6A{Tg{|z6C~CW+5w6%Z}LBizS_TlCU~)ybp~E- zM8td43AcK9n&0%7nZ-VXRNw69JJKaU^!8h-b?RIt-eMi$kwwHCZttcBn7$z<^Qd`N zRr<}|WT-}~skxngu>Egh_{(qoe=m#sgU)!%DQrO-*S)~8Sc5O+Rnv$pyuP%O^IY28;n7e$Na_ad^O|%# z&y-$nrvLqeQFzPu-{EtgL60fo2XZ>~rFdO5kn<4}J=v`t=|`v_v;Px5!T$#5W81@2 zW7}5?n0?8*oQh#8yPVQ5lZ<`-ua0lB`(-=_g>r?Eo3z5(N zU-EfAVTgRi>0^(~RYxFftRB}BO7|zDXv*XWRRjeJ^^anZ)1&=v<6gf$c4{dc!dWon zA@J298E%Q&y3&-`}sqXSOmhGlk>)# z;~US<%n??`rwe^zM@Xk>%HG@;(zk$ zk1aVaw)@<|g{UJw81ajcjksM9fL=WIY*_e6Hg1jM<1yE~MQNoR!}gDJbvBihxvgNS zK4}JA0^egJM1M_#z(UuMUKR5z9a)H!aguAV!i~NN6l`YLrm;wmol-$jR(odhvEsWg z@1vYpAKqtdQ4jBpTS6_BWep<%HJk4G@k3d#A)Vw8x?H&7Sl@zZn&xSk=S9_=v6C7n zO{=3n4Zn0VC0yq+Ea-3Jb}3j&^GveCQ0AV?rf!=QLfolC;KKOE4Xn<68eIr zuq7s*QKrC{R#edSSVSH1>h*Fy7G}$3)(&OA%*O`8fW$UmKPp;g>C;R!b26CEUOOlc zNv0xko_f@)?;bP_vWWAT#p1bzx6`~=YGUYF(^zf$S(cg%oC}e@ytnk;cMk^5thVxk zhF(7&zLSK{^=p>mqAc`_xXo~Gb(m$W8;@O4+q&YBF*J>H>M#^44rP{Yby#Bo?Q=)B z$Eb1H8ziW3=YJt^@np?=Txm1d_VjJ7PojI}oN#iSxdj>5Ot{&*#PQ-n!ssx)vyslp zT8$|s0=CeAUl8$V&h#=;zN$)x7%NBfxG9{v&;9YDn z)bMD;EA!oc$@VBI|2>M7UT4Ux7*pAjj^g$$*S!9PQ<6r0Hqt;LJ6O+I2=xB##GvkcDJ`R~n|&o>&Cc=DT1o=N6kn33D5)N2(ofDGwlJ)?zXv&N*{XuQ znn^B`+SW?zLNqSvdx05?6ULlNKD8LDtJ@{A-F?)MZp3oUe=_s_pMLaj zZPEU{FOh*q(wgNH_b%NOBvJ)o%?l!V0OX0kQ~ogK zsi08FQZAf5WD7O=LDzdo3)_x{&*6+90(~7YWMadeE|O(R3sFsd+#!1y2(>;5cbK(b7(TJWqp2CsnJk7f z;EH0-Tr%4#lN^Txo@@DO{Ka4I?KmYK@gE%Qf1}%P!BOa6>U5$18^it0q1`McW!H=9%r_zxx#|YpY_iqdENL1h`2scd zmJVIIf^F1X7>wiP=>6RX)NgcjEE8^i6}&I(l8p#mhH$^2dx~iL2lFY+>L@EqDSz!a z1zJ^SYy1G*5KyKXmxV6RH?Sl%*&1I zfHU~objJ4!y#i7#u1u!vj$Rtpq{2)GizQQa@+CPz%Jmjcu-{&}ueQ%b%to?T_*{{c zbjF7e^k?LbT4`oNY%jU$_0tLM5K#xf6^iNV%_hywd$X;!>}huX^vrIw=;_{6q^XFE zxb)k*gSnoio1U_@CqmNBw!qS@EkB^VbuvlXK4xr5X@2K7`u)sPcdDbOq@KN>U}jD4 zhX~amVP{!FugxP6jmmG)D`Gh+e0I2AAQ=-qfnt!}y7@Pk^j|jo-*9jJlqmrzBQOoS zmaCU8d00ti=|EP@xZZZBm8UJ4(PA7R#Pw)i!a%Nja6lh6X)A3`YN_4%X}^hzlVR1V z>p}gk@43pSJ+Joa353&^$Y;(Dq2kfqI-OhITs>%a*YJK0gGH*`V2*!Oo!wkoc^hiF zwCd5wDqBJnl+2W{F{iKZ;orwcxEAShq+ycmVT{WJi`SQhn6An;f8XX8tjqP!o6D%{Uwm>yamXKae^X_wu90eKHd-o1}wD z_4BdM%cnqPhEd{*^M->hb#+jaQEorHq;b8LQ;NN|W%}qPtrCkk0sR(_w`OW2a;#)Q zSW!;dBpKD=TBbTrvYb?&9EN& zXX?@OBU+BJYp!ee;hXx@&Q(&h88}!ZUa1fY+hQE1l*DK5(H9PRPL~+EN*MNV))#;= z!KnW3vfPM5NZaFV6gp^+Fg6l;1)4odR$L{x5~{nmmGEV;_Qlepgt=sVU&+nX@`-^( ziG)@qzj8IcFhlk+R<_;Asg_A4{L|!rQI9pk;onCTk@LRP(l_}In zfycOj5#55H$%TrdRDg_&i^}+1wbh;b+gCo!DnB2^E&H9xE-MDRH#;DR5}Ja&!|C7g z%8Jc6goO&Z6U!g^)o%@DWRfxx&lvtltYE5$*o`2;v*Id(>`4+jubg(0^xbvbLr_wg z(buTwScg1;;w)b6R|rW~7D4T>A2u%uzDm-+7QWPmls3VY77>Zhbn{KoBz*U^G zihIhIu-<@5vOmmI%$R0@aDOwy(f2*y>ETMS^vQmiuAMa7!spA*bu=T1WT z+dRf(5Yu9}-oG&m+t7xzTVUx`#Kz3B>_!VFu3hLUVZ{Oo2{n^`l5dA^yUS?3lL99d zxetFsd5Q3G$`?n5e#qY-baiuX?2;5_MlL92A6+s|VphD10oV%HUw2K$^nb1XL6>OQ z-G5cIQ*6;wM!;j_eU&b3tuGg*XGHBLxu5#{>E7EJ6`5Ous4!be%+^vUq8?KweyugL z0g;`JNQ0H9MPs<#i`2s>9d(NwAs@?e77u$!9k^$ z#C&-a-T9oLs?FD0lIuG#Y!oxdlkiuF72MvA_G&9iHmfvbR`~jzk1a?zPkKdKq@_$xGvaTj#-T%M0-`@NcoZ)--cmB*7|XZyC^ zsffO5l;U3Oz8ai>@8=KiCXAdq?npJ8UG_35RAvpg5D#qlrYF$W2Wm0GIDF+N!h{?g zgAo)*6oRaWYhQLb8!_*vpzKuWX6Q9lG|fMJJ$^^uE9&_%Vkhlm4Cu0EK?2&^@tHR zZ5~{~>CHiDmCfHOHjBS! zTcRfKz;kuw>rTci+MEjr6%kwpR8#qkKc5S#b?K7HMUS>>{hZRiGYk;pD5?9|qEFdIuUf#fS(i z)i<%HHQ{?HQi@n0iU{?Xa|Wr+0EoSgI$NQY}F zR6#>SgEcGJH$z$FsuK{!k@QdaHJWBNsdx;Ule3Zv&z>nY0TrkGrCXB`8w4Ovj7-rS zAPm2{zbZE4Y2nU(lWMT|~l zn;Hu(jx$Y~+FG!3L@v)qW)3~COaDk>5cCF)ygs@s6Jb3rqbEhLW-{ETF~2igRW zXL|4lX4n7x^!NiOLHF-r0shd4f7K~T;%~@gmVZkoo18M4oHwIEq>`u}UqI6s&!HfX$O((5O-jF7yNd}DG~f3*5{#J|(OCjtH*DEJ!*FzR&4(|=+o#iTW19dL)08AX30x<$VZve1Y;Z zI_sMGu4h^Sw*apakZe?tauBKf+@9~5Ik-FyrMP2(q0gy&Q z9>x&>2ovy=GW0CDcC{Jdb5eWQAJ?zp69b%L@vKVSEZ9$tLi8Tp5}-6t8WyBA${2w- z3=_wCHVSN-VkRErSy4Uduy%DAXEpI4fM{r#FEoS6F#UMVM&aAxDDT_CJA~}84uWAO zJzrF*LUQqQuslKjTaJ(_P7 z>afoz+ow7TW#Z5#yzgjZeJzODfOw|dXAsW zO~w<=lDu*qJ#X*%OnR6P;`1SrE`q@Vu+uuvm}x?_Txywc*eCMDxw`b+Duli;5&yi3 zW{kKaEm+p)Eo@xC?Yz!FG$2rXr?SJI_EEq3sOGU&-wE!ms<4!#vA%Dj#3T34EFiMe z%+RpSdeIzh7Cf#utPzjgiZELN5tXPnLhY5Y-}fXj)&;|BUz;~_3Lh6!_3j~<(o*fm zrwu2Nj`L{7YLEAk>MNL;eJ|>T(1Fd`u@Z2y5x>!4*W2jWf!O&tu_dH7TJ9(+M{QcT zbrdM0id4HtTXyT0y+2y~#@^{htbN;7B7Z_tw3$mEvp$tL2k{CxTU59eu?T&GahxJ_ zZ$g(hu2e7GGkKvC0N&Yxg<4#hk{EIbJi$Z|72$S(8_Ax}d&p8n{c39uW^6bAjF1d^ zAhn1{ES^PbHG?|{2<9s?O1Uc^uD2aYe0?X?|qGnflR453@nz z>6N69jCsIxI&Z62lV5CfbUgP59nANm%r)~$OU>YQZlWS1Lz?jSR z(zYK_S%wntr|z)hKe+zY9?#y$UYj8)*68&Lo zAka^(7k|D`ppctPe|ViDI2dg}EeK;W>8heKu5`lcbdv%?hZ;6@4$z2$tZ$=Q0%AhX zZ925Hj&p{wS<*W?I`}B_*(+k|UkN_5(^BR;by6pHpoaZh1QiEQlMsxEHw__!xRr{`ISX7HShUL1bV=pXgAFc0{ z+TVzw7EJb@BYpVp8UIKzkB64ls>S1{oS&oKam|BC8y(SZ%Wi@!gU_1LO(}1Rxtt!A zTPe~x)p@R9vaMK0=fpNhHN(no7ZJ}7u(#6)PeTN|+9zI41sUK{=2N!jR&@3lg*L4p zb}oVyMQyc66z@aX?f`}BW&L7C5F`779$hUiMhFzYGZ5a5e^Vv1+7Zl_;%R`Md*$Vz zgA*Ha3-7h=B`SXoj_uIikI_;lFkIKoSu%dpFIm;T0ig39d>=*cD4D*q648_EfSoVMC(inD*}$qSRq}5%00;=E;5KtsWCgu)16> z6TA(7w&Y<4+m>?_K4<3TOs3xZp1M2}KJCSv#=C5fS|f(i-J6EMS|{}1arJl8-V8-d z1wkj!$A3-f`RVOHwze*Z+D8q8wmTPU4o#cj{OL7v&S+xfz6=yAzaEm(;RIXUNfp5O0ze%~Sx+#m2m9_*mCrqOou z$iL7N|E+)i$9sR?p8qXs{q?W>J&yd{moXVJ%%wJSqxcv%pL6FaX? zz*n*kqrS4`IGXDCBCn^RzEB5B!I`@odXdD$X$Lm9Yg7$-f>@l_%KspI?#I#@ZdO66B_*WOqtaLYQ5*{7;Ty;LetBnp zXL)C_$YNZ4p?_fK4w2!XJj1lP9{eYp_SgS9<7?_|->_7@kI>k&i7hJA{b^s)mgw7p z``s$WcyR2hsTM7Pu=1T}(`O;ETcgxuTJmk5!2fo}m^kInv2q$vQd-u!Sp(yJSge{? zCtyRga%LiIWxWd%q?AWRyRrjezGKEth)aFig27{e$6y5S9QSNKZ^EFX^*IkQ1pbuq z_c%YWWoTZgVHU}!X_RNlZmpI;OG;F7<8$d=%$;q$z|DSY&Ivyv=T}MBqLa$$TRW?g zpmGeuvOx^Nw^~k{zM)2;E-sxI%sp3DEmJro<9~uho_RvCshDp=ltbu-8({Dfq5?`w zH->bPrd6ET!bnv@-lQWOEHy8N=_c`V;7`I16L_24TR-o7`jl}snwHd5{o-(a@AlvB zT>oG6*dv+D#Oz;ZH#XU;?0YM7)q}Irf?9+qr5U$=nDA-yFj1>;q7v&(O>N@Rlc$wp z*Io@VJwRZV184tMB|BnRXj ztp|<=Q;-G{TYltETxJ4PgBu-k(gyS-#HA+D4?bPI*&@x1P{sQrwnluZl2-#aq79WF z&zYskf>id}#9uN`J*jw^UW|HWaJ`GsJuoLhj=YiM%hlE-QdF2nGJj!47ac58FtgqOXx$E2 zL)-I$Uq|U#dzNR-^K;M5WEIP03Qb02&if5Ic>B5MQWA<6u`<;>?^KeuR6}b2&9*P4>mA&7e3Vg<3zmC6Dq@O@KVLgPdQfjc=u(?Txm7@}}23l7}kGIL- zN>!`eJ??vKk||Q|dns8RlR4$>(UQgwgTAYz@Q>uF76=NM3BmXzpRF{bc)s*1qvP{U>zf2eJvzrXid)D$Xy_;7HwN`9+6(nw!| zr2!&WRqv3U{c)1Ak|?#hnqwiLyu7XjSTco!1wK%h*xo|UgPF_ zImF1t@| z%x868XqFkbu&7;|(8t_+RkN?d`x^Z%cP}uHj@CXxC)QH3@m%K=Z=`k6{HaVE4vNm= z9I2)?_`>n=QcMN6En>06UfKRZ_n>0~JSZhyPIpJr!zcplpz+jL7!zQmD^%RlO=t3F zuMaGqo4j;B$l?75`8v@St;BoH9FNVEb*}Par`Hh8Q`7{@BNs2lVgdn2zs_Y9Xy zw_CK_qK1T1NN+B~D6jPYS*il4ilfU(S-DJR}}j|W+Q@|2So4E!>aog z*54=P#ARjXxJk(igLyV*Sr93fsEL32bKUJ*UWrc%hDvXdc~0qfKj5v$)9*ts8uK>L zc8^O#9dQ>}E|v>qxK-5?PODKp)5P`Fo}@=RGJIcZTEr#ht}1+GGs)$FZ`coh^u5t0 z@wiPzV6;P@nc!%MN*n-f1%`10p8NOlALZ}TV#3cS3g*!Vew==y>5*~IRdJV9xK>xc z<)Sk6%rx9iTXF|hZdH|Tc^J8OYG~wQ?7WS3>0W)@O2i{Y#qBmOz!*+mWtb%i75aV*!xH$Nj=S=?oW7j z^P&9w+&Ng9N(dMe4dV?u(GDO$*6VbndKc0gq_6VGcIuZoD3WY=eV-WO=a@!$*h+ zTT2B#xgqS!X})PX@7_U-Xhx>q)R6}c`59(8PjJH-L6u;1ZnXKHMPFvy8a{VP(=1bx zTnzG1@iKNRpl!8eDnEoA>ocB9es-Wt?4-P`c8>aiWmWTdz+F1Z=E{8K7#PBDGCmRvkHeC*v^u6j z9*V#HSLBG_-|+e)R&EfTP0s5$8amkC4MqmN{U$uJELSSnKRv0dIqp)DXnwc=KwO(T zjo^QZtN=2&bF+<~Y#Fw5fx#ehCaRO8-8mSVJk06ivPrqo9T`-fLSeM@PrPo`C53lf zE%t@=XrhyoBuJ!Ea^_=G4MbvC!_rCA1bp~XPk*ik7+yV7?lEP<1=>eDCfc$F*9Dd3 zluQ_SjadgloDpkU1$L9uQ@F&%jX_I33u7D{9Lg0eMjmhPr~emK*MBM8#$3tYzUxm( z=M8~m^__b13xh{e<+AUl>!Z*uu+bw6f`gQ!essqcSw$vhk#~Lz)ZM2ZojF$$ zuSA2B`yS^gP{h2C5>{4 zN?L6&=5QLl`CK#-d3bd7bqLvY&?nykH^pu6>%BWHzi#7ofXKbl-u~-82Gye0q@<6GT0MG?`fJ z8%H~`)wIZcUr+MzDK1EMy9W6eHa0=_W7rm0c5Y7bz*XX$OiZSMPtp1UW&KgK%8zr?}R*uV*8XEGlf z3gyET&qguK`V|CjD6gEzL> zd(Z|)50aw+nWt3cMc|>FAV@&zRILwbos=e|tO*AN?)-^&hz{tl21eOINyAw{w7FX^ z)Zp0KC3M`gQC%8KUa`M7Pv5H{tXE8eTq`7oe0tlB;CACo|NHYF<&L-5BJyw&OIy1| zQzdJbRT~D9s7e$(82Mu9c4|{_b4x=XLzK_iwGDK0*z&6_X7&SE8pZFM1T3T2p*_xRi9< z4ZR;HQ(_C1)6&j}I9<=TthbXjL3AX1Q3?@t6A08(Ww!!wq~l538QP_>>jd%D)bf_m z?{jT)w|k>TC9l*;11eNqg2pH3NEb4QHAcSZ3zv$PYnvfO@Yf@}^oVRLVi)(olXN8UNqMubt3 z@NqI7V??d)j{4Mc`g)Ii94rLRK+1)8aR6O(%--kiwiHr*)m5vv4=&#M7 zH+^~|o>`J6eO6VYsl@jM09;bZMV@#7XWRaakurfAwpQ~)V(E3qZY#?PtGy8E>dH&a zGrbIVY<4jw)X*GjM^!y12Q~&}R}rpeMT|DM850lLRXN&W`FjFbXuFQ4$)0aC&c#_A z@9Zw#d0Kbc=Xzx)ZU3#WI$x7C&|L*i%K=ClyH<7H@l1PTJ|*=^|6`#0thaDti&aEz zngn9xW!jyJC8}h5SILKWimhVYr6UCkgBMEb+_#OHj>n|#f9e*A)}2&4Tdj=Jy6Dl4*)7X%%m#M(lX(W6<-wa0QZuHX*q5S5r^n}-j6teuFX;k z$M9L3^QYc(*f9M&h?Z`Y8=HNb!@pP-wCPkU^0e-eN5^A>NRn@O)CGCTdkTwITlae9 zk|l^t2%+Uu@)Xl@u#BkKU1=>?GT;u;68q3MxMd$WB}1VpstTQnf@oKQZR|~$A%kB&Gnyp)0j~~7fZ?~EsaZpD!cAm zcok)jA0$8}X2&c1&cgY(MNwlRyjzuF1L!T)s#|dch*5c=+x)1%ebzwC1Nv#L2*I{% z2}+Hg*yog@V!0OnHu&pi{^^FzYM$an2vB8!NS*5qIr>f|wzG|9DHGquPjjSpekNJy zSO_m}oR8qo^#Fmw`|JJvX-V%2+acQ`zGnrxtc&1}G8r*yDq2dO=n3%W(s*iqmqhx7 zRLP_&K=zK+%NoZ~n}cFWeQ&qc*{q1!R^^A01}3x4WCk&ALR#v_C?f7sOuop%Yf>)C z{NtK+oejnGXqE`PFlzK=MEz@~(-$CCH%={D`=;849d2 zM~1^P?u|dYLXbfuRloSotZDVui6=il%%jOiRCg_!MOgp-k<2Fh-ze1OOz$lrp$jtg zrR8OAZS&F{C+U1wj=DE2_VPwB0KN%rUZHwL24r3HNkR~qrPEs=5<#D-sNST^!d5AV zZYBF2wf3(YgKIwcG?dg~`p86SCZyZU$=8!*d1rV7AJe)(6} z>c53S{+HSCKTh#~1JeCJ^mc}SW%J>Cd+_qf>25d0{DXej)Wg;bQ^4;wd=NBgYm>AC z=I_fn1c>fdnsCymaYya#cAFLJ>D&<1?IBQu31?tMS2*JUBm?8!rI$0w@CKES-O7jN%GJ88Vy z*tE(C@37Uj6&SYizv%P_;{km81mq9;fZ*>ug^OSoHz^` zHBw3v%0s5JSOzq@rU_x_%9z5mn=%4Q+>JskWRFit@Ls@klO{}wB--N(WR@kFLB2C9!1X_3)iRdp|5Me}4L_yQmh)zO8(KhXb)5023tTAY*;NM|_YDS)gF_4+$j}x}m^3xy zfVlo~=jQ`63YyhBM1Mp z3))$G5&Lvp*i<n8EcGTx+Rd#JuaizlC`c_#jKX7WptL}W>CWjjzu0`3&T1+<2OMgOez&tA#5$f|sruSx|;sIgr zUEP|$@yH5UFK5T_*7x@YrBcKVn}=p?4pFajQ0WVqb8us0(iGvG^=?5bEFte{UA}6M zjjy=J)_Kf!vBa%Hh#xM))37)1;Vt((#N&m5DM|1!jhH>K*Up00am!vh8(f>CB;|L( z!bl)3clb12KO8e_&v!H-N2{3H6qY39|1Ao3IDdPN|RP@xnuQK}X%CrK&Mb(Y{D z&%$(jg*$mxg_eI%QabDV()9^<4$8JzS%Ty$dl@Sc=58I6fxVIJ40Rw+rIB(>Jh$XH ztRl_wPSKOP`-5NjU+AHB3~YX7dxs2A^Rg#lMDkjHF4HqG(rC!0B z<3$6xGn;05B5HENWB!&xITXwcLsJ8+;k`2C`)J~Ah2Z1XU>e zQM;xQWt)O>Gy^FlBwWtmP>J0o71`gDEHwIjsZ>u+A~G+tb=w^(twJs{ljK>NYp>n} zwyqzZBq4cz0m>GfKKe8LE87oK49^^sI2gIuQB!KYX!-E7%It*0K@5n2=n{pA(Q+pk zfc6pBLC#ciB3WG-ZIfe-(8VOl^0$C}~fRh?y{F}86>3Ggc{L+_3k4m?}b|YMkY}5Mn z@5)CQ@uhKN5Nwy8u~gL>%Q^}GsZ2SvrajFG6ueO#W1r}gmfNYK72y7{fG^o#1S{1h z-c>#~)ySD)cbh~H8IF>+LG4eAT_t95{l!cte=L;uv4xQlrx5x|`h^AnZ*MW@i{Hde zGWJL+cw&_Z$7s(9+c{_%!nvh1kTKFYn@RpTbf7#e#toj zs&(7zcK^yYw)ewEESuW3n#3BG|L1qXwMJjrzQ|rl>D#N}+YTlW)_nG>V(ls?K%o|A5oDT}WLJZ3uJ@L| zuraGZi_WNomrSK_>eHlRLL`1PJQJyx=&iy{**<#D;1nx-}kO?ybu zeBi~Y4aMP7R|pK5jI-N4K~O|dsz2PM1PRk&6+2C+_|K! zX7BE=eN)23B&}tu!q4+Ja~*5(p)d^mNmZYbr-1HqlBONqRZx&ddGD+O8&9VW{+#;^ zIQR-k!T*y*&;V9r`enHqSSjxt`rDCjIfLI)55J)#2K>1c|LQNAxA~%dFI1OWP>LG+ zhLWiLkJD2|w!h_N{^RD9qW;lxevc0Sfo@e_tQ3?8>9!J@eeQ@R zb#(!l>EKm=9&58P#>KK_O=g;E$ft@d<{*n^A^9as-i9izpC~_d&n;4iuSxTNSRoCx z`F@;%!Q3uvi1HVLRC~?@$_5%2Tl3)~!FG8kDKL`%W%hrWA^tji@V94(Wxsx>(N6(u zaJtLkbh;w)%8|PqsGTec!58pb(>0qcPi&mj0({GG{3~1IlP`^*`%ywPVR zuq!w6H4f~2)4r5qb4yg=-Yn!RTmI32@AM5O;m5N{-HQ<}J0ZJqwu(1nZMuKbk z8A&boJ6cELk-=iYdy{KbsLJ9Up^nPCYBNya zF*}=}GrAQSn*NvY9_kRR%HCcfMZSNkU!kB_)(<1|wrUhVoKsqbVOBzPWcR0COmeku ztu^R@jZw3zZJ-jMsb1sa%0=1c|J_DrLSq zh_Kw@#CvOg-q;1@k+Dn;>1Tf`Wc)=m61GlyvadS&mF+6aBA6>AR;%*H!8WSq@IK3} zNs_G~Y^&A{-w)A{uFx~Gp0J2>!C78>nBUc~GcQ?rvflyUiV4e|g8(_0EiI88;Janj>UXB>A@B)|R#N57Cc_#J#u*Dr?*9zla(2#w2SBWCEE!wZS zmfD69S=gR4wFz;#GuQXxI(s)Y!w!WnwKt-aIT_2Jl15u%W8FN?E)Ggj47bO8yoJg+ zxP|~Xd;G6*b&`CIe3Zq~FSg5N?MB4uxi($rX%tAom(0ECde^1@sx-cy?{&L_w^&m4 zPLRN)vFE7Li=+1zxBW=)C&MeSs-yCOhUk>K^KE5!n=cN?RXzSlJ|A&Tva=xH_^}x& zKR}~?UzlglU8mBG!chEtDV9g0Xh?kcI=7Oa{LnZG+{SVs*Ncg@y)6L#9_TiDJePUY zM}DTdb7jbk@xmU4p39(BYF?lfGYlERh7K4m!A4I36L`XAdjBNCDk&{(75#Eo(=6x% zvsA0(r9lFW`+3*o=PJBUT$N>8mZVSN| zr%;v1C&!ZA5n7%zo{=l({6LoPQW6+?=Y;t;B^{CvV%r=r!H$vvHk;(vMCPm6PeSaw zOEotKo;YQBKHQY@TfsPb>Op;d9i_T@q;GoHVpp8xANTi3d8=THynVeo{I9~SO_swv zY&~{D#bf4kN4z3~jaK_|iei7F&E}ra9l@ix-xZQAOnUD%`ZRMI2MJsyGMs%TIYu^0 zM-hVu-KV?R`RZoY*tI%7f4@nxY`j(f_E~_5gg-D6At0F*lN||D4NE=)_J1ev>>;#! zcqDFq3Ye}!?SzV|*2ws1D7%2;ri=o zlIZ#BS3F&8>x-WEKKis9ax~Y9G4`h@4O>Su{4w@bGhiEy`A05~T;&TsBc85Dcwz4i ztViRzghbUrc+D9`06abf<|{M)O^f??cmKpgBrl=1(qK!gx?_jo`kennAAHm`j1|K< zpG1PaT8sHo-+ zdSW8_zQ0Dx@9DXl6zq);5=iq0w1KDNWVuH^`n`ddE_!!7W5U&Q!2V=M7RCP9C3Scv zB{~Ht0xNEX2zL^hDxEwv3@K$R+l%iSEy9fLOK7O`J}p`;R;IWDT+zPIrp`&RyVtSI zlp7P1N1q1>xMQYN^wG-)Ry|T**{nTeK zeTy8L&W~v-wvh-jSax&n={}jaZRjReY3=Mi$Ll*6-8Zp;P)l%0T$N*uWx4A?8=T!8 z0!el2!Wu;zGAEw7oZ*YwmpnB~u0G8wbzVAO38*vmUGuoHX?%O%yHvWU zv(rl49xq|-9!DyUj8i}sXA3nH0D-d}5TkcMWk>Yl^qp(atzko+v@$^GGCJ2Ss8TS4 zK(r%yQqS6Rv`(iS;th?Q#JZ^0+VcEb7l;@TV$@n3Wqy#a*%w~>!Q@sx? zO2gZS5aNcJbwxl~-8aOg+PQ)9eI z>&>+QVgzXerLWMzvHWV9JLuEo8#UpV47_iAgzs*T>3fOCedlT!cwywGs&$6UST#H$ zi6jg*{5Y+wlc}7tD-Mv=&%asRJBhnG98}N^p~&ANP=ps>GqJg$h~KTVU);)>(DkVU zNf&JfX?9n^ucW0jT;5g=d?7n3lY}H1q5(*r7aEKzB-?a*^ZUh^J|>M+>cPYA*t{xr zH#*CrKqZ6T)lYbKkNemh&a!#9!@b~3%cZ_o> zWU$fntkJ4~$cOa_qaqr8{!-GHO@6zPt<9*+B4}Dh_|oA{8-|GWpSD?B{pgdYuW(pB z;qzV||354@w5x7Tz`miQqp7#!o$^`G2vRl;L8u2CDHdjQ=y5PUb zK#!n3I<}HweXH*2yOxe9i-QHE`u_9x!L0SxPa?=$i}8-ZGr%;0fHgInIC7gp0kXEhz4MjM?|i+*aC4DM?D zoG$7bcn{0SGh+#2xFJ!$^e<1(4#)q{xVWA1%1C#QOS<3!g&FGW-NxGu$mT83#LaE4 zFEdLK9THE>OWw>@vq$yVJvK|7Fh9VSXt#k}iw7QLWF#-a&9~Gp^!Kv7`ie;`B0eka zoV_(l_;Kvqe3xyUv1#^rB7CRFmJlJ12i(w{J;Z2UBd-?|}EQEh%sOijC!?&nPn3ybv0&lj21Fyx{oiM^d^ ztAX=57me~oL;b$85n}ta^acw^H{CILSi^vMyUi!?@+HO%5U}NamAcydjtHk4#e~a+ zV4oa1kMfNO|Mup6HA7yO2gNFISaMp#%A3OAHXFvD`K9IgIOmK^`rMTav+ldJoa&9hlr)%R z;06c5{)clK4fT>kpZlxY`sKUtqG9V5z3(bPr#Wb7 z#N9JaK8y4zZ8wDkWRDI7`yHI@)H4%+5K4xH>Ri0gTf%b-E9SF_+V>~dm4ExJ{~-tm zS$o=Ia5&Ykl`{!7Zk9V$EV|n0NzirD5lm_X7MpstaCQcr>=RCy%6n&gf5?U}uGq)l zFuB(IjlxXC>dJWTSGLKJ+Qi47&ZiYZA?nLKCKFMCagVJro#k=U)fzY^K{IN}5Yc&w zG{R+-louSpoZ59E@V?PBa-(BzHLO{bjKyKj*{Gfl=s2&s$mw+Ct53!g!%OFF4>l5~@?MM{Z`v3= z+bK}_rE4y2GVhskOTB0y{U@lI&J844PQAi?%E10a)BDL20Ur zM3<%@ZDt10lMK#s2zGM+7q2x)QJwyZ;E6L{PQzz(V#aSgv4B`SF14kA^}Zuuyrg6- zOqBBMdj{?@`KHRVX=wn{cYX#hT~liOz~IWqWpEiIoZWf6d>d}~N>*I`&2zWk%bKEl z4VfrSIEVR&wV-$lFUd#vX4kMnkHiJH3Or$Z3aqC;t@dM{ViTP26#fR}dNFKWVmWzn z%&6~&Zj4&DBq#@oc;4?7ff^l9i|cepM~l_$O)Dy<0Y{Tjzc&5)&G7U$^MAnwk3W}2 z>y`DPda#US?K*B&ipgNAgP`!P;pii}YR&88v zCdV=+%CEbVdZlD|W^{Z@(xIuUL>CrHFomJRs#r!=oY~|LZ_|4W>K3ZC29?+a>cBqH zqW%wwaWsgIe?fi6X}5tlRXI6^OeZJFRZ=-EQt#^Fl~9SW)bCg1?`6R97f{BQQzTC! zu{zfDXhZE<j$X+F)lP-;2eUzxx zvQEBA>1m5~D0=P2EO5-BKI9tKi<~?ezO5SZctt1vQ&iN8C5<%>D@Mz@r2lpJt`}&pTKRbsWQc$(|(Utd%hyn-NSxzIh7&&hDQXG5DKU^XC`X zPy8q1tZ<~n9;|I&XdwL6IKaiPXks@&9cx9NHJ|PVSq<70RN%T+J{6?%;9(LgbunE% z8tc9UOGL77ySs}0pa6q@>2mg&pp@EV&xz&ASYH9*mo zfar7R`j(L!``hCCLgnC=K7eWaK|xx8s=V%op%r7lDM?7^@*}ZQkAp_RW!d%Y@&7?3 z(0^lXm-Ne@_x#`6JC}P{v+Vtqt?TGdU)jddM7;k7OD7=y@YRKvU)jzdGiCekR{tn7 znYHR1)mpRbg7$e`qO?cw3Z7V#Jxs7mW;sUw>n(NbPQ}@N|1WKd-EhI-(A-D-AF%eX zWFgu&(|UR&eiw5kkx0Hic}O8(+u3Y#qkGL2PHvWyVOR*&8 zg9<~yV6zRMypv&Agx7`PF{3~?RQfqdF z#{9jetL*E8sLd3WkO*R7KUttWr=-yAA-SPTf9;C|2;kB{~qvdeX$DYeGvZ#WvYMX;*Z&fNrW=E+|nQ+R#8iO?of)<^#cC z4fXZqK<0#vzb3N7xj2TaL9S%n)XXx$QqL``ATI4)>D8%(i%E0nH)@;jKQD{8YXAUMnJMAl5>)}lM z=E~ll65=b{{orf{Yk}y`?OWli|4Al!h!$GObJtogRD)B@63T~ehGIXa***r^yWA{h zZ}7c)G-O@=jSVvn&{Ag%emuqjDLZwa!$z`*?~z-?=e3*msKG2s;V4m@>9?Eu`S`s( zn9GDK?$*2Yrp*nxHXHu1?2eOR)W+;@tl+uXSW-oQ3JNv;X$Akq)q3Y}jbeFdKo8c_ z89d%=wPmI7+(5CWB%*LJujEVbNtSk<3WhY3KNB~4QVop{ItNkZXdC1Cr;$~>El}`G zOFlI2I=FJNe&}Jj`uJ+M&04U)I~+Qj9s|m`8eNKoyt7Io39&R<-YNKNFI%7Np0`Pu zW#oNaG;8YQTAH<(n=&=*O7l+>v&u7Nw2yIqVqpRSM8T2hSsC^;b3l!e&*rCrQ{e9; z@m5p>Sbu3yLM*0RZdc1wAO$|b%JZ~X3xYd^M1vH6;ZbTL3D_^+C ziRZFR-WS9R@VO+?ncSM|d6WB1LAU>GD1WCtfM4!>1O5T`&4f;$o_)3Ym`|3ZE1{t! zdpgG)5KE%PCegIoO-%3Pod3z>TS8r0|F6~ z2Lqy~RGWzC9!*2$ItaAT?eo|$=&hyymGt>IVQV5!f_rUAG-*qds}|WvSH(3HEh4N3 zR9ZFc09*lvoK;c){;|7`L9pF=r*f$YUoyu477hBTpJ6U|{^fFBbiDFy5QG;5H zciC0X_T#@BFGe4RMxWw}Yj5V}b#W(dJPWWLrD=Rl2>*oD1miJtFz@wK_kUuhxoaa) z;Fp4Q>sEVS$SarOE(UwWh751~kMlX$#AS!QU9tmfWq_$gDsRHfIf2050w0-;R@bCE z$5fD=fr8x4qsgq2`U&VTB5-*V5COO=wc5tFt!qB^)DZ#Yr4CDAynV%vJa~4>dT{AF zTOY*D{(jM*p|`IS+Zhbd8N$BJ^T~Ja#i$FxTxOcxbt|+d}{F-i0l{LuquGDoo$`A@GHr58f_IN z!x=GhT`HR5;>OK;G9o!}mM_CR`z@wR_b^VVd`K?Wh8In4WFgJ+ScKn$9#zdYX-lQ7 z$680j#(l}^?s;?x$>%Wd9{^U##mefnB4=hbrwQekMu9DK%z@8y|DCw3#XJl7p_-G0 zmcE?#E>}aB%t|&oTvIC0aXK8v=)>yz4ooY8Yp&Y9EEp+qOpH}64TFuGb*8(XoSMfx z+c`MK4!P2U+5?_T)R=Y6m@&Y|=B!59=l)nx<-ZEW^8U?SN<|XC?>omF%@(xu#}&*Zgw+#x!8A(cQG&^H|>~-@TB= z(kF@5or`K8^VY0a%-!Q?iDc4cM|MyqI6AGse59(Y;OgYsMc#YU6$;w^%kLb%yV(`g z#5Cd=c0AL&rEdQ#fkbmfjLHqRU&iZ)Gz-F}HHBdUw4GN52Q6UI$0ejnwyIPiXseBA zSr_*ufhX%V_G0+BjDy_dn+>jDp3jijx%35N-kHueq<7eoQYLK@l72hqj?7|&&u$2* zB-y;q7j&-B0wAV6m#XcD?cEV{BhNXseBUWNR3L0M7XXBn2aezw$`#N|1%hAVZr{Oo z*}cPx-HW0nCiXb9>apcQ`0f${RK5y~y;cCe*Z*qM6&z=)Y#Mw9hUgMt|DF@;J{mBv zmj>Wndy8}<_(=s{D$$W{;7_wGC(8opoxVLKPhXYixc*4Yv7@acl16|Y!551=YL9BW ze~#lTH@_B=*StoG>(AL9;so*;2P{rKUC>_6y@#W(QdP=LXFRUvYJT_Y_bNoxi_s?o zUNCm2zI`#BrG8$pNj(m_qTQ#7C}>m}eJl*o=VtDRsQ1ELTUzs->&VNXhoN_Z^UO z8enyUTBVh=MMlQ2iC>v5uB-i_f?YJ#dt2>`^o8p(9u!i&r*5EK94RF&<%A%ga7u2l zYA$X?!WVccd1i7(+o!Z`*ieV`<`H`lxwquu>5pqJ0Gl3x@z4C7Eu4=WhQ*~|jZ}^T z0G|-RiZoKq5{Jc~iTqBEzGywfUE{Az?;Kagc;#Cpj=#DyUL*%Jxlz5| zu(8rOb}PGOmGrv(HS@VjT94as8!>)XravpPQP0+)R6aU|2XuP?`T0?JfgC0fefS|P zLO8iL&8tze$>K^j%hG0rz0)NTVDw|*h;&@DB;oBnnf#B z7r*M~W}xb3s<3jB63K}AERcAXb&$_3M6n~e_N1f#O{6J^etpFsd>1!kl zM?S=Wm6N9tjp9RSq`AA!CC4!H)olvo6jU~D02<@$er*%%ldWKY6MB=Br-7N9MFiOJ zqmvR6A1f1HxwQ8K&fZ^dxk5;<>37RX!4`1WfyP&*R!Z>>7!*$&Ip!tceq!+`qB5?2 znUZGa;-{`|90MD!h*POo4Pw8A9+sTDI-{c0nk{H5R|1QtHlJ)9A|*G4|LXH&-zPYi z)b5z^yV>Uq{gjlC@jXofx5J%KW?F^ygSQ}(w~{-wjo$H8z1o1vjL38Wcyw2XzOs20 zA>V{MS%77(2Nmg{O$IM&&GwbknGxA@7`uB!s)3EYhsmvMq#s}&{F_!}^+KWh>&(*|%aS4{G&)rvbo6>XF`lImnkPSbh;780GraQNZu0VI`*ft+RLxGB8FI3bg zt|jp*>CJT_`9fIUGY43nldy3c*uKn^p%P_2ZToENd@pa#OVdKWlCl=4eFh!Mklw9b zK;moIhq-Uy`?#_-7sY$5rYiI8ByWxyA(PMl)^-2Y_PJX?%(IS z&-UY2Hv8ZTf1blzEYZ^0Eb%V8znpoVj{H}r{C=#8`lVm74hzlcU3xxWxR7s_cR;&q_@u4EimU}C zz=Wyv&ODTHQ_}L57%gk#8#$26e<2f+KhT&{f=4;JZ`FMx6B6|ey6`Bi5q_y)0KAB= z96c*3kb`V-fs~jn1>TG)$)D@av}qWmHvQxD|F}7S$m9H1T28=c?lr%67<2OKNou{z zu$AJjKV2)dnerF;}Ma@~|7GWA^EIvB(h&IjKm$?;$_4>={T zVX|OnbV!wM-Bk5f$+(i8!2A!!p4sN<5v9Z>_~ZJpg zTE2`UKQH7t^MWFs4HIoQcy2G8=f%K6ii^Sid>U@$px#E4t$N{<$vGXqkFbbY!=HM5 z22u$~qcNu*{s_=@sG=-9yBn>06)sa8nH9cq1_~YI1iyY$>I5 zcrg3TVMe!JRCkyCFqi`bYVUFAQZpl{vw~wWZx54U#ehR;^NY1ETuU?uK z%79mjQq^fVY=VRfJd=>((#ZidQ#2=NRlZ<=!)LvJ{?sa~t59lCY1=<<;AI6ZHGK2r zSRv^CW_ZUwwOIbLNGBgD2s5 z)xdu;fu7~!S#OdM$;H=>Fl96HCHPI_t>yCBtrK6_nAqTr%5Yoy z!wc3nP`y;}IJZs#k{5EnYb2xeg$K}4vq_JV zR?_gRUQkd&M|>L$J*daYJJqPC$vG%Rrq5pd=uBN%X@rOTIQBl z8FZ;s&rBtNh;R>g_pP9q=Q^|u{4e(2Gpwm~Z}-LNRHr)8i8Q6i6hx#?K)?WjsdNx9 zKnNYBN%42f?>_tN zbI$&7#-|Y&$u-8f#`Qeo|9|fLcefWg7hj%TbcFJD%!^Wumi!O1Rb@Wzh5Pmbq9%z1 z%Z#0%A|7fHhR||BhS;4ShLUgs+e_r_FKwa?*eSxH_tAZ$MkV`xIZ0zq=u99?0Sc9Q zX+87Q#=Z$XjpntUtAg^98guXug*tjt2LsjpqX$K$;o_V#WGWi~M^dp`JJiA`Yhh2%@IoPQ(?EcKw?&cj*q7Q;sr}0K8$PFNW;EgCzUoiL zV2i}UNQTYjCgAZD6(z2x2RuBbUVGWbF^%a5L%(IT4*b_?MxTSb>A=gcJ)}nSi^PFBzAPBh_8Pz4HNBaJQV_I4KzC#|<2Hi197fecX z-m=lvI9Cv{rJR$o)!Vo*pzPvdBb6ONn;0#Mtj9ss4&(0aT8YJ~{@V1% zzId{Ti<=8lWhvwa9qAQ4ZxHn>Qco0QKa27mr$C*IUWWbBxF+NF)=@gr#%pNvPLhf( za(kChm^v&pZ$N*llFKDDUuB;jKuUyVTAuS+^ymLNO#8}Hf#{y`JAU(BgP{p8_-SuO zn;(T}bJfQT$`3YSISLWPYzxWLxO#y)k&g=d?&8l~hR6wOtt$fvsCa#RB9U}==ze%{ zu{gkn+oY*AXkC+xMb`KPdh2vnT=;Tut_vGA<_r7cLVsm;wxK?D*;$%@qvDy%V_;g} zSOsxD6UMLAKK<@fev7q&kg_?e)xM>3{L9JAwu&g4mo_lKH{OG^iA-vng*+{=`oZz* z!>Vqxb%8}vqeEGh$0I(mBv(+Z9e+5!Wi2?|xauI15=C~Jd&v8TxR%_Vn%_4t^KQ0l zf%Dr{?DFemp1x53HW}Qkme%oY&xvibu~@H>i%l+JD}b?M1#Bky-GNt{tLx~zfym&r z$)U&(4j_p$8dKt6p4KRiOtzKuP4#MG9#b53Zl1~5-j*2C-sg$(*q@@h3~!;w1_37Y zi6Y>tK5wDVgyykKJ@CHWtxj*I2L+{Fu|(w<3zMq`v(pXFm*y)wID{A@ru#RR5b8cL zxBaTSURl#%W`YjLXO~iY@0K`ZmKw^cx=CMLU=D7_dRUA`)=H<*8F1=g)#yBAOa2(s zDu7ri6zHvuWyC=5lv~xYAIV5-{k9#ssjtkA71(md%L3u2mX@Zmh9)L5#XYhbJ_(nD zRjVQ?9-5i_Gg@~+`w4UYhi`p0z>HYOyh^*x4r{MBvUzRyvQrCEBc@G+?$`$HU#n`R zSQiAKq}Hw?T7KE`*^hC*A=o)_begoMtN)PNFZ+8jOc$C!zuRSE;^bQx{h%*1s|;a3 z3-98t>E(}{VNY698uFthb1_PK!(v!z`$388GY8QzEUlqw+{F=|JBW*)0Uy387x%j8 zv93pzZ0$RMJ61iSpR>_k&YIS^m1X5>B~jfAwM;g$jk>x#AonrO(ViaL)-EdVB(#px zSyvhKX$#ypvD6;mC|c zMrZs=0m43h+e=@xWsnIXHtFw3i9sju&q{A&2A%w`oXmi4-`uau%u=Ej`H3MU@~!Bf zV-YY4fALuBP5`auZzz<9F2?0)lD zH0+G1{Alxwu-FlaJy6ef|6zsn;BL0Z-tq|w$9&7P4(PW!5W~S?Ln{r5Q}{*m2&*NxPTYA-F_vawV<_reUPTN*S)d)M6Xh1W)LhG_%w-&;$> z1TqoHrIwx*G?yT38_IfjHj1vOP_(R*nnWb9>h7 z3_2K>=Nu78vV25@VvyK7lvKSc(Upr-pI?X!^xGX0^c_a%x09^fo8k=%>CWTeN z?cU=Z#2gwy7CzbN6DMq*&ji`NVc;xZ)1vjh_hGr~YImM|d51n_UVCL^vgHQ*V`ZA@ zgs-vV8wb~?7o{jh-xrAtRttQ)#XJs=(^o!BCGm16t=YV34R`7=XxHN2B<+JAXCie z1BSnrTP8`hUjwa`>pBu=>lm@926=EXr?LYy<9OrnOBVG#6;44&Z8^Q@mz((6T7E<;A)3e z%Y#zwn0fTx325Y~Z)=vaiXrk{pyAEnX9 z^o)}kE83=*$+zROivBmMP8cW6+i)iyrX|+@@mUvb9bFiUuqE{~LBSsuG;X zOhA-KugTkjyjrm^dim*V*15CXnUT!-nmPb;Zn?4f!WzK!J3O=n8}1uL^SYwVn+u6#?87-CfX8XouLkz1E z8qZ1w*8;<_fCRNCTLCXV?ZO&E)_L%6mk6ijGLcW%dSFjJlVMOM2SR;@1j?g);KM zaEig0P%n^g0VM)x$7*cy^|5PH3U!o)u?Z`b)M+`>ybw&%z87lSlv0!!hy$1px!lju zqip_&;`T^V<8@@N z`lXYpAGd7Ma9C#+k3ZaMgy>=P!cg&cw-b-I3n;!d6NR7M6tsU{QB#?g`I_yb^Ii%p z+n@*z%2is)LjG6Jpgiq>njz_bmb2rtjLOIE~kL(HsVQ1*Y8Q$Sn zO?$})#0et_Y`_uf7bb4M;y6LAE^UQsSGIJybWu5B#0lbQq@sDzsyc%!#5S9x)Y}zc z4k~Hhgcp-oi~8J`N4ErnK&sD`Ad1r0B*O<6%_4gqbUZ+a2O~FCm~iGri8WoL=TJ1? zMXvO^gB+mHgS|QXsWEQ<^Oh=*TJeL!9>NQe+J*e!2+S-1ayFfoqD6@u23Qe5o#Fwg zQ+{v|W~3Xnzx?2s7_QOUdvR#?J5Sqc|52~V8u#9Ljvdwyjt6nOQHLC%kNW0 zY>?)IB-z|7OxF3sE{m>HjhYfu^$LR;2^+(H4Y{~}oZ4V-PshiS5C5lA{J;0nZ2#TZ zDIi_JJ>_D?s3jiTr=1D*!4hwQ5)$m(bjct*WtJRlO{Df9%bc zk(9-8`#K!xjCeChoSU$0WvyW$W%qia>ej!8Ol zn}lk$7TC}ZsYjpwwoc%rxvU)UH_my6S~Y0WJRy-+^Pd(8kR1OtiS7Rd!e8!f?;5{t z&dQ+>SkCQXKPU&5SfGxN~(Aa;mdCz6@VQXv{U@fW(Trj=744#0MsV(PNp1+ua?q z*AO#<0rfK$c`CJ`O(*sWX3fU~F$AFmy@AgRHmqtPeLbq@Y!jkv%%s~d&1V-!Tom(y zj4NVcup&NNLjvnvlq*W_vtfQ>cYra(o}Fh3dv3~x>9efp)LlK^Lcyp}6Q%~q4poGj zTCA>+GBk_puTIi261ZWeT&s)~+TQW)0MIvTCTZ`r#*ukHINEjrL88W)|M1uxKY;4| z#k2-Xo!a|VT6|#T;wLpAE3)pGw&2dieW=ChD9yIe%Svm4 zT%;Ubp4>m{voEpQ7V!GzRB^+0t3vvjO#GXJ*d)TC$&rWw@BLi{wD0bRJ>p^^VKNpJ zk^mU}@$*pjZJTw$j*|20kO~5o9~b8Jl<_FK*F<6tp6w<+tj5|%Vt+P z;X}3gdbi%#OF8t+T6&S;fC}r+ksy^he^$g+#q~k2lOtl_KYCvEU2W(RaRNpkMS<## z$!o*;#N5x=lvC?z>tVdTjR1h1sZ{IXk!JN-P1t#4{De^a(a#LNn^JB* z-wc)PXMS)Tx^V~6Ga`HLly@72E{6ulNB((t?VWq8|>uGEL0@oQ;rK;iuR!)Rax ze9nfxJc_goQd_kXU+q#IQ7%6f%6nPq>6d=Ykz?wMD%T$zQoQ$mvRMDAV*KDxZ%n1Z zEyL-BiKg=+T=}3@o5!=iXD#k_*Vp0U3}SA}(v2wKBFFbgU2}h3X5`(diG!5~bc77q>)>57se$@*9L=Pfy9~_uOPTWh}onrz_rk`x0TX0TA&1 zidp~fNNh!7U5}&t67F+3M31T@LBJIUruU_|e`#r`sEs)^=|TO72lu~%OVNukJ()<1PVea)@CK~;Ryne{EV~o+zs$~11 ztx~#0lZ^?_y2^unSXIzs^kpEfgdWlw9UEYDN*mJU7-;FJp8SN)00?>k*xAhSVj+$f%<)6&SQZYNNQvgC-0Wo|pllSaFnY!ms{UnuyxCtV z*DjoS4V1QI4@*y)^^2I*bw;zd{%DHpYqHUhb(4V@41KrBO>l$JMyn2_eB0$HZk*Rh zftT4fD(^~yyO!=yad|D$M5$R=Z}H$6>qPbR$n89+qTWEAP^^!ck%V#Jxr(VE<&*cL zhf9{w;?W5^x6B?sd5y_?>DpVaM{A8P#Oa_=k;L=^BDQ@7j+)gmYsbr}n&jFda_uC) z5FM186T0{e3wO!e3v^Ou*hNZG|J?-R&K_*V8$`&!H~MtdZ#fz=BDKlDt@*`PYcTt# z57&g7d@k=4q>|i6#-lxj-3u0xQ&HY#iw0=8$&)T6FtERb~_!yOZ?awLpM@%D6E z!E--2sstr=RniW*?*u?fkXL$Z90u)_Ik%;cUzb!D=vbzA8sR?^$KP@-j1TCdXpuu{ z?NyM%NYV!Z3!R-8X)|h5HHcBUXp@5BS!nT2u>O5N+_W|Z?+kJnZv6{tE^fJsdc;~F z4vH#=Xw(F!W+WmmLvr>ZBO5fS(i2%tipEVywxAoQxS2)j`(jr!Fr>G=8`?@-nD}H* zUsPDBnf~6rqzX2xmucWDYWm|Ps!KM`6q(q`B2yzQ6HDx``AEeghBd}C0zj9$6VWyU zhg%feksLw&&r4|gr(?IYeH-ZV(Y9WjzU9-eU?H(C7b8p5lO-&1Y#(zJ5JU7LhK3xh zd6-xg!IjJ!3q4+V^MpO7V*dp6wq^N^c>DMcp4Nd}X5G2(npQ;V)VZpFP_qP^hojz0 z$*zfOy|!L&EJhKFt_K%AC!Oo{sdIWX*!QSsu4)Q|q|q05cWzNsl5CV7Ig*~{m!G6c zyO%dcztR?^hQY~Jxv6yv@uitU6a>ob7qWvNU;CCh0&UN7fJg9)%8OthS<1wR?Vr-% zgqSoSn_YMPyenDT?d$-gc+Sea+W`I=9$y9R)tMJtoX%SS+N=UZGTb0$9Sjj7*s{(M zr_{y@1~@H0!t*lQ;>~xv6x-=u#YB+JRdZ3P9B>?BXhzp^5&n(DQWz^`%KnCoF)rGq zuNnLJpLdVTw#`s1rYrbK;X4@Z#3M(`XXU|F*URU>ZV_tD%?}jfN0p3|z)zWi9TRAB zT8VZ1#f&9EC$aIPo3q^c{DhU6>xV%TN6L9=2_OB(VyEI~cD$ljk>yUrzR4kdSKHxf z93Szj&x-g$aK4pPX~bp#)qHc{h0K=v?R#I+RdA0r#l!8>T)w^xTA}2Vm}85CEE@L4@}T`>Lt)_{&!7|>4)=m!vb~HJ zqwHCsmy9bOu(=3~;ca1I5ebcraSv#~nX|!y;*Y#|y0DwHeuDu~>WnF@Pme!qrOLXY z>Ff`VL5Uj!IZS_8@ThwpY^ea6#y)?&kZdivd~qvb`o_g{*na7 z__~y$NacZC!g{Ckv)^5Y9gx|DITXEqgEkNbKJcO2W42B@d%2GIijzV)-InVr|>vE>s8ImRzb z7^{T>Bcs3^mp(aMw7Vba?L2thU=~#cv6vpE=%&EspG_lF+e*~lt_R~>oC~5?#gYt% z&D-IvxrOM&Aat*FixhF4m`+@;eL|n3_iG09mE@?JToB6=0P}X~0@2?2T!D9)L>OH& zK2bp}kckU1*o4vezYsIu=z?C#7`lhB6-obQ0F0M`L&3(e1?9q6o+8 zsJ?(I9JUGvW$Dqd4Bnf1n|mYKBc^XxMAW{>+Vx(P=X;q%g~$#_Ga7@NOe_cAO7S`< z5v^cVyghmbIF?>c9>o;+(hH;bu7K+}-Rb_uy;BwdWp`%w(do9c(~uyAK%>>0tCwY8 zc&qeP*lM!hri2wNV#xFR^HSZj2b7}N^CaB|wb>z8QZpztleL!tdJDr(Tu@RdMkNs} z?drS-a;_#s6Ie){M~f%w|9Z>)e?l5X+U*b1|G_b!B=+s8=bS!K9ZY|z&7GTCvalzB zc+T?$Z!vFVR0+>)rm2t4x}Iaf14xxRs|r2MX?t2n0Fztj>X$UDM)47J2`8HI$mCt; zN&>xqRKZTTsc3Dk+C#=s`s}1NgA&!HzttLvLoh}~@hY>=?8`(v)Q=T(ZccqlI^az< zwq7>+n68q6VDl;q(HyQmq?$#GD!W1FyPff8cbd_54l4Z>h&hAh#*J+26Micjft|@` zUZUbR+El>~xtYc5^BWWNTB?@h${hAq9y3n-XJ&Z*5Dp?vrnsG5RWX7y@)4D=tHw&g zUt;>kA+_kftXJpc9^gR4%jXaF4Fh1rx8SS0xOWz2CyWJ+yG)1z;ZEAvz^B>wSShil zyuC%m@@84h``?;plG4)m1L+81WAC>IKRC{eN-hz2MR>kdA^VE0S8s1AfPAFVcaC(` z{F1*8nZ6r_3HChPzh>xZb4lup!^*b-3+a(vx#fIBT05#%UMPEdtjtVbzS8Y-`uGhz zS5XtPXXScP!mwwCwh`OD4sxrvS73cUfW{Rvdq6xTry-S`ZfskKi9-nl`xDwW$Ed_& zdpVWndS!fyIL`68p>2#%oCiFT;`7TwrBgir=eCFPC&BZgpWYvMXbxtWRlCJ`VSwgh ztCVYQlCHDDYZc=4#5hz{$iS8~R(P;49X+t`nCzMV`dqS^3^OS9?o=slC8@>C^Qqct zuBDD%`U+f+oxkd6H(vj`t?>pR8R%OP|G{B)Bly>53QD=t&yCn(VytDfXB!7(y8*=p zHl}6ncxLdc{HSsMF=2dKN}4cl2E=t0iWascqmDu${JSPmla#~dw{h$2Z)pl`N05c7&QE|q{su*LJ0Q z@n3Ey(>L-hZzR{a@_uPiRPHhqX#1Pu4(kU*hNWjoJ>l}XmXw{E@}jff;Vq$-)?XKvhYBgE92$2x^x)k?Qov^Qv0JFm z(*CO%@RQj#G9CS|TnAZ1Dal%Y@02SAQGHE&c?r74d0Vt_ohx1Sv}01u%8f^9;?snFi;vu6Vh~3vym@#pl{|To&eC1J%#9B` znaUh<>8}<2^wMtpsFz+IjJe?p0{U#y&IpLZ_rcm`#j$ea61c8LybGg!qTV6Tk$^xf z^OTxNZS-XBC_s-A59A*GjuyMUg|^+&`q)#+lr^g#D^ceI8=Dx%Imw|kZ9HJ=snM9k zqu>z%m5eqzk-V}y|6IrDtTRtp=QsQD^j0xAovGN;SxDcXZkU#xok+ym(vN<=J?5Wz z@BF7ReB8&i9cSvZrVJN5*Rwv>LGz`yp_x7SH@Ym=*B=~SYGF^NhDzUuxSW1(tI$&N zV9euP`6sj6Mah{A(s6w=)9a zIU~W{sC2myqxsP2m4}&a;M-lY=RJi5(}Zx=(~f0unmxk>N`b=h*D)oG3eLKr61_P- z2hI-<ImvayFRCE3v%P`3AyG$50EPUZvhq)>OOcCvB<_Qm&59TvVBm z+1z58Qm4r-hHu&70meboIIKn1pF&gLQbG^Gw6MOFiGkkKnh+*BYU=0$JOuAZ0ddBd zY*ZF5I)s!N75ALIsn2~ZqqXz6d2yUK61Qo-XzS32v55z8-+vn1-ZIh zTka=iLyK52u)v@cVLwoVK$w`kGMZ>H=~57l7xVJ5T!pLcb?51R2mJ+3x%}ZqvN493 zloNMnb4jr2J_)6kT^?+IBcmFh?P|@8-ZE>i%^FwF$KH>04bW)e?hmnT3#*gCRgEDB zuvmCIBf+#!H}%0#T)h1c4lp(`C;+>&^Q8OEF|toYhrC{nXkdEB*mtXrV=s_PRu6@L z`Ie7J9JG>OZYiXeI*~DGIsh(MjACOLztOM)b=LtiMh+FVPM=TICY0^L3V2e=n90WY zi?yIf+R##0u3^>)DxUZ`7Q(pR&9KNW9N!5&BZ~cPeH{q|LG)jD_j&tZn?IygY=Kp6 z?`28jb@UKEQv!~jwfdGJMH*`f;P4bVqqWLSpExu=^aY6gq)Gk5DQp_hY!9Pck1jlR zW#QlTrPR~s0f<7j3Q9nuV zGOj;RN^lJ2USm%1Mr6^JDbTwuJC)Y0BcFX0>Jb*1AV=6wakKtF z-Ze8PCrORUo0>(m7RQ)ZEZc2wCPD>het^TOmw+oPH-HHhdD2L%%+F?ERauvg3snpa;KDEK~Zo9=xokR?H~SgP+mG zm;kTEN^vb6ujN`b#z4c4wT_@eN-#M>TK7g)Mv1Xlm08aR-h1L&!}zc&Eq~QgFArV- zZA|M)m@nJXz|UeVixz#pVf9DnpEq3p!I7veru|1`*1|4dj}t2O#=+5z!X~G$?4OE$ z#?O$e?c*Bm2JF0TA3Wl*?pCFZ&+czx`)3#!{7oGG+Llf>N zDSLb+0}9MLgo9=0V>z%!NJTJ_=sBBZuC(PicTG70X2J~PFZc5JJ{wOC;@?&q@}>-I z9S!an?cE8>n)dGwGlb>j|P!{UDoP$X78XsP( zQ_Cgm7dEh%D#z9`ewf){Hac)cyd!tFUSnqdd;9xilHUcF9CZ)l17=CIy0G#`U5c+o z=GQm3Wy1`Q@XwsQcc8j-_2xW}#ky7dWF<;k*^#RALVMA%90hXJ@;>*%uC&iZulAmg zcCqIh&mP$(zJ86EP7QuM*@f^G5)mn;5k8rZctxaeX{ox?75~NH{PVvR--^V)FC5(E z;5dF@scXus9=Cby=dS|VH4ZToibWoOVj6o%dlsQp^;_QM#*d;I=rR*gWoit?+jcwG zx*5nUt+riNfG*UJpUMu7A9bAab@*GE8ZS*x-(z~@+eHs@ezghErP{if6eP)Nl~~#qrw30~%K1T+xy!9*3gf>8 z6=o>4^?;?KhvLZr=djFozlfN9tNXg5WvlF;Y^t)MO}yxz@47Lwo%TEkDogtM-6JFp zgU%Z>wSWb-A zB5V-bx1h_Z1H_GajQz1Wmm7&UE{+vMl*@JJWJdgw?{U3O-V3QOA=xf}CT4;C`^pr{ zafzmn-aR~u@qV}%nsD#EF2u9gEXi)A45t2iYB8aJ2+CgybKk*;33VqL)LYdp96jZ@ zmLW4B%yQaDQ_&&_-l&+YqydDo`i*k|K4jaAeX7z>$tlN*^%+E-XV>bW1n}kbV%wAP_FKM61Wg)2nsM$3{GPHy&1M8a{)# zZ>llwQON#o+JX6b(dwOVlyTM}=CC~CuoS%JDr!@?Fc$lrSSQ$Th_SHn%{t}EzLnQM!94Hjvl+I!Tg`Jh$H$w0#63-##>nFT{3LNqL=e{;>R ziw@v=>tXmBGXU)X;WWMXo?0!w1j5{U;9JQlL6BL@rVWoixx@N zf#XxY)&%37`BGr1Zo{S{IdjJR9fzJKue7pw&7U%R{mA6Vz<6qf*y_bI*fTR<{h`71yRH(Y23eE2kT6CWgX_V}y(v zxME{vA|%ynrd1r$nw4(__BGituBV>B`{nn?UP<)47XESX&` zZ!Xus`Vx=wRybcv%F;EHSJsQOPu9f!>izJ`z``6Clt@OQzuV4i<|O{{H@@*dPi_A| zJN`S}{M|nv^3R{do&J;RE64B>x3CNq&~?K=-Hu#^fBci4x^0`+UQ~^6FWg_y zyh6i#)gjsrIT-kMmA5D}VoZkDBx*4oeDMfmwH}Rw$5U$eBS-$YbD_oTL5b}Z14++& zKEKe-j1wQpp{P>x@>0aVwv&GbZ~ovY(?8HTdiDXl7seDj5)J!Py;MdzbN%?J?y!>iBNVg1{Z?9jQta>6uA_8=o9S+qAzB#j}ynlgC zj&xUZD0&+@t*ixfo_;M)7U+-}&e-z4%P7gFgdqelwBjnU2ygy;d&a_K;3DE#&WE^f zzfRvM`j!RvK5mmdj&HtxgN-Xs>JSg1WaA5Mu0z~#84kn6O9MytvAT}FUFRMP_p5eDQ`?X424E6 zCQ%mUUT6swejrMZ!OKmst^{oM6SDPUjTP`FV?aS+NcM#O^>r^YKV5ZkJbtn|TRdOZ zyM6ghzzc{<=&f1)5JN(?j!G_;gv6A)be2~wRUws zu&nBXS9Kb5pf>3Y02)#kt@=j)=9y{#n%8MwH~l3OKfWjxvrm(M*OYW>kSz5lAh?k5 zp~p9n@b9Pb&*w>f=>e(+|vzOqgb8a4Yzya+cRWh zqF7Ag78WEz*6^v61r+wCTKdoZWxsNpV{T8TE-0^_PuYb=vy?{!I~=6N++ zi9$R2Lz?@ zz)8%{OTp?=tl#9%+OL+WafXmruByQ|mN-9_ z{qdP)e$m}0;{xek21s`!y-0Vqko?f@-CXFDuP}3yM32}jeR@=H zsN8ruml&SVZ)hRnUTSW_1B@kgyoJT`v#VPHywpv#s9FU3@#48zIjmB_#S_F#`0#Rt z(=!rv2b2@-*d_&Jd^Qi5_00v~$1_HWo9N@Y_vZCR{MgTqjq7IlR0mh7Q%YD#!R`dY zyUZ=WU8CwI^ixSUYpZ#Qi&ACVDSpv;LS#lh`w-oT>KiyzB^F|mWzc#Yso$G@GX4PvF#5AljM`CS=!xdf?p4-(fG@Kq1v)MzrwxF^5v(6}P3ZFAy#QW*Q4 z$e;f_d8f^wkr@gHz0g>vb37VFZZ4 zgeozHdGy^|ZI%|2Y%iCJwy}9LnP8^tbg$)JQh+@%g$JcO^|w?Wf3nY6dXZHf6w3Wd z`Z4;f_=MJTC*J;Oa+7Q7vG5_xUc_SinHaY|TuJ7%kZEEujqUZi+?1E?}7(mjI`l9PT z`W{clMomhO^Bs3-q*brJyVz7=xW1z(9lV$qyoA_w2CXi--QF!}jg4PZUL#^QCM1OQ zSBo?+WH9ex-i}v|V7M>8>-8emeY1A0Zk@NMSgt@VG1O>3BhRa`alu^9Rym^72?&>^ z8us+rz~IBOm3gB-((ykxr^L_frRcRUqavu}E72*v`Vu~B`tw>i=CwQ|8rnWP+16J; z`=9Z`{KPwYa*vke(0Z+ZI}U&_y_U;`=QC$Rf(Mc^SQm`NtOwczl*OF!mT}meDlAuY zVR|_I7ZQB`%Rnv3hFXIelY7(WT;*19$vtApGg_yjZCEFv8pPWZA4xj19UEVQsp7JT zpb9P3XdbE}syTJqz3e3WH1w!EpGTvVC&UwU5(vCK1{wPplQ^2eC^;^_TL(@`pSXQW z@7Cqzn2?>7&u%GJF^F^L4I>x51xGZ?6QX+7;7Qu5E^5kg=rQi8_)bJ>30RmxXH4>5 z2X(zXpr!+os_Kp48xGq%RnyD_Vdjo9&>ATx9FdVFB0_*IrTe_e#P*?wAeK6z+ z{T-U$Ktnu@G^)Z2ja;aIG9-`9_eARY4P?7wtllDDA}*+wNWulS2q9GT1pUn<_o-E#TB3R?p#^4i zDwdcv0_*iz3-ddQo??iSEsvP>F<~+L)J+&);l+ZYFz3#W?^?b;IILd9sT_Kb=Jz~M z6E~?CjXPe_Sbkdb5}^$+ab5G7;C{d6{<#j2`h+em{orVwo|OSxA2p>UuZK<_k+0;I zU)le1gL-gWJL3^>) z$iKv~=TbwOJPQYRuSDMf)cniQnsGapPR-h5Ke?0!s`z`r3)l9#M2*K#JN3kkASyW| ztJ&+dGyuXVR>3KiBdhP%osC&AJ&ugejC$8XxZpJZI+qZZVUomg@Sn(5|MT(aztg7r z&%gBF{`=EEz~)8DiF<*Fc?(5H~!YIND`1{lw3tdK%hV< z>SHK>S{GipY`}>+D1~@bK5-l{&MmqcOg+6OAs0LfP#GhM#5`pOhs0golKO7t%ISS% z%Tm}nYq2!7FzcY(P0&88k(f0RN+(m=4@8HZJOoC456g$7|HUDU`@_rIMWGBs=VCj; zf-L>FlGLQ6)El_#&dv`9lnFqY1Z+R`c+gz7iN?IqV`jI!--W-SmzDMA`D$}>M--Dy zXLNu~d-)XW=L?nwFP+2A97H}2{`wzo(BGSU5UnN0u3`sIhMI%RVe%I2=Qc^-Z5MDo z?<;-8$^$zKaeeJE;H?XNwU+3&N%as(>j<)kwersss;PNlI}fGa86?{Ark;7B)5Y@6 zfYf6BE(L9d0iKFhZ~UM>X2PIj`=Jbn{*ktyX0>|3o}N=_+`n@>KfFIC@|}~ux4=$g zT?*~ih**4t2{74w+28?i+QR;U_xZnBq|E>4*Rxd%blhvrEW)vvp5V? zQst8B%_ZDUEPW2Z-|EhD+`>|!g~5n#kL?3^RxWj;i}-IgPQEu&5rf;s>T=p$eepcx z0ilKM9?G2>{aT6!_yM!dWz^Wwj2l6?B?>GXguC>@_!-o8MbUx0YWO?eWzH%ek;33r z)}9Ta7}y`>x#T(?L16FxJm<}dcmt1ZaNjR$TG||uEU2AH3Dvc5uQ2f_bc42E5`7|; zkSgwB--XJ_wf}4hw4ltE%s0bqi(~nj*J{4*d0^{j)MSy_?%L71dfQ_n#=L~yav3VsxYJ`VQ-=)J&ez`LwUJWr< zIYZO~cj<%_w~q4?dalobK!{XQ%CgwWuJvDpP!DN3u+XkKIIn*YO_jb01f>tl5xADAUO#1eemQdCG)Was9j9XU3T( zoz*FEOC1ymd;P&-53+fm$`i;K`Gv7`lrdZBhaHtwHO5xMJ*uG5MTGn%goKYm1uoxF zV`j1ootn+Vu7PeT+0s6FeHZ_vU-AgtxIhzSn0Oboe?^K<%{$0CsOQCd3e0amY;GN* z!$7e0R$r^Eb52SDKxohE9=Y^#pjIEK7L9mgJ$!rH z>!Li8$L=G$OMh?_~Q&FBi)cx!AOq5(0HyQZrmQOz151Vo+JL59v&?)Sb)&Zg>l1o*wL=nNUHj$vhh`$ zjD?Ivp@>{wLS8~#aQ1&piNx=e4=YeWUQXbtheqhLTLDLnb^+j6*mncpuBMyLaBK87pat#mAw< z8mgd+M>ES-O8DK&ym9JWpB|>2i1@q}?|>+`yPuzjYTNhtqnYl!6;d|_*uvJP_Du2v z!AX;`leQkwF559B#KAAN%XIo12AsU$IB&HqeXSeGAK^D`>z z#JT^2z4wl5YJ2m4?Ro_C07jJNks{I$B_P#CN5B9fKqyC=l2D{~v7!V60@6uPT0%mC zlz;&Oiqe~qgkD5y=sid~cb}Q>%<=d8&di-N_xJnF+lVBd+46b#E45dGPdJGB)qyuO=5i0fzpw zI}zZZkICu?@AJ<_pPj*Qn&NwR>enI_rt8ZisMlSy1mdohv1GyEm+wuky|3q?H(NH) zUZ!;wMo4Xz8}j%1w1^G?h2xJ7ZRxugu)_J%xsEE!pso;o0`+<-o+2L{ATFA<4@GMK z-1p0qkLWk=K5?9Dny!bSkr3|My~EHMb*%)JTk2Hs@Uio$?j7ng;gY%C!* zsjH#5q4=gK=%rP|v;ysNCb%WKPX4fHcl)nx3hA8EvH%W@9cSAk{rSf*-oyIWD>7BTtU7BK_jjRFQON6NHO5)g4|ezc3$ zKr6?oU@OD;dV{jwb2*O~9t)LSMA2l+$g5!v!A{#2kNHa7R6MhSp=*Uics{l()~$HR zHM`o3cjDPAt4g(RDaj&);tM<<2rp>Toth$27#*s+X^Mj%zsb#N_i|bLBzRY}VMIYG zz4bm$&+kh-gBl~M9*Su^Wvb?&CBeq99%LZUN33Xu9~6f26EH1X7pn&^7JA58j@f-q zB7UJYk7QovDbHNWj|;S|Pg|HXQ2s`!?e7YaKU$YGe5GG@lT9j~BUGgmyO8oCbr~=qPa;+P=^W4OlhOCS`*jzCOCEP7^f2Z zWK~#A^IhEA0Nc_6>yknl?|Y<$3ym<%fT}p7M;#Xq%lv%l4RW`DLw%e;(QEX_$s#)M zPXgjT>lIaN7x%UVZPAQ90ATkb+Qw5y=lj)hzQZ}GZb_`DOiMe&`WleZ=@3?xI`=dg zsinm`Cs^-GakI8&#zP!7Ov%A>L6eZ@?ry2>!_bB*vvq*}Cgpt!xu|4QxV~;y2n2MP zXc-&3yDgPnKIx;ZxQ#BG;F#r8d4 zy4GF0%o(|}q#FBUP@!w^=e-$z*#5z|-w#B5_1^wlw$U>F_X7dCyDnN^{ypn~#2&K0 zT$-egGcJrQ*(ZEW6PMF&12oV|PAo)_I1n!QnXszkO^YrmNv1VP^W$qF-qNV=hjuqq zq3dz`i_mL7@erL#uiu_Yqsh_(QQ@8QjD+HnGyJF~#L| z>bg{VBE3&+h&b!`2S}Z)tOJWYU;BFChpR|mvM%%Otcj?*``+!k@~CgR;Y-;lriOTe zihhzE_oav%(jX1Jk7w>vRtQo6t@qMwzZb!NL-ppux>^D)jm&MKBKrEH6b{k)jAs+U z-VZtVGPLMKCUq$EKtuSS&bjcP-S&Fskkb#&`44x;;>}MnfA+S|pLa*i^x-A>KVtwt zusbHz52RNAA3u%4Q0>Qh^t7L~q!OtK8HIGBjEGQsYkiM;L5)vQWNoT@0Z6$(cCZ1#vJ2+KJv36L_{HaS9(=MmqZT)RTv*C7=DXR@-=FcofrD2)y)D;BI&B->jTw#!v{bijD;tk5vdX_! zCJglD_{%u7qy4&|c6j!NTG;O7*EhE;P6H{z+O@7%I>aMZc9Qw-dy>B&N44{zplUDH z;|O}-k`O{nE2w>U%IaS_;eYhlzbhihZAFOmbkwb_-|O9$jBMg+hKlecC6jK^zwK4fpE1CpvG= z3T8@+IzV33CN2|iUq$?frsyB~_M8_Pv3T%ps(4@?!jrXG7&@@!TtIM@p`2_q7Ik*= z*Xh*?2^+uwWYggDue3u?&LS~ffF)+yjU`_)jMeH0EZYa`mZ){<&7hlzQ)y64cqwII8*AD!v%!+hwNo7sKn3k5z zUVtFpPluj+r04h!Xs6cn{|2v#2xJiTh?8G7m+3V&!0!F5 zntvw}(sg4iwSYmOrJO){NIx~MFj+Tu=$pjVu}|x~1{t<&TK1dpsy!R>`(%}U)M}fz zV3$zj^FBzLj5QrVv>POz-3m+t5VR%v7lcZAx!b)_4DzS5PT8QO^v`|lRrF6nP` z-^&&Edv5JVx+hd7FavXIAe&G{i)JoYrR{I=33^jBpneoc;W!1T*|%N$;g0;Te~TbV zf2r+jg$BUQ2Vd|0(r!wHFG_kF3D?VZ)sWPQkr*#lAA4pvhRKjrj&l2GVw1c@Ymus?iE{J&l#zfm-RkLLY61TEm~Mq zoF@TWe;05i#yP>}vd6BcLLmm^Ca)Kx>e5bPFM4#CW6-%CjC7|oqvH*M>tfzcdrbuWG1Oqs&|WFD3V>@kGo6nyb!e*sh}{^qlyokW}@vGniY;4@~1w( zYs(LZpD7(nnJib7`-DY^SvqHkGRf#6f)o)u0i8kG25XpBPx32JWrrvDb6z#S9(o7o z5^{Cz&{H|@rCes&U31<=$27TRJ9r#M@Wmh|mk#IsGSQPTE0;Cb@soDpqEelB>Tloo zwzCNcjzo=fF$w|+_|JEx-viw;yv0U}dNf7xZWLm!R@X9e+x zgylD8B-tP@7;1$}-p{rsq{(QVLexk)@)LY|dI&&D&Ov&q{-UU_-#tC=T$nPC!byM z#bMaY_3Ed_9n@y$lQk`SjUgqymp6Gpbo0)o$vWh3MsdLgdm@X+s6&b2f<82 zOQ7YFT`Vqye-o<5;?~sqdJeRU3Z!n6Ilgk|f86*ap3{xdr<;Vg%ppq_II4#vy?doG zmPsI9c)V-6I<8fOI5J9OfC+>e7a#UA{*H!6&C+p&L8~BY8^Z&osoiUp^k^WvBMX>#6NVNTI}RLH`qhmX&_Um8~{{9H`?eCPc$*-jH#-f%8L zYF)QM+9h#^Sj+Gk!n(&RFqGCR0E+@}Dww{3D_EP@yVmWcil61y*>KsZWc3#QmLNaD zFElk|;-pzeOkMUW>IMGz|I^BrA6S#T`;_@XP!Gl;ujguiB=r8Rgp>3Gn{k4XlOav(!x8NL&HhsQVS0vSkKY9?FLD&Xrq=OC-jzmL?ZQkJhZ;d3gm;#MB zNJ^Iep5X2e2GsvcH&H&YuNPeLirdm#uQjI}TM;U{@Qy|6$u7y8A&-HO=NiBTBh$1+ zXMV<#UnawJL(xQwJ~SO<(_ZQWM-`jht0VDjjbK>|j-fhPL-umF*0tX@*Oh=L&&7Pd z%CYxuOJn(7Kz=)6;5kA4c|q5>zlX7_oL{(Se=~HzV9|~oU48R{Y?!F7r47iA);`93 zbGqsHgf_}ZpHaK20LVCPct19j@OY64j%g{{IqkCVjE+}02jo^=ee+i)@~hF)QR(NU z5N<9I9cFlfR#Q(gJ`+&A^c9h4F%9I}x<}hN&ydykP(=Y(_q`{&KR^ef@_54v(`x2z zTGJi0aX)%0TiybO6^v>e@_N--q%NM!5>kP}V@(on%gO}t>pI|v;*ecMI%AH!Od5~U z>sj=Yw`8Z-!TVi%_ZarVpYOx&ttUrZ8G0qsEmG=c!if8--S+s=ES`qdBQ6%5%6rCV=qh|vbFedLW+b0F ze9P2^$w+j3${{flk%&lv%Y7>*f#3J7hE|1}yuZ_Jr5FZwma@6sM{veZmgr1<-V_~o zm|jK^TcQ14+h7rZ&Ua&7!cXzHesEOp^I5L)>G*zf56gXa0pAl!hq?M>==afQM{O9JgbrSPh zzC*Y*Fdw|yJ%&aC^1Zt4k9}!VXC@+I-wrw@Jl3f0*7q*&`gBqz396NzGcs~sD#v!h zK_qmQfJW}3Je$1yZh+&C&@p{LGRYWv7V7 zkSB-b5cfPM#;zotnpRmUsH~4@QrJ_a-Rb(q3>wr8f9+LaRh-15L&hpYql;|u+ettu zSzk0QsG9!O3ul5?>EISM45tGUXYzF zy76JelyUyw4~$uS^yQMM>6!>M`Ss)61A!{IgvWZc@;ov6U2YrHdCRsb@+hoh&dgZo zgLBxWp4~{VFom9l-sT3@ixUfbjJYvs4rwzJsRNgXzJlhLIra&{AI@%Wgj0N>B4#f7Iu zI(N^fv-Mv>%xqxyn1r3S*ULEh1njXd>aOFHdU{3i7OP6DNey`KFwb85q)}hvK-{>} z&{C?2Ze@y)Yn_Chc}*zznPip`s-z-cKU)n-yUduKgxBF8u=iF*@oTcxQz}(j809ed z9ix+#mFXc?lkQbj$t8TZ5^^tpPFg7rK}Wh{AVWS4-c@_`)0G;2bS|~7IeXMNkVJK> z)kF}63c=;$vJoPdmeg0R0@aPiC)XI!^q$&_*>4B(&62h*7w^ed!lk~odz=mN-BFe| zm3l*7Nt<(i#!IykeT!MXUoCBA%J=MMN56`D$Ov}g&QOnqcT)16be(KpJ5Ai1Ga1-I zJ6Tziue>fH1m)bN@!X(|Jd_d$T<}5AY}%DCRh?*-4OvvUDceE6OES8LdEHGZ@^dL~ zDcST55Y>oZbizq@3T0x1_lMb{xWU(-39GkcDVy7KCN9ZyOw=6Db>A|kLQ4!t$AH*P z>?WX4_-d&jH8Rr8v-0_$;H#qAf{N0EikA3U*1Yxf9T3z{gzs zE3^GyZ+lPxDVL_3?B!MpDbGn8@Km3EYBBh&eLlzl@rE)w&%C9JlA;Rm6fe#9VdU>x z#GhjX8I^#&ZsrUk8GF<@sBT~!(?+zbt?MiRH+atMHHvK{qej)?&I#hkZ_qJN>^wd1 z$|CEoDgBeO{G$GS+Zgg_fVL_-(!1>TF6f(9R&?-7)3~DY1-`Pm+3DD*^%a&6<=XUv zSeNvSVow;8rrEr?RFGCKp6+Tfu|*l@DBcxo+}vH`tkxo-n;IIJy1r_lSO;tpGHwnz zU{PrMoGg$-?3Gob-FZDw{2MOs*~Xa!?R53f$`JlOQM^^IMJp#yLo;{Gu&8iM3wZxF_*%{`>?4qpY*tX@^} zd54J$S-rsu6zN|W!{-~y8g>HGA4fhcj91a_$QZL#e#Sh(SWL6P0twlyN&f0$+A*-o z?7C@{kL}T<8D{z3(PW&ctEe*>do=CUCis3wbuj@|ohvnJ*4o6w%a$f7ES!9D?d?E$ z!BD`lrKca!aIfS+RkStYO*;CWu0v9xZ+67kLVTMa@7uZVNrdmjuHr)JtX|q!m>9k4 z!NowDF^;BRsh%5U8m z9^crEL2Gc=hCdQS6%#heFnJ>%#ruRQY5NWLOIihk$s_H@=2jyln%CLKJ`@*tSTp4; z^j@cEpe>t~T+$dVgqguEsA7OG$dgsI55e6dew|_{L~QT48Mj2C(mM3y)Z{G&J@}V;etxL6j)`m!R|fhm_zqpE-+yo zld=nX^abm>O*XLh7F1oJjF8sPlygKhuy1dTmqQx)+-CE0L=q_&?t<=E9aEe%)1KZv zFQ6Y7nLa=%&WIWEDy_2cL%MP-^zDe0>3h8?y|G^wmJ=Oo>BlVcgAA!Y^#jJfzDo9? z^Y1+_sONlMS)kpaCdrnX6e;a05vVtqEmS$U0~s2A0#)yEUk#$sqw8>CB$gHFdH36u zWYtIGXRDQdE~O6?mLsfZX6~^DKV5tl{mC{Gxkad z%@LGtJ5Oep`bmP(djVyohKaGZFhNu=*n$dyKyIDvFQ--Yd$46fnQ!?cO_0^=;i9_2 zs(P=iM8yoxC6t!3;`uiz?fN1)P<%n-36F=z<03v43+4zV{@h%Q)E%i;_KY&N58$-u z)>c{RWzqVE9&K zEryJ*o&Ru1^YiBS@aiSHol=B8T^&x&ob0R5j*3N+ltGr@wVOwIv|@O-saBN|`@9jd zi{DRrALq!aS7GX)~FkS^X4sCT~^JWU%7H+xAb}nh?!(rkPCR+KUTw;C<8h>2cLNrO=U;+topv|I9VN_1@IM1q(3YUfUd&)`& z^J^7d3S3)ceB&vc8Q3r@n&@PS-)IjuXj-!5MwyoxvCQyEU)6$wsUX5O-%Nkc5NoscZ8BOVoqTd`sH8QZw)aL%7t|*s zwyPbg0|S#he85m{Xff~u_9XD(fdkIvx|- z`*u$-5a`I7SZxQBNA5*i=1g6``6_tCS%KU-cMIy0VG6ldVKzt19^EUUHGEvDdl7<7sWxVWS4Ivtg5pe2}BJE3HPb>9A@(>PUwGa z{P{0l)xV?pvE1Q&>_jE0yj_RhrV`UApHd~bzPatyePt(v{#;R;D%hi1U>nVt7Lm{_ zNM}8(T)9WLGoruxBF@!~s=sb#Z71xjWCGH!tF<%(URzrf+SV7B@J1j4sQ#kiz(E{a7_HEr{YrOo+ zJbw&8og)O^iYIRUL7n?UIClE!;miMy3;GW>ISy2z*!pCMKhTdXLPhl>^OH+T@}Xm| zJ_$fO!)g`5pvctS;=+^*ZG~rdiJ)q8`$D#DAQWQNZIp0R)6~>V zosXxhba`S6UKWt8Q;QNy(6EA;o@@d^!iP}0P%u7FL9*n3OFZvMmuytn`t8Bhr{63z>oa-ro=08GX7TZC;cW$X}J} zqpcs`fw31{E-*AgWrgAHo_O&hn%RwMdeKw<@DOy1{s2*H-Pn+^2HkD|_LpJfCf^Br z&KLN-+hKF(p$9~FOV2K+-n~MaKG||FkO+5elHE94g;qr->JN5z3gjefmrFa0{#e(c_8V5@@RTdkHSj+F7p8(Rro*um-<`NU^I-@)I$Mq z!eiW5FY^$Jo+)rcVF-NmZnm=N3-2|*fyBz{AnyvxE+QH=?N{_BOR_;0<~}23e^YOk zfX7c^^OfV<^(dH#lb>z)*XNul_UW@$xM}!$hgU|>AZatdJ=ZFv+Tu3&SPGCE=Ds&v z0w8;D4oobDM-Qz#ekb$f^mq6-9`9-&@MtwHoBeb&yZ+vDEff|jwglZ076-Kc*fsj{ za(=yk*g=Qr|2*2V*w-sh_XT}zSD_;>3`ddO1V6?)zmkXPYi2WJ{k&9n>T zSj1%hA`6W$e`SNaCG+ZyFok z8j3P%eRhLgelnQZJ{OuT#U_BcL3Sh^s8mFq7q4j`9S5$A!?U$puyRgs-$p|aWUvvc z5ceo%%hW-m_X|VU57>Dy%<&EjV|X^qg3m6oA9>6ZM84T^97+PYdngm|GqV!t=4sPv za8s;lh)!5M=v>pMt9{4D15*6bBa++(YF!%&1FU2cJUo-DpkzYwy-SZzxTM{+MMcA~ z2yTp!tQAqHrASlUz^LjdFi-&)g#l+RkQyiT=AVb$zxC!^Ieu1KDOWw@6~fIK_H8rV z_p#Azio}>2Ki0$3ENRJ?f;LO)&^hEg!qqWH=6~{HK7)gle9861(39KJlEc&R6+#Ga zYLe}Qm3F?Rhv(vMChnAK$Hjtl?fH(P>%SHP{L1|c?vD{MLcB?>-r2eaIS7J;F|@`> zT5T4ghQhy?fJT=GQ0=S8hw(d)dxab-Y?LsDG^5s*P6!yR3*r@FBV?J1A`^-BNBP`31S}-NgcJ=2Lb{5KDDWW^ zidgdS-|FlC%)e!-rc?_Y>+@+1NFQE~2#iRUqB}D{8@KXufZ2oygK5ShMINChChaC> z9Tp+#nZtgRo!B1bpfN2Y2C3iO>W}4%cOpdaJDNKD4@*hRKTK7?v=QKs^A!P;w%6>n zJ_JbD`G8^|@4_Rc%0IqYAfjT~9#NGiroFCBm0L9`*)c-FO9(YytnkEl%aIzxLF*0o z?jmQ;k%{9;u{~O@WyC@0pc-K-4eO2M?jjG;$X1Air!y00L_=4E#ZO=;aaI_qO_kxr zYa!MP&OLA=T1iFN*rYQh&c;(}vt@Ycc|u^1maRXrZ!m}|{Qt?Xza*s3*qw{~-rnk+ z5mdwI2NIZ6W9|+-G6tf?mix1V-jQ$TeS_3kL+cK(B|EWo_76P*R(;%k!l|!3qxp=C zbAG_&sv3}3Uo{rmu)5SjlSTN}iim_iyj|&>e?>d?>n2T|PUQR}!Q;$7E^6zQ`qZ#d z(UcUm#YtdEGaU6z(3V|UxMa}#Tw-{M1CZnzxG2qYYp8MQ>i}#od>{Yxk#7&|{NqDoveP=k^~B@KWM#Y8mUfkPE69Ci_T+ZH zc^5!;VG@a0eQ^A>ddojYXuyAu(ElGk0RKHZ{2Ozdf~U!-8*{z)M5UW!se?d5t9J~6 z!&K`*Zc$NTQdpXxkFID6Em+rgxd#`P#LbCo)<6oA{*gAH7`vt{t)skMzB}sq82>+k-;Fi+_qyKKu6zfKZW9I5NAVZ;v%ZC% z{*n9s$0`bl;8t>ddGM+Bn0tAKHGl~6`*n)bPw-J_iA{6XjnQKHjW$? zX7-VFpvamTs`nH?RoX?lW;hN2g}oZf*gOPu4Iowdoswu;Rigu>Dv+ck#NrQ96*o7x zdL;nJdn8KOm&{1Do}Cy#MJb1i`G>J=M!&b75=cNLHsCVFmyAkF^gaA zT=UQtcG4NzvY1Q^pFj|bermjSO>nAvFVQPef9L!=3{QWe^e>iS(u=>k1o4;Cu2y<5 zjYY>Dze!uHib(iW?f-+*rbzg|z3yy{q0Q;id7`$-+XXHW>TEy<_|}tO^dmnPpOl+O zaCgzM^k|ATi-!Wa_IQ?E!$GY%)u&fOZKd%{b?5tUz6j74g5lY%J5_XLbfg-u>7CYpi=VGBy zzhSYs8SDQ{OYUDg_diz}wc!7mn(9rnXY6|Gu6K$uHL0uOIQ};Ym4TmMlo%BZHKlb1 z!AD4cL#1NAx_+G!s(SF?XS+31xvB(u`=O61#tYDd()!7TX>tNqRn#R^%2Hv?UuwND z{xd^&*5R366?!jmOJ_yU;+{%-+wd|HEk3nmu?$v`wh+yZ_iASL^0yQ&K0DWFl;9s! zns-HCBlqN%U|Y2}vQFtS%f8h2d&3jfcv;WbH;OzCXY;KPg$e>+Oo|+r_cxS)a|=(Y zaXT=rBrbIhRXi2>{@jz#tU~Lp3R2wGE#*DQuWRDWn(2Vddg`Q_EaPM$`qzgmDhc6Q4-l5Q~2uU zQE0QH7Sxt@Wx=6u7P7w5G*w#)b;|Y~vD>#L?`w()JZGZy`uDlhziw*SpGuzf6go62 zo(v6WN&i~pKc9=p={hTBdsh_GUnKQ;Nyp&;Yu&tF^H%zK0U!fIu#pmi1c)#A0@lr) zi&{r|_S#ry8$Hv?y|Wqp%H?xMA3ryfwax^Az^c+=GdTu#0Yarxj#UFXjLH9box%;W zK-(lO%|)tA!`z2BFGFIl;<7m&1Fh#Z)oO;$wYLi;RP_+VvXJDFCsj))#GhPK9{;JvyZOB+?iX6w(ht6>=z%0$k`T*7P(J&)a?XawtKLmr3lbl9D6}|3TPLr@LEBN zYw7}0S{6pQET;_S)YWS@Q+5~gHVxadqVj!j&id%H^Lf1$K$u3_Sv`XCxJ_M+Jl0)1 zH@%@F?q-;gy0GV{8(=WTJcU86rO7O_n0KxDJCU&oSXAE;(;-;JNe+I{Dtqi-A9YdGoH zh+8hY+?uW;Em;*;FK1HKEKQdcm;Fu+*Iqp#7lPxnZ+4%0^jmA*CZXBp+v?_8uc4Vh ze2ErF>fHBAP^gu`H-yNB{EZy@hW+MUk>FU#G6AwH8#c#h(Exi0?9}aG9M$ zyIKX^c)FfNI{a=lA_1TZ&}XK^%In0C=%NHG+Po^8(Rj z3+yu#mTr&1#m9t+A}oRAkQrFy5pa1sc*4)IpHK`@^OlR0g+&VUaDAF>$ngM>Td9YbS{|C|+3UKOJS<&27)YKh=_e>wbP5#|R#-9v7o(jF)vTREm7Za*){SGy zOE)s?CfHFD@@0-06*Aj>ELX~qyH^S-fMr@iZ(epG0lZNtAxnNOt)XOTG+h0lhR1B3dAg{e;t=VBTDZ!^+KfXT9e#-Ol4ZqLR zQRTr4ZjOlvS5BB9BG#eo+2sjm!Io&-POUv-8BY&SD`JxUr$k(>@zl=b=!0H@LS{uk zDDSf>j%F#IpR^C8%@^jz!x`^3wmuhnket+-8Yz&yQ#$cipx0Om1f>YzasfEI##^;O zxa?VEQc1colvX~Q2G_Wowp`!VhIYQIsI$J7nd#HAjEbsnD3R87jI}Lk3#23^6PaiD z`1zwma@=s~$_c7CtzBumnB56us%O3ZuVyDs#orrNNoLiLWQgHPYm7Gr8Yp}Oxsfpo zo;FWgW$A$q~^iE!&&MpV@G?@@*@GQo~e4N&S{=!ip?#oS?2}63`rqp z@uCT02|=c>$}e?F$UC%OK@&$}rcEbvb_@H3!eEmOx$KOR`fh^Tr>^J*zYXk^o?eLp=YaM>4|Qxfxz zF%wc`QsR8urNvQ3fyC4)f|UFTn!ST}1!3py$OxnehB-edJStg03Os}NNW0|hQTRCd z>kO2i{ZSfo#*m*DdcLlyMB=or-r5Jd-_V;HHC0n%l1goNZB~$8vMKJL>>+^>hiH;w zIApE|*!-%#+O2x^f`Fr;?rs&|j8}VSWpgsac2~RzS^BIH6!GWUjFg^hgUfTu~%jUN%Uw z^QV^k)e>U#+K4%qFk3I7=k7hy9@TC(?K&^Blh;HVy>g@D&=_-qwzl1L3&Tu{gb>Y~ z)EPS?opX|bMs~{zKgQ-*QY3`x6N-}ZUAxBwc}$~O)_s$+kr(8RB0T^>nsI zIvP1LGT*Nvo@6NC81Ye33IRttkMtDM4SJjT6)>K@lqRMhq@_{g+0FVPY+ISsa3Onm zbn*8CHiX6Z(nBq7<0S*L{U9l#xw^FgSf(SXivqF#(lpq^mLjmJf@iTaSpsiJ zo$lexkHxSAR|kmW1qKcUEh;)rgyP_(u_4Jfsv7{3HD&+Rx#zzhIHUi7EBt!W&Ois{ zxVH*?;n)jvdhZu~3-~~;lHMfRowc3ofTIaVi$Yqa%azx*U_pHu+rJ<92rTLboB-V3W?kU%+-+~M5(SLL>CEomg;FhB{V^6)CD7q?Z&|cU#OpWgJ z_APWdF}eFvUtZo}eGwtW-aaj_NBLwDuyYpQ?oZyWh*1Wu4OYAV7Jm7=lcl~iTtu`I z_IeD;`}(lv|6rjXyy7h%tittfJb4ZbsEW+*$UyTO@zS$t#`-*j94j(8M6gHqFaW@z zHZy2L*#T;m(@3^Z;k~80(4+!*Nq6BNK;%E%%ryZ(X6+9;@mWV2z4VWI>{%9|Uxb8j zOjU+G1nk;x(g3e}YaiR&8r2p@Wk@s zS$dvB!yv8cFH!^^t`-k87M3T4xq7kxH$V#h`|JDRwB=RPfkvWfQkZ}jTl9wz&401Z z;Xiy|pr#3IA)YfR*RW(&O}x@n&;uvidlOxCiRUWhe-gjJXk^sKb2pESkdypu8UAEv zuIX~2cV9K^KEQZC_rNhz(;`+bHX!H7@e0Do{=eXAf2rbYRG8NffR{D;7;{y&y1%J$ z?lS)ZXW5vT9oFDyvSP1v@iQi&!8$ri=7WbUm(z;`OsWWx8~Y#kTn`%TirN4eo8J$V zWbH;*)p_pF0ruk9&hd@cM}Iz!^CnEk)l6`~5)lKArhLJiz}Y ze)+Q$CSmJZ*_t?0C<~!?;RU4ACNLoiTXWKy+g|*JIrNj|)&NlGk@SiN)O*10N4FFm z1OE*Zs7N@Rtf96Xb~IHm{*l90e~->@l(6DR)87$7)Nk{DwQt z+<+)QLSto=1kml-$l`EOAID;?PiOKej#EViWwJ=3m@C0xm_vGq$Z7ng1Y8}GMQQ3? zB?U=-nZpjLutS?2)9lw(50YwHr8>nMas+b{vJIgjHh?N^YgQ-QxMkn(PUShrlk}QP z>JqANovpGd@J2zOnen(+r+!-$h=hlBXkKW2G@d3ZAWp3_g%juBs&Mn-7yvvKAUnrh9fc@zGP>Zr{Qlzidu3r|GU6Uk;VaIBYc8F*uV&PaHyZ$BEQg2 zmG@Nm;CZ2G1?p&w`bpy+ABzBd0d~|`zrJ5vjen~vo`%Tx@CdTlNyisCbP*Q6_51VP zT&Z@NerBy4cCw;R-u~)OgOY`o#ofLB`=`D6mGYrxi6p)!JMRFI3#YC2M$Sh67_Ra@ zZ!WzdQdy7sJr+Q5d2KkZ=il0>HGHr7VB_#6LQWDpBiu!PuiKH%Ue;EFAPXN0+ZDs; zbX&Nr^dM^vnV4s>#`bFwFs^g2j^G_KeR79CEVrV$$cC%&VtzGrup8yp>1DveMgJBr z$ku?w}a4c#*~_tyaNs zYPHn5Qqr15T)EKkE`AUCrarElQ&EOUv5kvLbILaw>4!pH7veDy*{jvH*u330zMbLx z_L(!f!t@QK=(`@6?K)fFosE3_XZ)rG>`RU0@X4aLM2XRJOoz$&_q&;s+Pp%;_sA3L zkte%NPBe+Pm2h+z8V9T(q|SF6oEr$qb}{NL<|_}I<$v*c(jsqYrNxiQ(VpBHZ#(M| zax_17+KYsCD#$5(lz3f(ue-Nl-HLiu5qC`B*}~2Z|8L9GQ&}@Tys`Ft1w7@wck=Qv z_=z#w{&S!GYzy{Uq$H*eR?J^o$R7aV(jy{$W$A+T3(1uu!f{B%#e8%Em~1+UP$NWt zkLQy7`X1nF0h(dtTC%heJ}I24LE9_vu5ncktg1fLLiHwpLqMw-g6&^SLio~}7&?nO zS2Nrgm^CB@5EV84%^x0^N0l18!c?9Pdw`~Xm8=W3%=l8 zqJ4|M`ZR#h8!3TJ!6LXmAiYakN}GM~jh83z2~YMB;D?ISa=1yDcIBt7DHY_rpM{gSd8e-Q@-JZBf8b;wg|@~ z?b!76W4dRqH1PNJ^(?5Sj&474I!w~r(zk62Cn*5(;?$R)FvU@> zK5Gha+5kkc45KR!HNDF?+I!yR_J=`P&+_v#JXfGZULMSX^|p1Pw~_zy$m{XgpLa3& zmHxXDo8Z91v3pIM+VacCKi(Ioip;AktC_A-A$>)>8u*fIRa)D2f3TaPpY`QvP zLU)oUxC^7W(ivncf53+wksgD(TY0<;N#^#;r|q7OwX~i4<#~z>bbY-ixz%WMJ9J=z zWx2aIv>MgDobG)=ht2z@PY=tIT}AfX^l5T00tK#Trhf#zUFcUBGTfWhCQ@x<5!nx1Ze|H|?hgt- zjOwT-BQnsUC{h&YIFAl zP??IEed8DUol|Mchs23hX<|Go(((1hm^6s_!L}d}&{g#dBQ{5Pw!D3MS~-NV(t??4 z_!>VSRuXadG9DH4{ngCcI?;Hd!=_->y+&rfMVaNMQyv;XrD%vhe@d8HfM|$Y|9*gD z8490SyxI>?IVCzo82x}MQ=-B%n!<#9DV@}gp6`(puq*`Hf~|rymZ271L&vYI1!f0( z7VGNhz#t98@4p||KIvz08+l5J2+w3*l^u>`$Y?jmTK1N7xs>)=e&jLcvdA$~Y2+0~ zTQy*s&`9j!Mx^FOpj?Cu{bb>Y(5(VMQO&LnL;HE+bSb@ZQXmW*7sZs;urz%xt%2E+ zDwwfoqs_=YpXf*W4aMm%SLGWpkqHYnPWkC1JBAK28Kz)IcoAJkSk00+;4A-e+WxoP z9$C+BBu)1dU)8Lh#QoB7OW0&Mw50v^q`!i}w8TQ|8B(P5mO-qquPc_zbA%;KUtZAb zZV$n-&?93sQUv(w#{dwoWk+AaPxrQ+oRigTx8RNL-J@FJ6Jw?Yy)%oi?MkgFaup^% z?xiPPOh5gS&}q8!)CkQ&W@w}q>FO-%PE$2#N4Nne=ES9R#E5Q0TlrgDWv8P?f@YX> z4rTD(WIhWfD!yPFeH(2#GaC!l)kUj2M3219trp&t-h5}TibQt}OqM&8-ZGlh2XT&u z1%RRO+4Md~pgOYqJ2$aK;%&%RCfvM!^O^AJ^g*^s!S<6!lYNsdcN-Cuo|+^n)*vr` zv5MTsS&D2@0=V6`g4)HtA8R=i^u*hpANQtf+7?IFmNrX6fNq)B3?FGrWB7nqjYadq z5x|^gs90nSYGR;kg5<2q)7k=;-h@66vrEzFvb%7xN&`o(oct{hkB{fRq7xqHM4bWD znq#5YE}}W{{SDap81sNbpYqh(Bf32j#z3Ie(MViQ0y*HWv8Gc-aT3}fm922rB~mtw zHx?B8&6FXdff(?~HzW@l3@_Tpx|+Fa>0F6$A-gh#zw^i8{288*(O{|JTLjAv5BBc)7KR@i2h-L!*|AG+eLL)dMm^9MnV3m3`CV{4sEa7d;tg| zQFCckfJ!YSXHZ^q6TLHfVliwxu@<|mNlKflOvGpWMjxWXB&TAeDs6jg8{2vG#dX}3 z(Kx&xgqz#-QL*t*^v>P4T!+UlH>qUU!ydE9GsSizX%#ju$*rl@Z=x@j1<;BaqLX1s zP;LRZhpJ-l2+!ofVVd;`hrv7YM%Z2aU1uD529C(tO<`%$NG>`(DA?d)Kg# zkmI)-O7IQQTda}dgZVz&g7k7 z*x4KmOYDoy!n>{#SoZzcP(8+6kkC+(l-b`020PkCdIukjD9ARtRmfg#Q^X4trJ>X{ z9}JKGWY&mU-i`)A-Zi$Y^i=-z$tXC5@JV)+oRzQI zGSvxFy=!*d;`}G*c_w3G9D6&bTy+QM6FI&nzn|_r$kg+1T1T?bNLj}EKT9Ti(btI>-I z!tLD=Q!47`64Pu+`bt?%#O^%zT>hA+h;poLDf)`bLZh^~HJ%3<{@Mr~1-mg};DWSk z$jR}Q@Rj&!c*yMjY~V`yR|c-9`lRf=Pwt7&UEf0$uZQ5Gd25V_P6QQQ9et@nsTa|# zNh76OU?uJz&P&7iD`0!5N%~B$43A}(iLr!?FJ-}c5^3M+&}989X&lD5RCJ)?AQ>sU60eRIkoqC~w+@0wzX8Z{O`Q8BSZ1xr+HV3|oVmY`!n6BUdN6cl5@f-Th=H7aQA zG4_VNmz-zbb=Is|?^=7E_d4e~d%t^a{_uK0L~hFc{C@ZS{eC~xa_gDry_BnOm&Q$T zo$x(MMzZ_lcch@Aq4sle<492N*ZNboS7`IeL!X^_HHLlOFoAB_!Rt2HJMJEO$skqMvYH^MMk#c*m4_>8+8R*;*-a10k+OmHw z^5FUB$exucHK1dl5kkS}Jr#5sru$>+Q-wDeTdr3lo-~mzJL!$eFQiLdD(??c7+knM zP=Ec4mZJ^yYD8h^yP(>uQ~J%`xm~$0iZ5heUy@r2^fuQ-$_{LV76~T~bikc1Q!?Ig#%h|@ zI&Q!66n^Wu<4^A4v+)_Qr1%S;l1RS)w$yZce6*{oW7L_z8HGQddJHI;4od<$tK4eA zPbLEG3#l=`n2)c)ad40LoNY1B+kh|JfjdpqqG_^L-5F}inF7Jb^AnLk=>LMQ&RXbz|%AG9piemyH`eIZlzf14>3Qt$R{Iq zojrTSE4TJrFbS?LQBwQTbNc=p9vlu3PkErG1WWM@*XXue=}m!h-a$)tJq1h&0h+Pp z0#rnMrGucFm6KijQ!P=>8cndn_q%I{p=fdnYB*=_IMb$5gZx~5U`$)%E6fNTZO3QY zS~6$IR@cyey4<~GPhFk93GNyU)cEkTvCAWib$-sGXzoHy;FT>AL5EoX+na#2mG=ou zbqC}JT7|dI@1)eW9EF|ucE}jB8yqwo=uyZPe&=YDEZW}ZrFh5jb_Gle#$PTP4e&U0 z4Ph#>+DRx%iwkztUvuc8A_R!ygc&pl%QZ;XrInk33bRP*oWNB@wh1k!H~I_fU>rAo!?PklL^} z-kmNO+))bNyz_aU#~0qqD(7!0zV?2iecBO1d>axOP0=VD2*YvO6aiFLmF}n8;`N5} ztrjz5xyjb(v4=d!t{}oH_2cJIdD$Bv<|X{}Xv<*7&CTNc)VUJ-`#m3l$^H$>%i0&# zZ80F|N!)0u9LtXON`3A^{r9nc)okuI zJ+)u+G~#+gdfyb8XWV7_Q!do0VChWjQptI~sZa8;2{tn`qljBL7t<=D;xhvD@?=qF zUE*ff9Jvm;}^+3sWMQM+T_0O_e#!ZE{H06jRNoSMY&%Sa$ zV16mXCX!VsLq5BY6ZOojc5K|)?a_MpnNA2|ZM4m5(e&G)-#)ghEx7tt*L5$Xi>3v1 z8jJOEcUO5S*@)`}CoZzGn;2DC)*W;q-xGEs2uBna`dNit2y2G_U?$yph$B3u$abK!kAgH<| zA%S%Njuh)Ww49G749S_XqPSWFq!-DI+77*M3?DoQufBYwjxj5f-Cw}BOJMGvNsufk zTfO=H8=;=6)G1{fXWx2i<}@`{cT{j_26{GPMxS<5g% z^XHFS&bxz!=z;g~S{j{dV@VtgnOn*mM)wYZ*{8jy^<^JXOkaa(-CR;@TdLD12*N& z_8UCnzwLj1)Xlc7i>V%CpW4@7;F(Vgb+O#Wb@FE^146Tu*aNQow^ck#^xe4;<(Sb* zWF5Na*qbi>M4 z-aKh6m%dnql5SPcjUF`&+>)VZu?>u64erhepEH7t&rNW3$qBG#1AQ}TWgQ{5DX%Mx z;}&89v7wQl*e(T+zEmfxZ&s9s?0Y_GpH0?p70h+~@D?Q0D^ir6?koJ=58Q>jUwa4W zvygxcMvcZ<|H+Q?LF*k-#Lg1;YH_2<*Q{j4(R`5LG%mf?2(M4Em|viwhi6NGSxcmg z_{oi@vdupEn3*8~A&C-nDTL9~qQr2dMm5BmAF`QO6Hu1WO?kk-_?0x*we@nsEmoz% zU6|-cP{&FGqgKD>T!KrbzqbC{f|+FHhQt61$b~#= zgWf*hTF^sxd9>K~RXAj_Rwt7u9-BQEV$s;ODSPvIO_gQMDITG=H!7K<7kWazpQ1Aj za|B%c-xm@T43>CRyx{=}s=e(f-ImAki(@1%fnJTS&um_`nl+HQuP3yt`jU65JA3L# zU9axspp=UBWuCP}xmot;rJgEl4%Y%y7nvd<86EwLX`1T(7Owu_j?>6A-<|W6#{-*WK;rOjVQ!fmdZ9}4Zs7#P_z+aTpn zAi}-Fmv#EFFaKNYoBiFB_ycO11>JM6&;EAkcYo`jFJcZy8W*{{W%vE}eGpJx+Midw zuTcR5vV*Mh$F%Tjp9Y`V@x)3d`}42J%_1Wz7=rkA$kKZt ztPukerp0RDO|K_Aa~Fo0CH5BCdwyjM(sFPq1bq?engU5612C1|M3Md~OMIGyEzcO_ z9H;|vVBc;2Wki2yfPr!RQBM4Mu>WxUuc5T&%SdnK^nh-guzI`v!i|BDbNMt{emp4p z`1ACtMc+-p2}Y&Hv`u!$_M>Hc=Lkx51Kz)`EBX7&i~3yW=1$S#Ajfrep->Bf{{TB} zJGfqct9mftvoo^C#1>3aCB7X}c%k1bu|%b8jxdgzf7!3pi~qXQOd9wp&-RjQL9p_5 zCu-`k_k^D9o{SP= zHyAzgxmy$i*a>Yn6+C$vzXg1{4*yh}nClvDsa`p2sy0T_cs+saQ)$aq zRe7{A^^&n-M^!qX&=*=}D`mCO5;f!(iXoi;0C9HWQ!cKP&pV)i;za_F*HmQ0xP)s(Iv@G3Z$*)FG1Iq2TTch4^=^41% zbb6LZp6+vhX+8L_28y1F=Lk+sHjsGyggL&(oJMRM*IjgIilpA}4=mX6NedE_Cn_|q zs8U*dPMc1VcF4O6h{ zv(-wCX8*t=pOgPSayCE?^12|5+?lNHqE8tS{&wi1_g}FY+(_2) zF4^o0Wl)RSW-Ml6>|Fv2@Bw^D^`?L~Gmox+UDxkL+3SBmy5AM8^ zqOwp;lQ()8?J!0@E5GB6?)IUHqmLIY4dpH$9a{BnwzoCUKaW`K5fBtoo{e&_8hD&o z3l;=jD9*kpd~=XP5urHOwzdW@V@@o1|2l_i7&<4| z=^@bTfQhw6gWctJZsm~F5QXuve%8^2Shc3f9pRSM4sa+&9hA*iqh4>ikgE5@!m+}p zi(2>L$ioDUP`joAs|3XThWMs6>#WsuwnJ^{F6)b0Zn^N>blCGCbxyx+%CP;-=K~8W zvk?C*gdvkYXRBoVGC?AnH|DatLN=~y7016qiVc+gHRX8ySei$@^JcVKe!lOsR74u; zR=Ox_`8toWg5`=7KE7tJHe-pG(d!9#8EvHlY#ScW?7P%8^%{8QqzGnX6g@Dp@gJjz z8O8!Yh9v-ZgrrmRs8rWA9v)??0I*gbeNtWhR@xCQO)h}wCTJN^j7Nz8OaUO^;H}7a z{6P-&!ELT9v3&sjYxSq@g0l;G+NX9+zl(lNXO5KRySv?UiYGFxl8g#mA%jG3D?RAJ zwo%~EZIl&<~qP7!8^@SKjPYG6sv*3>PXh zM-&EZ*_s&u8P!c!XTG8yd>+F`;+@Pj;<>nfJbT{LRj4m!jV2Q?v2Ji@Y47cu2YG?7 zVW|^j<0tC6@6jSrcYUP|-1%VN89qs=WTzgM^FV` z6vc?Hwh1>xsI(r7p)wp-&53rKOcjYHOgLm9d1SSEbtS!5_kr=kB-Fsz;X&gJ3M^)2 z%1t*YwmabB2KYv&$-58lUDTJEzbyXFBQV5gK3c_QZs8Nl9Pq@@@wCJJ#Z;w_D26KV zLQ^sijq}yaY#1j6NtQ|cT>Oaz?feQq*-XbrsolCdl~2V>_=aQqxbRcs3px^D63>SB zQ9G>JlcB}bl)@@K&N{CY?{h|S-No6$_0W{_{(72n4bMCx3%rd7>9eR}p<$?oj?;TN zDOaJVXB(DrdgM1|++U*EH}!aUd>YoFIKfi_&-AHPEqPII*JZU6e{579si@Hrxo;co z7I4h9_QpXMct;4EaN=v==0_lX)bSu->7}0p?!|^7r9U^*_5qD01o+3+U~xRJO6a$y zti5jMz?mm9tfskaML)e0yilNvLrl`*>9e}_ki-#1$PdHiNmHrzNiLiAvL(*Sk>pli zcL^dP(Gn(a)ORIWU(TLKI#q_8jY~-pd9XpG!Y~FM ztzA(aEyq+wvuor3GKX3AHT&dGIa zY-lL@SnORy&RV;M$PgG@_2d)098)JuIH-RL61?pZO44wBo{UF(70#HF=1gx!h%w4P zQd308S^35cc~K(G-9`w%z*}sz+1xWpvtHYVKjgHpfpphzjPj0{uf?5hp8MixAZ*{? z43JT*|3XILkf0&ML3<6BcLBK=tj#3WaYN9b)NOFt#pL>RqZVwC&Hfz75roKi@#EQ_ zoVPADrI9yH{0ETJe!_~al3()kv);>e!0liGkZSc?;}lqJlt{L^^Mbg3cD!9}`xsgK zth7EGZ`oh2m5e^U&PWMlLoK`PXg2RR1^9F#DcB{VafhvXZ*8*xkVt|}ae*z^dh|jD zR)C#!42L`c+BIMqRv!Sz$;RkQGsJ#u;JAVkz) zWYo~x?}RH?d*#ukZ-=g1+gvjuaeEJ^1%5kp?z2w8 zOUZ|UOKD+i1NB>BzYE`VzuWw49Zn&*@7I1i^#0o+_t{_mq2~KveZzNPz%}?6bp&uS zLu`0P&za_T&0U_ar&fv^8poAhTv#f2sNsOV(fA^lDgo8zHpRX zwxMaj;~HmA-AY}@r7D+ajp~F`;@(8nP~|d20)g3eN)nqEIsn)qF09-645EBbmtM(e zTnQo7V&}Yh=@a&#LEx^u@XYij)*etGGrq^(5TP#p!o>@JtVIhs_weis4MHosaa;#1 zz!P=eJ+Wh(dw1ku`~Pl0{`Yum)z%9UDrDw&_ae6Q1y_c|qzENI#A12c9iq9zgBMUP z5QXBYV;9qs1zzq-r-0Mbj%GN^v)%~b#&rxC$-_YX2`KI{UlGdHR(sP})B(U$H%mJ8 zBNwpvH)KYSovDjYng0_;=l>+Q>j}u)pZv?MJ#EA4khCwE6$6Yh9vY2GoNjst{6xQ47~LBbJ!Rw4>f7-+AN)edS4p5j z%4D8IT|+g+u;Q68%E>jqn;nIPt(qd+u79BgkFD2lW7cijtjrEvYq~W^EETm-kInw4sr7FPUg)2ky8r1;e_TD@>w3BV95B1LoW|`Rx#z+~ zZ`TRCwD|2%(uK{PlkdDaIKR)6Lq08%R~Q|MuEC0RplHV=O`sHqQ6q`XEhT(Zid}jj zmOBM}MIigFC*d<(SDI;TW>iJ}c(1stVS5fzee$z2;UhkhK7&ToR0Wwrxk=C; zDb2lJf)AROKgL!+z&&EVNkq$-@bmJXc$Y6XtEV?p@u{NrLQfXWZsUL-D?)`3#dwYl z{p}P(f>Jg%za8S}M08V~R}XX#fN|G_zW&>2 z&+(1zmY7W*Jl1yl4+_yoZtL}T#%t%eQk2-5^yIc{!!~Auz0|A{D^m-Bpu~=3y@U1q zp&2AM;qYg%h3iA)n`skJtV-#;Z;E>BUHEnXX0XuYSmo>vZ#PRxm1MOof`^m%mk88% z6JBzag)1UZ)b~h?lP)+u;b!a`5rc&BSF0U+zPkI3hr7Ga2e-t$T^C`@Sj`Nl-Nl*! zAi*8)=z--q-jlLU273HA)l-&86MGW1q2Nt$RqHVIrJKo*{V*NM3!c>C{61b-&MYIu z)2JqEsi7!(`P(6E=F_FCj=)ET(mo1R(?uqYkpG{OS^qJ+Rp-`~ge+bBUnoyohgbd{ z?sRyI6y%bA?vS-3j;)p=Rxi78o)3sEDB4FqG&UM4A(`UUsA zs5Zn1-u!tEW&$7>Jfn?{b5;$7>jn%?OO`;bHc)Z6AZH+PKRzgGu7#>pv~soLr>eH& zJ(}F6fll|j=OR?{q4kIRN<35=MLYqQQDhU?DGxd!G*w(^1?9Z^$eMRv84!5DrXL) z_TmC2z#G|24>T}yK%{8ljj};hmU8r%DH}rr2n0@=;8?1wRhM{rHv(x9!d^Y6 zlM{?u&}YfRFtBPy*ADZA$jj&p=7X|kR&gjuB{FGZQ1+-FrdQ|qq*9LQAaT_U6JUoR z4G!$z2c4oz)x2?^F|?Z?v|FbsI8L;isR=~Zxx%HcF|P|bY&M2ve=J{p-ao&A>0I!9 zA_<$kU1PglfAsrZ`tSJ4Id_z_R0PRK8+Xa7B~4x(+eH96{ide10b>f`F#q~ ziayAzlcZEqR9=+1#pF#XuT^0wNQZ@l8Dj4ji$k5Th5oN>Y-y^SNdQ*@Vs+3l!j?$x zKqPf)T+KxzC!0M9F7xBF`hlRq52kREhMKz8el^Fytm0}Ebo{w3dSSgMwOP8C#@i$M zaKfGHMBoEQ#=~>rxlmqS^B^mZpIuKx&!PW4N-m&S|EEB^FV=_R_Wmi*?*C=k{=fbo zxeYq_ZfI3;T>TfLTcHV)RWS2=cOfO_GH%dtl;WqtKJ&ouQ8YJ z$lJrH%_UM}a`i?95t~WS@^WTE8YS0Ud>U0}!@V?ar8lErtg7qVtoO^I-8?rOQv8Kx zN4$>gw?jeax_W=WLy67r?9wGB9NMv<{}RXYZ)dsxsYiss_{|~L{(Xtf{@+S{_KXaQ zb^$v=py%dL!-8Yt?tJ@%%H{Vjp+K|y_d7d(d6GvV`AiC>UnLUe3K;3{jBTj%>`p)} zw`Q?BAbeD7PJ9sZ!h5)E)8q0K>4wGlAwIF%X>vsSl(Nw##VN_fswF*ih8pwLYSD~S zJveS33{fvRWxC)m$R6~ zYzv8wHQ5`13gTxHtv!RnUJiH#3#Tr4C6nm=_&`#E0SG}yX)8J*quy1+d>Y{=wuA1d z7-aShv+utx8!-2{_@rB;=p}XDgAw1O9+7Z04MYWNC^_((*0qQls@oM2xVWnZF*g?6 z%0?ClFyjS!!k8C5>J!ug`noTZq#|+lFRCbFOLTPfU054qVYt<`%BiRDc=rz4ekyxZ zKysO>_^|k*$gTGTV#e*rUIrbd#w$>$XR3Pb3jTivea7_B$b)$U$wue*@*arJz+w}@ zdkMYvH+k0L@HH65JsdQeHL7Z=YWid2lJMzHJftA6a)zGdXkF`KiBp^PRK{X$a$Ggn z)Rq}Sg;TqvpuN{OlRX`}7k*kQM@_(T9NavV=MJPj7?wk{@mub9^Oqr*wpbhDI}wBO zi>h$2NEP19D3e2Xc!mZNLd}jeDUx;#;`-%0c5s(Le3+ zI%pJXNd;aUmZ)f*mjD2?J9Mck*{}j%5ThL)1^D1NU+~I&?>c4%+g2@`!^)kk>+)4X-p~be8S| zSzB^?S}yk4FxsNL<=gZ+qaeX+GbwR|ivo3eW=$O}aDmL)g$nxscxbb9f5x*8zq)%$ ze6x1`DaVOEM%&XpJmgR?xMldorN{}`TDB#P;C+&jEb-``Dladz^ys_!=L^D~c7%1s zjkFNO_zsITl(uWRI71i|U#N!#B3;#x<8nq?tuGrhkd7`wNn%_ zGz}K+M2U|r8|%p^Rh&7WC|Bpq!}z&;U96v!ko-aR_~(iEM4$embh`e!l4kq5!;O7G z^#P)G@0xrkxf}Y%9+zz6Rk1T|js?>deEQX>c|d+vVXQbc3tayDkEI_rDgAKJpd9k_OaEgoex3S#0H6lCw1T>?Q!+`JdRXH#2 zDTg5YEFIhmQxke`wFKo5d%@yT(LGrrRkniM8BMIcUz}27stf05$j?6q8YjAwQoG&l z8xSW@K9eShy@*qxme1o&KiKwNE514y{1-B8_{BJKM!P8i@n^gEhh zN4qMzOA29lHD6sIn3}#tM5!kb6V>S6(ykVA9Vm$X6eP6%IK;f}4CE0aGBUa59vAoc zw?p{OjK#+`c_YWp;DB3`g8D@yngJ$E?qRf-taZf+7v|k9)4sB-)6r8eXt{aKvQ}&W zJ9@Q~3o)DW=52O5(TL>h(-n!w*5=){RvxQ>kav^cZvcR)OD7!oUVdU*jaBjeG$yCt z_r+;EM2U-~LEyL=VHm3L#$k?qXP$~!y4i1>N4FHYq5jFMWULxN7>?Skk9y@2> zEgzuJMMdHH=-OYyE$FfVg4W}_{uFdP21 zSESq(!mJ{u%bwml21G0i&D(l)-83JS8Em_K&iPqriZI4k&fL5W0ftWSYDv~ME*nbg zUgGmez#4@O2dxFtRjbCzu+VFH!(pcI%5#1jW=oG|+Z|Hs4KW>uyXP$hD(fEhFdymp zxcF~o6AZ_0Rif`$`P=FFy@-D24N_$c&&bZUc=3yrl zGn$fSCwv*Aeggua^jcYi;Fic(>&DYPWYqq*^gHjd85puo0B^{mXAB3 zAR;*xH#S<<17&nQ-11woL9+(ntpQ(hcB`@zbLi5m>sm!J$%}Ao&IbsJe>A}S^=~Z& z)}-2kSk$%Y!5T2FI;FO`$ztnZs$zQol706GCgnC2^A&q+I4$;*8Dj7use5>mojpA9 z5c#}rXL5z@C)fhw4Kni<8d?9^S$yj3%sM|`1$-h{_$|2&U2OA0T9cPCV`F|=PNA@? zHowo3X%JWi&un5%n4d;-4Tt^m=F4uWjiiDtv{g37?B4s)_wG4{UWtQ!H<6#kToe`gPY#6fr?Qbn=6CAJ_iYb;th^~&V6~=3Pu9`c zP4Y{x5s~Ee!WE@`J2WtP&Ww)j{bfdJ@f0P2xP2x@AQTgbyM4a4z(Cm$IgKpz>yH~N zR9ge9q?CVZ@P+6*;QLDk!wSKLfy@gsiV9g^(Xv(jK0rcw@Ox-lJ8JgQ)i0mRXOe87 zV}1g^CJ)G-{6=NUFdw~7@nod;$^2puy75dgk zBwF3pD}pX+DQ8c;VwBhxEW}WR8+u9RNto6lsi?Ppijh=mWR1TBg7xx0jrrf}s%AQk z>w^M~S6?=5j4wT+&AI>)9^<*5 z?$tJVU5JN>#KHa8hS<648AjgT~aa?Lgmc^=KT_{y6U1|0R9Gplckw4 z+fXhwg$KtTxxN1RcKDS_mt-OEJI^}%EFiLD%D^*1fLWP^k{35t5QvK}KqGpx3Fdh$ z-O(Qp`W}s%PjsPv2znA!dh94tjJnnd(AA_W95flJ5=nS zOq2`DG|slZxe_eC{1hpCFBkCvATA-EX+@kA6R=nB$^*S}BAKPlj zOuSDmGq-4Ji7l6QWE2`=(}Xe}miSJXLi2~;*7cW1&_@Cmo=(?x(NiZZ?`INZ*T>% zsx`1Y|K~5oca!76mvkbnX(b`lbv?H-+k5_cF8&@15hsJXyQXSeB3TE#qRfSWUg63mE?>zSP+d6^{Z%cn^1anGp*SWwz9do44wLKZW;u2Bm1gfu8d)6BX$ zzy_9BYLREB6T)okEzQZ-phcr>dar3X%+ka|e5Q88Eg-SWX{#aLkbD{IM4hFgyH=M_ zJvtS>O7!_^XK(jU>6jJ#)Wr8)b?E!}F(rQH?KtStuD!m}=MaT6E}Ybh(ya>EOrwaZ z>0(HCZ6rrMv9o!#8{HELyLTQ1RW2G$aQv<9>&kG#w#irXwzsm*Gt3=ZiIXJ9A~-gX z3z^~8PMU3e!ta3g7ZiBel;_iGpG;2Z^Zk{;gN8~U0SRi1Vj-6{65(_^o&Ay8q(I%261zM&+CfbISb#_3D5aiNq`+NvLN^4#u3bRTAS1hrJ^!x7`@wG*vcfHi`RNepNa?ee5H}RYNlg6O@SH}QpO^Q z=bP6DzGoosCKi*Ti>~BGTZEjdo-R5_7j4e{SXU`5-FEH9TxJz-qHe&kG?X^T&$D@s=#p`y zyVr`kF2d5Y1cP>*tXBDyPz>vu?ftu$G12y)3p516TvJ?nY{hlB9dVorfvx=M{yw3e z2Aaa)GhKiH?H!J-;?fd_1P^+REYBwhsqYq6O4n`QnUqW3N!yq5Ti1zw41;W=s*`5) z#%M`niD~&*CbH%@wEkpItJUnuX}6alMewRu3O~hUrWb{u(VIbGx$;=1<2U{0NL_1! zd`kht=o!VYAH)s4-pwq=Hj8HAd)+x&a&1zJv@wQn(|Y(-c6S$tq#krlX77<`W3h&k zsX@|6VGr7bTf-=Ic86@){kCH<1H=|!?ah*Z`jvC)#=8E3*i%#gM`xS8eB`>+qx*s> zd3n>`qgo&*LJMm`%~#@bdW=$vMCYlEwgC3^O1%#GwA{%7r-G8Nm8AnfoU1*r&>3IT zJ}%s?gB^U}Sp#av)t%Y1!TC(T+@8usL?X#r4s~LDJ~OYz?p}^_iBHE(J_8BcNIT&H47|K;2GaEmF1hh6w}y(Qzbh^P9@*+wYw}?Hm)4~#P_BHx-gbb z($gC?FVUy6t&kIo95r-qUt;N*E;NTcRc+e5-ZEi8U^$gne7I>0H+0O(O?J!vRU{9Y z+%(-M0Et&ywQoGRx$YGj?}$x&%BisMQVy+iNrmQA5tB8Z@u73LN>US+PknLyv0MqJ z-^*B+0hW-2Bz%?fehvNQ&(rz8;W5GAcyX9Z`o}on#P&|!rv6d>g)XX?-Rk1-d1;y7 zZ|sg49C^dG=po$sWAx`pqYqw|ePY?mFj#9COuRZOIy%Z$=uQJ`q63$n2MA!nR6wK? zdNieXfj!gyuRyd zNpD`Je+e$+j`bJ68E^H%AadZFBpJQY`SSNbs~vkA2w54+dc z-u?k5X(RlMx=EG3ko$8!1atK&!eD_pm4fjYRn?t^gZ;nD_h~DhrH?NvA`)w>pIt>! z{7@eKP`A9mH_DqLD~*Gq==!nJET0zN0=)?}Sd}&5!D=2_B@ zZ{+bb6=-18fPh9n5>UxK*iB{taP*-#^w-;n$0XB{$N$c2d&OmV6&szO+$~8lrWSatk zC}a1By(T7#^nxd>viVrkp;&wY3X)o@B^!RVQ4@QT=R5Jn(h$-*%{IANK0TuQtOA`+ zz*d^!mXmBWE9N5bdRrX7T&_6U%3`61S|q}co*)n08-dacr_0|Yp-3C=$ zC$Y`G>S>na&`?c#nync(QIL4qtq?9J+~QC5t#CU`N-m7_a(v`kb?^x#U#mhbgAQIr z%L!7v?RjRSe4?qCLft2Aj+lnp6N1QEFDvNG=m*OJb+ts)S@vS8@cp9lo1s--3yR;F zL#6OJ9y6zGSW`-|ScT*wtQMSMPrVLHT9a#`A$H3!xy|OV%=9allm7*8I$TvszI$IWCEDe|~Q95?U0he2B z$%G(vt|ck?balUNq_#v()h@zs)tX`!kX*dHo^1jBJrNvz(#R$HJuZ8yCwTG4q6jhq z!E}b|!OGq2dLd9tQVO_&bfC7VbLL!sz$4H8lF`7fLE$nLT&V_luF&3Yol)A@0xm5l za{R2RJyb@G5;Tt*ofm!ddEG*yueu!lVtI)t_tn=E<+Hcjikg<~TGYwi@?WAS5Y*tS zRe_cxqD59v$I#`bTEouHQsogcF0oOzN$X6^X>G{yFCFRZc@lkIJgiAnd z&S=f1L}m+hJ@9JXwLd0^f765Wbd$}+6UqEQxt|kwvHlTtyoX>89@O3+y82v+NAavhrN)DMp37K=X0| z6i!)jW8~yy3VQ)O!rn5sl!MwD zpOlb%<{ED1TV>A0jr(r2Z z{!Kpv|72MI9+1s{pd&`77>9_UsqTfwPW?qgsn*&PT@zzAW_vHjE-8Et&r*E-= za8@(pv=s*YQwue0Aq}?4qx~ zRy$ylJM3F{NxhD;Xf7SB7ZYiebVdo)3~-&IQ#yYUTwfxjg!<&UTbqQ_PG$ zgSREJ64@J2oiw&>f}Gft^?4-PQp)yXq=FSOs zTQ{JE7aK-5#-7cIzr5~5W{&&z7RA`)i&H2MB_ZNubWpOp-KOl_BDlXu@HA1|8&VSm z|1pA`FQ<%-NYTXvia!lz*#k~Qro(7^p27bh!E_k6PpM8arKs3@hK(`s!dqq*3`hV1`W!X+ALLMNC$B&QO|XSUR_pH+Tc92z+Fu=v z#G}J%dd(gP8!e^lIkG%1Uv4RU<)(r9nq52a6aAsuz;9}WgyN6AN|*4s{#f0qr&Zce zm7+g|F@Ef{**y2`t4ADzgcdoLtPs+tO4sD z?dWh~e{gH@H4KG1Com6Oc99?Ob2AHofJs+V9${qfLmAr}}7IS)S*r&v>gjMGc$fFam^ z&WLn!meM9DEGsz$n3sS6FpDMUgXMi?fb?>?XZ?wZ@h(|*jI#FY;=k7y^e6z4YsDm59e>J>U`)Ax( zD|+xeT~)d0>&UsjD}}LR!m_cft~HiioRdSZ8R+t0-=%bapOI9DByHM992i8}iuS8m>@Q0cT^=qgwW;PeCf4jD=I( z!UxmCQD3%n-c%xCd!8~I9gpY4my@V9CT2P#xrDA#s<={}(?FvT<&1N!%BG;_sJr}mFF(4iS3xG5P z35s+6TyEf;Tg@tFtu{Z%w*ix*oX81k@lmX%v6)Gg?RMyD^>3#>3azlud|iyY5zuTy z+j*0-1=Aux?8nOW=Qpmt+WbMMiW631jn zgh|4XyJvD5RFObn5G+J}EdPV!K3Lln32X=fX^yoS$Jt?*pQHWbysYaW5ASuantM09 zK}4#ggp}+KL{s^Vo}p9exC`%1aq&ao&@|#;Lq5mg&6iYK?v`h2^t<2)>LZ4661UG&T2mhr!*cyIhUP7k02b_Xb+ll(Y~Z zUl6%H>SRasl~dK5swb%~s$6dYY#Xplm)(#7;Y~Y#e$xj`VKBpn&Wo`*!#qmX3#aHQ--P2W{*DM8Nj$~I!*Q?dP5%?f*t3+$i zLK#J`yLdQ%Cq5s-WVh5PAwH=KoxSH?^w>2xwK>I=3C&FfJsGd^j16|FFh1pylbiFB zl59PdKq;r~&eMIn%9R-(7ya1gmQ^~n7nhPbGzYoM%S^Le>L6wTm9~z zn{durEOzXoY_Z=CwFB?M#>1B_HOf1I3CJZa6;_%H&pKbaBXi=qZ-^V+$iKi-{v9Y@ z=LmJyRmrY)$kY)FRhyRncE}Jz1Gg0R4V#mLa>vBVq#)iky?yyqNZ#&6zFXB7hd(4} zM+p^q8z<(rP}9LH&Tv6b=JIuORP`szUUTUCY1CD!qX(b|OnfRg?+aF=0wTtANum2K z#q~!|_oVBCwQlyN?@T0Vi+{LR0>5cvb5o;J;90WTSA5<<1qNhI_bt*C$y%vC7s3a` znteMIK*8(rT6BHt{)&-yaZ24zRz{}3Hw4bX^^aEx8ie4n%4yC|75E=s%Z~V~D#zU2 z+8KRc^ zELGwa6fpqk(Y~PcNRFDW?}24!xs6AUt(J_&{j$zGh&=Zfdd4@64~tM967l--;`%J0 z*++rQ^MJ}UGU~O^l}7n9QmnR0=k2pOXc%phxrn9ZXO@1&Y@TF3&(YJT-N&g5CFtXA zkO$7XqeRJJT(6JYrI(KUW^g>KpLPQH?7YY0m#-B3MT-U__Cx(*&2r zm?obvHc4Py42}>Ah%X+rj+@hOXT?P!;#Mnt!Ty0exYtwUW8`i9{4KtN$)$b)01l){ zsIboaqUSg3lv`)0Sb(;y<;=eTrLy$k0LFRIO1rRNampLv{;G26c7>?tB^MwgBe}s^ z69zYakZN;3jlyYCrZQ5A;``+n|$6mGcSg@o}tP4 z+Lle4NK~N{HhoGh$aEbFU9>z?vq15x;=3ts8}^h-;(A8V5I8(eLJ%O~!ZlR<(T2LL;K- zQ0S-z8+vW>=|h?0_C;wC`4|%$8|W#41C364Aq_4fI}SyMH$7edl1lkiMXWMEfzQ9u zI=*=5YAb@VZkHw76w@`l`0=TMk1(YBj80MI(9hDUAC{Q|@8Wv}()38ASVSWzecUF4 zTc89C8Laay!V$ut7f8wOu}6HXkPqzDJ}kHFwlX#LxG1I zAWRGef?J^^QUbQuA5xWi>v=D*p6ORJfn0}f8*V=McBsD8ZDf6Shjaz}@(|a^BZsc99Ki%I?(+ALyBdq1`pcgnVXU_`f2KjeucNCTN;CM+# zNOXGO1HA5<5_cEy_0eaj!NFM~;5?S_^><}OXPK^j>l>*Zj-{_l+3a=>R~{)M3u`we zd%TANp7_5O;^G>roZ~ET*8JwI=&kFc-dqjymD?0jaZRu#RNedCd;bGFVNF%X>q)-ZLb~OwAXC=y|q_GOtpDWEmd668}aW{_S}$-_O0(9UfkR7`ZMsv zeofy?koZ-9aLh=}Ok>71Ltu|RYL1dpm7u`im-Qt_|CIcjVEX{o_rsWnv<-Lu*Y#;P z)@^w;S8wCL)4x_XrA*oJ+i>1}t`o{zzirW7Icf32cW>mCcTS26wfYslx&Q3bJ?pfe zaDTpXH~f|Z>8irAA6JVapNcO&81UnRKi zj~v!k6}C zA3k%$kmqvk%%!`dzOFkPo^tWEs(WvuglkaAzIR{#a8ErruiZ3w@5J?*hyF8EpE{kq zv8T)IsIb&A!xh)It~{iqzEF_=V^4}tPN3nMWZ+HPTP<8%z9=dFt#e?%?C7tudFxw0 zspCqk{xfX&m#HZq@=thY=MO*I8IMzZJRawBG}I>y<3x?_HJj-EcPH&<{}TAw)5F-u z4Bm%)K;nUs0h 0 ? data.http.paas_internal_acme_ca[0].response_body : null + cert_manager_acme_url = replace(local.cert_manager_acme_url, "localhost", local.internal_acme_hostname) + letsencrypt_env = var.cert_manager_letsencrypt_env +} + +module "ingress-nginx" { + source = "./tf-modules-k8s/nginx-ingress-controller" + cert_manager_cluster_issuer = module.cert_manager.issuer + paas_base_domain = var.paas_base_domain + default_ssl_certificate = true +} + +module "internal_ca" { + source = "./tf-modules-k8s/internal-ca" + for_each = var.cert_manager_letsencrypt_env == "local" ? toset(["internal-ca"]) : toset([]) + internal_acme_hostname = local.internal_acme_hostname + internal_acme_network_ip = var.internal_network_ip + ingress_hosts_internals = local.ingress_hosts_internals + ingress_controller_ip = module.ingress-nginx.ingress_controller_ip +} + +module "github" { + source = "./tf-modules-k8s/github" + github_token = var.github_token + github_organization = var.github_organization + github_team = var.github_team +} + +module "dex" { + depends_on = [ + module.cert_manager.reflector_metadata_name + ] + source = "./tf-modules-k8s/dex" + dex_namespace = var.dex_namespace + dex_hostname = local.dex_hostname + github_client_id = var.github_client_id + github_client_secret = var.github_client_secret + dex_github_orgs = [{ + name = var.github_organization + teams = [module.github.team_name] + }] + k8s_ingress_class = var.k8s_ingress_class + paas_hostname = local.paas_hostname + cert_manager_cluster_issuer = module.cert_manager.issuer +} + +module "paas" { + depends_on = [module.dex.dex_ingress] + source = "./tf-modules-k8s/waypoint" + paas_hostname = local.paas_hostname + k8s_ingress_class = var.k8s_ingress_class + waypoint_extra_volume_mounts = module.cert_manager.root_ca_config_map_volume_mounts + waypoint_extra_volumes = module.cert_manager.root_ca_config_map_volume + cert_manager_cluster_issuer = module.cert_manager.issuer +} + +module "paas_config" { + source = "./tf-modules-k8s/waypoint-config" + paas_hostname = local.paas_hostname + paas_token = module.paas.token + dex_hostname = local.dex_hostname + dex_client_id = module.dex.dex_client_id + dex_client_secret = module.dex.dex_client_secret + github_team = var.github_team + tls_skip_verify = var.cert_manager_letsencrypt_env == "local" + internal_acme_ca_content = length(data.http.paas_internal_acme_ca) > 0 ? data.http.paas_internal_acme_ca[0].response_body : null +} + +output "paas_token" { + value = module.paas.token + sensitive = true +} diff --git a/nix-lib/mkDarwinSystem.nix b/nix-lib/mkDarwinSystem.nix new file mode 100644 index 00000000..8aed5f5b --- /dev/null +++ b/nix-lib/mkDarwinSystem.nix @@ -0,0 +1,20 @@ +inputs: + +{ system ? "aarch64-darwin" +# `nix-darwin` modules to include +, modules ? [ ] +# Additional `nix-darwin` modules to include, useful when reusing a configuration with +# `lib.makeOverridable`. +, extraModules ? [ ] +, specialArgs ? {} +}: + +inputs.darwin.lib.darwinSystem { + inherit system; + inherit specialArgs; + modules = modules ++ extraModules ++ [ + ({ config, ... }: { + nix.nixPath.nixpkgs = "${inputs.nixpkgs-stable-darwin}"; + }) + ]; +} diff --git a/nixos-darwin/configuration.nix b/nixos-darwin/configuration.nix new file mode 100644 index 00000000..c8574de5 --- /dev/null +++ b/nixos-darwin/configuration.nix @@ -0,0 +1,107 @@ +{ + pkgs, + config, + ... }: +{ + programs.fish.enable = true; + programs.bash.enable = true; + programs.direnv.enable = true; + environment.systemPackages = [ pkgs.bashInteractive ]; + + services.dnsmasq = { + enable = true; + addresses = { + ".${config.k3s-paas.dns.name}" = config.k3s-paas.dns.dest-ip; + }; + }; + launchd.daemons."libvirt" = { + path = [ pkgs.gcc pkgs.qemu pkgs.dnsmasq pkgs.libvirt ]; + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + ProgramArguments = [ + "${pkgs.libvirt}/bin/libvirtd" "-f" "/etc/libvirt/libvirtd.conf" "-v" + ]; + StandardOutPath = "/var/log/libvirt/libvirt.log"; + StandardErrorPath = "/var/log/libvirt/libvirt-error.log"; + }; + }; + launchd.daemons."virtlogd" = { + path = [ pkgs.libvirt ]; + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + ProgramArguments = [ "${pkgs.libvirt}/bin/virtlogd" "-d" ]; + StandardOutPath = "/var/log/libvirt/virtlogd.log"; + StandardErrorPath = "/var/log/libvirt/virtlogd-error.log"; + }; + }; + launchd.daemons."pebble" = { + path = [ pkgs.pebble ]; + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + ProgramArguments = [ "${pkgs.pebble}/bin/pebble" "-config" "/etc/pebble/config.json" ]; + StandardOutPath = "/var/log/pebble.log"; + StandardErrorPath = "/var/log/pebble-error.log"; + }; + }; + environment.etc."libvirt/libvirtd.conf".text = '' + mode = "direct" + unix_sock_group = "staff" + unix_sock_ro_perms = "0770" + unix_sock_rw_perms = "0770" + unix_sock_admin_perms = "0770" + auth_unix_ro = "none" + auth_unix_rw = "none" + log_level = 1 + log_outputs="1:stderr" + ''; + environment.etc."libvirt/qemu.conf".text = '' + security_driver = "none" + dynamic_ownership = 0 + remember_owner = 0 + ''; + security.pki.certificateFiles = [ + "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ./pebble/cert.pem + ]; + environment.etc."pebble/config.json".text = builtins.toJSON { + pebble = { + listenAddress = "0.0.0.0:14000"; + managementListenAddress = "0.0.0.0:15000"; + certificate = pkgs.writeText "pebble-cert" (builtins.readFile ./pebble/cert.pem); + privateKey = pkgs.writeText "pebble-key" (builtins.readFile ./pebble/key.pem); + httpPort = 80; + tlsPort = 443; + ocspResponderURL = ""; + externalAccountBindingRequired = false; + }; + }; + environment.etc."resolver/${config.k3s-paas.dns.name}".text = "nameserver ${config.k3s-paas.dns.dest-ip}"; + nix.settings = { + trusted-users = [ "staff" "admin" "nixbld" "loic"]; + keep-derivations = true; + keep-outputs = false; + # https://github.com/NixOS/nix/issues/7273 + auto-optimise-store = false; + system-features = [ + "nixos-test" + "apple-virt" + ]; + }; + nix.gc = { + automatic = true; + interval = { Weekday = 0; Hour = 0; Minute = 0; }; + options = "--delete-older-than 30d"; + }; + nix.linux-builder = { + enable = true; + maxJobs = 8; + package = pkgs.darwin.linux-builder-x86_64; + ephemeral = true; + }; + nix.configureBuildUsers = true; + services.nix-daemon.enable = true; + nix.settings.experimental-features = "nix-command flakes"; +} diff --git a/nixos-darwin/linux-builder-docker.nix b/nixos-darwin/linux-builder-docker.nix new file mode 100644 index 00000000..b630a934 --- /dev/null +++ b/nixos-darwin/linux-builder-docker.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, ... }: { + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + hosts = [ "tcp://0.0.0.0:2375" ]; + }; + networking.firewall.enable = lib.mkForce false; + virtualisation.forwardPorts = lib.mkForce [ + { from = "host"; guest.port = 22; host.port = 31022; } + { from = "host"; guest.port = 2375; host.port = 2375; } + ]; + security.sudo.wheelNeedsPassword = false; + users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ]; +} diff --git a/playbook/roles/waypoint/molecule/default/pebble/cert.pem b/nixos-darwin/pebble/cert.pem similarity index 100% rename from playbook/roles/waypoint/molecule/default/pebble/cert.pem rename to nixos-darwin/pebble/cert.pem diff --git a/playbook/roles/waypoint/molecule/default/pebble/key.pem b/nixos-darwin/pebble/key.pem similarity index 100% rename from playbook/roles/waypoint/molecule/default/pebble/key.pem rename to nixos-darwin/pebble/key.pem diff --git a/nixos-options/default.nix b/nixos-options/default.nix new file mode 100644 index 00000000..00c92831 --- /dev/null +++ b/nixos-options/default.nix @@ -0,0 +1,57 @@ +{ lib, ... }: + +{ + options.k3s-paas = { + + certs = lib.mkOption { + default = [{ + url = "https://localhost:15000/intermediates/0"; + sha256 = "06fpbiljbzmcnfsxnr92p7mhm6i4yglbhj5q7csw2pcsklw68z8n"; + }]; + type = lib.types.listOf (lib.types.attrs); + description = "Ca url to fetch and trust (need to be impure)"; + }; + + dns.name = lib.mkOption { + default = "k3s.test"; + type = lib.types.str; + description = "hostname for k3s-paas"; + }; + + dns.dest-ip = lib.mkOption { + default = "127.0.0.1"; + type = lib.types.str; + description = "Target IP address for dns.name (only in local dev)"; + }; + + user.name = lib.mkOption { + default = "zizou"; + type = lib.types.str; + description = "User name"; + }; + + user.password = lib.mkOption { + default = "$6$zizou$reVO3q7LFsUq.GT5P5pYFFcpxCo7eTRT5yJTD.gVoOy/FSzHEtXdofvZ7E04Rej.jiQHKaWJB0Qob5FHov1WU/"; + type = lib.types.str; + description = "User password"; + }; + + user.key = lib.mkOption { + default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC94/4uRn429xMGLFWZMyJWlhb5D0L3EoO8HxzN4q1ps loic@Windows-8-Phone.local"; + type = lib.types.str; + description = "SSH public key for k3s-paas."; + }; + + k3s.disableServices = lib.mkOption { + default = "traefik"; + type = lib.types.str; + description = "Disable k3s services eg: traefik,servicelb"; + }; + + dex.dex_client_id = lib.mkOption { + default = "client-id"; + type = lib.types.str; + description = "Client ID for Dex"; + }; + }; +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 00000000..d17c89bb --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,189 @@ +{ + config, + lib, + pkgs, + stableLegacyPackages, + ... +}: + +let + dex_hostname = "https://dex.${config.k3s-paas.dns.name}"; + certs = builtins.map (cert: builtins.fetchurl { inherit (cert) url sha256; }) config.k3s-paas.certs; + certManagerCrds = builtins.fetchurl { + url = "https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml"; + sha256 = "060bn3gvrr5jphaig1g195prip5rn0x1s7qrp09q47719fgc6636"; + }; + manifests = builtins.filter (d: d != "") [certManagerCrds]; +in { + console = { + earlySetup = true; + keyMap = "fr"; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + fileSystems."/".autoResize = true; + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + swapDevices = [ { + device = "/var/lib/swapfile"; + size = 16 * 1024; + } ]; + + boot.loader.systemd-boot.consoleMode = "auto"; + + system.stateVersion = "23.05"; + # FIXME: when branch is merged, uncomment the following line + # system.autoUpgrade.flake = "github:loic-roux-404/k3s-paas#nixosConfigurations.${pkgs.system}.default"; + + time = { + timeZone = lib.mkForce "Europe/Paris"; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + programs.ssh.package = pkgs.openssh_hpn; + + services = { + openssh = { + enable = true; + settings = { + # Allow forwarding ports to everywhere + GatewayPorts = "clientspecified"; + PasswordAuthentication = lib.mkForce false; + StreamLocalBindUnlink = lib.mkForce "yes"; + PermitRootLogin = "no"; + }; + }; + tailscale = { + enable = true; + }; + k3s = { + enable = true; + role = "server"; + extraFlags = with config.k3s-paas; toString [ + "--kube-apiserver-arg authorization-mode=Node,RBAC" + "--kube-apiserver-arg oidc-issuer-url=${dex_hostname}" + "--kube-apiserver-arg oidc-client-id=${dex.dex_client_id}" + "--kube-apiserver-arg oidc-username-claim=email" + "--kube-apiserver-arg oidc-groups-claim=groups" + (if k3s.disableServices != "" then "--disable=${k3s.disableServices}" else "") + ]; + }; + + fail2ban.enable = true; + }; + + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.${config.k3s-paas.user.name} = { + xdg.enable = true; + home.stateVersion = "23.05"; + home.sessionVariables = { + EDITOR = "vim"; + PAGER = "less -FirSwX"; + }; + programs.bash = { + enable = true; + historyControl = [ "ignoredups" "ignorespace" ]; + }; + }; + + system.activationScripts.k3s-certs.text = '' + mkdir -p /var/lib/rancher/k3s/server/manifests + '' + lib.strings.concatMapStrings + (drv: "cp -fp ${drv} /var/lib/rancher/k3s/server/manifests;") manifests; + + environment = { + shells = [ pkgs.bashInteractive ]; + systemPackages = with pkgs; [ + glibcLocales + systemd + coreutils + gawk + bashInteractive + vim + gitMinimal + openssh_hpn + btop + curl + dnsutils + jq + wget + k3s + kubectl + stableLegacyPackages.waypoint + tailscale + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + users = { + defaultUserShell = pkgs.bashInteractive; + allowNoPasswordLogin = true; + users = { + ${config.k3s-paas.user.name} = { + password = config.k3s-paas.user.password; + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + openssh = { + authorizedKeys = { + keys = [ + config.k3s-paas.user.key + ]; + }; + }; + }; + }; + }; + + networking = { + hostName = "k3s-paas"; + useNetworkd = true; + useDHCP = false; + firewall = { + enable = true; + allowedTCPPorts = lib.mkForce [80 443 22 6443]; + }; + nftables.enable = true; + networkmanager.enable = true; + usePredictableInterfaceNames = true; + }; + + systemd.network = { + enable = true; + wait-online.anyInterface = true; + }; + + security.pki.certificateFiles = certs; + + nixpkgs = { + config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; + }; + + nix = { + optimise = { + automatic = true; + }; + + settings.auto-optimise-store = true; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + extraOptions = '' + experimental-features = nix-command flakes + keep-outputs = true + keep-derivations = true + ''; + }; +} diff --git a/nixos/contabo.nix b/nixos/contabo.nix new file mode 100644 index 00000000..f5c005c6 --- /dev/null +++ b/nixos/contabo.nix @@ -0,0 +1,12 @@ +{ lib, ... }: +{ + # boot.loader.grub = { + # efiSupport = true; + # efiInstallAsRemovable = true; + # device = "nodev"; + # }; + + boot.initrd.kernelModules = lib.mkForce ["dm-snapshot"]; + k3s-paas.dns.name = "404-tools.xyz"; + k3s-paas.certs = []; +} diff --git a/nixos/docker.nix b/nixos/docker.nix new file mode 100644 index 00000000..8134286d --- /dev/null +++ b/nixos/docker.nix @@ -0,0 +1,5 @@ +{ lib , ... }: +{ + networking.useHostResolvConf = lib.mkForce false; + services.resolved.enable = true; +} \ No newline at end of file diff --git a/packer/.gitignore b/packer/.gitignore deleted file mode 100644 index 599ac8e3..00000000 --- a/packer/.gitignore +++ /dev/null @@ -1,24 +0,0 @@ -# Cache objects -packer_cache/ - -# Crash log -crash.log - -# https://www.packer.io/guides/hcl/variables -# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data, -# such as password, private keys, and other secrets. These should not be part of -# version control as they are data points which are potentially sensitive and -# subject to change depending on the environment. -# -*.pkrvars.hcl - -# For built boxes -*.box -# plugins -.packer.d/ - -# qemu build -.qemu-*/ - -# Logs -ubuntu-*.log diff --git a/packer/Darwin-arm64-host.hcl b/packer/Darwin-arm64-host.hcl deleted file mode 100644 index 88543c53..00000000 --- a/packer/Darwin-arm64-host.hcl +++ /dev/null @@ -1 +0,0 @@ -accelerator = "tcg" diff --git a/packer/Darwin-x86_64-host.hcl b/packer/Darwin-x86_64-host.hcl deleted file mode 100644 index 88543c53..00000000 --- a/packer/Darwin-x86_64-host.hcl +++ /dev/null @@ -1 +0,0 @@ -accelerator = "tcg" diff --git a/packer/Linux-x86_64-host.hcl b/packer/Linux-x86_64-host.hcl deleted file mode 100644 index 88543c53..00000000 --- a/packer/Linux-x86_64-host.hcl +++ /dev/null @@ -1 +0,0 @@ -accelerator = "tcg" diff --git a/packer/Makefile b/packer/Makefile deleted file mode 100644 index 7307edc5..00000000 --- a/packer/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -UBUNTU_TPL:=ubuntu.pkr.hcl -SECRETS?=secrets.pkrvars.hcl -HOST_OS:=$(shell uname -ms | tr " " "-") -UBUNTU_RELEASE:=jammy - -.DEFAULT_GOAL := ubuntu - -ubuntu-debug: - PACKER_LOG=1 PACKER_LOG_PATH=ubuntu-$(UBUNTU_RELEASE).log \ - packer build -on-error ask -var-file "$(HOST_OS)-host.hcl" \ - -var-file=$(SECRETS) $(UBUNTU_TPL) - -ubuntu: - packer build -var-file "$(HOST_OS)-host.hcl" \ - -var-file=$(SECRETS) $(UBUNTU_TPL) - -ubuntu-console: - packer console -var-file "$(HOST_OS)-host.hcl" \ - -var-file=$(SECRETS) $(UBUNTU_TPL) - -clean: - rm -rf ubuntu-$(UBUNTU_RELEASE).log - diff --git a/packer/cloud-init.yaml.tmpl b/packer/cloud-init.yaml.tmpl deleted file mode 100644 index 0da14e4b..00000000 --- a/packer/cloud-init.yaml.tmpl +++ /dev/null @@ -1,52 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - locale: ${locale} - keyboard: - variant: ${keyboard.variant} - layout: ${keyboard.layout} - refresh-installer: - update: yes - storage: - layout: - name: direct - network: - ethernets: - eth0: - dhcp4: true - dhcp-identifier: mac - version: 2 - ssh: - install-server: true - allow-pw: true - user-data: - hostname: ${hostname}-server - disable_root: 0 - timezone: Europe/Paris - preserve_hostname: false - resize_rootfs: true - growpart: - mode: auto - devices: ["/"] - ignore_growroot_disabled: false - package_update: true - packages: - - curl - - ca-certificates - - wget - - unzip - users: - - name: ${ssh_username} - passwd: "${ssh_password_hash}" - groups: [adm, cdrom, dip, plugdev, sudo] - lock-passwd: false - sudo: ALL=(ALL) NOPASSWD:ALL - shell: /bin/bash - system_info: - default_user: - name: ${ssh_username} - - late-commands: - # Cgroup ensure v1 as v2 is not supported by some tooling (k8s,...) - - sed -ie 's/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0"/' /target/etc/default/grub - - curtin in-target --target /target update-grub2 diff --git a/packer/config.pkr.hcl b/packer/config.pkr.hcl deleted file mode 100644 index 19ad4065..00000000 --- a/packer/config.pkr.hcl +++ /dev/null @@ -1,8 +0,0 @@ -packer { - required_plugins { - qemu = { - version = ">= 1.0.9" - source = "github.com/hashicorp/qemu" - } - } -} diff --git a/packer/scripts/cleanup.sh b/packer/scripts/cleanup.sh deleted file mode 100644 index d27c1cd0..00000000 --- a/packer/scripts/cleanup.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -sudo apt autoremove -y --purge -sudo apt autoclean -y -sudo journalctl --rotate -sudo journalctl --vacuum-size 10M - -# Zero out the free space to save space in the final image: -sudo dd if=/dev/zero of=zero.small.file bs=1024 count=102400 -sudo dd if=/dev/zero of=zero.file bs=1024 -sudo sync ; sleep 60 ; sudo sync -sudo rm zero.small.file -sudo rm zero.file diff --git a/packer/scripts/remove-snap.sh b/packer/scripts/remove-snap.sh deleted file mode 100755 index 5cc98004..00000000 --- a/packer/scripts/remove-snap.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -echo "Removing snap..." - -# Stop the daemon -sudo systemctl disable --now snapd - -# Uninstall -sudo apt purge -y snapd - -# Tidy up dirs -sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap - -# Stop it from being reinstalled by 'mistake' when installing other packages -cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref -Package: snapd -Pin: release a=* -Pin-Priority: -10 -EOF - -sudo chown root:root /etc/apt/preferences.d/no-snap.pref - -# done -echo "Snap removed" diff --git a/packer/ubuntu.pkr.hcl b/packer/ubuntu.pkr.hcl deleted file mode 100644 index 753b2f01..00000000 --- a/packer/ubuntu.pkr.hcl +++ /dev/null @@ -1,186 +0,0 @@ -variable "accelerator" { - type = string - default = "kvm" -} - -variable "cpus" { - type = number - default = 4 -} - -variable "disk_size" { - type = string - default = "5120M" -} - -variable "qemu_binary" { - type = string - default = "qemu-system-x86_64" -} - -variable "headless" { - type = bool - default = true -} - -variable "memory" { - type = number - default = 8192 -} - -variable "format" { - type = string - default = "qcow2" -} - -variable "packer_log" { - type = string - default = env("PACKER_LOG") -} - -variable "ssh_password" { - type = string - sensitive = true -} - -variable "ssh_password_hash" { - type = string - sensitive = true -} - -variable "ssh_username" { - type = string - sensitive = true - default = "admin" -} - -variable "locale" { - type = string - default = "fr_FR.UTF-8" -} - -variable "ubuntu_release_info" { - type = object({ - name = string - version = string - }) - default = { - name = "jammy" - version = "22.04.2" - } -} - -variable "keyboard" { - type = object({ - layout = string - variant = string - }) - default = { - layout = "fr" - variant = "fr" - } -} - -variable "playbook" { - type = object({ - dir = string - file = string - extra_arguments = list(string) - }) - default = { - dir = "../playbook" - file = "site.yaml" - extra_arguments = ["--skip-tags waypoint"] - } -} - -locals { - ubuntu_download_url = "https://releases.ubuntu.com/${var.ubuntu_release_info.name}" - ubuntu_image = "ubuntu-${var.ubuntu_release_info.version}-live-server-amd64.iso" -} - -source "qemu" "vm" { - http_content = { - "/meta-data" = "" - "/user-data" = templatefile("${abspath(path.root)}/cloud-init.yaml.tmpl", { - ssh_username = var.ssh_username - ssh_password_hash = var.ssh_password_hash - locale = var.locale - keyboard = var.keyboard - hostname = var.ubuntu_release_info.name - }) - } - boot_command = [ - "c", - "linux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/' ", - "", - "initrd /casper/initrd", - "boot" - ] - iso_urls = ["${local.ubuntu_download_url}/${local.ubuntu_image}"] - iso_checksum = "file:${local.ubuntu_download_url}/SHA256SUMS" - format = var.format - boot_wait = "10s" - shutdown_command = "echo '${var.ssh_password}' | sudo -S shutdown -P now" - disk_compression = true - memory = "${var.memory}" - cpus = "${var.cpus}" - disk_size = "${var.disk_size}" - accelerator = "${var.accelerator}" - vnc_port_max = 5904 - headless = var.headless - communicator = "ssh" - ssh_timeout = var.packer_log == "1" ? "50m" : "35m" - ssh_password = var.ssh_password - ssh_username = var.ssh_username - qemu_binary = var.qemu_binary - host_port_max = 2226 - vm_name = "ubuntu-${var.ubuntu_release_info.name}-${var.ubuntu_release_info.version}.${var.format}" - output_directory = ".qemu-{{build_name}}/" -} - -build { - sources = ["source.qemu.vm"] - - provisioner "shell" { - inline = [ - "sudo cloud-init status --wait", - "sudo cloud-init clean --logs" - ] - } - - provisioner "shell" { - inline = [ - "curl https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py", - "sudo python3 /tmp/get-pip.py", - "sudo mkdir /playbook && sudo chown -R ${var.ssh_username}:${var.ssh_username} /playbook", - "sudo pip3 install ${replace(file("${var.playbook.dir}/requirements.txt"), "\n", " ")}" - ] - } - - provisioner "ansible-local" { - command = "sudo ansible-playbook" - galaxy_command = "sudo ansible-galaxy" - galaxy_roles_path = "/usr/share/ansible/roles" - galaxy_collections_path = "/usr/share/ansible/collections" - staging_directory = "/playbook/" - playbook_file = "${var.playbook.dir}/${var.playbook.file}" - playbook_dir = var.playbook.dir - extra_arguments = var.playbook.extra_arguments - galaxy_file = "${var.playbook.dir}/requirements.yaml" - } - - # Cleanup and minimize - provisioner "shell" { - script = "scripts/remove-snap.sh" - } - - provisioner "shell" { - script = "scripts/cleanup.sh" - } - - post-processor "checksum" { - checksum_types = ["sha256"] - output = ".qemu-{{build_name}}/SHA256SUMS" - } -} diff --git a/playbook/inventories/contabo/hosts b/playbook/inventories/contabo/hosts deleted file mode 100644 index e56ea71e..00000000 --- a/playbook/inventories/contabo/hosts +++ /dev/null @@ -1 +0,0 @@ -127.0.0.1 \ No newline at end of file diff --git a/playbook/requirements-test.txt b/playbook/requirements-test.txt deleted file mode 100644 index d3b0cf66..00000000 --- a/playbook/requirements-test.txt +++ /dev/null @@ -1,2 +0,0 @@ -molecule==4.0.4 -molecule-plugins[docker] diff --git a/playbook/requirements.txt b/playbook/requirements.txt deleted file mode 100644 index d83f4c59..00000000 --- a/playbook/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -ansible==7.3.0 -PyYAML -kubernetes diff --git a/playbook/requirements.yaml b/playbook/requirements.yaml deleted file mode 100644 index 4db1facf..00000000 --- a/playbook/requirements.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -roles: - - name: xanmanning.k3s - src: https://github.com/PyratLabs/ansible-role-k3s.git - version: v3.3.1 - -collections: - - name: community.general - - name: kubernetes.core diff --git a/playbook/roles/waypoint/.yamllint b/playbook/roles/waypoint/.yamllint deleted file mode 100644 index 88276760..00000000 --- a/playbook/roles/waypoint/.yamllint +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/playbook/roles/waypoint/README.md b/playbook/roles/waypoint/README.md deleted file mode 100644 index 225dd44b..00000000 --- a/playbook/roles/waypoint/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/playbook/roles/waypoint/defaults/main.yml b/playbook/roles/waypoint/defaults/main.yml deleted file mode 100644 index bb588dbe..00000000 --- a/playbook/roles/waypoint/defaults/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- - -# Metallb -metallb_ip_default_mask: "{{ (ansible_default_ipv4.address + '/' + ansible_default_ipv4.netmask) }}" -metallb_ip_default_range: "{{ (metallb_ip_default_mask | ansible.utils.ipaddr('range_usable')) }}" -metallb_ip_range: ~ - -# waypoint external networking -waypoint_base_domain: "k3s.test" -# Use nginx ingress controller by default -k3s_disable_services: [traefik] - -# waypoint internal networking -waypoint_internal_acme_network_ip: ~ -waypoint_internal_acme_host: "acme-internal.{{ waypoint_base_domain }}" - -# HelmChart Custom Resource Definition for cert manager -# see https://cert-manager.io/docs/configuration/acme/ -cert_manager_letsencrypt_env: prod -cert_manager_namespace: kube-system -cert_manager_acme_url: "{{ letsencrypt_envs[cert_manager_letsencrypt_env] }}" -cert_manager_staging_ca_cert_url: "{{ letsencrypt_envs_ca_certs[cert_manager_letsencrypt_env] | d(none) }}" -cert_manager_email: "" -cert_manager_private_key_secret: test_secret -cert_manager_is_internal: "{{ (cert_manager_staging_ca_cert_url | d('')) != '' }}" - -# HelmChart Custom Resource Definition for dex oidc connector -dex_namespace: dex -dex_hostname: "dex.{{ waypoint_base_domain }}" -dex_client_id: waypoint -dex_client_secret: ZXhhbXBsZS1hcHAtc2VjcmV0 -dex_github_client_id: ~ -dex_github_client_secret: ~ -dex_github_client_org: ~ -dex_github_client_team: ~ - -# HelmChart Custom Resource Definition for waypoint variables -waypoint_namespace: default -waypoint_hostname: "waypoint.{{ waypoint_base_domain }}" -api_waypoint_hostname: api.{{ waypoint_hostname }} -waypoint_version: 0.11.0 - -dex_github_orgs: - - name: '{{ dex_github_client_org }}' - teams: - - '{{ dex_github_client_team }}' diff --git a/playbook/roles/waypoint/handlers/main.yml b/playbook/roles/waypoint/handlers/main.yml deleted file mode 100644 index 73b314ff..00000000 --- a/playbook/roles/waypoint/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- \ No newline at end of file diff --git a/playbook/roles/waypoint/meta/main.yml b/playbook/roles/waypoint/meta/main.yml deleted file mode 100644 index 6d09ebc5..00000000 --- a/playbook/roles/waypoint/meta/main.yml +++ /dev/null @@ -1,62 +0,0 @@ -galaxy_info: - author: loic-roux-404 - namespace: k3s_paas - description: waypoint deployment - role_name: waypoint - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: - - src: xanmanning.k3s - version: v3.3.1 - vars: - k3s_release_version: v1.23.8+k3s2 - k3s_server: - kube-apiserver-arg=authorization-mode: Node,RBAC - kube-apiserver-arg=oidc-issuer-url: "https://{{ dex_hostname }}" - kube-apiserver-arg=oidc-client-id: "{{ dex_client_id }}" - kube-apiserver-arg=oidc-username-claim: email - kube-apiserver-arg=oidc-groups-claim: groups - disable: "{{ (k3s_disable_services | list) | d([]) }}" diff --git a/playbook/roles/waypoint/molecule/default/converge.yml b/playbook/roles/waypoint/molecule/default/converge.yml deleted file mode 100644 index b4a2a9ae..00000000 --- a/playbook/roles/waypoint/molecule/default/converge.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Converge - hosts: "{{ _hosts | default('node-0') }}" - become: true - gather_facts: True - vars: - molecule_is_test: true - cert_manager_acme_url: https://{{ waypoint_internal_acme_host }}:14000/dir - cert_manager_staging_ca_cert_url: https://localhost:15000/roots/0 - k3s_disable_services: [traefik, servicelb] - metallb_ip_range: 172.29.0.20-172.29.0.50 - roles: - - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" - - pre_tasks: - - name: Ensure required dependencies are installed. - package: - name: - - curl - - wget - - unzip - update_cache: yes - state: present - - - name: Check dns connectivity - ansible.builtin.command: ping -c 1 k3s.test - changed_when: false - - - name: Ensure test dependencies are installed. - apt: - name: - - less - - vim - - golang - state: present - update_cache: yes - when: ansible_os_family == 'Debian' - - - name: Install pre-requisites for k8s module - ansible.builtin.pip: - name: - - PyYAML - - kubernetes - - - name: Copy pebble config and certs - ansible.builtin.copy: - src: "{{ playbook_dir }}/pebble" - dest: "/" - directory_mode: 0755 - remote_src: false - - - name: Install pebble - ansible.builtin.command: go install github.com/letsencrypt/pebble/...@HEAD - changed_when: false - register: pebble_install - retries: 5 - until: - - '"downloading" not in pebble_install.stderr' - - '"downloading" not in pebble_install.stdout' - - - name: Run pebble - command: ~/go/bin/pebble -config /pebble/pebble-config.json - async: 2592000 # 60*60*24*30 - 1 month - poll: 0 - changed_when: false - - - name: Wait for pebble port - ansible.builtin.wait_for: - port: 15000 - delay: 25 - - - ansible.builtin.set_fact: - waypoint_internal_acme_network_ip: "{{ ansible_default_ipv4.address }}" - tags: [waypoint] - - - name: Import acme certificates - import_tasks: "../../tasks/pre-import-cert.yml" - tags: [waypoint] diff --git a/playbook/roles/waypoint/molecule/default/group_vars/molecule/secrets.yml b/playbook/roles/waypoint/molecule/default/group_vars/molecule/secrets.yml deleted file mode 100644 index 9363d7c7..00000000 --- a/playbook/roles/waypoint/molecule/default/group_vars/molecule/secrets.yml +++ /dev/null @@ -1,16 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -37663536386165386234653339353832636165306465383931633665326337616264333361313931 -6333303630646666336435643363316566323364646361630a336334313336626634636361306263 -32336236316339393662613034653839376165616538336364656433356161393035356164623333 -3038303031396664310a646162366461356333366132303131363638343734616463376431323235 -61366136666464663464363662306630346164666534343831633731323566346239353238383936 -31373631336636336239303031613639663563353837636232663134663834356361363632386539 -33373637356534613562623663373731663632313462626335653065343766373639636230653763 -35613939653461316664626135393765623361323436333833356535663936343362366430333762 -62333438313465386234633637643039333433623939613766363637326237623162643165636433 -35613864626438646333353663376263333339383762323036633637373231376562613661646138 -63386462313131303635363164376233356261333566613338396638373261383266663866613533 -39303762333630303536633466316632626439383837643266643864653635636137613464396166 -39613235396533626664646261336165636166636632373933323932613665353038363666643838 -39363838616366666434663331663363323635343935336661623231313864656361393539343635 -386233633938643030326264326265366165 diff --git a/playbook/roles/waypoint/molecule/default/molecule.ci.yml b/playbook/roles/waypoint/molecule/default/molecule.ci.yml deleted file mode 100644 index 7dd2d42d..00000000 --- a/playbook/roles/waypoint/molecule/default/molecule.ci.yml +++ /dev/null @@ -1,22 +0,0 @@ -dependency: - name: galaxy - -driver: - name: delegated - options: - managed: False - ansible_connection_options: - ansible_connection: local - -platforms: - - name: 127.0.0.1 - groups: - - molecule - -provisioner: - name: ansible - config_options: - defaults: - vault_password_file: ${HOME}/.ansible/.vault -verifier: - name: ansible diff --git a/playbook/roles/waypoint/molecule/default/molecule.yml b/playbook/roles/waypoint/molecule/default/molecule.yml deleted file mode 100644 index 51b3b4fc..00000000 --- a/playbook/roles/waypoint/molecule/default/molecule.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: node-0 - image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true - capabilities: - - ALL - groups: - - molecule - published_ports: - - 6443:6443 - - 80:80 - - 443:443 - - 32701:32701 - - 15000:15000 - - 14000:14000 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - /var/lib/rancher/k3s - networks: - - name: k3snet - tmpfs: - - /var/run - - /run - - /tmp - -provisioner: - name: ansible - config_options: - defaults: - vault_password_file: ${HOME}/.ansible/.vault -verifier: - name: ansible diff --git a/playbook/roles/waypoint/molecule/default/pebble/pebble-config.json b/playbook/roles/waypoint/molecule/default/pebble/pebble-config.json deleted file mode 100644 index 1cc80c69..00000000 --- a/playbook/roles/waypoint/molecule/default/pebble/pebble-config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "pebble": { - "listenAddress": "0.0.0.0:14000", - "managementListenAddress": "0.0.0.0:15000", - "certificate": "/pebble/cert.pem", - "privateKey": "/pebble/key.pem", - "httpPort": 80, - "tlsPort": 443, - "ocspResponderURL": "", - "externalAccountBindingRequired": false - } - } \ No newline at end of file diff --git a/playbook/roles/waypoint/molecule/default/prepare.yml b/playbook/roles/waypoint/molecule/default/prepare.yml deleted file mode 100644 index 4a7ca239..00000000 --- a/playbook/roles/waypoint/molecule/default/prepare.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Prepare - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - collections: - - community.docker - tasks: - - name: Create a network with custom IPAM config - docker_network: - name: k3snet - driver: bridge - attachable: false - scope: local - internal: false - ipam_config: - - subnet: "172.29.0.0/16" - gateway: "172.29.0.1" - labels: - owner: molecule - driver_options: - com.docker.network.bridge.name: k3snet - com.docker.network.bridge.enable_ip_masquerade: "true" - com.docker.network.bridge.enable_icc: "true" - com.docker.network.driver.mtu: "1500" diff --git a/playbook/roles/waypoint/molecule/default/scripts/setup_dnsmasq.sh b/playbook/roles/waypoint/molecule/default/scripts/setup_dnsmasq.sh deleted file mode 100755 index 97dbe329..00000000 --- a/playbook/roles/waypoint/molecule/default/scripts/setup_dnsmasq.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -############################################################ -# -# Install dnsmasq and configure it to resolve wildcard domains -# to a specific IP address. -# -############################################################ - -set -e - -WILDCARD_DOMAIN="${1:-k3s.test}" -TARGET_IP="${2:-127.0.0.1}" - -if [[ "$OSTYPE" == "linux-gnu"* ]]; then - DNSMASQ_CNF="/etc/dnsmasq.conf" - sudo systemctl stop systemd-resolved - echo 'DNSStubListener=no' | sudo tee -a /etc/systemd/resolved.conf - sudo systemctl start systemd-resolved - sudo apt install -y dnsmasq - sudo rm -rf /etc/resolv.conf - echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf - sudo chattr +i /etc/resolv.conf - - sudo tee -a $DNSMASQ_CNF < 0 - - containers_statuses | selectattr('ready', 'equalto', true) | list | count == 2 diff --git a/playbook/roles/waypoint/tasks/checks.yml b/playbook/roles/waypoint/tasks/checks.yml deleted file mode 100644 index 1bdb8519..00000000 --- a/playbook/roles/waypoint/tasks/checks.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: check email when cert-manager - assert: - that: - - cert_manager_email | default(false) - -- name: Stat acme ca cert path - stat: - path: "{{ waypoint_internal_acme_ca_file }}" - register: acmeca_result - when: cert_manager_is_internal - -- name: Assert cert is present - assert: - that: - - acmeca_result.stat.exists - when: cert_manager_is_internal diff --git a/playbook/roles/waypoint/tasks/main.yml b/playbook/roles/waypoint/tasks/main.yml deleted file mode 100644 index d61b3049..00000000 --- a/playbook/roles/waypoint/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- import_tasks: checks.yml - tags: [waypoint] - -- import_tasks: setup-metallb.yml - tags: [waypoint, metallb] - when: - - metallb_ip_range | d(False) - - '"servicelb" in k3s_disable_services' - -- import_tasks: setup-ingress.yml - tags: [waypoint, ingress-nginx] - -- include_tasks: manifests.yml - tags: [waypoint] - when: item.condition | default(true) - args: { apply: { tags: [waypoint] } } - loop: - - src: coredns-custom.yml - condition: "{{ waypoint_internal_acme_network_ip is not none }}" - deploy: coredns - ns: kube-system - tasks: restart-coredns.yml - - src: reflector-chart-crd.yml - deploy: reflector - ns: "{{ cert_manager_namespace }}" - condition: "{{ cert_manager_is_internal }}" - - src: reflector-shared.yml - condition: "{{ cert_manager_is_internal }}" - - src: cert-manager-chart-crd.yml - deploy: "cert-manager" - ns: "{{ cert_manager_namespace }}" - - { src: dex-chart-crd.yml , deploy: "{{ dex_namespace }}" } - - src: waypoint-chart-crd.yml - deploy: waypoint-runner - kind: StatefulSet - ns: default - -- import_tasks: setup-waypoint.yml - tags: [waypoint, finalize] diff --git a/playbook/roles/waypoint/tasks/manifests.yml b/playbook/roles/waypoint/tasks/manifests.yml deleted file mode 100644 index 33301649..00000000 --- a/playbook/roles/waypoint/tasks/manifests.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -- name: Download file to k3s manifest folder - ansible.builtin.get_url: - url: "{{ item.url_manifest.url }}" - dest: /var/lib/rancher/k3s/server/manifests/{{ item.url_manifest.filename }} - when: item.url_manifest | d(False) - -- name: "Deploy {{ item.src }} to k3s crd processor" - ansible.builtin.template: - src: "{{ item.src }}.j2" - dest: "/var/lib/rancher/k3s/server/manifests/{{ item.src }}" - owner: "{{ waypoint_user | d('root') }}" - group: "{{ waypoint_user | d('root') }}" - mode: '0600' - when: item.src | d(False) - -- include_tasks: "{{ item.task }}" - when: item.task | d(False) - -- name: "Wait {{ item.deploy }} available" - kubernetes.core.k8s_info: - api_version: v1 - kind: "{{ item.kind | d('Deployment') }}" - name: "{{ item.deploy }}" - kubeconfig: /etc/rancher/k3s/k3s.yaml - # Many times deployment name is the same that namespace - namespace: "{{ item.ns | d(item.deploy) }}" - until: - - deployment_infos.resources | map(attribute='status') | select() | length > 0 - - deployment_infos.resources[0].status.readyReplicas | d(False) - - deployment_infos.resources[0].status.replicas | d(False) - - deployment_infos.resources[0].status.readyReplicas == deployment_infos.resources[0].status.replicas - when: - - item.deploy | default(false) - delay: 5 - retries: 30 - register: deployment_infos diff --git a/playbook/roles/waypoint/tasks/pre-import-cert.yml b/playbook/roles/waypoint/tasks/pre-import-cert.yml deleted file mode 100644 index 949d90b5..00000000 --- a/playbook/roles/waypoint/tasks/pre-import-cert.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Download certificate file - uri: - url: "{{ cert_manager_staging_ca_cert_url }}" - validate_certs: "{{ waypoint_internal_acme_network_ip is none }}" - return_content: True - register: ca_file - -- name: Trust cert inside current machine - ansible.builtin.copy: - dest: "{{ waypoint_internal_acme_ca_file }}" - content: "{{ ca_file.content }}" - -- name: Create cert facts - set_fact: - waypoint_internal_acme_ca_content: "{{ ca_file.content }}" - waypoint_internal_acme_ca_extra_volumes: - - name: acme-internal-ca-share - configMap: - name: acme-internal-ca-share - waypoint_internal_acme_ca_extra_volumes_mounts: - - name: acme-internal-ca-share - mountPath: "{{ waypoint_internal_acme_ca_in_volume_crt }}" - subPath: ca.crt diff --git a/playbook/roles/waypoint/tasks/restart-coredns.yml b/playbook/roles/waypoint/tasks/restart-coredns.yml deleted file mode 100644 index 54d1098f..00000000 --- a/playbook/roles/waypoint/tasks/restart-coredns.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Restart coredns - command: kubectl rollout restart -n kube-system deployment/coredns - environment: - KUBECONFIG: /etc/rancher/k3s/k3s.yaml diff --git a/playbook/roles/waypoint/tasks/setup-ingress.yml b/playbook/roles/waypoint/tasks/setup-ingress.yml deleted file mode 100644 index df42da93..00000000 --- a/playbook/roles/waypoint/tasks/setup-ingress.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Install nginx ingress - include_tasks: manifests.yml - loop: - - src: nginx-ingress-chart-crd.yml - when: '"traefik" in k3s_disable_services' - -- name: Get Ingress service infos - kubernetes.core.k8s_info: - api_version: v1 - kind: Service - name: "{{ ingress_expected_svc }}" - kubeconfig: /etc/rancher/k3s/k3s.yaml - wait: yes - namespace: kube-system - register: ingress_infos - -- name: Check ingress service infos available - assert: - that: - - ingress_infos.resources | length > 0 - -- name: Set ingress ip fact - set_fact: - waypoint_ingress_controller_ip: "{{ ingress_infos.resources[0].spec.clusterIP | d(none) }}" diff --git a/playbook/roles/waypoint/tasks/setup-metallb.yml b/playbook/roles/waypoint/tasks/setup-metallb.yml deleted file mode 100644 index 25e4de8d..00000000 --- a/playbook/roles/waypoint/tasks/setup-metallb.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Install metallb servicelb - include_tasks: manifests.yml - loop: "{{ metallb_manifests }}" - -- name: Wait crd available - kubernetes.core.k8s_info: - api_version: v1 - name: speaker - kind: DaemonSet - kubeconfig: /etc/rancher/k3s/k3s.yaml - namespace: metallb-system - wait: yes - -- name: Install metallb config - include_tasks: manifests.yml - loop: - - src: metallb-config.yml - ns: metallb-system diff --git a/playbook/roles/waypoint/tasks/setup-waypoint.yml b/playbook/roles/waypoint/tasks/setup-waypoint.yml deleted file mode 100644 index a2ed7ea5..00000000 --- a/playbook/roles/waypoint/tasks/setup-waypoint.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- - -- name: Map ports - kubernetes.core.k8s: - api_version: v1 - kind: Service - name: waypoint-ui - namespace: "{{ waypoint_namespace }}" - kubeconfig: /etc/rancher/k3s/k3s.yaml - apply: yes - force: yes - definition: - spec: - ports: - - name: http - port: 80 - targetPort: http - nodePort: 30080 - - name: https - port: 443 - targetPort: https - nodePort: 30443 - - name: grpc - port: 9701 - targetPort: grpc - nodePort: 32701 - - name: https-2 - port: 9702 - targetPort: https - nodePort: 32702 - -- set_fact: - waypoint_arch_lookup: - amd64: amd64 - x86_64: amd64 - arm64: arm64 - aarch64: arm64 - -- set_fact: - waypoint_arch: "{{ waypoint_arch_lookup[ansible_architecture] }}" - -- name: Unzip waypoint binary - ansible.builtin.unarchive: - src: "https://releases.hashicorp.com/waypoint/{{ waypoint_version }}/waypoint_{{ waypoint_version }}_linux_{{ waypoint_arch }}.zip" - dest: /usr/local/bin/ - remote_src: yes - -- name: Waypoint login - command: waypoint login -server-addr={{ waypoint_hostname }}:443 -from-kubernetes - environment: - KUBECONFIG: /etc/rancher/k3s/k3s.yaml - changed_when: false - -- name: Waypoint oidc - command: | - waypoint auth-method set oidc \ - -client-id="{{ dex_client_id }}" \ - -display-name="GitHub" \ - -description="GitHub Oauth2 over Dex Idp open id connect adapter" \ - -client-secret="{{ dex_client_secret }}" \ - -issuer=https://{{ dex_hostname }} \ - -allowed-redirect-uri="https://{{ waypoint_hostname }}/auth/oidc-callback" \ - -claim-scope="groups" \ - -list-claim-mapping="groups=groups" \ - -access-selector="\"{{ dex_github_client_org }}:{{ dex_github_client_team }}\" in list.groups" dex - changed_when: false - -- name: Recover base runner - shell: waypoint runner list | tail -n 1 | awk '{print $1}' | xargs - register: waypoint_runner_id - changed_when: false - -- name: Adopt runner - command: "waypoint runner adopt {{ waypoint_runner_id.stdout }}" - changed_when: false diff --git a/playbook/roles/waypoint/templates/cert-manager-chart-crd.yml.j2 b/playbook/roles/waypoint/templates/cert-manager-chart-crd.yml.j2 deleted file mode 100644 index 9659feaf..00000000 --- a/playbook/roles/waypoint/templates/cert-manager-chart-crd.yml.j2 +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ cert_manager_namespace }} ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: cert-manager - namespace: kube-system -spec: - chart: cert-manager - targetNamespace: {{ cert_manager_namespace }} - repo: https://charts.jetstack.io - valuesContent: |- - installCRDs: true - ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-acme-issuer -spec: - acme: - skipTLSVerify: {{ waypoint_internal_acme_network_ip is not none }} - email: {{ cert_manager_email }} - server: {{ cert_manager_acme_url }} - privateKeySecretRef: - name: acme-account-key - solvers: - - selector: {} - http01: - ingress: - class: {{ waypoint_k8s_ingress_class }} - diff --git a/playbook/roles/waypoint/templates/coredns-custom.yml.j2 b/playbook/roles/waypoint/templates/coredns-custom.yml.j2 deleted file mode 100644 index fe5cc2f9..00000000 --- a/playbook/roles/waypoint/templates/coredns-custom.yml.j2 +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns-custom - namespace: kube-system -data: - ingress-hosts.server: | - {{ ingress_hosts_internals_joined }} { - hosts { - {{ waypoint_ingress_controller_ip }} {{ ingress_hosts_internals_joined }} - fallthrough - } - whoami - } - acme-internal.server: | - {{ waypoint_internal_acme_host }} { - hosts { - {{ waypoint_internal_acme_network_ip }} {{ waypoint_internal_acme_host }} - fallthrough - } - whoami - } diff --git a/playbook/roles/waypoint/templates/dex-chart-crd.yml.j2 b/playbook/roles/waypoint/templates/dex-chart-crd.yml.j2 deleted file mode 100644 index 4205dac0..00000000 --- a/playbook/roles/waypoint/templates/dex-chart-crd.yml.j2 +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ dex_namespace }} - ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: dex - namespace: kube-system -spec: - chart: dex - targetNamespace: {{ dex_namespace }} - repo: https://charts.dexidp.io - valuesContent: |- - config: - issuer: "https://{{ dex_hostname }}" - web: - http: 0.0.0.0:5556 - storage: - type: kubernetes - config: - inCluster: true - connectors: - - type: github - id: github - name: GitHub - config: - clientID: '{{ dex_github_client_id }}' - clientSecret: '{{ dex_github_client_secret }}' - redirectURI: "https://{{ dex_hostname }}/callback" - orgs: - {{ dex_github_orgs | to_yaml | indent(12) }} - oauth2: - skipApprovalScreen: true - staticClients: - - id: "{{ dex_client_id }}" - redirectURIs: - - http://127.0.0.1/oidc/callback - - 'https://{{ waypoint_hostname }}/auth/oidc-callback' - name: waypoint - secret: "{{ dex_client_secret }}" - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-acme-issuer - kubernetes.io/ingress.class: "{{ waypoint_k8s_ingress_class }}" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: / - hosts: - - host: {{ dex_hostname }} - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: {{ dex_hostname }}-tls - hosts: - - {{ dex_hostname }} diff --git a/playbook/roles/waypoint/templates/metallb-config.yml.j2 b/playbook/roles/waypoint/templates/metallb-config.yml.j2 deleted file mode 100644 index bebb7d7b..00000000 --- a/playbook/roles/waypoint/templates/metallb-config.yml.j2 +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: metallb-system - labels: - app: metallb - ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: kind-pool - namespace: metallb-system -spec: - addresses: - - {{ metallb_ip_range }} - ---- -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: kind-l2 - namespace: metallb-system diff --git a/playbook/roles/waypoint/templates/nginx-ingress-chart-crd.yml.j2 b/playbook/roles/waypoint/templates/nginx-ingress-chart-crd.yml.j2 deleted file mode 100644 index 99012494..00000000 --- a/playbook/roles/waypoint/templates/nginx-ingress-chart-crd.yml.j2 +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: ingress-nginx - namespace: kube-system -spec: - chart: nginx-ingress-controller - repo: https://charts.bitnami.com/bitnami - targetNamespace: kube-system - version: 9.5.1 - valuesContent: | - fullnameOverride: nginx-ingress-controller - extraArgs: - v: 3 - kind: DaemonSet - useHostPort: true - defaultBackend: - service: - ports: - http: 8080 diff --git a/playbook/roles/waypoint/templates/reflector-chart-crd.yml.j2 b/playbook/roles/waypoint/templates/reflector-chart-crd.yml.j2 deleted file mode 100644 index d34c429c..00000000 --- a/playbook/roles/waypoint/templates/reflector-chart-crd.yml.j2 +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: reflector - namespace: kube-system -spec: - version: 7.0.151 - chart: reflector - targetNamespace: {{ cert_manager_namespace }} - repo: https://emberstack.github.io/helm-charts diff --git a/playbook/roles/waypoint/templates/reflector-shared.yml.j2 b/playbook/roles/waypoint/templates/reflector-shared.yml.j2 deleted file mode 100644 index d9ef4257..00000000 --- a/playbook/roles/waypoint/templates/reflector-shared.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: acme-internal-root-ca - namespace: kube-system - annotations: - reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" -data: - ca.crt: | - {{ waypoint_internal_acme_ca_content | indent(4) }} diff --git a/playbook/roles/waypoint/templates/waypoint-chart-crd.yml.j2 b/playbook/roles/waypoint/templates/waypoint-chart-crd.yml.j2 deleted file mode 100644 index 8100e87c..00000000 --- a/playbook/roles/waypoint/templates/waypoint-chart-crd.yml.j2 +++ /dev/null @@ -1,89 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ waypoint_hostname }}-tls - namespace: {{ waypoint_namespace }} -spec: - dnsNames: - - {{ waypoint_hostname }} - issuerRef: - kind: ClusterIssuer - name: letsencrypt-acme-issuer - secretName: {{ waypoint_hostname }}-tls - ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: waypoint - namespace: kube-system -spec: - version: 0.1.18 - chart: waypoint - targetNamespace: {{ waypoint_namespace }} - repo: https://helm.releases.hashicorp.com - valuesContent: |- - odr: - image: - repository: "ghcr.io/hashicorp/waypoint/alpha" - tag: "c0f0e03b1" - server: - image: - repository: "ghcr.io/hashicorp/waypoint/alpha-odr" - tag: "c0f0e03b1" - runArgs: ["-vvv"] - cert: - secretName: {{ waypoint_hostname }}-tls - ui: - service: - type: NodePort - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-acme-issuer - kubernetes.io/ingress.class: "{{ waypoint_k8s_ingress_class }}" - hosts: - - host: "{{ waypoint_hostname }}" - paths: ["/"] - tls: - - hosts: - - "{{ waypoint_hostname }}" - secretName: {{ waypoint_hostname }}-tls - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: "{{ waypoint_k8s_ingress_class }}" - nginx.ingress.kubernetes.io/backend-protocol: GRPCS - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/grpc-backend: "true" - cert-manager.io/cluster-issuer: letsencrypt-acme-issuer - name: waypoint-grpc - namespace: {{ waypoint_namespace }} -spec: - rules: - - host: {{ waypoint_hostname }} - http: - paths: - - backend: - service: - name: waypoint-server - port: - name: grpc - path: /hashicorp.waypoint.Waypoint/ - pathType: ImplementationSpecific - - - backend: - service: - name: waypoint-server - port: - name: grpc - path: /grpc.reflection.v1alpha.ServerReflection/ServerReflectionInfo - pathType: ImplementationSpecific - tls: - - hosts: - - "{{ waypoint_hostname }}" - secretName: {{ waypoint_hostname }}-tls diff --git a/playbook/roles/waypoint/vars/main.yml b/playbook/roles/waypoint/vars/main.yml deleted file mode 100644 index 07a58f9a..00000000 --- a/playbook/roles/waypoint/vars/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# vars file for role-waypoint -waypoint_k8s_ingress_class: nginx -letsencrypt_staging: https://acme-staging-v02.api.letsencrypt.org/directory -letsencrypt_prod: https://acme-v02.api.letsencrypt.org/directory - -letsencrypt_envs: - staging: '{{ letsencrypt_staging }}' - prod: '{{ letsencrypt_prod }}' - -letsencrypt_envs_ca_certs: - staging: https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem - -# Mounted in acme internal -waypoint_internal_acme_ca_file: /etc/ssl/certs/acmeca.crt -waypoint_internal_acme_ca_in_volume_crt: /etc/ssl/certs/acmeca.crt -waypoint_internal_acme_ca_extra_volumes: [] -waypoint_internal_acme_ca_extra_volumes_mounts: [] - -# Metallb -metallb_manifests: - - url_manifest: - url: https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml - filename: metallb-native.yaml - deploy: controller - ns: metallb-system - - url_manifest: - url: https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-frr.yaml - filename: metallb-frr.yaml - -# Ingress facts -ingress_expected_svc: "{{'nginx-ingress-controller' - if 'traefik' in k3s_disable_services else 'traefik' }}" -ingress_hosts_internals: - - "{{ dex_hostname }}" - - "{{ waypoint_hostname }}" - -ingress_hosts_internals_joined: "{{ ingress_hosts_internals | join(' ') }}" diff --git a/playbook/site.yaml b/playbook/site.yaml deleted file mode 100644 index d0d6f841..00000000 --- a/playbook/site.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: all - gather_facts: True - become: True - pre_tasks: - - include_tasks: roles/waypoint/tasks/pre-import-cert.yml - when: cert_manager_is_internal - roles: - - role: roles/waypoint diff --git a/playbook/terraform.tfstate b/playbook/terraform.tfstate deleted file mode 100644 index d684e3bb..00000000 --- a/playbook/terraform.tfstate +++ /dev/null @@ -1,9 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.3.6", - "serial": 1, - "lineage": "b4d33ab3-3d91-dc22-cd89-b9c5e5f9c48d", - "outputs": {}, - "resources": [], - "check_results": null -} diff --git a/requirements.txt b/requirements.txt index b9e9fe43..3f8b89b0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,4 +2,3 @@ mkdocs==1.4.2 mkdocs-material==9.0.6 mkdocs-material-extensions==1.1.1 mkdocs-print-site-plugin==2.3.4 -pre-commit==3.2.2 \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 00000000..e859dcc0 --- /dev/null +++ b/shell.nix @@ -0,0 +1,5 @@ +{ system ? builtins.currentSystem }: +let + d = import ./. { inherit system; src = ./.; }; +in +d.devShells.${system}.default diff --git a/terraform.tf b/terraform.tf new file mode 100644 index 00000000..cfec1fac --- /dev/null +++ b/terraform.tf @@ -0,0 +1,37 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "2.12.1" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.29.0" + } + random = { + source = "hashicorp/random" + version = "3.6.1" + } + github = { + source = "integrations/github" + version = "~> 6.0" + } + } +} + +provider "kubernetes" { + host = "https://${var.vm_ip}:6443" + config_path = "~/.kube/config" + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["zizou@localhost", "-p", "2222", "sudo", "cat", "/etc/rancher/k3s/k3s.yaml", ">", "~/.kube/config"] + command = "ssh" + } +} + +provider "helm" { + kubernetes { + host = "https://${var.vm_ip}:6443" + config_path = "~/.kube/config" + } +} diff --git a/tf-modules-k8s/cert-manager/main.tf b/tf-modules-k8s/cert-manager/main.tf new file mode 100644 index 00000000..25f7444f --- /dev/null +++ b/tf-modules-k8s/cert-manager/main.tf @@ -0,0 +1,113 @@ +resource "kubernetes_namespace" "cert-manager" { + metadata { + name = var.cert_manager_namespace + } +} + +resource "helm_release" "cert_manager" { + name = "cert-manager" + namespace = kubernetes_namespace.cert-manager.metadata.0.name + repository = "https://charts.jetstack.io" + chart = "cert-manager" + version = "1.14.4" + wait_for_jobs = true + wait = true + + set { + name = "installCRDs" + value = false + } +} + +resource "kubernetes_manifest" "issuer" { + depends_on = [helm_release.cert_manager] + manifest = { + apiVersion = "cert-manager.io/v1" + kind = "ClusterIssuer" + metadata = { + name = "letsencrypt-acme-issuer" + } + spec = { + acme = { + skipTLSVerify = var.letsencrypt_env != "prod" + email = var.cert_manager_email + server = var.cert_manager_acme_url + privateKeySecretRef = { + name = "letsencrypt-acme-priv-key" + } + solvers = [ + { + selector = {} + http01 = { + ingress = { + class = var.k8s_ingress_class + } + } + } + ] + } + } + } +} + +resource "helm_release" "reflector" { + name = "reflector" + namespace = kubernetes_namespace.cert-manager.metadata.0.name + repository = "https://emberstack.github.io/helm-charts" + chart = "reflector" + version = "7.1.262" + wait_for_jobs = true + wait = true + + set { + name = "targetNamespace" + value = kubernetes_namespace.cert-manager.metadata.0.name + } + +} + +resource "kubernetes_config_map" "acme_internal_root_ca" { + count = var.letsencrypt_env == "local" ? 1 : 0 + metadata { + name = "acme-internal-root-ca" + namespace = kubernetes_namespace.cert-manager.metadata.0.name + annotations = { + "reflector.v1.k8s.emberstack.com/reflection-allowed" = "true" + "reflector.v1.k8s.emberstack.com/reflection-auto-enabled" = "true" + } + } + + data = { + "ca.crt" = indent(4, var.internal_acme_ca_content) + } +} + +locals { + root_ca_config_map = kubernetes_config_map.acme_internal_root_ca.0.metadata[0].name +} + +output "issuer" { + value = kubernetes_manifest.issuer.object.metadata.name +} + +output "reflector_metadata_name" { + value = helm_release.reflector.metadata.0.name +} + +output "root_ca_config_map_volume" { + value = local.root_ca_config_map != null ? [{ + name = local.root_ca_config_map + configMap = { + name = local.root_ca_config_map + } + }] : [] +} + +output "root_ca_config_map_volume_mounts" { + value = local.root_ca_config_map != null ? [{ + name = local.root_ca_config_map + mountPath = "/etc/ssl/certs/ca.crt" + subPath = "ca.crt" + readOnly = true + }] : [] +} diff --git a/tf-modules-k8s/cert-manager/terraform.tf b/tf-modules-k8s/cert-manager/terraform.tf new file mode 100644 index 00000000..a30496cd --- /dev/null +++ b/tf-modules-k8s/cert-manager/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} diff --git a/tf-modules-k8s/cert-manager/variables.tf b/tf-modules-k8s/cert-manager/variables.tf new file mode 100644 index 00000000..852a0095 --- /dev/null +++ b/tf-modules-k8s/cert-manager/variables.tf @@ -0,0 +1,32 @@ +variable "cert_manager_namespace" { + description = "The namespace to install cert-manager into" + type = string + default = "cert-manager" +} + +variable "k8s_ingress_class" { + description = "The ingress class to use for cert-manager" + type = string + default = "nginx" +} + +variable "cert_manager_email" { + description = "The email to use for the letsencrypt account" + type = string + default = "test@k3s.test" +} + +variable "internal_acme_ca_content" { + description = "value of the acme ca cert" + type = string +} + +variable "cert_manager_acme_url" { + description = "The url of the acme server" + type = string +} + +variable "letsencrypt_env" { + description = "Environment to use for letsencrypt" + default = "local" +} diff --git a/tf-modules-k8s/dex/main.tf b/tf-modules-k8s/dex/main.tf new file mode 100644 index 00000000..6642f9c1 --- /dev/null +++ b/tf-modules-k8s/dex/main.tf @@ -0,0 +1,74 @@ +resource "kubernetes_namespace" "cert-manager" { + metadata { + name = var.dex_namespace + } +} + +resource "random_password" "dex_client_id" { + length = 16 + special = false +} + +resource "random_password" "dex_client_secret" { + length = 24 + special = false +} + +locals { + dex_client_id = random_password.dex_client_id.result + dex_client_secret = random_password.dex_client_secret.result +} + +resource "helm_release" "dex" { + repository = "https://charts.dexidp.io" + name = "dex" + namespace = kubernetes_namespace.cert-manager.metadata[0].name + chart = "dex" + timeout = 600 + wait_for_jobs = true + wait = true + + values = [ + templatefile("${path.module}/values.yaml.tmpl", { + dex_hostname = var.dex_hostname, + github_client_id = var.github_client_id, + github_client_secret = var.github_client_secret, + dex_github_orgs = jsonencode(var.dex_github_orgs), + dex_client_id = local.dex_client_id, + paas_hostname = var.paas_hostname, + dex_client_secret = local.dex_client_secret, + k8s_ingress_class = var.k8s_ingress_class + cert_manager_cluster_issuer = var.cert_manager_cluster_issuer + }) + ] +} + +data "kubernetes_service" "dex_service" { + metadata { + name = "dex" + namespace = kubernetes_namespace.cert-manager.metadata[0].name + } +} + +data "kubernetes_ingress" "dex_ingress" { + metadata { + name = "dex" + namespace = kubernetes_namespace.cert-manager.metadata[0].name + } +} + +output "dex_ingress" { + value = data.kubernetes_ingress.dex_ingress.id +} + +output "dex_service" { + value = data.kubernetes_service.dex_service.id +} + +output "dex_client_id" { + value = local.dex_client_id +} + +output "dex_client_secret" { + value = local.dex_client_secret +} diff --git a/tf-modules-k8s/dex/terraform.tf b/tf-modules-k8s/dex/terraform.tf new file mode 100644 index 00000000..a30496cd --- /dev/null +++ b/tf-modules-k8s/dex/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} diff --git a/tf-modules-k8s/dex/values.yaml.tmpl b/tf-modules-k8s/dex/values.yaml.tmpl new file mode 100644 index 00000000..e87b159d --- /dev/null +++ b/tf-modules-k8s/dex/values.yaml.tmpl @@ -0,0 +1,46 @@ +--- +config: + issuer: "https://${dex_hostname}" + web: + http: 0.0.0.0:5556 + storage: + type: kubernetes + config: + inCluster: true + connectors: + - type: github + id: github + name: GitHub + config: + clientID: '${github_client_id}' + clientSecret: '${github_client_secret}' + redirectURI: "https://${dex_hostname}/callback" + orgs: + ${dex_github_orgs} + oauth2: + skipApprovalScreen: true + staticClients: + - id: "${dex_client_id}" + redirectURIs: + - http://127.0.0.1/oidc/callback + - 'https://${paas_hostname}/auth/oidc-callback' + name: paas + secret: "${dex_client_secret}" +ingress: + enabled: true + className: "${k8s_ingress_class}" + annotations: + cert-manager.io/cluster-issuer: ${cert_manager_cluster_issuer} + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: / + traefik.ingress.kubernetes.io/rule.type: PathPrefixStrip + traefik.ingress.kubernets.io/router.tls: "true" + hosts: + - host: ${dex_hostname} + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: ${dex_hostname}-tls + hosts: + - ${dex_hostname} diff --git a/tf-modules-k8s/dex/variables.tf b/tf-modules-k8s/dex/variables.tf new file mode 100644 index 00000000..cdb9d371 --- /dev/null +++ b/tf-modules-k8s/dex/variables.tf @@ -0,0 +1,42 @@ +variable "dex_namespace" { + default = "dex" +} + +variable "dex_hostname" { + description = "Hostname for DEX" + type = string +} + +variable "github_client_id" { + description = "GitHub client ID for DEX" + type = string +} + +variable "github_client_secret" { + description = "GitHub client secret for DEX" + type = string +} + +variable "dex_github_orgs" { + description = "Github Orgs for Dex OIDC Connector" + type = list(object({ + name = string + teams = list(string) + })) + default = [] +} + +variable "paas_hostname" { + description = "Hostname for paas" + type = string +} + +variable "k8s_ingress_class" { + description = "ingress class" + type = string + default = "nginx" +} + +variable "cert_manager_cluster_issuer" { + description = "value of the cert-manager cluster issuer" +} diff --git a/tf-modules-k8s/github/main.tf b/tf-modules-k8s/github/main.tf new file mode 100644 index 00000000..05695f39 --- /dev/null +++ b/tf-modules-k8s/github/main.tf @@ -0,0 +1,33 @@ +data "github_organization" "org" { + name = var.github_organization +} + +data "github_membership" "all" { + for_each = toset(data.github_organization.org.members) + username = each.value +} + +data "github_membership" "all_admin" { + for_each = { + for _, member in data.github_membership.all : + _ => member if member.role == "admin" + } + username = each.value.username +} + +resource "github_team" "opsteam" { + name = var.github_team + description = "This is the production team" + privacy = "closed" +} + +resource "github_team_membership" "opsteam_members" { + for_each = data.github_membership.all_admin + team_id = github_team.opsteam.id + username = each.value.username + role = "maintainer" +} + +output "team_name" { + value = github_team.opsteam.name +} diff --git a/tf-modules-k8s/github/terraform.tf b/tf-modules-k8s/github/terraform.tf new file mode 100644 index 00000000..7ee37b0d --- /dev/null +++ b/tf-modules-k8s/github/terraform.tf @@ -0,0 +1,14 @@ + +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 6.0" + } + } +} + +provider "github" { + owner = var.github_organization + token = var.github_token +} diff --git a/tf-modules-k8s/github/variables.tf b/tf-modules-k8s/github/variables.tf new file mode 100644 index 00000000..0a679053 --- /dev/null +++ b/tf-modules-k8s/github/variables.tf @@ -0,0 +1,14 @@ +variable "github_organization" { + type = string + default = "org-404" +} + +variable "github_team" { + type = string + default = "ops-team" +} + +variable "github_token" { + type = string + sensitive = true +} diff --git a/tf-modules-k8s/internal-ca/main.tf b/tf-modules-k8s/internal-ca/main.tf new file mode 100644 index 00000000..07c465a0 --- /dev/null +++ b/tf-modules-k8s/internal-ca/main.tf @@ -0,0 +1,50 @@ +locals { + ingress_hosts_internals_joined = join(" ", var.ingress_hosts_internals) +} + +resource "kubernetes_config_map" "coredns-custom" { + metadata { + name = "coredns-custom" + namespace = "kube-system" + } + + data = { + "ingress-hosts.server" = < + + + + + + + + + + + + + + + + + + %{ for arg in args ~} + + %{ endfor ~} + + + + diff --git a/tf-root-libvirt/terraform.tf b/tf-root-libvirt/terraform.tf new file mode 100644 index 00000000..19721422 --- /dev/null +++ b/tf-root-libvirt/terraform.tf @@ -0,0 +1,23 @@ +terraform { + required_version = ">= 0.13" + required_providers { + libvirt = { + source = "dmacvicar/libvirt" + } + null = { + source = "hashicorp/null" + version = "3.2.2" + } + healthcheck = { + source = "Ferlab-Ste-Justine/healthcheck" + version = "0.2.0" + } + } +} + +provider "libvirt" { + uri = "qemu:///system" +} + +provider "healthcheck" { +} diff --git a/tf-root-libvirt/variables.tf b/tf-root-libvirt/variables.tf new file mode 100644 index 00000000..eee68175 --- /dev/null +++ b/tf-root-libvirt/variables.tf @@ -0,0 +1,44 @@ +variable "port_mappings" { + type = map(number) + default = { + 2222 = 22 + 6443 = 6443 + 443 = 443 + 80 = 80 + } +} + +variable "qemu_network_interface" { + default = "en0" +} + +variable "vm_size" { + description = "vm size in MB" + default = 8092 +} + +variable "debug" { + type = bool + default = false +} + +variable "darwin" { + type = bool + default = true +} + +variable "ssh_connection" { + description = "values for the ssh connection" + type = object({ + private_key = string + user = string + }) + default = { + private_key = "~/.ssh/id_ed25519" + user = "zizou" + } +} + +variable "libvirt_pool_path" { + default = "/etc/libvirt/k3s-paas-pool" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 00000000..631ec848 --- /dev/null +++ b/variables.tf @@ -0,0 +1,103 @@ +variable "k3s_token" { + default = "example-token" +} + +variable "paas_base_domain" { + default = "k3s.test" +} + +variable "cert_manager_letsencrypt_env" { + default = "local" +} + +variable "cert_manager_namespace" { + default = "cert-manager" +} + +variable "cert_manager_email" { + default = "toto@k3s.test" +} + +variable "cert_manager_private_key_secret" { + default = "test_secret" +} + +variable "dex_namespace" { + default = "dex" +} + +variable "github_token" { + sensitive = true + type = string +} + +variable "github_client_id" { + default = "client-id-example" +} + +variable "github_client_secret" { + default = "secret-example" +} + +variable "github_organization" { + default = "org-404" +} + +variable "github_team" { + default = "ops-team" +} + +variable "paas_namespace" { + default = "default" +} + +variable "paas_hostname" { + default = "paas.k3s.test" +} + +variable "k8s_ingress_class" { + default = "nginx" + description = "ingress class" +} + +variable "letsencrypt_envs" { + description = "Letsencrypt Envs" + type = object({ + local = string + staging = string + prod = string + }) + default = { + local = "https://localhost:14000/dir" + staging = "https://acme-v02.api.letsencrypt.org/directory" + prod = "https://acme-staging-v02.api.letsencrypt.org/directory" + } +} + +variable "letsencrypt_envs_ca_certs" { + description = "Letsencrypt Envs CA Certs" + type = object({ + local = string + staging = string + prod = string + }) + default = { + local = "https://localhost:15000/roots/0" + staging = "https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem" + prod = null + } +} + +variable "metallb_ip_range" { + type = string + description = "value of the ip range" + default = null +} + +variable "vm_ip" { + default = "localhost" +} + +variable "internal_network_ip" { + default = "10.0.2.2" +} diff --git a/playbook/roles/waypoint/files/.gitkeep b/xchg/.gitkeep similarity index 100% rename from playbook/roles/waypoint/files/.gitkeep rename to xchg/.gitkeep