From 22293fa93d0ec730de4b02dcbda5418cdd1f6a03 Mon Sep 17 00:00:00 2001 From: David Young Date: Thu, 21 Oct 2021 17:53:15 +1300 Subject: [PATCH] Add markdown linting (without breaking the site this time!) --- .github/pull_request_template.md | 8 +- .github/workflows/markdownlint.yml | 19 ++ .../workflows/mkdocs-build-sanity-check.yml | 24 ++ .github/workflows/prune-stale-issues-prs.yml | 6 +- .markdownlint.json | 9 - .markdownlint.yaml | 17 ++ LICENSE.md | 2 +- README.md | 44 +-- manuscript/CHANGELOG.md | 6 +- manuscript/README-UI.md | 2 +- manuscript/community/code-of-conduct.md | 6 +- manuscript/community/contribute.md | 15 +- manuscript/community/discord.md | 21 +- manuscript/community/discourse.md | 3 +- manuscript/community/github.md | 3 +- manuscript/ha-docker-swarm/design.md | 8 +- .../ha-docker-swarm/docker-swarm-mode.md | 28 +- manuscript/ha-docker-swarm/keepalived.md | 19 +- manuscript/ha-docker-swarm/nodes.md | 19 +- manuscript/ha-docker-swarm/registry.md | 12 +- .../ha-docker-swarm/shared-storage-ceph.md | 27 +- .../ha-docker-swarm/shared-storage-gluster.md | 20 +- .../ha-docker-swarm/traefik-forward-auth.md | 8 +- .../traefik-forward-auth/dex-static.md | 4 +- .../traefik-forward-auth/google.md | 14 +- .../traefik-forward-auth/keycloak.md | 16 +- manuscript/ha-docker-swarm/traefik.md | 20 +- manuscript/images/mattermost.png | Bin 131108 -> 0 bytes manuscript/images/mqtt.png | Bin 316910 -> 0 bytes manuscript/index.md | 10 +- manuscript/kubernetes/cluster.md | 8 +- manuscript/kubernetes/design.md | 6 +- manuscript/kubernetes/diycluster.md | 2 +- manuscript/kubernetes/helm.md | 18 +- manuscript/kubernetes/index.md | 3 +- manuscript/kubernetes/loadbalancer.md | 50 ++-- manuscript/kubernetes/snapshots.md | 44 +-- manuscript/kubernetes/traefik.md | 18 +- manuscript/premix.md | 12 +- manuscript/premix/ansible/design.md | 6 +- manuscript/premix/ansible/operation.md | 23 +- manuscript/premix/kubernetes.md | 2 + manuscript/premix/swarm.md | 2 + manuscript/recipes/archivebox.md | 25 +- manuscript/recipes/autopirate/end.md | 6 +- manuscript/recipes/autopirate/headphones.md | 3 +- manuscript/recipes/autopirate/heimdall.md | 1 + manuscript/recipes/autopirate/index.md | 17 +- manuscript/recipes/autopirate/jackett.md | 2 +- .../recipes/autopirate/lazylibrarian.md | 3 +- manuscript/recipes/autopirate/lidarr.md | 1 + manuscript/recipes/autopirate/nzbget.md | 3 +- manuscript/recipes/autopirate/nzbhydra.md | 2 +- manuscript/recipes/autopirate/radarr.md | 2 +- manuscript/recipes/autopirate/readarr.md | 4 +- manuscript/recipes/autopirate/rtorrent.md | 2 +- manuscript/recipes/autopirate/sabnzbd.md | 2 +- manuscript/recipes/autopirate/sonarr.md | 2 +- manuscript/recipes/bitwarden.md | 6 +- manuscript/recipes/bookstack.md | 6 +- manuscript/recipes/calibre-web.md | 8 +- manuscript/recipes/collabora-online.md | 43 ++- manuscript/recipes/cyberchef.md | 10 +- manuscript/recipes/duplicati.md | 12 +- manuscript/recipes/duplicity.md | 14 +- manuscript/recipes/elkarbackup.md | 12 +- manuscript/recipes/emby.md | 6 +- manuscript/recipes/funkwhale.md | 13 +- manuscript/recipes/ghost.md | 7 +- manuscript/recipes/gitlab-runner.md | 7 +- manuscript/recipes/gitlab.md | 13 +- manuscript/recipes/gollum.md | 7 +- manuscript/recipes/homeassistant.md | 12 +- manuscript/recipes/homeassistant/ibeacon.md | 6 +- manuscript/recipes/huginn.md | 7 +- manuscript/recipes/instapy.md | 13 +- manuscript/recipes/ipfs-cluster.md | 22 +- manuscript/recipes/jellyfin.md | 8 +- manuscript/recipes/kanboard.md | 6 +- manuscript/recipes/keycloak.md | 8 +- .../keycloak/authenticate-against-openldap.md | 3 +- manuscript/recipes/keycloak/create-user.md | 2 +- .../recipes/keycloak/setup-oidc-provider.md | 6 +- manuscript/recipes/komga.md | 6 +- manuscript/recipes/kubernetes/kanboard.md | 38 +-- manuscript/recipes/kubernetes/miniflux.md | 38 ++- manuscript/recipes/kubernetes/template-k8s.md | 262 ------------------ manuscript/recipes/linx.md | 7 +- manuscript/recipes/mail.md | 24 +- manuscript/recipes/mattermost.md | 110 -------- manuscript/recipes/mealie.md | 12 +- manuscript/recipes/miniflux.md | 9 +- manuscript/recipes/minio.md | 23 +- manuscript/recipes/mqtt.md | 207 -------------- manuscript/recipes/munin.md | 9 +- manuscript/recipes/nextcloud.md | 31 ++- manuscript/recipes/nightscout.md | 15 +- manuscript/recipes/openldap.md | 15 +- manuscript/recipes/owntracks.md | 6 +- manuscript/recipes/paperless-ng.md | 11 +- manuscript/recipes/photoprism.md | 14 +- manuscript/recipes/phpipam.md | 10 +- manuscript/recipes/plex.md | 8 +- manuscript/recipes/portainer.md | 6 +- manuscript/recipes/privatebin.md | 4 +- manuscript/recipes/realms.md | 7 +- manuscript/recipes/restic.md | 17 +- manuscript/recipes/rss-bridge.md | 1 - manuscript/recipes/swarmprom.md | 13 +- manuscript/recipes/template.md | 3 +- manuscript/recipes/tiny-tiny-rss.md | 6 +- manuscript/recipes/wallabag.md | 10 +- manuscript/recipes/wekan.md | 6 +- manuscript/recipes/wetty.md | 5 +- manuscript/reference/containers.md | 42 --- manuscript/reference/data_layout.md | 2 +- manuscript/reference/git-docker.md | 52 ---- manuscript/reference/networks.md | 2 +- manuscript/reference/oauth_proxy.md | 2 +- manuscript/reference/openvpn.md | 12 +- manuscript/reference/troubleshooting.md | 2 +- manuscript/sections/README.md | 2 + manuscript/sections/chefs-favorites-docker.md | 2 +- .../sections/chefs-favorites-kubernetes.md | 2 +- manuscript/support.md | 32 +-- mkdocs-material/README.md | 2 + mkdocs.yml | 13 - overrides/README-OVERRIDES.md | 1 - scripts/local-markdownlint-and-fix.sh | 2 +- scripts/local-markdownlint.sh | 2 +- scripts/recipe-footer.md | 8 +- 131 files changed, 668 insertions(+), 1361 deletions(-) create mode 100644 .github/workflows/markdownlint.yml create mode 100644 .github/workflows/mkdocs-build-sanity-check.yml delete mode 100644 .markdownlint.json create mode 100644 .markdownlint.yaml delete mode 100644 manuscript/images/mattermost.png delete mode 100644 manuscript/images/mqtt.png delete mode 100644 manuscript/recipes/kubernetes/template-k8s.md delete mode 100644 manuscript/recipes/mattermost.md delete mode 100644 manuscript/recipes/mqtt.md delete mode 100644 manuscript/reference/containers.md delete mode 100644 manuscript/reference/git-docker.md delete mode 100644 overrides/README-OVERRIDES.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 42f0e29..4b3afd6 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -14,9 +14,11 @@ ## Types of changes + - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) + ## Checklist @@ -24,10 +26,14 @@ - [ ] I have read the [contribution guide](https://geek-cookbook.funkypenguin.co.nz/community/contribute/#contributing-recipes) - [ ] The format of my changes matches that of other recipes (*ideally it was copied from [template](/manuscript/recipes/template.md)*) -- [ ] I've added at least one footnote to my recipe (*Chef's Notes*) + + +### Recipe-specific checks + +- [ ] I've added at least one footnote to my recipe (*Chef's Notes*) - [ ] I've updated `common_links.md` in the `_snippets` directory and sorted alphabetically - [ ] I've updated the navigation in `mkdocs.yaml` in alphabetical order - [ ] I've updated `CHANGELOG.md` in reverse chronological order order diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml new file mode 100644 index 0000000..8f28955 --- /dev/null +++ b/.github/workflows/markdownlint.yml @@ -0,0 +1,19 @@ +name: 'Lint Markdown' +on: + pull_request: + types: [opened, synchronize] + +jobs: + lint-markdown: + name: Lint markdown + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Lint markdown files + uses: docker://avtodev/markdown-lint:v1 # fastest way + with: + config: '.markdownlint.yaml' + args: '**/*.md' + ignore: '_snippets' # multiple files must be separated with single space \ No newline at end of file diff --git a/.github/workflows/mkdocs-build-sanity-check.yml b/.github/workflows/mkdocs-build-sanity-check.yml new file mode 100644 index 0000000..31c4395 --- /dev/null +++ b/.github/workflows/mkdocs-build-sanity-check.yml @@ -0,0 +1,24 @@ +name: 'mkdocs sanity check' +on: + pull_request: + types: [opened, synchronize] + +jobs: + mkdocs-sanity-check: + name: Check mkdocs builds successfully + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + architecture: x64 + + - name: Install requirements + run: python3 -m pip install -r requirements.txt + + - name: Test mkdocs builds + run: python3 -m mkdocs build \ No newline at end of file diff --git a/.github/workflows/prune-stale-issues-prs.yml b/.github/workflows/prune-stale-issues-prs.yml index 3151bcf..bde0563 100644 --- a/.github/workflows/prune-stale-issues-prs.yml +++ b/.github/workflows/prune-stale-issues-prs.yml @@ -10,6 +10,6 @@ jobs: - uses: actions/stale@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'This issue has gone mouldy, because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days' - days-before-stale: 30 - days-before-close: 5 \ No newline at end of file + stale-issue-message: 'This issue has gone mouldy, because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 14 days' + days-before-stale: 90 + days-before-close: 14 \ No newline at end of file diff --git a/.markdownlint.json b/.markdownlint.json deleted file mode 100644 index 19e1394..0000000 --- a/.markdownlint.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "MD046": { - "style": "fenced" - }, - "MD013": false, - "MD024": { - "siblings_only": true - } -} diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..ba37377 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,17 @@ +# What's this for? This file is used by the markdownlinting extension in VSCode, as well as the GitHub actions +# See all rules at https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md + +# Ignore line length +"MD013": false + +# Allow multiple headings with the same content provided the headings are not "siblings" +"MD024": + "siblings_only": true + +# Allow trailing punctuation in headings +"MD026": false + +# We use fenced code blocks, but this test conflicts with the admonitions plugin we use, which relies +# on indentation (which is then falsely detected as a code block) +"MD046": false + diff --git a/LICENSE.md b/LICENSE.md index 0ee1b99..58d0e27 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,4 +1,4 @@ -MIT License +# MIT License Copyright (c) 2021 Funky Penguin Limited diff --git a/README.md b/README.md index 19577e3..1c4abb6 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ [dockerurl]: https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/design [k8surl]: https://geek-cookbook.funkypenguin.co.nz/kubernetes/start +
[![geek-cookbook](https://raw.githubusercontent.com/geek-cookbook/autopenguin/master/images/readme_header.png)][cookbookurl] @@ -33,14 +34,14 @@ # What is this? -Funky Penguin's "**[Geek Cookbook](https://geek-cookbook.funkypenguin.co.nz)**" is a collection of how-to guides for establishing your own container-based self-hosting platform, using either [Docker Swarm](/ha-docker-swarm/design/) or [Kubernetes](/kubernetes/). +Funky Penguin's "**[Geek Cookbook](https://geek-cookbook.funkypenguin.co.nz)**" is a collection of how-to guides for establishing your own container-based self-hosting platform, using either [Docker Swarm](/ha-docker-swarm/design/) or [Kubernetes](/kubernetes/). Running such a platform enables you to run self-hosted tools such as [AutoPirate](/recipes/autopirate/) (*Radarr, Sonarr, NZBGet and friends*), [Plex][plex], [NextCloud][nextcloud], and includes elements such as: -* [Automatic SSL-secured access](/ha-docker-swarm/traefik/) to all services (*with LetsEncrypt*) -* [SSO / authentication layer](/ha-docker-swarm/traefik-forward-auth/) to protect unsecured / vulnerable services -* [Automated backup](/recipes/elkarbackup/) of configuration and data -* [Monitoring and metrics](/recipes/swarmprom/) collection, graphing and alerting +- [Automatic SSL-secured access](/ha-docker-swarm/traefik/) to all services (*with LetsEncrypt*) +- [SSO / authentication layer](/ha-docker-swarm/traefik-forward-auth/) to protect unsecured / vulnerable services +- [Automated backup](/recipes/elkarbackup/) of configuration and data +- [Monitoring and metrics](/recipes/swarmprom/) collection, graphing and alerting Recent updates and additions are posted on the [CHANGELOG](/CHANGELOG/), and there's a friendly community of like-minded geeks in the [Discord server](http://chat.funkypenguin.co.nz). @@ -68,41 +69,40 @@ I want your [support][github_sponsor], either in the [financial][github_sponsor] ### Get in touch 👋 -* Come and say hi to me and the friendly geeks in the [Discord][discord] chat or the [Discourse][discourse] forums - say hi, ask a question, or suggest a new recipe! -* Tweet me up, I'm [@funkypenguin][twitter]! 🐦 -* [Contact me][contact] by a variety of channels +- Come and say hi to me and the friendly geeks in the [Discord][discord] chat or the [Discourse][discourse] forums - say hi, ask a question, or suggest a new recipe! +- Tweet me up, I'm [@funkypenguin][twitter]! 🐦 +- [Contact me][contact] by a variety of channels ### Buy my book 📖 -I'm also publishing the Geek Cookbook as a formal eBook (*PDF, mobi, epub*), on Leanpub (https://leanpub.com/geek-cookbook). Buy it for as little as $5 (_which is really just a token gesture of support, since all the content is available online anyway!_) or pay what you think it's worth! +I'm also publishing the Geek Cookbook as a formal eBook (*PDF, mobi, epub*), on Leanpub (). Buy it for as little as $5 (_which is really just a token gesture of support, since all the content is available online anyway!_) or pay what you think it's worth! ### [Sponsor][github_sponsor] / [Patronize][patreon] me ❤️ The best way to support this work is to become a [GitHub Sponsor](https://github.com/sponsors/funkypenguin) / [Patreon patron][patreon] (_for as little as $1/month!_) - You get : -* warm fuzzies, -* access to the pre-mix repo, -* an anonymous plug you can pull at any time, -* and a bunch more loot based on tier +- warm fuzzies, +- access to the pre-mix repo, +- an anonymous plug you can pull at any time, +- and a bunch more loot based on tier .. and I get some pocket money every month to buy wine, cheese, and cryptocurrency! 🍷 💰 Impulsively **[click here (NOW quick do it!)][github_sponsor]** to [sponsor me][github_sponsor] via GitHub, or [patronize me via Patreon][patreon]! - ### Work with me 🤝 Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business! -[plex]: https://www.plex.tv/ +[plex]: https://www.plex.tv/ [nextcloud]: https://nextcloud.com/ -[wordpress]: https://wordpress.org/ -[ghost]: https://ghost.io/ +[wordpress]: https://wordpress.org/ +[ghost]: https://ghost.io/ [discord]: http://chat.funkypenguin.co.nz -[patreon]: https://www.patreon.com/bePatron?u=6982506 +[patreon]: https://www.patreon.com/bePatron?u=6982506 [github_sponsor]: https://github.com/sponsors/funkypenguin [github]: https://github.com/sponsors/funkypenguin -[discourse]: https://discourse.geek-kitchen.funkypenguin.co.nz/ -[twitter]: https://twitter.com/funkypenguin -[contact]: https://www.funkypenguin.co.nz -[aws_cert]: https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url \ No newline at end of file +[discourse]: https://discourse.geek-kitchen.funkypenguin.co.nz/ +[twitter]: https://twitter.com/funkypenguin +[contact]: https://www.funkypenguin.co.nz +[aws_cert]: https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url diff --git a/manuscript/CHANGELOG.md b/manuscript/CHANGELOG.md index 07b7780..00abc4d 100644 --- a/manuscript/CHANGELOG.md +++ b/manuscript/CHANGELOG.md @@ -28,8 +28,8 @@ Recipe | Description Also available via: -* Mastodon: https://mastodon.social/@geekcookbook_changes -* RSS: https://mastodon.social/@geekcookbook_changes.rss +* Mastodon: +* RSS: * The #changelog channel in our [Discord server](http://chat.funkypenguin.co.nz) ---8<-- "common-links.md" \ No newline at end of file +--8<-- "common-links.md" diff --git a/manuscript/README-UI.md b/manuscript/README-UI.md index 635418c..1650cfc 100644 --- a/manuscript/README-UI.md +++ b/manuscript/README-UI.md @@ -8,4 +8,4 @@ ## Conventions -1. When creating swarm networks, we always explicitly set the subnet in the overlay network, to avoid potential conflicts (_which docker won't prevent, but which will generate errors_) (https://github.com/moby/moby/issues/26912) +1. When creating swarm networks, we always explicitly set the subnet in the overlay network, to avoid potential conflicts (_which docker won't prevent, but which will generate errors_) () diff --git a/manuscript/community/code-of-conduct.md b/manuscript/community/code-of-conduct.md index 816e4c8..5a88c04 100644 --- a/manuscript/community/code-of-conduct.md +++ b/manuscript/community/code-of-conduct.md @@ -126,7 +126,7 @@ the community. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). @@ -134,5 +134,5 @@ enforcement ladder](https://github.com/mozilla/diversity). [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +. Translations are available at +. diff --git a/manuscript/community/contribute.md b/manuscript/community/contribute.md index 3c15b27..726db5e 100644 --- a/manuscript/community/contribute.md +++ b/manuscript/community/contribute.md @@ -15,7 +15,7 @@ Sponsor [your chef](https://github.com/sponsors/funkypenguin) :heart:, or [join Found a typo / error in a recipe? Each recipe includes a link to make the fix, directly on GitHub: -![](https://static.funkypenguin.co.nz/Duplicity_-_Funky_Penguins_Geek_Cookbook_2020-06-16_14-45-50.png) +![How to fix a typo directly in GitHub](https://static.funkypenguin.co.nz/Duplicity_-_Funky_Penguins_Geek_Cookbook_2020-06-16_14-45-50.png) Click the link to edit the recipe in Markdown format, and save to create a pull request! @@ -37,11 +37,11 @@ GitPod (free up to 50h/month) is by far the smoothest and most slick way to edi [GitHub Codespaces](https://github.com/features/codespaces) (_no longer free now that it's out of beta_) provides a browser-based VSCode interface, pre-configured for your development environment. For no-hassle contributions to the cookbook with realtime previews, visit the [repo](https://github.com/geek-cookbook/geek-cookbook), and when clicking the download button (*where you're usually get the URL to clone a repo*), click on "**Open with CodeSpaces**" instead: -![](https://static.funkypenguin.co.nz/2021/geek-cookbookgeek-cookbook_The_Geeks_Cookbook_is_a_collection_of_guides_for_establishing_your_own_highly-available_privat_2021-01-07_11-41-25.png) +![How to use GitHub Codespaces](https://static.funkypenguin.co.nz/2021/geek-cookbookgeek-cookbook_The_Geeks_Cookbook_is_a_collection_of_guides_for_establishing_your_own_highly-available_privat_2021-01-07_11-41-25.png) You'll shortly be dropped into the VSCode interface, with mkdocs/material pre-installed and running. Any changes you make are auto-saved (*there's no "Save" button*), and available in the port-forwarded preview within seconds: -![](https://static.funkypenguin.co.nz/2021/contribute.md__geek-cookbook_Codespaces__Visual_Studio_Code_-_Insiders__Codespaces_2021-01-07_11-50-25.png) +![Launching preview in port-forwarded tab](https://static.funkypenguin.co.nz/2021/contribute.md__geek-cookbook_Codespaces__Visual_Studio_Code_-_Insiders__Codespaces_2021-01-07_11-50-25.png) Once happy with your changes, drive VSCode as normal to create a branch, commit, push, and create a pull request. You can also abandon the browser window at any time, and return later to pick up where you left off (*even on a different device!*) @@ -52,18 +52,15 @@ The process is basically: 1. [Fork the repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo) 2. Clone your forked repo locally 3. Make a new branch for your recipe (*not strictly necessary, but it helps to differentiate multiple in-flight recipes*) -4. Create your new recipe as a markdown file within the existing structure of the [manuscript folder](https://github.com/geek-cookbook/geek-cookbook/tree/master/manuscript) +4. Create your new recipe as a markdown file within the existing structure of the [manuscript folder](https://github.com/geek-cookbook/geek-cookbook/tree/master/manuscript) 5. Add your recipe to the navigation by editing [mkdocs.yml](https://github.com/geek-cookbook/geek-cookbook/blob/master/mkdocs.yml#L32) -6. Test locally by running `./scripts/serve.sh` in the repo folder (*this launches a preview in Docker*), and navigating to http://localhost:8123 +6. Test locally by running `./scripts/serve.sh` in the repo folder (*this launches a preview in Docker*), and navigating to 7. Rinse and repeat until you're ready to submit a PR 8. Create a pull request via the GitHub UI 9. The pull request will trigger the creation of a preview environment, as illustrated below. Use the deploy preview to confirm that your recipe is as tasty as possible! -![](https://static.funkypenguin.co.nz/illustrate-pr-with-deploy-preview-for-geek-cookbook.png) - - +![View a deploy preview from PR](https://static.funkypenguin.co.nz/illustrate-pr-with-deploy-preview-for-geek-cookbook.png) ## Contributing skillz 💪 Got mad skillz, but neither the time nor inclination for recipe-cooking? [Scan the GitHub contributions page](https://github.com/geek-cookbook/geek-cookbook/contribute), [Discussions](https://github.com/geek-cookbook/geek-cookbook/discussions), or jump into [Discord](/community/discord/) or [Discourse](/community/discourse/), and help your fellow geeks with their questions, or just hang out bump up our member count! - diff --git a/manuscript/community/discord.md b/manuscript/community/discord.md index ad8344f..52fd170 100644 --- a/manuscript/community/discord.md +++ b/manuscript/community/discord.md @@ -15,8 +15,7 @@ Yeah, I know. I also thought Discord was just for the gamer kids, but it turns o 1. Create [an account](https://discordapp.com) 2. [Join the geek party](http://chat.funkypenguin.co.nz)! - - + ## Code of Conduct @@ -25,7 +24,7 @@ With the goal of creating a safe and inclusive community, we've adopted the [Con ### Reporting abuse -To report a violation of our code of conduct in our Discord server, type `!report ` in any channel. +To report a violation of our code of conduct in our Discord server, type `!report ` in any channel. Your report message will immediately be deleted from the channel, and an alert raised to moderators, who will address the issue as detailed in the [enforcement guidelines](/community/code-of-conduct/#enforcement-guidelines). @@ -41,7 +40,7 @@ Your report message will immediately be deleted from the channel, and an alert r | #premix-updates | Updates on all pushes to the master branch of the premix | | #discourse-updates | Updates to Discourse topics | -### 💬 Discussion +### 💬 Discussion | Channel Name | Channel Use | |----------------|----------------------------------------------------------| @@ -55,22 +54,20 @@ Your report message will immediately be deleted from the channel, and an alert r | #advertisements | In here you can advertise your stream, services or websites, at a limit of 2 posts per day | | #dev | Used for collaboratio around current development. | - -### Suggestions +### Suggestions | Channel Name | Channel Use | |--------------|-------------------------------------| | #in-flight | A list of all suggestions in-flight | | #completed | A list of completed suggestions | -### Music +### Music | Channel Name | Channel Use | |------------------|-----------------------------------| | #music | DJs go here to control music | | #listen-to-music | Jump in here to rock out to music | - ## How to get help. If you need assistance at any time there are a few commands that you can run in order to get help. @@ -79,12 +76,11 @@ If you need assistance at any time there are a few commands that you can run in `!faq` Shows frequently asked questions. - ## Spread the love (inviting others) Invite your co-geeks to Discord by: -1. Sending them a link to http://chat.funkypenguin.co.nz, or +1. Sending them a link to , or 2. Right-click on the Discord server name and click "Invite People" ## Formatting your message @@ -100,8 +96,3 @@ Discord supports minimal message formatting using [markdown](https://support.dis 2. Find the #in-flight channel (*also under **Suggestions***), and confirm that your suggestion isn't already in-flight (*but not completed yet*) 3. In any channel, type `!suggest [your suggestion goes here]`. A post will be created in #in-flight for other users to vote on your suggestion. Suggestions change color as more users vote on them. 4. When your suggestion is completed (*or a decision has been made*), you'll receive a DM from carl-bot - - - - - diff --git a/manuscript/community/discourse.md b/manuscript/community/discourse.md index cc3d790..dffb29a 100644 --- a/manuscript/community/discourse.md +++ b/manuscript/community/discourse.md @@ -1,4 +1,3 @@ # Discourse -You've found an intentionally un-linked page! This page is under construction, and will be up shortly. In the meantime, head to https://discourse.geek-kitchen.funkypenguin.co.nz! - +You've found an intentionally un-linked page! This page is under construction, and will be up shortly. In the meantime, head to ! diff --git a/manuscript/community/github.md b/manuscript/community/github.md index 17c32d0..58921bf 100644 --- a/manuscript/community/github.md +++ b/manuscript/community/github.md @@ -1,4 +1,3 @@ # GitHub -You've found an intentionally un-linked page! This page is under construction, and will be up shortly. In the meantime, head to https://github.com/geek-cookbook/geek-cookbook! - +You've found an intentionally un-linked page! This page is under construction, and will be up shortly. In the meantime, head to ! diff --git a/manuscript/ha-docker-swarm/design.md b/manuscript/ha-docker-swarm/design.md index a2aea1f..fb71b4a 100644 --- a/manuscript/ha-docker-swarm/design.md +++ b/manuscript/ha-docker-swarm/design.md @@ -10,7 +10,7 @@ In the design described below, our "private cloud" platform is: ## Design Decisions -**Where possible, services will be highly available.** +### Where possible, services will be highly available.** This means that: @@ -39,8 +39,7 @@ Under this design, the only inbound connections we're permitting to our docker s ### Authentication * Where the hosted application provides a trusted level of authentication (*i.e., [NextCloud](/recipes/nextcloud/)*), or where the application requires public exposure (*i.e. [Privatebin](/recipes/privatebin/)*), no additional layer of authentication will be required. -* Where the hosted application provides inadequate (*i.e. [NZBGet](/recipes/autopirate/nzbget/)*) or no authentication (*i.e. [Gollum](/recipes/gollum/)*), a further authentication against an OAuth provider will be required. - +* Where the hosted application provides inadequate (*i.e. [NZBGet](/recipes/autopirate/nzbget/)*) or no authentication (*i.e. [Gollum](/recipes/gollum/)*), a further authentication against an OAuth provider will be required. ## High availability @@ -78,7 +77,6 @@ When the failed (*or upgraded*) host is restored to service, the following is il * Existing containers which were migrated off the node are not migrated backend * Keepalived VIP regains full redundancy - ![HA function](../images/docker-swarm-node-restore.png) ### Total cluster failure @@ -91,4 +89,4 @@ In summary, although I suffered an **unplanned power outage to all of my infrast [^1]: Since there's no impact to availability, I can fix (or just reinstall) the failed node whenever convenient. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/docker-swarm-mode.md b/manuscript/ha-docker-swarm/docker-swarm-mode.md index 32abc16..7754294 100644 --- a/manuscript/ha-docker-swarm/docker-swarm-mode.md +++ b/manuscript/ha-docker-swarm/docker-swarm-mode.md @@ -6,7 +6,7 @@ For truly highly-available services with Docker containers, we need an orchestra !!! summary Existing - + * [X] 3 x nodes (*bare-metal or VMs*), each with: * A mainstream Linux OS (*tested on either [CentOS](https://www.centos.org) 7+ or [Ubuntu](http://releases.ubuntu.com) 16.04+*) * At least 2GB RAM @@ -19,19 +19,20 @@ For truly highly-available services with Docker containers, we need an orchestra Add some handy bash auto-completion for docker. Without this, you'll get annoyed that you can't autocomplete ```docker stack deploy -c ``` commands. -``` +```bash cd /etc/bash_completion.d/ curl -O https://raw.githubusercontent.com/docker/cli/b75596e1e4d5295ac69b9934d1bd8aff691a0de8/contrib/completion/bash/docker ``` Install some useful bash aliases on each host -``` + +```bash cd ~ curl -O https://raw.githubusercontent.com/funkypenguin/geek-cookbook/master/examples/scripts/gcb-aliases.sh echo 'source ~/gcb-aliases.sh' >> ~/.bash_profile ``` -## Serving +## Serving ### Release the swarm! @@ -39,7 +40,7 @@ Now, to launch a swarm. Pick a target node, and run `docker swarm init` Yeah, that was it. Seriously. Now we have a 1-node swarm. -``` +```bash [root@ds1 ~]# docker swarm init Swarm initialized: current node (b54vls3wf8xztwfz79nlkivt8) is now a manager. @@ -56,7 +57,7 @@ To add a manager to this swarm, run 'docker swarm join-token manager' and follow Run `docker node ls` to confirm that you have a 1-node swarm: -``` +```bash [root@ds1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS b54vls3wf8xztwfz79nlkivt8 * ds1.funkypenguin.co.nz Ready Active Leader @@ -67,7 +68,7 @@ Note that when you run `docker swarm init` above, the CLI output gives youe a co On the first swarm node, generate the necessary token to join another manager by running ```docker swarm join-token manager```: -``` +```bash [root@ds1 ~]# docker swarm join-token manager To add a manager to this swarm, run the following command: @@ -80,8 +81,7 @@ To add a manager to this swarm, run the following command: Run the command provided on your other nodes to join them to the swarm as managers. After addition of a node, the output of ```docker node ls``` (on either host) should reflect all the nodes: - -``` +```bash [root@ds2 davidy]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS b54vls3wf8xztwfz79nlkivt8 ds1.funkypenguin.co.nz Ready Active Leader @@ -97,14 +97,14 @@ To address this, we'll run the "[meltwater/docker-cleanup](https://github.com/me First, create `docker-cleanup.env` (_mine is under `/var/data/config/docker-cleanup`_), and exclude container images we **know** we want to keep: -``` +```bash KEEP_IMAGES=traefik,keepalived,docker-mailserver DEBUG=1 ``` Then create a docker-compose.yml as follows: -``` +```yaml version: "3" services: @@ -137,7 +137,7 @@ If your swarm runs for a long time, you might find yourself running older contai Create `/var/data/config/shepherd/shepherd.env` as follows: -``` +```bash # Don't auto-update Plex or Emby (or Jellyfin), I might be watching a movie! (Customize this for the containers you _don't_ want to auto-update) BLACKLIST_SERVICES="plex_plex emby_emby jellyfin_jellyfin" # Run every 24 hours. Note that SLEEP_TIME appears to be in seconds. @@ -146,7 +146,7 @@ SLEEP_TIME=86400 Then create /var/data/config/shepherd/shepherd.yml as follows: -``` +```yaml version: "3" services: @@ -175,4 +175,4 @@ What have we achieved? * [X] [Docker swarm cluster](/ha-docker-swarm/design/) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/keepalived.md b/manuscript/ha-docker-swarm/keepalived.md index 170e07b..c6d868e 100644 --- a/manuscript/ha-docker-swarm/keepalived.md +++ b/manuscript/ha-docker-swarm/keepalived.md @@ -34,7 +34,7 @@ On all nodes which will participate in keepalived, we need the "ip_vs" kernel mo Set this up once-off for both the primary and secondary nodes, by running: -``` +```bash echo "modprobe ip_vs" >> /etc/modules modprobe ip_vs ``` @@ -43,14 +43,13 @@ modprobe ip_vs Assuming your IPs are as follows: -``` -* 192.168.4.1 : Primary -* 192.168.4.2 : Secondary -* 192.168.4.3 : Virtual -``` +- 192.168.4.1 : Primary +- 192.168.4.2 : Secondary +- 192.168.4.3 : Virtual Run the following on the primary -``` + +```bash docker run -d --name keepalived --restart=always \ --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host \ -e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.4.1', '192.168.4.2']" \ @@ -60,7 +59,8 @@ docker run -d --name keepalived --restart=always \ ``` And on the secondary[^2]: -``` + +```bash docker run -d --name keepalived --restart=always \ --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host \ -e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.4.1', '192.168.4.2']" \ @@ -73,7 +73,6 @@ docker run -d --name keepalived --restart=always \ That's it. Each node will talk to the other via unicast (*no need to un-firewall multicast addresses*), and the node with the highest priority gets to be the master. When ingress traffic arrives on the master node via the VIP, docker's routing mesh will deliver it to the appropriate docker node. - ## Summary What have we achieved? @@ -88,4 +87,4 @@ What have we achieved? [^1]: Some hosting platforms (*OpenStack, for one*) won't allow you to simply "claim" a virtual IP. Each node is only able to receive traffic targetted to its unique IP, unless certain security controls are disabled by the cloud administrator. In this case, keepalived is not the right solution, and a platform-specific load-balancing solution should be used. In OpenStack, this is Neutron's "Load Balancer As A Service" (LBAAS) component. AWS, GCP and Azure would likely include similar protections. [^2]: More than 2 nodes can participate in keepalived. Simply ensure that each node has the appropriate priority set, and the node with the highest priority will become the master. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/nodes.md b/manuscript/ha-docker-swarm/nodes.md index 3e4608a..32b1cba 100644 --- a/manuscript/ha-docker-swarm/nodes.md +++ b/manuscript/ha-docker-swarm/nodes.md @@ -16,7 +16,6 @@ Let's start building our cluster. You can use either bare-metal machines or virt * At least 20GB disk space (_but it'll be tight_) * [ ] Connectivity to each other within the same subnet, and on a low-latency link (_i.e., no WAN links_) - ## Preparation ### Permit connectivity @@ -27,7 +26,7 @@ Most modern Linux distributions include firewall rules which only only permit mi Add something like this to `/etc/sysconfig/iptables`: -``` +```bash # Allow all inter-node communication -A INPUT -s 192.168.31.0/24 -j ACCEPT ``` @@ -38,7 +37,7 @@ And restart iptables with ```systemctl restart iptables``` Install the (*non-default*) persistent iptables tools, by running `apt-get install iptables-persistent`, establishing some default rules (*dkpg will prompt you to save current ruleset*), and then add something like this to `/etc/iptables/rules.v4`: -``` +```bash # Allow all inter-node communication -A INPUT -s 192.168.31.0/24 -j ACCEPT ``` @@ -49,17 +48,15 @@ And refresh your running iptables rules with `iptables-restore < /etc/iptables/r Depending on your hosting environment, you may have DNS automatically setup for your VMs. If not, it's useful to set up static entries in /etc/hosts for the nodes. For example, I setup the following: -``` -192.168.31.11 ds1 ds1.funkypenguin.co.nz -192.168.31.12 ds2 ds2.funkypenguin.co.nz -192.168.31.13 ds3 ds3.funkypenguin.co.nz -``` +- 192.168.31.11 ds1 ds1.funkypenguin.co.nz +- 192.168.31.12 ds2 ds2.funkypenguin.co.nz +- 192.168.31.13 ds3 ds3.funkypenguin.co.nz ### Set timezone Set your local timezone, by running: -``` +```bash ln -sf /usr/share/zoneinfo/ /etc/localtime ``` @@ -69,11 +66,11 @@ After completing the above, you should have: !!! summary "Summary" Deployed in this recipe: - + * [X] 3 x nodes (*bare-metal or VMs*), each with: * A mainstream Linux OS (*tested on either [CentOS](https://www.centos.org) 7+ or [Ubuntu](http://releases.ubuntu.com) 16.04+*) * At least 2GB RAM * At least 20GB disk space (_but it'll be tight_) * [X] Connectivity to each other within the same subnet, and on a low-latency link (_i.e., no WAN links_) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/registry.md b/manuscript/ha-docker-swarm/registry.md index ccfc08c..799244c 100644 --- a/manuscript/ha-docker-swarm/registry.md +++ b/manuscript/ha-docker-swarm/registry.md @@ -18,7 +18,7 @@ The registry mirror runs as a swarm stack, using a simple docker-compose.yml. Cu Create /var/data/config/registry/registry.yml as follows: -``` +```yaml version: "3" services: @@ -48,7 +48,7 @@ We create this registry without consideration for SSL, which will fail if we att Create /var/data/registry/registry-mirror-config.yml as follows: -``` +```yaml version: 0.1 log: fields: @@ -83,7 +83,7 @@ Launch the registry stack by running `docker stack deploy registry -c root@raphael:~# chmod +x cephadm root@raphael:~# mkdir -p /etc/ceph @@ -130,7 +130,6 @@ The process takes about 30 seconds, after which, you'll have a MVC (*Minimum Via root@raphael:~# ``` - ### Prepare other nodes It's now necessary to tranfer the following files to your ==other== nodes, so that cephadm can add them to your cluster, and so that they'll be able to mount the cephfs when we're done: @@ -141,11 +140,10 @@ It's now necessary to tranfer the following files to your ==other== nodes, so th | `/etc/ceph/ceph.client.admin.keyring` | `/etc/ceph/ceph.client.admin.keyring` | | `/etc/ceph/ceph.pub` | `/root/.ssh/authorized_keys` (append to anything existing) | - Back on the ==master== node, run `ceph orch host add ` once for each other node you want to join to the cluster. You can validate the results by running `ceph orch host ls` !!! question "Should we be concerned about giving cephadm using root access over SSH?" - Not really. Docker is inherently insecure at the host-level anyway (*think what would happen if you launched a global-mode stack with a malicious container image which mounted `/root/.ssh`*), so worrying about cephadm seems a little barn-door-after-horses-bolted. If you take host-level security seriously, consider switching to [Kubernetes](/kubernetes/) :) + Not really. Docker is inherently insecure at the host-level anyway (*think what would happen if you launched a global-mode stack with a malicious container image which mounted `/root/.ssh`*), so worrying about cephadm seems a little barn-door-after-horses-bolted. If you take host-level security seriously, consider switching to [Kubernetes](/kubernetes/) :) ### Add OSDs @@ -161,7 +159,7 @@ You can watch the progress by running `ceph fs ls` (to see the fs is configured) On ==every== node, create a mountpoint for the data, by running ```mkdir /var/data```, add an entry to fstab to ensure the volume is auto-mounted on boot, and ensure the volume is actually _mounted_ if there's a network / boot delay getting access to the gluster volume: -``` +```bash mkdir /var/data MYNODES=",," # Add your own nodes here, comma-delimited @@ -184,14 +182,13 @@ mount -a mount -a ``` - ## Serving ### Sprinkle with tools Although it's possible to use `cephadm shell` to exec into a container with the necessary ceph tools, it's more convenient to use the native CLI tools. To this end, on each node, run the following, which will install the appropriate apt repository, and install the latest ceph CLI tools: -``` +```bash curl -L https://download.ceph.com/keys/release.asc | sudo apt-key add - cephadm add-repo --release octopus cephadm install ceph-common @@ -199,9 +196,9 @@ cephadm install ceph-common ### Drool over dashboard -Ceph now includes a comprehensive dashboard, provided by the mgr daemon. The dashboard will be accessible at https://[IP of your ceph master node]:8443, but you'll need to run `ceph dashboard ac-user-create administrator` first, to create an administrator account: +Ceph now includes a comprehensive dashboard, provided by the mgr daemon. The dashboard will be accessible at `https://[IP of your ceph master node]:8443`, but you'll need to run `ceph dashboard ac-user-create administrator` first, to create an administrator account: -``` +```bash root@raphael:~# ceph dashboard ac-user-create batman supermansucks administrator {"username": "batman", "password": "$2b$12$3HkjY85mav.dq3HHAZiWP.KkMiuoV2TURZFH.6WFfo/BPZCT/0gr.", "roles": ["administrator"], "name": null, "email": null, "lastUpdate": 1590372281, "enabled": true, "pwdExpirationDate": null, "pwdUpdateRequired": false} root@raphael:~# @@ -223,11 +220,7 @@ What have we achieved? Here's a screencast of the playbook in action. I sped up the boring parts, it actually takes ==5 min== (*you can tell by the timestamps on the prompt*): ![Screencast of ceph install via ansible](https://static.funkypenguin.co.nz/ceph_install_via_ansible_playbook.gif) -[patreon]: https://www.patreon.com/bePatron?u=6982506 -[github_sponsor]: https://github.com/sponsors/funkypenguin +[patreon]: +[github_sponsor]: - - - - ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/shared-storage-gluster.md b/manuscript/ha-docker-swarm/shared-storage-gluster.md index f72f7b7..3993b85 100644 --- a/manuscript/ha-docker-swarm/shared-storage-gluster.md +++ b/manuscript/ha-docker-swarm/shared-storage-gluster.md @@ -32,7 +32,7 @@ On each host, run a variation following to create your bricks, adjusted for the !!! note "The example below assumes /dev/vdb is dedicated to the gluster volume" -``` +```bash ( echo o # Create a new empty DOS partition table echo n # Add a new partition @@ -60,7 +60,7 @@ Atomic doesn't include the Gluster server components. This means we'll have to Run the following on each host: -```` +````bash docker run \ -h glusterfs-server \ -v /etc/glusterfs:/etc/glusterfs:z \ @@ -82,7 +82,7 @@ From the node, run `gluster peer probe `. Example output: -``` +```bash [root@glusterfs-server /]# gluster peer probe ds1 peer probe: success. [root@glusterfs-server /]# @@ -92,7 +92,7 @@ Run ```gluster peer status``` on both nodes to confirm that they're properly con Example output: -``` +```bash [root@glusterfs-server /]# gluster peer status Number of Peers: 1 @@ -108,7 +108,7 @@ Now we create a *replicated volume* out of our individual "bricks". Create the gluster volume by running: -``` +```bash gluster volume create gv0 replica 2 \ server1:/var/no-direct-write-here/brick1 \ server2:/var/no-direct-write-here/brick1 @@ -116,7 +116,7 @@ gluster volume create gv0 replica 2 \ Example output: -``` +```bash [root@glusterfs-server /]# gluster volume create gv0 replica 2 ds1:/var/no-direct-write-here/brick1/gv0 ds3:/var/no-direct-write-here/brick1/gv0 volume create: gv0: success: please start the volume to access data [root@glusterfs-server /]# @@ -124,7 +124,7 @@ volume create: gv0: success: please start the volume to access data Start the volume by running ```gluster volume start gv0``` -``` +```bash [root@glusterfs-server /]# gluster volume start gv0 volume start: gv0: success [root@glusterfs-server /]# @@ -138,7 +138,7 @@ From one other host, run ```docker exec -it glusterfs-server bash``` to shell in On the host (i.e., outside of the container - type ```exit``` if you're still shelled in), create a mountpoint for the data, by running ```mkdir /var/data```, add an entry to fstab to ensure the volume is auto-mounted on boot, and ensure the volume is actually _mounted_ if there's a network / boot delay getting access to the gluster volume: -``` +```bash mkdir /var/data MYHOST=`hostname -s` echo '' >> /etc/fstab >> /etc/fstab @@ -149,7 +149,7 @@ mount -a For some reason, my nodes won't auto-mount this volume on boot. I even tried the trickery below, but they stubbornly refuse to automount: -``` +```bash echo -e "\n\n# Give GlusterFS 10s to start before \ mounting\nsleep 10s && mount -a" >> /etc/rc.local systemctl enable rc-local.service @@ -168,4 +168,4 @@ After completing the above, you should have: 1. Migration of shared storage from GlusterFS to Ceph ()[#2](https://gitlab.funkypenguin.co.nz/funkypenguin/geeks-cookbook/issues/2)) 2. Correct the fact that volumes don't automount on boot ([#3](https://gitlab.funkypenguin.co.nz/funkypenguin/geeks-cookbook/issues/3)) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth.md b/manuscript/ha-docker-swarm/traefik-forward-auth.md index be2c90a..dac404d 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth.md @@ -29,11 +29,11 @@ Under normal OIDC auth, you have to tell your auth provider which URLs it may re [@thomaseddon's traefik-forward-auth](https://github.com/thomseddon/traefik-forward-auth) includes an ingenious mechanism to simulate an "_auth host_" in your OIDC authentication, so that you can protect an unlimited amount of DNS names (_with a common domain suffix_), without having to manually maintain a list. -#### How does it work? +### How does it work? -Say you're protecting **radarr.example.com**. When you first browse to **https://radarr.example.com**, Traefik forwards your session to traefik-forward-auth, to be authenticated. Traefik-forward-auth redirects you to your OIDC provider's login (_KeyCloak, in this case_), but instructs the OIDC provider to redirect a successfully authenticated session **back** to **https://auth.example.com/_oauth**, rather than to **https://radarr.example.com/_oauth**. +Say you're protecting **radarr.example.com**. When you first browse to ****, Traefik forwards your session to traefik-forward-auth, to be authenticated. Traefik-forward-auth redirects you to your OIDC provider's login (_KeyCloak, in this case_), but instructs the OIDC provider to redirect a successfully authenticated session **back** to ****, rather than to ****. -When you successfully authenticate against the OIDC provider, you are redirected to the "_redirect_uri_" of https://auth.example.com. Again, your request hits Traefik, which forwards the session to traefik-forward-auth, which **knows** that you've just been authenticated (_cookies have a role to play here_). Traefik-forward-auth also knows the URL of your **original** request (_thanks to the X-Forwarded-Whatever header_). Traefik-forward-auth redirects you to your original destination, and everybody is happy. +When you successfully authenticate against the OIDC provider, you are redirected to the "_redirect_uri_" of . Again, your request hits Traefik, which forwards the session to traefik-forward-auth, which **knows** that you've just been authenticated (_cookies have a role to play here_). Traefik-forward-auth also knows the URL of your **original** request (_thanks to the X-Forwarded-Whatever header_). Traefik-forward-auth redirects you to your original destination, and everybody is happy. This clever workaround only works under 2 conditions: @@ -50,4 +50,4 @@ Traefik Forward Auth needs to authenticate an incoming user against a provider. --8<-- "recipe-footer.md" -[^1]: Authhost mode is specifically handy for Google authentication, since Google doesn't permit wildcard redirect_uris, like [KeyCloak][keycloak] does. \ No newline at end of file +[^1]: Authhost mode is specifically handy for Google authentication, since Google doesn't permit wildcard redirect_uris, like [KeyCloak][keycloak] does. diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth/dex-static.md b/manuscript/ha-docker-swarm/traefik-forward-auth/dex-static.md index 641d662..cce5f6c 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth/dex-static.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth/dex-static.md @@ -49,7 +49,7 @@ staticPasswords: Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.env` as follows: -``` +```bash DEFAULT_PROVIDER: oidc PROVIDERS_OIDC_CLIENT_ID: foo # This is the staticClients.id value in config.yml above PROVIDERS_OIDC_CLIENT_SECRET: bar # This is the staticClients.secret value in config.yml above @@ -176,7 +176,7 @@ Once you redeploy traefik-forward-auth with the above, it **should** use dex as ### Test -Browse to https://whoami.example.com (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a CoreOS Dex login. Once successfully logged in, you'll be directed to the basic whoami page :thumbsup: +Browse to (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a CoreOS Dex login. Once successfully logged in, you'll be directed to the basic whoami page :thumbsup: ### Protect services diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth/google.md b/manuscript/ha-docker-swarm/traefik-forward-auth/google.md index 2f846f5..fbd2980 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth/google.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth/google.md @@ -12,9 +12,9 @@ This recipe will illustrate how to point Traefik Forward Auth to Google, confirm #### TL;DR -Log into https://console.developers.google.com/, create a new project then search for and select "**Credentials**" in the search bar. +Log into , create a new project then search for and select "**Credentials**" in the search bar. - Fill out the "OAuth Consent Screen" tab, and then click, "**Create Credentials**" > "**OAuth client ID**". Select "**Web Application**", fill in the name of your app, skip "**Authorized JavaScript origins**" and fill "**Authorized redirect URIs**" with either all the domains you will allow authentication from, appended with the url-path (*e.g. https://radarr.example.com/_oauth, https://radarr.example.com/_oauth, etc*), or if you don't like frustration, use a "auth host" URL instead, like "*https://auth.example.com/_oauth*" (*see below for details*) + Fill out the "OAuth Consent Screen" tab, and then click, "**Create Credentials**" > "**OAuth client ID**". Select "**Web Application**", fill in the name of your app, skip "**Authorized JavaScript origins**" and fill "**Authorized redirect URIs**" with either all the domains you will allow authentication from, appended with the url-path (*e.g. , , etc*), or if you don't like frustration, use a "auth host" URL instead, like "**" (*see below for details*) #### Monkey see, monkey do 🙈 @@ -27,7 +27,7 @@ Here's a [screencast I recorded](https://static.funkypenguin.co.nz/2021/screenca Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.env` as follows: -``` +```bash PROVIDERS_GOOGLE_CLIENT_ID= PROVIDERS_GOOGLE_CLIENT_SECRET= SECRET= @@ -41,7 +41,7 @@ WHITELIST=you@yourdomain.com, me@mydomain.com Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.yml` as follows: -``` +```yaml traefik-forward-auth: image: thomseddon/traefik-forward-auth:2.1.0 env_file: /var/data/config/traefik-forward-auth/traefik-forward-auth.env @@ -77,7 +77,7 @@ Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.yml` as follo If you're not confident that forward authentication is working, add a simple "whoami" test container to the above .yml, to help debug traefik forward auth, before attempting to add it to a more complex container. -``` +```yaml # This simply validates that traefik forward authentication is working whoami: image: containous/whoami @@ -114,7 +114,7 @@ Deploy traefik-forward-auth with ```docker stack deploy traefik-forward-auth -c ### Test -Browse to https://whoami.example.com (*obviously, customized for your domain and having created a DNS record*), and all going according to plan, you should be redirected to a Google login. Once successfully logged in, you'll be directed to the basic whoami page. +Browse to (*obviously, customized for your domain and having created a DNS record*), and all going according to plan, you should be redirected to a Google login. Once successfully logged in, you'll be directed to the basic whoami page. ## Summary @@ -127,4 +127,4 @@ What have we achieved? By adding an additional three simple labels to any servic [^1]: Be sure to populate `WHITELIST` in `traefik-forward-auth.env`, else you'll happily be granting **any** authenticated Google account access to your services! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md index 9d2c1fc..140da72 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md @@ -10,7 +10,7 @@ While the [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/) recipe Create `/var/data/config/traefik/traefik-forward-auth.env` as follows (_change "master" if you created a different realm_): -``` +```bash CLIENT_ID= CLIENT_SECRET= OIDC_ISSUER=https:///auth/realms/master @@ -23,8 +23,8 @@ COOKIE_DOMAIN= This is a small container, you can simply add the following content to the existing `traefik-app.yml` deployed in the previous [Traefik](/ha-docker-swarm/traefik/) recipe: -``` - traefik-forward-auth: +```bash + traefik-forward-auth: image: funkypenguin/traefik-forward-auth env_file: /var/data/config/traefik/traefik-forward-auth.env networks: @@ -39,8 +39,8 @@ This is a small container, you can simply add the following content to the exist If you're not confident that forward authentication is working, add a simple "whoami" test container, to help debug traefik forward auth, before attempting to add it to a more complex container. -``` - # This simply validates that traefik forward authentication is working +```bash + # This simply validates that traefik forward authentication is working whoami: image: containous/whoami networks: @@ -64,13 +64,13 @@ Redeploy traefik with `docker stack deploy traefik-app -c /var/data/traefik/trae ### Test -Browse to https://whoami.example.com (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a KeyCloak login. Once successfully logged in, you'll be directed to the basic whoami page. +Browse to (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a KeyCloak login. Once successfully logged in, you'll be directed to the basic whoami page. ### Protect services To protect any other service, ensure the service itself is exposed by Traefik (_if you were previously using an oauth_proxy for this, you may have to migrate some labels from the oauth_proxy serivce to the service itself_). Add the following 3 labels: -``` +```yaml - traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181 - traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User - traefik.frontend.auth.forward.trustForwardHeader=true @@ -89,4 +89,4 @@ What have we achieved? By adding an additional three simple labels to any servic [^1]: KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/ha-docker-swarm/traefik.md b/manuscript/ha-docker-swarm/traefik.md index 8750a45..eb20319 100644 --- a/manuscript/ha-docker-swarm/traefik.md +++ b/manuscript/ha-docker-swarm/traefik.md @@ -36,7 +36,7 @@ While it's possible to configure traefik via docker command arguments, I prefer Create `/var/data/traefikv2/traefik.toml` as follows: -``` +```bash [global] checkNewVersion = true @@ -87,7 +87,7 @@ Create `/var/data/traefikv2/traefik.toml` as follows: Create `/var/data/config/traefik/traefik.yml` as follows: -``` +```yaml version: "3.2" # What is this? @@ -116,7 +116,7 @@ networks: Create `/var/data/config/traefikv2/traefikv2.env` with the environment variables required by the provider you chose in the LetsEncrypt DNS Challenge section of `traefik.toml`. Full configuration options can be found in the [Traefik documentation](https://doc.traefik.io/traefik/https/acme/#providers). Route53 and CloudFlare examples are below. -``` +```bash # Route53 example AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= @@ -185,7 +185,7 @@ networks: Docker won't start a service with a bind-mount to a non-existent file, so prepare an empty acme.json and traefik.log (_with the appropriate permissions_) by running: -``` +```bash touch /var/data/traefikv2/acme.json touch /var/data/traefikv2/traefik.log chmod 600 /var/data/traefikv2/acme.json @@ -205,7 +205,7 @@ Likewise with the log file. First, launch the traefik stack, which will do nothing other than create an overlay network by running `docker stack deploy traefik -c /var/data/config/traefik/traefik.yml` -``` +```bash [root@kvm ~]# docker stack deploy traefik -c /var/data/config/traefik/traefik.yml Creating network traefik_public Creating service traefik_scratch @@ -214,7 +214,7 @@ Creating service traefik_scratch Now deploy the traefik application itself (*which will attach to the overlay network*) by running `docker stack deploy traefikv2 -c /var/data/config/traefikv2/traefikv2.yml` -``` +```bash [root@kvm ~]# docker stack deploy traefikv2 -c /var/data/config/traefikv2/traefikv2.yml Creating service traefikv2_traefikv2 [root@kvm ~]# @@ -222,7 +222,7 @@ Creating service traefikv2_traefikv2 Confirm traefik is running with `docker stack ps traefikv2`: -``` +```bash root@raphael:~# docker stack ps traefikv2 ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS lmvqcfhap08o traefikv2_app.dz178s1aahv16bapzqcnzc03p traefik:v2.4 donatello Running Running 2 minutes ago *:443->443/tcp,*:80->80/tcp @@ -231,11 +231,11 @@ root@raphael:~# ### Check Traefik Dashboard -You should now be able to access[^1] your traefik instance on **https://traefik.** (*if your LetsEncrypt certificate is working*), or **http://:8080** (*if it's not*)- It'll look a little lonely currently (*below*), but we'll populate it as we add recipes :grin: +You should now be able to access[^1] your traefik instance on `https://traefik.` (*if your LetsEncrypt certificate is working*), or `http://:8080` (*if it's not*)- It'll look a little lonely currently (*below*), but we'll populate it as we add recipes :grin: ![Screenshot of Traefik, post-launch](/images/traefik-post-launch.png) -### Summary +### Summary !!! summary We've achieved: @@ -246,4 +246,4 @@ You should now be able to access[^1] your traefik instance on **https://traefik. [^1]: Did you notice how no authentication was required to view the Traefik dashboard? Eek! We'll tackle that in the next section, regarding [Traefik Forward Authentication](/ha-docker-swarm/traefik-forward-auth/)! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/images/mattermost.png b/manuscript/images/mattermost.png deleted file mode 100644 index 9b968a48e6c7d9ed9979f9da708eb637e0c7ff80..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131108 zcmZU(b95!m_dR^$8{gRGOp=Kwwrxx}aVEAWwr$%sXKrlUw(Z|MpYMAAdV8&2Rdx2M zu2Z|}^jclL!xZHukP+|^00028l%%LK000970H8>LQ2#8NaXx(i3TQJSIUxX`E(Y<< z0OnsC!ckd57*IVyc>K>3peU;d)BX7P1g`}~Q>pm)_`JHh zy1u@7dwYF;e*V|-?(QB|vHIoZ_5J<*=JxjX?(X67@#5m*fUqGjn)& z_;19$!_(E(wcXv_<>lqRzW(m+?yc?Zle5diqtnsRF(H?(_V)J4$*HxC?azbe!J#2i zWAOa^f|Qh0VPPRI4$0^BRC9Cl<@FsFChqp$Nm5dBSy?$MDh4qj>BoLWXlPhoUI8)j zm)zW3e?Nap3Z~DC!Ozp~zkk6-LJX6$OP@2wAg%5%v>aHvJqIV3xA#vLlHVnL#vg9Z zKdx6=TiY0{2e@5E>gwtrCQQ;&(;FL_GBdMPL#J1wOlhcS-XE{=e*SS#6o`vWsIIPk zTPfF%nH})`(b?JMW2a55TQ?bM&^dAB>gMr&yZ`g2;oENC{mVN55*k^lqPV#9W5GEx zGR9k7Sc9AXho&}yM#u8;10M~EBnvGAqo9z0@J6>UhJGI`EbPPC*2knWG9t>r+V%BV z?&R*RgM+h2&iu~hOJHEg%<>iw7w^@W<=Oq4t+mZsqctfYMNGX?{%-v-R`uqlCov$A~Pd%K*@@up~mH66^mtSV&D1wT4%x7g^#mMnx3$k z>963f)BZwvV$;FBHq~%L*}Z;CSVHa$Cyj*Kh51@Fm!`wp;qaZI>Wr4HsG3b)Ugeu1 z(c+%nw_vEE5R0Q}uvOw%Z>CAz;9*Ow?R3enxvrx40LT4;fTnnL%ILLvPwkbeq^U-q zyci!2AzcAk>%OvR&_e!9qN_pK;dHOVKy$IAgkE={XH815n7SvbM8dqAj(EyB@T->W z&j<}ATTRFO=IR0?<6woYmYWiCrr-yM-#Na~HF=lIb-BqEwF9ZyU9h+;@OgPKj^))# zG5cw4a2D$I|Mn=Rld`-DfZ$fK4%kZ)Rcwj84jSY!njg>bcB?BS3H6pqX3!^55Yf@E^A>76jl!Z`BXIB zbMP^(*o6E6Iwy*_z@hQbpc3=gKp`Y}NWlQ)j5q{^To`<4U;I66&P&{C5VCY>I7BWL zMmoL{2}xD>G&3LlI069_5oCd= zkb=Ld@BRc{kpdLS2H;0WO{XvbxgMDy$3bLdxl|emUmN2}8Y^=V4uG!%KC@tG%qpa> zhdE=kwh}IsAfGb9e$F3Xjs*ySc@CG2m@X2431+1>5Cjn9Q;k749Ki)BmPh@{=ClDP z{tHTnP=#05zYHB92oqi+gMWPnbs1>ufLT!r=x<_f7YGg($AI26#*`D{VQFe&=C^?m zg)^m?-tZfSkHl6%ZMq%M283~$ zVPw1itZ!exAeI74fBk2GSDyr^9BYs15W|lHWFe$`CQvHO0DxCE;XnW&6f_Ei03^=B zqCo=8B?de!0D$|(|A3WW{{H|F*@gieAUBf^LR-TLY2Uh-+o2_a%f)`G+0t$ zN?|}OknI0okP3%_!a)B5BNruy{%_1UAcQZF44fkwh%L6*Yunpym=^M%>6dIE_WOBA z-|1qFeiw;1j{1Rs1lk7n)cil}(c8XL6?4PemmDJJuL?Uu+Px;u_8T=SzW*}W6 zvTB1k8+?-A`cdZrBImsneR^$y3WA*8vbjE1k>E}a(mRl)CoU}~9y9R6a$ zHq_X%=;>?Ez1-Wv_*aQ9%0B#TJ0tZEi~IpgS}a-5ejfIgTU;5N;A@;wp>v-!RICf< zKptp&89nd27H!?@eO3m?rI+g=hl0K}CIZPrXVJdHXQ#>Z&Gv~)*BzK^d?xR3@We%X zCZlbw%7e?oeP2avXx;N^?=>qc>(lG?F{DV9HfF4^MAm=Zf}%~awoTNa*^!!`g#w=3 zmhRk0r+FsAoSO?b2Lw|Qu|3u~YH}!=qQ*37S~vnVS*!0f$ZPu7Vt+i-yyb_bz|5>h zdu9S(Xv87(rEzqi8>^YwYJYnd%Ap=QrMO)^+^RkZFS*B90chsRv?H{+iZ`HS>DxQV znT=*yB@$28ivZf@q6WLa_n4q!XK%W{+_>9!XnH;LMhO4yNP%y#_+Ao?XVEGGAA)7b zFOt)8w0*LD=b(29tVqw6ImNE;I8zv1NRHDcuF&~8J^G1TZaAH!fSz}?pON)-Q-G9+ zES~WE*eLazK0UZTZcb4$o#3vcW1(i5+7zRgj6YVgUv`gov%P1q|FKwkQFQW7QQASi z??vQcIZ`__>RzHRtpBfG+2(m@;R}sbv}HrsQ)$5s)V=|uEp~pdP^5Hr3S9qgM!Xqr z-b4UgGv}ZX215RiB891qkh{xXY~K%wscB|B$um=wOnUjb$aJu#p%$CPPaa-Fb5< zm#+3ScjK9EhJ4!rY|eO}y$o0)#C0me3RW6G0s3&Z3**aNzC3FMBX%3>ssK}>k=I*wS)V)mkwIe5IGmoXPK5#kPJLd&* z_2_il_R?CZbu}w<~5D?dq5G`dm1aEt(j~))$n8=JDNCgtI*3+fu zA2el_6O_ksBq|V6RHoXQm7EE&65#2aUWU=Ah(yHo>Et9tQ5Lwc`WXF9OuKPg6q&8) zB`ay81eduTod}mq+G-Oyak*1 z`C%zC(gr6CUW%T6jf8{*Rc%+> zg{mh_osGScpl}1(@=wnw|q9eyCnV7U={~zxvoyStP4ZsAiBs$9$LjRp8gd!NT2Ae zhwEgYY>5VK$^do6REics;-XP!T8170u1=y9IiYSww7|tJjmfvv#1d{X$MV^P>uZPl zmIw3(d3s7-rX{Yf8B4tiHJ3HD9*!ey3#FKfA2kav^0w^hh_cS|kwz<{o~;kvKbg$A zL740Dr%RoCZ`$;#!j2ddNwn0&Vv^gOntV>!Nu z(TK&hX)*Voe3*n`+A`#CBs_+L-a6lei|TM`vT4#Z-d_mn+3O(aezT&gCl zNI%@KHZzsu_@<0Dd>1as!Y2t4cDx#<0bh`eMJ>pW9*ECN*WCE0QF>vUgzgyNRtZO+ zwn>u}M=F}}RhBH$ZzOU%mYebG4lqzeIq;qX9*)ubv@5E=e}8|GBb(3t2FdSgqWD)JPHHJB{&uuD$*42Cyv$<+JTUB_~O1GnJYnwdg>v^fFi@AsPxbfodS(Kz*J1RCnMclYLzHk zFuVxOpgJm0Ror|)$KEfhA0OWBF1Fy*Xg$(hkoJe&?p7f0)L7()=@X{nI>h@FzdyWZ(9wN#)p(&2_@ zh1Jld_h=C3OcGl&XcY^;!%|g@& z#3rhq!lPuQ{7ZOlsnO7O z8f3}T+;yHr(d19JeL+WiibGNDGF5Qo&)DcXd{J zEHW0KQ5Z6PitGSy>yafw^CGtQf z+x-+Lg}ks|J8+os#tF&|RQjh7x{#Fec;6$GvT1IIGuhmd5=VlRFq!=Aj=Vl<^LcNh zp{pw@3K<%_{_mbg{cKo%WjQ(HreTS)dGP) z)G7(l7X3Q~9Gm13G~dbVdq`Cv_-{Qd5;KOmKNe!2X>WLBA_N(FB&-V?cfR@G1_)vD zM_M4(&y2ibTy=ObHjF_;s5q9tsmeiN`gh3fTCDAo&9?zYpL3gw&Xy>_&`P611Xqrl zv$riz67MghqUH83S7kZ%$SHG*;%m<*{gBdPw5h=i3+6$TNWGk}Yu>Y|UxlG-hq+Sm z)f!t>1B*z|q=aAwg$Nrwgb=)VO$7Zp;bHVRJxM8vd(_K-QNYqyLCK&z z{1OA8AALGzAOgn?8j1|s$4OJm^8UDKDnR2EI)H4-B`^kSU16CHfT zs_3#|_$#$pyU|+a&FC}W3Nmh8CA#o;DLlHeYY(esWC4B=Qp#;ZNZ~Lle&JYvN?|v| zaZ!w75Hp~T0P=(aQ=F7Ao&3z}ObZxLQNiQ0ysoRWsi&`}{n~+OE^>- zgY$fNoJ_Q$fw?OtFnLq7RY=O4_Dko-44zWTXfUXIPh#oNc$_BHDK{`~T@!n;;VBYTp(-r3*A?_M9S;t#iyzvQ#?FME4& z?YTKLzSsBsC1Ed0$a<9lt?oZkp%az-gEXqEXv=dVcT-n+?jW5%Jl|yUiBuA#V+3N< z)C(rD+h5D)r`_27Llk9M_$H0o(znKgVDY|0k!iTk5l*CG|JJPx3n2VuQaM(c4Ckp@ z^+np-eV9sYzzRS;^O%PaP;{Z-?d561zma31wqFZCND~x}A6jR<(t}dT6}->}Ifd=?uE? zXV#}+FjP&jH_T)z&Lu*hWm@H3T$m#CD5Si{PR2g!gpXc~E6Ypm*0fA7A1W>HkKgTE zGNjMYkk#E;l~W%QDaAeyGf@?PvS4Kf~Ma92E0oj=_`v7ze`+NMXb>5{8EGc(J zkp@B<%$PLrpccG`Y%*>9=&+7O}^SE}yv4KimvFWo~E6lb3a(wJ6a zw#TLR$rs8~fWA+;A9689W1w)?=5c?STH|ElWeh4S((BqHz=k3kRGC^n4h^g!xA7vy zIWaL)C$^46jvW{dfzG_Dmvr~}460f6F;i5aS6{*y;qRRpePH!M3|oV08UW`Zbf5th z7Gth9b9jHh++FiQgPYFpo9@qjoM_?D;F z1o8l5Qe({xzmU*)HsrTpl2ShSU;m`zVF0=>%IOZIHm?105d}>wjl@X8D_O5=aQH*>mpBAWY;nS ze{LW!9;FyK(c%9XuK5G+qH~)1S?9`MV_ooz@RNozPqQaf|3^=$vGKCjXdGJkU$|FL z0~Fh}NMM>TK-L1=tIjrIPOf%NV31bJdc8Dt zy-`Wc&~GH+4b~2-r0opuK~X=~X1Fn=#W?a+4i8s}a(Yl9lNbePmXdUa;up4JUY~t(1hU>6I>o$>|x9GT~p` z33kznm0F_>LI(UNcMvUj(W}NLh~X#`?N2kk%m5(0Av9Cgz(Aj;>yY)D9R9c23XMw^ z5+5+_Tj1|)3FS_$GAj&|ubW%&wkJ?^&je@^t$dZ8#K;mqg!>JGeeGTWfxX+O=V;&B z2|>Yi$9LCzYPab&-MLLnz;Vhm6jka)S2p$=MNS-QGFStC7y~6IBb*Eo4qb}K1GXO1 zImlIY_7c1am~`cFisJLuF6WzgBPCE_e%|p9GSFkE===%ugZ_lis(d@8VaxtLu6q31Th)i z^L~1f!I;he``$DZUh+Yj2}uQ{{xAdQ7e=77KJZ7I$Uvesq$hX@Slx}Q-W;;Z_@Le* zCFJspAb^!;g}^jLIVDs<+!F^j&z54~OFNY9)Io%ptVmj&QO&tj;cEa z>4#G#tyq37S#Gjm@)5=s1gQk-RPJ6lQ&wbYIs zJ9bPH#*<1AHtRaHGt@dCW3w(X@Yuyz&TC+qFG99c$M30I@S}H0xd1XdvlM(beqOsg zo^o{9s(|8Qgew&W>r{Mx9df{IZyY(~2zC3@$bj>KUhM{KSpBO;z-!7!<&qZw7?B%1 zhZ()m^ZA@3@cG*NYVcsU_%!P-@F>jhz&EnS3BqSP0|nT`00MEG1L2yPZZCAHMcf{a zjVur*W18=`_YJQs1cxBtgaE>Jfo72ApK!|z!+Is8N02~h(oR?jPF+ZlzaRiir%wU> zU*(?{Ko|rR1X>0v00K!tz92#}Ul24T2wZ)gaLgS1KhUi|`U-w~6Ad<|x>_miQWF}| zZ=#09_bNZy?)}Qn$zgru?U~~(j}6L6qmSfskv*%l@;di+7!vd$Ez!!~(9IdpgMxZ` zdU{OuE?@I78e^$*Z$N#Ul}mU+?J9r%`L(@6Ihtw;hF(KO@DRiIYLOe9cD(qqgr7&h zp|if%^Ulqd9Zx~D1S6@2Z22$TsdX%fJQz}F5F}8@l_+ov2=U(>IE4ZKA{PWgN&x>s z8wQ|nkpF=H!2fgjH&L)9V0&N>;{SX)Wk_|PCH}c{_Q%7t|J>&UY$qv1;gtA9fs~_t zDLU!U*M)j)NKoP9M&Qf6450x)MySAugpe<;fqQ<)@mp%pxc(HKP&-F9CHo}E@J%P4 zdTK@HQBWW~Y9NQr!ki|yV|1Cy*CyFAprV@@VV>0w9gjrE=3PutRUlEe(phadT^aVU zGJ}@Ek+Q?Gy;T;d*SVbAkP~^a#CfopNW-v{#c(f^3=y{Nubr^vNs7T7lYF`aY2teR zC1Geee;R+{4{H4Zmg> zK{Vm<;I3eToUWC%%*`qcp*e2d05mICuYKRwm0C#NKz{S5dluk3sT_Nv1-)L-&Y zH8%FFI#rd+(hsxV0gByb<4v&hmM_;5wG%#&1XdSPJ(A1gH3oXfm@e(4|5{bye?OpQ z{Yt9FcUD<$E3I|puGEkc83z({dyclVw;&>;Dc72EZ@yivs;YX8(GJ=-@pi8)|6zHr z#o+31YmmctgZW!q{QleM(r-HZrtvMGRVm}6J?A)6+$R?)DSd~9DOz4qEU=Ltq^52a z#Tfeny6CQsC|6g2%TV203F@X$DJ{-M)DGL}xI=y%I)J&&$Y8ddyL0 zg+K*Glg>b-iZc{*KIyM^r^c_lA(+RyVw;P&{cHNU@O+z#CY!xDFM@D9?)}lV7&Vwj z;sgO#N&*jY%a+*gO>?KOl`H3*x5YE%tkU-1FxAy}Jp6p^vbSti%r_!-V`YRmwNIXr zFF}DU>sC>=gYsE;n2kD`9LvL4BAcpNg&{#wsVydeZ7N?oD7y7;%bZV4_XFDoragPP zC|m+B{bSd|WnIZpbsGHbD@(1EAcwF0HD_nMK2KL43n=2-GB`Y76E*%53a>kQCeV82 zJulaoD-L(D)%PMDol|6{-PQr9rl%)+Qa;UTkLHioDrap(w4GPPE-v!jX_9 z@#*P#e50($(u;gW1{OU71J;8au;{?r00Z--X0!p_UWZ+3dUGtTW^18r69PNh#wq@h zH0-WYFj6>$eFE)?40Q2~y+4`E-6( znq$OVAYL#8h3-mh&su`wr)i#2rwd~)u7TS0{Q`iKmW5N?4Ux1FaucHcN4D7j@@8a5 zH_=M>?o;#WOZP5M^}cp6hFi3Wd$%r*#xu(u>*Vrgi zeyHlA8y1pufzfC4*ZzKYBGCvy_}5%zn6Ni{(((^bNDOh}!@Q&}!nudk7X)&ZN=xY= zYDbkK%>|kAffKDCv|qX&v!P3Plmpj=o7>_lYtV1vt8wDXzoDAex0kz)TCzuvGK?6y z=AN$i_pRmA2aFjtdeuNanPUHcS^(Z2MKsg&`s!<7pm4{y!;Y*R2_?bgh=r+4t{+~gcRC4xcf3hk=agXmQ{rDN|&QnXA(Y7(O2*YdaAEV(lKkd7la$xult3fz2og~(1rUKJAOq~Fe<%tTer$&?Is*rK0j1+Pk43AYdsw}@@ z&PsyKicU{lTw!OPwQ$|5q!)&fGce^jf6(%qIV2#;C199n(cVWuZZDrz!tJJYtYkq% zmI^Pd4HD|evp9DtkpEpr<5zaX$K_Hb6O*zhTok|Gr*(-A#|*SB1|lQYjoAU5b3c&; z8u@&&e}03;I(i~A)Ln~V%L%Yz3>AmFW`g!Je}X`dPez5lCz=cwG>2k>NXmvA@IVkA zeNC8nDj+ouZM-tyf1a%Qcz;RR9W2=X>&Pdkb3Y*6^T+tbaYbBU6<=f6b|7qmv#n7@ zGeS_(_3;*-yyr7?{9<(3fKK}>o5YTVUPTPgPVHZ{V2?S>3K>jKIcqNkBAToLDYXl6uzzmFwfZeoI5IXV;fUP?83_k2AMxA2=0T~n{fq{OzsW#BU ze=5w@q$6YHN&=q)LdqokZUC*uS1M)t&|O(nkZX_@m&|B|U7m^5t5Vxfpm1ll@@&F@Lqf5U8wN9r3r zQgW>ihdp3&AfNws?Eo_fyi`Zqx#O2kEraZFzZlVA{x=USgClO=-jweSf3mUQcnIN6 z$i#q>uK=)qRb52p6=o7y>?9KJAfoJS2#y^yG&cBk4u7yD9E89lG6A;M;?YbDVB zMHNiisT2uPnrx862+Te0jLiQXZSve5w#ICXPlB0eoo1s77ar0x0E9>`-p4Cl?E~ti zlhMl1J)!zewTw+6=T=QMj;%r(kYDGrcsyMk9iGEck{&ai;*_3ZA%tYM~pv|b(REp`1tv=2#LG7mn;g&K|3Ub zMq;5tp+ZkRF%+Wsj9P7`xD4i_;f0%Q6rD?v^;MFKc~w(c2SG|$n)+;e;+NBbSZxy=@4ZFPs1x5BM(u^h5eL#C~I4A%VaCMsfJ6PeZN%Jexfcewd zbY8pq0y^|40(7@_EqNblA8Dt+tR0n6yn1Yp5Awp3opSl!41F*BDPi=k!T(}%^AQ{x zXcT^5ZE^*G3&K(*8{TFeB^9nEvH#=bA1mKM-ghknPU;mn-SaUqo4)McWJOQoEi^PV zwwpGF=!XCI6n#vxVRg1&>QRE6X|$uKp#cE!t*#e^S5kOwJjm|FNa|lC5~P$tI^S_r zrbAC~7^z1y(BLNPDBrZO42shK9>-82fjwb_+0=Z#@}$Y?@w%fMO`yTFOm1dp?tY+G z0_*@H>K%taX>}eIOswwNmw^QL@nW7*X|&SjEOp=;VH~Y<3Q;26jHt81wN6=Sx?u znZVVueV6W|qX`LP8nL}NKi7>;yjk`1%%E(0?cMl}oZo7C!yR+1oWs zXER9G+cky8^)b8J_Oq5?d^7N&KsHMq^ps2-lV%z<|yWa0-VkyMi~#{g9+=0j&%Rf)lJIU$ABwCRi1zj5{+Rt)`}$lxv^ z#QPRylI`zd%eab~EAiX)Dr%VUoe6kxZImVXUw`+M-{1$%Q&DSsjPQ-jtXRKsV>2Kc z(*p;ZhTvI4i*1+WL#X~(+Or4J<|)h~SNF>zO{&&}Um<|$fS+8XZwvJTpD^bVDCGA` zM@|C}<0}ImeRM>90g^^HowPfhBfl}RuhR9yTX_#j^Swi&L5l;CoF>Ejn9ogM^7<2o zQ=8${^U|8?EL6=pYYl*JogS+F#&}g-lcy%(cD5V<{Y+Hi+$FK8!d?&2{dayJW}s2AW+v+I2eQ^VWCL}!Aa9&m9g4&zQn-GjFjXJvu)n3`$)~` zx1bbR1!h}Zbzl9R<_M%piJkDuN2CZ2EB`vI;O&Ca>j*Rs9OLBfm4zED;FZ*!Oxx=I zX;t(vP3{q+PG|;+Mii9h_MjfLN!b@ZkeO-axj`x(bF#_y{Xz{*Psj~sTfivligAT0 z@)PMZes~0K8oN?#QL}tBsJ*1U7~pWOBM#_(LmG>?ag5i$xq|*9LJMu_zuU=4vt1M_ z@9y$tx03#*en?*I16FwBE>K86DP^?UTa~XOOzE|h`9XYTY(7d(8=sXkTCfNv`Ky+k zmeSzCpLVea8)J_Ld#wmM_lADxz<}Y6X1S^!`#GK#BYbeZRJ@_kLV&l$wJxNvXDwf; zKh=Hit0dU(bsC9~(TnAJ z*#p^2s2GLtxOe6el$XPu@9J5S(Vrjs_g$4Y^wgoAcr__r-X%+XBc@$1?w>&Q@6u2V z*)-P>`^N}Y;HRM2(=4?BPjH>q-Aq<)P2sL_I%ICDWAv>|@FW)$X=mT|vV@u#DNc6y zQcaYBo0Ou`O9^l=H#gr=S$%pHysCU@w6<{<4bF+9=<@);7Inq7s4wMERNfGR85sL(^7D`teTItyQj$FM% z9roCUl54%}&awHtr(&Q9SJq>Q93?UI_7Cib2h34*xs%$jqm=D?&s62|NMMs_#Wal+ zT7e*7$YJ0gD$Rn7B;O*nn!F*Q6=cGj9#P7B?_Y9y0*;2#Dk2$5m3~bsDaW3HC3F*# z9e3cr<5AN3SpR6~p#=pa9h@2kQU&bJO?VznPv^I}aHhJ4RCYZia;xkq8d; zso^aSFu@w>y&RUhAWz~^j`de;uo2-iKWGBgqp~D+DV9gHR_F%*uAGrCTNL8Y%36Xv z*nX=v2AT7!r1zI3UeSkFL!14K49Xe?f$BS8geTU|W5vhKY*=N(=D<6U`MVmR?;*&0 z{dI$M3Cy4GH89%Fv#i0a`kfg>43@T$1H9+J7{Joerod}}{D0KNizpzH1uYw@; zCpw@CGKa>wM`g9Vpk&SE7Wox-=9M6u(&P>v15wr1j{9#&VHa!i6+Bjq!^_HFK5Bs) zppW0AULLKVE5zB}L?B{qV4Kh;66LROD#Y&P8qzUKkT{@ICNoo{httF<^BEq^+l*;} zlrp?_1nih8a)*T&f0k`zRMyf zcS@J3<*V@jGJ>&>qclryTjl<+64``)$&)xZ{2)x+)dQ0- zA&yRRDN0wuI$RkJ2DxncUvsm9naZ8g8z7on74-0rDKXX`X=HO#d#G&b4o913Sqd@f z8~B5pf!XGQl28co5dO4rz-@F4ocgIh;HEG^Om+0#0V4a!;^%Q4oGgu>?bhIr2b1+f zU)J3$eNRtE?UG-kvyuCmx0z5AkvY%&hqjA-zeA@yvdouYZHjG>VE{T=qC~6c%&1S? zCqFE7eO+YxB9cdtoYxCAXLsy>zJ2iVdR^;nRds#(^1t0L!a2FW9~KoPVDzUi2q8!9 zAfsKt9K&vmfTu$2w5ud;`9%FhB#geOa9owzix`n6_}ZH3R$&^zfH!dh4`Xr!AW;}e zkzD*P&3+^Y^o^$XBW{$FRCKZU>HqfPH;Ya(O4fzeyVzCPlp!gNT8Db`L9>VJpyv_T z8|Rz|px$Dk>ocnBa6W!D5_&SE_d6-Dw%;K1n`HP>a*Opj;wT$h(jfJ1c*c)3Tb}+e zj=vKBn94!J{M~W3&}3T8fs(!_Kf^@p2t~K*F?S4=o`#PL?FlvpVEJ(8P{QZN^Ifld z4f8ery@%xPMw~Q}vJCQH+#FEb&$oxSSU~1Ye>Xhn(J_7O6Q)&|AjZOQ`F^iw(4id! zCsOh#%{E*RDH0jRV)QP(zNra%dA47|AzPbW}rtf2Dz@^@%Zy($b?pfToZw~3s0@J|bFDb|?-Ff`(V59kp$ z%~-LZL|PUGtWU?ruODCsUl?&MG*H(=2cLBA5*voWEXf_~`=^z9&j8d-s1U++2x z+3hmh+y;Sg6NGMHa6Yh)_Li2t!=Mo*g6})7GojdT`N*|GnN^#WgFAEH<}if79t7a- zdT$TEfR0~ns0#C(;0Ip-(+~?G$u1(u8G;|+g!9^+gGD-)Ed(sLg(ua~69k6WLmSu) z3{vN$j6(*FkHysST7fmTwf$=A7r#cPtUr5Mb&&xHMh0%_wfXOH@EMk!&Edo+|JUAgV{8t$Afc=Td_gs*x*bjK&o-?Yx6i&Tv$n9_4wBR=g^1XeD9%zGT z3RA(K0B{4Ofr&nJ-d3w4j-ce)nw|}JxH_@UxO`edp>%J!U>{eESJ)zTjS?;8QFdc8vAcQ^pjgw`C;8WJ`KsWO32=cM( zyEJ-QdFqLq(VtS&sG(3RxrFq?q*fD9YiYPoDHB4x60j$IifesoemNqnoIfzXLGiNE z*zU**Fa}G7Cx7e40@A&b17E#P7hHv~_8Os)CyK4BNV zpesyvp2~)uEt+Q8^7}ZVIhx|S@b>sx7Y;PcaDloZV?O4<;X^V%P`L>K_MzWJgxfuY zpLa*GXIk*lnOHI#Sa;^C&N$)(iR<5ZXI;T=s+Sy`rfUISC{1e|r=S@S=C z`~>Me+;tFdt97sMG%0jFMtu<7^so;h;ZgoL(2$1Nmq4;{Io>1=ytUUik85edew0QV z(U!l*rl>LTc-@hj>oxe@lQhF#u(|9x8Agg*ZL4B)iR^i-(}9#6dK#-?`rDv;e**$Y z<=T~AJSjl_K;-@(pL~{4?_0w+pPqbc$jM)PXneTB@Gide+|*nBJuM z?nj<4C3T(5Y0!FYzKa2tf^pk^b*DXwnZsu zV6*8}_Q9%WvKXHY-Tg3h9j%wkkkYbYC@S4NW1;?_!II`umydwXJ`1&%RGdU1|c zXb4ND>>(1F&~NWb)I7BKxklI;>8moluaGuscUp;}2@J?JPzP+SFq=YAWD!rUz@}HC z`>9Lp`Y4cvd8st?&fmJFGbek(a>#1va~V6&yr}RLllw#$gRlEn=R33q2)sV8z3)Ztx&8peI?gZD=LSkUJzeRDQoa zZLnukqj9a~DI*)utD#tb;N_T?UY_8wA>R_1IA#TTo7V2BuN6Y-kJdHbqH!#>vhg51yO2i##|>r=g@p!H>zbXDARr zFk@g%JFGjQOHjeW3X`FvyoMxYB1j@*v|)V>jbm4lH|71FzA%=+ zGUpm)V-bZ*fl_j&Y^zN>d{FHu61w}}(ko)EfA5UIY3Hz?!FEH2YOY{CJ z1Yby5YiqE1@@yz5=z3LG7O_E#EF!Ps)m=SGEjq_lmU(0eSLROB>p}ex`InQR4_-0J zsK=LP_B(a)y4Hy~99O>k(#+riqm}Fno_zl72YG~joA?5oL=alEr~O3}#^Mo<%uS{} zO?=gPu`8~@SsRU!od9!jh5VkTN~hZo-ebpz=;q-4`?E3|+57%ZBJY!18i2ui!V6pn z>=8ajv4(!ggQ>Qo25|i9n(|#Cn6p7qp#{a_h;%$*p^V-6ikDq2$F1qT;2Uw(M}Wl_?l`oevXlOoVs(StS+`) z&Ru8_lnQG4UD5d4x!HY>aiL4Xar>m#IzzosyC1T>cj{I%4gYzsQj=uU&N}|Y;b}IT z&)FPu&4`BjOBN}mlm;!Tuk)v39I3GZcK8qDX*#m6Vc))?#UUyaz~9Z7q+7i~QgmVI zOzePl$2rm+4PBj`=aE`E+AG>iPCgY)enp2ds(SMtQhk~ovsLRFML9)ur192|6vfGV z6?UY|7BdsFrb&P1r5M#UpJHYC)jLM*$7g0gOjy?UGokm7>79vTo{jfW^HI=|88f)C zvlfu##m+AztjG(!RkL@)_-_3}vvo z64nd&Pc=^x_0DSlLROO)`OePmoZ$sa&_1A0aPvF0POD_L2d;ajCaw(mKe>PkO@#ln zuiD-Fi$1VSq)S1N6CA;$-YZ1QRXtzHx>Ae5BHW8tZh{|BW`bpSvy!HU?FhPfJfEv` zsyf;4FG!J7dPp=3@nt$Wy(6y_=SE7pnPG%4paa5r@#0xrPhoul?(2!e(*-NdwNZTg0f2M;gMDjaq6- zAPB$W?rafm+tsw+Bj_#ME6X&nR!CH^%!zlOcy#hiS1QF&#~^(*C|tI7!JHcTff?vr zgd5prSGDXU(@Q6-lkLycKw!T}e3CDN(#<9ifAXj!Am*Vz$W&?4XaRy+KNU)36gc zO*t9Q1y&VV)<;sh7f+3UXlsE;`}BD3vS5|aPx|BB1fsZI?LtSJNVU1>u=CmUy&YIkLSL8(_%=*VdwS^3!Kf`j^+s;wv^n?W#Jgd&*dMW>@PyR_y zt|mC;`BCZZ!_yg~zKoR9hxx01YsRDeN{=q9vIFhSgncxUuH~LXQy;;Q0Q)L^;>>`c zTQ#FD2fIyt??V_P&5ou9Z)nn_F|1#tlZc0sppq;Wxx9-8wvKx{*d}d?m)sOXv()oT zc2^%38mgk7#vs5b7}QXdQ**2D5RMT?kuJd<4cAJLR-4h=UQTvJj>14JKEE!lYUaXD zLfAu|F-jR;HIP&La$EkDOwYYccb6RatquyrpSI#;cg0P*QNh1lkyu&#Jfxs(B|FfP z@HeRNX5?+02E;;sbUFtM0^@E|2)3T{_o`Mbt&hY|`4M5-kX-%VX7{(_J#xgobM}`x z`-8?mP{B93HR~$N9PZlfzf(~mWREBed*=-KpIGOAJpCup`PYC5+=Ky-p4sfD^=2+; z{}wFn-8}4>JPh&K!X^7BNBS=(x3^B5R=lbsxl8OXXW`6WBYcY#4y?KPd?}zI{`LPf z2OZQ&=RmO^W-J>t4<~RQx|?3JJG*&kO-HtOmfl&Vm*7wS5?UBdjJ>r>Q}C%|_)jtP zZ?(W?(Az<6JpITHGK>)d2p@uwZy1*Hmkhv_hQVV1A%O7FAiU5F zyVLs*r`Z>da5X<|XmHbt2F=kJyVK@GykNeK1{$wO3k~zFw_&p$;z5j2n5A!=9oSmi@@^hfs z#`z@4Y%?bmq$!@W!y7`u!{u-V;dFC&L%rkd0w4rEEeH$sSZ%0S=`<}Kx3~MC-Ra;KL3pCko|k;~ct#B4hK?TQ6T|Z=DnLZ^?>zL zl?4z22*1}6UOuiPJk0W7yV>j-(wVO}TutZm&HQko&!C$~8@+#_&z)Uh9U&`C#)<3edENsQHF)Vqm$$~bLLj%Fdr+QYg8ju1fj%^*B|$o2m7r0?N2-|pU~ z1L+yh>Fn^`#Jj^6`+y?^J>Bw|-Z~BS-$vnR;-BpjmXo2No}J#=De>c7ZJ+Xte>BpF zg)u?^;kSbD@G;nU_BAM@%LwPs68i}t1Q6Z_p=5G}tZv=7s-||&TP!JY#_8{Z-g!$v znAY60f?HminlM=cAbi?ujSq**GsPbR2myo-CQFiRls1)c7Y=JBtMn0tlh{4Cuv<5%LmOx&Ensyydt`rNZ#!VTGrgWZ%nb;0OVP z07B5q1tDEKef{(4HeXK7Tp!Y3Gahwc?FA+P!k+}f1Ay?`CD2n>R0b z=noVB`ejJXc&H(HkOVBk!5)*l@jw9(e!)Vx))+ttUE^P0_BKsBYB*9fjH>POHOrHz z6u;XeRO1k4VuR*BU@u5_NwF2cGnl&ydW_c3;AqYVDb3ynP zK=`d<8E;e-m*-`+6#B6sCjIO7LOMt}GXu`TCL51o7G-nv&y zo4xi{DAW(%wb$BvJp^H9n>u337x*m*WT8!uFs&Vgc9|AjFdS47bXoVEc_? zbOAyTH_wRVLF*usz3Ug6NWUZ_C42x~YV@aR~I}I8|M+f+{wg4eI zI0)58p}Sx*@uCcd#t?)Xl`N4}(=;Dk^#77imNWuII7EswrZDU6p9*{p=*8Vk6iZzQ z{aJT-L~%#cp#bPe4tgUYd~`G%lGSD$L4;4EVXv46UJ?vu(e2$#v$eks_Xwdu5dH^1 z`0oDAGyiVgyJu@j+cMryCX@GuWp7A9H3ulhkO(diiBh}7QuRh+=|oC&G~XxLVy`LG zFH#_0=GxT|vDfaGbF~u?9aj$e{eCROwmCpWij5;_p)aIhvIH6g;r9UHedyUhpsBVw z{?_$^K^IWd6ctN)76+Y4a=F2E?%JCH!Z`TL5^-b;O(F>_o=CFX%84Wr2#O`*#Aui8 zW_A{(({UsjoS8_JgPcerD3VJe@kJH&c94KUcTiYR4Gn_udw@_<%=N3a6wP;B$@RX) zH+$?Em!4|+&+1-hPPUNOnxh>f$ho?iN9+LX?%Q@Xd$7kO@A-B%?!@6!K!~FYgAME; z2)_de70Wf(sHbX*WJdr9btUNNWSj0-j);nBsWwoHflC%u@Kd*C-;s4yv#c=~DZ$mQ zk_r~crYlC|;K`1NmaFQzdOJ6MNLSrIMz$u7V;bOd@7eII@lrFUQ_*c?!|j_O#8K?S z$Irk2{`un@9EBK!Abd6mU3VQ&s^OZ74nU}SW5=~6)AU_?thw%`X~!iS~{szM0D=Ydd{%|+j(TSO^mnrGRrCwo2!eq~!xeND17 zQPNydGi~!y92=^w-+>SeTu1g?Nz_!+P;4I{)R5IP@h8U<4PUiw&HYI<6!lE`2O#8w zjPd)RLN4i#!SAj25QNa448o6B^P4-HUw?R-D14wDUsUT)2*T%pP*-Hzmc`)vHZ)cj zp|R-umSxFfXAD3XM9RLaUMdmsQn6Osf=du;a>Q~(ZTvS|8=IGM#B={D8nS6f?<`GH zT;Gxn^PO#&fR69nhag-i!lY&y$KYSzfFOkSR1kh%!(d=fBq7B`m$!H=EnVf;NVrDD z)tbAzzSah7(-4F&2ZYjitk^*I-F4$sFI7nbAe4cilVwQ*YHtNXfICYX14Zad4?qay zqbDnuKoQCj-;Ic8vie??Ks+o-jv)h$sGNxl5Nh`0Jwn6~O~(M-^K=M8Xioy+tG5q0 zcyn|0m4tXA$giV`z=0-~ec;ic4?K$VHHzSg1dcDUMi1*?e$g%-$9D>Jd0?7F^ZtD2`db};uy5k|}j zf}FXo3qZK3Sz~B_9)ush+&r>t?3RORo)2RyoO-q7H@;QPyoSSSGE+jCc#?%o)do~E)TtDXE&HVF95>nl1 z?}Q+S!=Vr&r>!B^?#0sGY_!{J9G0eB?^7e&Y2#dv!*M!uF>E!{g>Gxwp@rG3x#)lw zBUvgMqj;j2&It@H6w^T;0J5KA`j!46jTg(=0tDep+ar_|Q;}s`lE1by)>pX`U4K+= z{f7hney?K?B)N8jL#E%xgfMlF}hubAbf!*OKe-$zxTBZqGdmEr7i>62xO-YdzL_Z z5(x2?Ae{g9+duzuwJr&d7xSs^XvpO*X0_I+n#rP}=>8ywm?_8SQ<-{`FuFV^K1zNim=YIOp&d!G*=ZW5QOm3 zg(u<7{xgdotHp1EFd4^j$jZ%BgdeV!9Q=7cUkBmM^)fcbD0Y}3M^moEF@xPC8f}hZ z)TlaW>8%cqhM8Jh+|bQu}XfB9v8^W|P_yqwQv4~7?& z-HZA`x!9bYWcl)GbN>`5!u|M8{@I%GO~I;Dz-ZF(>}84gHxRO=4*!oyiR9Hfw= z98iQMiYd|sCeIh?N|g;1VIB+NDVCw@B?^KNg7C+KaGO3E9`X!V&39YFDzOEjv0;jE zSvxa-yZ!d+eg(~&g&+(!d$s&dq28oZk5US4VD0SEl zXLq~3eyq6H>m3wh?6AAo`@^V`z!k$>m=jn&U0_*`!b7nFAGFEibLmo!Aj1%Z5QIOt ziyfZNTy(01FcoI@GP72Ve{?K29)IG8ErCNp`F{t(*RS5L_5|Pl{pWim{1H25&CS}-Y|opVIYNM2A1Yf+C7AUbRcZ5B|T)0``(k}KWV$|Hn@ML`uwE#-uFHE z&%r;w?|ssHFWhVijc1Y+&qH-IJH2fwU1r#hteT*AP1R(sZJVI=|R{LfD$-bE~ z_MbnmH|&Dd9!h14X_YD_-b6y)NEeIgRD51~r#~r!_(`JA?Q=cSC{%gQY2c&w)+2o2 zgYV9{^PM34=UM-;koE&1o%_I}2|(CO&c_yMq~MQj8vmLnOM*x20uX+f%}ZVjLZ;mO z#}Ci`VJ#@6qPt-S2mHc6JX6cC$7r`Q$O}q9%vOV?3|s=cJH0H=e*rE1RA# zVeB}FLPb9tZ(8~L#$DHpT(L2Yh49>vqy{2WCpWAkYuoXwAE zq+T?J60-X#Y*rEZC>xa(yr>98%`)J6(ZiaRrmbp*3}uFt0EE5G8bc7?{p;40ex;eVoNHBwyvC+D2*`s5PSfW&s410EQ zH6c|>!-IUfGFB?+DZ8||I?toeuvA$HMY3!-996B18m0$uXs7zmWCKb#) z_7a4Vv$v2(cxP+N=iuEfAh#a8eF)13APhiwLJ)rSAw5F%zT@N`ZC-x7yK@nMaOcr) zt6w&o1wR;#*DCeAkS~apf;wu;bUa&V2vsL3H4;htYpH1C)tV{wArOu;p>i`TrizDUz+Nh?<7HV}6afh5 zG^@;-Mw*gTH2`66J;I0^5Wnzmoq2Kof_VM9c;VdVy*_II!uJKjuReHa+&5cmtUlem zy!rTG7X-%JJDYpU&1UVspE-`(WkqJj3$hbS=nU!=_0Dd6&K-y54 zuwq#=0Fd%x+>)cFWm;Cs2te3l5MJ$07N2L24iBFl9^H=eTmZrVggph}%11FrDE!cD z6rTQg`SE`acDJ|pcDFb8W^2vb-}l4*9AQ=znE8TKsi%~T=*%iPM;eOpOl%0ZXN0mX zSG|3J5eNtEBmf~D%ZZk)ngE3L<*-(>vdy$GzAA~@kgXJ!#guJyg3vG+IgRloZCHFX z6lRqo0X)J%iYG&cB@dUS0EE2;VdO#gebh(KkR0_ffkzmC@N-C(;P;!Wxkr~T|GK^X z{m#9e9pDlEW&;pD_cn90?A5|DUaj+LVR?CmT5gQyD$-b;VCq$Vv68DK!ecRarjIF9 znNZrn$$XtKV)fXl6n8Xoc{YqYscbWsYm~*=QlTyxv0SVqSx$yrtO)2zNi|i4HCQ8| z0+&!Tvp9&$Bi6h z`sO=b0wM?kItc>h7gSNG2%hDoHs!Y|SMQIfUMa6pkF=~bco&+c-bvu)vdo7?lMiLA zC}9;`)HbGUE$y<@&=jszYX02qaeT4`VY8I7rbK3v5{{O@CyJ&=?Dh!7Uje4{n1Px ztkjwU7j$4Sg6yzGeIJzsqe2YmGoZmRWcxNllJrU-Jq00#5m&Fh=mOytz`+270SHe3 z!l|XTwYB!<#M5wv)=6&#)s6L^&foxo(1D{71v>$R_QFAnpnG@jw}rrf8WnYGY|>qYXm9z=egCmFdZ~pE5}qVGx9qo-^3x zeF2yd*aQy>+7)8Lh2aD$@Prf?Gi`(xsXN9IEEBz zRu&$f(QsK7MF2uLGe--OB#E+&Cy}^s1-h~fPxvXfd0NIjjcbvS1*l<-`wd@CAFEq( zO74y5u)tqLvmDl@Gmk}RnDq_h(*Yqw;n}ND&N8=;4uKrqX7~Vv0SMm_gaCTeQ_C5MVd2KodM23!)PQq?fPXr!WfVorXh|IE#DReUsehn&oKzNf~5_uoz2; zGA<$(f(tl`IMKg1`jI-j-+^Jaq({lZb!C7{o|)zjSWZ@O29Ot{jN7t|}CMi+>#cczgTjZ{gJc2M~U< zw*$iO{`h-Ek#dD}b7yC#nNI(g_bvIdtsJJaYF@_&&3naD^b!f-Vpd z0x3N~BZruNF8&<-r@N|8cV!=%p+nxV&aX8`40?(0?)pBl>*+3v>nX?*>?XaiCdS8) z+93p%$^>E!+Gn|9{;tl7x z$Zi#c&JqZQ-ir@n96aqNi;q?RD99ib(sWFYVlcAqnn}EIR%mY2cWEs|b7V8U+<<$$ z{qhg*M3^Qc4Q)|LuOF&V+{T085x=2kZx7w!kc^mpbT~3LGbJ<{Lu!mXltHhK)9VE> zQDT@LB)O5>s&87|QRfYTP~?wGrP9q!>GE3L%&d4JO)WHFrd=vsrWt%7J=~Pu%bR-A zQZw@vBotfryi1JdCcHLV=6s6GHa4|(Ti89^(>-Xl?5SsVOMI&!{N0}vsacTDtBqtC zX~JSr^-X~dCpbg9pDTU?ztM78S*cT=bzF?K=;}4wY>0zO7W`vSgIEqm6U#=q8ti6{)gQEat};ARawwlM@m8GW)d9D;z0fQapIDC=Mm2WpVBOp@#L zOpY6(Q=y*K89Kcp9Hi(*hEP@Cf+S?vLpT#cb-kf8z{ocGJ$NYaJ;418IcOhw%^;+! z_ocz<;OXY(0P_r&cq9D<=h)Q-Wg+h_t{aF$Jf3kZExc}|* z%&%J)L>&0{vcp=4$ zuEA4>^goAOyZ z7p>gwsAVQyuB+*@v&POzqe_!x;EbT#3U@9YsfDMyc5OC3 z{P1^R*#5(@JZL086v<3=zaE#KphOl5pyhJ0tNnVOEUP4+6n6^80g|fH;FqO=QsJYM zdI0LH)LxNflKCXXob1;%>4?mqQrwxW)b~%A@ZN{BgCuawoLPO_v?e`rY;-IWWL~Im zk$t-l$9>bZI%L;0y8yz@xND4u(4q%qo6N?jmuYb0vDrgsjZn`t#~llX0}#&O%&-G> z#@L8}OV&j_468G;;4R7ZEo)--$9Sk$48r97r(8TB)$Ttx8F-5MfU3&wPc%g}H6Ig1 zkvc9tsIeIBgYf2a=^+JV61Bn2rxFICNXV)h;1RC)c!n0Ec_m7uKYhx^GVrH~f~=@A zdVvX4CMr^znxaLK)>LiDt!9|+e3nSq({4Bj!fw`0Bw9TK&->{{&-0N*RBrLX-fTMS z>BeL_?~3erJ~fR5yk!VB(Q37fmSIlkWA=@@#_u$#DU}TL0 zCj@v|DhULd0z=8mDXzs-7vo$s#;mi5m!f^MMS+7UEt@VXDI7Dny97aRn$TG=L8Q|i z0@BVjAx$qJ=tK@8=NO0AEJfFNL53K3^r}Owug(uTiV!gn!;jyp2#J@Dv9oCGNy5d? zmaQ}V=n*^}h>P%0vhkw|e_WAs6{cO0_Qr6Yk~&S>riE zH>BE+FywK9{{}Czkk{8a#!D#tl}SSPduZ0gmboZgog`d~LXqX=41AgdiCB$j?ni)I z6%c$MP9n-dG~CXH$w(!g{Ln65XDS7`7AMc(T{id^b?5V%x|+uE-OO;;@kNe5LWwbI z)izeGj(R02RE}L#DvU6TZblGwaiCqu;g%xP5yV9{hmc~&iQpp4fviRXW;tYa?!e{l zx_0Zb|G+%Y8}+oDAGa6g4n1#ankMi2+Cuy3_xnEIyahgzKmGaLJJ5sg9v&V(e0Ts5 zl6*DD*7HQX<8p;U{g|&O;rAOTC|yMAA|Mc$2FI9>NT))#SDv<7w+T>$^?ZoGZFdGo zp1S|?hKc8n>YcNC^7Np4wpVOtr#G#7Bi-eKZ2%!r9l|X&qB#IU-3ILkm~%kf*_ty3 zOXXPV(z2GCv0RRP;C`V8xZsd6C%U8gG)H%gP~UMZ+v$%C=%+bol1Iz2PqlSN_4RGl z0C~6^8#Wr|x#a^(J(~k2^*NpDg@X{JV9}h^yo_|K$ityx4szZ|;aVOpuH~sDUC9%9 zczq>#w;-(F$!(Byu_HNNRS<-wfvlK>t4=ro03ZNKL_t(TS-wgLLh4RFjVsEcd1@-k z@Oql&QdLvFUYKSz=LK~+yfufWV#ee6K_0AE5i7=OySlfsc0uXQ821HvxU+(r%NfWV z;H10$2hP|4#|^^JuBbr63g|$7D=%S)#ebV1{6n@_PS<(~#9%JA-NE3|!(ac$#&6#~ zX%So>1P+R&eOC@1?ta?*TO;hAfh=6B!oWrqR@RS_(8BRHYxpr(L(x}pLA)s)2R-IdjM@Ft(G%JPknJXNM;Dc?Dc z#>(-@qESr5J}Sb~OLGbWv2)8*PwIgNT#cN6n^&}w9h17+AL7IOeU zvnC~Krr87#D$4auzHmEHuFvwB_~bgzQ40rB&sp6so#p+?vDNSla5&d0_>yRXXYfbr zemO$!t>&|trS8s=lpy_<07U~Xf>2!AT6j}+0pI*>#%I1uCCbesu$$RrbmM~gm)J_U zb_pC5ljmy=J|W@x{{HJv+xpu6{{Aj4B?s0=w_?1zSt48quPfU;jjI7^w$Nqa=QSZB z5XGunHV%h(zAOou&BJq#VhHEwhv&2%9-h;;L;Aj^d}Zh9PB?DSL=gC7)XT9fzmuu4 z#Q^{hK-deGPMJ^}OT^hln`vFAgBR&YJsr4gaqL|pMBaccMnQ-m1QPz^4I$FiL7*;? zQauoF9>iPTdI1A3o_akOI;&-mFW8%Qwz6F?G0ttNMEi&r~}OmgyU-No3FHxJs)ZM*qM#AKDb}d zcLaLO=P(LOA6pQHEE_neEmdG9cxSZ6D+4tjg3wV%bb_@abV0bZW@DVn)(!n7gV5}h zd)47&ngv;?v|*wwfG?T6n@ke|%lpGZ?qYJ4^fF;DE)200gvEt<%<}2sqIibI67gyh z&k9Vkstog77C=}_26!fRq+ElH6teY6JsRY)apg1;01&n#LgYjNW(xkMY#zJ1Z>O>g zl$(w0`}yu+#jOdiY_PXs)PBMn#zOMJ`Ft1phARj{a4ysX!_^gPMz@5_P{Ta0e3Kyj zefA)oK@O&pF-pPBL$xohd9YBDPmALIniU^0c>d#0|9bUH?d{L&WkOdE?ymJ94PW~o zpGU5jp{( z(P|Y*teYbFBZi2b%VvaaTxO1o82PiTG08L(_3Rf)+4l`?v(-AU;Q$z2=WTDxpufhZ&ZHB#7jlfmIHY^(^ zHvq6N8ia~zf`^?pnDDV8r#bi&cQY{)fjwE7o)!IIn<)rch8OWk0x6sW5PGW0AQ0)w z7s)PwP{WTG$<`v}k>7|F%p zEQ&KC)5e@0qQSs^NFVDo|EzO_({V{~JjSyz-XwjU_^=0hU$_%;N73L+e?0EPM0!62 zM_fbf;~0WnbqwLS6Zq(n=%6BX%^BlVzTYrp{l5U=^xn{o?_C&i)M6;dDo(MAhvMHns*C$dcA ziqkBBa9HL9K4Y2%xCJ0QaX|>m*#Y9&t9xf|pqk^)XBdhZJxT^z)bf4=A;Y{uYm6YY zDvY3_O~!9ZUESNe-y{gXOBEAG8OlM5!3}p_+=GfGTp(76v zIEUO^*bNBVhd^{NA-kc(7(x!-Q^*XNuz|3Ioo(pQ1VeKvOj8EBhtONjx#pkfdrv=X zXU9A7GM#nGJfir?ev+O<{K@D0>+^brRgLn2Q0eUL?Cg{=5Hj}P&)3)XPAm+BA_PJg zN0IjmH3|aZku(H^e0Hz*yw!lM)szQ7SZI#`;lbVQAQc+>28nnbp&bIk>nqeQ4+lUP z_ktxN3YOH7)l3aS#Xd+rK_G;Nams0?G#%k!0E5$5uq`9QIG@uj)2t5x;quMQc0McQah_p5?YfRTv^nqxZcWGUH!Va6ap0I~1A$}6tTx_D7&-|{ zkDvJNtCvIeF+@T_lvS2vsYxJfg&QW9w1Wl=9T8fWJLF-2e7}ew7as zH5PDwGe6%etZ|SL7NKbj|JgBWcC%1$Dc?uP8#&lC0s$d!c6+PcLPL--5axDzE%;X< zKzMUG;{gyt)3~>(NJ!|HCg=ep909_3{p=DFI%ojj_4@}rffK03L*E=e#r3Ksq7<6O z#PSiTwz(dZs&o9DA<4xZg0&@ z0)#>2*u%YnUCac=$}7A+3|^wg&i67L20|8M-*b)Q$nNn@jtzlO zO8541@HlFxa)0b%a4#IkI>B*byB zgrZ7G6idF|XEFJsaDPKQ^(^^k(~X0shB63k4T;SRfbh-C zMD0y78Rih;G(!J{88MLgAfpC521|N&8D4x2ZFBzXgT9{g>y6_A$da-oTkinE!E$zi zj(dHQsqgOIl&Eky6pE!-MrTnVaZ=MXw(-T+Uw--ZCjpvi$s_dT6so;Kx9QII3XVut zyUk3dQ79}?Ql)oZUTj-K=`)N7o*(xhPxOG0UOey3y3R@gQon&|%(TyYN9&6=GY@U! z%KTz+GeeDIgeXns{(e7seS5~@l$pD$%l_3pw1knxdwX?u*1x*M=`)Zv_OCDNd>{3Y zOR-Lsa33;CWDz4mc(?x~Ww?H$=j>`0=&}R};q<~FK|sTpOl2VwcNLlv1VZAMAX@a(dY)5JYy8)95C9=zY@YWDh2CDvr1X_u;T*EQ zt}Y6>ljB}tC(nkp#w#=>w~l)?Lc~Bw5o%`-9eCaaq8I=n{JtFZdWAiQGSfToWQD@c zJWIPi5EcrU5uWz~AQVn-?~;%e9(q9Nc?<7Oc|r)>hu8Zee;OoIQ~Oumhyw^0e*eCo z^wMp{B~wp15PoLa>rToujHej~pJ}MH&eoQF4vJ%7w zaWXX)o{>Bb>bIbq#6MnR_)w29Zvz`xIpq<0g#Vdv_PZC$;lg^TR8cSxC8Rzf(h~(j zA=l^()MEs)T|PQ$teKDeeu#wea-dr1L4nbUB%%AMfmokIphGz4L#BL`pu17Qx7Eih%m4KnPJrR+wRi zsOq|mVT@5ooisf}<4v8EgD<8a$&x?_=s*$eC;~oE)^!z+_CEKjV28ntC zEh~_&3I1h=t{#V+fDn?t)~b+1+6h5YGz0r}|C1!_CwcToT&jm}68y6|d^b3c@Faoo z_eLt4&S|79O*bKAG+j4xKwF-h3mk;X+nLGROJ9D53H1mWUyrc#!So1K%itfSN4PNg z{9pOiC89?ONiN1w5QgNk^!V>@rk2gyKMyb2%&0JHtXsr*nhdXq~H zpC@jPSCnL&g16{?A! zNbx@GJ`kez`U6?5!SGOqi+J#+IMf?iD`)7u;=^f)4+=mZ_R)&q;k$o&r1IhP0^w(d zHor8mjHi|mk`}paK_Hx)3kl)&Ptv8g(6$xsZ4JGI(UMS>_1D)UTz*GDWM=E)0?v3h zxP`EVUe3Tvh$*2Ok8vy`MbslDA^|-b;VmFV6QpfW5gHhn`LKp9MMO;_BBG?)a+K+| z3`6H=2{5z*OxD7@NTMU6nuyA5!h&RP-jP`d6fCFV4-+f72&EwsNCWhS46IcnLTDBT z;SCt83QD+^fQ2C0RwIfK5#&e=twC>S2}ME^iITuRVs#^u(BTLPXku)>YH(5AR^YKT zpcw!#o-&#yMzz^>Ga4akRbXjURJ9>w(u!uVDjXw9B>c@v3ZN1OK3dU8&H!Rm)!>OC zd1WmP&)TM0e8*%Xj~0brDMjzW=&K56QXdrvKdo6ZEkO9W zW;koM0WD(`GM?Tih?Xn1ZD0&=aBehjW_Rn=>sPy5H*eo~j>C%=Z(lE<0=2g{Tf0ME zw)&_Zp{LgW>*x`_Bhqtm^LBgt#}^Cu-Yyn~TX4JEftL{F&`4%1#)*!pu1IR9S4f0td5sf8sEw`59mdZ%-lmHP2e}&Gmk9*k#vuw~OP&)u%4u zSM>}mxbkmeP$*;+?pyJ=)@-)kCrQsD;D|awy z^w{3o@OvP?#{+I1RP|6u^h$ThMP1snn^kZl^-*a&6Dz4yiDv9Fl8v-MfHGzD31Nf| zF>*=7_#XD*O1*|0_e!%~Q(v}?MA6o5Vi*%^r>Q2cJnod!K<=cn~tJeFdFmWYlP8#y4+cAnSAbgG>{F~~! zeMupHbYlwoN?fctfcFZ=5>lT18J3KBAdkbFTdBlfv)EIk&tXyIkwlZjXVwgn3 z8SVF{OG%CP7u= zUHjOtgAhhUTJ1ILkM+8D0^xLqP=6&%qxzakOhnb>cpa@015C&@kj90Pi$Ei%y=XEZ zJZZ9;b^?@xaH%296Ke$0MgT&!1_GOozziMt;Vl8VX?Y|e(jTsXQ|w@hxIsjFxc;k| zvUut)trU&4G92@ut%aVec_gEE+M^0Dc>?cxmBi(&9%_O=*C|-DzUti6`^g!E=__tk z7d(PY8qmfQmZYJFHdtc(32_fXJ7u}LCEu*440-|Ka|Gc}s$!0%_IZl%$Nd5gP{xV` z%J}uYGX7du?)LlL?e=1RILuqS*5UXsK;m(cwf2}QpIr7j-?HSdtw&h?_IiX*r9if_ zCQjv{v4njRdXf`$z z!d_FMj;iaX@2Rp%<7$Rj8W%S{o^;SW}RMJ;G)UE^dT` zxu&fSQkN8RJOS?I3&t2a$@N!=oq*q{0%z13hHxb{0DEN4`5IyL-wK6vyf=3v2keIrX z$72xIqF%d5axWl!ejxn2YBU~WB|q%<_fAnS3C-1r2M~UEBFXLngt$sU4#LfDyTDrc z>a$h5Z)y75>k+>Bi|Y|Sxg_Rle!JLg_KWQ5>f&<{{`(Px`C7Yk1`YSh;24Hf!6UT8 zX<)0hF?fWErGu7*wh10pwb$=zMmU~^s`NV`M9wb`AFgR(Hi!cpwJ<+MMY`9C13I50 zY=+}*qS{Nnzb-YBIJ%MLB(i+Y3ggZr2wyo#(3Q~i7mXdI!Wo1LfRK$Q`mn}DQ+6=0 zY^SDomb6s!#lavBbq?+oV|_5=5U+*PaZeR72oV`1(bO-GXVzp&4lxKh48j}eiA$su z5Upc{zVHbMtARdQRcD>pq8>oFs}dS^AzC|DTKTIVZJ>{JgTHw;th}Z>&dHIz9xt&q3j{@ZDvbeYQKryR-efhvUDG()ePR zJB0Yea-=Ho948b^QjlUxVNJ_4tFmsHW!8-Yg$IbW^}yh?IM%p|$stYQC8DSpf+--@ zq>-W^p@DM(t6d7Y4IasU;NW&CkWrD)0|$o>%nGl71*YuBwn-M8*mg?1q6ZRBH{fqv ztknT9Ih>VXR}5&1X2n!rK=}MX_)kNPtrH0U z2yx{SEmrY@(F4 znAh^+3q_PCXBWg*`P3xdsa!E!EnVARfchusC)=4&!0xjfB}vw|jgKz955&{k@!2z{4TA^56 ze7Bq?hm7Qdr8%uMmZkC8w>hllE9AOgVyl28bUM?_>}1o^i7PIOdR*~~5I_D^uIH)U z=`;6(ale%RNIb%?JT%_UBYcQQ`0i`d2-lj>d+-eW_!Hbd!tL;0?|u03?s}h|J_FOI zt#b*Igr({cO}!;AyL@B#r=#QKHSsxOPGlf_H6WB_t!10?eh{*RVE0jgM~5%IJP8}Q zlWN0Mz{z z%?~?a>LNvG?)uk#JbcrseK&yyf>6UD2+52}83;2F{wWZS5eN(H*Fne>=QAEHX~GFZ zQ7m^R zn1S#mK&Vz^p;#>n0^iyT!qU`oL_=@2bVC$X)mmr67`F^qN2RK+?K53RCCWqC7TJgE zHV^-U+7EU4q$)rVb}|rdG+kv>n@zXH2_D=bK+pokifeEv?(W6i-GUaU#ob+s7ikIZ zE-fxC#og`lerw&I`S;|^oIPvKY?&S5g~L*Zmf|T{$8!9)MtlFrP7!J7{(X(i3BN7e zcMqfnz}IOzXtjuqCC*tq1{xVT-#(h!I*9{>hQl$TOrB?*5|G&KDpJ4?4PcSV8M9Ci zxzJfPD%_7(%iy8j;)ff&hL-GE>h=SjT0o-+h&9vBXwFhE)j^B7@y8B+&|rz9IFq%} zjz4gn%>beX6`zv@70-GDAiX>vPy*0M^**UFvZCH>MsZl9G&U8B+)aF4X#95C(fLq% z{OB0cShv?|v~jz3bCM}4)Tmj1G8n;jj`!#%G5l6;gW+>KBRjdWs*4WTm@@c@9BE6u z2hmIbamx&KwRTHNtp-yfqt@W!ITXlodAM$47(z{pW<@HWoY7^xnrg$29Fkd1yLmLGLY~_3**TuBtqY>FwKP+z7yk9DDr{h{jgj{0rTrP zrg!B4q%g@FEfdL3W@#aFsAK0MZWw-L8I?V3`$ur6=4oT$Obk`UvnzA@7g=?wALF}! zKcAag^ob=mAu04s8FyU;jPx50y@P=wwd97XN*w~LI(N98BMY^6`|f!(WU+P#<4R%P#w3`d692v$ z5!-iKEn>}7Db%Dt)Qxcj{cDl0=$=RExhrH-7@Dui=%b+M|iv{pG=AtrxG z07T;6G%Hqr_OF($G0uGHveNngxd2NKmu;AkG^UZ1k;}3xtbn8D$q|15%#cw7nm7a~ zq?%5m4S=J0?%%cB^?`^T2f8&m_2^PKWbZm({8->ooWg=pE$~-oubIuUEIhPyGRA>E(!%H1Z2+_)+{kRK6In7<`#K31+YlH9OA28w; zHlVlL9!*KZ=Y_%0;U^Jt&>6szoh!i12$4ep|1|`A#(rH<8?_o7udV5ms&+yz?z4~| z8^(?DyLnyz0?ACEph}Lu{MXX;OwF&1e-7OS-mGQ(9vm-zUOg0Kih2jy3bmr28~@6w ze`hd@8;|MxMh+~K=%g&C;*K`QL+|0h+MXZcTt-vwlgL3*BLh?Edo`^^ig#h{^dmbY zVNP=ts8X{l6|3;bpp4kacz+UNc&y{v{@he3h-aXvNbq@dS1TNNlqlMVhcrYO?F@{@ z@QUByBdEMY2DGueIlIKU%yF)_r~Rzs>}Wr)KqUJ%t*G-Zf3mm@^?m>zt8|<8e9Iol zrm9*e92hbhk1`%L!t#;W_`q*pDQWe)2U-0#G?L9oqzK@lF#xs_#h2KzLdWQCJ ztmjj_0lq8$DYH>Tip*dQgm4IZ`n_L5DY=pI;nJ^rs07I2Y>r~H^ZIWNf;|udqi07l z-W}w`mLS;}v~d9DIl=ug`2y2VYUe+EQ{QLxqhSny&4w4uaO>;&;!=yq@wPhDU%5aqL0kf(nt)RzToP3vHN zweEtituC9LYrGo{z{rn*o`zgvA3^g)BaoLypm6xZ-u35F^+S7na_+J+8;#O)qzuK} zErtAW)s*jo7T#aiDMYM7LH)lQxW_qy@CI@JmQv089dm_u+qZ2Q+q`QV3&PuU6gxLt zQyg_7Fs0IrAYmFW4|AO$FAn4VR-K?l8Dm$E-7rc9l~G~)QpH_f;bD;TGgJo^Hb@3t zHlctro)T*Ou35c;gC&XuK@Q2DANz*J+5}{xc`E>KC*IfWx|C_9fRc0C*TwKrj<9c= zUdYns-*m&LqpS|f(4MMl)HhU&?zAT7)V`=Zhlev2?av#nqVV+wKOsM~u|EIECu?J+ zK+F)JRI<(y$%?al_R&Tv09C>InYCCUxe4D}IW*;A?L_oUqZFm%2P55+t^r zHkBB@d|q_Xp4P;Ya-{tdJ|izKGMx=c(jX2H80mlu>Dw^v-FuJ67yMIqJjb17U+ebt zl@%}HmYE!UC5OZEjXhzpgiz##3_E5Pl-Ij5yYM�-2Q4Qk|ABw8BGO784?o6T#Y zlZ|}VnbmWN)J}roW%Ub=OSg5g*M% zD?Uym-`m$*+|39s4}O?%jB^a3Vg%ChJF9OVVOD(vgtzn-zgWe? z*N3g#wp@7SHDVC5ROo;Yn;ieD%vV8c4e=kyoOI3EHE!rlJAdReGwQXrQ?IaFUOfJa_u(bq zV6aY1WokXPbbXu%ZMZ`hC(#Q5LbvDugqOVmidey%cvKThPHsv&N~%x;B&ZEkh86%RP=}+M1n>lLI@x%TuAWox$>|)F`k8|AW08#rZ^e6sdIf?QN>tFk&W50IQrnGS9aOlSMGpjd7XcXB(0&N@$9MpotzpPkRnn^B_mtHDdWF`sI z)xoCVrp#O}Ct;IDPU6R%iB`(sow0g+BO=6+g_I?e&(PxJ-Ywo}c4p)6IGd+1<{VYz ziv!F06vOb$n2)Ew&1vcMm5E>ZdtKZ#6L`R9Y`_Qw4gA(AHh>TVv$MivP*<&{n7ljBE&_+u6c_z7}@E^buL{(^`N%1Ci!Yhi$GGncrT~7R< zMp3K=h(uQEQws)EXEDSVyP*EWjIj`-02s&{q1uSi0hXkR7eP;zgG8T2i3qk%PGEYo zI9$>FA*N$`7vF}sb0B25V68O&y+g3CzvUmRpUJ5cnau7g1qOe+?awLSmWmdHNdVJi zy=I@Mqv8D7S|LV;<=C5Gf)r697=*|9o4haFrhW;-G2)4XB1~2ph_z3PIB7h*e}1cJ zrquD_%`Fx9VlOHyhic3Pcr{`t=EjMgMlOuY6&KhIalu#e`S|-{H22#Fr0kR?wv~5C zq{g=-S?H!}GJP+KsjTjJKTxD>#Juch4AvvE6m^~W`i0+ z6&S&o#vQ|dBorEj>3l1M{jJE=c2C4c7yRoHClRv;g_Ur(tc?*d=%OC2?w@gV_Vxoqd_3dLm;zjJP3aldbI8v}0$pUq$P6VdTQC?nsS`6j$gDyfz~T?h^Vvo)-J zOeq{#71ez5%sxdoCalT|ZAyiTnQheuB_rALsrr{C{UtHS$r0>GXtG&}pfSiZ=^v~5)>Ts#Y2*=?4GbF^z!?0lsrp(Y6~ z*sFsEziQHr}GkF(;|@$QJHsQ64o_LWj{nK^2kH(~4jdYk*~@%)sE*kG#| z_U}^5OZPAa5UX(zX+!!@tzR!;NbOGU+~k|s^Vj;jap>gzfLI%ci_`0LxHF(~>j7dC;mEUKl{#|NXT%+!} z@~ys+eV&_;y*UUeQ%{lEE=XcfxGnO+5i&;_<{!ukO)li6{lc-pQOBE95epd9LL<)- zSHMz+&n781l=d;Ij>2c$4+vRbu3kW$P-4mJP^NBJL-#kZH`>T;uK)GmS*`wVzMhu? zNEJlou{`$M)J2^ktif>K(8$~ScNFT{rPp_Dq4%{CcPdPf)`l7Y@h_s-gtH==Qzy`Uq&yNAZ^9dK<2{h7z)$B2|U4@Uag@-2DU#zz>p=GR0MuFoIGZ68f(?E%&?T?epD^ zdz8RWD<=B;@EIEe64~rHEJxSMt?s!ZU3K}vf}-6*1^BKU@s}N`i}F#9o*Sn*P5t&M zLSiE1&DqCZLTe`;lY(DwoqVsor!norxi(_VlGj!+U2*gS}q4f~4X z!$(S0^9AECceu6c?gbno%PSpfRXUe-iQPBrGrt8sRyQ(Et^fMvf83I4JWoB^n>hNy+BP|o?=#z^zUsW z(kqXiBq|*IW{l>Z_E@Cn#3JJ-g4-GP{R)?wH`=*Y9i6Ir_&#Y7cxog3feV!nG5a_q z&fh_x@*>3BLx4Rs{tw2f!ymVlGL*&vNT!prYTf>+sKYPXW>$d|wd7M?>DXTOM_NZ# z>9Rq~xz0wd`tu34rapDE9;)C6K9=UcTUn8f>`fgNl^O{U3(4aJ)MH9G*bCLWEOySD z#8!_sErW@PrSDG7EzN-&X7eVM^VL5Hfj4_%0C^jSVXS!MCqUt^_-X4=QjX>bC^9zW zPVe_$@|efxmlk&eOUR3FPs( zV}&+Z#3u_h10W7b7DkFkd83HPDC5v4%SCHOS5XiRw3pzRtqPcV3$hhxmz2}`=C}G8 zs3b=S^>(K>(&FRRNP%5rc`Fx_y=H|n*#w>;JwrFsmDXnNd$h1pjTUbLHOD{5J3RO^(jvsFV1$j0(V;SL_YeFgT3 z@wlN>ulu`_K)kPi-kdI{FB2)XSX#Qu0!^C>yUctFwk1?P8|p7@uxgA6vYccY2-aWm zjMS|s>2=n6vK=2!l+`(L>6!C*YU>F-)V3Hc@OOUyR{N}e|T(mp{FOPY-ed@(S0ocLoX_z^}q1 zu-!?w=>?$iF(HRq&Ocnc$>9qK9E|d7L{3%c6@$Ursot46&-l7x<*6Y+jbmnMvUL^4 z!qSBij^$BTj&EJ@t;1gCHR{7hu2rB zy>BZnOe*JwWU;Gs-2|1H958#&3p{|Q(a_KeM|58ZDn?94`|_5lDh3Cpj85D7F^%J=reAAoM^rPNYcXH- zP$_FI3OPOpN}F*}%QqQdlV3vP!UdR~cu;bcJ%$^hD`U%e3~Bf)NPfdW2HMUBH9@?$ zQ84S)q@Wx0hhag>-~sn*sz!1teR=%{_ScrwL1bW1p`L|=2yCM{VTsPeJyO+LmYkM` zA11L2NM;15CAlSybGht&ypDC5rbekZ|+ zOp5OMC5N2*^De0F3_k%#4mmA1w}3**k-d`Xb3kP-{(2lT?W8f5zC=BH`uO9xpOWah zKk$~@GXyE=CPPBNo zp&>vc`BkhVsLk~oP(@CTABiI;12i`jY@%Dh6lW?nEL>=F(7p-406k#>oV)H6gAP=l z^moGOgtZfa&vmXb2;o2jNbU)$Ir@kP+9w(+@D&hSkOXZj06m)US}KzgNl6I~WrOxT zz%SbL4&Z^$1du~g$rvr+-sf``t*cQ+& ziGuhWSA^?kjn*Z*Z^^uyL?&60vV@w*X4AsP$@xTifvVf>8U_@4?VSRPt%Z zS5sW$$EbRoX(f;E!T)ZlAs7ceKYV;#qE8&|p6@dI=;r;H?$}q)$UGxeL@t~Qf~S6U z9St4ehTYPQ$#I|=#X&vdRDFfWaz}ejlllju!&!NaC+dFunb=eUL^Gq{qVB!Q-)bH> zqR9EY4n2y!axJ`Tg|?>BnYZdEctah&Bkkc_jLeHm(57+I{RB~(NHuaw%|gS+@FiC{ zXhtaFOcgUG+!|fM$&#>-#{7`dZ@aU^DUj-(FYmwCsIt7ZLRBHBn4Vka=(2fIR?RnB z3&-@r4t?V}mwoSpHxgY?y=|#2#Vey`$-S#hEtTh)?zIiwIjVAW-!@)kgw!nqA$}5> z!Z6vkYSJf}hK4V=UH=A*G0ANp=+^Iffx}v{#1lpkIWCl)0gxWTBj3?P&(vklsle$> z>(PL+{BL(W>&SWDBy8%QjlIXN4L-F5o`9Wwj{>}`k@kf@@xSrFuBoSD$!B9p&+$$~eKD13lLb{^&<8%qC^?m@* zJP~gXR3Wh)oXt*OiKMa2Az7+>u8V0>+7;j32T+lVf(Yoh?CU&aB01Vw<#f; z3^tjR!)69jcqfT99$hS5c-8<5TustA_*+7ZjC`vk;2KRP|tEGiC%pJ zW*Cq>qEl4Gq-GEnwp^8iTDlxtK!qR z?z|jJF5t4N7r8E^&534?VS(TJHu{4Y-fTidE52G_fGV#FZ27hggJ%R*W&gn>!45L* zcRtAhT=H^D4ksGGShbOqye}>mt39wUyGhunG&B;}b)i&8y}T3pmj&`yo7q?hFzaw9 zZ;pQyUO{uB4U&jmeb=_!Z`g?}AAKjuDMt+OME@2XLtzL^C{?wN1JB=DZ~CHwyPVVr z4kTe|4dUD&66gn43@8!cln6jfyc0}iy-hzBBeIrPs!|MFsWC{@I=eR5B3C zZi|0wDFqaL86?3IbS$FXjcJSwQ=L*!Sg{r%0pelfvE6Z-pY0*At5e^2Wep(AgrlM| z0r>L5!AIWpbwNU9DJ~1FXz4Q7plrNJ92_)h0lB^KVKFHh7T7&9w#2$oUpbT@f&)BH zPt$JkH@^P8K5?K1=fugPHnAKa_G}rU5E=HCQF*)59@w6!`dXM+-4b%7ahbX6GrXg2 zjzj6xvaMd!5Nn#sc}b;>C@_uUY`rn&&f_N?W6^oi5>W*` z?Fr{l1|RO(faS&5`mRq|84FGf;%#M1^jv-bQ&h~n<%T`WCmcn$+4s_ATKPFS7YqUU zD!2((xK0Y$NjQiAG?cASW||eS2gG63i5v5zkI^kjz~T-HzqN@Mj<*Xc0dGK*)tTT> zg`nZ~U&5tu5CCXsoom&{slm@)^SmwC?14Oje@!Sa2Hj<*5Dp}Ic$H!@%wt`GB%%u8 zAPi_&(sEs#U!l*7Hy_Yp$24!h&NGoA7*KB<=;YA(nG5yS&?^yx#h-EFV37{tSy?7{ zG(Iyq039R}k_1Hx$1?!$qADzo3}M9kSeQux2JhnbB@lkV+IFSKIV0(nc1>|5+9k#1 z2+U5e?zxN5I(1|lQ}JooE0>fUF+5D$!Hb+3Z)wN9Z69$CA~TfHB51a{I;N(@xBMRp zi<6Yl3<7oOk1$di-Z4S!Wo$yvCPO(WgLvjeFJpcnx2d=V+=D1i=)mjCBlI-lXZ00m zKXxWCbUO=d$)vXg+btaB?KMPnA=p%FIW(veKy&qrgRDMzf&b?M5SpL;(XU_X-x-94 z=jP^OJ^cLQ0+*sX(|l89n?B9-llPj?O}YZtn{}Su#e1BfFvt%)p!6;2>-f}E)?esH z{30+ITryx->us4^v+2MvP%C{pit)eQ)iC3^KghHWjk=dy)N_(guKkqNT(H@2sV{_MO8eFmPcXIih zc{BKe62QXf{wo2M-zU2{-&y7^IC8y4&1fkRnvJg3{|rxwh(Hb+2w6HD)%io7 z7D6|#|LW@2^*$t{R`aR?e-U5sDa ztj{$Cu$6348*i~Z`S$5Ae?+k;e8k{3ru%?HvoEj-X0+>tV}$6hg$fy$KDKg+-7*$0~Ksor-ylewd#lILVp4& zxssBw0g9doT(!Z2lf-lMc7wf;Ml=dmg5hAGgiphqe_t)9aHkYr9`uRc%L>1`HIj?` zIhG-?R<+`iFCI;!h}MupR22jx?Ib`h#Dz>9R!6&Q;+sDrBqe29fVMoTWuSq9nMn`Z z?6?u(m*oE|Row@oM*y3>@Eb^beCIV%X51(!>}YHhx1e)I-qJ>(K)_m2bj-m`I{*O` z8TqV-qE<6J3qC2n)ZQ6-QqG%l~&HfQC)s`{M=&4C1&DpKe(S8_FFP*OL+;MOyUpJN4@I6SMfFF$r56*|3kc2DE{r0Fn%eILRK~qa_K350(>|zit#k33NYEk`EWB}$hc7ZruodwiT2RApCBEL@vIR&1 z^<$GJ0J0ANHC!%d%q*Y6?Tlvzs#?nd|7hw_sAjtXKbP zuxXHJB8Q6VM__!uPZ!eU{Pm+C+7_gf{lgGq4sM=a>@>m_qlC}tdbmH1)6AXG2kbQGp z%d~(9D+dq{FN}K;6GX9gr?aGk*8YbhM&SnUl55MRd4Y zPlNjHDcvqZf1^ALn5Cb|B!#xjrwYi1p8g}+y5Ee{w@}2@2R#u0oHyv8^ogwYupgTE{BI;m-naIka!GeIPi<!I$02qY2@UCPo?_qtNszx_k zZuwx_^R#nWO{Bf?=IxsjLO9&4#cd+!i)i1l9!g3h#h{W00QHZpOW+Ag059-{-mVU< zBDQ6E6t8&VauU(*8|X!*xRwFp@iYrx$_D1|8l1~Ycsa#$(BvBIDC1C;qemDRT6VbP zt?^y;`#vw~d9C?MgxRhs@k$!}Zs}E?o&K27-*b$*e3)|>gy85s$J7{4Jn#UA>*N&t z^tzXGNKu4FN{fbuIyX}5BAEH{l=xy;V%d1l%iRh(lm32H41fexuPr{; zYF#*gHmH`j5xqR{-CuCWjtCCBKfP_wIWLEYEIh5neyA5jG$SP3f>ma@v4@>)XVM0! z!~t8EChXPl4s3pBv{pKm^sUz?Q^TWbvE+qslmvxm=C1q-=n3h*Ercg_;${c~cCz0! zA&bfNl3)=(n3_2HxdMGfdLPb6abdlI927*8lty+xhMa z^zjZe_V1mlQcEv%OE(ztpy!1_>jYeI?j}!Bm8r6cve2h5g-5Jdzr2SoPfG zaJ8@KpckYSdC5!=2L-uzHV^imn2c|*XV>zs^S(xm=vH=TY^+#~58muAO@jS}H_V~4oK9Yc>>FO!oiq0IA2fsi2S&x-|lL+Ti?k_Qh@U9it@T(;xL#y-zRKdi|GKN4vQo7i z>)gP&jCtfD1}RO67G(wRwvyxH1>I}W$wKInX>={HinYoV`f(BmcbwqN#wp1s){%hb zTbPtadx=C`4Nce_(S#8}n7~OF-xSqCIQoc)c!xr{99I@A^|8Ny!6L+igM;9Ra6$=) z?RL6%dmpSO?)1NB+q12HsRAqV*mcNzBf&IB z$@~mG9CyEHjBIK<J_oxes!S*m1{)|kQ&OR>AV zsc}a^)zEeaY%Eq{5KA@>e|K{k*|t7nRAxb4n(2h2@GJLP*SoUR&jJM4QS^>z z0`{zSFc7^NM+UYV#mDj(@M^G@p8|o|{s##f(UfLiBwe5r_B1JEoOnJeyg>pCPmb-BIJTgV^2>qrYimY}C12N7 zY#{FWPJHX=>LMh{<3m)^M(dF&dwG8+ZFUm_l^BF^;_F5R%5L%)66dU%c%S>K^D#YSau~hbs7_?%ETBLJ zsE0hIbAs)6q#8~vTs$C)`!A+>SU*S<00P&97Y>j*z@()LgapYxn-gNS4SRDT_xJ#j zw#MhSKjNwnK0by(IEH}W{=3aBiNTba6DuLfcFutBc4l=t+H$+96ddj+ku=vR6n zE)Tpfg%gvoWV08M$I$R;6MCSRL)MfI3*<&O{Z5dK2%o59;+stksV%P%VlsRXc8tTQ zm2K;2&BQT00;D6iQMPQHs8+S6@zrDI6L{EB+_4}b^hm7mmqbH_?EtkT;TLA>Ndo=Sc~T zg>#r=UM*ZB!$Dmrgc0o`2Jz0^7`a!r$r}U$$P6qM=J3uA^nciYUtrFYc6e?SHUCu@ z^ft=cn|XuJZ7++SvMg3gR0ss}XY@1cO@VQONe{&kj_dM=3n2dB$#m}nydHT!hz>cu zkWl9f>ehHaCKlc#!TyaP$$m%r>Tmii7v#Y6>EyXJX-sT+PPtlF-7ayj3;>J=2STEf zPQYV!7CZe_G5TFfC!Go!nk~I2N4&~Jp+{FdlfXtX%?e?W4Zs}HPtc>-J&C|tY7 zs#?i6zsn$_tX5sL88IjhTlj{q)J-(CZO}8IU8|sjK{sM&Z~u@L5R;sB-aF!@aTrox zIU=s?7@3^>n3PENwREaT!;T;>O@u4Q$*zLVxiL=r69;K?ekQHqav?~H>ZU#v)r#!C zui&jMurlIyH!0Mi_OHM7R)m?Qmj{?3jnrnxuI!n2wBNo(uFI$MOja_%oHtM3TL9epc8q@41T@eexz z{om;xaP9Uwm}r^{;N|61msM`l0I@)-VTF@)CQFHJCY1AoTd|TgBJ+qCL__?;6DzxT zi}p?@3lV7cXU142z-J!su0{#bcSNb3ol^Kcauf1VJ{JS*l7zOnBSlwzDrZDyQf3)C z&@RwN2I~3?qX|k-;-eiGR~NwC;HcSDiX>#FMEIYk+;@l zPuIIkt-`5MVZC`oDsS-xD2CYXdtU~(IWj5Osn6N{hH8m2m6z~iuJ$n}!Y6U3O7_+J z{~df8)3xdr*qmnK`IJBPVfqst^`k?Nvr*uL_PtN_NrlNT?fR|wmf2~BSlASu-YmQ= z-aw0e$dk1YD?_61g2m$&YUlckZ1qezE9%zY@LWcfMK9j!B7h2)jLlgB`O)OLxVtl) z1j+u)2OGkVrzPj=B}+Tpj}^2Iomm`JR=n2zMLLTRuXZz#+0vm9z6c-61S`B*dQ;1> z%v=nXpy+C1QrqB>a6I1PQX#=nd8{g2p+fOo{Zm@R7r7^UH~1M;d2?)N&}eVW^h57= z6Q*3(N83@KPeuHk634Dg1o|5cx6AAV5b27_$v-z57OT46F~~$O)M;VBu}`o!uk?W6 zS%oJ47ZngqHv%Vd$3GBzSV^-sB>wk;hYdKk{!@Gw(B7rU%WBE2|0A8#Ck99JSt11n zd#;}xP?^qJjbjY_35TW;sm$Z57|PT^Up4$kua^*!J>jW{&%dd^&(&p#s$Ln}G~$W| z{MgIcqqtGxXT8-BCxDp+wr|GC~>v{&12E?i?LZ+zwX2 zlOn@Mm!L}E8jG}ox-ckq4~4eQ^ej}NH_)iX;ljn=LcU#CE z^R`S^z1NT2mz0*rvbwtG^6m&z^-nKgiUuBR%_!Y{o^wm~BE5Fb)3ZFBGu!L+fNR39 zMFk!s)>`ElP;0mRGm@&UCigGz?rrq?5Ha)od1p9zRSocu*-*?9NJz2+%VW<1ujsxU zeX74zP|{!$bzNIKWw&+LZpoa!m6>QM`>nd_-hB{@Xsj|fw@#zuLPO^4x>AqGd|2cH z(?h_qPeGD3aP*xfPc#Yi9!Wubzzw6N;EN;I{Vv7A%?0F5Co-_eU0!>(U2)*elaY~n24W4m&3IgB_5FxKytIO< z+I!uM@e)<&9r3q#vo7cgDe4}27>Dm=CX5^(Z4X^5Dx~vfFt0MNa*&msOdB0&Nz78{ zdjSnkDt19e+Ikp$D3%RAr`7?Ydz-xYq}RJ%C)YHN9bYeMKNL|}V}(u&G)|k}WNb!Q zIAR#x#t$$;YOy5!DDQ~1>V18_FH+TO>0I6J<3edxeznq+cT}0%+}V9r;ukvSdwrqS zwEoS_I%`@ro%4;&D>FDajQsYLRV;cdSm_QLKE2t)Su*Fxj>99rFjqwjoE*$x*OY^; z_FkOH6{(?Y`Tvt;(q3l&f{{`xWl*5T5&{oq_9d=)D3+dZiy4`DTlvsiyFe`VOeRfMuWH79zF~k#E zRB>wDcb+2!tM4hZ^@M{xYAT2*_;EC3XQ+g-b=HlV~0nz5}5NBw6sQ`HnGIhoYt z2HTk5)?N{|z$$&ro7U}U`>kEWv#(4H2zAO_c01}dv6!$crJXmSJj3`v{2uEncG5qA z7RY{zXeN_D@`;P|uCHf%e^o$GIEyym)!-;jx%}k%6uI-Uc9bCKRuI6$t z2%+#O!L0I%R^u&(dTsu4Li%hlSMwtlALyR;_SebxD<=ej_G~$NgwW*VH!cEg{F#&m zMFEgzc)(FLV)HYd0e<3QFL`2IS?aF^ORh0chAa)EshMn};d>*KWjTb0`fiaGDknyX z4BVh8LbHosO42=+33B|hIPi{u`4TkE0G0)UYaIt@Fvob!1&iO#-jqoJx*-iw z5l9M?$^=+M+dsW2q4n%c{*D%7%Fg6m$vreg&R@;h=Rde!KoX6Up z{j`Is^?ykM|IU1(#!p6H(2Bp86ix~dIme(>6Lkfy3#R)HuP^OU3)cU-4Jch@`~2r3 zFy)CmhYT2WK9HH8b(&M00*RpgLdI^QlkWFvkfP|Ys1pEfw89Hju%{RcVHkh29$$4} zB_4b7<&Cl#ABXw!iz>vOz0M_`DIsgaI#(5L4+LR>&j5K`vWk$%+e+TFVupD);6X(Z z8KK3^!0a}N-#8B5ixc?GsU|#`hXuxSAPU-IzbR5yeYc3)57OJ=`Sf`XgtkYgXmDsy zIWbXQyfU(|w<2%MT!D!}WG%PLU?5#OM+uN9Fck^~Hqo2q@vtW)srneiK&Ygp?BfWI z20sj-G+O!tBYB2Jh0?8lrR3(a6;QLl*sx(cbpWg@Eaz@3eoIQT(&~OrL&y4xDyljS zy{sp%PWi*C8v`u6_|ESiY;Y-+YDM`Mep_-bXm`dHEr=ZvDH=IRI9}-G&S?KoG$6FQ zUXs^;Y?yLdSk$V#5jN3#xd$uSuCt}1|A)s7HTq9Sy@)IfnoO{l-A8IuK z?y;uKk4}2MZE={eRe|p?C5Fg>8G-p&7msF=t*A1LZ?wV{)P=*vP`{J-Y}|->Pl*%J za4p^&qE}U-pQZ$hOT#ryqq^`yy)I%m6X!99-2G_b_Z^D9#tPI~G z5nsONnWlU%C9$w;5dX*!y4ElO&30l;ua~x1U+Q3+6?WK%pvV{tq{28z4+m%%<$T8F zlPQgo)5(6JZ>f6;8nYuN$dU<+nTIJ2Sl+2^>k$G2df^ViUya$Sz^iA>y{IMnUn;<= zUq-J`KwlLses+3>8N-Hg)|vlFugbG@K(yuS-6L0hl)v!!(4m@V)jI;QAb0|WVpO13XD$B!<4q**j|JjXVWKwZdwP+&vvYtEyB zp!Ko1b{QXd&$`a}ZwEslD3JKPHlykN&Zg@3dF;{+E82{q4fZZco_VDGBs6B&!ki&V z@Gb^rAXyq)Nc%u%9s;1395uzj=!eH}rz}Azr1Zle)%?BhM+NESVVdaDh3oqg&JDA4 z!_E#FHJD{6bO4lN9+otif`{kNcY$+M1vlNJq1@@c3Lv3Pkp#oleTZCJ0|8}(IyeA0Cst3CqBmjf)5HMQ){C4}g zTBJV@$F6PSAk$Fc2bAYWqmTlwQ+GvMK|`-(1VhZH(^%FS;Qk`h$U}7bHv&CU z#oHTOFQyV?7*Nr|;|C^i`Oyw<0g#`@sKnvX5-hY|9N)JPTgILdBbcRxs)j;<0eWyW zndZBjdpU1I=J5)sqgN$yv^O@w zN72!#;6nFz#d@6I|JGQovk}mp*W228pe69);3PSzNOyFliufjgA|3sKr!AEN+C~T- zPod2@_a$fMX#;%smNu3jZn~LaZTh}Ih2}ox zcP>CO6-I!S#EYzezI}yl2R{b~w^xf{AP3+wkFTjsyKETKI-$L3xBH4t7&lf`kV!^Y z6{;!TR}5{Alc8{kTPftpuM#cwkY@z+)=k#idOd>7aWSgV+&g2|l9M%Ak`+*Wj!mhc ztCUS^p5*(-jy#hqE1_40W;uZRDyQ-CkCu4qby6d}9P$v>T5Rv>t(FISX$s3&mt#F+ zy!9UK%}oj&sKys2v&D7;1~cB3XsrcSJxGcRhQvQ)iaP&ZvM6OJZ5Of~a8YvdhXo>} zF{M#uI@3YR>GQDq>g-7CpfggTs$34bOq9sKr}zGQk8@IaL+8Qf6-s4u^3G**wutVn zAG3Lhvh4Va80>iTQ{qu2@S3tBD@smyNrp+Q_YhZkLU(uu*Wg6V+Zori{6#sI`j18Q z69MMvIC2w_N@u+y=e;6bQ+t=W`&UslH|%@btM5w*NYKj8wx92>Uu+0i+IZ~)Uh`ii zWj|oV2eYN|`~@670V)G!(#F4Yh60tvVj)sAjIr%q*pnP-itLz{)7}^&ZCsk1R0!C{ zOcpoJ{z5IelJf1X(W&4#=)PqxEfQuB4%o0}vjWYqsnxPVLJ>%2m8y~EYdWEfr-+-! zg>uLcCm4fET71P#SeQ)DGY2hWstMy5m;5|hy>hSO;ktCr8*)(%2ftVr;Gh8O}wL+(AbOHTy(-4UTjmqP4y>z z9aC3F&#M1N(^t4P`F{V?j1acbz0o4wDKHvIC6(?s-7U3&bay(syHiFtilkDa(nyDd zzkPn!_5B03>$&gyJm)$0Ij;yoFljG#b{R#qjC$6wdWW+rf>9tGIRwD|D|REb+1dj% zE#URX9|FJ>Isf+<$wtFg;}5=pjPgdG4jPg8In=e(GQt`lTGmp>$sf}>c0F~u~v zWLBu>snYK4(HIh7E>jqC@mmCMtii1#O`%QBiw*XPBM?W690PLtUP^C&0gYU_!~Jf5 z{X|P^sIU_i<(RY%h);=3XZ?wRfIkvGhYdnIRl*S^zNrW~6o+=~2n_ERL|x&af{}JI zeJZT$_*gg^hGFR`P*BTlpf>LApazRgtf~SYviYPoP6W)K$5qu=)yN|=ptWe1Wpxek z+gP9ow3{Rs*%TEERISWS5vW_hR`XB2(%Yrt6s^Y_D=1(E$dV|D-yEEMKm5?)w%LEz zi3>bWHAQU%^el|V`3kdpT9L;Uh5McI(2@>qs-qz+MyKwu#`z!SR($2yU4=gN!La|s z0=UW+x(-ZQKVMa)KVb(x?Z|W^LjQ%+S8r;A&L1jpP*#deZA29gt+y z2MJ2rZ!w6&5tFX?rw82RC~fyv8-Uf023Ho#CT=YQeEL=Sf0@JN2q0FA29#y{=Crvp z3O;7U_q<@=NpxFsbs0iXlcyF~gGZRn5u691S0J9%X~HSlp#>J-S3?0g%$Lt~%87rdTik5JfT?g-jw$JD@2xuuck)pm zCdOUske<%b5sykb7oJ2ryxA^h6aa25^3H@BFTZPflcn}J;frqTE#Z)+8l1-TkRmpp z?$+`BG9O-tAQEKp^9^@iHdTATnV^}GJWAto;(N5-J*E&sTnwluP<32!`}FVB&`&} zv;_})%IO|aD&m+JRn45AA7mRgKdRl11#{ykSM~k?XMnErUE=iM^86q@H0$Il4Pszy zvNzXB5ixxup)Gw9Jsjzvab>>rwvJAWlT>?U=FdxD|IOVwcD`HQBjB(o-Tmijn}SSl znpX%{Y~yOuy!G_T8Mn&#bznEYq(OQJuAGCPdh>#W zWH`rE70gmfjYL?j{IWWB{s^fyRPkKe&KPBrSYOS$%y@Zqd^G7;3mvU@Q~+MnJ`s>T z>;Ec(^k5vf*L#(WSdmK`%W9H#abO0*9P+QKhK%va5WLLLrG$x&HH_`i-%Cpa9Xj9$ zc66?9Kc+w?42V7c-B-Xt*0Cw=E$aIT|5%h@Tf?2y-YJvQxf#kLe-!A{^8MgFLZgnL z*dR+%>QUsS1xbPH!spBNy6hiR12yL&O>t48tH-XNGI`wAkdD(tO-}cJp02VXS2*uQ z?Rki7)iaNlsy$2--QDMpisZ?)a-RuT5|{$%iCky*SiFl_$yLx(v9gRdJ&7wp{Mbg- zchVo~sj{+&B25T&qA>*{_zOw}z}WD;Pmz)!K8wM#AHlqleT(kf@cyE!3ek52Nz@(! z)=)K+ z$B;t~81a5gWyzAv>-BxK=6ura-zen2hPdfav~1ZW3qAd1W1?e;qx63rd8v(|I{RZM zH1yoaJ%4f~OVRtIrN3e?re6H|Wt9?@1VZq=knqlf_BOb-rst17GoRY zOU9L7K?vgrcNfkx?-aS1nXJor-E^yP76<)qZ4zP}U_3sP_1`G3q1oKbGABwnNZuMH zoFf#*oNtWnK)I!-&ap`Xn~L1#Sp93^2VXp*TUgb^piAn54W33Awjg@fwXDWES4ajskqH^cVN~nDC0smAx zZitLS7fwU2>aRT(RQ8`<9m4-e-jM#qmP%Zy8Y{m}b1U8Hxc`&*K|0GV_*m?}CO6S~ zWff-mMTP|_-uEHxhbsvsAtL^Ja^L;#j?RWsu*WosJU<^UN*<*;leLA75zM(66}RhZ zwmyf7DQ;rc&&aLpsYF9qmBc6BJrkCLRny<}nB<#U5uH|=F=O#Ge{5v52-*O1qJB_O z)ssFm@qaqM^PGi1=j#9vlUnM<)B_s=Oa4C1Sa&-fiGhN(Li2Zlha2T-@0S|atMI_0 zOmKL7q;)owTY#j#{t3Xz4FX&!k7SFFM_BXJ7*IexfasBErJV-7BG}c4H8@;TIBCr< z;LS6@cESF#^Z3bPpMfWWlh`{lMBXa*XHr1A1Jy$$>4;UgxiV0)&4~N+uf(zN_@}*9 zBdmX#hn$zuEjhq|v=#jhI^@iWgUdN^vm z`g_u{`!onI1#JFS;T&<*SRc&DyB<#HdD9XyA9+toGw-Qv$H$K4_)|yP`}lN~j0Jzz z?C-Zb#>e69i{(oxj>H*XGnqhL{F#7bu1W8=KW%E312r?T zYzZLPP?102>o zR+;`H;8OMi-B*IkHctwa1D?sRNLi}Eir5HnHOTB5K0-?AEepNb77(r9vynj5&gOd@ zbiK4av%fDpcwGLl0ZAwRhC^sjK+^LD2uaqr&ErNq4Q<@@wPuuiJQPI>xK9&!YQ@Lo zCMvJ1KFX}Xh~6r<5+mP%Ys$WnbRU$ya&-DAUeo6e(UE!!GZ|emD;*)Ab9cq+%2uRK z7yVXM%D}nGZ6+?(x02U)@c&Wv=!UPWz0tR?6Ndr=TCKQAOapWG(sMWaST)=V36&yk z-p0>73v^$AQ`5(ZqF1+<1{m@r;dMu`HF_&5vwkso#vD#Jno1wM-6Z93{_Yu3mcWK9U?}jJA6v z>{4p!o0?X-(Ya0-L?76KW#1hh(}Fomn9~z{Ta>=EzVl&s%BcEIZfVwVw!c8dN9*pT zgOTPqow--ZTwBKy0qg+aD#M}^O#3Z{sR)#wK-b4(z9pOC43_C({QIjLc&{8IVB>iZ zfWU_%%PXN|UMT&goI@|nsTv*x#X_ZkJ(`LEuU?^yfBrbyf-Jz{!h$4YDR2bB2BZea z1yVriJ}Z)q>B#L^r6vdPg}KNQqExek#DG97g3y;+xu-u>kboRp*>zON@+?@suZyRV z_FXVnte`AgT(f89%csz~9Rd{TKr@8lE3cvg8Hx8B=lc|I4&8fRLmWRC*W0yxR)12aJ)YO% zF@Afb&z{h>QQNV!oJj+?cm!Y~rc?Os(}3ibJlIG`r7)5Y?03ifax?C9#>P?XI&06* z{5>v2Lk0=)b_42WGb26fnQcZ8=oL4=hGA^Wfq;oNQkr^7i(P5ojVWdzTqt=9=zE^{ zSbhyPRry
jAM=}Bzn@s(uu?TK0}f~Hc1|9LtBQJC2QaGqr2EnW&M zuCQLdX!A$Ie!DXe#NxpJqLs%~nrqpSzPTXdCBsdl&H1HDuwcWB#Q7p(CMI_O8ZO(G z=x&N`5A%xdq_Lc>o|gTe;_z}nA6i2oiYp7KJp3D=eBN;Jgf_x4dAmNG-gqZe#fqdP zK=57SGwCv7wTjzGgWz%iVLR$lCW#63t#m zGlK|8clR2K;?ROim0w{E_VSsM3CICBhh*X|fz@Cd&&v%NJ8$h(uI~n+5i{?6E}Utg z_%yvHU0A!=sCJ!6ooN;9#F*_C9k8Bx)^_%~Yxd;lr<&WZaN_>PWe4(p9mn3Z?q&k% z)gQXXg{DDuvxH1iek*r9sLT3Qu|sJ%V@;v7j6I1B-&&op#lYrI;Uv+3jFIpCn~TC0 zP4~>{Yu0>*2?h;GxDlcf?PH1gg&EPaBK;S};)~2-`M{s?HYAe_d0sZ**Ck>DHJ$Hg zfXNelIpXq#TCOs*d&3I-xFCA{e4qGM+W>60HqNS7FijlJ8;3NX9)xR$$e|4)s93Q!^J6!B2f!Pgi#tYb(=Cy4z?z?L3U}2 z2_ei-5oW?)G_BUbp&XLp)h~O+J5iHd z4Q5 zISlH=zvQVFEDPH}ook(fe-o|r2#faVzU&N-ECRGVK(vKDAw7XpqF6X!K;mzjCt#Q+ zDQygqz8+~DYN6f-k$g|Ym9T2l@vtlu1MD($zL5SU(a4U5a5N5$a7ArFj7m;-^39%> zDYs^8ChHG({$*=`h1b%pX~EmZPrecPJUx+?uhiHFj6C*j%K+JUQEk(|+5Tppp#z@X zI@r3`y)jca5F%e#Iv4DA@~(+L)32)!Z`3={6+1KS!87qZp#H`u#3kcfKrb$qe3{1x z41+wB01Mnn)V9C6);D0ve5@V_ZovW~$6Q06tq%vueMI%Ha`wojQQd*+%3!E#Hzwux zV^kgkej0+Qw&~B`#qF z2nc)>Pzm;Yge)3!{OUs7)Zf&BBMU*~gflXU*WD`tdVT%xF<5f@H#rJD8vM6HzH|KX!G* zDW=|}yi%t<(%~8LT(GrGxIAIK)1~cBsVCxa*&VQ*p`9e(q1f%{>c6X(csgCX6}TFT zZ#&U26YpsXbn!d;@xU}wEY|=3 zwbsnh_SOcszipORNG%&mRU<|ZBJ8=ErGC02HrzwCGPGCTm37xd%<`p$)m?#+)AzSv zLK%SK_dk|ledc_$(zO1N(BaXKk0(AMy$$Z5^QiN?o4F-Wq`%m0S#&Z#;d!7`Jy1g$ z47Xk@D9)4g{z@(1WL+DE^Om*7`PcqCo#S`;mKq-KEgROI*dknlAS#4k=1;@L2Gmy5OVlr_S6qr?qL^uokh4no=Ml9N>eH4BErHWV_*wi| zofxPyR^IVnaZ!wR7>gT*gL|Yhn4kMaUW@8C*nvl6&MGCwZU?gEnd1H0P20g7>&Z={ zF#cn00UIgW!C?b=)=IfXD{=EDK%hl1c9AagWQ1|#A2S7-UCOg{(F_H}VCoJ$MLTAs zV}p=T*0k#>)w7i!J$wdUprl~{I>6No;{g-W&6j}?{Ud1lXz0@RY2b=Rctb@>y)q2C z$WWrsiSBW!X0{>hU=!Q8BrLz=n5+D<>7nA3OUenFbOhQ#N!|kB4}&fxWYf0sZuUTp)IA{k z#SLBuMceCmRLE07kvB98L_W2G%!T>tBkFht^ukCK#pU@ZDB19M56VEYI7vo*TBH&KN)Dzw~bkbPfBrg9e(-$ zx~oL2-s94qi?4-Y?=e})?U86B_Rd?^YJ0B)^6i`6eMr3}KFJ_CSt!A|a7%r}3mbUb z3TDq#6};1|$*5AZXoD^k3+%0VWT6uYWY*77#eiVzX$fOWym$+W_7OU4OPePIK`lDyXJDlq-$IEY~E0GA%)c=0`VP^ZY~M8ZMEE#&UX?tPR!^r8WZ1 zi!IV;Z9OwH(~}7k`Fnz1HX^udke4j{jPJGGaxnYcDqXw1&r|^`G0ix=wKDCKiy64o zz(=T_o%8Jc@fj;JaY_hlSLhYUG#t_$q=38ovZqqCF0%QNCTDLY(2)egjio1BvhQ;_ z3w$Pv$(Y99N?KZ@Y|k%1)Um?wVdTJg1Z_9Q+YYUL?~8?x`1Ozty|;y-pdcw7_lPFw z_~!!SMk3{&0=?2lGllhRCIaN(zsJC5g?oST*M6^cpLC~Kgd1hmYo_wn#2Dw-OBPzsG#-Z`6NBnXUwG+g1*l=$4b_)_szJ4l zF4-?9P1|b5r_4vg-pfuAtPmc!LoT~Jgq05~O@hZK)J0zTxk~1Zjd+@}lJ^tG`X)6y zK-i-|uDp2CIWSP#%!mkYQNAo=yoHx2xoujz)$)ahhwT^@5mQ3Jxi~yyC#YA+C#gtw zlO$a*e&HxTiX-wD%jcQn&}j8|XAh+F2=7K!9zh6q^6YcvsNp&uwB7k{zv@3(E*uU^ zg>3PQ0-`1OUpb0n>=uFn4legv(D#uzXsX*_K@wb+_-!tfizp- zgmS07wW6Vx3B{1oxK z>1myJGW8QlO^;NbF&4a4C5Mr}DR$#@}X+Xbnvh(9}!cnr}KM5r0Dd~C6JFPXE;Bif`GNzuM zocsHjMssL<9Q#CC^|-^Ev=XS(L_{Y*UF)m&9UvW{X9XQ3yS&!iva z&DSueI71RU@lw2BW6rg;N5&d{^v$48VK$-X*M^m};V@19`9l!~bb^Y=kh*_4(3q_% zxDf(9R$l|ON_UTl;o`9eH@n?C2Ub_Q<0vw3ZU2&oY}^C`(u9Mia#VNN2k#z`Xc>zs zU^W{}J1m{Eh04MDQz0nbE}{IPmsek4nF^K6iah2KH>GBUha%Mzw{akWwFji<71_OC zsn*4f-;NF__h}p5?e%;P(_HNgJXyC=ZCa;KC<%Q=m# z0Um7SJ1pIRj)bx z)!#Zh)xJ&CH{`AnpfoB}Za5@Zws~p%cD}l!lWGfXeG?3PdN})Ruy{J#Of@F;&X4jC zFPrI41zURh_p$l?`CGP$Q{HaDj!F7hz|7o8rqXvPmnY60j>EK_vw-{S^riAS-Ib5G zI7Kz}_IR(^<%@Vcy2l)94icZ24coQ#gF~ySg4D?Vvj6O>5%_LF8`{>9wIpCn&^>@5 zW!a`bb?hYgQ->8IzIvc`akfUaa{Q9>^O~f~eo|s|)#*I!(5kW%2R%OTvojgN>|K6kw`Foqspi5$ND7Z0sPPqg? z2;AIwfQaQ3Ur~HVBd7-tH$kzq+LcjhbB4e;Q1zl_t<9K@KC5Lq2dLIJ{^$o9;;zJo zDLX5!)XDG)97L(oXLyR<{B4_25@|?x_>%I$ zB~bwz@l<)B7J$9m+SIxIR!}IhCTaBzebChKv^$!`tp0)&4aM68`m@f%$M^TX_qgmM z)I~R!a(;+zoUjz?CVJTE_@C|$j?)A%Zkc42a8BB=Z6hTk$r2i}=F1Bo5JL3p;y+YvU*bXOav71L+%moR|WeMP?Th>2QBus1JE z)wqP*tkiZZQs5G6Q_p{J7pKIPi$Q68<*MBX`oKzeuNXqzwzqR7K8oNbR{cQZBOwFz zri#O@69)-ogqnwgg8r4A+pO5#9isf;ztYd6u2Me~O{*J3Sbcf4D6S4_o%S#J%gqA+ zV`Noi3qtS8su&!8W8C|F`FU%C5D1s&pY~SZLe9HH6`55!R`}7EiZY@eEkobac)W1X z0OWx^RlR%xDup7$v<*KZzi2_%tjR5mBc|(rexR#)JH)UR${{ zyGKfqFe8f5=Nul$1EnKQToZu9J?OL)h3~#6M^hqj{p=S}=q_qRz!d%BD$>HBvTCWm zrL9XoLA6HYln?_jq7V^w%-ZF+Sn@eH!h*!psd~&~z|GDPK{dJsou(+}*!@(Rzy2fx z32dgU@RqqUQ4*2+ezn8L2tfE|GAY6hkJe6Z{-MHofLI71VnCI#P{yA-UCHD*bkizT z5zFOySW5c=(9_&Rdh3q(yrEkXkjgmu<*RAdGH~o?LJ`cpkY}2l74F|_?Q007bIFFN z#c1WgASPX?i)fpr1L9(%BJ?tGA6)I%Efl-b*r*umOkL%A{LIb4S*HuQ%yRX*n+Cio zqah&f6I1JMK||L(Oo4c{NJ-?rt_XtKb_1ys{+93NX5b@y?SVKYOsi&vikz(A>Sh|lC1^_NKL zk9;6hj)_H4ge(;yC?r7|AP4s~o`3?vp%1YIqV*|MB^YpQ#C_B7#lPCwNLGbevd~5c z9mliX#~{{mdfDY1x-5#VIn3YJyYC2veV;|79BMB_Ft8MV1c+HfVCjf*`4~mvruOeQ z5EQZ(FICWQg<@;~&`klJJxieEP4p>DP7xHdMILnpPzw}(5zUhaOGSht2hHeprSAxR5`U*EjJmrXS?raH z!|{-uS3xlWS55(*R(!Y-d@TOeSQl46cc+z71)?Gtpnxtpx%T#)&g0V|YJ`fQWO@-g zews?mka7Tn6@-i{AM?z4^hNZ1$(NI9a2ztZ1-0Rr+PwqVWD*fu8mK-)plSh&cvwyb z@Gp&>Vjs449P5ZEcdcCnpa^HvBFLb9ut$``dELW*6SVJFrwWGCSV(vbYk2sE*=9^m zrNlbS3vt!}cz`^(Vxr<`@QWpv*obg5qug#7~>?Zzy}!vH%>qX#QO+Mmn8u@l8;~CmtL+9NJjBA!cfj6bOwxjUSnZ2dA1-9{js43@}<4 z8&cPMRadbfaeN1%__$?z8-SdL*VaJ^diiimPqMuiRz$I#1z(he6ZBZUqZzy9&WJx6o8 zbPTFa^{)NWy5oNCgnJRGz^Qv7zm!?g5q}$vtn%wmh#Zo(b(cCZN1hKJsu19z>iHZE zc}aRkb&;kpiegaqsw^88DdaSO=U=^>jHfoTqE7tKT?%Dy9_9u4m$TBfCR)6o6`8x? zhwUp-TvggyFUeH?tR1DAnPa?07eT+Z@QV-iVd?uYNC2nJHpFGW`cr@n7w z7g3AsQPbaM1uJipl+F%*f3RvJp+UiHRZ_&+eE-@eap;jJ(OfaEnmZ|Z4IQ`TcW>wC zzf6+@A-V|YKF6L*{QB%qps~>+`jJ{_M-zS__dn`HvAybc;1{_*CvXAmVq(!}(&>Metp4 z5gQSF*jnd@vir#K$7R! z+M#!^)*ff)yZ#;Y67i+m{bV%`6z1IKSrFH>q4oBD{ z@MRXTSS%Pkay#u3H5Pi$05y+-f9j#t^F6_7-BR3-4&uVnvWVdpv)! zv!6pC%4idzAPbK^@WDL-^QvhQ_CAaRc5`ku{&n)p_)3JxQ}(fMR>Lj|KhL#LBxb6c zo6gB)>X;Ts?yU zj-LFkArDW+PZ5|~Wj@`BFRhTFzvUGych%jT=tSSq-<-)pD45-4`4V$+RbrFKeB;!) zU|FRKd&w{SKf&7{kk35Nk`Aw-kC! znoz5%q-j9IWE8F)AVC(4@SORl=i{)-Qyy_QNcG<3xiczusOG4!_b+AQL;J(9^$mrybHWKFc)%|KAFBsCQP z9b^+7{ikPu8ZUYe{)(W}$E86)o&&Ly={nsZ)B+0s5fwFi=c%kDu0i+x00cIqn^2_v!Q=5qP2KHn zox%E!j1C<@Pa=q&Zf;$*uE;vE9!b)>?~s*a@-Do(pz9)I?QnRaje|y`tD=G9}23>*hb7;&XEG1@kN#r)FYPVqZZ0Y(>eAOI^dlr=8TxfHQQd2 z`pX5n{RzwEG7guBeCM%4wxYZ(V-EF*kqwW&;Vqr5qQw#AseeJ*TEVQ|8Orp#qz=k9 zdh?RaVf|pYw;rhF`x)9TA(FddpIG!4j0f)@C|)*|24N7&t78IkF|$#nw9urG zL-)N2cdq1O$RYMg2HG@RXvCVEgma$Z+mn=;;PZ~Xi8z6fLH}Xy1&I|AFX0846&Z8` zQ2P<(1?%egyF~QjBnFY3m)E-TO!}ilaXFx4nC3j&z3wbiiGI&3;-n)Tb%)mqq=j z^)X#W3T zea#~>?5M=Mf8 zMkRE>+k-u_>gK~keexr(7pxNUNW6lEmtnKZlII>#TsfQaWi@T$W32ct)B65%J98`2 zAmyJGA2t~2W=;9)Ecmq}37L^C_%g<4C`;k@SL(KU-;>l(5I=e>$bR%{(A7I0?3O>a z?;)xs?E2=3b6AY;0VjXX9ZbPna(a6Y9LU{Sv=9Vz-TW=ReK-93Pj6<#c{%-$j*gCq zIEbf4b7-jsnp~>TBPr1AV zFZX4baUU(S@nD|ul7rf)d5V)n_QRp69dm^XzNSC*P`vGqtlZ~+ZIWt( z-b>!zOM^8!g+gXQZQeIzSQhE4syQ`Op7rhqy!O@1-d*YPp7V-!UzDzR4LsnAo5G|*Nd&b2ZGYz?4PoEKg*|!=E|+g|h&8}gs0FRC_s$J-lK#OJ75se6op(v?H9|!bd5I}q zI?h0R%`6+ax1O#@dRV~Ynt+W8__D;8hjK6xz@zlQq(EnG;r_33lG=4F;g?<}M)MQ^ z>JN8w6mHZOTmt%tRjLae_S9c8gzw~*#e7_Pzy3JgKtf>8q({H|bG1<@<+dEbDW`ty z9`5*xoMts0>k-GluF6h(>ny=YV7tKW6uEZlVl_q1S|FNUxcv35MBO76qit*U^)xG; zwLYPK;#<7;cuQ0aby_KTRy9=QhhSv&)mnAU;R=0x;P**I2dx-uvR?qM3vGnYAD$v8 zZWk4fEMBP;FWquXi?yzC6%SY8)OAEn#@2*YP?QXwya?f3|cW1A6SMM&lyUSr%(trf_za+l^H=9>JFqo9bFbKhp zMdy@|yKgJ}W)PKHf$$x7R|jKA01nIrF?jCw`I+H`d5uX=e|_HXDrjeioR!6)o`*Q8 z-zB>x3uGl3tQ30Y7EL|b1r5M`2+M`|n>-vH(S`&{#90}iMnn^(&mP?q1=!xt+vG)Fg+QZlOMwg* zRk2^Xxd#xJb|2N}HO(+miC?pX3&7)nwMc7ax(``ARg34ElqZ5XnMTJTUbAZ2jf4!m zX5I1DX-r-P(dr3Gd3-~7sp@( zXpR+h1=*MJy`#3kmiy??;WaLK_2=*K!-|E|3@Ky@p@1sL{-^BsFodLsaV)g^aplBWi=7}G z0z=!^%sGNo%W%fqcx8m90FZ_Wp`dcpBm@JZYkg7)`5T8W{Z$EXyWqch9B(8Pw56d# zoYo*q5iamylNbRp3VB6J3<~FwCmd$Mt&s&+zluG5Jh@%DzdB=)XMX$db*gmT)mPvD z#{4Sr(wwFw!5s7{t9C}htQ%f$D<-D#`1vOC`%FE6?EuXCxtSUOEGJ%Y+@Ee!4*WyF zs7vC1y(Dv-(9orTt3~*Ww1Jq10)_TqYRixTG4ify4p3#ManrmUR97OxMb35^S$zPF zj#IxP9>;?$as-MMsdH6U!MX>rf7AcNdse`Uhor`h-eZxrs8+6R;_B)PKEDlqml&!! z+W4BH<|-H&k%GHR%ZjuF#gXgNN(Fa!ivAuvefak6+c=4dm|6ErR2Rl`>-Zy z`Ld2eGUVq=x}JfIL`4&hxJFb*?$0SX6lY}_;&n)c55~Y1GmrZ^ zQfPT}zt09DHT)b9_+q;ucWUqM*fgO%PMr z(gQzNaGm3Ekf)hW2T9wR76*v(@p-!1_~AGp3IrJaFN4DnzZGJj)J$<8vEf0i2o{XN zV=V;A325qv>|RsD%iqfav;T zT9#}Cz>REMfE0-)SYkQ*kBW((hS>CSZoMtT)GJ$xc$a^+o&5AjeLwg9x##QV;rA8} zj&jP0vK5ZHEH9irjL1SSrD=ArmbZCn(C8@kzIY`t3nFDccVYTalyRxgZ@Kr%D^}um z-B7?bA`WqSgndj91Lt#g^VzG@F6g*sp+by@!lrgvh+{6fuGmIu)gh)6olQ+$Sx<4_ z@8F9Pq0ki1M>%$w216SHVZc`F)(I3O7%RzhriIo|lIK@?>`6Lc!dM#z7(J8lrTKVyBWQtVp$dhk<_9lLcv^GR3pZJca@msMdu1<>nt zw7TM2#Mn!=Vle_R?!+R!}(WNJ=M ziwFNoYH>}6@Ou5x#ay)GUtDUafWAy@p|VLD|qo-hFRiEdO$SEp{m8!pl7=#c$y&(lnfV7Tyl zW0UV-&*ny4dwG-_(=eTUgD@IXI%j~G?hpEQs*s9PBwWtf3Px8g?JH6!DjVyo80$9A zX+yXWF%Bg@6kJZVEk>j*tT%uVdGdqD$;syuP?!lyP!=IHT^#jiAhnMi2)E191R)7? zD@fmi>;4;n2=M0>Tb*)^!Ory zb=*ZP#OuUuh9#jKjG*PPMpa;txOdqP-LAej2Lu#IHDZ-7)>cc(x41MKsC_)cwD-?} zYoF8ohUCm^d?M$#A#p|S=rRu56!$FASa77vq{&X_keomF3be#n1xI1zQk>+R|4tCD z_pRr%2L&Rc#4@+SA5Uf<(lOK!&Vcimz~cfV&8?XjXY6eX&A1FYCw{^1Bu^#y%piTt zxgjmI5l8wCB$Hzr(fv;#vOh*4ZlhzNxG=|x(=Vxa@ zdUxdqwM{){s?w`p2!9fEP*J+}$gz{M`gf@YVKREgPwY1veieXkhE6P#lAhcr6h3}X z)U@J%7FkU~Fq~y-wJ#fjK-1RWJEr#dabQmJ=6_m%TY@~IS^&{LIQY-n`Lcd3<|I$Y zU{)F-F7;v(yB8Y3JqhQAVzd}+9EjdIWZ>q&D8;4I54l^ndqKW2o|+Omd!%A5YJQ`k0Lm75hqP^wg3Rh46bP6$Wr>B9SrtybSk^> zu@s1aPPR>>P~65iNFU_8mW>yzDgO`15zUW4(@koDvGzAQ6!YKwvTnv`zGWX+_`65L z4*OyVq*H<$pHENg=yg$edA{j_HU1TE5M7M3KZ2}PKNg!zL9q#IaSu$o93;il=@C^b z`@tqe;p`i(^NgxJw^OOvF>4M**;ffdJL7Sn6gRZ)A6CO^I@<>(J4I7&sHD)9OvLIU zzu&~ESAe`SnOEs&VeVYt+UVQ0o7uAUQ^9?&K+A$Lk-+IfTMo|GQ?rp5atK29`6YgX zV=5b)=Pe!bJ)(kjYuajkQR}U~9x!)#5`1V=d#Q9b9G`cFV72l)fm%6fkHmiBK0)|8 zTSpXtFal52a|b%+EMU?Oo24!eQU6ZZg$_js#tjWgT(5$fXwf#ZCl#nms;dI9U%FYYV}YW{uz{Oue23Kj!j}N-Yf98=)}#!-aAe*mCkL`G zR>un0A~5N|_s!j_r$3D`8>$w-_>iHB_+)1Km-OT*mu?=8DUo?GK+nfI7r5FAxBXt;qTH zQ1hF*(bXVA^LdQlGkXWUP~*3tvrTk;bGS`daP--YgQ3~&{BA`BF7oC~XFlMI=Xp`K zT$|S~Pok*BPqFmw$0RC$eH*j7dweN3ZxJCe)r8>pI-D>sBIx5j4#UOdz7GHXuxE}u zqcGFg#5%7;GgKi1VI#|}9|D|I_cN)kcpfsob>--%*K6fSG(K=0|FoE8>;~P6S*#p8 z0li8xHj(sC8>CCy-z~ziGCI|b4P2x4Hx{}1;Dc22*{};4ek39hn^$NdXncdd10ta9 z;=Xpjq#3=f6g(^~jgF#gK>JBQB_?9#!z%Cy8xJ@tt0G>AK=_PV}4k$Na@cepX&yR$f+aR(J?WZTHn{ zrj3hdbtH-f{2z=B4fXZ)*K|!x)`Mm~mO-2r?8h~OzrLsFaqRfR5xTB*M%VW`_EFP_ zpnTQ?K=l5)yZxHE@8KT9#<2jA-AhIbG|3Fd=~5;s9Iv zrH|X9ckX(k#T4m|6RXHTQ})>l)t7_~b~AQJX>iePAKQ0nztsJ)-V zs=4+hpsaJj3Ej~PzDzUaEg7b1`M6vmCFT(=v=aYM2?zG`aTp9oofL+LH{3hi2qI4! zo|~h^ol+%hQ0UEY#L8o~C*+iuXv<_iYH$r!lsP12CMX~VHyu)y1Jd~UT3T}Lt84r2 zgUg472#m`MiT_v=Gj(I2jwVJ-m4QI8cbbI&mQJfb2uo%Qu5%~3zgxwPz8G%CC564i z)pUuRyZep{5ZA3T*nYFj`bGdp9%{+H`4>F4sCMTuFKB0K0xEaCKj{vHqi@e`MD4;D z4#JmlXTUY+Du@k`WAkJAwL9a&mwR4!?#+fd?_;?x9be~535lcr+Pv^}$iuRFtsI{@ zv+lzlZ^0A^OJgXh)$X1K9b9*k=9hw@!HH z7CQ#htu4G)O_2ewAi35w4Zwy9>t@Wb3$evJI4!gQ9Y~8FC59Q+LTD5CTUCkmoq09_ z=;Y|Dpswy4c+8L2R9z8+4Bt$;@+GEqkjx@YTVfMY6A&K5$QiX^&ZD9NkR)aH$9z%l z(U4)(uDI1vWJEuY4$tzu)g=o#`xU`*%K{cq-;6{3NxHpuVwX@s+oh`&<^h@md$-Xx zG2j}f@$#>xXMFJ4O`ja7|KS}T^Vmk5wh=;3c1xe!DCb}AErv5e?@z*)1BY9RlWfB` zR-e%oVLo$izx2=7E&9waNZsKo%P;mD#42Bbk^3%3Ggy+jIG!1(#k*7mAz80oxlFMpDucvXZF&oS0F7nIqO$Rxf|X>>?Y=1R5t_u@Fo z_Ld>jn^tbc4E0iroi=x^4|p*<=o)k)(yAxPyfSkAv|UO}c;As@HQ^H-IPdLhNk8qq z`RCSpfyA=$ZiMFc0!e46dZM+k1mqO!@o^)1Kc+?ie~U@?EA;Jo5@#d7JDsYDNFg#I zJ4*>3)h0O+6#}{3txYmvT=OQ>40!KkWN7%{Z9%Bo|5cY`${g`?O`eMbbu6NzN~wDjy?u+J+_fh z5b^LXe0;8QJl4d^8Tn@LCBP0D;&tiW`FR0At@XE4Ei;=m*wcD?ZUyD^fp9xf<2_;Y zyKgip#_-gbJa(~k42{DgJobOcPx*LsNu7JjMrf3z{{2=hQD=1EzGK(hSk(L_|6Rq( ze8>00%-R8u5-USu%GljFPWP+sKMS`aA6I!L$0-F?zKWJbj>SrX@}`{9?T%bkl`P}F z^;uh6U$tdHe5^m|bSvTs9KCyBC9*8@MnTVLt& zQ57b!Oc;B`n-DpXC)ep2S7>H&5n!ilQXRo<=Jc9qnz5QHH6^pS$qdpUvCrz~3d0_n zlu&Ab$2(A^R##1bME+uFw0a@!KyvgPi7##PZ`VTen#Tj7gS?8CK|~$}0q2(|1mw*N zt#&`lLq&?We;Fk@4E#w|;F*N%arXV^5aeIf?qPU7&RwioXZ5W5=IU?KiR2P*(>d)H z=|P}=Q!&gJVzFlq&<{^a$T+nH=AI`dl$-najOwa4&y>TFof9x!$jbLgl(_ *2U! zj8w2DID;o(PJEt6p7qB|c*xKFC)Y=l_4FBccWGMu!_K(iBEoic$Bd}lb78qAl_B3H zwY;m_=J9OD&;4*PNZ-OjeSLY2RjE@|wMKbN%hH7GHM|w|)cmUBWgZ&Rm8izYyg4ou zFA_^ts!KK7A%x!vh|Mf8(MtfH{nPR+Y=U9211RAg%z$<*gXw7~@M+MLQ96LrnFF@G zHOzfcHVoEEe5b8jNkUZq#>`H}hZNLpYo%zJq@Wap`C{*8Yv#A8V@K1|+rUr}LiplP z6e9m34n$D@v7yhW)t0ehEy1SAOV?~JrUmQjKoKgW%^&K_9gpmcad3gjgrq;5W2rzf z`%dgDCVGBd^&-tYVYR+g5DF+Sk&+1KraNo)uefg_)%*^kTWIm&qPh8YJn3i#q9Yu+ zKPAgj-bS*YOtR$v6a7*ilwiQ4&&Z&6XV_7ail86!H1N$N&eWlq)={_4QkjWXs7tkM zH*t;gD$5m*Z16j#WcFC>c0D;(d(Zm8g6MP1)lVls@BLCh^@p%&0*%8L_sM;q+zf{5 zn?JeYe{P~u$L0ySe9i;K^Vlb^&ELo8h)gfPYMk!R`}scj`9AtR`o&-08ot&$m+kND zKff1h6_dMTc;{J*N;4Ua1nuJ2KfS?Mac%odFSvvD9@Y*$96{ELP{O)x&V++*DvLJs zN0~t@5=M)vNvylx-S>@Hi~S8o8jxFh z+wMkL>aGtuOiH#6$($pQ?{Sy9ZA&5cXRyN6WuJ2@HzflEZzo2HXHFR$$tnM-Cu@+t zm}VPY9yWUUOzgx)1P6RHkMuqw*g?jGF-gNByr^Dz{MONYf_J1TpyVh8zbe$wqlExy zXo7_RPJo@%AkSY~fmOvB{_zdl>0v}`dqa2k{%Jyagsb4B{G_UUZ3M*`Oj7xpiJ zNfM)H8)Y2dd$n8-X#N;ncd5HM`K9am_OM+vlc&3EX5mD78i!ATmUj&S*{i>;@b+c^ zHX>eSbV2!m^8*pUUD;Sm%;w8gRGG~b-bMHOYnd9P#QCF`s3N$0vFpH{Gm`D=ze8NH z+|Ohe^=5W!22ioEwQ`eRy1)1J$Ce4yM%Qx_ke9JoWW|!7q2>t0CCu}xj9jf ziI08(#GF(hej7iNTh1vK8yizy3KP`d7x^_78)(KEX@9X@l@x__8TzxgEms7wH`%9d zPzz_`)v%)LE1WJ8R5hSb-Q5o3^NJl!)(41!_d5O50zl|@^iiX9EEhb@&e-3zg*GfX zf`U{UjRFt+V(P1S@`Nv4zNeH9^4VGvP$&?uFL9RtBrytFgpi zQzXkWtlkj^Pu;Jq%R&XdlX623es)kpD+f-r4~z#q%t}K1*|R={x4NfEqJAy9mJL4Q zuvX-PzO3IMKoYYZ2^K%SZ1-OqM@%I8xr31k9|XxS%yg~A&Hi3(qNfQc7su#!=dHkZ zau>bQKT)EmYImQ2-xT&>*EY>GMrAJ7f_h4$$6OB!IPm{MGwO`uAC^Tg64R_c{8*8v z*P8!3jx}-}r?0P_(yPl#qK%kQ_f7hn-t?4?=6K0~^EMe1?7Dd{tX^_+!1eRPO1sl= zw1*aMuAt$AE6ChANMNfu7%ZU5fL>2YUh2zHgQ^D?^3ZWcZ;N@)9rKIeEelk;<+j+G zR9Fa;qS2XIDRMnH)0qASO0Il8CgRux0SJ&JaV{~@Bod*C;&ca_*x;#E?!kO`$pa5+ z%*xlup)cYw5(1oHyh;xlYs>|4LBXJRG$i?G>(~IFUdWIL&WiHh2?TXe@&y? zcO=B$3-@2DSQlSwqNnB-hUlEW^M(t|LD27IJ{+(!m~pZf4P<*d(SF3d{97zdyXVpv zZ|Wsg$CNWAO%f%UGF>Pw!ragskYT309d5?WHPJioDPr-=`De9aiDI8<4e~F1eV)5oD0jB z*CZa1;IiuZ+k~pKdp08I8q^IszOr+FEIHbokxL?HO;!AeO|`yNM-6QPZ%~8DLc1H5 z$D@P}Omhs&t zxt}|icbW<@jzV(0G7b6Ws_wFZln#2xJHALMznBG)(y;P^PvTB?>oW1t2uHT{P$SkZ z5CR#=Lkw^os#Kg8NR`PGL{nzXWckzZQ&L+2&WFZmMpoO(Y-rCie-pN4Wa^_mPq6ew zt4`(QC3G1@BFZ`SYJtp06KfL8PC@BrvAtGbgVRI$WNCRbpxc99R;k_e#$%iEXyZ>1`8JZI3C8+9 zYI_OKj4=V+5+<%$P?gTxkfm5p$3yF$RP}xoJ<^#G^_=c}=rFUni~w3AG)R&bQ!Qr+ zd6Nwwz7hznt!BNi8w?MGTEcBE{G&Nc{VyI_C=uG*>|1j`+lwR6I4Us_jwc; zhCw0Fc!rR8Mv??gf19^Al4-+$VRuk%#=~v0Jm9>oZ(h1nh73*-mHMn_kp00kH^9_a z_xdS~VP+5;8F@p;LHl-}d~a#fD8Z0{{7M@JVSL^XeLX{CJsPIjn4YC#TN!K1Y%x|; zrQ-K?ElAW)p0>U8Thsu#D4S9WR2s!GJth*D_d4VXI?9nyZR(~uW=SDL_BXL%<=$_< zdRVh}g<} z+`jRONiiPkHU^Y5XD{Szp-6=`C;{D)ir|7W9<~c9-&yUV^N>-U_3Eq*rsQzN+W=w5 zdiXI1d;z^nFUJ`0oBVgFvEGZ&is@KZeLJuUbi4EWdZgbcNtp6sxEX?qT#QgOttA0}>I^@Jc^e)V2xvc-h zvzs!+GiE{JhqPx+uun|w)SGknlfI%aavM3E2Ry1`>p;#(6iA^_;GB?c`Z&_zNNgNY z`3_w&+PZ273RH#HjMN@l+?uK`kOxJ?S?Tb#+js0z#YJXJ)l{l+k>u)F4+_Be+qT?7 zY(Tvm78C{5#r-n{3L0v!{G-@1s@=x`mwRvjK%o2`Z`a?pdtU0Ksib(Nc{Za?kAGsM zZf>t{?!g9V-R&5BBYB4~8yHHF{!<*S0DSWx%xxCv-eJ^ZikQD9>uISy1guP?CFEC= z9uM|NZk*dGPHiePV0}<{J-FQ`qvdk~xJ?rtTq3PFv7z(d(DhUM!&8euEmjvJOlBj& zhGKG^V{k}As1?-x;{a4t6zq@uQY7=FiHsL&C%uTyq6v3?3E&5?#YM^Cg{bh7CMv zU!^|<-0I&+o1nM`+xXwo!Wxj9E6eeHDhz3_d4)D?3xQ2$)hj5Par600G@)BQSR5hL zmtm!h&B3s348r#^QQ`jiT1p7S1FQ9yFTg`iQJ8(g8ShByMv&+Jq7$~ZirPo|cJ_3N zV*kuh?5&h}w=aps@{u3C1*O($!!~yZs-m5BK0dp?j)-{z`t&*FQi^{(yxd<7&ETVX z0KB}s^13;9suaVKenM@URvzG>_o=SmoJ%QwHAv#yWOA+2YF%{n`EJS=T7-jxFMYeU z$9j*CDV~}H{jbhY>M{7)4DSxGx&XK%NsDg^7&pV28zm$+CdB9KzmZ`k}XUC5Fe zpOUZ$UNE6$ZF1gbqLOPjnY|8FO+wB`_h_0r$@I2EUu<3Mk==!um{EZhl z@+m*515thu$;(bh5kDap2}BVYZVb6lHy}4@{-G0yPKn2$Q?eD*ZjndAhvh9O^!#%L zPbXM>r+SaUa<>it;>Njw?!L$CUr=BWxI)z%<`=)(T+|Xt8jC4<`7Gy4HBU!R{q*a_ z?#S$tFpQmi&DHuI@-B7HRUEYznjon$MvOu$44j5b=t1%WwV=ne0uVJHV6iLfX zp0G{aAXosdR}y-f;}{#ByBv*2Ph*825q`Q#dHtzt%fTVa^wD9R2s&u_pO+}I)B2!CrKi)Mun8@^wsvut4F7# zco)z_PIu=swvyA7H7I4o@v4A0)B6dEG)q^~H6f=<} z%%sF<_N6o^1&jODZO!;zDFTLv#oG|l`f>b-!3S?hy7$lS9A^)!1rzIZlwWDT;N$0K zS~i!Xw6z2NNhQB?`iG+l3Vgoc&r0+9@w8q2&nL>=nDcIf1Bn~>BJs8LuQse#X%Pr< za(M&1hBynlAz!)-Yk3EUoLRYRMwR#YX3qXn7Hms$IXk~?(VS?uzR2A?poHARL1Dp% zgmRztIRV^Jq9vs{`$NS*?4n4%+8=f6wtVPQa;fHkVL+Jq&BYfr+wp|MY_;PUkHPBy*_BL zrFlP<^d3C>qrhHWDK>}x;+XZEdR8td<=PLhp%ffs>;-63$lvAhqGr>}=K85Nc3jGM zLDsZ4orAQGSJxuqNAyqpCod;XiNO*&;Q}49@*iMXesXQr~L# zW^HrRHUOU{JUuZ~|7hC{UH`(J!!g5{&U*Hp5f@(X35U+g!9`b1U}X7fr*GVs=a|~p zmMG4<*>P56uGDWn&Odt(zIIg5^KNcj$4#>BGFNr4xd7SrWl>1XfywoQul^0Mr=%tX zJoEl9k8z<)=Z(@MC)@mqS>bic~NY*dzEGFkGys^H9Glvbr z-}#fiXuwUTy<3$jxy-#N$^`F05z+GGjshT+rxVZGFu74j8}}Oc;xus zAOGStk_cuC@a}cy`9E3-RN5M?+kkl~ky)lOR3w{q#ekN1QGug=U-%?NW=Z zI4EaDqun+{>dv|6{N9nGgmj;M6W3*rxsl0?&C~139VQMCC;X z`@1^WIXE02F3qkCXJM3K!#awD4WlqX=9O`H0@1YS_T5347S4r`g;H~2 zFxZC1LTFf>r6H7@dTZSkv|m$xQ3fYD3hvXy>UIbk4VD1~23Rjm6&yrnqE;OzGqB!+cmL}e3w+>IwpA1o515#q<@kn>%bXQ>% zVH@W{pI#a+AuELSJeAZ=O_E%pOaS87rF4ImU|f1}M)GMvKZ@RA93RH!rS$ZdW6e^q z06o7gs3ru3jq2o+1meT_7hrfhyqnUld7`?RIN`14N!WhvS75%AJ>Rv~pEQei5$QJ_ zgU%T-3$Ge+^i?=~r6lTD{5xTW)toAsF({B>h~Hnj3i^w}j;`T1JED^Ri4@4a0W$<- zv4#P^2CI6qH#E65PoDbZUYc!rF0B@SAjxxcZIV@?zUjNYz3~51l!r|NG7cmI-JH=u zPclAiY|PpTah4m*GVfBu@(a;wUtHYyLLBZZupnAVq26>O$jHIiKcE#Sb#}-ScV}{e zJG-q3d(mz)AH5~INQt(uHs&W+-jAaLXx2Pf%%+au$O5^BbyaY2oBtO2fUiP=AxrWC z(qw3FSa4+XaFYaSx+KP3Q&BDrM%6J{_LYv{FseaHh7GKaWPUBc^sZSvIh63rFbH$m zyLTdA+-J<;JYmC%R2hu@Ab~ZcTjU^M(HtH+fzuO5#as6S{`PYUFMg9tNDOx7vzV7| zT?RDBz*Gzg$kjXLJjG8=dG2d&3#=o9Rt;D;70t|{ZYJ#k5-ehJp0Rprzkek$YEQU- zZK2swNe(#tXa7{aV(>l)_<%zTYPp>gE=FHL4AIx^DjgVDH}T{0W0U+wN-j6cIVk_C z0S9BeJ+3}R^*$DPI$xHPN2^hLvayYJPCQ~|2;hzk#iaNvjbMDl9(n0&VO&-UsCOgs z?&rHyr^e+aT!RH%Ku+^eh4!_D;l_>MSFG?W*oKH753bRZIT- zUqS>)RREe)m)F$MrWgq1ig1c{FIvyp50ikandJ*c9SMS!ovAI*LN3-wyNOU}jL&|*Y>F0E^Gz+AZa`jM2!>?lIx9ukW zB_j>9%NdY|#@j}#et^0;?D$W#J3-uqBWBKGXI#X=T1(&RvH7hFgI_1 z{^SKD;GlY3Dx95}yMBt09Q#p?x@F|;ikop4N$mc3vknS^2(W6j8 zXpN>V4(D$BMQVl3BvfFH>6e&V;i+mhACAktEf%+5SMCdP0}Tw8QOTUF!2``MR)5N6 zI)h@sELoPnGs0W?n=XgJ)>261O+H~i0aRk!ya2IUcB>#7Q_4VmS^X??FuPT}4~+AK zUK9EAnpk|hV`#6~s52xbzJ2!Xf zBp4=pD2-hst;2^N2_4vauzHOZ15qRBY?ggs$-XizAj%eW1?dZLA5iRwtOeO5Zi*tp zU%51O{uVE&p0Wm_uF8H|*ydXjn6uv7AUFzIJ&{!dF0jHUL^J~1O;J>^L6Ls3a9eH@36u_@ESZ8_gr;oZAdR7n5OlrnahEB;EaxJ|;u7N>-( z%#(C+EZg3am^_8}_k7G-Q7HHaa_bi4Q`}=9w8Kn+T^#mFjT0H|u~Jc2d0xM{vKUao zcQhvF9x7ZUs!RMXu!=ZrdHpz%CU;r5(@VozMAQTor226mY%kk=e{0nT_0YmeR?Y)L zSvT`%^A#i``YO^Hr)WG!wbaWO>I(YLM||#5|GgPVc@D#y2DFCFp7Y9@bHqTc z86uBF`_yZrVgNu-Vs0XTbJ|TVj3T=B-;ThOWwZS&^aAxnVLpSSOb5CAibWEG?b21koAN!iFoyW zIq!N+rsrLzXwUDn6Z*}ei}Mwg>RJlrZ%r-W+Xc&*r+;*XivolZLv?Xay1awc@BD9t z;-iSHh{|Ti2U_`4+lcWdE6^mjl#VU5_&z@nYSn&)Y8#) zNeS#}jU}#~v~+(z;{ZzZZA+(_=Zn!%HXB%rblX2PD>igJ!QbOh4o$Un7CanPB&gow z0FtH=6(VJ5G{Q|bLv@t@d|;TB`I`mbnE?( zYPjghiNq$;RjyO6Xo2fufJf@5gDHVEO2gF4G<*I=U(keBrjH(TbK`d`wBS0ZM7mR} zB3Anf>*w7DLmTa-&v1|y+SZ0Gnp>P7syIv4s&lrSFZL4NKNF^WZvNWRd1UBIx%?AEcWx<3QG)-Iu=U^qyx`E%cnmpN-nKR`KI-z6ED zrxJOa$5)skYOM+zCI(o~*X3#y@@~{h`DMF!CtdmOvn^K#t5u1PZC8?F^WcDhR$K{` zHLU@yeO8{8-{2SbukG!>QB3D&1P~{2$)f9``jz)R!#*o0kCSD#E5~x)2Sth=ej@n zs@R_wr1X!oI4eRDW9{EFJfnmv_RMqEDdAM2N#4w$QJ|(BLPL>9d(Aj4&}P}Y8fd3z z2pKjHl?!LkS|{j{R{tXK+TLL;{@+V7Qz+GG_fc~^WTreHL*vXHiG081axASj)~^u>u#6=}0dU~^^^#Ct&r+tOuie?@5l8q7 z^5J8i?*eRe_%caVci+fWH@sUr#(#H#pLW6SDDAvnkiqwqs!U);l zkrXtSh2g};0wy3dWFoAyNl&%6J3?KaITjXD%Rbh&eRe5NYEVgLRQ)DaFwpl$A zI1;9Z!zVwJ1nJe{#1RWfcMJ6p*Z@#WGR%g<@)AV8Hgv{(&s!pVJ8DXV*rU4Mw8?`DarFc2ErE$(&7|y^&+jCE@6`ok z-*wk~54>%?dsAcf1o~i`AShS^qq0J#0I6RVaus9qkv0KsAh|jGimy|5#D_3Uobcf& zknEs!5vRmvmY2bTQGsU6pRo_%Ed1Df*OGuH-LAmb*Fx@gEZ9Fp$=CN1ckAUH>;jgz z3gVJAr0n#+)N;q?sU))|YO*bj(ufny& z?@Vs$^`ow9zX>?WHwz4y4%68pH(dN47%tpF>E&gQ>I%jCd^f#BoY5%snNkE*Fx}r625jX+T7o>i7&P0m!Ywh9)Wj8W;`?M_ z<_*J_I}|n<6=QO=9I}o)@lVR@1@<~n=L6gyPDA03tiSvjkj}B(95wLhN>mUBgF=&X zat16*-lPE>tmF4%n4WDWR0u;AgM$hghu77EhY)begJ&?}|DZs~p!0(XZ)DtkDu33O zE+20vEO}UjFu3*&lmn4_eKxJ*D0NS}+ zm*j&E z$(aqStZub%sX57)jWIrRdwVlJkSPOsOYuFH8;98=?>v|Nd|L zGy(;Mo@t6(#Gd5lq1za%S8b+J->F%DJc)bd{~g_#>#N!~#d{(@Ke^k(jvDsLV2MW4 zX)P#5%&x01L%OPE%r(LCFQfZ?P%UH#z zy{JA-=MD&JMEv8e%7lh(s<c`n3GLuK-v%b+RiI-uLxIS?zB$YtQ}`ha{417+U*xtebZ zkx}4i=xU}?+qpWE7!aR%*#cfb*=#*m00X&}i!B%%q zQeC-phHGy0N+f%0Nnb1QCCf)@_u1O$2h2rl|vUA)U*^(+dJ@a7XiNthIeK65cLFu*Bi ze5beQB2EU4NEPKVr04~9^z^v+BfQ%jdGrha1$%nxzKY1R7z_w?<2tdlwnw1Z%ePT` zEWz)`6iFfHK~Y>$pg2{O?V;dh@Sv3+tfl1tNgP` z2bs4sTkQjSIzD)Q2!u}9Ui8|`-P*djxt%(DIaE`U;Oo6ef^1(FXET0l=8sejd%OfbE9v17!>7qGGIt* z5Ua5$VDj-T$N{lbx_o~q4dlbaP`WGpzxR<-XEJiy4$@<)@_c_+-by+b!_7pG+babJ z-JVLi9zQpM$5{U~)ga`WyYu*gm0duP3orJeENjg`gvlT>jajm^*(5v~JS~gG?`7#2 zx*sk`987L#A3s+R;^OKE)Q(2g!RvUbu|iOQL7$< z@IHbe;zu4P<*_3_02PaKL4vfNOIvP+w$;Wywn}#-(j^*SF`p8eR!)OS11zd=36gA^ zz9R-m0wnF_x{=w~{iEOSBzcGX_7gkK3@gSo&onEi#}Kuug(`#ab@n$Hb8kvMc8T6X(fjQUlAym53o$l6Uy-<%=T@8L8_!GGe+F! zM{E22qz@eI9Tj=ATMlZ0k{)rkj!f3yEREHMA;;z@8trpH_S~=Uq2L5e-Ggi4>Z+lC zXR6o_Il*Bs&I>iaM`?%ps`4?Wu%W{nxqY_(OmlSJFK>FHS4sVC+xp)R9d7eh0@w40 zZwp2-Rn1qPa$M-4v+W0NAhHQ_v|H%kJfyXc2$a$$Hu19%>OurXlsV;Z+!>fxrDEQ0 z7kftanw$*(;ve7!j<}R|sQU>|N*Pkky0Y=UIm*~Gg-*@KLMJEjTU`@B>p>t`jwi*4 z?|cK!?GZPp|8Z?mV@n9&>xb_qPeh>=qANI8!BgWB7d92>P*{i7VZoFLHmk)0!qPg^ z9&kFO%52%v3|Cf{SL{S8=c(o%RmRAa2#atJ7a>?1xGkuFPiFZJX{APU{rP<3p}F zv!6%;j34EZ@=LL#Yygh(!~YA|Y5M@DfVlmWl0axmyM0aN{iyhB)2+YpJk?>+0U0pj z-%@DZYyxN(0FS9njh2L8#p9fasYIH<&o>BBqV`gNmN`FU5V7Eo z-#b#LQbA92-iC`OLj;Lsy#IF?2wYUTh(l@cY)Hd%@_27f4liOI5`H$p0#hpo4}%4C zt^W27Z~NNXSXm8~6ZOd+uCsE8dk0*)s(`RZBBU!<^f!5W2!p z!k4M-L(lB3$;HV?zg%7$vE9<`G^qohqHbBcg#7tZ<^SN>l}yBAkXF`G{TDwvB8KmY zBIC%g3_rkQW-l#OcCRhy8Z(e42-VBR&3bq@AYFgt$FeH4E=CFB8BASDfgE5-TF|*vwGeMr$Y-gq^Do3=7gAoiyT`Qr+c|7f62fUW%H_2;7bHCnM z-Q?;nqb^qkIJciBWNb#vtsNV!T*hm-5Toz_*w^z;_b+|EuzI#<^hIaJo&Uvk>(rm} zXF!~72DfD(+U2;od~aIIV)P-CAnyvmn{!+~j#FnM4G7$l3jrbZGR3R9Mux!?Yc8D6 z?3{+aQCZx;ck9`_V!LwIS7j}l$TWnHFO%zmlyNUYOJBQqzVi{hn%v_o{Wf^|H-zi)2SPw$$?BY0F^$r1( z7j%D+HP3yU-1if{_~M2+rOz!HR?#@`y?TIhFX)>3f+i_jB8XPm^PYfjSV%8v+w(Ov zo{yp{;rBp2-0&SC+iY$P(&NGfAB^m#py`1#&>>e%uci4Ng`gIdc!w3l$p)JkroZ@yx=^7k9#a!d$e zlP1Crtu_5Z@g1c&WYyD0QA@!7+S{ncf(jY{GM<=7ZhQj7d7?0)z`=U_br9%TtM^64 zS{6*N$|S6xCUtE|G#F%^5=~A;b&QEJcuy|qx~zIK>*;Wpi0+-v4>xk;484ChwRyNd z-E7SAMaLCY;%941L?#J*SG|yK{FjI>JwIi=O*%^46GHb^s01MFY$O0Bi#THFg(b>y zF*~n*3Ad%oW=LPCMS^)bZiWhHj?o5f&5eZF0#()-@IkopIDDn>0Hy2OKvuv(O52}A z>pTZ*cYG1w1-0L78qU9;h29E&_8eM~p@gYKUvg$6r`5JgL8Q&*Xp$SM_wNl*!=$lb7!T%>=ApI@^PhmBzdI+}Wqy*!Utc?FSYgGs*DuD?3_ zpOJ@h6teDY2ix(T;^+>K43!3Xz)=a9zZQ5CN{2+8I63;ZD=15h+El z$HL7eJuujX{iCC(&IwZ)|9AhB8Vif`q$BO2EBj;cnB?>l3N${hS zmn<2B!)#EH`=3`o5JZv0 zIIpSc^l&rLov>P*n+F_A%Rmo;V36z(BtO7Zk7fzmYK?+IEDi7H?;G09s;zdAX3G15 z#8?@Bkb)#5c54Cr_zfT2=I;q~HEY>jk1kbkxwYgpw7`2J-0!b1N4eNoBB^Og4dETH zm4QbU;4`qMl>qV_P2zl3I^a5UgB%S0J841Mr~x8#>X{6hB9i~@Uyb=a89FqOAPK>FLpQGNRXk^>LitW{x57vrm6|43oU1MJy2#r&3gi?k>ue4!fEH-V#A(g(B`ThNckTunvNuHa_VF zDo$7>{N#N73>Ol?@`Zm{=w?E!9HyqFaK43qm$FeS|if z7)VBBTygufyV*uQCNdz^R;&NPPIS+Re|JZVH;J8!Tsr(uAStSDfE7G>j_9kn6=@%e z-NBQ+(`gNQ^8rcF);`0^GY*gr+?J0&Y5E9ez3H%OzYPM_FiIkRBBqd{stF~{J`2ny z)%Zgl+=FLP%k?#7gn6gK%a^HKQQ;o)85ftdgYt00w1Vk7m>1$-tz|2Amabj_EG~FU zk`g(ZMX}^{g_M`L&t8M)HUsct@w>?TxC|Q%osscmz|rF>*D3D;K!GAWYj6g>Ab%JQ z{Q=fldwl`9N*{|Us!1q6%l@WYFHr~W=~l`v9{;qsPu$ccJP39`>(7U4xLF=G_;qMM zlBX^Af}}ehK##`~-d_nM&_2rl#+yM1~n$r)!Ony{r}^KA@abwpNr z<^=(Q-qHV`1wfzyd^P3D@{)l=mH{VL*0Y5DpndyH%&C>x*^iHol!5V~lZL*|uKqqg zR$oM(W6pDO&U<&y$=h74m?9?N0b|uQd(-XbSEeU()FS+%f?^rQ6VH77z*^N1;p3GM z{$Rh8S68m*(<&VONvbo)jLejNTUMLD@CCtzX#3IDE*(QvESmm~DU>7});_hMvQYi9 zQ1)p{{X)Hok2v1pF8Ds&NShq*6uQ0(?J6njbXr(U)SJq(>W{U_LP8Wz&&}MCGSZBlU){ z_V4>wd)8seky|`O|$ea-7G0B zNOyyvba!_nB^^sQ2uOD$Al=9!-5}kK(j^V=dhh+cJOAxxz7uDjIcMrT2Z^N@DIfd; zylKMom(k|<->NKu3A(yg)^Yo(?d|RCtrs7PcAnzt>B;Fgb}_{CjgP0_)&u|Uo$?7C zW?yf9>naOeB$GQh!Dc@TY-w~o>R5Ak^742+RrC4%8@F}#Ip=xJ-RHB1^X<}U&qwH| zCx9|uh%0g#Tg4qGRQ<}m`#9>L0VE2=e!SE@gQUdG8fChv zwg=XE1-y;=W>5b5hC9??Br$VO$2_Bi$u4}~u9ynXJ6w~3u#tR3LNMHY3yg}g^qChc zTT1olOSa7hT4~)|=;+$GTLXV&3)!X9k1VC*7&NPziN{WRHp9%vj~y9!V*_4s%N_Go zise+@lUJRSSBnQzD|{q|q>U2^6@x`b-8oz1VHL=E3uowZWwJAbD=g43-;+x1M^M3)R7JT z@O>Nh^aA07bo@Q0bS}(M6&!U)&L2>K6}LY`FMZA~NwikbOb1aPVcavOAn=zHl~ydN zuY0KHqfO8JHZKnI7oQwGv@FXnea{ff{J~9+1SWUcvb7Sra8wiC$_OHtWws){{;zXY z#C4cr`+S>DB9a_&-#@5Kg~H2|pv*hjYXgtrn%SalJ?kkw8{P@<)9x>#J!iUdy6x-1CrE1^^f(e#_NS`3K>xvZv{w$>qfo|1s{Zwl%q$B{oFM^$62t*|nHJ0=5+}T(>a+JjiX&kELB0riFEe^bX!8BV` zd80RCLfV&hNPuQE!Z_Z$Q7W&JU*YR?^8Q-aJ)Zf@W{dwrUj-Bcy z)*qm_&i~PS_WC?(j9!9vOhso>l|O6Ol!vsy03DqK0TKw`%VQy+4inKMNvy`e*(G=o zm=Zy5IpYFd$~E>7YxHjTEB)xNNPlR@ofAk)B@_du*+Sio+P)SrM{QeL-E@*yXth~n z>{GbEixNLH#qs8d51KL%h$;W*RFg`4B-)-2M zi})*@2`Nv3%kkB_$yxgqvy{y~8 zLG9A+{pXN9mUQwf`snjlL}<4&4&>wpu%M)*6f#q4hqtaA!5GQ#uo)qE*egPP4YE5f zBQ&FD3sH$Ceajw02hqc5S|*@N6<6QMN(hOVD&|GUcTf$t3l5G0M;m?dxs*En_%qVM zL<2?B%@xI~x{ng-;LuL56N|xSGu{D4Gye{~&NBBk89VjNGL*>jjn94~_mowu78s#5 z9_FQ*82X#f1g8c28lxS29CCgoDya;W;*4U8F0>s9KHktQRr~1R*yWkuFlHZa=BAI| zSMPvq>KJ3Cs~1LCNh5%&s7jeR(c3_at=B|4%qh?q>zUs#z@RFe;5Y6AxkWWKertM% z#b_5ROHo=7Zeu)Mo1QaG+;~!^w;;Oi1=C*8sLkPmBj9^Lk{OEb{-G~ z1@nDHKbru(+8D6{2>p9ia29`$_>_;=_ls#EY>fs z>L}2YMOK8SVpQ|9-RbR46&ndhjxuzP`m(q2`zQOH*IuZ7yE06vf^p70qyho)toA=| z?n~m_(Thz0nd%bvOJ5;Sc0dRCDW`3qY6fu~PmyO*t)3n_`Rk9fm_B1b*Mr9qXq^a> zX?palwZ)t!TlTk?ly*DyN#fihA&u(DB=I+e>!mz*9FG^ZkKt5rcUq-Hpx{IfMu)0g zAnZ&T$$;vIM5JLr+zCe^_)B}oWOEWwii?{Te@D+qAT(Yv2>LLNg;RiABu`T?#*aNj zPm%e1?%SWbxNu1Ko}c;GUp}vt8dH&IM`589W9_wBBd-`w=(cfPWf$b!)aH_C^OZ2{6)%>%FWDa34hj-*N z1Ws})1OZKK?z?SA%bQa=2a6?<^bwGPsznlHG(i{->CZS!fQYNWf!U9QKjC=`g6ZyWntAtB zH-Ix#sL|2)61lE6iw6CLJ}JG03G8yIH4|?x;p1p3U!KG5S&vVvVg!`OP5D(_V4A@N zx%VqB-XkLA9LiyiylxiOe!p-7o49I@sn#y^;}DG+ucItSME+#zZN%e=^} z-MmA5@f5+BHBr7X&VM`%LhVbEEEcNAnC}6WbVz*EG}K5jWW&RNFzto5k@1_Gn{lpk z1h%_pn zw!dxGPOt8_mEQvKKUBonaCZxJ0Fb0HrI9ev#DeI)e1U0nLtwzD$OlS0QnHpJoBi0c z;-XI%6nm0>QRK7NK%tAaFh%PpWHp%MWx&D340)TAJ~;h-OwHt>@??L4<32J~+s<<2 zM4O?lo3Htb??&XrgzAlFbF`*I6BQk_=a66{7wieFUd;T=Wlxa16z;>Phwzx67O4r>`VK z&~yny(xp7td<3Y#Ysl@kANaVgYxac?-p60f%&e4lDOSnVo81p7k*$cmOn#cUry^pY zb*7-2oZ~f|)C;&f-xy3d61sT+OtrXCakK_=dW!~yx6lG*!B0s~05LR3$eOtGS6d!7 z0rkJJ0v#R`f07OaYqqUaZQJtBv98u<74{t>eJCy^)3GEm) zED(j)CK%g|G&k7a5(x@`@F{}=ekGi%i+}xnm%(4w8eOL9hy)E;P9kak!&H5|FSL0! z`4v&Rou<9CYgJoF4Yn4PCDZCYb7y;-de-j0G&)I~yFF4ZtigtMD)bCZt|a^#P4GcG zTv+N&cL9ws-vV*)IefI{s%vZ!M5pz9L;G!TsQoMkAISMne@xo*0Uh;3JWiCp6#wiU z0dCmjzUeomoCvJ6<6obtAGf|*bhdFMp;&FV(`*^De^`9KtiF7)hK70zLY+*jqy<;^ zRD5ykc}mt#WajXy(P!lT^D0f}*Xd!>l-`mEgxG<%4dJ?h0fz^X*^aRYir!~N|LJmr z>>aZD@yumiktV6)>>T4(6!d9;GWVR+%{76{TmiG$Vr(I3dXg*#S7>#+kSpniKFf0_S^3bU4EtfVFSGf zhPB<+8poGiZYPHJhA6`I^_$eJE&ZXF=;1VKiYk}?8iJ{QY}6g_==ZkbNLbmEA0P-+ zoqB_I^$S#Mk=}uxIGmW2qE$B?E%K9`9NEWZ=R#M@51pL6r%JTF!H6f$vn>K_!$cY)AE5;u^LErRqY-8&vZ=c8~Kk|*owO5E;?6B z0G0VEt;S0?`(bD-*)djfbq|v(0p~l#77|1qzFma~iPD=9DOX40k01MW)kq9HimJYC z`l2|Djj^FonqzPb6pY&6MFEHBcPcu-tx5%QzorQo)M8qo3`+wXf9g&J@^ zDi9U|Xu9@iZTb|5LuY#uPZb9nL76$~;q%Q5sVS(H3MS!v+S&czli^dDz-PRI##<-mEP z%$>p_w+6L~UQj+6wC6q*eJHzpUy*}Em5U}(z)_}LGrMy0{5)-gN{v(2D~CEr7jnTR zchlxsw$PMBO3pq`L3M&8GTO_=;nKzY$2l!0-i(;1JbKr^t=9Ii^mS#;dd{ZWks~_kOjwzd(RGl0-~r) z1u+7xjTj9BMs);pCZh9RnrCIApp#~h-9ekE4S%Ia!3IV4d(h16Mo+Camg3K%NO71E zsm-;2S~}&b;8my~9e3k`*{Z#%GTxK}>(tXmMKN1TJnM}oCi?&_`?U&FHyV1YP z{5d()&CI)|!!tTlNH@XZ$C)NEiC?nKniXqHN^}s7tCf8Cd5*5^nAsqkH=O6YdW~I! zslAz2tZj&nV!gpf=5ZUuRE4Pi!hr@|`46S)dYY{RmZ$8GpnoEOReV4!cPE2A*HB5M z%;P1pKp5S;r!nQ5uIle)l9u4#&>~#d-g(@rRC1`Zrjwl{JZg{OIN4y=@OhH#tAjB0 za@tDuGHRHGuq~CZ+vIKaUx)r12QE+^XLb1AqL#XN`bz1=RI=vilE#(af)`)E;=*r( zosq%xX8Rp!0 zA8Gz!XD15LO}0X^8zVTV!dMJgnRX;y!M|?loK^UwI#wnc z{x$eAI~xMi*~Z6m#6fkx&kJW;4%*qONUbqn3FkbEwM6G!XO>MiAD`1Ky;0iR4@rO9 zRV~zThHL72KGvkiVT4KQ9TM%nHhBH*jAMqKo#OIF?eZB08#kGla*Pb=1hKXSK_l51 zS>3}d#EH?7B%PE%!-f1SwQl%CZOJk26*NQ@x1np+F7;VIvqXGv>AX@R(Y{|?VM3NDEc`^U8MJ0B?k`pG)^c~WWLTd7kpU__dpheaLy8wNEOsD4ym+7LYdg5e!^K-eu zGmh#WLM$QEIV3iG)H!TI^M@iWH zX{uBqNX(5o+5cq7Abd{Cif;-JMS#48hu$x^iMecie+{_&G50EA7qIa?(0N(xHOwCJ z`XeC`thWy-|JJx3)r{*u%PoKnt%l!XW9LPB@OVKq~-8OJ$; z&Ce8RDGlvW@ht|-CuBhIo3D}E2=lYk=yOrHJq)(y;KLC&HY`=^B*2GSktuI_9ae73 z5ge?a3MJML{({%Etl~OBb#Pl(p&aOEBWr)M>Ua1rpN60~zBwqthaD`LyG(K~%kz#r zEXfI%ik`c^axY>}0C);kns|ZlbNEY@B-aACS(6`QP0QFA$XT=mw_EvmaGN7WT79fd zua|hWYtl<_XZbogt(csv`vpVK^W`w;k9Eqk-#67;u_D{V%BZx=N{BE7!wrAVE=<&P zU6t+4tWm(jYQleM6Zbxp``0>{mFAOIL`&0`Wk0qSDKJhA?3_hQMFK==|+efj7 z&o4O}%%6Lj9(EjFwuQdUyN*9J2og{}z~J#uDChL^Jn=z}6Vt0*h^99Bs=LcIN7BtF za3^YyjP>Lz@o+9R*`@KA%GiG9SVYU9Vsic;p1c0uP67pZMq3;x1sJ*llhDwcnE=RH zHTnN9)KdIV(9<0UqTS493_oHZgk;EwgG?BLpgn*B7E>2 z0Ynm0daxJl(PI?pCl9Lu8S3d8V+apjxD9uBI~jGgc0e9<&~fqzSKu&;(>@>v3Yvm~ zV^;zA1tKl0+-~Zq-hgdvV=c%VmU_1n)U2#fj{ZxWH~UHcmO|PUu>_{P#Y!-l2 zAW1o;TRAikJ2=T|%HRY-Y;gb}QnTcQU+k1rf09#2QZvlgff~8<$Kz~CZ>Hs)4m=O* zW2DhZ2S9guHi0}6vHju1IW(YhFZ{>T7hjAyyI-Rtd_@s|O+zCBAjq&G=tcn=IZv`X zi{=@g)p+H3uAHPFt&K0Oz)?RV0fP0DcwS2ZmV-%_0`=$NZ+d=U=Yn>I2srm4J=V2TAlD^_O&Ck>U z*BrQL6A)^~vvrg?BFy(I4Zr4yUJ;YzlJ^6TQnF>$jE%~!xLJOQY>tH@ek>Y#3#NPV zvr)}Ukdlj_a6ZO`ps1Y35Y<_*=44h8sm}Z4!5hIQF(D+Eb~|Rab(^ykixTE2)T=t2 z|G^6j{N&cqabMrnxn#KE01xT73Or+1-rxr0bO|+5yxiO9UH7d$ega%s-#fkJTk38I znY@@-zg%4bUZbd}RYBVcvpzBEK*Mibk;Y`+1Re0ni-D;GpwtS&2>j#e)Io)r2$_g- zOw61UG62>eMWvAjEQxKz+7U3F#(2h(m2{Nj-+@L!c8NHnE|x+WOfW<}GFxTGrd=rQ zr&H7((5$iui88p4M=R-&K{s5Blub{q)#yXg7b|mcG$I^V$278NDgED8*$?i@!%wGp z3xGVBCRTu{{dpeITJd!6TT8Ed5*FxM|L;A06lzL5?5o;eIj;$PKXvDiu4u=cF*w^L z$x$&-1SSUt-B@OkV*0Q6jlxt;Y#drTEgOciYJb+N*yJ%lV;~HYHK@&;D(I7 ze#M-xq{`nj_8++RH^zUHJUQdK={sgeXwiVpTbY5}5H$Ku`FQZcjeJnHI<<^TWOjMV zDeeB;oK=Ho^Kk5zPq>llJmmDqC&ct$`MWB%gwEYR1C|5+8A_K| zJIT(zDR4%=LG|wQr|2oD;aaCPSy!oVT;NO$YyWm?o{T%;eQ{ZgpVE`Yos> zOm)u^=7ft>bTznNO^Y;(mo)z@5h(9hYj5zeoL&6x&pOOs5ZU#+h|t>ls>5W9^|||} z&lhQ^AJ#LdOvBcG9*t*WwVKNln3pyKIOhH8`;{3+oAa@6aMq=da2@f?te_7L$e~lm zbn^Ouv|d!_Z#Q7FL_;Eh8Trjr25En9t?u5Zc z{7!HKGuQ4>+-a5kSG zq~@-CUPrSVl8Rd%UHg>Y)nMyN-qv@QUS}D~8UtQRQ=}`z)X34!+V+(JElXVrJe4l8$Iba^%!9qpV7u>Kdd`Q%50^Y@mR`5+%DzL@Wsb5Z z%+Vi+^s=DmdO!mCBJ zSlgw!F3HDB@9qD_xYhmzb29|MLQ`zqSxeD^Uv6^A$INY>em((^7s_my&S_ITW)wU{ z4@U{yNd}*#d9iv_uenRSnj3YZon)VX+JDH67T0OUO(fYfqhs#sEp5&zRFAVtWL0k> z8IBe{2VT-}YNqziT(RVfy`LbCwtBKX^Q#=9(8^|?^f}))OGIKD-BK)O5x7|DH({;} zU4I9^zv4VZB`w@D0_7wMhK2a^NI4vZg)f>fDh1?l5P#XSpNu4ulKD1?KA6JTV491{M8eLT3ic zYTn&C5&TtZE{G<*s!GTB&+s5Y%9drzcSpjHVhr!^MTlkpRe}akRt8ZHBqVklPK$Ug z;9bCol<2_1A~N1UnA6fsx#I(a-N)1S@Bf!q6C_$sWjd@SOVNgQ}3P1j~QQ z<(tXgI0FzBn?>4`JK2-0B5slk|t$<+z z>p!CM^iAOKD1?uAf|GluzG9X${F5sJAY#o$v{S0c$t!@$?dp{MhHwJsm;I9__8hVZ zn|;Nvx@5XkUUk3654zK_nHyBzKAcT%D3aSSrpWi=-uSa&rmcG4MA;hzNNcScPF=E^ zt5QA^u9^N8^zFcN!hV>40$ljWA4Zf__EflhC2f2_rFdK!f*NU z98GAo(6~T2_;XXC7Z#$ww>{!MTrJrN|FjPX&zf<0hb_0|-F&#cdJcAk_&$O}o236C z00#|vD2PW4njqXzL5S?`H4 zt95QgJOvQ&6ic$j{2@1+G@QP@{^W=Z_y;|5=Dm{RhSDCt_@Ajcu1;$U*G*KW8rQv{ zrf1eT8Mc_*a2j&9^)BD%)3t4E0N-KON9d^;2>Zj@ct~DKKOmGN8`5w=ZZBDl_hx4a zegL#ToN&$rUf7TcX{$d@$Q5MyPb}XH0D_G)gDxnT|1h#1^qfwqqlT9^=4suZj%EqVKdSYTN zg@l_AhnJ2T(dm7)Bl#sl@eohALYm0-1}G!_k!p^{2Sw!9zG+EE7OSAfsJ*?a43~&jnD_!I(*(ScqXSbJ(Y?6=AYKM zMJ`a~CKz_(S(ugCnC5eY813>i6=q^{VM={LlQu?)KY?2!3jOuny$O-v0}&TaU?BA@P^8sQR_68+?Bvgm+hdDlC!y!l_ zK>a0%bu)8x^-vsfz%l>}vTa_;e9QWS`>9*ZLwzA}z%#eZBQfN&1|;u@m1NxYp~oc4 z>!1X&?CllpDl40Ry(8?}Esl{xx+anaAI(NojzdPgl?s5Ucq>fw2M$37BgiVMHBQAd zX&tfqNF0uhD0He9Jmw@3X@C8L2qY@ApmrTO#v|HJMLijCdkOpPd1*dKOYTqvKyJh( z`7EYQFr`!h{}qURJ~4k&=uo|%P@LZfzSTIjYl=Z-+BJ#T21J2+bAdYAl~hAt{rniM zO)JpEAly$R$lzaEi?_z#HoE;^&v1@L5ngqH0ai(L4->p%(Jm2GrffhJMb4cc^-8eW z-x^3(;MLV@6~ecoIIZ}y|JC=6!Gbs60q$)E?IY;&EhoxGfcMq*?W<2u!0-u*sjgad z7)7gn8WXQ_MIwx!#!IcU&bzxt%r)r ztl4wpmm=tHZD0j$eZ+qa60R6j2)x_l+hkO`@p5qX_T_H7KZcKL{%G`%6!3ESs>=Q0 z79=%k7l@432FaBV0*dBOuyK>_QGC5ZEek_>6u@iVU9&oZKcIFd>gcbfDjc~ z;5R@j!nl@QmK-|=w_#0wnJLRENaFv@Q%l^rgw2>4cFji5{Xte<;Qd}%-fM?ZkIy|2 za&zdLVir^~B)`pT8c5Mf6 zF=-`qsz%O6%0}u=DD?cp4IuQ@=lbrZBhR=?Pc+HJ%iqDu;SV~*fk9Eg2FPm7A*zep z1O_P{$s#j+acxkmNyQj0{IcH)(VguypphT4V%D<#nrT+dF-IlXL5szOo#}Fw&G&JN z9YZn%qd|CY>+_~W-|0#RPq$h^;?LvOru-gR0ICzFWCGTfB8=sc_Lbb{{OR5}U^%d% z=hezNFwofwGyLiu1gwU$8NyD2QklsFCuj)B7hu9 zO0dyH-#Y~K&X%trql*8^JS)T#?J^E2@MXFUYis-$?e0-pC{EyNp77Jl$<}U)HX($| z+8<5KBd@?L%1x`lz>Ep>!y+oQV$*M;y(v{DO;bk+Guf^J|8^)j>#stEWL1zBE+S23 zIi2xUZtmZpuxk)f|3&AZJS{tEt_XVsUN0!z!Z2}2-%r-Njj{l%0BcJG@Tk3$RUya7 ziisuSeYf-2)Hggl+}GE{H_B!H);RZB&n>_LO-4@y0WG?oqo~4Uc-Qyfoy6?}9+V#0 zD$SdJ`|&P;Q^k$#v)J;-|WWow}AevP}o9Po9DljaQyrP>dTGuK%S#s%Jng ziCM%1j>uC->2ar_o_;7$N$GSPa7J0RAmPpVz6tl?V=&>HDl(EiCuMiPCdw@)$ZJOg zrb%~a=%9yB1!!;Ixq#uFUo0CpaxOf&FecK(aU|f2Xg=-`y z6QGm0UWu7c92nxP@!m1QrAT3tT3%afrOM)Pg0=FU<$M+t2PmW&G-L`qxag%8=)x*r zWPh<)(y%g>F~?m-*(fB=-W&&gh%$>LHj7!}|6#u*O5LEDL_h)}iwYmpeurBmHeOi( zSI82DuZ;3YN-`Zj6@D%%dDk`^CB_&0cphg3S(vA#oA>gBvDkX1-KJ~hhbD+!ZM4|Ot8V~CrVfOpOe#qm3(W21bJ3W{TfbA89Un?UAK+tg(c1T&c_L)MkE++=Li#-MIIrutxOm6 z7c=^hk}a0VK^G|g>nD60ClyZmPGu>v2fNO%BUMY5H~4r%lDcoLGu$OMqEr5f`4$_x z;pOmKEP2}l~2Cm-?S1O1=ZL5o>#P<>7#Ye09b=YK=fXl%3 zmH(||hL4D(nZK8_^JnM4 z#|SE|G^1N`VNp@R%nm@otUh;a_o9a}R!Qmkq`xC&SLDVt)rT5U+G~n2$x>dyA}uRG z?fjBciUTy(<-55EA#4Xh^g&mh$r`iS0`r%>26zb_9>Q%eJvEtBzCl)Qor1vekv4?n zo5BX1{ydYih^~B8A&O1cs_!x?^%tIaX70nE;##<{+mZ@6!uNKZYjhItCTwNZBw{U` zL~;K{-kF`9d*U|ejdd-w z8#m>9w~n(!o_AUc?MccS0`#aPOhxJ9o<4UzpUGtbp+!4IJ8iVB?Eq>*Wx1jX^8R52 zC9c*`3r=kvps-TVz%?DJN?SU+S@~Fsl5C=G$be;rCF;9X!vI5tBNy@Q+BeG-m2SLY;!~DsR#HkjA*6*4r2U6=k5X&Vu_)rqlXtakeI=$OUHqLz% zS=t|<{$h*+Ab|S47BOMMoTm0L9is4|#9<5A9qA8gf;~;&7Wu(Dmgqe55m&94a!OO` z!^(rs8=&rc9iS{vwJD?UKt&|EvUz(3Vdbp>oJ$|pVJ0~aF@{A^Uf_Gase`z4%@63%TpK*K- zu9kT-VT|CCo|q3Zi4M<)I=Z@Pb#;dN5P4lx(w%p-k*_C5UH@sq{PwW* z*m-spVC>kXVvKjqoMkg)*PwBh?9*jL{JzbnAqjze>=%ZA7zajJ>X*gyKTQrEJmui* zYucwR#og(Sot+)N??dyx=iOdUc{@9|%0?lG?-MtuLVpp*(0P6wSxt)C&u=TRM)$yB zmi$!4=IbYYDSb7$J`l~}y^n=iD0;rUSg9n}7|f@VF(5Ikf6(*JhP6HygTT98-+ah= z9Po|GI~Vu%526hJ`EG#h$`Y}6)V{1OtvnyjJ1e$*+iJBpe}vY9eK4Jj=lh%9)h7xb-32rmpzQJs9blOpo2c9JA9W=u5O*mC z?f?XSrWBU~y18fTi;4RR%?>lD2fQ-rCC(KzxT_+GmEnAF>p!{}NYcJv3gwv-1`%+? zZuYKuW5)oZWs`MXSd>(}a~aFcwyVhBL;%h;>yg^gRO9KAbLkpUr2%+!tUrr>!LHm3 zg6d`j1Ox>Ie;d4yV-ZJ3*wv-oL!GgJgAyqXQtG9pcm>grW3SBMQTAqSbc;N^6?WRRSxlmQD_1}p03-Bw{*~N6 zcMZ;1pQ0u26s%0Ycnn6&8F>gz2oT~6=pEhBcjdOxWuv!8j6*SoYoA^%=aTKm(U?=; z;)C~u#U=qjZ~zbv_KJ8&pg=#Ri2y*nb8VvnZbF0aRXlZqL zsM+CHJ>!%7bj&Gz1~|jB8@yLMLLyYIT3Yhjq2b#Ioh%ujicKI}s|iN0gh7oN5Md2= z7iT_RWJ9eKBMX`ec1*L>PIDL?Nm#yWo_$C*ho}cY)LrjDvTudqCC9EmHuNM{Ym<4< zbEzzd6lv}4TGeQ2V<3)ej2Dt($FR^h&8NmZH?`N`&%@Er5sZI9)cJ5{`2^_gBE~Kk zvWoW+0|PU3JBw{IWx>*5KW`7nDGTwbhQ!B``o>>wgXR&bBX>F^&%92pTw+j?>7$&` zqt1901N$_)f^yyCqu43NxsOav9FpuM-)^hqjm~Pbgs*q)h{#ACuVaQSS+(^PFBN1J zSm2SUFKMM=HFT!v?kKR}m^c3jMdk`Vr|qO>uVyuc;A4rDZoQykl9=j-Lv_Qk>DS-R@akId5PNhZ(tyejQ1q0fLIp;(a^s<-D|}6kE@MMoJARNjY*rp ztwfqmE*bvW1Q%8H9VRhJHF4Lfq{NzzOwtbAt&fmWBuo%?@VU}0k8HF{HK6PXplatg zdIer>QpRS>ehq7&L7-NMJ9C-$E~VOf69TkeT;~aV@&QD*(UkvCwOUSq`SU1A48d9f zTvw+k;2gA&KRdr^n!XZ>X_y78#%{s;=E4vK`cEQ~0|ih5F8aFc1zK-OYv|hCG~T06 z2P1A3!}vV^rLDp-(n*+#MFQ4G__8*Zw=rYiikppHX&;J`rxe0}j8m21`In7m9yCz` z2=sSaI$1lZhzP)hHk>4y(~*cQ=tv;JrsV%hgN~6JZ^?P%0Wv-Toy7bfy&v^}Y8EuP z!#^!UpmGg#@JL&Y|ChHg7PNjW=Uqgz8qo3jlyxLN1dtW}d6it~Vt|g}WGB1@qm=uX zT6Ln&r~RT`03=;3{WxvKH<4;6kdQZb6|Etjun{*D6 zji*65XdRR|ix(RdrYkz~8%7c-gGjwP?eE>~rH<^h@cRqPH-)xUyVR>1`(C#7-r7w# z#)Uub zZm<2mGsi1fp%MNnTd8}y-4nHQb3ON)8-{_+9-9mH-x~;e=mS{P$V1v3}iz5HAx7kdR z`Ka)S5gha=Bz3d8%u@C6qz}v>W~g5`a+|g89$|j2PzcpjkSO9B`jhv1{k|%sCrcfa z`v5O+m#(VHvwo!bWpXMi*5cR0^Gyv68SM+QyCoV70c;XB=#?}cJDU+1oVrkjf%?KB zFsA&F%72DH;b3=nmj)2Lel>_p!T6Z}w?Qagq>=hQy8ufZ5P`rZ4kL48gA?H|T?}q> z8@w0uwSJr#NE^Heq#;3N;QGv&GKM&gpF(WKv5h35uv&N+V?caqwmN~2=O{(zVY~W4 zd}j1;h6vuCr_NKp<06dDqL+aAI4lH4=8xsggluX0o%J@P_TjR7m20Pgr=+FHHZwcV zf^s4|>aE-5@U7QG#@TnvBAGsAgsp=|5algs*=#Dl=jGyK(M8dmD-dEPf8&#>d7R-Ch); zhSbff?Zl>%YAZ_sl6UYIi`C}+zTR!2?Dor*{UvZotUp>z?~O9F$yq_3cX1PbNribu zuUZcrB~U&;s&0|;P!<6|HpLYQLp|)})g*n}GP|43sUqCi)NgRMbe+NT!1@{v~+Rjy<=j1Yig( zJ%9qZ0fr}SKZLGnAz)YvfKXvb#yY8si;KZ{!~jsG6WXWeghgs%^+4C4|9cA%-UvH= z{BMB=*lABnz-D_`pKCEC5kl&^B);19tBB1d)H&|J_%AUBG*R|k0uSGzODwK~zvywO z{V96@HFE;q!pO69h_y*1BVRWy$%DZT*1!RMPSK@=I)C+@Ti9hVVps>u8V@>V2=Ff` zpzAXv4xbv_YuJ*NUx#h047(i)Lx6RlZa9=4>j@Cm5eD;p`nNao@=PeqqKSo6}HKv6ItoxM5fS=U>8!_|~Ydfi%702m24M*3M=wveIojaMXR1d2)<_7lXFH z__(L~&ZBzQ#a&G5NzqVtr+z&W+a~Kh@64k{OFqyg`n~sg-R}15!X((~%?B{| zTW&*INinF^z#rVZ@hoG3T@zc-KgsXGu1Y7iP5jULCm)^v!hV6@YV+jdDOzg21H!Jh zb=(Vy@vX0-f`yOBFc5)8SrpLzLGxMvzWZGrNk1d&n?zvp?E2=dP_UgxE06#|3uNEYd^>y5rhQhGQs}7uS-b-AS9oD-_9C7>t8XYAH zsgn|CTtS(;-0Hn>P48O3@vl00R^1w|I$BlqL@O^J)t;5Rg9UWGJr(QedfYfN_PmWR zG-8a+i;eeoPT10t$|3W-C{lIhmwbqR?)r=aXX*+*Asb1+j_McP_u=GUNx&)9wH6$K z^sjt&Wj~9K?N@@(52`xNoZusci?6btA#WBTrxpFbroK8Vjwk3AXYs`y7Kh;Owzx|m zI0PrSL-4?&!AXD+B#XPdhQ)&i4-nivxWD~<-+Sl0*?(uMXR2@2+3u>oceOLkqk*pa zfG9i!qJg?` zE@X0kXlO|557QrhN)YwLxkE1g?r*Dh%8fL_kq_+lG`P$KaDutEmklX{d@{<<{;moi zU*%^rl6Griy>ztv>h|tFukU<-z*gc({Q_9Cc04eL)umZlS2$SK!(uc_fL9F8^yqc> zEjzj&I~wctx!kIpzf{ef5TIDHglWI?!)_?HQI~8o9XZY%^eh)E^D8R5ewVL5Ie7;+BezOBEF|-YP1T zmFYH>kLq%!WeLc%am^8#jn3fSLLnzx`v}t_2z-}g286U6$$t6 zlVzyO;osBevd4}0DI_YqQ-0f8v6*M&P#B|8b4K}}I zb`l!Wh}4*9R$ePfLLp1)$j`CHK52TIQEn0iK(;Ry)o8xRBtQl~Kb!PRpeV(yc&CL5 z{(q6l2JT3z?YwH%Ge%;o|H>u@^o^q*bNu~p0w3VVSIkEJsn+VS-tnN5T1E4NadT>! z4e`gN%6C^|i7AMnO7dd6cRw}K%28ph^>61YnNoTnw9wbsf!^qvzv|R0J$~-BJ+GBK z=I43gKo9hQa0!R<{9)bJw83-ojw8IwyRJekg^!4ReX`QK7$4c7!n~QeigM40G^GBp z4g18kh-P#-o-9iTNWUmmr=$uY099E&88@!*yR;z^Jf}$;*4H<+^5r4N0b}|&GbviA z0W}uo08%GK4N)Y^W@B;04Nv`+Xmuh4u+aiZLb=gz-6r*c82fnaspKpjUfFl1MwMLb zBmhK=@jw6e3I{I+Lm)3Kp{*W!kA5|0k~zlT#Y8fV1K+Ve-8hxf5ywmo|7el*+ACp6 zUAT8Ekd&2%F?%K(b0P!N(@TpIsytmiK7<5%6{y2WT9E*s==B6ts%Njb*ahe3s0YUO z#Skn9r+k=@^`Kvg3}hTRDg+gbD(6UulaaqOA%GP|?D&b_rrQoAdmGKzjAzc)6epb{ z0U|eZqWi3%FPmphPUu>BG*q2zC@&XgwRFTh(NpeKzTp^=rfbT9?fpr>kdbav*C5X? zeYmKbZ6!imd>a+W_EqoBwp#aPrN%$&#_L#b+9fs3!~qGg0bOG0m3G@qn=8Px)8XOmz2|JLj^ zVV$r9Jz}7P)L$ap&M-$-o9`GWpI=N6ETQ=^?rFp4+FrW~wV&5sI)z}}A0f?)NBv!a zxB1dik4J8PzRfKy7B8G3w_5xeQXiqhNx+En2=e}N-yly6v<)U#26Z7F+h&9q>tpr6 z78tR7<4*4?;>DB$S@ZAe+EPQ^ZTVS;#qIvipD`R%wHmmte~8=67HgkQxh(GP`PDSX z8NAn8?U^SfUPjMoKwT1xuVFTMr8CAU|TEz-nj-)BoT*POuKy;Bi2Wz~>Q0)~6KZY`0Nj5T04|RWHR34d`iSy?88kLS_EIITMLI(edB%R{`RBrv|XWL2fXq?YF z_usp_t!2?^q3ODYXC>sa(?nH{#L+J(tLTjG98y+){NbqgwnMUnvCmfJRBR_@^f$bL zrvHC!A)j!xiF||zs}o2)?k43)E{1fs;E5psX)+f|_2yOX2rm(T9eENquI3~KE&ZZl8AQ9znR zFPTcvA1@`)ms1>K4Exv4SZ3@}3;Ms~7ofr#E&-A;kfhL{kfZ4cQY@LD$UE;}0g#IX zkI?sQ{2@Me%(j%@jk2&==B*LK&m-x-@Y7^xvk!KqeCbP%1H0TDJ_OL)QRZ=J7KnNY z>c6#VtDLhfFnx=2AJA6)E=61~-oSQgO5a=0!1kx(oWFhskdjzW{@u}z@yA-wF&qu3 zbyDfDtvkQ-=AJj$FvK1FEXJqPj=bEz54%e}q_;QfxThzh^F?=Gix$0^`M56m&jvEXP2=+6HtFJ2(7TKPTN z{*IF}t9Zn?0vDvWlMbc4F2^l#T&K3gbJinb%{S23;QtkYW~oJE>5h$c6pj^fzVZ>G z6g*Uu_j*(^MAt7ftL_i-q1wo3ixsDAyLK8KaJCB=AU8A2HZr{?NHkZCI9X|tP` z8WHVlqc2y~f^tOt7Nh>9hz}svm=iSOX4vnQt*CC%GrLvx8LyKR`YHtbD*oP7Ib-XvqVfTM5l!;$022f?zd zdfx|z1jPoS43+xG7|t1UqJZ_}XV7usgMqQZ9N4gFPl!Fox#kFZY0GwPQU+#~7>3EF zCPxQRmL`+ui~9$9;?FuL8=N6c`>IvUU_!OnIc+P%^1+nf#u8pGj`YHU8I&wB<>v2j z#$|l|wwuoX++~Y56%&`$$u0|gkVp>!F=3ktTk&+}+99nsP2=TY%Uy8)UI@5}8 zcOJr)0b0BGRzNFDpt-NoqHxmr>@@ajLNr$#h+60uulQ~OwG^H#Iz3_*NO|w-7g;U0 z#O`(S-?|@oj-%cF^!gn4r7{8zgZ^`4-2}1cvp^FS0-##plofHVaYDKSICVWvG$cw$ zSnv-=xKOIVI^rCBZ3NekA%mRZK_V?@$=@DNu!;HDKWwu)ox%5J$sK5?Mx@Kl#;a;ocVr-d!Mr zL_@J!6aIT1WeC66-F{?52v+@nVWBg@AQ9O4gPjaOHHzp7KLo(-XYYV_0H6we2rKx1 zR$2G(b4Pkdn#PXC;>rj*>z9s$7|%lmX>ie`^24|0K}x?#N5>{J+H<9Z=lvPFV~zg2uUbdu^lHS5_smVohZn>YnMU!5g*7o}L>W1}Dfq|IVlLCJ1D|8rGox?He=0MDw!sO_xWbRDb%Sc8f z>SP=)r2F@8WuhHUv{+qomHDWE$@ZunZPrGKTKS`qe%_GhOTc6J`H@ndOYw%!8W9qd zofuC;K^HD=3SX6UDsI(@WUCZ`bprNf{Ew!Y1D-f957xrYZD{BcWMh0T1R9da=rh`eKes1@P#apC1D1e4eK@?t(Wq_v`c(Vey0pm2Wsu7P9`cwFx8JMsmzfOhj zn?l&ej6{Ddl7ff@$hHv)V{{|2RA5E1RX2uBto#)9=f!@5xE#J3;#_9)cyN+z1`1MA z%2X4k@RKe5gwu7p7D}ez5>aY)uDwdjc^`!gncZ&krg$@We)oNTM%eXcgrVQ%zZgVD zu#_@dvPErPa^+V_OxB|BCnnp)`bj1tCDKbbD5&vo=R_st87XcN|0EUrUlKODyN$Li z&0I{cWSlxWq%*A2+J4{;Oi;eK%YtZX)g8)nWU_RV-ZY>J?UNR|I?C?LJ2;mJ%)OKiQ$99J+{S9Npq0Wq9Xr#Cx9sR`Q zqaTG6s3Dmuk^t`&upp%p4D?DdophgndG6bafos#i=w) z-y+?$Q*8WRY;8zt^F&=#D&o3tMs#c)H&_LYG^qHYfhnI;**N=PPH?+r;1x5pAnvU9_enf3mA<4sWJN=%X95sPYLVFM+gNg2!G@g*6-wsM5A<|$ML7dnE z{}0_QqMDoa1PXO632s=r94V`7X;Ya`1ZO0QaPD^>h@MxC8>VOjib>niK|ML+_wQYF zpK1R}S%9_HK0eljhEk<6WH-`6n?o-iuEhlixG(fbd+H+w2%6j)SO*AhXDH}Ebq%De z&}V=s1;yK7M9&vJWjOnF-GL^vIsLHY-zCxRWA9wNLG%s2?R8HIQ<`8;1g~!htQ3G0 zx_*_3OB%rCGvE`WWC4_SuJdR)Km43Tz?;I;uKJ=61H5HNq%bbRmzZx$`u@)by$7E; z8e($qt-gW|77FZ=Rkh)}5peer|2GxgT*eRa7EJIh)~Qlyj{Hf1FE+leNEAp^y z@B)opGXycm-m(G8cFinwfaXj}BC^t80tyzaZ${y=tRK+K8Gx#-ly8m>9FjPSL0_&F zBfef4_iZg2v-&59Sg0b5g%ul>C*vbO?;7W)#ouxm{}vpjl0pjX23-MD@6 zqAgqmLyb|9s@Nuu)ZM z^%WY^MKt66SS1kY?7147D;`xNJ!rle9}Rtt=sH~5xB(ZKpeFdB!0NZTk7He(tXKKP zs=ngdpK1|9M)#k40$!_WA#mdDN%=%EaQVlD1yrPs(anSLQQ_&rXF$`ONTqX&it|T- z#i-9Z`o(VO9uQk5XYY3v(Ks#mTv>;kjs?^1w0=&M@RGAN3V7VMqvG^KOYHO z%b9Z)=&39Auh7R=cXFu(kuZ=R92E{#Hjbbt-27T?(#j@~2Lz9qTswzcB?euu!r@J9 zR?LVqArrJt`-m#rcdBX|TT-1WG zp>$obc;Y#0jzc_}UQ5&sL+7LpPOFzRIkCc4K;4K}?i^MhZDqWq@I>f?`2K zjs!fDDp15&cb&{#;kt?>W`Y02S4-C0aAR!8>Q0jEy=t^%zE3fOVhN#g5pa$(^R>f3 zrJH*?;zHdZmbqKsuz3dPn9TbURVnPDL;@kha~zBd;sOCUPEnX<3r)~)(0MY|kmXiXq5{E_H8_F!Li{THXOvR>Q2@yt zXAqFX$qY@>`|gJ|YlYj{O8V)`$GwbDt8Q`OXQ<&qR)ww5avNo3ecfJE=1)VAV819J8jkU1Q)@KD~QwRmCq?y@5Kv%dK z3KBFa81X?Z%r&e4(oXjlKsI%&AH`F8#fbgTyNFGo6!V^JSxQQ)*XHZc4}9z7+T`S9 zlx=bXFhYQkEL|_CO@S<4M??$sq=pB<8ydx@Ntr0#Q@JINB4w9D%&e5{rJ}<)R=Q@u z{$doNjRR$hFR*4$On@>$7(3;MF&RVA3YtqE1Hxsu(Rl&9=#rQ)N@0k)tDfS&4|EJ7 zNKqe-NAccktL48R=Lz7LMaPEbq71%+_2$w+hGhQ|M3HM5$|&9a+u2Fv=?6VwM4WGs zCGtqwj(p5wkZ1AEu-?>D&aKHd8C6NFtu#(&9>IM3CiVwCR%Ow;eT)QatXPGYzj(d~e7b^cS(^f)ze9@#<8N*8b23u=xn14-p+9!u3hd zVfRs&6iz%LF04e9=lHEK2#KGq%(#es)(-o1$C6HoP%1?)VuXWnd*;dC{O!eo9%pZODx9KvR(;H0x zIzphM>XZQRjnt zSfQs;ZO8=Fl2VtbfWf_$oC0Wln*s`%tzdR@cn>Ur(tbace6L3`P69saTP24mv_VkVZvUYeo&OxfsUhoDr6j zYl%=T%l}S^crGD*)o8r_-Lx7WUl-(fm&RN7dI4ROoedjV^D2Y{jm8YGi5J8qUzvFA0Q1gHj>2 z&SNEs$+WuMDu$&yq7H?+v{d6L$_=Yd`^Wj5!jp8Crgi>oh49p@QHHt&O(abh7?~Eh<3DNpxsT zuVGdb0Pzr_Wjiube8BAu(hTRw7koSfWXrpzlPJJy#rXZ}lvvkH1;LgJ#**aqiWXpu9+;A+V3Fr?u30 zhFWdNU>N@4k_wLs1-Kha0mw3UunTv`@Wp6;W$KalO&I!-EQtNaKr#_#Y#cC_W}PTI z|E}h0(w)q+LOvZrEh?C3X8_3yi7c#r_?RWVy)Ze%mAex7^luc-+}NG4Dj%2pm&7oW zDa)F7VUe+o=b)I)N4T9?B>@%Cr`^)2ecRlrNcAnmiCamgw5@&3dDpsN)>S{5K0YEn ziO8~P8gr~I!rh>R>q5h6EAQGOqh5RSZ9a+5S))U_Ut$& zKqH}+_!a?y@>E4$R`0>C)B?K)StFC|8wSj6Q730~#214Y(mWs;(x)s3-TsnX;;B-J zv1Ld{CzHIyv?9d()|lX%M>0J|o7-_h`(VQx*ma+X&w*l9ZIe>{qTG$kB zR)XewKu#?&IDyAKyp_atCqg8f8_>JEVU|n<0eq_T85KZ;eAb7wey9Vu;%5$JLR!^J zqk>k`zrUXuUA?5?rT{D>iVZoDqxUpfq^dbF60K?;5QF71CPCo zPxzG)`8o`p$8d%p11J?r@pTm(-pQ6YCj2pGTjM&=D2%~g8OW%CH&n1pjRU&G&eKaB z&_kN$4jQXqE02J(LTY9iL#~2`D(4IgK!U=N?6`+&8*n1q4mdS`SlSN8`zIcz0Tvkv zX4zU7F8;xw#WBLG!fHSGA-&F-LJdWIR>JTs{yP_(2!dIU$TGr&sj)OB!Ldi=T za@03D(R-lBaArY0aQ;Y5+x6fzQO$eAQ0N!lcfvo$!IstOQfzhmiZk-tZlj?B4dqHJ?{s0u{RX>hxcn%SfFxQC ziU5>%kVi$6gM5QdD{*LyW1|YfP+jMo4*9gAy-J4)D+WQ`6QGJB{D1|w3F+?d)!lcG z--Sdk-uc4SJ+gM^G1HFsDjO`7l_lgl;Ux9UgwL*c;)SAwIY$9 zJX@oRph@3GdYKHFM2RDsXB9=b_=UVBr#X_}38!N**XzR{%v)kA^GcX;gdjyQfU?c- z>8)@|s<>Z*eIMZ)LQ57UM|cYWVHOm+&2>qmWcT550>)JWI9l*Yg#Y-Pf#hMMzg0Er zI@;{n_ZW#S$&X~&4bU12osY26BPK%kt%QGq2^9QceP3`>g0DqrL0#-8!81wRS(}vn zZzD!klDu%;7}T5fyavqfdYL3+W{T17DLP&EU* zT0DUa;V+yE?Fh$Pb_ZBD{}*MK6LfTDycjT~e8!wCJd6zwv6 zD+RK0JC%lS`=#AKK*yB`09y0lVkHtYhpT)CF!1*y(prOpDFTFtd;F1bovG?OG)VN*%vv9ZxC;IsTS@~Aug`jrtU@$ujTJe8&m6Pxh1UXu`b7fa5&mIX zm69@K~h7SotjN`SoVrm0~#TmByea6^}+kMJM!ik&8jD|OeoFd)yVh{D)vN{$xU%m4NHw7u_cB~a8jR0Ci@9F93+}vDmZ?8|!T2BQn zZI5*5DfvADx8T)aJmGRL45LfX}9CaGfbwjiUQ%aNGbve#Ym7$?RFOL+` zG}(ubib*VC6k9cnc(+s5U!vk;`7kli$g!BPPwBDEEf{dEFs-m(uCD9@NX07wy{A zj!<3d-WYSSlh^*K^`b29efUMg%k$FRnNw$Ho{&^dD+WPvIjl=EzSofXMV!#RJ&jEprMQE~aDvf_LcbNxZbPn?5to zGGmwI%a#eDvvZL(9hSEZMn{h*kjmSqoADt+#Q*w|7(F5Ik~yEzyIcC=0D6*B`y6rq z88aS$+KN09P-zmRBp#EmQ!_d`9?Ymqqqm-4US5_&bv`Mz&`Nc75)&1IIze$$0aB*$ z&9T5Sj!*O(J3BkpvUlMugPYxhh5Y?0%c%)F)tOE~a%V6WA}9jfTjHESxl?J(Ox3v=_;iQ2He(Ib(y(yd$*-4#q;cYb_r{*u&@6xJ7r!o4rhj>XO*c3w!!i4N)F2Phc&P2maS_G^(D5e~5p29iK*PxF zzutO&zI?WSrHTAe4!}7uk2~xl&gh^O2++@^V8Axl{4Evn`xg{|0{(ne-@z5&G4{pq zUvR?0m%#KGJn2-50@iP25bEE;GUDj_8J#sR!uOf&6m}rW-1utocihHMEzfHUZYroPNIfT(bCiYea_vRZ6D9|1{@x)< zpi4Ler_2-J#rPp9^osSbu3o%&JRe%QKVhjvhlcQRi2wwlfP{WKVt7!tIbo;r1TX@c zs(QLvFHF|w-Lb?Pu^v*)X>d$xDBAx0gU$PNQpiJnpLp*#UjG)q@?gpqsJ-1vaKy?% zTeu5-UA;!s%c?0H;#xJpOQa%nn;0xfV$m;tFne8p^LWo`(imHRoIMTzTk z*d5NxJo*M%WVwLRDbB#yPruFT#S#yO3U%TXsGjq>8V){CsciYHNlG>}G?cuHr-!%Z zW#9Sav^o#fMXKpwu<5KLsM2z9<&G-rtfNJnYFlWl1)(sC94}{NVbIw3SZ=sij6eX>>I`i!yX^@`@wq)49968O4 zr;>@S9#@G;iZcs!O|6TEu7UfCA&&O23^^O-j}|=fiEXU$7WPt7yJU*!xf&(trh9vP zd7%&HEyMhv*+>QsW<~B2 z8JG@e2j(83KZI%!O}8^GwwF-22Q8}PSdjw2k3V>yuF)SfydHwL#O|JsM)5_^>5Rl+ zb1WbB&d69*)D>a)aYA6;Am-&IR}bk@>^7olMF&q{@nfmyq2ZT3ynvcLw@re?Juwqj z7K;g~A8Ysv!slV!Dv(eFuvsqQe(%w~8qg{B?5&b|omT@Ze*?##Ro5js6CG#&FD4Z_ z8elfYh=^B}nTYGglf8nM&7;uV&Wre#eE`BCIa>gC^? z*IO#UnRxv>HmkeTyLfRhBAB#2p`fyR6-h2rdeWuzkP7nU>51@A>EXI4uQSH2RCv0; z33sQAcG;BnQvgyB`}X6N>f}|_SuY^+hx)osE`Vx7^|WT(~-~I7mQk29Bb}w=%;xzWd;kibBvJpom2qkYafZj zR28@c0bMb7Qq++OH6D#SAQU;kW@y)J6zv68I7l8k?+5uBr(;Es$`k*diY{`4-{_0& z^t?D&IU#z5443jvYyh(un8*qK?9O3S;oEw#IF0qEUx zm#v+NwV&XVA@qfUG*Mf~##)wEj!Vs%P}Qv68!|ePnnjHM{BpcMiP71%lfqd!^9`2x z_%8V_b`5vLW=beiPQZV+EDe|_7ReYpnOe*Bh*35iWIyUnrPXrhy6R4VJ|CoS3_L9t zLx&zchu`vHHc0`9t#Rq(a%V~fcy|C-2#_mTO3R$!w$9GZ`+(p+VGB)K=5E0TwKQo0 zisVxoIz&qEqC!eP^4mDZ)3a~l8fD9PnrZ%awMLsNIL4u@P5^;>>Z2V4se&%KJW<&%G#2h*t0KRWrc#BE)+&`Q+ zi&5XwHX*$60P>g6Dwh=mupRI_CD#i$obJ=9F?*MAp}Kr{-*gM}ULSi1S-4;jvbG$x z9s%vM1n^yIB9~Au{MrQ!sA-7evg0U(0o`ng95sMq@~Nl*Vp))FU8)*^8YJpu1wRhm zgHv3MBK)I6 zMC@%G7Y@Xb={JB&so7_>vsgNQOBNlKXfnjAz)u;4mZ@T~{a(99z`Q8&YhP!DGOHq& z9!i$fjD9ng_$@Ath|H4N4^Kn681{{v`N`TB%R4FwfiPlEC5Hzpi1b!fJlF*j@-IA6 zH0&3_cRzvcGTv|Eu;a)+dwLh1D{1~@5vnt%F4$b zjRvQ$0xpGMjtqsT!;k2Hf3eO!fEux#yw3l0zTd{aymYnJ_Dxd$b#QO8T`3sJlmFEd zaDxQ#Y&wiSW$iB;WSz|d9gFpERXY(!+Rjk3{OCF6^k`TOBvfX6)d=8qEH~z6LO=2X z-bCT7lD9F$71(Q+Udyr?NeFWB0@$E*MkhkeXM`2^n#B`c+H9silIPaHerBGjZ@1~K-;NGV z#(H>4i6Xn&mBk*yA41UQy9nAT-`wUczGzy%X;_G4;8~~;jb0&unYU|`+?6; zgP;%vaL_gqW)mBbf}PP+`$V7jyQxL!P9*ojz&{_`wvghNqXVDQ?Dc-$lv-GyD`>l1=nn0f_B%M<|@$2xcbY;x`&N1Y8F7wnI4{W zkYJ_j-|9?d;~sw*K1^N(iG7P7N*nPG@bKU{@h+Yj`9Pz^Y`>+6eu!HP?CaLtbIxAK zOSo*`%znCSm~7mCEeF$4r?RA`@G#P2NF zTOEmCy!Z!YqLHS7y2OrsZ}IFKo+|`SObgkZxw-tYeWGP+Ls1{?8gQj=tbU)scnu6j zy{gwcC!EvW`7>)#0c~TPO_08rG$55_`chAerh_s@BK!;HQ8#S3>C8Kn6ZZ1xSIw$( z6BE!o?v&m!!Fo|6KZBt*M(>H^g1y@qh{T5vdD(fH{H_u&R_>}ZO$pkT+}TAJ*AWC5 zQpj$jj2{`X+3et$`vanK2S&MgZNOOp{Fz_6jg8f21Pl!XE^Nso8f_~jW7xI&S^Q>` zo)!Es94MowW-rlT<|N-zs+xlCK8Jtf{V&6!$Krv42qJfY{=Jzy>F$~^jT@?pDAMj& z#;WcEG;ku=KYGr+CF7@z*D=2$bUtl6Whr!7Ja4`^g$K7}d{ATA-|vHgHlSk_+#&1B zWD?4uCJ&AYZ-_I}O^x{WIS?aLq-A?ujg5nD$_W}R)0E7ueY4`$awg87YRkeouBiIu zTuQf+d_XlHnEUdVT%RH^rJ$qyPiZ5Dz8y*k1x69Z>L$^p-g1BeZpn8|%YtteauIc>gpnZ9utD1gCMvXZw$2)i4zxB6*=q2ysARUlV?%F;3t$~FBM3{ z)znnmIB7N-qo&Vo-|W?2iO?n&Hj@G?e@X^%jn-F_ZN<9Dx>Uw(8h$0vr8Fv`56)nU zax>AU+8Tg-!~8z*WoR;V?yK(9=eCxkOX(=2bI@y^;5e7mKPjk;GBCqVXD+9g%+Z=x zIp)_!1G8g!{+nx@bVf^u5lisL8ppfE*5})8<6wRw1FiON=-<(h@%Xa%m}Ar~wGF7x zre?6;;u}n@E7QHMAJkd}$3RAY3Rk{w7IST}SaBt;mO8*ZC;-$EcdWX`M|yy7bLe8| z(J=HS50^WINC=0(;t8`dYfA<-g*9@FHaWw}{Fa(g<4wzlu(=XSKAe2a=zlP%>)84l z@@GuzaMp12cGu&ZyUw}^e#@fX&Be)Y+J0xv-g~0{;$DvhL>3t^t#;yA|?^{v0n|ppkw4OD(~+Pt~vb?UeCrfR2?1d0SwDw z$`S+!Hmp7|BWyz4mHBFhjoDiomOl-*SHqGpAE1*m5%F{Tnph}0Fdk@`L&3rkjT8@| ze(An`^mpLg`UQqf>@4(W@0^GGs0+dST2Cr-tHFG3iL~w<+T`ZP{dHindA@(aacyKjJ1@eGAWpr4QJ&fl&VBk zT~A2770W$y(y>vAUpW%IO<0XleSR)avPRWC*u2X+u|)+=gbBx_5s?K((zF%xMQkz>cL zxke+6-9FZtTcl1|aL9fkz$6V;;w`B4dGd5}d)0TEtsvU^OGcJ}i)ZruGJSN?)ioZm zRi!2V*pZvZE`K?9o}iek?927C`Y4TYiU6O)D?c@$!lewB`oI+I)g%D-`?K&`3YQyiz^$a8o><)$PPefcB^}68@AlZew%)2 zHvK7>PWEbj7IHlcVU!DJm5cl=*g2#x$P$O#DL+_GuW>1{e5&pnSTK)IfnRRJk(MNU zYtf>(<>BV{`x`<>+Nu|MAFS;$_&D$B&P7xBjAV3!VcVlz<{O%=nfg~=*)LLht+lmx z@7s1aW_gv6&(1R_))aNBNX8k~yoz(qCeL2ih9<|puQ$f-MT+?F<5jns9>N!b1ZialEA>=5G;j- z6(og)i4>gd%`9z9!N4RUL(|+f(2oE^-I*7N8h|t;>8nn9qE3zzRrItHj`WhK<%Ay) zQ6wY~Qi8=aScsxV1=N6`00;mp5hge}G<;#9(^mjk zfr$i=B|u3D;va*3F@T^8pm%_<>%oN#pbv<>!;N=Ig=X$0NceKoW9Wd85(MXfGau-@ z4Po&m{X1q0_+`L%MhJpnSVly>ASe(4o$$AiV5)D3sDZ^qo)Q?dff)(dCh)C-c?w|Y z5TZh`3UDc~7oj&lgv!x>g`5@;{*YF{bb-eSA`nXcgLeo03|VBrOa~_21NWO^B81-1 zd>MBWLA)>00XhefFi3iv=8h zw_Hbs=@;BW$f@9c!DRu3!fkoH1zlE{*^h-83X87|$XT&+B3B|uMba~_$7(LXX96$O z&Vcu*0)qjjUs%R5q(g*gk&^xU22o6G8Gs4b2^ce+TY~7p+1e-#;mR-UV7S2>ag)P& z1MJ2;wZhBP=OjqsXuUsoWgP7|0Swsb!90OH(d}WlL$Z7P+masC9Y~usPIhOY>InLXkOlvrr%Foq$vArL}r1;GyKjItUON|8|_%7q+EVJ+brLN+9NlyPWV zNfKn(NhqVi=(4M_G{m`-8)ULc{7FxvG$z(g-?&13B6OrL$ppx{OBAT!(BY+s$TOWH zl;lqecuRb?3$86doHrrY=eyKh(N6Rrfd^1W`HQ~A;HTB0@1rQB)Tb9j>L^qwZlssQU`dQks!8Ul>LeFM zVM>8PuS(`BdkQ6-U^p6KoWkgZ4L`d(i!@6;n>zbtcAPninV(scd6HS)B(hFs1!je0 z#clZmvY2_-k&T84ao08qq+`=Dl@iFk5Cj7g3KVttqu+M!y{8ZfticNBgMJ4IA3WiF+glbVBN3Db;N`D=!DID1HU zOLJ=ur~?=R*Z?ePV`)rj=JfiSmYR-LT9s*)u~qIG?yEm+&TXA+p>3XQeQl&|^H)cg zMOWEY>6g#e?3=G#dN?_G@Eoz6Qyffq7I_#rvAHiCPF*Q@yt&f31)LQfciLQ9`l{us z#dU`{#_VO5mk*)W@iyYx_#D+;=W!euafd(^$WH_x=TNhK6tI&r92CIYSU)&Ej59|6F8tl< zFbC=bWx~uw^hK;l%#9Q!Ix8M34l3TxEY6h7)EMI#(HNx}Z5UY_tM9(H6JMvJ zKB5_+c{NMf$!>8EC?4!PP@u-5#gj8Q-%2SYAz|-zNdO5bq*16{A zzCo~?x6CJCZfS~P*12}p+)S!X;_d!0@BXmGb_m*ca2|TdJg-=e-z4nx-wwD8MElxx z7Qc`>36y zy|gX3o$&AD-}S5eWBis&pSMHAc3eK+G~Xq=tj!Le@yErIwTU%bcZAD^hqJ%UuazIp z;{m;bXS)6E7r|n|_`-lqrMN$>Zb+%H@Qp4Tz+ zGH;br=LcNvt-YApdNSSn9Xff_PpQw=PqZcK0`F$m+8;q5eRtNEXQ>=d_M)4MU31<` zoyT2|cfPML2PNysB!s8@%mNR-H!rO9IS<%>Tlb@H(&K8T^oP}V)zvuZ7_2AZek4GN zi-3Vj0bo*KyBN?Yzy`|==eJAqAKjeU0$6us{(I;8OTH^wSYQsNXkhspV4Os)2%~Tk zhs|IH3nX6JU>fRwr|-SVM2}A^1%f9;D@VgqQ=3u2wz!uedRCo#UR}9N3@m5Y|CL(-{m5K>m*}xTF#p z2n-B7&r(IhMMGAG+t}Wg!O+Cs$dtju*5R`@7#Oby_h-`9)WwjRmm^vFfSvt5_ z+S?KRqg_KIdsi1e5|V#(^zYBVp3~IB^1pksbN;VkeGU-#j}jmg10(R?ZGVdL{v(%L z!P3LjMnlBX*3{1Vvk!h|W)^nde+v9RMgQI9{}9#uZ&5Zj=Km@AKT7^fk{9@o5&Vx4 z{cF1Znfp0k{BXR$f6qNX92;wg?58^LEJfs1KCck}(9Ngj&_92u{&oFKL*zIgm80W< zfeC_1ihNh`06*7-S_g=t5h@f*CtRYYB(MrX!PZg>NGWNxwYRsUB#7Z4s0hKPD*RT^ znguX|?`5}oKiJvZ*W?}PZDOv!^m@0~*R#}rYeh7v-#F~PmW|9D6A#^4Q2GbLX|CDqQMpQExrn3 zP6(T{%&!6wBRB^5=?7J%-PkCPp$)2*s5`%A_e*o&~(`NnckI zQcbtHy1yY<)ezl0#>F_sDcY}LoXP<8z+AJvDkq4*x`4c_IaFf8OS;y0s6Edgm-V7l zP(1hCh}rNaJ~LTCx2p3(&H4PGts{cmOF36%`MA_3bKRhYY3Gs|dnuOhrB+g;=UjVA zZI65BdF=;Ez9h$f<`~y^&M_$N_O8fLI_6@FIyP|d7mW(EGJg^YQOoohA@9EQg+(i| zDYd0m5jSM!m&7Y&>s1w$CrdFQk!VwyZ-hYk$|JMPIgRZT8G>Zen01Sn(8#%gTWsAQ zKSHq$d92wc1xi`bSf%mxl1qBThwPFgy$eTVWqG5GR$ND_<=p^JRKT&>+fq4Ae0(@- z+FX~6-6 zPt5uH4cA)bhFT?J12DW;G1=C&mq)5wmOq zRmx*Djfvx;TtWdym|f7;(Zu<{`B{y^k2z_&=TK&C-Q;gfUtnd5G>6bR*LrSGEoGyK z$0QtL$R_2|m!d5ev-?L4BwOidQtv4%O7aIqWtr>`9ie*@HB{XQAFJ8;$OUQSKyKevwUxvwo4eI+(Yb%>~|?USJTlMu;TRYx4iv@%7J zougiSLu1ot1Gx(z&ycB0GPrTo%)$dFZQkO})SII@O4(qqzgl*s$rH6a=Qep5wJ~=U z(e&D!AANkRr;0z>@qBDh=X$AaYR*mH&1q^NW;TmFT-!1Ab~4}j1-V@-fDZQ`+MEIm zq^MvQC{X2%kWy}Hlu6=LLy8{T&rnQ%zQE{ZHdVs0sjt^en}^N}a)Q&E15#Aucz>Ru z>q3lgDBipsV5m6J#5pEy=;gZaf_rY+6{bfsH{Q~5S2Xx6p!VHs(biBjCAwkW%Lt)s zYQilz6NQAiRgO_ZBdE5Hx1#Un5L;TKKuxkTGK1%jD>j556+$~>O24i>D^17Rsk~Kj zppv88YmP~qV;Fb=vHq+-#prfjhNKDy?(#09W9@s|44n|uUh$HKP8ponu(hhJAH6k} zX|wDV0uP@Oa8n*-JR=bLT#O_kRE!>1unnumdbk{DVS1QpQtuyW_E4KPGZaBQ-V2aT z8@_5A+PfY`x3{<}-zme=p5Rzj*)6MsM@F-1Rz1hnEy<0Cb!RZddtjNfOUrm0c~;=f z?(iCGp>X{|x>P-ZL%Bksns%q4j54&3OoWkPfbh4k!{#-sv&yb(bJnp?vg>T0nAz*x>+d&a(9>q3-Xa~ zJGH;XtTYu2u;UV?oxENtGbOs9ld@Shr0Gh-KCjpa7ZdBORtg?e8wwYxWbq`T*+np+YN=lT zRhhWGsbYIVJ!)8HIHkJgHuW8yDr7ZFcBFvjBmEs!rh;a{=!|F6k}%)-{AnX8y8Qb`oH?Ce=m#y2;ff;FiQ9SIv8<8 z4CUW2)hASwCc-5kW(kLiJJnd!dFh>C>-ErapE&DX>L5Y zOG0S~G*QIMM7eXPg)()J~Ley$X@BtZ2qZq-U6;?jG8#9*}I= z)WwbpPAVr*lO@%S8bN+AYsTU_FJ@b49G#%=*kEi8n`P;fxm8>1uOD8Z4(I6s63yJe zDL3b*QH*8a_$JH|AE|mVVQ5-O7^oRfG%1pg!&!fxGH;74J8(};X}^vW zC6TO~Q-rKJ6fai&8}U-nnmK*)45XoB8o9K|VtezFU0g9@UbG3B=+dMy?XKO@fe4B% zBPMheTlu7ih@6+$hcp=qA}p>x`Fz8sn_jU6BCT)*Nm%QO`B?qf%r%83ukL{K1j~k_ z_aXf(D^pPX18Vn>-TO|=K|&u{`ku$WWCf>LLXJ93rm~o11+QLQx=nI=w^;Cfqi8x~2U2MeW1 zfg3pJ1=frOjwm0p7{KG=Fg%;9wMqqJup*`{y3a#3kZ(217g2nlgI07R{#kY@FHgTD?({H@pk!*GGZ*I!{SoKvIVF%WNOgqP%{cVo+*Fvmm_EUalOU%uM8Ky1Cw+vBs?yXLYbY} zrU*E4&uHkQm|}`V60J<9sxHw8#cAft$kQR~`I~fuQ(3#)XR>%C8uKM;p6m{@s1=Kx zpAq&*a7Jwzc-J;kEXrQWuHSuD_Y=w>7o18h%GX;K&yN^CA>9lZ&CgG7L-vCz=|2G7 z|5(I$zZt+Ysj>Tp4r!UqK0;x1<)!8WndWx;V)M$JT2-)BtA`t==P8OZORf`>xFlQF zh%LV~gUA*!uJ`Y+Ej9VLst2$qpp89&Bnj!`e<|fLFRqi1Oe0^JR{(y}6iT?Xqo=;Peg8GyZ7LnODq)Z>!`VS!4Sg$@)MpEms#$wj#+?RXHd+)--Ndp;|4^}Z>0 z{h*}zL;xQm92H_T|4CpZIPza1(O$!-#bOC%E1hyktC=yw=rJpcy_2@-t&2I|VNlW( zusJiGTzb5Ui3~?IVtNG-JSoxAxL{C6Zep7-L*j8Fg+Oh?6bG{_)YU6u`nc6dZ?hAx zih3Jkm&0YLGfOoDN$PzXr()!zg%)Wh%@|qgP>5xt5-#uNVrtvV?n)+)Ih zs$6SggSt>7BrMDcYlpvre*EQ2k*Zh_jv<;Ms!y?pA`TBJV{6J^!|Y@lS-fORMWPyF zJxVX%XfRJv_|z-=G&A#4_eD-=a?<`agU&En9+&oVxS|4?w|ru8=@z{T1~&&$ommV)s~tDbw206u(1y%Kq_K2&@B_nC5o`aWy5 zXEstInzjY|Vqx&noehvl0*9LT+Gt}g=%P}VrZ1Yurb{}tKia+=z34wQB?QR*XhMmF z4{V#9Ft%RZ zBt*rZ(2?Vmt|RgEhaY;HD!hw;C=IW%Iwm6-|3)gE4cnz+?uZ9FfsKlBc+aVVNQ+551NQXyxk{+N*2G}tz-Xe4EkVpB1PLiR@n@ttw zPIBd+V=_wW_k-+JSKO*+Q`UOu{JN}T6HLkURLw>lS`p}q#BJ48GFT-}y{FxbR&>+! zX<&+F$swU!btjt>?kAJMa^@5rOu-a`u4!N|kCo(#&HN86Ib&+`;d=K#jr%YBb#j;l-`VIl8{tVJEZAW6Ji*=|8@UR#!GvP+ zm>eBEakiC7Ze|?yLGqt#KeMeK=(WiXF&90FAFS1yMVo``$5~@);w<%mv`I4>nM;{k zf@4OB1!s&^m@ZnYLeFI4A?FHK?^+rrnNBWsmVu*Yvodx^igLV8xD)(~9*@y0d+thh z;O4QGbmA^@WBa4Fi*yT6OwdJji4JP$;^bz|RqUXpFqy_w?IFXGT8e0uqBD)|T9$_n z#Ua(*i`_Xq_(hgRY)j$l(Vxv5Hjy%UQ^Kw?{K`T)C6%`3wv1C&(nSsd>PWzy?egOP zjTQPg%I@)p2Y1F6vuSn>6b6dg9l;fXvDDP8W_ZeY(yw~ZA8=+7Yl;|EsKmMYEE_Xz zs)sdjHTO|5p`sL^kd`!!tsWXgQ>69lPTVfw$!u%hHOO?wnALcqDHe~M?QMdMNocH+ zYv(jDT41NteAHvsI)$U+uBgV1R{iBWIB?6(F)TCD2($c>JUvc^lkaYy-23xW3yPy; zYvTwMWsvT+ze5e9i{RC(&zM|6p8T@EI)*d(8L_zAJQH*D_DyP$+o*eJwkoX}f>2{d ziBR*&jn(c_qmI*~5>Q=jwGuU}%_n(lwB*>hG?HcDN?h7wn5*sSeeJ4DMkVi0!?YeB z5ipYFcyNLAMyYlr`h2~`h}IXdlVbJ0(7}UlTnl|9lUQ%2DL2!6W?EivVyB>`BD*q! z*gXx#gJdebIMy1JSb>z5>#s|IFxXtxko1H$A+C-P$YRu@|A_thpoTn$=dXNvKF#RN zDN<0PY6&k`i}_EZGrFr zmzi*dZ2)`aj|jF`;DANWAz_6E!x6b+LqG*ikDc1MH11yXyNv~C#!XkcIMk!AS(S42 z9cA18JR@)$N{dYgHiaY-sBluJ;!P(HX$7*{Nz!f$=C3F8k z9QJ{l*^VK0czu9MNc5R;F{3$Hr@~idz4-ch#uW)Hz+>%(!Gp|W!?1E3GPJZZ9X4Sq z>2gMF`XVfYDkkX_au;E1!?^2s%>+eP zNoiv5p>y~O63)@sPG~Si+J3Bq$7nw7S2F3WiJ6JLvhJ{or5c_zZ;TXbKOp)*& z=Unu?fMzww@#?|I9Wx*w_yKp+^)!^Lm`Vd_2LUqwLx*BpBQOJ0V6^E)Q?z$8*tv;d_)TXi30-n1U{FUM`Ca7JVdn zZ6-^g<{g%DD#w{l9SSaxm+La5j0OXBqV++x{ORED=3 z_#94e0=KIVEF{0@(5oX8+s;7^7baAIE#02pSPR(LY=@U!j`|keR7G^Oj2V76bvOIS zK1yEGGfuBqsw$?1p6!nJG{csPHIP))>6h)vnpN^qAE7;({(@xol=4UBsl)kMy~B3$ z^pg~E8Pr+`9d&X7D=yt4E;gy*vZX>y2=%;Vlio__yh2Z{qhyhW43?P%EGcE3XeK7z zx4JkXzDWmT7}>~qURoJDx8tSwdbYztM(QLkK?|2xQU;qd_KeRLYT=fjByDGOMa-UB z%vL!kUrJ%#c;namoTAQ^9U{{w-wNPyMTjH=x&vz?oO+bMuCmUoezZa6hR>#X3e0g< zkW6HXPPyHtiZIL(Dk)LnGK?v6uOPq z99yFNl_8#_H)&IpVcsW$q!yX_yFN4+MVJ@fn0prRY0Rht9DO^cs{wkTD}j%mK|;S2 zEk5r992d?O68c+VpMoJ}g`Yau9<^8B1kPd8%2Z}Z6gvBae_Ot^gH~qt3RXNTw$X5i za(>)d&h~_HB^QiGID%%(#amEQRbbYAV9Kw3ZtquOe=m>j9GpZU_m5k%_qA2639$*s z3iISRy81U;E1`!4;DjSYJ_-nE)N#t3ZlTdE+C%&6MQ`@W3M~Y z?NLoZfiyf?jP|8Fbgg2&YPNeIJ7#z4*lWwPtgbgrLzNb@&>b)^Z-?@eWUqc1H|k1c zLPd>sN#Y1MR;?0@i~M5`pu{LZD6wGA@IQy6zt?24Y|^TUPMFcax5h5o1l9k^^KkZ% zOk#r%OK&Arc=;F{-8jQ!kUAq9O~XLlNEFc;Li-pB-{}VGA4-aGKlzdqY4!$zrt|%K zuELS}@9W>YsX7#qfVfQ;A-3KEtTsq2juo6P6ZngSQCrGb4}Nz{n`*~G;%&A(N!!7%V}13hgteNWmn;9i_;iMTd5`=R_eW<=r`_UMaTGgxNI*O`9PUgn zvrRZA8`8xdS@q?Wn`~6yHxLUFb`AG1J%r;9DCssA^~q}e9HG0KZoBP ze9Hetcb$DG{B8_+1DTCRUFI7Su%RdErCJ8GQ6dd`X{_L{Y_2Po&V;)h&BVQ&%tP~g zyOrmBnL~Cs-gkV&AYF#!LM_67sy7K%@`Sfo;OBP5lk;)@{(O!vV)tzmH5C5)_n5KU zmj!|CWYXb1zPchO57=36*kt#oeN2Nl?R@I+^pF+4F`Cb4VOt;yjL+F*JO}p1u=x5s z^D+p2%O9C?I%g>l<)aswX(P^N#Q)`@xxLoHRGpD|yhPv6bsr7WmxfOR(8g*Da}gdB z$ikUkjz2q_?|anU&02A+iFq-4We~6OQ;e0Tr;1RC zIj7N&1;-Rknp|%${3J1+(Eni>o#)$OQUACcW;mv_G#&QWK$JaA+(V=*WKsAnL_!}Q zs?vM-OuR|FehSi^@!#{6-FVgTUy0f4mhK1DL6*e&2VrHVoZ{9YRh{e*l4+k;gZpt59(U!G(xvj?%?X!&*Fx1QYqhF zV32-l<@4T_36BHdjPGmLBGj$xW|-nni&Myi4QPH_9$jC z^jTm|WsZFDl@RY80Z_F;Wm-4_lYJx`99mNy&XV}mY&DM-7H200v$D!Yq9M4uGvJZD3Ea!XtH8rvY>f!Z@)jCVuf z(l@}A;b>$RIhY|&hf049Z1#c|^!wv2P0oP#Jli^e4bv|{p+SP!!}!IUkuZN{B#@;m z?$OO-G>09Z`{(}mqa+`Y$aS3pt2#kBiznnc|4pX71PwYhTxb5zFQzwJi1|Lg5d1vO z&`RXeNKo}Ap{$P`pqqC4{+wq0zZhQKHt#}=Rg$<8=`@Jv?@GuOdIg|Phm$4RKZe&f z%l;&A)XHSRW5_AN7&W%8u8(v%0>EOaOp+;~UfOWX zu5>$@EI(xJMQ<=b{j5e!mY9RP!YA@( zs_=_ zsW{GCRM^{+J;&Gm$^PV$6U*wouNR52u$g4(aSz>Kmm~wFbF49k95_pUfWu0Ssw({q z@+PV35KKuqdgVB-hv4Os3JEXoBnf}=nVM)YvFpmN8en!LNnrXZSTKCFbRvb!{Na!9 zq}FeuoWP}*@xHTyNL@Va8jq#o6r7UWw6B%l*3{QfAEG-XW4D$q6b_R)x( zC!=5b>|J;Vgz^%?D_huXset+ZSB1^P^o>H}w-ukx2hV$d()enj#SCczgR7N?^9)`2 zVhe`O)5YIos6j(nfxXQ69o*9*X*9KFIWBB>gif8k(t9$n_r!^+(J&Y zIeIIrw6|BcyzUt7d&?9CSEuEsUGj1j zdmNo7Hje?)+V)QxHX>q-7Sc%kU(3M2W?=|5F`Z9e5*n@4ozE=T)nEFv#jwy8)2p#b zdyPWIxsDBZw!E;T3iZI!PUzmjEB}OFKDhXfU*&TVz5je?UktA5C+i*Dy`a?#19X1v zRi~66rctZdg3lGX6fQ%H`bEOsks&|StK#|Ta)u+g>KSRC&UoDW*Hf*x{|Zc4_&2aA zryl})Hn1e^L3dmZcl%4#W19Yr<=S5XRV&-e`mF8?l}mz_{+=syTt?I12p=+r>hws* zy0^pXHHUS^Zdm+05IYdOS7Ybe(@Wrgxsfv|-aW-GZ#7SNqF%YRVxKp6S2CY-z9ge% zSE=DX=4=pjv1+VZ6-7ETQs41>Ku?7W5Zw5*EO1xIPEi>|zE5lQ5|^DYesDTuE-^B3 zp1D;Lhz1JKvv#+c^ud(hDsc?E(kgWs%=ZLnXLz18|BcJPHm*4!#4(S)L+zMcL+U$9 zy(Zm$dboU45bb9t-0Ll+GUhpGm|>-64R@4SLgKrg-VbnBVit^p#=ZRHGXXj&; z*9ED>E*mYd z#lb^y4|IqJ|Gl#7)8K*|Uc_$0{$+6f8c4uVrn-Z)r#XYWby3hmb*ECYMW62_2>iF{ zQMI7=qI9UJWQ=?`=8TCG9T$spHSddrt!g$F-^j$a?*DCOfo<#*UchF_Bc4%>{0cxdp-S6+=4LMEY z>ydHPlQYDJ(R(-MxR#=rB=iOf=t*oW6n)8)tBy1BIy9c>3*OI;<*x=@%b+Pak6%Vm z{X67~pMPWk-5BK)H#Jgf9p~`3aQL{LL(240an%Jk%@nr=%>D(00p7xPoPuv36zBCX zes@EQtmrd)4?HCE0Sov_{^X?*JdCXFh18FX-$7#w*ceKuV3_e2(3gj;uxHYBzmZpr z&-Eqsk9Vxh-SKo29QF6Rco;6lqOo5t!K8^{EYc7t#1 yr6jKAbv#97oSE|m#r ztZ%e(Q_^WzwlZ{Sg<+6{PoJeP?yeIPE4G)vtfcT9O>($u_=(ehbg|Y?7>>ll@|A9s z-Q$PaUf*^>99#1ClBub_KmLQj8>>#Y!%U*QnuGQ#tHVbeKFF{{3iQ|1w?<|t{UP!+ zq4asrp-CB23_>CYYlOn7j%&*u?DZv`Ky+Wt!Nc-#9SyYncCbCzB|P!)D5;7$_v(`A*r>0jAAZ4FwFbbee1c-J+-M&Z3qjH(fAB^u=nYYm#m&&m z-SLP&J+IY`1RPkav4xjNXJ@;^;)|?1Z5jLqv-at2`n7EWI9ZQA!KI6ZQ4rC;91S=* zU3fYwR<+M_LYG3LBJH?(d*SDqfo6qG-apPVuj}o0ZsC|H@@21^#Aw?Ge>a1k)|#X= zv($e#DVaKEGvepqRsmEWY>BQ^d}_POh9|_ zDdEGk>&Uv|S%eXPFo(ZzHw2j+-!Xr~G~8vjG7fU_SaC)tRU=4vII0qyNZymv;AwAl z@@U22R&Lx$6aByNQ1GAd(5RQoH;eVR*Q$obEwo*83-dFwE3r*s|yO$Qf z4-)#?J#j;2=ef}-YFxfln{JJ(L?#biv)!anuU;AG{@_Do3wysrb6(TPbhkumA&=Zp zR*meP7K4ve&qy-K{?*$=jC+Uf=BDKC zm!6khlhbpqe&p?rAy)@zDHa#7xg-%HY{H6;1^W}{uTp0el@<+ET*T_@X$sS-+oau@ zS}}iDjk|!xbKof9Cbv53`maS--D$=#iAScLFwlUzzar@#4#wZE0i`$noSmx1X^Y~- z2o_&M*f_4far_pbdoMQ2&h8jS0!;3A<|R*pxT3l7#^f@iCZ-D(`QBXDv)(1!)gFQF z_d_b6WkHaF*MZdI4ToIC%6NT+>n~*BRJ>XQ#xo8 zSwPBDgoJNkOTP}QqyFs6I2q8hP~bsfz9ro^l$qRc_~k_x6E}j(`;Zl+R0OBhi7oB6m!70HOjkve_nrduB}BMf zhPG-r*?sN<4D5tH`;ha;bUZ`Lz1Qentun(2XmR=zjO4SF4Y}{0Yd+o#SaQ1T(=K_{ z^^rW?elPH8C30W1aZnF);dEo@Nkl8#hVe^vlFV2)zo$;|Hhe{N@q#t=aVf=gxjEkS z-8RmvEV%+IB24LYz-)bh>e)BP)7y~!+I+B^I=iQ_`im=eznBIH#rZuiI4*-8kd|ur zBp5|8sa4Mjs3N?9%5PVoRbJm6h;yFT%stn!7;ngCPadb&;)gXsR-AfOT3(n?r=zeG z>X{wn?q$9pjqY&o=NoO}-_I_kU!QGS-qtQ!IGBCkve9fU)_ya@3;{!G^g74taZd6X zbRFNaBF=wU3y7CaBs^8~C{DTB%z1M9UKT!RKO8k$hgJT7?cU4Whj#QRsPQ>f@kX#} zI6JgbqI(k!I%G6lw~{aW{#{2jjoSRO0&>sx%}uBiRhOO zt$S)X+wDY_*JwB#NkWQ3pNK(;@7N-QJM4s~>Km>0Rl}CqHd>#xIP=!;yOH(UU*_ey z3VDGu4>uC6>(gKQ2rDY{3y|;X02`Kj(T9{t=f+N<&Vwhl+D#iTh^Zz zU(s){!KmV!2h<1;WH!}cI;PR*in92dFapbfsA>rB`m{o>HKDX>g7oqOETG zJZ4}W_QR5{xbB7KeprWazFC8&e`+6ZA=Ln$fMuSE-&^cd=ZrU^$cC2gFGGy!raS#= z*{@G%D$lqyON{L&DvkzRcN$t4V$KR0;trb_=pM3|;#07f-2Z5@A3r1AFReYwH9C!} z$+C{lEmk>b_oPt2R%u7FKTWn5?Wsoz@LzSsI5@9h>1e2R>-~%QcWutNCPwgVTt?qir+q zIy(!OXltE>OD?M**DFN_&YCaSXXV7KSdLch+M*5Ys zQVb8DD1TY)u&g2A5d&6ka#qke4JD4)|H-Cjv_|X5!t8>C zf~a`CT6g~n?&W!fP%3iLySZAef{kIcV_2;g_yZ!Wz>Z!!2>7#JUn&CL8 zZ;U0t1MFP&RlgB}dmjI_okQRk6EED;&;O$1-#dC)sQ^XkF2H*S8opk%%fB$0bUZl6)h+5b*H9#zd%zym+$CNbOtRxEj*5M^!niE+@q2w1Yx;f82V_E zRTKKa=w5@R(k@#!e$$WJ@2v22e#0z{lo9>o(vM2Yb;lcj3a1sILoX`-F5NEc3w&pN z6NNZwTW0p>RvF|o^nbc=pB(+AT`zWg?t-a@rr#slLAm9oZ8Z55`4C0G_F|fiF9HL9 z#8^GYI7Dn+eD(&9Iqhub+U?K8wafLn+hL3M9@brP3yAz>^VG8k(!&e)J=kNcyhgL` z4)^t^{L|OcB@uV_RtUBU1Zj?(_&F-S6Fg&ucU|cp<9R~mig#Y>Z%!L$GsZjt|2(#q z6{EoZ(*d#C^>M#`I-uoiHCO9i(ZFt0O7voO92(<9|z-)E?ewC zp=TFMoucGW*Y556x;y{g9dhAQR?yQU7pO0W2{c6+t}z$u{7$E7IQ`9q6?+~r&fmHB z$2clfok{Qp7JcdKk7|eAYy%W|(;E*QU+m^D&6JOX48J1ut(Uwyn7KItL4nEUmZ~Gv zt-Z?e!W=PHlw!dW_Eh(T}|T*p!gU-@#ovsC8MtPI#CiS8hE=mgSsl z&I)>4GtC8dS^*_e)kK}XSQOxM;yLqsMT112#JR46Sy~;vt@^@{zRxgHAS1o- z%Te7e^Vi3_tS@wDzQq&db^m;2$h=+z=vagr@5|JJF~nIOCA!FQ`Ig$aVFMbb8Q<0T z-v#~>a4@1sac$z&GQ8=T+r@|Imxp7kpwE$25AsLe@oLw8xSK3y$B(6QJhLh?RN%Ni zet&e`wUe?lmU(WYW%Z;3V8+K9awtrfe(n|SX~7^TXsmcHe|YE$Jo>}ZjI)>s7_K(F z2i|C1p7B4VYv9of^Vl4Y5EuK=>9hH-UmqD6Q)xeBVSah_*ZJ>pH3ZFBM6(c;z7j5q z6USbQc&{3jKkxBux2)c_r>uCaEt?h7N0G28{N- z2BmWpDa92ugGlSi<-$pShmnM})A!K$P>#712Uo6*iupCw#K<}c$MG2~{I zj$Y6akd6vaKHMF)l~?-KXuaMJGS0IykO((Q&Oe7OMT7SQ;< z%j@`ar>bJCs@shIl#lzW!vh>K(f?d)T|=A}*6~(qRA|g+eLm$~uRzc%+~mqU3jkC9B1IRFDwgtJf0nzuC5Y zFuF*=;S$w*9#>sGjF_UC%u}C$79-Ivn>dLaVu+b9=^|xkaI1qcj7o;f<=7|gA2UiWtRJG3D>ABY7Xn3jkw7~7= zT^O5ddM1u+Je{9nLGFSOMDyNv>npHoyG?~YaO6Uuy|dNSOips5V*09(b|7KlF>1ir zQjvs0sWIx|e-G&~{>MkjW4Pz;yo$ppv$CQq-tSD8z2(q6vkGMKi$lVHvbFs|9Qiyd zthWn&%U|s7X;6)3|7)K}AE!UYR8i074K>W?K_ZsRrjrp=;lDR~n;P?RZi3z&D1?DfR1v&?N=d`jAYSZOrZ&7V`wrY;4MgJLrXmxX8#+~7*U4|s5foQLqcpsPPSMpf46``JJ|Wh#t4an(*rj_kyd z>{FM_aoeV0df#x=lkSz&nv$}*53>X^w|zt69Do_ld0C!j->E01A6?5jFWj&`>#~kM zC{SDW-F%9_KmBQZV>xd(C2LY|WLIH~^GeVV>u;a&6q@$q5TJF9!0YPT-}Ap&?7VyD zuc9M9TP}5VSmgPHM?jWjHJu-D)Bdn~-S;FET1lKn(#Ye;`21jtQ9LGA2+_K}`|w+< zCeJ(Ff|pltC!YKgqsQOZ28dG*SA!9iAeeI;Yp6YUEHduZr;drr9cm@vH#$Ff?llro zd>sq$MP||S1jQbCX2B>LGDdspfM225!0GLGJpjI7$+~Vwqu(~H+nTch!${TrIzDqS z=2t9U>s6pUr$gMfKaPEI?PoJWc%hYQhRN&AmOx&#?*+qL7hhNp|KBYDXZItBw?t-{ z5mlzo4wcP6?_^Bk3(bk(xi=jh)?B>Z`^XK6s7WUeLAAUjCF|h8GyW@oSZ3xdgLbHY zqhR(S$|Ch%XR+a|1BkQfMP60!aaL(;Jf9AdTl_|>rG~oVT^;d%3iU6@E>9YDLfX#E zMA@5xmybspd!;;lKfvhRqEiJLDm@k#qqgY!`$qN`-1^ z@w9XsJ+5DFtwC*_glZ-zdY=2Y(I9i|Z0EP(HUQs-@Z_gQ6EH3}w;ZJ5D+=PF(;=as zY!gozwBLajdV^_m7fc%;&afjI0;qky#qG`$&H(6h0&+MUr5{B&3rmg*Z%qz?*_V7a z+nl^qjXEsTzcoaN7jet6Et4qubElTxZyA(0?QUiWnxqIhh4=$+*KZxh$`AbL*RIw4Sds4nh0#0b@JNt-57&2OXG+pzH7L%_T(wyOKJ09w zqm`lwkSHANqosSO=ce)3$_38lwa+OHkN(*+GdtC#0NWu>~ znn2-hhBu!)!K#TX0C1^?q0Pq|fwS}a#cb5?b1ah2&H8-3Pxk&j`^n(Z04YHOcD+%{ z;oLrIBgl=Eb6chUz$rEuZ*L7BzcRx>%7W{(CBp8@q*1nccga$JSxQXg7Ez_CK7gKO z(f+xTob3J_R9l*cBsZmN0hLBm(d-B9afsz$8s;0LLc+GNL9y%%queM$>~7WR(u6VI^Y;4(Shql+pXAugC3g$z+E> z=9U=s*(U=`rgQ*iSz?QINB8U4=a`I=rFAugT1F*BU~WiOeIi z2%pdzP`)`P&vA%$S+qsO$XihMxmsYXRc*kjjDgp6<+jVoQzzRPW1wHal75Ym)m&r| z^REDVsgGUZZ9eW_y5dIMvZE18&jxu|RMumDRyuZ-e{Ka>)}|q&*yQmk&JG)9A8c@o zYoawR-Ul)>DLOI(Swvr{pFS!&7n!8J;Pm*w$PEa_YZ=9Ys1ro95)6s`-gNW zta&vk%lzCwhRx%(gxAaIGqfYc_rmjHiUwtoFAL^#r5I{d>Ci{WeU@KL_QvYx5yFGy zWP*tHDeAG2o}7$3wc7;ihUeBkh$+IFCzB9sH>WUnVR7B&M@WXx*+vylhM;>qWL4b9BET z|B~`s^}gh(<$9IRC-dBQc#UPh-7UIf#WPv~l}v3tXnr;zBKpbKrQvLzlHaD!AuW#* z@BP%P&Io(I6h`hAO%srS28;ef-56sPnGd<*duGzp20t)Xs8oPprfL%2`qvPaGpr_X zYQ_mW%;74Id?{-XJzQ&5F2^$>8*;8qbu5oZf|<>hnAbcR=`h0&C@U|MemUV&G&li( zVVXIMoY{#~jjGp)AC&U&f(!$BQpYKO%bF{+0Zbo0bcYs&hV$=%0<%zk=)*0IswIV- zs4`3odk>CF`L;P|$Z;8scLxD4uR(T%-UV8f63t*9MXcN9AKSY_*}>=B4OVEWeJIH# z02(%%IUc$Xg@=rc(qgt}<)oWA%jfwbF#!x&y*J0<-L@qgLhi35;I)dxKO?>Ag4OA- zpRhSK;%<`Y<1MB{r%yIf6+;WrQ$4$CHA)}0DvYrl9CwBRWT|3H_~R=KncAsaCBT-gcTu)%5Ed4c{dDFJ`hj1i?D zFOal+pG4Law-7BlTlwOP>amKeTAuO~N81np-|T`MQROf9*oL>hy{!{tY37Qf9Q@Yj zz%P+rnwdvlU@LQl>9a}eDi4gjTFPsoM(6`^-z~r77ysTC->T{5bjtk8HjI0G*6ObD zNrs=t1D2%9*LG1a7pxDemkJ{m<$XiAD{&VQHo1@{>IV{X+SgEbyh)efPhEY(6WQO) zwiTdHP=CcZn@8ej80n)OcF4_om}|E5+CG|` zXXZ4hs-luuKxgmS)x*`1CXFYA3yaO7(7UYdjp)kZ_SK%=v2R>@?|Tw>nDFsp{BS8T zWP4$HjlR5~T}bN83&VkS4R-dI&CfoAfc83!9voDcv}4)Beu1cbkBqsJ&E698Z=o84$HAvQ}9) zxGl(9bl9OypL1ghrP|7{d^o=^O^QcYkZc7x$j$#mD&cXz#9xSa4adw)f!e+6MTOvbX%&D93~Q%j}G20GpjK65$0)s?2cp~bg)1WyB4wo?$0sy|SS0+s^=}bRe5Av|{dMbsp#BZ` z@_M$UY7|ZP#_NXgeSUOmq0!^#lD-uF0v;qLGfP!(;xuVh`5%!fdBjT`JnM#C<%g2V zn_u~^&s1YvGG=d{8Nukn1dwy(En~UUqv3C9Mq9VaFDSjK%YTNh;!(D7fK~QRsfev( z#HV(O?8^6`6n+9Au%@?8i2~zOWl8GT|1)g8-IH#y{pnBu)kVlFrKysr*_Po%U3-4!b1C}Y zDXlXb;|;QZl~l+Lk4U*E2oG0+IH{H2?s}O9II>WWqeD-aKv6kIvy=>k#0?~m`Owe& zs62*kY@p@z{P^uc{VaqS5t0^8jsQ8NC?U5t#6J_G33}z>Ey%qrSS1zNObsLdu zB=^>n7?(Yb*q1zgnJaaB>kM240P`-mCTQx z@UFjr?Ego&&F1+!Mdx24V6_jay8nl3_s)O1=Pz5i@C?AWiHmw;XZ+1#?e|2gLZAUm z!%6?w;$N_6A$ED?UB>MB+c{g6|(5NP0^yjRl^B#2BEh-cobkyej$?-2&1)E-#N2sMN z13WIEWKIYffg^@`!YqdQya6INaET!;-Oq!!QL<$Pg?wDFq?Qfr?}h7>c z@W~Y-O#@fikY|!kpb2-U>V%)d=zimfSZCZj=>4621^Q08h^5Og&zxb($Jl!@Iat)6 zGJf*BHr_U$xcYOR;AaVP0<+ZZnto0x!TXKd=6*vD%3gKADT#df3_|yd=r<>}uZ3s4 z!Y;0;i4Q$z+_@x5h3yIgu4o*kkl(4xZ;D-k!H3V9|N4CQ;#-10m$43$=3}Il4NLEy z1|cM+Y$CjtB&z&raI@H1^)^?kh%4Ph}eS8SRkDuPE`~-*-A4p0*73bL+ zyZV5>^5LJss;a2xei(q%#$k)C8l)r@#kZC@!LVv z8`B_WO3u7JZ~0ix{+;M(9yJE5ViO(Z*_!*1ef-CgrWv~wA%yDZ{2&FI5-kjsA0 z`S<2>Q%xZW9vdnMqKk4?YnRTH&k_W*FuM9~Ay|@00#{q5-$|R6{gp=kykRqKe(49+ zL61$Y`Zw8J&8Mu-|5%dlKrd{yV2nAX)}ro3vETB%9M6j1i=5GMvjs7iu$J60l=Kdi zi}Sw=wK&_P;Z$p1b(}?`d=8gDN59LiR36%n;51{z;SNbVJiE{0>qO6Qin7e+=9DyF z6SbJNk?_?vs9hT9ht>V}G4w3#)Um(7|tS z1N|=@9Az;KrjQ7rIz?vi-#(VJ6G;DJk^W=o&b*2tht!DT^~Jx091+N|*IAD?=(nYM z6H<+(I51WYNF0-Oz-!DHTK(A|&yEw^q(itN@Fg-y!pLWpcpqjo@lrmxBEazq!c9~1 zG(brSbm6dYlBogE3g5iTMyPEtRdM#`LwwLVu0LWP+m6a=%i(Jcl5@F)8^mT~Qas|3 zYHD+$@BDEEyDqJ_IPNpr+pMdLU%MBWU5XmSJ6?AKaP{eD3aB&GcGa`Fz@kgy*Y*#G z=qT5BZWfJD?SLDSel%w*-n>=&h2j1Su@>ze{C{X(7lLoy-iK0>hhF)G1MJV;FA)fp zmWNNo9qfiIc{iq z5p!iq)L@G#puypqRALv2n|X=q(4&TejX_F4TYjjTNgl1;DY+4LH(l0Ff19kl?yXX<4$=$_!7NX_VNB5}5Rz^yPtFH1sI9fuL zgD6Ty-yj%|Yp=o|yh5WumGq!8_=L0g>)Auz*9+%$?fb9L=4G|53eC1mD9wfePKmVJ zFn~b8UL#Xop3srM$**{coA*|iPuwp4knpWwb#%SKIXwQ|M?OUVd9MoGh=_PzxdgQp zOB-WG?T{oox*i`1JB$&YKP>9S@A1f8`o#i$Ww zYu4nP(Em~oubSKG^8q}i3>M>le|dk;co@B^6usxR5p@_XvsSZ)#jmTJA#5AIvCayK zGvrCYKMSWZv7kABt>0(JJ_4kQ`HAk`STk@-nUebcXNt9C{*jn|g^c$EcWR%NEl zO$d7L`|`Efyd)pqZ2u3=3q$d6zU)t9ABTQ}19^huWvpMO|HD>gydXP$=+Pk_dFni4 zmkg;-k5$>{dw?AIm;J&i(1l=KDp%(DBb^w#xb}nrU{F~DVce9NI9%9avq^-R50+_f z{a}||7i36kyf}-bW3ZLO>m@@>bUYv5xJSe3I5e}`%ISGApLTx8y6-*RX?Ltj`ZfDY zNuh|c{~|WcF3Nz#3)*F;WgyO!vCKi`adr0ag%zpWVh$x4+e=mL64*N{399QsXYmPZ z4}@FCR%O)+|D|(c4Jf_qB*YU$yQ-XVdU=Ct5mG9D#rjfN2$4Emams%3fu@~(sAXh{ z!z&L1m#mn7*2O}SX^V#QI{cCv_UB4dA!}%*PC5&B)cA%MT3lXtFXm4{b1g&F&IL1= zfg3#$06ql#l-0y&U*@ht(AX51R!8ol*cp~Yp}{C`6wU7b8={~AN`~(Bq!IW1G9@S8 zo`RKuB>3F8n>b!rIxNsYk`Z@qx&oA6=xB^s^)K}gW-P_^)V--MP@|OKiiPzviM18P zq&ee5Yr<5($-(41m9041Uvs}FsNb()M>{a+U-))3_IX%6oQ-=Lf$WOl!xe0-oRhoU zEZ3(VzLWH*%f1HTd(g!GB|lhb9=RXa;)d<#EXAYcY_8(jSOnK%=!<>Kbb5AdVv_`< zarS4yjVBu0A(i6OQ%_{e0+uoOaQ{h-afl-*gzvfY{&}0Zq|XjtiZ}rmpUGa+X;Fa= z!QT&3pEMcB-9MGP``gkC;8hPDmijKn=~j_p{l8ZWb@CTc4%talw=&uf>~b&^(5iB= zQZdJ1P|-~v9pQU!VOSC`z3+*S!@kJX{DGhU;k@@KPXd9A_-ElvLVGc==JW2Rw*DDK zfc8)R=*?@+y-@WAo7&T*Cud7oZgDCXdPtK;O7*#!|c6*Ub1=v{M+6)#*AdaN*iBL%)4S zTC3%b-r~%+7tv)DWb)G1({~JF&Bn#lTEi`Wx|?_Q$D7U~hrn99(Idc{ z^Gmi*&t#HbN1m=;a-6P4gF&(n8~LEm=90RIT}y;BiY4GnnWHQ&#*=5VdkxoK;zI7E z<0--fUTm%|+2I{MPbCDTq0M{zhr3gs+r2KEjgBw-+E%z6vt5#CTl1k3wz3{TX{H5f zk2X5!YxP=?SHjFtTYs6Do#u_9kX49&H>C=946eH_Z{@2TKBF`pV!=~Eo8bdX`dIQE z3HI=kI60Q-XYt`!B{H|gl4G!y zjVZn~5UXh-4?r9;0R^vnNXrl%-!T(~AqIQI)+zJ20J)$4JjzCE&nHSOJ`eUCw@#Il zMB(*W;%a=>O0D*+3b$+z48Zq^oAC#lVWKB7gtZrSp=p9fI_R#a(cLA6(KSbX5C-tw zS8KwDvkbGSfNq*uWOzjpS8suWMZO%U z+0*3~nIC&t9YzIV%Ab*N7LKM`rw_zE3}!cFOrO^;FPDDPruIqtX#ifSxi+U+n?8kq zBRIhSuZi&$MXGdvZly{Y*NlEFX5A2>Q^W6Lna&LCwCm@G|6|(UoxqxvKU9&+yUh5U zU0IX)%Rt^3e3mq89`#m9wDS73@TSDWn{(9d{X!de|8+KA<3|_u_76m6Jw-d5egDyn zqYEClK9e@86Bh1F0^NWKGa|fpq)5nd_B?VbLKIV=5))gS=;T9Gz**O(g9*0eUtLXI z7C(sgS;jCk(1xwkk9-9dOP?q>$uS&^eBcE(bIfz>Bts`{ohChx9C3gDrXB8s-5##5 zEq_MOwK%FXV7Uzk#PYr_w+{ueJC3HXiQw49e)6xG=~dhol3PooIHL!c^%|@uK?+l zP2!sodGbLv)peucp|-gYJ&KmS`ezK5B z9*k{W<|pOe+xFZdRgkI+y_dxjxY^LPD0h2Bp22@%XzO2>!_!sK5Yka(Z5Sy!p_B*=bmKzFoyu5WFDbfe1$H~SbGBi5q`d&X z*0d!fSC4KozmDt&{&QOk0Vth&=jYl=c)$o3)u?NnC)xRY*G0cJ%CNwY4Ix z&H6e{Yf1b}jX#F`?sEH_AEj?vFA~WIOR9U&uh95NBFAv(XW|#?76bI_VW+Q$1Q`WE z3WXm>nE9R6Wx$2!CJk6e54QLo#YH^kn8|SW@Y}^1Gd}K1V-j38U$fue3$kKb{8nvf zWA-mkrhe&URAjdEB-37iH_(!xg>DWnLIh?)2^1{>_GUbGQ0src8q2*(pZEK! z6jnMm$Y}Pj1?aH%G`&1n1puwrXzs+&21dCs0@a{8F}5hGiZT&9$EdH=Y}W;|V~=-j zt*W`{2TLBVJ4a7OiZc<)K9WbpQO4^evY%#59@{CTn4iAshamHRr-wt<#nQKgn%E@F zj`jH^_NM4+Zof!ewi`|+p0#H6IW+0n&cG+t#D^9|r=_8IDKL1Nx)aT5HxnUJo>PgQI8IWu?4=D>%3m^#uJ+jLL4d!8YbXQ_iy&q2b)Lft^VGT*ta=8%0 zfR{C<3MQjbJ>N+=YAf%}wSF5)+~hToaC|+!KTbXfJ;UQ#G?F6k~HyQQJr)CC5$>R#C{g8pfLN{ZQ>PcgJZC*mi{2RU> zE7O8j@gkk4OPb|>2veWvuFt%B{~VtkAiB^o!_v(A#8l^ZCC%WQS!n%Y>d$;(6fq~+ z*PhLy_9R-_Q>9Zl0w<2g^~Q{xK`$GU9J53Ra*Pt{=p|)oi%Ovi?!rs1BPWGyGW4bB zAoNfC)@FWyjqT88|HjU!yKrb7qPr}q5awx1$1oI?zpB}Z2cpuYGl9!(XKuaLP1jZI zQ^uuGpL(Qod0>r*wJze3sm-2UWV*SDgA3^FKoA0`sgp+Jwb7d;cKNbia(h7`p zi}G;EYe`75tFiLz@qD;L8yzv{ZNeD;qUc9&VU)*yc%$vlor;NEuwNTOj3GEmkGHB{6-cHQk{Wt_Uj2Vb%F9(3u z@X=hKt|Mp{niI74tIB&?u~@cLj#<*PgFs=ec5?~aV2ItBZm-%u(@zu>(5+~juPRyp z{Cp&j$KUV#y8*LNW@cG)>ls15Rt6D~W{Q z9ECer0*ZbFufvch*Z5az2UkSB2)4Hw(YS~Sn8!60pJ3V<(!kpXy+-!IK@C_llCwl864coF^Lc z-m|Dt^3k~-4ak_$c8Jsw*HR+TBGz@oJUFAq*63kpLT7Z$7C5-EX?8IzJLA_Is3mLt zdeq(E#Ab+xezRm7ixX&Be;*TVZJvD^l!pJZH~dXG(<}W(IGzf5>KY93;8!iYHpFGE zi9EpC;?1XbB!2IiG`^XYwVt|(n@g$wk$&NZsXLKz8RVP^&b4qh6(kPJvp7C!xs>j@ z?+JbaiL6`o9A*Z)dN^c7YOd^@EpL!U>8hB-uoY@~?M>(3rTLqo%ecued(q#U$?uwo zUQ#5Ngru*4M}p_P!@Qix^(#$LKUJS{1N$^qN$&8SYiOKJRNtaM$+P#L@@pl^?Ft=u8u6f{Dj+Cd zGEugKQI1&}8j72C2>jSuhq~Mi;lF2d-+D1H;L^rcX%*Yx!6Dk0ZUkPcgxZ|_kvIG@qb!^ z;9qw>SF#r~znyrBXG`iG)qWNJ$qco7%=(q90faq9%yVj_JG z*-)U(r_bUPiuVIHM_7P`uGehdh?kOs)DPEHMbnXR&EOb?^GTzNYkR>3MB+sgbQ8eG z;u`$S4E;wSQ*g_w*|vz}b-nU?j?h%{ zJ8~6&yuU9DxL#aDo$L^(;6L((^B~JH{jV8mqF*meFTzW)vLZ&aptIfieI~1n)R05C z9ZB>v;dC6UUYUl2IE+)JmhWAr1YF&;mLk#lw+eZ-b@@Mq%k~RzFY&Nsw)s5j^xG5T ziv8d1KK@W~K{`^u5ky)u}zYY2ub)T;F!Q3c&A7j|CC$PNQQ{hwW72kEPBrHq{22ecLQ z(X(nsEWNhcUxre<8s=jWmEFNJgUmp#fjn2}@FyAFuyKCpqr2X?*;*KP~Wv2HyrdobFVeR`pi=uzb=PY$N#K&4YY zar--}`oN518N0PTSRhY8VD_Adm< z1Td?2pGRrz@BH{Z-*aJX!@(Zt9^1;_fJe(ab=T8Fvn5piXv;YJ{N>x@~O8#+a-z*@8xU zJP~^9mX&P&H>JrdaGX+>g!@LHu7&(pl*s1xL}>HY6inA~cE-b+O^6I~xunog3%N&K zkda_Hc)tKNOTd;0rGIJa2HL6n7%fO0gH*GnC=v^BVcQUNNavgh{~O}O!zdqrb)HWJ zv^fYn(J!!hT{L9+O;5~*(yaK1^t#DM8Jt6QO8b`*p zzAAabml^_sC9$7*DEaS2ELpI~c#-QCysMC4Jxb$e!S6THND5aF_wu_%(67w`$23*l zjLpHt>ayjZ_X86)HmKBA0L@qIG)5)?6@7WB$X>Y)krgf!zF6N<8@)L~Rk!?qXz?vYERlC z2Or1y9l`Rr5nkrOCjWkS+^0~vz!dZke`zCO0vS+C98K)@IPE?$O%*)A6&pl9>~F7hAkHlCVY>s(?E$eqs&q>Ug zdUVBpUDC`{D_TrUq(nrvu;T&<(lT|C>Zow-lNVP8C0sf$r zt9jVTn@s6!IuAAp))Tc{QsGjZu(U7qh0TO_awQ~F%>2%dGI3ZJSSx0AI^38eUMOTL zAZ5x`ND7{>5&x*-3fH_|r#-$vL@7rUU_Tyu>06s{qp63eq)>MnCF(obU1}(&a`)9@uS^z(@ce%%d>l zS9%6|(L@B+mlbD80}+&a9!eB$DSfT3qOOFRn? zC>~XOXnhSow*)n;q^4le>u7IFt4wcz1YzsN9=HF=E6<>nTJg%lb#$%Trm2`ol;e(j zvhZO9%?L4mTfnGxSL~|phv~g>b*|OwHJ%L*-zTiwOeYfhKY3oD*@p;gM$oHwrHRfr z^?`9p{wcSe1on*D?Gg{ZPd_!DG9I!@gWe)D9p=-D`BXXp z@sbDPG-?r}uKwXQ*ZCyWOUmAJPp${I{hy{wE&1Bdi`^l21(OndA~*=cM_fC6-x4fE znT9;yE>o@XHuWL-IPc?Z;Q!0>xY;SV=E9`>7O0T@SFt=d$AwftL27IEd-Oii$hfmU!`$X({UOAc}>Y2S%wv{N1Zc>D>HpIs0za z=;zV?;xetAy)si#Pzm`-!~X9^f4JnasvpCzEhr<}ZkitH*xlzpZj+OSn61GbB3(&pNK3 z4bX*Qh(MvnpP?k%u9v%e4G*C>PceHLZ2pT}#SMItES`!?7SXUYMvRltY)5se(~#cb z72mb&58UX+Q7@4m4em=V156Z6Q@^XMuSH`{0_}Z0tA59}o<2_giLPAy$iO`o6?ZBZ zW?K{7ayIM=mSDxPgrj2NQ7GA%hEv%oj(Z#OxlDVBqtF!teQ9s|8G0vF(lF&v2C-0< zkGx*aGxha*vGUwMGQ6hmI>GI~=jl>d%YqkMMkLBqXXtj0Cbk03l(usVUVR?VCl>eX z`)S$u+fU!%>iV>S(>BSQrimce1JWe-AC8$)hz8pGw5z#@cH!5fDArJUk9l( zuh~e#ADYe_WHLjQwS2!h{eg&->9w0en?5)D5q-MaxGvb1ZQduM#`X8PUx0}5JZWE5 z&cTl>S6EeAC>K9nFQ5lf-%fe41>mD8yA_J4smO?xhoMx~WVh{#xMrTjfDT=*Qi}y3 z8IaeppoRp!hp?npaarMCy42oBO{Q!PoYpH|$q!+4I=!W*3DwZ<-SYWvsV(a3Ez>}5 z9(v2boX%F-)~LfI)Q=nf0Gdi&mP@3_l_0+-UHW%iuDMbJRsFn|Tkgtv%`8|uH~j6) z7Nu*FRE7n2BiyRUI-P86?XUYjWz@uM(Q3ss8z9i#CFy5Z|7O86&gTSG!}LsbEUCU! z@)w(f`f*aZEQ9(lMmUSFKr0AFq}%iQrSWO?uW`+)_B!?!`& zJXt}EifxeP$=FnEVIA9hNI!n~wBcY)JGNN_=y8Eh^AIWQr+@3%nnqH#OXw2&x56bj z7sg{^k>t3i#0fQ;GnBmT8HS%KRRdTTywV&$ZzWf3z%PVY%dy|{Y?{T&Nw4{2nOjYp zXuTYD=Eu-hmj|;QET@RrA>n>g+j-d)%jAn`KYn}Q#mv3OrJt-+l70R3!RIl~OAEHn zFEIL&y-gyo8ux17Vx}?_wA$A*4)|AM*Rh;y-5vy80wGpqruMcHnR5bXmgz&cfcl1| z)xORrW^J6iIaHF=rhx#}l$#N0v%VfC7yV3|A&qCJ$1S{JrOh8ZIApsESmG52`7toy z0}#fjKl!q-vDEf`=64^pkaZLNCpF0rR~p}Vqvd`{3f_`NnN+z2x%0zw*9uJ)>e>Zx zg*fW=-jSe-#3%YDk%VsS(W z%z{CYgCzVLMPa6H>au_maQh?oGBL?LURg?~hC^2H?mVSI0LuQyg?SLys#&V0zOSt9 zl&{=|C-Pm9Wq9+oxZp&1zN_`+Ze1|0L8@>T)>zx>$}}@r`|r?SuFut+!7>0@B8^JP zRXDoZit@QI)fmBH5_*rGi(C82JV_9@iqfC<i@lbeY`VDDP$4^i+k)LZ z0)p2wSXhAS6&ziGT6Ht!SdpkZthVEf`iL>Q8{O&82W1{doWSk47M7c{Wwq(rwv$yj zdBl4aX41zeHYKZA9fml;Qon^ptPjdUXWDPxVevQNc+&-=eNxf`A?uE{`o$MAu_WAE zt6P(SrSn*;@fY04-0BUi07n4%e&4!BC{G$BG)7Af(_?2W?bq1#E2YYRnt%GrccgJ; z)ov=}!g~&2UpPmJXgzo-2`}b*$lR+K3n!;jU0d=Bt6YjoV@F*4v2W+O_ERu4dB_qq zn+-iVu0JE3TYR%FwLj)2CVtppfwj7NZ$BE)5x>if$1jlg(I?s4+Jw(n3gFi?vYk~^ z&~iIHGcD<`a4x|p7pnE@bzsn@ckHMaSmM`ltINn{h8f3XyIS$AP^I!M*?-oJ43liu ztFs+Pw@9bh1(yBVZ@>3k1Ww>bau;wq?e=|W&A z>p$byC0bGd3%Qw9kFGiI&H59GT|+t*V2a+S3}c&%R-%ep3(ycuE$d2&?p? zOwl)}wYKdIuo8gXxX$73L2Dt4b*u!Ohk3yl+Hi?hL7z|Q#EEc7!Z0a_qwI73R)2r+ zpb%CK7q3^VG1tp7gVBHGhpwBX&f(nqq8JQGmx5OTEvNJ`3WAOza+@RE=rZS|9}ZGl zv9=GG#zT14ME#jM9!+_ukCi-Z;-w>zQL5=0|4K@{-eIN)#UU~742Y)Xvtte1naDj< zCH@&=s@d`^uDCRz6klYI{Z(fjXR=wxk&Qu9Z-2&n(VxBJu;bZ86z{^G8y&|6Xcckf zo(^q3qV2kG`uTY^-<9Ox79|3CQ+1}+c(7U}*Ljh5gDv(VR`B-6{dH%Ox@Ft|>k9(^ zzGUSamj6P&*Hjoww>z^#e0t@ahyiQAtpWELjI#lQuhF^}*H2`{jjqj9b||w>_bBJMG?NymH(C;qg0;_peebPY%*6c~y#3-28W@ zPu?V*Crh&N`HEM&bXV@Nb?~)#qF563T2gcKMkyXmdV+II3Bs29!x{BT-#}+HmKLG9 z)8AMvh>l_Pa%cBhAzOy_u+s9rihx=Y*EJlfqh#X__|TLZt>;hWaQicwu3>vIVFUae9=DU*JBZuzBNv)0A%A3-i25Jhq zJgJ?OsMFB1`hpiQ8#x z`W@5jYi-_TQC_q8m~R)Jl7wDmx|Fq}R7j;$?zUbqrtjv96! z^0->QOe8(cbN3&K|Nf^;KX`U{Bqg>b{nl%Xm^)VSt>Ts>Jln8M<2p7pb;2u1R!lmg z*&$ytgl(jbA-eH~COJ&=Ii(Dab#Ogutw_(Sgd`)*j?nSc`F`+-nWdHoiNs+@fD8-p zQ^gHoR*Zf7ZNPzybR>XBEwQp@tNvi{an5z%KsK8sSQ@dU*5J5Ymf2iCJSaS6;`MCs z=WUoD8;}G9sb@r0=2H6iCC$<@iWHL-VPI6KTIai_ep*P}t3ND)>G_9C{Zbu3zj4?l zs}DJ%2NXRd#f0;*eiaL{8VM{Sf=pLS$&LvJ<8(nV>vd?Cl4<3$*$`t*7%^)A9c$(_ z^ekPwX`6@U2h%MbQ?X43yy9O z5T%ro94Rmw32Bg&7@#yrcQ*nuq`MpGuF>7y-QA<(ozL^F_x=8Uf9=|}?Xz>veeTm? zg!M-R3TkZit!>#TD%Y0TMiU&7ldLumz3@LE+d<1C^`N#FSTorT=pl;u-ZD`NX11q& z;|bmJe!OHXFh9fjno&PlHB`zt<*`gTUfJWAv-&`Og>;Rh{gBi zC*F+g2px7!d48aSevuv0k{y$Z8x`tyOWm`v&pqIuaMP($wAoHf=PGL3ZBj={x7lvxewq{h8t6=aKHiuGw}au-%QqORWN1 ze3;$AY+4LuQr`MKNOdK^d?I|lkUaZd=U81O zez@OK)>jVa=Stw(88H~SklXeuv)+ntk@q6xVmL4ktZPDsLS&>qM|lElGQe(-Ul*6j zYi{bdOQZ+M0?}sR%GZux4$;wOK(DwIQcrVfGYxl)Z2NUjkMA{mviAnvveuO^!8Zo( zK>np`=;<$;EVvqWCfgI!mP|aVh4`O1Z96xuNR8WxEdJ2iMfvoC3~U`l9F_*JAcQ&| zaY{!UeZ8GO(8LCE-N6Dv?vF4A8dB6XHK>Zv1VI!rD0XK`G|-;c+rQH+ z%4NKl7gihAePK>3=i72hBRQ)Z;Bg%Qn$f}VDsGJ{YWWeEa{6R!UpB`|MrL9i!PCdr z^n2L8Q{Kv*XK(Te_i}cHD0Y2doi=R0!!|izz+ZQ!<+59p$KctcNJol=+&+p?wo1S< z?mNUk5Vqf1apF})`tr?Gsozeum#^;LNM-X)7K-0unusp$C>~Ob<2*vR zY=fFzqq$klSu zg$*=oTk(7*YX&!A#ujO#$*4V`Qh3~|&J%ZY^<&|4zU-G{F16m010Ok(4m?^hq2L}WbR&LP^1;`05n5~!Qt;=GiJQ81eYc~ix|~rP{b^p0 zNK<1rkmh7(jDsT8Z;j!&MC{o1W*0(NLDLH9sTYuohUl{!vfJ2dKIqgVDoS{ zJCC&=RZ8>~L&It?@lEeq04pDQO7Y$5m;<2=)7OwkC72Gw2AktT2gil3U*oAcWo=r7 zV?1RL@id1Sl!GkKJRT{K^S-@H>yMCy<|4)Vup#*I-9Q98c(p{A6H=^E|0a>kRFMJzRRB<%Us2ELRE4)DtyI0k2?)8X|JDE z&6-s_RF4^b#CZNvd+spBS)y=zZC^?3k6mZZBoM-hZ9x>^x^_siWOx^GI5E;JTc*Jx zecSCwrcE9{gl`sQ5jHB@V-s``Tv}kS_9{$wDzpa}3c0xH+FB}=x6|yGBh-z~JvbH3 zacrfs>{WWIv?A`9MIq14kEUR@j>=l;yNQhTywpCWBWISDcjX$B@&UV#TY6rl=zRIP z8s@~;Y2y;{RA-Tw!WP#d)gkG`*g`^kJ$D?7`o15mZ6>(6=jGA@Z)|YW3WUa2uwjv z^Q=VgmQ79Tu6S%4N-ozdA%z*qPo~jnmm((MY@tfGg(s4 z!6ceT{HDdRi_F-wJ;e;{<%GuK+Z+xgS9U5cXOzSik|b+*o9tv}ZsH@)m*jO%(EP0b zQjmDkdrIgTox;5tk@msronWI?4Y321E-y|*fNwQX)Ip|H==qM=EZuJCYGETn@`Smq zc?VXtk+}Gi%wyJa^g6Sn7^GSAjZCGB%#uOv1BwFlhL_xl^zr*^?q<@F3xD~WMU_8B z4mZeYbfMOk24N>w=>%~L{27LoxvWnT{Lx zh~@L50B*!#t>NyS#ig^2&<(qv_y0KyU}(C@Fb2kd!y&Na`9yep1p_z>>@@VnhdEDR zJS*A1_K*`=Jfna7Jn{0{((nl4`0=>J_<86xH@Z+o0tRs7Z0L$&$jf!jb-?Bbr*c~; z)aL2a0UoEI0wcJT4?3Y_jXCVqG<|Sre@*XsZ21dvBNmm~Xu4b{FzmJ4+uo>?+UPfK z{oyhF*H(Eni`mebGDxH|k@brp@j=E~=*0_gauoqr&X5hZU!-jD3;Q);T+jGqHuYN%GtFpz@q2%Z%c2 zE)pHch8pJlnZR&~?4SqMQqb{jIc$9Ln4V(X=+PEvOhuM_-@K^^eLa)a1HKCAC7LCqAG3kABNt!%ANB?$1K<4+}ipN9$?2qsh=%o=@UVS|;)?uS`+a?n} zbE?@2J*aZeb6F~n@-Dxji_kHW4HGB?-G$OYYv24lDUQ$6B~itmT5imOI-#4M$VM4Z zJ~3f*@y#_R{h}Umw|8~{2$fyk4^7Xy2<_i-^tB%BUt$~4LpCnkc!oT7{fI$^Ys%W{ zd052D?uYMq*47z|j4@Tcra$RORE-$Yo&;dye z_1s0cJMxW=#SCx=iolqb)&lAq72#>uxXn(nxDGUzuZyvsT9>lV#;}pok?Y-b(WtdD zRQkk-?{Y5gZRJ>=G1oJhR%2Lm~YJdm|ER|9Tdk6?X#dIj~q1U zd_5N|HTU3^#(8r|*clkM9BKi+jEt0!^RGdob2odn@d*R-nO+x)90OxrtSDbWx}k(X z_`M!4!X<4!8tyQ`%ul}2xVMC~EMiQgFFD^#WP;MTo<7zQhXXR=PhMvPIe=WyH=ZNG{!RBul0Pc@Q+w2#)QtA z`A0Q-m0^|K=vQxy8Ce=`gya$Ta22X`XX)+hT{lhHLbPBLZz%ZaV*>BkZCMMIvjPJy z%oa`c1+G4UfGQ#L7sa!wX`i*-XtAPHbd{`GikZtCUvU`bF)XF8@${625Z2T-yHkb3 z(x!`pVt772-PXFbq+L3`ex;T7KznbT`@H&DyVvDtXmtUJ7{?*^kg?ynt>KjG;PKtD zgwx5T0W1i7p?b%D+3PnCuob2)%38N5Y>tN{{COrF4#i=PoY0WHh&$?!t#quvN81rx zwo@|>$?e9-O=S)u-nKf|{E;WESZn5x525(>aK2zw=02oQW~97lXMhV{SR05Cc>A#; z#J$;_gj_$m!A}8K(`GY=m{898x;uohwib+dIviwk8scZfYhU#zOcF5lM~7tR!Yjk? z@Gf!*+grr@ccKj?lqWp($^8X?t~1jL?%xg>n%KmRs`&7-0~<R=>yW=gJ< z$`IrGS`sNhnhfl2&`%gdOu_Xf3QLe|Go(X?;e~D9d*LA;3R3!Iv5VKsrQE+aI$kYG z@Wgp-)_u}Say*{HfsbJI5XK6P4B@0A@Q+n?$^G7foM8@RyuSS@tmM`VSg_O8avPTX zA)c50p7MxQdx+n+M{+3sTC{8f$MCf^(t=qKv|Q*gg70yyK93Yfa@EFH#BtFMNf_S( z^>_IwX=rJ*#khC!w$&hGj6y?4sPfl|b3B1tG{inp;cCnpL@r47mNWVSv$R~+rNz^s zt+6uE8Z+wV8#v|rWW&&g6WYGkp(6SU;~{2DbCb4mi1+wZiJ>6|OL|XN2d*|u)ALr9 z#7HS3rO9S8H&uiQmv>+UuR$Mv$6*71HP`MZ4_p);ovv4{XZJmqWX!ZC#}T(OVywWT z#qozI)4wv83?^>GCS8Y-qUXVy8H{Vt9F>hUTEJyC7e=q`Ryb>!@T~wo>BYkZpT_Vy zLvhA7?YW9RadV%4b{h_J?RTQjAww?Jzr#0rx}>)r%I8~KQV^V=Yt>2g4EF6y2t85+ zi&5vexRR*N-bxi%io>&n9faH~ns4^ro=5i8mKmUWdt;A}X^Fh>!8Cx4)645L-Mmqh z`TQ5*R7%Q=v_X~Z)nt<7fKWo8t7w%EhFkCCSrXZ zoC?3nb6B%XA(aXxTLB9Mg=ifDP0Ienn1WzLO7T z#%g}v+o{kJp(m9PWl>#|al1e2Z#$a7^0$g*2|B}(yB$T4(dch^!29vZ2&NMib|NrOXl#aw8jGf5MF4m#QRe8r_TRrdAbXHX`Q>v^E>u~ z2;~{-Xv4H}UC9(*&vZ3AQqgJ@eRhDt7u+)5rZSB^8R;B&#cy1}Pe+i>wg&uCAE~p% zNPj&31!^io{8-ILv4k-4yd0oBQ4%hAftbqH%*zaZpZTtJO1LKMPd5-HhceYZ) z?V^+%N37gz%(^v953rLK)AkdMa>T`7jbX)FEqIm*tTfC^9HO%0c&XYyg3jN!mxJus zZHbc^(_GrwN-Cb4j)~(R*BMLpT+yzuTaR2Of)k-d%at#bZFe?fBZtFH>+`H3iwzC$ zS~WM5nv3GJkq|_LaZy9P2ff!HLoHfiVQ!Bz+_Gb5v1(tC zd=@`Zs?Suj2UPthy@Z3}UWUv>nauT>niiPw7EZ3w&}UYX%Cp;PZkLqvG?m@Zs@VSl zZ@-%nMxFg*pcsy!AB0Yrj?c1KJ6}xC{*C|rDxECOWhKtM z54y~D_B%@8`$#pa0O}F7o;*VxK!5Zh(uQhgRR;r>%T^pG99>)hz(-VAcv~o;z_5*% zg9n3HBpny`RA*(@|KRQQU8z-krZQ@LCcV4u0K zZ+=a!1*l*as+msZAij#0H#4nQ##PMVM|To7Rs4he(Buhq_%)VEGZ2%E{|e5EBCR+G z)skoZ11Wr4>K$N1>LGr_Ummaf8yv_29gpJ*bh6%%x>%c=OqU@{mVmK5pEq!BJYgd| zH7tI_V7IqV3+K8#G)Pz0bu?v@%gl}e60n2T#W*5rMGzkS3f|`v>GAK$Y#-imUrL0V zK)8kcfTdr>xc>dgYqC1JV@zPa*ARE&%dW$0K|)mOGL!1mmlzH;3Ps5 z7IvkpjKQ`4J+;LG%MMl9bl1<=zAgjFQ8I=1_M`oMdM^O+iS{@;tLowd7O#vDF~jeL{nl3({dTu-cVmI9lJ$oCm>-l>EzD{{zzhe&^FJkv_ZDMdAMd z-;Dyz0;$4fYZ#l`8y&4Qc=xP^4X4m^qC+XL8}d@Pg-wnB+SA znd!grtoNmSSJ$T8Y{K)$zk6y!PNw*!Fe-}@q8W*;`>4rXT4f43aTt_TZ~^0ZsAltE zst`Wr>uCGnCZ25g@=Ub$mC$dBbFycuhUg4_n$wJ=K}FyP-|XAHWP>@sU3!;)B*A|} z{9kCKE8@Yk;E{>fTDxc94-5{@^zUA?uJ#B~)_<6j`?-##USLn_9P?!$_;+Cii!3c6 z)l;W>Ob4}xkmlUx5nWO?23#~NkF=^K^^u2e>7_2(&6)qanA?zBaM+NM=SaSu%f2+a8g6|KMz|C6dnarn*g`ExhKv*uC9Bz%F7CLz&lSv zxzp>7h);WnlGv)TKN(P+sf4!=r}a#}N(W`bpXxW+$y(rv^ZK(0=YQqEf1UpS zxPzHg-q=8tRkOf7q{v-gw15wxvLF~qK(p@A%^6O6l8KUM^WB-F6i)kifWMeAk&moe zf_f;|=p8#ovNgfqdqK&LxOgE>`^s0C*6kU0-LT$ zM@Lmu7k-aL-{E!-ro2W+f3q*EcuJ*6b_FphoCG`dEc}5 zxEZ+58I}lAw!JX$6f6H;IPDv(iRD+#@G@>DrmKKy;`d)p`Cqr=U-FIN{-z4c zT#L)gNg>L%C$6kO2##uE>yOZPWHXE8&aRi9RNH?QCl~NF)uNxW=^r`qK^u@yysaea zYS80|OGM+n_ktF*3FLi&dN&qSNT%5a^YuVZdK0|$={YW*_+6a|1SaY85>bQmH4x(tI=x3`NQwzyH`@^ zNC-C0^wEh#0^fxx2h+P=rY7;|n>37}zfKdMMxco~WP2wp*IF8|UlyC2?H9TE7qdlC zVb_}30~tyP**E>)6sSB2A;Gsv*dY0)$NmTl6^J3`r;bpR30VJkg^Q@R(A+|dF<6%2 z4)e7Q)v7ubxcY!DiQ-4gc_hpKV)H(6%Kl2%Lc@E zzx$TMP^N_uw=K72MUxso1aJBZtHF<0xwZ#k=^P~8a5hT+XIsf|9jqQyqbZ+5x8^P` zY{su^u6Bw4f0+m$Q~>s=5AENgvUgCXIi%PFx>Wno;D!gh76e3#PX))t6jh82uoN4X zH7-ZM$@SjoykKyX1r<^MPj>+g9d?<|S+C+XY*M;}2*H#-L zKi<$k07|I`KmaPk_PbQJ!JL!sq>hOjd*|QYSgOa;d=OySkx*a1!1Hm3PXcCW-u~_p zEdT##(HHOZ(k_ra?lAnmMW&J^U&=+g>z~H3|5efJr(Z$>{QolSTZ9&$QPa~&T5$4M zxTLUaU?0*Z%Uq?m@Sv=G;&v&S5j~mYN0qT+o0TR z&FJc%T?@4)JzwLwpU%adp2R*^hze-4ep8gSeK6GZCud@xZ=aBcc(f>%n|I$F#lEO}qo>%7% z5aL%T-BbiK7W(9Xs517uGs=c&I;Kb2$?(%&V!$^$=K}2l{J{i!l*`5~$D7lO(sQKJ zrt$AB0!~5Sam+CkpyzMgn|JvXmKMRnWGhdK&hR}BtMK{8XH044!G`_OJ_y84epxsI zs76C>Xhh6f2nQc6{H1pdhPoJ4Y%nrL@0bE1gQE3lDhe=;477A3u)h&pr=M9eYixeJ{0aDfmiSw_s?!E@FEm zxA70|gnw02~9a?88I8bqo*zW0^K%C}U1YV>HZV_bpN;C&)oq8p$f z?8#U7x#`D77hbNS2$eb+_-8O0~LsbTr! zPn5z}&BXKfqUG1PyL*IvGq-`MSNe8Jz&4zS{g^%896L?X5)hfrtg(ffQV_~c%)iFM zM?f}4Il}u|60z1&m^c}w6rm8g{^S;~RD6XcBzeEURaxsYcPKe{L>xdtebYPr4T%{UB4A>qT0Uy$_9?r~ zEbMf+C#_?WZrkY9f|>K>umHFAOJlIh5A>CR#uTJKGev&z7GHWA!Q-T(eoGAER2K$W z4-4#LASPiiD_ z@54v_s_WoyCn6aW!)c`#SU+B{$Fk`Qgv9Y!j&$gkov#xFrbho&W4o`er&cRRngGH~oU1CWbC4nOh!dHlnU`{8zW=gA({&N3eP6&@_L@B64(rb|n{ba5 zx3Z0zTeAmG^0b@Y>RBc(DcEgPrmhzXZg4vQ=M*US@UK-9m}+54`{7TvfgOew2H zH`FxmrjaQB6OSS$l~_0LoOVNnS9W{|nOTQ4Dz_3UVDOSJhHfA$G*45lJ;3`fjiJN5 zFB7>7aULz}1vXxjJM6ZVJ(D+fqt<&Zd5;zp|40jSqE# zV|(sRGc4Bp{Ek7zn#8xtbEz#-1XDDrACNQR&hA2!l09XNZ?hKj1CR|hZbTlu2(OgS zy4n!w!MfN*6&Dev@F_c5`jZlrQ$STstebMKf6-Z>tdWozJ<-LsatZNGkpJ2pW4%!( z&)XMOiuxKp3u1}Q2=W$7nLG(=1bU^`ZNrBXzDuucloXv6-5*W=5-7llAb-U5;^Udj z3Z~R_ndOhp@6kL>2B=m97S1R!kR{hvE3XHA-)y!wu^vmj=(+rYbc|PqvJuHNVlVU9 zy#q-ki(NvmH^p04^jwk=V0jyv-ZE7j#5A!PYkwj)Uu9qMzw8OU{{$hveM01C5R{Ma zAtbKp>!eX&8KdFzuz%QvPw~&)r6z22uf5J*KV~5g7ee~>SX9DC=}M1;7)Sm(QUKOZ|bt;WFW@74ZyNe)@v@KhTAu?Ctm4sf99PqyWG8nn)|2 z1+71&4W!$JKYg_!s@tx>SdA(rZo3Gnl#9`Etbu5Np4J7+zsmrV_b2nQ4F_TaY`6MF zA2qo$dgk)lcKdMJbiE$8dc7WjNvrTwhn?(3Zv&TktIvIvZ#V2fcq+vykn63dPtM9S zs+HFz+e4M3fU!*DI39*%&5tOeQVI94o-3xuCloGezGNI=`uTpLK6HnrSbWYhTH&JX{0POFe6JR7Z#7oM*7PvVXKH$dYU`buLa^*E z^vJ_G(2Q;Q0~l%h4EsWNFP+kA0(;9(L`>{p7L;oL#B}VH&p*+gF218&{j7u^>X!;j zEtC#9rsqcg3JC{+#g4rAVc*_yl?;`Kkyed>N3%tAZeH5tKG|QK>`BflY5)EXvp*Xv zziyb_4i|Q_^1XU;`E_Mky4_Ui^m3yhD&>lQ$9^%v(k$J@mmYLQYuV3oXrHyb(+HL9 zqT}5vAXY?q!<9@*U&#;*%^ECZZP$i7GVSkwb1KI!f3%R3=H);w6WLT`l)ppnYX1%T;e^idI{sPLdR#L3h>udR@=H5Hu|); z;qJe78uT6}-MEVOhtJHCEf>BCn$5Xm^XcdOvBE9NJUxq~`-us*e;8knTnV?L9e-pU zG+yHHvBD+ybinhE-IT*e>?Q+S?k~Lbe1250KaEdh6Ih^_e1pxWryIJG+W65&Rj4?? z;jK(~=3Is-(yY_<_UU#|nx+eRDqrblPK)U~1>U>QJg6yHHsXqVHCvgqg$;%ymt8&5wk8ri^V)9%uF>%;M7o%ck)*XXbILO zaMsd1LqpFwmGpSEh($XRj}wRkJ4f!@SW@@;T;@Dbq!@z&hZ+;pS z>i2rA6mIro*5$vgnlr|^S)G9QIdsYB!5cs-lWh{Y@^O^Y+~0&}-4QmV+45_1?&fkv zKm?1JFAwLDKpQ0ro-K9}-S6&?UJ3*)N5)PqG}p9y{v6s&P{@=A=EbN|jo*cZ%vx2U zFI)L%T?kwWDHN_p`-kpB8LKR-QQU8C)iqAUCEJyt$}Lx3X`TohH01?T4ppz-j-mSE1vfTY!O7jH;=x=ofxVBUK~)zu^i~Q~=i&CnECu zI=9t72$8`wBA{^~S{<>}`)6NoQ$Tx_WeuikY#BW3seCJ4cZzFm=4JWe^S$jS+R8JL z{XrRaWtgcnxvH9SMFHmpo9yf#jV>i(P+bB0?&io8ztSmIh|(*t=M8d9S9oe7dEO#J znnmE!DI;L1GPv=rRqdVi0PsvovNa#xR_&k4v4_3O=Z@*_5A5QAnJ?G9IFv3Wc4TWIcZ}`8{B^x#p4V4G zjkVnS1i$H7IomIXvThXYtj6hb=NYUZhnwwB-va6`i`DY!-Cl{*X~+Jgd)WSzk2wqUg_(M(*_=x?uOSeK88l`7Wx=fg`Na}n8fs6q5TJxy0Q=~BOd?=Y zMSKH~S9%QcNyIA_N+8%ldRmV6-AxyACHSTMTFK;Ob9DOk(W7f4bVA-D?#iy_dadim zd5&+5l9FzCB1E*%2;C1o^!U9sx^8&lP^j)#-SV)$ziQOJ z7T{pl7)YkjCr=mt8d1{W1kX7&y&pdSd+vg|Ds*cWBI!Ko)&Z(sW3Rx7b5-ABBf~a4 zL57`IUJnc(VhRL8Pz_IV%cTVcD(qe3Yqi|ZX}D=KAp770GSF5S8spzsQY#h$n>e?@ zdhm{AgiY;APlswgI%0x^w-(PC%xo)pn>tOpgMNv8M}qMK8J|x5h!%K zXQBQ3?mUXg%p)rjm809xgaAKmzGy(OF}n-$wS$hFdN zS={ZS$$Q&k(bKr5Zo*^GNUri^>5#b{VO>J02OkeNP)?R%*K;-cSom%l<4V>~7@M+G zkex)nH7oSv^OGdny)p!Z=v14J@twlCj+#Z;=L0Z#;723#=s>fo`Lt^YpXI6Qv`j_Y z_mi{1o#@wBNMsY}7loWNcFD&1gdVo@zfek_NTAWo}aotqLcku zc4~K}*j7IIRJQEpQ0k;g&b7ETi#=NZ5<;ww({=XVgDz*hOMoc=TT5Q3_^IckF6mfH zodDmyYV@4h$fpwNsR3G1hr^__cxx1Grv>MpjgrsHK5_Oz=UX*?TBB$*yCdju;k zsDpb0bfk&G6}y>6&20s0Lsf@=1YgOB{;FnQN-8TUBk)i_ofQ1Bk*C{Lzc*dn#+hwu zq>{--yZUgcdo~(uaH5b2#R=(K{_%}?l)2hsAIVX%g-n#!ex>34&(ep&(^Lr$prcbSw2=eH*?c(28Vo1h znFuD7CVT@O*vcok+7{%aPCEKKw{G9${TieSR;PPFCk&;Y3|ID`7Ga5ahlyy&aJY=D zOOseI*>|IQBg+5L1m58FJB;E-&vR@3+tuuWyPUEX%y5>BCDq&w7W#xIahJ6sMntbT<BtYy@gk3_;|D=&5!5R&oqR}tJN{`` z*a658QggC3!;w#p&ZEn2Z2^9kV$T8A9@u1K?3TN#qfWE0ov))t4w=3j?|sOm!sZty z1&bcC8dfYTGl*bWhQh4oyyR~8E_uxBP0JDP_ax#WLx zV=-$y(mcW82D^}u`ZYRzh3H|+-3jwAAJ3D+m)Ag%ku5LE7w!R7*QVH4o@DEGDP$Bm z>mh!z&~RaQiN!Uu6O>G-?yIR~tGYLL%kEmiP`*|RsZHY(DH~@gE7Qs85O|-Zrd<#* zH)cD$OIBwQ0`m+ug02L?1Y2{KC$vK9U+cQnma`YAH-5bDkTW@vbOP2my#+SVxKY^8 z-Hz5fS-Uw=s(UM0GV@`+a+Kka;`_zVV)&T}Kc(P> zDRE5sf|Bs(0 zL;H=)ehK&WXa#kgK04HRlL6mvUvOD#I%F;+u=M8R^{q8e{%D8457yd?9ZJ*$UhJWw z!MHciWybJ!2%HVq8qMq_+7qmu=ZvqH^xDe~R^u<+at^mMvh+$oO)AUv_?Ms^Ofo{5 z^TqpKrr9z!SY2wQ7|n07pt$racx_u~EQ=p~@aN^2qMpF{9_wDm>1)fw) zWKpo=7Z}ksJ3c(%BAfnoGD&$L51psU!9NPZPuj2sF)G0Mne%nextPQW;=2KCK%8dmIgHu1#{PPC3pyDYT%6ayrOQ?cX7_zx zv=JSs(PGMRYa*}La|BB>M48zHNwRY+CTvm=GSUN4JN;iIRmOjkeL?m0*!JhkjX@iC z3JRwTCe%%QL=aKiG=T(=>`s5TTeVwmMtg#a#l3ypp+hwY{7&!0A7^jqETP@|c5hN9 zo?q$mr*h2)+km!r>H~^o`5Ikc>E>ELPsweKxJpjVgbALpw{?Uz7l!Nd6sCeNv-)4> zS%7V25-Ig0Db2KMCZg^w-sugl1%R12e<%{)ZK$`*-I3YAtC!&I<#nbH*{|@9>uqpl z)g+z-6TDCV^JAP{!`nb?aK9nSk;jX{%BHXM%y%MBSs!g&#Q;f8*7QsoU zGfzBSw6dx)$pz6J6@VA040C14h>j8~vKZhKru@TxhWki7N5>UrL!dg3e$Hah8*3Y< zd>v?EHDjPMg6q54=LfrV@r&-$MRSa`lyJd-@RkSUr<(&{-l3^YtBM2(wFXTF z3H2CD=H6+p74kk(HKm-TY~-QH

w?nqx5~(;l)lvIQl&on&h! zet~B!{^4zIji-+A)9z=FXf_f#o~Favo#RpRa3fypQi0VShqpy!oUxhYLPd9duD2~R zInt-CCj9+Uq~KqZ=HsMbru#QRR{=c)dvK9KysEIwfovpjjX&tVjl^s*0$O{W4qR(o zjlc%C{Eh!et`4-lyk33@&jlh{ZNP12_j7vku=C&@`PT~R{Nbkk@QM2`^zYLsd6WeX zrunvV;4#F7i_I5D3H`i}-kX)b}9;5t|`h?cGORe-nDPDD!;!wE?Ms?A!XhkKKiT zj}`_G9S2-2CX6(%>YXT>od}isP+pN^D7r{aE`LjTC401zY@6M^H!91FH$WDQr(zEj zku4+?XNj_P-eWZN6>i7FRc6%^0WW>2DWgrO=vrWE5M{2#O;_8Qyh~nJ8EPu}JVZ>L zEQX;+>bv_^3@4WYKv&yj$&MV+6Xv*hW?6B6HiWeFU~esh6B>f!LDkE|$kz>kaFo51yDf8V%A=}J;=9YYVxbRDH~1by zfx3EK;eTXiV}LDW$=03vr=1t#d@tM^AKaYJ!UAaaY*65WjJCetvXWWb@ygWtaP3Di zan!|%C(g&G23|P>$5D8-9H)t>IBP0dBg}i{>4xeRR#ZT5bBW|Vh|Aj}!PYs!@nDGc z8H%&o*0W<)VBcm+*MaxrD(F}pXR5zNE`hzwJW68srh<_?;zR{UG)I!*o!Ddx)x)*k}Jn=Er zmH*|dxqI9A^W7+M_YjJ@zLF3KYhwvd^X0m||5rRglB(-&larA|c;7K*HN2O%ThbIh zXS`{X$IhgeYS6Z8EvJg`RX{H!KP@ffu}Oj;ApNl^MR)cd&SJUuY!%lL>N*G;c|+D^ z*Blc^0!5i$h7k~IWBXzc6g#>5!*Z=e>_|TQe_(Ky!WR>WY|Ca6adz9IgtHepCFQnW z2|l!8Kz40#iN>_++#sZumpb6fIi8{xVJ&B@rrZV(JP8qN$y@5Kw0V~KmWKIPY7t7z z7Hi+Cgv<~@P*Lu#WQ1H^(Obc*iu%lO9m^#*9a8%}CBgQ=WpZeL&%2icBI?|CA_vo9 zkT^^Iao>JI{~!pqwwLUTKfkBD+^L?+?S4rdt`myJYM8=O&0wM6#gVM2IZ;DiX z<}S4%#!DZ{AGNHwed5gU-7}a6GZ>zaN7qGOQ=s!g!PChBjMX3fv;kiB7Ttem$6%B~ zBeK|Cm$F2pM z&!fQbEWP(wR9PnhY+lSXB>ng4LEiJqy`#-yF9ay&fYB7rYw zEsO2C1(x_!Wy~$fikfeyWWkMdmxCkx&sK+@u9}gK zJlMN$QA2nmjZQ4#vp)Nlf&3_t#@!Hnoh3x2LxG}>P{X{ez;-rgZTa6WzR1J^yDj23Ku%ck{P$D@lEU*mTpyp$@twwcjIGWWWr=~~vxfVRNKjEAqt z6(##pO#zd!M?DLcXr8wOk@5`lSS$1_*fxHxZ&AE5=uxQw2y6i+g!(7#$@zxp-($s( zBsjVjq^yDmBmwIdN{ha78$@}7`UYV#3XM#(m(vkb0E)&#+7qZfggQH5aY-$ZySIkOAuyV%`| z)=6~DVQl1AsXjn&@^57W91KUQv~w>BK)1o(mW@LSM;GFM;7O?%rxJi2-3pqA!r8y`_4R=4L|rL4KFoI)#RKHkG0NvgM3ou867kF z;h~Aa1Wux3=T*GFuE5o1w438-Zy-GUH|pgoNJjsq%1=H-kJq)snYInS2j;KL;(eZs zTHXDG<9ku^2J!jfI?XujOOnTKjsEF+(n;$iUE2BJL5xP8gu{SQiFi^qg^=Uc?M^y} z2tnQEoj#blh!egv9z=VX`nEIxdk2i(@_ZXdSNs9q_XKM4KjJDC*+`XJ%dIxV@r`d@<8JLMr9JAq)6xSqGSg)X3)Sg@tl;=8X z;~LFhT9+oIo0SGM&ree*Fd0f(EO(L%pw{xm)swNUz!hSvFVbyBlqdd)UUx3;z=!w^ z+fnS{#KCP_R&SsJ7sz#38nB5Ac)ySoJmK?h54clQ9n0tC0< zPJkf62{yR9ySux)!$1aix7?lcoqNx@|9OVqdskO?b=P_qyi@p19F2nKTFucAUZJnu zv*O_iU8k&&T}x6Fy$=UNBc*S_-o=hN$*9dN#Ix>5;X>4*e)g9-x8^BZ&EXJ%24x}x z#)=Zx&vPe6Wd~6g=iIo-i}&Aed-&`g9p=%8%V(u!NW)7J0_}+46qa>~Hq-|2U=w@g ziI4png3}^0T#r@1bMVDap*jdnbjN=e-Jhz!`FHIK2zQbkk0%+V$zdXo7K5rW1;_%^ zs@tyT|CUB81ZRj#!@2t-1As%@EW%j*CyW47rXSbwg)FB+4o@yGRHPUnV4IEEp(DnR zI(8e+4#tVwJ;zz-&@=SYKuq`xDigCW71fKKm{~)ItY<5=36LUxG)Kr?2qDT+KM~yzrTN z9n3Qrgs6JZlTBkh-BO+Ocuy1Ob2P-41L zC#I({CGLVlQc39km^9yxKT}y-*qpZA>sxUg)oa3|yqDYUFE<{&oz@za|%#9;ph{9;r z<#|r|s3ACm5F|GXbg~S_GaCpv3Xa1~MEK)w6zua)n{@zwC%co0dJc!obxwpZowq6B zDZeB4at%&humN|N;YKun?#;hM1>?Re>GB9_`$vz`Kuuu6x}VTp57VrTf^Q4b5{G#;Da9u2lLq{{!0b? zz3^I_Z+@&uIOP6c7QpijSf4A?3mQ7GyUmlaW5@mqu{?b1@8Knkaq==j?d675Keqt| zR=uPG>+wU2GxMzWNl~xA-Q61r&55RGP3jZPFVh=ZTcvhne{g?z9wM1KGjOOw*R`tkP@uoIUFpD@I$hd^iza26)yV0%9gkPpn!i|eXhoC+ve+jVPR^S(GD?y_=s!k9bz(d#@-^CAE$gz z*_gp*>N1iv)6GghtqDoHFFN3>8TdUYTfyf2>}({^cF&GpDPZ(X-jR4gM_P&;&1D~M zyI34F>~U-x>e4v)bkMc;e3>j~{&4Kgn{ls_;z^mxn30CHOD*4&FO_@3vUm5kyp zd8Q{rcyM`2d6w9@B{!9{_K4k<H2CPQ!ECV$7#|60t9$FA)^B3iu8KrEDTP1@nFHDH z1T|(5<{m3rMkl_XGSGL0N>c=5=v{3Gac>6GxnC!>gv0ZeIP>gMH653!JD7tPxBLg8 zMYM7~K%Yl|?&BQ--xrhPIq9w1%FZC+zptdO8h$3M<{1I&Q_bSl!uZdhGIirRje+B8ARU37Ljh9`g zQjkHT5sl6I7cSqK3d>HQIpw*}o3^Yl)NDgx9-1^E?w?mRX zB9If6k@MS3(kHfOM%-@rAHQh2Z%4X)Mdqu`TlUheyQ>hoH3&a$2NQdBwqOcyKy_rw z+A-S^pvcPbDfCOL(?UF(MA6O^m)TdDwuK2etvoweN%!Z>0K{XBbIYT2BmB{$GMSn? zl=SJ=&jiETI`pB36m@%mpMFL1w%r`Kv;N!a!*j}0AiVjtoiEz}SMT~T)N`6_%=VcY zMsc;ZawhiOAokYhRESj{Lx%_+eTx`BBKDAE+?FQI%^`ey3C$$#hfWgZJ1dg)qt|0+ z=TW+kln}YgW}{epKKgproj4}-kNXP&3YKPa(M@|?`IYHWmM_T}loavNm*0J3M-8L^ zy|(w$^3BccBr<0whth%Q1K;#e0*@DIO(U!6VTYjF~L z>is%(;+8M-ov`D+`3&F(&f0ex+IiM`4;YG0{x?#Dc*KSfd@cWeL9x$atZ z-mAP-5n`s@+O@RD_tKQRT?eqG5ZwEwFB3|?jwZ4YLpjr{t|DPR$=)y%H`3DP z`eFQEju+}whbz$MSUYvv(EbshRxbwA=5M|7lc*6S2>tu{;PghY~m@@uDIt*2&E`>@+=k zvZ)t!7`kB}FWx5Xa>89y_82ZUDA69rth!QL5-ymw@%K33W%9P;B^tRMW5paq!jzL}B&v6S2kF_|%5Oakk-Gvd#`s zeP*w}GP4^FXtl@WgRL${;V11gQ9M!jt53Blw^8>~6^g4_Z#UGO6Rl^EPRIvmvTl7P z8!J@6z+W?_KNkJ|@^WMT@Y^HUZ=K^(K~Vh=NueMHkI%zTgf;1H{lBd`i{HU@GH-~-*vQrh=gR;QdG5yJzIW_Luy*NunZY3?H-F&fuC7QZzI%~ zbug&^r*l-8EZ#e1yitdRj!=TU2u8@Yl%yU|QdWp_9%=J6_P@I2re&tcw5StM~6X{%g7JsU6yC{rmt> zLD<9NXLpMyC?%g#Vnm*D(lz$wy&hR45#u8J`E%jm)5z)%cUVPStmdjL$_#1|7ED?( zcD$vzh7JnM>aEVN9&Z?02hyAz>3J@*{!yc7IZxiGkQ(YOlxp^__=Ki4^c>>hy-j~M zdP3(vDRR!4^IALMmHUhPxl$Z+iI8>Q5eKc)EzA@#kh@;`_)obZu{X~$#Z!NY`||>J zQ|eSuVJ4bMfxxl5g#Ow+o-E#}Ftd=W-2f1X$r@gp#??4p%93d(?f$kM7u*xv7M@4k z@EB@m0{ZV$l&7~d*cZxY+(g;S~BnCnGc3tHw=1Q zK%bKb!cFJ4M?KoFr(~}ndjo@&X&Cl}0(Q@7mn)E+*x?C!%G2Df<2+#_Wv*rno-%`Z z$J=MC6h_in^;x=qa{L3NB3Bb-bQ5WV>*MR(jiVv3tVhlvZiN6}Tb(G&PbN?8qnEGW zE5oy$CVc^ym>)q9*8G3%8`v;4l}FPZO88HXebV%oYwA&rWaw*ATr=74JjSSE>`#)T zxRd!Une}{UE$%%p)L3Hn-32|Dedmj+Eg!DXGr8aurFj%|CIt6*s@*WtkU27LON^qa z{bP5sikbYxou*hy5~7b^iih3A&Pb(+tKC=%Vi}@=iaLl-w143=J`vp`ZMUkQPJ=l$ z9)MLmx^L7_h>97*O{&KbcaaO;s^ISRqvyBWpRBxE=X z5_vzZr5g-ZFq+NT$7!@Na>;Sb16O#bfh!pe2c+}+9jt`XtKf_*!URu+puVL%Q5B+4~$+sy9dTojmCUt103Sl{;4p-{g%KWi4Nkv?S8_X z2-Bg)+clt``2Ozn)N#V^sGhy;aOUbOl-xBCXiSl1inG7ZV<6HBGt{!n5kV@!%sVMYo*n0aXLm!T~}@Z8nD8mBqz%XMUsB zc`%js1eGgABXc(`cRGLnwj|gcU!cJZ!*|^m-uL7YSnZv|W&cSqr$j`K<=@gqGVh${ zz^EbAXrFjc11D2^lkN^cckLh4%<)A>*zx6M;&t(~j^sAk-U@ZZW}+Qrf$(Ne&0$9Fh84^J{>(;7_N8|xQTNJ~RJozYN%Af=$0Au!W${1*3a5wV^ z+35rfoq)mDVY&wR{K6g|*7F2JJ%GtwEb!ieD!KQoD93l+*~@Pz(jcL-R4t11It3GP zN2m4u%cv4-4WX7jm-Ek8fzwQ^IvUNF>|_Ym++;-8CK5R@0j zBs@>lp^8_V&iDC9RuG4wuWFeVbz;12fS^v;nXimR&uwtM%Ej9EEgrf70}B$Iw8$|N zkC_r35U|JzV}pApUIjEtL;id1lO28zm_o3+0t4NDB1yWi1Tv0G=|;a^?-o}9jqCAp zL(<-AcwqJdMcw?XonJ*cfo+IUI008`Ytxa&fmAZdu`CFj&7z zgJO}^2H~&AQ=r~yHwe{H^sJ0g~+vb6*Q_wV?L!K52@ z7mUh{0?D!ckv}^6j=r80mbSl?aPdZ3?$41XEDjHHp>6~3R*Z#SR~o?P$dJqpC|+@A z|KueBIy0^>2O&Y}ysl!h|6mmUV^mZapycjmm1eFYbyBJ8Gh5!Owx)A^?KW?^vdt#! z*OxQlBGr79xiSO%74j-fF8ejC4EI;f`^{tXE#b)ZuPFGFMV??Fap@_H7+so;|8=JK z$Jis!nb}o(m+5FSD%ba6U24wNnu)fN1gQ@uyQ2Lp?Dn;3sa1*v-zt&kOQDu9B*clx zBkevY8$zRtM(e{PSMyJFg61!Fh>+&Fz*F**-PG5c5)qVr5bVc#s3&jdJm)T)B5G0W z?9w|XY$w!m2{#UXFWhe~N1rIF<*M!ozjs8R3Dzrc_qaHZ1Ie_cw)JJsaL`F(B`f}M znca+*Zn)TP*)Gj&i>J`g!gZmP5F#gczAW-gnGy{#&)!pI$H?Vh3||q_NUc<**374F^?Yy{8?e?fEU#^N^Mvo-Vf>48zypPW_m%DaOSCX5UiMhA z?Xs63rWYpP9TT?T{@MpFnq3QsX)6o1ENli+AAIUkEB$e7QIOy80&#xjJEPtaV<>52 z6v9{b*o7@t9bk>63P-|Ad06%O95;oVsF3Nf=e5)8@ZJN3g&b}zM$1|{Br0XlU{yjs zQvFJf2Oow$Ep10lKDm{~K-5=tB{W@GW#jfz^jqjixI5yuIr!s#dt4jPWujpa_mJ)k zpest3;HE!nxm=g>%W{W^#N0~gy{yC&3U<~=WR4u|=C)k|=mY;_sx4C}A5KuU!zpRb z<-%`Jt;dK4zyvD4OiI<63rhWu*+g5971x- zZ^IMhHm?lHshTuu|41hPc_fh^aViDWodu#O6U$;C72G4_tB$N|e}JJTnw3QQr#%f4$xg0UKO@O!!19%t^`%P* z3T8QA78a%A#zL}6ceo{M`6Zd~u4sZ;OQS`2@NjrR?v4rT%|#pMNv~K&(Hqrhxojx?>F- z_;oKI7T-9^1byDyiY#Q0@m~hEbuh?3DW7JlR7znrEZFNa1S2HOkB>fcRZ4u4x=c}% z`2_q5TZD*$V6YKGZk*GhPOh5iahiqG7YzzE1K?{Z&|uB+r8BPuDzrEzZB>qrR)CQ= zTvHqk!$jWAhsRaSb$l>b(XmX8QQ^RjaZMTX#4d*O*OL}G(M=l|-aQK8Z>wAWf-vad z=*~d0;H3V0SDXdsf74yC5d3$VlNF|W{0NKCM9ID-%a_n%wZ$$I!gz&;Sy#_b3@Wp6 z^S13bB^Vh1XAjYn2{J_p)_!@I(!e$w&L53RoqC7&-N))MEw1hM|Vm|37;j3M1 zZNB#-bfO5jo=B12l3jM~2A*oxQCEdD;j+ZP46#r@4)ZIKIVChGz3?9-hTj-3ek64H zUV{2BX#PV>QF!;2l1XtoG8*Ibe5S?134HI4WD2~j|6%I*Pa)wcvpLyk5PyNt642hK zCwAw3iPhGnj^loD?E5GK-m z{w1_oY9vfjFjLz-8-FY&jWt9DYm?tXrg%fvw-`z=YSQ?%!;LYQsZ~qp&rw3i>`tuz z0paCG8NnhR$#UGr+oDT0^3N`jjGdOtff-a^QT%O|5*e0*qJYr;MhSB&KF7}aq~;;( z2YiSLa?5tE-~Y|b`p;8d68P^Nq>Qc9eC~y7UsX%ekY6Z~BnlA|Y3y&QzgJNZL^&9N zi1uXQy_MxhZ6*X>&J_|~z`+235B7C^4Du^}Nc?~Y@85)_QqC3Ovce(|kv6snSI+jl zK2oJ;cR-fO)vQzD-2}LL=r0zz^mr#@tUE1DFdYhBsU7t7%kRB25~YemDmu|yaeM!p z&>%qMl{)K|X?PyT&E3*OwgtcQCF>N#-KWHwMV%4 z`C0jVOFs0`zBnPM5D)P}xRKlInVQ)qq{B4X4bsBdi^_3Q8{xP$+6`5s_w`Qx)VRrZ zS!}A|yEc&&lA_!bAi_$sH8&wkX?fJFS4!RbZ?T#4rE86KcNio$Sg~RG>9hWscWDTf zUiSY5)xS*t4rz-v?oV=?P#jkAr9N8lT7|it!o!K$D9~KB;Mi<3d~KYRDiCbVC~ku$ z&$0_>kj1Dd$K$;|mkbG<=%bcIhSdc4al;mPv3F7gJ~*89+?B*D{H%;0c$oK=MU7)E z8KX619ZKgSbJ=yU;^y1?pd8P40V!ShfhSZJzEYqtWzquBR$>GFthDSt^)eHU8f$39P0}NIYZfWI2wKse1A1TNC|XaFgY+ zvk1n*zb@-tk7v=D#%MB3;QT{k=)+ykOVqB<{$Z+UIgz_WhP|M{0w*|}iINmKecUN5 zfS*^%$FH*~xGHU_nP{f{QE-9M3zB<6*CiD72;Rd*z+|97+U0;Pv31CleJnCsP(BX( z{a?@<_jf>i7(CRZeg^I~YK%8O*A2_tA!X<<1-Ab0_>dLvGRJ_%rE%FhN>ccL)UuM> zRS<$Dt}8&RkrO(l&ZdfChTHk1T$umbgstLXc2qC6)-({AJw*r?8!oc8u(x21WmxZq z92P^mp5@H(JJV$xu2O8*CIN;3KUx)KD7_Zlb5ee)^LV9EXh}u^Az~qnIw1 z3<>NvgTqTcPGvt{8ZnE3^m@X8Q zAGCKSwKyStdIhYDwlb3M6}(V-xzQ*!m5@JQ8is1jB((6jz zYl@vI!=vfPsnHw!Nh~r>nfuAF^5AgoqXkze6FOEceMuyw56QJK~ ztR?co-vY|wL00*tPkkrKT2WQr$Cp4?p^6OB{tBT9wd;V)kS35~HQ)kn>8zH=0>fS1 zMGb}tKcZ2s@z%OJPj0ha=SBSQ5B=cxW<2D(frht3CdF{uaA^ZPImnq-5r80y5HK^L zGWX`t>;VgssK`eq7t>%ZQ=SP$%KA3ljG_zXaJfMSB}Gi!&z6q|O)|HGJtkzjsR4F)ltUg z5rO~Ui(OG7Q?GpnLK|Mr?v}L)EmhCF6GN5a1t<(NJO&m)E&qGuyubV)YxC?JhzXob zHCe_4%GvLc;;CaKk4C7E)L!Ulk#;}9+DNrs=2Xl8S6gR=46~P`=8Wm4oWo!TD&k~c z6%Us^hulhCp(4FlL#!cNILB^|G*7Hp-FnxX43{0}j>g4!!Su6}hh3pNtSvq$pXM2Z z!UdVR8vh@{#DXXrW-ko`Bhz?CAdgXF&298|I94Z0nu$_zBEg*~bI{;BIq=NszdDOw?_D^RrYh^Sg=D37a){`$S56b9$v` z^FPNM>9yt(Mf(Dg0LwCO=-Bu+M#K0351R!k{v&#%2sPGM^+6`kQ9SBXB)(Vfx4k1x zUu%A;%@q6gKMq%n;rL8P^$CR?3rOEs;Myk2zUB5!e$x!6&gIMn$@4F}TfAN%4P85V zmwt5&AmXMKCJp&qtnG{CT~>EfFGa;klVwGCO*T4~D|%FbeIDgk!g4V&EHCfh8&1ek zJR>!aRp<)MLn--!5$Pu-LX(9(g=7I&Lj~&)E$cw6gN0W+LW0dn@hC@wB>>C7H>##l zwsoPwUrpJJp7s8OQp&E#qZ9)(5)o!tFA@SFc5b6K4|Bw(SSY$ebl!pMz z*g$)MV;utSGpXRUg5!cEf%)$N%22}POx8?GJPuLRXxRwdTkh_=PTX|FKWF$^Eg@tKoF9|2-go4HAg& zAm)KFx82K(l3uih5{dtu$bSYz;!}`6g_K7P3@8wsxs1P%vA(&STzMo|PHxag6FWR!8 zOuwpfjrzDZtGF!5?%&s?f(@;EABwPc@DO%=YaE(pfly8v$8OQ06KYTrc}6uDt=ULr zX`auX<1*fYqz#S1#qspz&CVU=g4H2}!RPPErL|UXn~A;{Nh}mgP%q?|f7{9I4j1s_ zjfu)(ycCrHoTJ$!jK@_5vUKzd=BxauB!-6#$$T@SUFWTp#kBb^Z<;a>(|!~c$REqn{ErIfxJR;5hVa7g~%9+LsWf1hz*d4ETthU&Cpwy#8Lh_f*B|G}pe&q$rB=;&V7 zgiJH6K?@&p5xNI3g@Owg+G1i@sckhfC_J)zBm* zp~+(z=VjLv>j{;4R2tj&83i84V{N{YY*QsFSc<|VdgSDw%ekcjRU$51?E{;Cp+(>? z@dZcs9gYgsqbWqw4ZFNbW6SiLH$!xO?@ns+{v}aCn1Sd`rc7g&MIp*(V8)54AZgnc zTDB2s&1bl8V;}wQA~UEl9YyFzAq)`jBv*ZuE49eJqB5UI zV-K}alfIx^`fc)KDgI0CIMoblJ?z6ouppvugGL?V+4Zc_PkB~=wm%6%^Ki^W@cQux z?|Qn9`Q-cBFV_3O!M~%HqmA8E=dF{wv#8tHed>d_McYC=OeVS`?xTTY%AmUg`$3zE z@_4D1vf*?M=xP#Vq>+;%r_im%z)rh*Hz6!LjVeWv#^JwDN9QQUv?q9lR-{!+vgSR% zr_wM7|NTpa-hItqTJNjgPfO3!^i_}fiw@n8%)pU&Br^lU=SlJnN=AJ>ijAjZ)O|i< zF=`1#S&Bw|H}ts*Px&;P!RWv6A%I;C2IT{}(Awok?^atcJ@Q1=haJ>x%k?i)=EoZM zPlk7r_0xiUMiLq5RePRrU!B3gi##=N93VU;C)iaBVB-(mApp&_<&?`pr+->Pqq9T<4o! zQZr%FwsXu8A0BtlYmmteG8FuJQDysumwArfu_i1ktQkP9;J#rEd1HW1zYy}>krB=2 z(mV&M>IW;N)3~2Tj&)q-%ZsfB-)uoZo&KgrpLlTWv|Hcn=^x-E)gJ?NEfcVben-sl zwkcQ-?#%bG`O2vvNA%n((_=X{xnQ$J@`79>8K?h3zssZQFWAuN>C|Vy-psSWk#GO* zHY=)p`#AtU8@e=nezd)rR&rFs9Obt&Cr4a&Zyw=1|IV~)F2DlLnD|vQ$GJh?Vt-w!^8(MqLO}Ue|webi-ED7Q@tu0KJb>(-c;hx{cfp!DI!=gm`^30~&NES;`pB?YnSX=A^^!I6R1}`8gCGPA^ zSkPs3Ee(W}CdeOOMs+L!+f}ehN#vy{wDN zoMbke0Ri_X$Rscc9;!o52Y(4Jb_JL(N?j>Q)AzudLxZTB*c?eW_%X=JlSA$#PVWRjx;G6^Ia$4KkJ&nu%_G`wG5K1@YC<~*ss*+5Jh2t_SJ9(hebFe6 zr{2E4D3cYlXho4#8DA0&WeS6wDFu;*o*wzRmvZ;MVWuv$W14|<51!MCEzsIlphaJ0 z6*MFUH#f>Dg4F23dmHy-IuV7j7`_xy>FHIVJvTWKDj3v_eLSQdzY!&070VE4&VDMA zZHO9>)ljchdIyJBsHH|nsMG8mD_p!~`G>@R3QOje8BYhnV3}&K_VQA0RW1a~z0U=r zfyjF>lXG>B$wUvbX~d?zlJ z`4QOiQ2bkQS3K(J4csN&&G>;vFe0x6rvucm?mQuVMMV?{Dl4G2)yhaR^{&2~pwCRT zfOqo>!=$YKD2H%X?>0ABL9htplg6kdxLN(?5Z;TLM8m!iw6DS)svxA-|JDw;8CUuQTekyd#Dv!dm916eD()VPqBW4re>(KV#%Y13O zpNv%f{*5{|k5kC5Chljy_?<>Cd}c<2CTfQIo5wmkgzG)$kaxL|9CP@Sb4SH|`E1R< z+hQL3M;i@*SsVGH;oFmG28X-Xw>_Q<3Xfu`WE(Zxo$bOeWm{Ot-)W>2b3kFjJu=+6 zQ073Bzx;M|n9x6y<~)6EK>K&qWsug+h$)%Dhm{GHHozc3u>OW$SN^Zuqg@DihyxhlCJ{xP5H@blJkCTwMKSvfBil?em^MV>KSZ zy{Z-^bE(1NDAqV>zvCtOaC4EH_qH_=|3dwR++dB13(Q@l`Swt=5{2an-N|7Dktzf{ zNGb@&J0)v25jLN=sWm17qv!TuI(5E5qEbX96_wnmJ-i*1=Tsk}Av;ZUUp?8!N{lG! zV(GrQe!kS}Vl>TZZ3Hj%0LfLFIg6KaISoRz-awANC4)os72N+|=3hG*>_LOrQvx>Z z{pAnhU6>EjA%#gXcz*ff&_ahNV4#%Yz&JWKT0BeQKNc#&VV;$)iS;gBfw%m!Xvo&~ zXfMTCnM)buSYVZ^LBfxgOZ7ObR7qvQ$&2gJFdH%)6Xki(Jn9MZFmH8`gbY_G(Ax4v z3IC?xQwB;6B!Yk8&Exf-@b+|dH=?fPmwY5K* z2rzq`!ax6QD;8|EaQwky;rLfjrP0Uje%-9Jfa*M(uyz*lF1YeLQ$9mDnEkeZ(-wK| z^!H=%6!?=e3mDS+ES~LLfZ&}Nb-PiBg5{weq~;}{CFBKjQg{^dnO0& z5by{-YoP2)3jiWa>`l?)PWguPwDTMQ?QyE5w+aDQ`76;p%GQ@wOcq_>*Y(PipjX65 z(D65zP0*g4_iU#okQt05w!I;Upn&^XIOeZ-pSI%~(X`uv)bTC>2~H{05}f)9p;P&0(6%xVKDWRI(w^3iI17shm0eQ*0(F%6__vdV}6(o z-j=H=4XrPb`^<(tZx~)=%+oo9O;ogC+t%B2NxpLIU*diRgyVL@mIRAJ$7p6A65eW> zX1~jTV2I(xmKk7nu0f%Wk9(IZgE69>upSjPp-cu_%;hU{L^TkTt|U68q&F$SvwUEj zK%?(mJ4>&>+qjc4vB=?Lq!n^d{uKExd-7kEh!4a4WK^!a=xY;3=sWaV(mlI!SNXx+ zbPEuEvH9vZn%&YCtyZ*Ny5dpa-wT9QapXCXS_EN`C9pDLegrN_0ON!Ps+3Q8+#2?4 z1J?;8%HSEina7@){48ja>;g69u{&ix%Pz9yTn6mh5T4KL@a|?ZCRnC|hzT_e(25-oW_cb2avwor zXu;FAMST}%ZRq@&*-vff6nc?L_|5>gL!(d=i;BO&@sJ3JE&oIywjS$kkv*nF>;L8v zlfm8&GqLS#V@0ej5ND=CBZ=PB>$)^NpYp=*p0~J8;6?CoU}dBTptPV-f^jfFvW=6s zRVeZwNJeL82YYHk9bwbXV;HkN2q?+Dt#u)Q=N+lkm@$StN~Fs?bEpX8hMQ&vgPN-E zvcH69LG5#m=b>jZw*R*XJ^WFTBzkeF){f8rJBF-SeO5uVZRGNjp(Kia3Rcfce7w^LSuN4qJ3M#1 z`l!|AH>le!I8NEP{*?Z$4SJip{TqPU87+1=P^vGyvM+Mc&-B1qxqBk4o1goADn^K^#rXgT%& zS2)qY<^pwMmSV4`6gJD}v%h;~Q0Jd+MA4cQB3$7;u0p@&P-pMyW$v_eR@4MEQC*+W8ZYbufw z94U9}x9L?TlO6l@yx63j*zFDQC4}QTC}6_^33f=3;PA!Z#r=unhqLl%A+c>q$RnDzIQw5&zdIqv)|y9?DPp$VK0v4WQc#9Ik9GlizQ;~ExF%=vM_Wh zzF|n4*A$Og_b-P)^%pXq(cf>hETHFNtCET*n{PY%9e9if1hQ?RLvXQqK}I#YyzD#b z6?(keuxXG$Xi~Fs*XED#v+|H=GM8t@RJh!eHy~DBlo5mP{_mg-f?iwvX-Anqo_wer zOK~o&xXZl5@LAy&4GfUw3{~(Z#=)3?q!MW*;)Uo2>ZI!>qg3Ly;Z5%SdgFFJ+b#Y% zw#WJlUfXS$-1&;`SuZlHTFejr_uoQvJ!wZP26o@IKCU;A4+sW34nKsaMS++MDPAAW z43}D*Fug;6r|ooZa0?H`_M-A`R&+JXA+Ecf_B~NryBP8 z>8x`pT3CuS^jy_P32V8!AzI+q>IBQ}x4{o`J10$=8%#WZ?`8DChK|^J`WHAK!d(6S z?0`Zrdvz&)0JfSpwi=YGJ>lzE)7fn(rlVa!rg9>HVeEFB(tOPy=>wggfA9s>@j-e-L&L9UoqvPUpYFOR+7TnnIef!O45F%L&2#mv|0o6f zLJA=~FJfWj%bgeP{NkF=7Dlf_ujkjn+*M}}7U_js6Qq?t5zmtgU$#`wH)`dxPP(ui zFhJQ$=3Mp$C$%yU-~K9jApOv4v{E5FtUrV4eDT$w&4CJ#KxjOj{rI9?F8AV(b>6JA zonWyE3+4si+fCxN#TS1N24$+JTq~FZod>g~I>`PKk;XuZxu=(7O$JhoesDnrE-P%Y zfUnG_WcK`$pJ?OXRl$W7Il3i>`8jXJ-)p)UU799xZgSTosgo|Zg!Y9l_K$#f6*Zg7 zYYwd=Ma)FIER|Lc_U9YixAA|!BiZg(qFwd|0bap|t_%@fpypGn1*ODDYr!v5d7z`s z0r28+Dd)<{exh}SGvIcjRzxMh??VRcntQIPH%H=oj0lI^T=g^nV0g|4pWl2W6jJ8! zU;JG7mbC6Mjjj{cpCCsF{*zM^w%g}tgI_Om=+h>Fd`SD+vR{L-z4N*mI zt#Q7E&P#cPrC@b?a2bRnnyOsFNlL@Xg}lcU?_K#AnFAb4bk)%@Nz99lwxSUtLL>Gu z#S6xRz@IuHsgoy*TK6zV$cKOHZ>PmHRa(H0dHHQ1jBS!&;0+J#1cm>?`=D z^CqJ7w;PZ9>RG>pd{($P3EFFM}mi5_#->u0!qHEsjVX*_tX>Y^z=)8@HawThHZpX17!1@FUMwdo+)> zZrp^~!b-QP7jiM@0;JZT`1$mwVYlvu^tVp`kZ(2Sz7kkUV1V#iei(P2ekbd_yCdO; ze;ttAmLPNa4s+Hrl8{qokujy`4vm}K22Qc2y#WmB|~*HH|#_9Y%Y2>3g56# z00zb8_I*BNhl4J%{7gs!%C$m$M#UFKyYp)~QhwUbyVQm|DPosss_J%KCI6D{e1qPw z3$xX=_jm4(EZi-R@0JfW!MRhkbEB*y%S9CA+f%=3*nBr|q-HJ@O!Aml>Ng+-Nr%m= z)!|c7g61ZJ3V9LXAA}OHGePC|dS91#4PEhV`_}LsFPVvWkrFGsu>YM=INNPtRkW8; zdj~@Htk*tYtUW)Vg(NUdu}!*ZfJo0@8xQjr{r=cieva-j-?uPr zIa_mP`Nynho7w9ShcwefntT6whD#?=fDos13q9{xuWgKZ2*e3EQ+lViVy+BBTq*OE zuDlH2lT3RYW`Qj-7K#DW&!w^;Y&Hp9ZB{bDrSEX9o%&kxf3dXu=m#)@pa$!Ky7leY z!(E*V(7=xSw5+h`p(y8Dt{n zf5>=iNR_$<|30HijT;cnhbT*&4D5jcdv^QKMp8+XURvj>##&MV7RQuq^B~fSGPFzx z*>bg8r^6;wsOk$VixxuI_E}75IJkGzJ}mR)8<~Mc>da?M!8dMMwaRA~vo_>@)*GHQ z&V5jQN1WG7FXz{n6K)z{6X9pZ&7g>g!%S#%?G41s+*yo znA=E_4V>lb@j7;KHnE%sm@jl)@!Vc#W5~@4aob@oBhdHJqW>K!@9=(m&lnOmdG+&6E;K}ndc|{^8{g$B2XQ+! ztc5mb6L9f&pHx=8XhXMb&^+;4Pqm^E1zCN!Xtm4kN#+gp$43- zuPs&c$)vjX**!UYO+A>S=zJa;Js04Ts?KHIA?uisk%Q4i;-6lX2#v9YGXi4iKk!jgwQLip+yGvyc!J^Kwzz*l_?oC6qZ>Y!=t3~GAJ zuOk;11DL%hP37}rrjrusZ{53xi%a-f-;{4&69|NY#w8J1z6rK(f9&;#+*(%#R9|I? z6eedXYL0?gk%1j^{|8WJcLcpw%E%JD&qpCt8qkaDH4)#{n7_}ydoLv(a+X%9nM#|? zyL)(YF(4s%`>1+O@4q|mDQILt#WwDh!vJBoUs6eFc`k(S{wtlEo*GCU98BfXuD;x) z+WRdu-OnL((weC{O4J}G6z-gJWGid+T6VWgfh|J7D{dQR%xxbBZ9^p{eh7Tp#rotS zf>{(~_?Kf)z>!Ob+YQB;;uA(k*FLr@q9mr3x1nOudP}%I{(*OCFY5YRY3DNwiR+@D z*O-(K`YE5M@RMitZVGH8gADK=p@ag2W|&9z*S$kJs5?2yD!jZtu}XF35C?BDE5qyJ8rTV>E#Hh5KqQ1Ota#TrwauP(Bzg68zvt|&C`}p z8|I}lFUOsz+NWPn90wl}p$DwaiLNPybPgE}4P)vpi!)0$Yd&vmB%ungSr=R+xlB{h z0nJEW)}URytNZ=fCx6Os< z9^Cu1S_E?M;cm%4Y{yd3gGO{xB#t$t@7w^+G#^`8odkX8oU@braE4&(b{UXI0MAI_kEguh7c_`>#Pr{rq_)q=UNxfa7e;5zZL)9S)D;@}WZS)**pI@PxW`iEiJ%Q4 z-uN`DULHPfYdE^|Mv=wexV==BmS)Cq_g*#WDc7Yc1sVEYh29q+r9uL1ou2sNavujHjjKna29FzC+5N?pGlGMEeqml4~F>}t#)8>z=x4F{Kzmy1>zE^KPift(A zdBV7>9;i(b-+hA`nw9dj#Zc%^!EEhtBsNp`NR5>*I zI)p2I_N_zW_^~VE4I@Ol@iO;HXNCs7c&|^*W9a|eSxQ%CFj!k5G)tA%U~GvLbkFGEH2PzAIj$1t{~_uu!=iknt^XHMP&$WJK)SoT8>G7hB%~Qyy1S%H z1nKVX5*U!~9(w4Z-^X*VbG;w=$TN5Bd+py^n_{C{@PQ+VkNey4(O}vze>-b&sskm> zz#k7S_aVxPpPk2ko)ATX(B<2yH27Q)i9}_E0ak1D4-?!3cdI-XL%--mDdV>J=H0h> z1IujI>RtEbjZ&d0=xx7-Dff3omK__-JzdGBThRE^Nw_HDV0S(l_-fYrEK3vJXFWh5 zQJrKiH&fp9z-}I-e#`J z=2ITMu9MEAoT#G?@#FQ#UK{g4v3A89?i#pg1%TS(bWQ8rn+1sSCn}BIiThbi{RP%4 z4X4d-$c_XU?@_U2rl={`Viz^~kMm$P`yXq|ZW<2!oX{uiougfsB7>_BrrWXp`nOxT zit$TdCp)c^7jJxnkeg>M`xYNaIDU|3z*_Z?-T?m!aVS2|N+Ov`F^N&0_T0Irkh@MG#umWT9W&RFe@IR{{$whr)dZaF$F zN`Z*XQ*)4Ld(r);@Wn`pL=fGa7;yYVG>Y~Sk$k{LVtnnW>HI^E{G&AgIUoWhHKV$2R3etY%hW>JkC<9(2+)o#P9l{1EEVvFNE=Sfh zKDMAa;JL{G+Xu^^rD#hmfgNPJgOfrV*4~G5Ac@stompzdElKgLW>HuMIS98CuvfDJ zZ4RJeP(7@WXYH?9JS*p)G~>q*Be+fN)t)>-Jx&KK6}GjCETc~*Zu07|?L!Xt2)>57 zp+yV-Eq7qbLoT_WLM{PrdL9mO>S0F(+W|kna973q;`f{7V}H!BQ+z!^7E~@NPkNnJ>`fvxG5e>iz?V)4~&#u@muAZDqUxl9$nb` z>2dUB@EXb&Wx^C1Xf?Eg_1a|n;X@Aq$C&9tTrlA~Lutn-(rBSp#(qk}L2P9{=ON7| z%OoJg%RY^jUMtej2Yk{mSs3Z13j*!^rMp9z2V%oG^+s&()ET6f?bPZC-=8TX*{9VJ zk@nwgfv%L1d;?mn$1%Zv+nJ)v>@B3*ULFDVZMWUWmXm{;MInqCX+gin@tM1;-_}oc zxlequUb98^iPFbAm%&?^GaKzDBM2}T^r_xe=%i&{MJBDMrH}Cs16c(DH4u^?Uvhq0 z$7M>A(Wgfy&C0+Y=(r0=dgh~*5JW60%NKTZ@v!XSVF0bY{hrEm1H?ns!`yG}dBl<) zP6HZvg|{df5xa`iE|HGHP1r81QBrkzPdk?z`<#5#EcK?mzbxte2t=nMUgwZmC}0xj z=d8rQaD!SdW7KD3*_(2ZWV<|)0c+HE)tGqSTE-Q-1#QS7`>;s@$DrhZgeh01m%t4C^2ZfKM*bpKgx$ku!_qMQ` zZ3+X>aZLBA!4mp(mTon;sG72mDBzs(dcNUy!N~b8G>C_%QaJ3G5v2G!zxZq3&*W9$su}TNWNgz z)iGH2Zeg}=4~Z!(rE|GKyJZzxdr=Mha&^sDgUlNPO0PNoD~zmUVSyYN_bVT3SP>bV zomP7Jhas0>PRM8s9f(!7{O1bqje0tv9yp0%E3Cu zzIVUOXWkB81Ffq}5*6y(BXnc?RcZs+yZ0aTkjYkR@EG;mUZqz0k`twb6f7EqC)ky) zx@PB}L0h6s>?W02&kneHRS(a3Gm*-H9$SE@F|y2#=eu3q$&n^J3kQq*7MDS|DERW_4LKA31D&@Y-C}~YO6MrrjA*zrHYiu zJwMks9$_|_1{X24S_jzS@H?F&*^9Y(hM?r*IS_8Tf12L3+(ycEM5)_y+V}}NxG?$i zHMCA*`}E0Pv(Q><%*pANY(=lfvyAvMiya4d%&PJ=^rI%)5|t%CIL;7N3Bq0k=2lK2-=hX#m$uOj&6k_BF1opF3J*<2CjhEi<( zCIrz1OkP|YtMq}JV!`L;+N1ee+ribH0O7+1H+Pb1E+9aV8qxCWzIl|-B$2U`nYGqgypWQx(e7G z@aB=p4(345_xr{S@8)fFk&+}gDH$;6sJ*-LT08W)!hD)}>6e@nNQ^83)=TCoxZl{x+NiJU`^o>y)&|1X`y3hUCSiajlLwjI>F%&NR)umnwI;}5y?kvtG;5U^AM(?ESlVmecUtuG=p9;O z0qO@v|7T0>Vo!!|v$nOwbz!%!m!v1Y^3WDcv@Rx@oVy%tQ|y&oVDYt2x&M?9XyPIf zr}G+7i&ourpGtL|d3z-pmRM!FG`;J@-qwIomqpQ4k-MfV+2 z?hF5Q&33<|4;x)R8;l{puaNl=xxmN8Kcf5AKaR1_>dTVf*Y(N06P4_x1NNBz$VG3h zZfql0%N83*#mjRHTkJZCKQNFErY+UfH^c&Tur=c6SFbYi{l1h&yUAKIe5CZJze-9a zCqdL0`ZWVqE83N!qyoqOIy{H@m2wPQTyyES8NO;QV2+`MwIlurem1h2jQg4IQ- zv@c2*_kkf2!DT(WsYi&3pMZt_F5_z2eQrvaAjN{J{c%sgM~#!|2*w=mUl6Qv(XO_VV$)TG z?C&p}*`zmh!t`h1i_g99K2S>zpp2Pb1%+)UqKx(47@UNHdr54)x$U)HYY8oYE;nas0e1saduqexAy{=>?7 zxK#ZK-8wuW*g0>eJ3Jj_yRne`8MpOmZTVXunfWi-2=(iG+s#)b>u7B^F=Z@m@lt5> z8*{=}Qv1O1XHy`7W#K3ENF1Hrwvf!y3cK7A0b(oGLdE)NYV!_HVdD1l8wDeQn&)0> zgiNk~2&RckH^o6+hJ-0K+uYIje+f@?NDb_2M8+@aI&)Tdslq_cgJ9>AC~EAX*biaG zki{Sp;o-Mgf|e>QfY@S7Z+Lik{I_|c1Ev#%v{550vFZINuj8tUOHXv`j-_|s+*K^9LpjqjY$a3hn!M z9d`4vzo`bQ)WuR0zzQS4{iN_r-I&C{V%Y!g#9NlRrhw=>p3Xi{Y`f(!CiiN2yW zI`&!dV+1i@d2rjM%34J3xa+5s<#RDvyhl%bu#HZv0blcr{r1)xkCkfNs| z^(=`QeJa=uy6r>LR!xo|7Zjib){1ya?pX6#dDEH)`{1SI$oUGubKG{9NC9s$qv2Qk zzqweNh1nKXk%C(P9S-U0VucP*h1{i%JuW8n{9=NC>1tz!Ya=L4hp$@HycH*FiSd=f z0Pf5dAcCmFHSSjr{6=xmMmLM3&hlZ`TKnOeg2u)5*{jX}Wp9r-{1vxS^qSj@0|2<- z{VyuPb5L;2?(zpX#cn--2o#XULg!vpmTL4YutV;Tcl*DSIJF7iBWs8Xz_<21Hl6@e z_+;0e(N|&#npVFt9gTvFKOcrFvSa0w>iFAL`y7~vd!BPKwvbR>2$uJh_29UBIr2b; zs%b99rpsCTK&1%Bqu^~~PJ|%s=wiHb#b%hjKnxSw3CWqSOv^aU$^p@0&{&IvgS|Oi zIuupQ$ma4fTqRgp4}kfg$Vy(Q!4(4TQe64fBUjGPLXR2#6Bn8gA6xOk&D~>;$?tr9 zNZqy9ECaqRqcd%J!*{H;#GS!H7Xq$id_7l|jI)Jl-cL&noShdt%Zo+Eo@S}%i5Xee z?PTt7odbyWF96{}8gObW5hMuN5b)6*2@@&?MFS)ReiKy;$3%@-84#3IJFr6+e36wy zK6$2AbFvemH7wf?Ejh3(N>ZNxOOx%GzeT;W^c{b;f+fpFKhTS-w6}{!S+?vNhuKvm zt7d9|=d<2$trJ)`#`s7$1}jOc+&`U$N%6t+{DbZfUnJ7GEKp=bO=6#dMpaXF(IWEx zNH(#SGHDQ2zENl~Yh>be-kVxE-*X1d=)vt{7*3{w7EyvNhp|((Y;aoG>F>7~?ob=; z0j`%&2Ai>H=0R>H2ji%jM{nN)63X7*HmIPL&@h|i;AY4YT5m=E#DLUnY~PTR1qBad zuP2%xRW5_JGJF|(HAHhF#{Fd7Uqv*V+Ym4w#jR-L9Ikk_vDgu?Oh+|-&1i?x=|n)B z;X$nFfw#YKUb4SeQc}aD-pP5pfpvvm?;pHv@sy8@|5N4f!3EAUyj8vWoFFsj05pmN zYfk<)q#3^N+A#YhRkB#~P2^YrR#&5%{b6Xmmo12d)M)rwSje8lfs}nf=i^=qi*_mE zIDmW~ZrxbYM>Pnd0ab$Lg7Kv6O&X(cI|(Bb1IDa&i*bCABSV%9SBB7pj?`o+It$91 z*i>AqEy5n(Fvj1*OVeOK*y*9F_QsE4igre+Fi=z91n|lj!GmuTGK?g=60Uao;w=u6YK&>#AE0lH#s|A<;}qghAeMUkk!bH~F72=<)HGIj17r69?#i~jW*%JV0Zt}x%| zA*XWL<02UdLZ~;iU6wf{oEVPMuINK{-hn3*gr&`LP;a=LF;s88@i}$#^tm+8^+d%^ zpr$!XCwLP>aWW!Vnjzx+pWQud#@dyUkT5FOUszDUg+y?r26VjAX8bFnvJeXv^L>m{ z^Vc`uiH%$#3$T>m6K&lr8epIaP{oQ*@6dWxKG&_MJZ}Vzga)V36b8NjwnkA}KjWtU z`V|D6LP}ZCXlk=don)-L0$o1X4XM&L(jsh!HBQU!a2@=y*qhNJ4D20}*EaT+`F@@0 z@qWbS_t0l&M-{3{dUGCzSP-EP*!v_H3$k@|Pm08*XR`?t&o4ICWk(qt_wB_UDDpVk zb2M(yH|6P!7xA1XgVh065vzQOvFBW~FmL3i4!d?NkmoWQkxk?=c11T8 zGz3N;4QF-U^I6dwB+(4Dr&6zwBZdR0nL!zRN7rg6Ks#+bG}SlsU8iu2+h-pImsnEa zJ-t)yd96xBb8nBpL#3q*ii6?JEVPLUZ|S!aNQL9&yfP>TIK{BtHXXA0U#aiKAT{wy z_f#Ra#Y{+R507KbOayv7B`9gB3@D^wG1pAR)8blx+4@N~LppJbhvgLJ%RN$tmZM(6 zUm0?Gv9?zq*i(up5mTO_vk2~nud+2h96s|ppj9K}44shaT;b{w6ra%0n+6wgzn19_ z@rhG4a}g?dt+JZc*yQ9R6baj!2cXB3wAc?{?C7drH;DkSe%T8Mq#Q)Oiqx$o#)$)D zC`RVZ;(&C|?EVrx56ChlPzGYyo6a@dQBJvB;qnqbLCjMbY4|}(lKTY^7f|2etuQBO zYqnzE$es~X%YJ2vn@GigG81+BXs@g)m>RxY3oTJ?jIOEB5n1^P_@g6A{Ng=4-)<)`*(EyHVwDsioO3aa=}iK4CD zj@U#(i0>Vj(8Kv9clC@AcT;Kyb|EJq#fpj}#P|&_=n8b{|b(Ht_l{Y_Md&xo!4Gk)Y zzumy^or4Ew`G=LbWf@XYBx(^P;C)0>lApcQJ7nyOGLy#0lfyUs?w)=}N`JbAuQbwP zI5sw;z5?2i!mxFgKdRd4`p%WW8?A7l!{qXqqF_rTZt&9+_ve^!N@pB zrP_N)qFyH*)VjtAn~xkhii>;-Qd7Np8ZBOKqckC{`|I)eqp{G$-b$M#+^6Y$M;o8# zUYWlH22fsUVj(o^%!boqo5{@gzgn{n_}2o-WKhHM4t{yP6xaEbPinXg)BBFY$bEG) zOp5{o8kh<<_eqlEHelEc8m3Nq6C~B11Au1Y%IFj9-HYV8)62wYG$>2kcW${zd^U*B zW@8#@6x~YNv`MjV2}%w7-K-)c(AjhH*7}2odo=XE8H>t%Fo{7ob=&i>+o*cKIM;-P ze-kDH&<&e+p6YpMewGLLtyxA;h=Sw$0J4{qEFY1D&Au_Jq|=3Z@?;jzR{-res9}h{ zZwH@!)C|82iRH~iZZmMTTN0&>Q>be;6X@8Y|7H4?sS=+K%SSFx32t|B{S{LHKWHFpI6~Ph&|~hl~Ks&=Iowi zKcS6{1WM5a*~XJaTS>K2jZVh)O8`_rX=1N)aKS9>-Sd(R)9K`*^58%Q2GH?stGOoL zI%d8u-rlM$GKKu;G1=b%I;764yJ z&v!$OMpJLb&o7u)z9?93x;Ped4+d_;|91H)Sr9H*pEry@UPMHv@qXH2YRfN#oeCmm z>24s&X!J=pEUh49A_$LQ@weFiTJ>46F)H@H2_jcyC#2vObD`0jMMaB_>Bt28ldv+v z=%@sz#wn=YMM{nn$Ax#Z~2s;O!UQGR0^dhh_t> z@OK^UU~1`y4BC~z#1RIUFX$`}ki98xNx%riycF#h7IU^t8e2fQ-aW!m7~2GSANkIC z$9}y;_%Zf&E2of#>WZw<^qG?&On>O2>u#kV#MiD$y!1IS_Q$r38Ho|_z92I8a5RT)%3OvU?JSlq8l4D$AX)>W#WWLuhgxBu}wWX*vh}UBEgZ z#XZqDTpy>7Dp}WX8$W&;XQdDVHt^4aHedr|jq7f}wqhKAptI~kYAoM%y86SM-hVrJ z=1SKL8rBlfHoHnyn=61`L&>sD)+a^!0JN*XQ~BLJcBAN8UH*Fia9Wj*;ZoC6T3^_9 zmMNS+nc6Dk@_p88p`maigvhtCDdIazEW(mS8+`lSGwL#ZI|E}TtG1aG!70yQIC}Ti z1If>T>%0OO{L`|*_lA8(H-|jVjiOpk^6o}Q3L1T$pC;S-cjRd5=c{CCD-_`Axx6P& zA|$Ky{1LwvI<_6TJJxOf1XJ)!lUUshiFxA;CQQWIq#9?68Go-DoV3{Y0L1)jZQ=iy zEB4&(xjBt8Mx=jax88<ESTT=|6l*d2# z=5cFu9q?O6s@a-hx%V>-LoVJuIzOj0t%nVi%||fYjRWvPe0e?ToaBn%Apnv&CdRYPZ5#c#Y$4zLEuGDexV^n_nl2GTHB$(UK(1@@Yv(0tt*4#9-Qs4E&Rl9y-7z# z(ca430`08t2Dqny8hOx#i)1oRK6ZbAaQp6E512YEE#`v{V*^uIwgl30=|J4;x8zuV z1&j6zuc3KL5bQt9%GbDT%WMp2P=hA28F#DPzHwq%OcDLhF^zbXY zPoZ5k0!UB)%emd6joC9wpLFk1l_G9dHFR}s@i^h;B1-*x_}q#{7-dp&=-Xo9!Rv|>=b2)uzbcEdRK>dQP6FRkow+SmNfdM!cc}km`sc8EK@RtiT9|S3?&{Mkowhtl z^h8(Z(Onw(D?+<=9E*e7AqjCJs#AX2|I5s{SaE?!7nIUij?T^wF0xM%3r%ZK`qGU4 zUZht%*fjo%gF}M^Y$hwpYU0_L6*6TK@!idU6)(iCl~iox3;jgx&{ivWl08eUtx$i~eU&`T33FMHu| zPHcnyPDYGz9rL-{F7)0795KSaaXz#m?#gW!fTeg$B4LdZoZj5*4s^RsKzNeCUTB17 zM4AUvm`A7A4gY-Z@K`}mI_m;~zC4&&Al63R3>_5j1~x!fSWiZZO`nMODjG`gn2?!s z1>XbKzYu+6K7q^X`#q>2Ry3f0m-q(hapg%p@lTZ~h`my_J4TOk`zGG{@EGZ;GY-lTc0zXv0sRVLc%n5P?=X<+j z0==}TMw@i1-`e_rqq2~tyqF|qa;%K}Ru}NEE~3VUq)d;ltR>*PQ>F`@z{JSj5^q4M zv?Mj6bul`u5DsxnzOx*8jD|;=) zWVdD;?|39aUALUh*S<2B_eRDk|&a+V7LrFw{&IQKJIkkI|w;N+aWH^${DXoZp(>`CTb{bz|wtbd7Ky zQ?^AKVVS!x?F_dyV|nfWZt7!qU{hNS&Bw+WK8+`T_>>9^V;G^~*qn5A>W!V1YpBZ= zPJzs0JZbdN*Nsrl__OmL3A@YC(UuQnB?6MtX1o>J$?FeWb217r1--Tb4eYy{qq1%o zvwi*y>>O4zRFMd*I4HxQuEc#WO6GcC3xie^WOTT~ci$eqb#H3DXjKBE;^n(!9F&rX zJQdBqs)!ZRP|m*`!(|Cod;4}UCG*^q?7YUqC!wd9(Luf5ex6J}`>SRLUTcFjBB0?0 z{DHrzo2Lw|tLux(5{$DL#yLan--()9j7hVQ-J+3KtXeEd6C#z4%RZWG#%V2_c|*GG z^pLE{(lHn*E;8SIEln`hNyR+TfnMj>vt~n#drwjCbdmwndBLjoehJ`Rw63x085V;r zd4K55vQ!b6;2?T&Pxv^FqN`PCKe%c`ZmV&NF3NsQ!tusWz>8Da$XNsWw;XH5cR2>O zJt2gRLaL?P8w;aw2j|<958vhMPKv?y*Zp0*u(%baIg|~GqWOIcU2Kj=Bc#hy{ln6b zE6hSBgNg{UE!IY7s~_*u%ut(g`3j~CJb&7XY?{$)rZ|E5I8?}10?P=K8Ju3#e_$s< zpF!aD_#c`quQ1RKv9i-%e?w;s1iA}P@Y(6i5H-EA=>Z>PT#L)dJMY;}>lpM6|%yj%j#z zzVc@15~cCq%NdkNQ}R$-ZiM5QBYeQBLMOjs13vqcAS7US=fLo4ME8Xy4`K9-f6k+ zwUYTd84Ea+gRze932(v0>saM}s{7bdQQb2$gS6+G07DoH3~}w?Yme@g4a{73cPpS| zM19CI-f975|MFj{QP^tX31odz&Zo_HotkUyU8g%fPof_fr!suwteTv5Y|R4%DKI^< z1`IxaN3UQd`f3CXoy4hKF8iF!@^&#sU|Yoh=z?(Mj|$9QdB|F zB#SO`Ro*UjRpD0K>xTJ*-;@yXX?z7kd7-Fu&F@}A%2>n)d>n42S`Tj3<*JwtQzkeN zb`qyaPSYTfP(f$;N3Ounn5WA7F}Q3`inKa!1I2tBWB<8<umW97A;ugNyNFp9s z9`G7`@_DIaiNSmTO#L=`%>`-w7^~{9$(oPc3HW_;w%0EHC5*5M@%J`%c$-4%j!fn| z!zB=W*_O(U>}mDed9Qk(CU2h}qg2ztKAqw|vBYkgu>AOI6lv7pZ;ke0A(NFMr0|qe zAg_kdm?yQn!trpv9G%C=aMAG?wtXxfnC`Sk<30|T-XZ*caa^5HOhgmckt83De$c=y zQH6uhkxI+g7EdO@-_&C-R9XDVVg8&9HA8S&mgaCW1&=}WpF0(9?B8>A=KJ5e!}2@* zb18Vu3n@}0ss?^G!r^Q?jzh=kS16Ake`xy4U#G8tYEE7&_r% zomJm3x^ds_f_D9%k>9A!#h8UJq$21;&v1$60p;kp4kN8BbNelIpf`=VD{URL%;SgL zb-ZR_m)m`e$0sWU_TVasd$GzhPo0^2w*zy2+D#MdlH(}o-5buqndlklahZBmiY?9A z3d+X2*>HC=cijAPr0i@KMQY)pJ(*?Vv-_>1ssC%bI_`UaM(MTY4^6#!P{e{lB8Tk1 zWq%4`YsJRh#Ap79>rc&n;TjTAKk-IW*zi5aQW?=DivI+C^IHl1H2#DW0sBmtVTwr7 zwEe5B>bp}jY~@Qg^1{Ul22h#P6+bK{2MC#tlbN!_bJ||}$v3^|&jXCR= z@-L8D17ORLjHcD^=wg!__@W;Wq8ueoO4n51ED2wHv|G4hj?TT6GwXOHp&>7QNPr=e|hHDEwwpsGL+*>Ahz>qYW}%Nqvbt6w8i+B?R zXS16HNvb2&QeN}xZkdJMU zaw8_!4d*6eT)y%-^X!6~#HC9aAjCdE7`ouOH~{MX=e)>-(#pgRa`Mn-pxLW<%~$Xc zbZJ97@29`iU1C9i`YzvE{551T57R+=$qmj6Uv|ujlXYR9=#z$KX}29RRp0OOY*_kC ztj40J(=1A$Xi*~Vl!D{zo?x%RFYD2hi?$RoIB*YoejLA;F2i9pwLMiA@Hy6|R1fgL zn=}jrpK?)(cB!AX?n+Z8?O9xTM9yl}ei?V4b{luC{j9S8FOBG#;LlZ-&z;F=qU9h5 zuFEt{7?m?Uv)WHqS3*AFiAr8JyVX2qgGe|yEtL<-8`x(jF}0>ye)-tfN% z|7Scu5qDH(+Rum+{2Um}JO1b{+LZvH-t)b$#H%ccguq&O9TG z)c``GMpA|di}we^(QbQJo7NCRCIpZg9o9plqKoqk4zL}eFjMg5_N3`uD_W!Z$Hw^U zg4b2y3C{Y%6k*vnaO`$!=0gjap)}IwaILqLm?yoSH;8^A&xiVFM2$tB9S?~cF!96l z!BhuD*KD*V69NpBshY#P`R%6Re7*Ssi6LkX=?1YYExjJpfY!%IY&=G!^TCOxy?W$e z%%m-ooJCvEP?$zG3{;?SQ})`yQ>#-^&UGb%mntXXso8DFp>J`({sG?^)g~6DbS|iK z<>_wY8~g>+&gaD()wpY5$7J|$zN?u3?{6<+&cnIM`j11SQdYIuwvJ=XQr2a;?vANH zY1RH5tswy&AG8n@yx>A;y(mQJ`R>+O;@5$KcEQOrnr{DX6yRMQkxh6%A$+8`a$%p$ zmMi6qlr4kuy@SjfSH8f7l270{1S=dWoJvfpwf^LaqS!}EGU(2ZFj(K9!f@OcHJTc@ zN{F6GHD!9~?b@B$cEM-&(vqjitJ|{>Gu%jVecJk3HqOu+gWySYp*>1jMa9e&!&$lj z+3s7V0WC1I)VP_2Oo-sZY@Hjrvh1FTg=e8bq8MKJ?t`n&Qoy9*q5G_nIG!ie@0^JL zdCFzI(9M>3!cOuIuzRZh+G?)u1nmiTEFFi_vwjl~15p?Jex`GD2Ae8b3(jP95bWPq zM%!1&Z@FOdwf;#Wm=pslKgCDi7S=Tmziv;d+uaLG`ED`SX_q#ZOD~8Z-T@Vd%7O0o zK*&stpUvM65lUPB$$<(SmNG|jeoXfU!{%5ans$?~46Tmd%GHgg?&W{qNTKnK#Nv%s zo1gJ6)O;i{lEq(&4L^PxlLkO>#O^^Bo=8pYJ12wsK&*%>m|Sls+?hr?#2c~jQY{xE z6!aD4h!SM37ahav#I$fccD=Yg$bnaVX2-__0)(6dT zw8fN>&|1Z7jsuAgP8x0JdbC!!-&Hem+Ctps zl#C^Q=0Dylu~7e3z8grrPC%CHs+Z#A(9gl~b7&piItmMueXHB)qpt}xZa@0b`?Ozd zT+0t|nqsCp(8F6zaZ;lld}fLSWy}BYdpm>Kl92ZzDc(+v9n_sm9kDbccOe=7m)V5$ zE;No2&nrS3x`LpJ*mTXyWW~JAFrMo#gzUd9UUKL}B;7@4+*%K@JBlTZ)gN1cpd)SnrlV{HKo!a(3L~={>VZK*qQi2 z%sNv)&gQD3Iz~*^7*{c@aU+4Xz0`<8=q6sDdH6SU)8XzS7Bwihp$7hO+8z_#3zNY66#uri8 z-l8Gh`S0r>RY2rNhBJ3cYMRwJg$?&W+`I1ulPBUsW$RPvtQ;g_8`~fxXCE+Wwq#m9 z4i%{@MxnQ|m;vIG(``=k$!N5^!=4i7lcK#M=&f9vh~H41AdSGgt;?s?G|H>TLp&DE zueP|kL0w79@V@aCw*KlG=U8KcWGq694UP-*^wtugcvvaL-Xdz16 zD=Bum_**-upqY!>>**k{Bq3a?9O~b2WiEB)F*>*Yd6nTGzuQGBKoq5eL(@C~G&?W?Fn=jsB+IE!JZ^tH z!T@68I5icbvbB&)V!8ePdZ}rov!hN9EpR9-}(_tMrdecE9nMOoVpaPLGl{fX zJLRH6*GR_-%b%f2a@2e`yWEz>pq7GcZokt7MYcmB*02HcRH`08p>j298azKLkkh3F*6B%oO0d@ulMhLIZ#dBU zFCmnF)**=d2{?te8Q7<1xe$c0WE1GN)uXPyDu0P}Y|0QwEq?gaanI3Fq)BK$hjk?7 zg6C%hEp{gEg0mg}c(dttt&mxqB5(7nE?UuuO?8u;Qigy2Jd(VMBd%E6OAsvwfPdgf zQVJ;^1&2s6HQHVg(>y8gl2|5@h0+V`%}-Qd zG+O~OBWtzHkCvD85~WQjL@ts-Dj~Lsm?iwP0dp5r=&!nPMBs7>ysI+-NomjT>QwqK zR4Z|`o1B|+HkL23R|52LIESFj^{cVlLW~l;{MXjAh!@%EpnH{!o|+=;9Cq!U5<+8^ z@cL|2iY4XnsKa909AawSH({SgMOlgP*iriKK7{2UZ@p6Q%Qimmc&=@()L` zw#0jxPGevrDJf9K(;}7{XkiWB9H1tFn1Z;f+Oe>gaWg$X#SX8Xdlv8;LF8)h-AdPA zWoHT@2mwkCMi+dv48Jv78b~w$$ zFt0i16*D|TEPf8ncSX7K!>tEjY05yT?H9F4N#1UH!hb$t@7A!laWpsy0EV`AZ{2)Q0d9J$ zT}bCGNxl8@W5R3GwVBDD`d9JtE31&qn#hf>1ov_(ubCi8t)1^P+VKtXdQ?b@62yl8A2mBTSac&holp^jONjs=d5@=4lDVy?w%+cXX=3 zc5FslN#GnUD7Vzd^smSC;^-v$Ydj*YjN=RldLVvbda2cP%9RB_2VdXc)zPSPSAnt7 zofP58^;m7pdQahkdeU!dhE<*sQ$cA=$k`T_?%PtXD~GV!D0pf8zD<$7-p@7<(y7g& zQMy28ac-ThwSj4-I(!6&Bp$-;#6Rz;_1P_uy>M9#C0*r2ik;Om7Yg6o+DMQ1Q2olw zAl{Vp_dI;$%GD~GIFxCwX6WH7M6kEv{MIiDhmKX5j&2oiSge@Ym)qYZQsw!#rNV%; z93bG#jMwwRqCS3}DuYmoH%+?iO`_whL7)P~ZVDz%JiU9fg|y-8SBf|z1;~hJFmX}m z%echYnTZk0YEcksyO4P^hYpaBBx=X_NN%yQDKIIPPsy5rREY&et7XW_X_&( zQQ9QZ7IyaG3rj)EqcNDW7U{1jdVjptjtkWky6Ag)uhw(z9&*`E2j?Q^miJ#Mgt8p# z3s3$^_e)Ss#?lmGQGXkxgjn%pdwL#UY3KLMxG3OsRa>{6D{FXCxYZwt&=^{t--<7f z&j0&yD%#8E-P*}<{&VKp6mj)@mNkkmFIxBKKqDaRPJAV4^{Iaizc9_URn;}-z z8Bso-W_v}(%no`mBHbB3PyK@fAPlDUV?2$A1N`!=O9Gn*WwQKJDValVD5nPJB4eB= zcClh=ztL{G+^te72?e(N%y3?Ug^&U#o>l^(4Lzmyuw*>l)=|HVhOsC&RbAFqEsl<+ zF$*v*kcQn@Q-xv5DR2z zE#BGArB067*|0P(n43s~pyZ|W)FkDERClg&B6Xou zny-DM6dHfDC)iulq*o2&+0?i#dL$d8ZIetQ%hB`*Iqj+PT3=8=Cv+B8GnFLr_v-q9?<4KZQZ&L0W4$J_Xv-1wQ1j z=RXftj_!Sp(j-F6cR_?DvtjeyreC8RNvEJLYpawS&d(assW{A!C6pP*{IvIi->T|$ z1#+}Xe-Vb3!aX5sDKe!dds5mwi>uYhLB*MhzYR`9)3T3$M;4X}|1J$9JypJQXl*+< zoLh@%VpbqSP<|?%E>?EcXrSyAo4)KdZivx;vN-IsP(M(a3(Y^GRa zqo*(qO-3*+G+22PY5wV>Rpqu`50EKLPY*6n`G|rt&{Cr%_VX`Z5k9K35d!ce{QD?3 zQG)5_pA5cp)dP|@WW^8>0BCNtw+Up#3&a1TfC1h-2#Nbw*ytfc(^LLSN^b~Fp5s=h z%wv+?YSq4Jk-L@Kx|eiumiR7B8Dr3j{$*FvCu<8nwL`gC0M!E!LH ze6Bxt1nZNb?z6@u%3I~Dq@plQY7wspSJfh#0@D=8fnG{3PK5@`Wt66*$O$a*@Tq)P z0Rh1w^wW=#G=hOFHz#I1g<;#trAyEAiY$fgqbL`Oc6MI&L4#RZki4oVXHc0%5^j9d ztSe)*=4CeauHSkSIC^-6x2u8g6y9q%SKDj}af~%9RV)U3- z(RoRUx^uS1I1H}yk6JF*+_6e7c3jd^}mS{9zFPIiP;%&*%p ze$*_dvF>>Qs^Z70%Da}oT5y>$)Dq$0H@cT^0~F5C1HB^-zLO-)kMf-m+Z-2*Lo4%$_?|Y%J(?#M2ElL|YDgHmHgF z`C<15qu@e$n2xSuJv>V%otG+6DLe8<2=i%l`}@G2cOmwQ#$!twV1@w$>Qw@0e5SH0@3%w*~{|WT)yz;8vT_bgWl?7GAS) zF#}LoI^m?*m@tr`g$-~QyS9J~ahS}tHufzae>$&wLWX|lK0)Pc zVJ8*y%08N7$5(rIW7GA8RLjE0UW&yUX&iPWfxjjluNCGii~||5CFK7v3t+2|zBtoB z`6`jBE=kcRz1+dUYj~P`&7mHAr=u4lY@2jy#loBJHiypgMer&``s3?YG(lVbTOk;A zNsl$TEukb6nv^#LM^nl;<)!=xhfL)JQecjE6h+1C%m)^ZCUymcTJ-1hUn0+U)r#Io zivLRzxLRuiA&WAl0sui@|ws?CU|@KV)DKS=Qe6Q!R!A z|No=utb^L_g1wJZin~j35AN<1cZcFu+$~rsrC4!ycXxMphvII| zli8fJdv?$6_ft{=mQyL)1W7=q^VM;KnML;NTR~+4j7^58!9m#~yHD7DpatFV*ruZ$ z++Zol6*6|`xZEYymlE=qQkGMB*WdStcUm5pb5y`n=hCxuG=ZXqsPD`-`*X@Un*Rig z!?P~RUr^ACISXd0vrg2Ey2(1MtV^29Efrb2NoO)XzQ3oX ziNscs3tNIH>5Um($44z?0fe{fV`eFU`56ITi+hYY%$vkKO9wiIjdfN|!#i(Gw6~@P z;QHOp;wKSA@-WzcO?;cSV76 zSkt04gndAvgz-!H&PIZwbyVb2`H&_5TvSEoV$^*cR~g%X%GiG}?c*^ruvJzV~$Us1nb3xD&d*hx?erpvoDHxv>wPS~>QOr)7k zW@2+Uj2>0k_{ey2eMU91{FP7T<(H`DX?sOF1@#F~n%$^UGZMsK@C6kLlb7nU{(;ihs+ zrAbgv6|PuAWJ$%vAUy8*1$~uhs93RltL}%jpcHZ1EP8%R3$?O=d)k+mMif+SlVV54 z75SBJ1xv+-_U{qt#AO_wRUibKlq5&SC??!Zb+va3bGc{!-TaW6ELP?F7asBJz0YZmi6w1ruQ}68BMX;-;g$7 zw7(oQNUPozy^MEIGk*2mALH|Ox~wYlQgm1NZ&95>n7xmatADN+v#Vb?4`tB-DEZOY z$#Uon*a+cPg_v?MFk_ivooWr`Wch|);+yUAYPez2NTG$ZIQ-DVji=<-Ekb8ykSCu5nl+Z`K2_RfdH0Xj)>>$H-} z#zz)~T|0vl4E>V;rEDN$k#zg*ZP^K_ih^M0weA_@4Dbs|ss4G4sxqA;jeTH;pW9EO;YUWQl!w}N49o@N*Mkj19ucyuLmRoUOqQUg0Ne?d#?EmvcFMxF(V527`#DV-X zVx9%1vva;N2ED&G{Wyuo{up;9_wd{8YL?c4V&ivD4mtr7c&fPXD7@!0J?HQ*Ki$HvVaJ1Mu1qLUA45R01b+9STIxIpI1|e+a+3TSuAMkyKq;%OrSkW z10&2>`mQpshnfksf^r%EgdD-MxZt)EMp+pN!^jd9T+XP^Jy?DIPSNRfb%%p z=aSJm8Y>DjnPkk}36jwldb7-5a4zO6{_Bd_c5H3B4sNI_I?(aAgE>xvixZ=fhWZ>Y zAc!dWf50maY#57wsbx?08K?_sz{iEp;vm~UX$XbO(o`7BD4N{vSgxyDF7-v84(=oW ziS`6j;Cj=rwGd7PE#h=(+y3xJfT5Z_p7bzx-tIC`7lh9LajR7+w#8 z43^dhWW+pFf`>pu=~uG6G7IRaNzI=1;a|c@0k}S!XFtER5UXfse*zN#S{hK$fCq;V z;>xw9qw9F0!RbV!DP$z`7h2%dS>ajQX_hj_hUu7l9aG8}9Z4pL?GqV?>klp2rW~#N z=sC#Y$@C$oxB?Tx-D5ZZR%n(Y5kXmuvuSANDXt4pOY3Y^q#lnPEn^HDN$$ibXC5e> z2^!5M?T9Ms|5jo9Kd7zXM2X&wXbQV4M~}<#2=Y0XJz_X=!FSVR!Bfi-1MO`B2S{`eFPdKYRLBCuF8QCK zZiwGd(GFoeNuKKp1{AbF&7LTE>79+xF zSX~=g{)7I+7%+9PH|1E-ws9{VeIeZ1E+v`;#us9$~$lP>=mF86f zxd>Cv1nyo_VY_=F-X3lbQ*JrRv!m=TUf;5@xyW_AVR_%SP-30Yi*Zzn!@F;$g0*Z* z)<4I4DXygNy6MPr=$!3{UM1lnWs|_%Lr-`~q_&{q>qu31g1_km#h$~6hUSVqub_ak zLqEMn(nbx6@xvn{-Hn^wxfYoqNv8K&Q`{7~zP4Vs@AcEE86tB`ge_jEiSg$X zET$MiKZ9Fv2Pi;WUlR_j-1X9;Sj)lV-lMaR8YA-6QsWd86Y|Dnh`B`@1cM(zKWWEq+2gO8vxR9Wo{(t(VHn&FawPmFOG;{smsewqJsJU=Z8M5uNZfl>C>Nc>2-rbesKNDT`feC`!v7#e=k%#Q}f{8(!7)mzw`ZXr!ItF z|88wU-fmBw!B=45)vMvf<@EIC)Wzhx7i}=?2O%2U7u&?dkF@R#f%IN@Y)LFMY(5NJ zG^u?BHzJ(hS-)g9%)qVWuu7@=ihPPYVwG+|#(qmRvw%9JoKzDu+P^uy!L7r=tIy?G z)XDU7la2hFvi{sDvG$#w1)@BsT8CNNBBjmPT!3GWJr1(-UOf&7Q{kzlGZ8Al=Uq*} zl@9fTY=yCMLW&8UKILgfN;5by8nu1O!S#LCr~7J|&W+UZu**=VsIN+yj>v~t*>Vu% z<8zal6R_k-Vj5dXpjv%;CxbPz>rfAv^@CQI6V%{0ErY@Ml@2z*$+?^2aFjyMeIr0r;k zQs%7l40A{?-WafOZokg#)PK=Sp~YsUbEXJ}MIveCs!w^&8m@q@2Pw$0Tcq8AS~?0)QuhY2>*lo+j`(B-uaP-%z4VfwC&>t zPYoTGFSwahKBLYf7CVP>H&i3wNJK_mbSZCMrqCn9wo%Zt;LG~u#@yjyXC?YvzQHnH z$&yNj^204i3kaV5R&64a&<4~abQ3=En_TH4t7trJQm*r#z5neo(ge1-;~0HMcre`a z%>mzQ6gl~Vk%Cevwr75{WAR~F^NEE7iMYQj{D^pUCwV1Sv7%Owe_AWqxtSz19XcZA zfkLlqTnR7|JM+sE;PYd~U)=cQnw^x;mqV$R7wH&B`=VDT)enS0#Nx{x4(^;e`bk0` zm|XBCzgkK13;zuh&Sk2eW_LD1<9dh}u_`N~h?65?>M(#yF1`sr+7s(6N|a8; z`Qnc9;ztx&O<7QrK>kU6k{w9p`waga!bOpCq`r9F74u)ZnmO<%sWyBiRn8H;DtX0d zxkzk%vYdFKieb4}b-GYcotdcS4m_>`m+3uD{Skid>M0M{CS{p2^B3tJbFU1F73R+Y zH&30rd|%wn-+m-5kKs(|yp{_iH$J1H8t4WSQt(h8pm9c>evT(e*EOtM$ahh~2L*wNqW~L5oj{(hh*s@rZDG11j7#Gw!&n5y$hmg#hbKpAuk+*RqD| zKc%eCMR{^?wygmN35S#l9p2X?C?jiLLW%DBG>?Jo_a*59c5rql@BO)MRcU>Ir7zt#LoO^}Rq(y1y1od~It3 z+9L&8zs*&gFSH(-cpM=G2J$;aAo_2=OrIEf1R|hs1(M$x&~yv3-x-u`1P%jj9~$AR zvQKGWj!V3N-X~ju{FcMrgcG{wC@9zQ^lFrHIken{?XFAMb|-apCWLpZ`GK{_ux;^na(R z+_)h_qyLDZMN+FVz}At;8-fNXVO*Qx>OE3V5zQlJk0n7+B_QGxF89g+aq&7r1D;Jv zL#{|yVC6Gm24l=}-f&ev{GE7PevJW9o6A0+)%}vlu-g~)k(BR~C<(tE!+?rV$~jW0 zNgMM$2{)4C`@RSvPrkjM;ch1>+S@Z{4dt6bv&|QJbvCExR8PlEP|BRk=@~8@9ckFi zV_*R_b|h8qsh%M;kLNU{WPmZ+I&W#TD_hk(3*B^PI7Hi2Ao<}g%Xile>+L<<%N`MV z#WDGIEpGHj7MeKKh&-%{T}tATHS|Uo|1zWsYKjo>QH* zlz2Z3D#qdxUe!SY_a+tgL%LVtEHSoMj-(>9#~TwtIsMe-P0<81py*ASva6SkA! zvTq}IE%eys;?C(UAc0R128SaKguMsAUZUsi7RB%lTm&Q8RSkZqi+78@HN_MIk4TOk zZp?3Zjm|V{O^3Zb%OxPg-2eKe|Nn;i6&sZDo94Gf5@gP#-3Ubg0*gY*Ln>ugl3I@R zJbQ|q!Yl3h*G=UxB)0o)eW-?}XZv5Ja9}2NRvb`thDje>e-01@v>;}ICab}gcCRsGiH% z)7gMAa$gLxnRq0!nM7#EHxKOT58t@8AH0zMov?^tA(b`}t?weskuF>FuY*tK>GTg? zY0gOC4es#9GIjA5HSC?02_2kYO^*sSbTrGHb9rQOJoduvLb>*xm6e&qX>Z0YuAVDH zJeTLU@ZRzd&Ywqv$%%vcKOfG7k{ioFh?hA2|Gv1t#j{JUT67!nKEI4bYWLPFZM@{& zI$^;rME#q?#M(|E(0?GWb~i!F)O64-V}|`lBJ6?iK8&=jcsk#|z~34s67aiq19l>HL=dG_R3BP}CsMnWx0h1?k?y8Uq?qn^bnL=~6asr( zVCya9&{cN49&eFn^5WqMqOm`=_wS-+GWf@l5j(x3ujdQ(rAxypqSGd{2j-)d>m_hv zh8a*;8GRx)c1fATU*lj6OCefzA2Rz9wu?FpdL%?TEQkrJR<|s3MiD!CuUCjf6qZUk zWX4k;lqApZbOeG<>@eHY*JiuhI(OYct_`rAY8`1hC{Jzr2w2 z=}u!ODdO1Ovau3b5LqshxpxjxR} z#k}AkeeXWxj!t-{IW>U<)=g-@B-!^(oOl{PjP6fsp+0kDZzpL`ODwYaLCUOK@%p(^SVIuI zEGu8TV_RL>q`l6uK7&Y;0evB*+Wp3!@XAe4{TQA6T-WyTt}}lL&;s1p2<^;qm&p#gMZ5M}a>|8W_GGEK_?8ecjCvzit*r$btoZbZ^cl^a!kc@aTVY zaOw*KQOH`aM0C6EjC8wg!zFlrjlPU_Sk$QaM6A9(u;x^C#)v#@WkWxdL0Wj6w*%yJ zCmS4=nUpp%uYkfeB zJFRn{tutl8VSbV{fSdW-=`oQ!nS$|$t<_usrJx5jSioRlTFZCLE{Q2RLB>gZ`(}Zi zXb5^k;G};8xuhZK7w|cObS`jV?$6(!-?H?WmVgHSfK%1#jIR>Tp&m8=;3iv5^`lZo!LSShpI^|aU z{GDp&V9jmb)jd9w3kVIUA4lR=Ag%&wZ-zW8Lw+<56aeSZ<@Jr>+6tU}y+O{asfS%N zQ6>np59D1s$ZLTlqAKx&^f^v#vQf7(afMviVd+9qkqBvul2VdX7}gdJ@_e4MIh6d( z=6#yK?`yOY!l#4q>k-44d`J{I10?_jqF+d5qLiRIZB!CpumxH|XwI9*!AMD8CAaIm zMqjb}6#Pp%Me~2KHw4dz|3NFLvIt$q9A|T@@)~A8eabpfU^Z^?2?3%D&p#u0=Ov9R zjG%^ntr8d@j4HkKx-&0%cGv&|O8}d`UWN_(za%bwPzR2e81{~Fqk(#D)@*jEA)I67xFLHIF2>x%{d1=3=knf-PIT;4P&58twE- z>x*Yh+gHyATb2=$ov`(UxxK%D7rw9Bu}KL?)@C8F(=#gXlS`-bZ%{+C=xn1NC;>B@ zUXuGnNxABElxzt22i+fY*3Rc90eOlXll`-wj(5lLnNXsA?^9UG@E8`}psME3Yo+Z* zma23Sz)%`WK&UM8LV(~7iTjNXa{s-h{qAP0NSM9E5%zDAJKx~W*&-KGZ^RlU!&<}d z#;fT60$Nr|B;4v6&y7URJ7f6cyF`)WP2GMzhH^Vm)!N>n!K)vF=g&@w%dJaPV~LeI zMT}!&h63^!i;RFZ>bt*?X}-oYT{(RIIP;>S7|F)H6M{Cj$#+|+Uz=?m$t{&CD^)vE zq6eu1SA#G)zTyLyxciZn=pD0#F=Z%6ce2n$lIwp!Q8xU%4`b;N6=RDOvL=*P(-rhU zVb<@#{oqkJFVm@GUaZh1Vr=EWp5FQ`O*gjB;fwj5pGr;6wlMDpY5oQWDnk3_%K%cU*V$ z$5cW#>6j-ahuoYs5T{b9YPZ$q&k(i3#X3jBg|Y}Of3xY)GbG8p{_~*_lyZ^A+5Z<4 zY}z}RR!cl080YY&!10-tw-m{Gt12b*ac)UDg*jqc$|kDf)|2VlNp*^)}t>7tXqmPP(+*_gasO>z?;XIZawu=BMx zBSGwRZkO(U-fhrDuQB+Dh6E?So`Ze*W0BJ?h1Ezxw9)K>4{Ir4kPj7t#7D$J(i;@O zoa=>FYr-6EdCmFlUT>p%A!Ln^ zfZltXFGLYp=m|yfY#Wux^E}q=Tvmze<+wmMuR{b^VdSFQ>*f1_$E4ahI1Pt26&<13 zX)H)vRyos^VyR6f4EYH6jGwf8gh?1e@EK_n=FfXGep$+$mLb_4QWT>OO5rLaGv$w9 zYB>venFVs|oSvutafcOb46^#PliO)uWE{AL3z79JrbWMira5bNp1f4fBgh#|hi{Kw zyk*Ehs?sm#(`41dvGclcAXaC*G4dLSzmYV(jCuO@@aQ$ERl85|tnq6WsB|U~?J2wy zEBcYxEJ=6O17Kh#6NW1Wm<*_fHp467ci#SQj9JX$b6KqhvW%uf7a+k~JdZ>u`%vV2 zzNlZz^u4hoc<&ZQP-f(~y+;#%shaC8bJL;Kauz$l+YNiF@T#Ew1EYcLL28<4X&gkL znPSq5yd;j6NY`K;)*LD`pXW|Rr(_7-33u~fn)MyZn4?4mk%>0uSq0iS9}rkrDFG1?XRR z2S6M9wtRqoV_itP{;&npuwmh%S&W{RXF@!^$J`M#2QO*VYarz+gmQ6fu%^2SUh%z*+l#;0FQ z@}~-Ty^@*ho8~EGdv4y>myE*zF7A^Mw^AD=MBnDJSLFPS&td(H)hP>{)u+e~%yZ~5 zcG|v*Uj1H0FQ=P#$<#&n=tWmjMqz8&*Id5TZ?sw5Sh}A+@rLpK($25)cAd78cPIWg zlC(Fn<-IbKFEh@tD?lZf&J2L{xQ~GN?B)SH*0hZtL>F^wGSkG@GvIHq42IB5za0!| zH>;Ubw(RqvTd-{87zq1NS8m;~R<4g9r-bh2wMlaa*mW~m#ZV>8#NBL|#8Ue4NJ8i? zq95%@k|i@PHd|eykmt`!ocQMvKk)2Aw~x27lXQVK4`2USo8ex^!%FJ15^)mzUbaQx zz0QMgQuE#*g!SuBeVNcLOtvdh5Zit8F@y%x9Qp+xjVDc+7~4#FlZ0RusHL({a_e_E#EWSkb7=9(13{taEtN1LKS@&IO=Nt1@%qBqT zEM>@xS*`?68q%0^*LB?M^+j@>%XxR+k`H*q3{g!beRI93CuO*JJAb}>3!;s3t48=iQv)cQFC_P%eGwBa`*$at0BJ^if*@*sJAC@M2~>`&`n z3z-o`UgIdT{(P`n#(DjUYR^a@@YHu~5^nq0T<|3BnS3S{L>5`04P{kJB&2k22jnm3vL{>SgKeJ@S^aEX#e+$1VGH#rlQ}~qqQX=>`C%BT3 zJTwt9id&;ooqxd}`Gw(WV_b_P_ji{z#v}O~=CnztMYX!GVjd!L=QT>_YhMY%{zQ*Z zA`fERZTMWM+Cye@t-mLpx!7&m?OuF!K8wQ75d!a*H4^@vs}C@2IL6XDi_DMs{0(?a zVJ~k{ye+q(%*^XsdZdVOBP;CtV(H=lok9zgcC)55jV^0J)G>?q{d z0fDpua|pxJ*6`I;poHAUan3lBPY&=inIym1)qB`P%5Es2`)5t}>zBXeYs%EFlG^B5 zejI*0-joKkqi?I`*C$jAsc$dPJsIR^!Z+1Sxj9EI|* zaLYYDcjSD)N0jO)0Yt9m*Ym5Mp(FF}Il~@}pq`afhUaV`wps_^VA__bhRiy^mAJ;Y z1u>_k36Y9YXfH!*SFt}a20qWOJmnM_j_K~^O(k{ZE%K`I#=ksVgW{^b!KLw(XJguKq4Y#p$kMAz*R4F(Cf}s9R81O_4=4L|?lvPuVuJrZkLS7Z zcxFCIk6-esIi(vw&t9~a%*7NeeroB5-%BUOr=7Ht^)qI<_VI9s3>rU9ER*?DTA-78 z)gp!gXW>YT{G3}5dpKUeKfWqQ(KR-e2_=P1!sg}eHdu_q41gXkao}DvR;8Hiq-1!)%R3CztNH zHEv|;IwMt!i4#2w`WCv-z$vP7uCZ`A?rx(a!n~RkZge@06wr~kWqXqEg%#Yf)rN{L zd@VLwt$6uOr~OIxVmGR;og@E0+Q~shCjVV zb^D?ET^ld1Z@bOKX!PT4;rftwd!Ua>b}cuDcEHVI9PX};lqeE=M>cu>SE9_7wo(;t z_;ly9J8No_KWXJ!pIVifS^-6I#BA7kb1e|p0&Euq1`$Sq$HTz_HfJeXeB03pt8ggv zCY@~GeLi5HPgjvzMQznbpC%K&=U>duVLR{rePLsV<4CVxz4EiXK(G0Wyi>$YWY3kh zP}iDyRb5C=Hj zD+T<3JvL~0KP*A*8BxwcJJ%n87s?&0enhns2f}RxMEvZHeI}hvW-_o!mT)3h{-Itj zycEpZu{I)V^nM`oau+K8E);Vcevp~)wyTr?TcX|8Lh<3I(nn_kgcZ%PFB7pJT<+2G3s(@BM5C90QK!DZS3?ui8gdL!Dsss ziHtlQ?##$iSpLTO!)b5jy_;spOuE4lwPiME@`YW=6-azG*VMWmOv1dG5tsQfMsXb3 ztq=7W0IrgsKBvAFeiu0&sACEy8hlFYCAMg6>zZ*>1U2HHEz~I8<4F37Nc#S4JJHCG zy!W$TygC@A1_Q?nfF%OnJ-6mP-CPe$=#Ta}NcieF#! zS!NJ7jQH#@Dg&)~m94r}ENZ8Oww(83H@zikM{aXjX*(#?`I{}Lsp*Yt;0-_a5rkrT zm#3r8C|mc{COFkD zMhFS;jY=cQjzZJHT4&HY!L#7kl*rxvTgP}3fJ<0^I_6xE1msf(&u zeRG8J@JJeR53v9su;CMp5w_oHiANJ(q3UP}@5%{8>e+3DsPa_(ZGMH_Xq-I4yGnct ze~L8791v`=Eb)!WnglR_UBSjs53l&NVCA=uN%0R`typ@I8iKoIvb+ zjq|4R7qap)}q;VAFI3yI1(z$E5SAaVIf~3uF(|&^~JHD~6`ye`3Zse)4c%Qae zt2qWBBBGx@ej`hCf|Pz?%7h8dkd~;{LxpF_xHe20b7$n=or_l|mK0GwsoX0KvbQD# zhF)k)^?}StLr7F+#J!UpJ4{s#uC;GsnjyIOIv-)KMk{bmYTX;T zRLxZqId?$2mUMZ(B-Q1n*jKG-qRQUsM!alZvriwagw$~p1q&%AQ-Yuc{2pOjJ(7-M zcqdbXJb}EnXH@n3+WUW9o0^T1E?Tt`WF?n)j3j|jYLD$|`9^^R1&>#{Y^VaLqyzp> zc3#rjzYormjmRmVEyx?4bdinw+PG?beIUGAlxKF^ISv|1dVOUzLqki1N_e^)kL(2r z-u<`Jn%x%-{aj&(H9MVv@-cQI(FBr#9q3P`-J+*m-C%PZTc@eSIyUPm-_@vY?w8^x zX&|Xsg>{sIu&39=v_=N?z~%B>3>NfX;^%z;p=w-|Wl$l2puE5n4JIdVP6^dTo_I z(sC%@H)g&_ll27w(g1=h8Gq?6cEz7CSL}#NuTBBL9={4;Cc0b?;L^Pc!R9rXO>4Cn z(6+TKoYi&+Oo8V6jWY^cU=Xbt!ksC>F{e5Sj+HO&_OC*}Rw6(x~i^boI zsGMy(CN4KR`)`U!;-`DrE)0x>MG(Gm%I1~-r_Q#elybip-^q}$TtlLXioQ)d6* zj$s2BV7URvFESpgzt-N>VT+%any`?LSTX*2#Amyh54m(oBoPEriO%4n>~t6y@)ymm zW@n|cD>LB?P9bB2{<}l=X3(i*%V4u#G|vqSq%?9tx|VQ%0smLuriB7f*4XBR`hHz> z8YAgDI#(V^6m=Wk5xMX|%Me+?n)*?V?VT6}EiqgnBj{qcaH_9*8-Cl4c0Ql}Wj%$8 z;udn7k2-~w-UI0$nXQzeA=$VOhunq|RWFE>!9hj;+k&Rg+E3aBHW=co%nq_cn};iA zMfQeX4JuT>PT$UY3+|)G7*&4@Bsp}`Pn;p}7}64PGpU)K^oJ9(xz&T@jvfUzR$dr8 zhtwf(IWkalemMbXciPqAJx*YiQqfK5w`5`1!74MHn_KU1ZzandB}1y6BEM>GGM^ctMm6&LPE#^e&1b*}@K@{5B~sxhihYi&kl8ID<|nLSF6WVJuqZfZTJ=%+E|_14`bx#F=1&!?;kEC4hU$z z^(Pem?>}qE;-o?#`my@=OSXI{7{K3Qg~cX8)a!n7ofNBwwSP8?CFL1ez~d)-P#0z- z2JOOC;^$iBV-d{Lr>as;+Z%jofkT7F``7Oz$1c5}ofIBY?gf>ElC8FFJx@0CF`0FH z2p?V@uk*LV_r0x$l1XDgSz_f}#vHNXQu^HBt%%^g%zHn&#j6C8`wr}#p-5oPPma>7 zXIr(oD>&o4Pv0*QW8eG=a3kiE)FPDuknhouHJP0jInQgqBVVu-$d4G z9CPA@Z4Rp1gvO$4g?};F9akCBH6gw>I(}wqxolhy&HG$N=JdG3$jNZQ$0Ea?$=?cC zSF)aSOvk@9ISH7(EFPJ4BqC{dBsD(;j#8gg9KLIbEH9sF+|*#Hi9h=lWm(ekU;2_? zPQcjshTn~BeMrVJc)Y7dN3f+cv5=4*=6Ye&_FjxjJ*4puszcDjfU)1M7G<{A1UwXRY(a%r7l*OC?x z9%Q;WmqNF8uSz4n4;-93oDlW#jT@TxyS(j*6#}7>jPXYJvw51z#fP*>2kxf#0=Tj> zVyNyV!;|?;?w7olZP?Aa>cM{4+wc&TM{^$4lHL76rclPu@6Kc_)O8M zxh&#AZ;8NL@P=Tp7lE*Sux72AD7~FTSTgB=#a5t+dS(zXfwX4u{TIUh&(r-iDS#`zw;|v{9?EZ5z?8I0W1*6{NorMS#Hmy*fGKWTAp2m0&hm;D ze#PF|wJCErdR+riBfXQN*p&QyNv7y>%c=Y~CY^ugQJ6AUI>UD;bFK(mx>_aTP2n(PNRH(yO8j&UcQrFNqB^ zE}(0`J>USfb5)H1eEXkbF()Su_1Wsd@;IP|FEzY4t$;W** zGrNQJCj40e3GVZq!Xe)-)#2u!MCwdG+DJniRyx$n(=O8IOToCvsPVB1UQ0 zh3G^VN71xiR%YHH^d2Fo$l1DojcSXf^-i5=N`9zlvC^62kt>;pdAeB65)9v7m@$i+ zgYf_TksEaSI!M_GX$c{O(ZuVcd%e_%OJo5FC||6Y#$lo`ol0oMNyhaKiBeJwXaz3S z#F&x_%01|){uig@a$LLIutz#L+=5Ou5PjvGVlUR9^&beWX0I|s-%i!rFgMrt2vn=L z!S|6{`?#s-eh|tWGx7~+1 zC)J>o-~=lPH@JFKX+&P>yPJCWFTAB)2dUZdP+xQQe~-Di;S+mX7l)IS>#+3~r2dRZ zae?W?sM^HvSFDimi^|4PW*WZ24K(;xURqLb73^u_H8d1W={RlDvF6q|NO6$o<>zcT zN=EJ6{;njIQ^SE|;kYD+zK{O%$$`7qQfQl!E4$;`?xrUG{%_6f20qN{xk^?{TPO^1JY(o2vAh~T)Wd1$O$8R;cTxR8)-fVv#OM5<^5 z-zVOX%s#kBnge?$f+7}NT)tWo2$)x2XO)l2I3yLCbOeEL3V|)Ko!$#qS`wgusL|Wr zN2Y?nB1%^8vX!Qq#S%M5`cGYo9_6tk?LRJBZM{>}e104Rv z;`dHbXfM2#?hAsnPfjNsVHX;kJp$VYCQIkkeyRl}S(;?=S-eE}wR2|3yn$Dr;F9Mv zgC@6`M94*7&wNKNKI8{`YnW)!kk^v-1XaY|{b@VYWA`NP@q8Enja3@3jOIUnY_xo! zdi6yboemy5hqYqA{3zE}C=bWX4BeM3*m^Pk-tQsG!B4AQ5#WUrrqRNbl6vtKELwCcILxga#3yy>Fu-YCN>GdWSHVy=>>APOz;HLc@gY_WU z!D6IIJWaFPGW^=I#Ai2pfvz`^hG{mYfmIz{=i9oxuagU>6L%sxy$7Q4~r~H&EzlN7fWOvd?eir+C>hEAtxh?55Cby1m8EYr;HwTFaRk%!!t!SP|no@FDxD*l4l6+!r4i6u|X(e|j1 zA!(DT+`k28cX~qqQ+7sqd8sK}#%s#zRPT%`Gj}sq)PDOfrG-t2K?7eGuy`JEmlE=)Y9L;hPt!MC1F`)krS;*+yO0Y72j*l>74^Du$v0~i+*8*U!hBY3| zB?-m+B!@0ggjo14l5pojA-rn&{9H#a2r!q5Lq{xJ0D6 zG*F^JLqAn3HQ#~wXY_shDVj7Plxhu2Ib>F#9QT^iaBf$U!&qE(;tWmA4RB~TahXMS)$>> zbUFusu6jO@JA6F)n}mzKzMp&ni=aQe;za;cTo#ofX~nQvPdekHJI%;KxhhkcvB z>p*G1Rt)|&x!ai&S^Uq3LV*^*dXls|uuGH=Y2uS1F1(p|ETyNoopto(s@Sp$N^dLO zvNoF^hzCES%yoSIW9u z6yYc9G9~secB2GDya{v8hjk4UjO7vFxnqL>`ht><{Mx#5hV}o z$ls)Uq4cO8ixUOZ35=E058t1hc0(+gJGt>?N~(|6YMXW&#n9GnKNKjunZ8$D65?KD(%x=S9_|57wb2FC!L>g3;eO>bcko)G-nWL7E7>Y@JJb`487sI64V`4 zOFsP@%|z~}|J^Tf(wzoH_M-FTxF;0t<6syR3deL*uc626-GaB>p+N8Sh$Jd=nC;s` z$shW@X|ydgE^e1mj=n)k6v$F${pvAc`Y?Ewf#`0}--jg-mfIu8n*#dzC}h6qM;bN^ zS*hZclUzXlV_gWKZsRyJpxqOiduG4TB_PyXm4UI^xE-HzsyL7?K*CG{nkn{c~eJWM!LYslOgi+It%i`wTehE+hcfSS;hEfo}J~#;M4HD}cIEJ}h-tH@)546DT!URT)K6#C9qDI4HI@EJlQ@?8N4- zS3{?&;{SPv2~n@2V_Y=&T`TKcbhkUy4Keb4!8*cDkx`Bb5WAg@`m03x#|*wygIjj| zay1U?Lc&&Qq(F@Al7)N0DRAAnCQW@->3j{FN*>kh>hB(LrV(4DIeZjttH&y7`9giV zMW*%#bnzoh08x94n*gKXxFxQKjPFJHJT=dpjc}U(!=m~l8HHIT3EG+7iPdwjG{FSt zpPy^mvM65oP7T_DL&e2Az?kw=yh6Uq5x~=Mno@_q&n2bMq0PMQ<};f#=AN;sp*Vw0 zSAEiHcyMecm9Ktg*}S)_j+0d9KH=EM>mRQe+hLDNdAR-~NmG&16n7#xqEWjSTACl% zG;f4T^4KYmVZS~143Y8`o9_wv9iEqHw)Z@|{w5Nmj(|0^^hQ`4Uf;q*Ty1F5jJZ}H zH?X{Z*gp!(rYZiiTvt^@pVwnuFk_2hl6}^IGVJw+X@s8Ag!jFpF+I*9 z<*aScoy*8?3hlH_inLuf4P)`~59&w9dW-10uJC#yW$S?Y+Al4gQ|Dcdc_^q}1uZsL zA`hWVzMN9uNuJC>Atk;Hs_xJ-6Vi_94&~;AKnuoP&!nDJhi|XpOd4)a^VtNw_kJUr zGe=yHIwRECeBaA;GCX{>#fL5B3tVaOvjv#zS5CprV*Zv0@7X4<`G_- zk?oN62M~RZ>fWt$PjvU@&Rf_CO%WwSr*a@Tq=juFD1G==*%L)I(%$23;5&5iWhml5 zR9!xQ%F?Oxoe|vaMWHL`lvK}oI50t&qWC&Tu`|`Z;`@X#sOZuy)>u|jWlxVE8P^Jk^HZJ{>^PkQ1J({Lb1UxygI8c$H&103n ze5STj-K{}xud!BT?cL$rTKM zBb*v#sE=3lB~%BoOO@ZnZ{_(b&*4@hg3hejBLaxdS8KKSjp!cNzqfl!C2!LH%7EtF z#&rbI`|r=!0g;Ebs}93!AzY%N?x1%cb<}(qzLP;Yk^T^PY0lRd8 zmQN!~ilnMU=sB$aOk+}mTgoP@#VytB&p!milFlPocMFYI8$kpW^UK8=3yt|&$H#5f zab}O30oL(k|D3Zt!6!_NVc0LPjV~>uez*w4KCwT|b$2A)kw&a5r$EA*s1D)_MGM5x zS3=qILIyuLG&=(Oexk z7!Z_;Q*hL(nGgN-g%#9(D15ZrW$kiOz2e+I6Bk0K-K~~N7>)XY@X0Ob@_-=jfU7%b zZ6Cv{07KF8KXw7f%Qi+0#E?kA_4?8#JYibP3}+m&Q=}VxL};EKG7C9zHq`9Ya8h~n z9}20+&@Rprg*oo3;5{h;@gifM+RGn9G8?G;er1(c>P3^4TN(vM7ig9eM)Hr{SRtua zkN$`eYPaiyiuCdQk1+IkNN4CA1c@>~Ogo3uE`N022vmh= z95cn{upBp*Lf3uK#qoJ0rk1J<$Ln&E#wjrceKbd4p9qDj6Y7rwGA}GJ3Wm;a{p0B6 zo+!x0o*m)^j6%n8JsUG<)wrC$v^5?YFr7hyHN-t4rVDoUYiKYFpR6u0F2l0z(6cSZ%)C^` z^L)QSTp;*I(!WvPta>^uFFKjX7_}2k9(d4AgR0wiAJS3CbUmS2ND^I0R`zk;=_|?? z4igFyr%g5ZE=J$&0IB2KFe?L(e2GnqT6({1E+hT?^%NaW1<43A3v4$13e^Gx?|jdy z!8XB0t$XUSoK_NL$%89HltPzx2W}H_qWivRf3moxzYPZ+6`p_2MAC?)|Y6g zV4PsJ4f)q7r%`+p={_BxdYf?)J2rHqxVnqfUq!0lNEcEyo@mT+YLS{Gy_09qn$qb) z&0KC(P~6SJBh)h{XlT`m!N4R?U@B0+h3>Tyw%uHU=Eddo#eEy#%4qulqcIo#ys~bT zTJ$&tcFZ8O?~Nj9tSs_{#qX_?dIJT9)JNlhM0F!KOWVwKZSOfKbo1}euO+Y{wA>F) zNWX#4Kkc6qDEL-6yoG{$)eu`K4j@64yVg8?$`FhfmHt5dJ6EB~UG!8&*bHyA>^8z0 zIi|Oo<)-YUeKhx`{tJMIaoy^}kF)x~GrzJ(Ow@k>(!K2_84N5N26F z9umb&Ax2TwR)l_YiOCN0Yk~RVGe%lUzo%( z)GWwd7n-ao)B zT}*KyKiQU8MM28x8-PwG2#r36nv*05FBi&Ku>=!l?<)ZdRC=O$MT#$RS3cZO+8A2- zQ+GK`fYlIS6pP4Cg2I#+<|gq}+hM1@b~a8gu=oxzbUh4{*f(MB1iCclE9bCs$$WRJ zAni>{Q6Y)OsAeVOzOSe`?Ry}Ee!h{QBbs#9^G*%F*w7JvwpDPthpgaJ4S>`p;@VX6y7MNxQ4_Ei%R4K5x>M1W@4yjM? zA%ziAFBA!Y5XhxL($SUyUP>2?a}Bc7ERdoZKbs4c}as@ zjg<*g5^Qdu97OVNXwF}4xM3orG+0)JZbh=nJhvC^^ZQ5aTe3;T;^6>Mv>r_C4B~jQ zadmjg{u^0kikihOUMFtJJ?bP%Jc z&`(hG-dBws33Y40gNQslmVSfGL}bQPSIEuDd+9U!8>#ojV+Vn>$NLZp%vi+CLxJguOn;Yw}cD$efC}hQd$l@~akR*$S%dw@J`;&finF zZy~ODK_tvD$HU)~K1arkuq6MorjScI$|vlM@;w8{Y!mfotqzB!h-xE*9-`inS7TD@ zY+j!OR!Vl%|KZxz0Y}<2^lXsA2i*b00cYIz4RH>tW{1PvUT=Ad$GROh8#e(Yc;A_4 zKwQyGuNqx?FoUyEo1M^2{Gf=6dQI7}MrevTsB48OZjM1ZWY|Qxcjz%0^5HNxkO-X!x^0#YiXE9uJTvdO6v+VJ`LGN^B9Q^dMYJl z9qFoADDvO+xcgJ6hA8B>c2s(o^GsoPW7GW$v5S8tbTxKaJ!mgNCUuM}?->00GNvN*B7@1(CiG;`h(Ie|DDj*}8%?)4oL+Z_@Z--N=EwSb+uE<0U-Nm)%oF-4T} zjYJW;7v22Q`6Fb8gO6bxV6VMO-PkgJp%<@8B+S+- z6U=XxlV}d8YR2mRm`PJUHRrw_H*H(C?D(3(gZjIJ_)1ZwpHpWE%v1U@Z*6Aa7~GmX zu$oI}F#*7t6k|j^C}9H@3$*k!k1Qi}@#F6U!9b+TflZ^GzYA4j_$G1Lf)j--!pRIm zemA$RoKzY=fA*6IH6I-417Aa&!4sf1ge{X-=dPNQ2G!MrRumMJ9+Ht}>6bTo!BlI? zcfiM-J0RPGIpYA$8FcT#M0K8xk^~XvA+ENXnqq6g;lszFxs5T8|F9N!6d$F@To2?n z_<~eE{!40+z*ZZ%>k|+tYMD*E8p{<34A#0tlQAz^h>7*Z`p&?t620KF+A2u2*NQqq zd7 zNfCk~9q_iTmaI+W7@~jd+2kD-5Ct13vLXO38oXOyw&;M?gYtF{xH?$FlXCQLL%7uf z!hHH#^S8g4YsODReAM};ID!Yz#q>H{gorEM_P0fTUBWhc;JN6nfbj|NAOqu*z(qb1 z!c6xtmoaYaN$dE}f0!}b(vHjU#%PR9uDv`!?@BgL>f17%y>vw5$-?mh9w}Gt8r&_J zyY&oXqisHWS?enK)el)|1|ku60A z4&oz{FPr6Xj>FW&Bg&a*w-&e^x9=NHWGedZLv0^rDvNpg{xC`dp;rX6o0l`AcDPj> zQhcu{%YvWfkcNYJh)FRmQ9z(;7!mU+jBJ%;)b#kE4f;Z=rv#Y-2ssK%oYee3tW@Ol zApj*u?$pB&H7_OB>nZX)@NL2`q+7J=@9UGrdHONetG+T-Gox5qW5>7d3x@mCQ8dG_=-Z}<_7yJCiJ4y>|Sh;3OS6xys!*?}zto{biWaN+wa}um$+D6po$NA%#-!4K==3-C# zbgzT#!Eyo{nmv<_h4ywgs`5QVpRa})EOGC?u0+1qhUGE7`R?I44#U-k%u97P6xA5D zTaM$+3ppURuVASG1wiPLwKdF<5D6n9+owM9KqI{jq zYA?n5{2eZw601j5eU^DvV+w53ZNpZ%x>t#j( zrw2fQ6E(J8IQT&(y`JA!V@dzmKgbDSNS*3E(kQBKDbl)**TQ}nVrsh|ikW(jO~01p zL*V^5c(^apl7DUR!I^ro=JY4u@=PfFN0dWDB(nF9+(dE8-k+U}tO2IE` z#cJ(#ms+}W-cL6%y()auVl{x-6mq*0kt7arS&h=VB;Ql(c7A9;#$re-@Xtgl$^N|| z6US$A<#w7bI-+~BQzWw7T)c$B{VSf~kzXM{5j^c2}k(@DqVe*V4(Vj=qi`a@VqdnG4m0#1TYWWky0gbFNgLM)lA# zRADcFpbEJ_L_}7vnEKKf;VTEFFzM#Yg$9L)U^kGjjB{u+vV!)?2{k6wFb^ z8Zz6*6{_oa_?ALiuQv6z5PS*;GTu5sz83*oT#LB&j1ef7ltDwFWB2x`z_pNy87}LF z)ba3{Bp;2Y1TelAPm4A4Sn*y6u=|KehE34@oD$JN(|*lJ zFc*5&bvj6~ACN?8@WGu&({5$Og?rSGM)V8eln5M1(Q#a=ol8aOKP-!+*8lS~ql4Pl z5Hfdo3m_TOdqbQtUOf#ik*F!R!F=Oi)MxNMIxt5bI;pArr}7^cK*aK?M)~1I4-FyT zWkmujxvB%X1XSLg(SoY=bXb$ER>|ovzWX4u_-20JXT@uiZ5#RabW;fKSI@t2+#bx! zt4XiG7$<3j?LWiu`SJHl}?}I8P5;`v(&#j-atXc;MZ!CzY7lEjCic7WxG@zP}Gw$<`5B!o*)-y`jJ0d#taa zL4*GhbfReK-FIl=bI)?5BWfK-Q)x$3S!kd{QP8eb{m<{^D=rMlaYF7IRtk+n6($o8?(v zQPNb7rLK_yAW&tcfCDUr5xNy`2$?1|I$&5yH8@cGLd*TJ`vc;w@)F#s!pENIQqRG{ z&7<;s&uYKBTF-JEBPbHJeOjn{rgr^JhLJoOi4FCH5=1votncS51}gm} zVq{kV^3V77T2^W^KtAOkSx@Dcp|^eBJ3joNY;`kZ-SlMo96wRlN4H;gS2pDv73l}_ z^IbTpCR#9Qv9vJ$c<=)Z*AV=aY4y2b{wvbE!uR%rHyIO!qNT;h|5*3*i?0Ou{VT`p z_>7YR6&;?x`kmjhr6McHFDVjCOx7q}`l#MUx(_z{V_!&UJ|J}i4KE3W9$9F+yTZZQda{oQseE8>5Gx{ zEY*@00f$ZPvwmk>BQ$^CgzfqjnHm#wjK+OQENk$8BQkcLoP!xcUCEc^!y>i)**n+5 z(mzBX%IOcSc`iM%aO{zj=C}Dogwi(!PdI+oVrqmtZVtK!ycvP~WCm}K%5W<&Vpp3# z;9Z+~&9K5c8&f~i+a;fKIepg+eCNxHB`q}VH*%{x5ww_+fa6u4HD2(o*pM?Fa>E5s zO<(2|eCZ=+FH%^q1d(#SL>$LiVq#p(wkmz_Lg)>T^}PX1-+DlAk^@nu1G#ck&eLt7 zgCMO|52nC7rX3*({P!}G*`PC@|I+!l|C^tr*?amjV*SB zyg&4JP^;pe6ZW&pzS()=Crf#zV+heEpVJ)>Fk$K$%b<7pS{Jts%%>fx6b$0AN1N1@ zv}oJ=6JRs+@J}@H`I%EVekVmsaFs#n`S-gr)vsuvF64~_+TC*M+WqRec93C*4>l$# zHUcm@<6QJ@S|inu>vqVT`PUkS2}n*rKB#?>jo)P0lzl=26>mip1~C76D=m(9+gT6w zF=`M#UZOu;a{Cj|JP?3SI(DABY-yL|LgJgnTZB<`ykdI3!P|32C0nT*P5&w+ z8H?&4RpC#e>|wNJD`x--VJv-(VN-ZXBrePDCwz1ZQQb&C4gMOHlgV52O5KAvE_^R3XlSe%rZyDyr^M>zY4;U* zQeTYOTQ~CD2ou~F7|!6pKJ9TU(5Z!eVI^EgFVdX3pCf$uu$m(p>+KOox}JNPy4e*U<@G8S1Cz)amd5~hZQS6sNo8dbqwfYRgQ<#*=&&;6 za7ue=Y%xU!Ks0Nhgv7FC*%9&|th?{Kp2PWF?5AbKB zN?dk2gUy#_s@K{sHPkOP_b{NLp=Yg&;sD9^)1_Z6v+lpY8V8ftpGU!V9_z4Q0Vt2~ zrIRwEJvwO}$->SwhTuz*$xzpXk`lRlsfWK|1@1L=su&D^q&^&{SH2WJ?4Z0ETRq<6 z+-Z}1Nq9pjE8(OV9I!ovHHnt8&zg5YMf)RYa&cQX>+ zo#Ad@(a$1cf)-)re5qa=P!=+{psV(&%03HP|Q6H7J@EuOSTsABIK5s5nI zw3$`J{1s8FG5qwEY*rGH(l8@fRQ#G*sFYRk+usz2yiwx!-`h8j#R9Rwb;n;*wMzS} zJ3#-dv|3LeeH$%KqUqQa`?HaB@jSn)ovSf*;Cag5fKQxZN0_HnTOhopaOAaPPhscX zSi$VH9Zv?6=0D%O(@>zzP9VVg=4DOVSyjtsfKCW8u@)OLnVhp&PWTOQOsf?+ifOE1`Xsvl%OUpj; zRG3{Z({cLl3F`j#j%eZ-C6wP%I8*K}8T_Y$+ zX%}PrZ8?Mou-YA>#~g143&fp@$t{)@=g|49w))u~erIJ55d5a7&(2)hPd-NdQtF1f%b9hH&N3DJX3*+az1cL3b zcbSodW1UccSUL52|8r&-{B6K+vMu{ENXb{71 z;f{ADCLXuY+`^%}%%z9UqT6|WcUm5_(+y2yFCTGpIZS83t zf9s$o9IAI(LMXhC-)8ikq%h(H>Zt~vBDm>XCQdDykOype$7W!`jvIUSfHETSAz<8N z(S{b{fGL>&;y!z!d7Q)K>_6S)VZ9{Pb;nFLY5dozz#c?uy!=D73+vUL-06b*nNM9n z21-~5E9RkZuYa>Qh$Y>gNU0;HQK_LvE`{(j?q~&nu3ZEU*p%3`&?yB44(wpJj&8*Ok7}!~z}r2qhI;trYYAKUx|^qq_C|_QaltIzcz;T%&68j|e~J&f z01{bV-P)AAsgdLwG1nN$-FrzoB;9!ZDUzsPobzJ|ks{eXEE4TQ5& zZXAy}hv6TXP@c{a8{8;&??%tlU{c2ZeH;onNWj%kP+*;0R-XSvE#pg!>&+{k*jMz% z^sO}BCE^2p^Ud0(gT|k7z@7E?XCWMAh*v7G;mY`z&k)&#MEBC^DBnyi#L3{HS~P13zC#;r z$&%fM4*z$p6+fKgsZcKrtX3Zu-N#Czf6Z9E|2Y_I>A8*)MGq!o5Yf8Nw# zDECPrkNzWp<~0%#L}E!BY;<3TDQ9haN3$^(6thdca449gZR33E&!f>LxovXz94eII?W=ABN7BP=+#<{^yTb z+XG~0R*X`P{qOc@eZ#S^SpVz4nQyYvIG8#a&f9BwE=UM+b>_T4ROX*FXvB}(Io8+5 zRzxvjQVi3m(M0zGNOH7O-G7*;5>%=?jWQ~t#Ruj8GgtR{ed78hiK#erNzi%2yN?MG zH4CrSouBN!ze%31k@s)ATrxq^e!%i}r^JR5vTt$G(KIr!6t=lg$HRFh126)xyR{1E;=3jk1;eW_ASDQzksGElaR5_MuUpngT;78psC| z&^Zw7V@?*x&O6xf-#tUNnf~N zDPx6a>5MVA5S!gR?cxqZ`!-oJaKk4uNNUGy59W^=ov#<)OD1C3&PmJ`%fJ?}n9ppo zn!nW)oSFo}Vz<8g=J7%Zv>iNv1z2;1CD)W(HZ5OhS&mSJ2JKmy@iA2w1OVajtw1j{W- z>KFp{1^V|fE2h}!+{vGac7MG>Eqjj7AUzG2{VD&ecY@ESJ1O=&;ZmLs=Syx?uMt?}l}TvNoJHBBDN%4Jq}L52u{4Q=fZg_ z^x@BYU8E22cemG(i!6c)XR0&!DRJ`nv9m5VcoEILj2xeL_70au=-#Il`6pQ7DDkB4%yxx5JJVa<1?Xf56RHyZo71U!X7rA?%_3 zQrtqRu`A#yb0YTnxguPg=ef;izNrZhYFaHZS^JXkm?)b+moS6kpGg4j7d*TH>D;*M zwqE-$|JdCtVxbw(TH}G&BAO#=DOW>Z1UI4%!6?RyrC?qJA?Ub;6XIgh3lmz@KBRSz z&8Sv9bIaA($|%!!xT`Zxyf(Je6AixfLd*)FZWNuD{NMb+${EQSebuBPeP@H$>VXKW zXrC`BNI!X}C5eicDQsCh_sYpNalOnt;lF)3bjXBetY4se6$lpHy$lcph9GsxZPDDw zB0s&Xhwz;kfI*jIc(*MN!jZ8Sg|RmDuuZa|9j79=^l!NC&j(JTLj zL^VYYU?LVs7a=Nz0VY;;TbMf;_EDh$I`CaAM^N+fEzh*ZQpVw}q`P<}OV~&b6pgd1R#rBpPjh!ELEC!6c~(z)KJY>=N=ZJporv zc=?{INpDzmMEM^0uEeVZKdROSY_sTeuLwOjGcvyMMc7A(1Iwxu4iDa!Kc&+y@tklyde{nJy|Ev>DlhF$H6cQ?*1*17>|n?uD>jzqcVrfWUh!VOOI zQ6R%_dxk1Oe$f@;J#2^9{P=b$_GOal%W2Wf)^`t&Ri`#Xo45?Qtx@*3k^VQGkOf?^ zYX`)&)&U|(R#Q9~6WDG%MFQhUcLJ%up~sqZjJe`A*_jiN>R;f_y8*SMcG!Tj<^ffJH$zhh!z>3#!PUysih&qMV9io6H#!sov8fB zq3$7ZD&W?3Su}hG>!ZM3MQGr76=f&(guQn7`bvX%XF-v}Q{A`Vh0yInkHf9bWIpVR zzx5GK9SPI1m20J*&>rUzq_=bjm8k)QIc5*|6)E_WxnQ^@XLWwb4!1U+OOfp1ttlqj zc=ISs(JTzS&?OZyjLcu};?)doiqO-*oPWenuwc35@E{@4`;>z9jlQ(mZXU10<#L>V z{hZk(b%rGxUxTh6TDSV|y+7-Ed3wz5=Y@%apD~tdO`zj6nUr>FjTl{*>LNt*o{b4t zJU^r+T?(xT_U~hfnpu)+M-TE3(JQIzahp`s!ouAhCzPS<^0$8>S2ykB5qvkG0;R z*6sOI=XsLfRdZMje&%q6@MRgoAJ)!9ye^HWcaTu=6B2v|TT&A(1&>FVXTe-S7UZI@azs!o|FDCkS5~hZ;JTyb}?1#smBbRtAfZ z{~d6^PG}wvr&Ty^2Dv1Z#y~U1B3U&Wrrwe9|Kcc2MRU_QF3J`DnL9!WAAE`V$q)j* zNNgXdp#94VJG_nuuR4uw<%3B7;VL6h_SZ`@UPbhQwY{&g^8>Q^{o_U~|6*T;XtPn> z?^x4Hy>6yn1E(7iy?bvY{Ka%AuIXqob<2)v_r(Av0QXkU;><>@NUR%g_Ek_)rmRB~ zr;xmQS$ypAu!&+3Aa)le7Y|Gchsx%pBDze$#vgJ5k`k@Nuj(9A&%1L4`)|!-6D_iQlm~U_(E;aQd zW_Eeka%u?=1eM-B?^xvom3PJ5kL~HE#l&+7%E!&LiJ&9gi}taQd3=jeGMxJP{RoEA z+bbFI=biAGYrD9gaNHJA>|SJAJg0jp3!ezEUl{*FA~vZ%Aqc6NYm`R#!|Vj}RJQeQ zhY83i1O$G<|5B@qNdhuSoGk~gpIPYhLS*9cThxMmUrAiU{tZ`zR}Hu_P}!=NO8Fj; zBWe?72w?7;yud>Ye&0GQ!;TJW1vd>n@rIo8W91VGPdtHW5-$G&%_0ffaLI5M(*8(X z!vX)XSlzCcBkumtB~kpkWRFUeTctT}=20;+=|&cxWsun{*?;*v2rdm5$+b7T0*Aep znSXGD-tLtAKNY5bQ?|O_cfG%T(|WH(NmUP8i#r&}yRZWa5L4H(SMKjPDnxq?KaJBM z6>z_}QQ#rJWEgy;{?LvOw;g7O4Ho71fZZnDDT!thY|&5_J^BQi1Iz}3@$yqLXn%`l zCB65yMK6l3bG#e7t@wMV1671eHOv+@-0!r z?jFDtYe#q^B;2^=wBB>M@6B7=8N}Nd_1`h6Y7lTEbPIXPTe$V5FceFEQ)J*dIE!X0$!wO z$Rdt8#2umb!?SB!b-BBZ?7IBBRQPn?_9s{LIG~01ux>1BS4(v2^J#P&q{M`gPs;Zf zJA#r80~k^Gsh_`srb)QG4DV5laqU;#$O6WNW!x!?PIEiPU9V| zFEqEzcV6xJ4KU#1#cZl=Hx3gx>U^0<37!EC#+0w$KKb~_9{ltaU_$Lu&6Da(+O$=I zWLvy!Vcx&^d0(LFbgBcKfy2X`5Sc23GR~|s$xC_b8~yZYG|B~5T%P=*#&_uU8R&1) zs?4=EgL9&=1JMu0S?{Vg?Rb62f`V;8&=>a9LItT9U{Y>$bF*ure zS(pg?*M6SkC9(6<)pBAqic-*HoU1v;NLc(Lf@z++SgBt-8qg7R`2FulteSGDi~=VA zx2Gb~zkmg=sRB-6;3;IY?02FmgR{!4Z}PUU7yKmM1#1#C!G=MMBsk}#7n;E&Ygxe- zavoYOl8IG1@)x*N*F!eC-syU%7z)eghlTUg2_fP4ASD#VK1RH}YkAw(>oWV4B%zSv zB#rS;`a;$_ro3r@H>K7?XZ=w{t#!CP7ry9b+JoFxH)+nuaD=LrB~H&S_9@0erMVUlOq;%eF)vz(VFmDmVz-kLA2czY7mPNr8#5-FnM| zzy9%ao-)$Xw@Kl@jG%A+t;Pv{zb$?G*=x(-dS}g2C`PmhRs7FBKYBc`pWjyD)yuj# zP`3TB+AX@TlX9|>zZTylQm9h=V=gOyOMsbvuX@h^$FxbL2t~|x^$IfIG>4dIv`Xi; z@(hHrQ(K7~d5&|IJeUsVsO%%#?D)FN^&;}aB+KsP*?8e^{;o@A_gbHD`1(qw zyWVa67wQq&+=oVylYeOA!*&-=&vb6I9aDNX!@t-XQL&NDFM5n2y56=b+KN|+b0v#k z#@AA_MPdy$|7GasofCCiyoz|Y_dO_e?LK9~n(>CF-efW?ze_ud&fou!05Z-^GSCwZ zfNSmOHY|fI@Pn!ml(_<0iICr(6;(I~aFTt&yGLZGF^qHvvrN3HZx=SacSC|TeOeAB z*}P~V+NiP!UHuAgQ|y}CRZIJ?G0;CVassv3q9LBHr_=x2J;&%wt1Tdgb{qR)NHQy!VMkVx zqO{@Gb|ZyOs56eVPW@AX;(v?R5_*D#q7hL#C!F!lnGGJo@#)gG?ZWPVkNB2vvXz;& z>++@U4mJ4Rf4og2RA6%6p4=oyI9?S$m_*!&SZ9UkX<0&8bbC6+2W!gBeh>TL{icvo|?r+Wg+ETisyHZ$zPL{I6NWe-PmB7^sgRe z&z_zQAfcb=+o8K|Z6)W0mloPCO%|?*864VV}3L`g94$TATUz z(~5HF;g+ifh%By}rjRZt`IBO}&4q{LoV>D-{$*ikPRyl8{EpIcz3bys6~T>8pvi!N zwcaRU9t6H`cSPO!OlCB*6(Dqji^`ONeK(-h{-j@?R!>HCrbUAB5*x><1-sLi_{i^V zG|NgsZa1@kj@~F!ar9vt!y>kQ`$d&MYMQem5g}j%AJVD5(ZFaLJmgT~q^Uif!6g|2 z))WVst?rNTs@(#=0UsuIB|&@BYH%o3mUkC&JqI$KSk!Ub`{6~mINi6@76i!BAl=KitM z9mJ6P>R8HLOF8i!i>-?9Q}Ed)uG+|h@f%oNBCcnwve4R`?17cG08V3BoerPjc_Z8nP{(l#MO^ooXSY+8tR2>-gXLD25!R1El zpqd1$e&%A01AAJBapSF(qM2C^)6maIsyILUaMu1j@WE2Mf!_1qld!nzYME6mS&R0L z78$V^_j?HF78>@^s!u`SF`901;*(jX}0YX z_l)L0zHXtqRT=E!A1+j)-}I;C=lR28t-}!AGG!Ep8sX}{l4kQhqJh{^W!aI{y8iFK zIE3CALSW4IPx0zZo5SGvMO^o-bM6}EjVLn68X_hX|PG&N?QDeImLuq_fm5YBUnl--|y#|=_ki7wcHb_cxq|Td%=&D zxD!v#LO2D=-Iu=}00iUVS-<(XyE zL3A}`SLICFj{~buPl2sdKt z&L6W;`xEYK5>+$*u!XzsLCde#3$=_UuM&(p$Kd35+Q4&BheM##AQPNnr7{8WyBD_q z#f3qyeQM4z|rR|M?)Yo)=Chd)+_WPh6I57QFUkjolGMVzzZHd9w4gsZ|2lTqBfJ0>U)e3kHF<3IyMemanX##U>uC5xG{|fBDXv%M0 z>F;v%_V2xLx4+;pm(+0WlEfyh3p7aP@lMd%?^EO-WQ<%aEr5%9nUrny&YG$$jfwnj)ZuC%h` ze=qr8)Zo5{>)!iKBOcT=KG8=a94aC71K>ht|N4yB-e?{1sr_4zR-~l2c(XP{o0hrplrd5 z+&DRr#N=WfY_87Ly@}`$VQt2xbEp&Vow>!3YcrdnyIJc34U&o%xzql5CSI@aC9C3M0xRIRm#CtVaYr-3?CTZm67Lww5XT|9M(w z^htQ>ASYxqB@};*L1L>#xj9;jSaF?s8LSW$oUjOwcjm6o+iQTHKZv;-dawi{0wymn6Zos%aFKw_4GoHqkz{6~B(Ued;GE zd!LheDomMyE52Q)tQGuVczI6k=k)iX-J)>KXd!(~+6Gj_CH#dolkLi#$z7Sp{sg?F zN#COD4-d=So%w>^MZdJz_t*@Xi2kEaqc zS7px+|JE=#>{T-?^1z&0WOsqK>Y>g=_%=f=loT1u!}V6${_l-{Kw+NN!HKgooLJOw zM+Y542FU;=B(yDKH4eeDANR7lfQunH>Q+`0|NqI-NxZYNt+uunht``?eW?&9y_Yj? zGir>slxk4Sh8vO+p}3b{O0EUeGN}|XNLA1_>Aj>Xq;k*e#Em-edk~>V;pI3N%NY5N z$LUXh$q=o+}T#5Bk|$C-LxHva7r@=HpT(Bj+=9O0?0fuao{3D`lcbK)@h z|8H@KPmzt`#M3P>D$c1HDx}3KHqiXpc#Dt(Du< z{JN`n|7l4T6ja6pBW8J;Y}ybgp=8TN*PZ)>)RGo-tMHF73cR&plJRkapZ87WDuhOn zR5UC-9CBwlvZ~B##I8LfN`=U}u|kPSS3{Yd31^v$m$85mv~J1O8112?O3BraR>jCS zJa@$_zl#xW6?Sw`L!i}hak(vSxCN(_XUZernEVM>!yN*n%s_}3L>>%Am4*Dzul&!w z0UrI2A66!#DH?9^*-2LU?J1;u8b>gCs0ppRgHl1_pqh2(xS}bWsUqQzA@ZBxA+nK` zz(Wxa5w2taYmg>)3+dcsKVFp#(K;}d8aHgxf{sA`ecFrUy5Cf)P&vLKzob2OKt$Bj zwC^(~M1xTT5bwRN+t-ldGGjC}e=4`-Z!&8gAuE>W5?}#cTv<%j1d>N} zVlrtppaCMiHaTs1MMs5rjq01`K|hcN1d(?oQWc@g-h}_44U*^~^WKU}a{Tjp|7&^C(g&ezUeB!{AwY6Uj-`FJxHfhKqMg>)H5D&oghiKU+SdVMH}zsKrZx0jhZ~ zuSv*3WRalymOa05fo! z{yRHZTQU?qMA+20chJ})(Py4s7pP^$b-C#muUXI6+zzS-Jm{r3pj=isvjA?4ziAyBE>3+^!z5g86qwf`^K5=eS$ z&?>24yBul{#xQA8Fe=Gof?Xg{nfUYoLxBJm%)m$TxCv@Rul41HNYXgzL8*>Ay0=>$6k)3V3!TRvqTpsBuAdzD?{m-~Jq)4Q8mPCH7XA}`CvP`+Bl)ktvq^zT7&Hin0N|xFKLP%d z5=m}x8pk1ok1rm#fg1UV*H9Y0pgSg|j$gG7XH)vL^y$CvBnAbqluy{EWCBIePzx2t z2B`sCu=yQMQ^AG^LZ&bI=d`;n#U39>(N7~u zxER#WuYwNkXEA6+3gRKC7q|qXc;Zg8-Y1%98F{Zto%;XLm3j1!btwuk(WeBQd?H>G z^hHNl@!l!w+W({zPD>vD_lv^*M^&pLS1tG+o%&nRW^?*B`Q>!rz7oO;2z1<=q)G6X z#Te`=bjK{ehH}@G4Z7_Y!5fL`>FBokQ|{W6<4wjVDyA|1EAE6qYp3UHXAD4VC{L;3 zf;vE!EPYe5PHS6SfzCv6X`e~OsWGURYhH@w)}J&9}*E&qUltp_}^E892(StC|RDNMCyBl!%0Y! zdJhdY2v@R%k~(cM+$=n00(@M{CeNLB%=2n1z{3)b67C&0 z*G|ts2Z>T;?M89J&C(3!?QV*~JB_))*)4uo|6VylXKXjHEk|?g@p6ORIuy05#BT0& z^FhkbB>{;1X?T%Yk|?eZ#+3mrH{M4ku8<~8m~mg&nay@oUzH>-t+T5x@V_Fy#Q)P@ z(hmVv9Ul*cXC0lFkS5h0PH1F1{uoXTgY76vd#?VFurLX-`P?NI(>^!jX9np~)Bpb8 zSeRI~!lY3W@-8kl;m*^1r%Mz+`pAH0NtI-W5QGC`!wl1~Znf#rMo1(6Pu|&8&WfPZ z$dJBXGm;rYZl%6_f%JjvMD(rte^Ek|n6Nn`DT@#dqHvMZJc%)WX?|ap+dKuiC0Ph* zMA@YFjI55CPlfkb6~FGw=zJ_{4$yt>^*u9<4I4?xK<19-7i#v~5KG}%(;YD`-Uo*8 zb1?x1)rGw@)D`|$T5&iKrg*u;P{Q;Sdj>~wx#*A*I?>4)jmU)V+{Wx)s;!t@6+|;V ze{G#?y!BGs|B*8ON77-PBSEvV;$!8N)cAIkL&%{st!9XB*%2(r3Uq1N4lZjnBq{kS z>}-Byt+u$7whD$U$xbs8bU-t#=Xwg3bTbjzZr^>9Kx%UI9B|A*%Llg6V+GKM6;gwz zol+E~uSP6>6jFanu7?dY5Bb&rB2Q7kVEojt9lyl&g}aV-O|^1vwL>Py7L}HPZy1qU z7r%-fnU61+z$rUDIt*(~_a%=QX+$K=?Rpy}B_HC7X|(jO?)E?N8WD6Y1mZhI#>K{Y zfvRkEDQapWu?j5@i3ANnL*2b}(u zhTyTdFoTW*CnZQSu9wl-XjTW3aICLY;{zF&wN0*NrPUP&$sZ7^fyYdy3*!aCYb(QGX`odhf6 z=V=gYD6tvnT*BL#q0^El*9Zibc#v`4ac8f9vp?UU5y_ zh>KHO7w={YPSCS6w~|C@_&E?A0ksgCnvfiMR>2zfgI<<%bUe|RzR2IpUljp9IiK`b zpp>d1?ybz#8zsf^*M0Z-lV09YaI*3H`gK2-5aC0vNS3ml?z3~Liz9>;o0WQ&bm1T~ z=}(S(1mKSLfc_=hI*)HGYs>}a7i-z}a>=w957z7GHXBALoZWAjAAkq$5AR)6^R``Y zYMn-C_0~_$6Fz6i5BEn}Gvw_aTzL=ew!ZKaWk1Pyp?G}AjO%3Q?iPic*Q+H#Hub8X z2bUybhQ-g)Ia0S?x2S?lPi?-2qq8lEo~I!wwf_eLs4VABVG|&rD~AQf7$U#-vMo%8 zXSRw!A^o^yw>5q8R@jYX|5%Y6m#hZ0Jrd1FBC4lC1(XM*$AeI-f zG4(DwC=D`*|JC}GYj+NsyoX!X8fEyqhqhPWa9j=%fF(Twi4SRBA-PUHbe3zHwG;kQ zOueFYxsp zSc%?k){7G9>-5@bhd%`lLCf7e8C!5VE6IJeK|C%a=Gaqh6&9p6*!x~})dGdscdKT( zW2CnjOueu4r5~Zh8*n3{@*8?wwbF@X)XPkh+vS7Z-`W?SQNR1*H&loH(tF@LNLB;! zv``&na}WD>x4SH1FDEh$!<=ugqo>?c!aiO0$q!BqZ=cU1RpZZ@x`u5o7}Exw(8tq8 zA;PtyF(jjNP6O!JQnqVGC~FHwD`-aUdBy*lvsR<<%3y3t%7d>BB@N)Lt-9D zKAlmDKE5IQyYD%}&26fW!Kx)yh?kFam&9YXckHa?o$rAvq0Iy$j$kF@y9Oc?JPh!4 zfhPNjN?_=6Jc^j)H0AoV!Gq1=lTb8Z1>;70x!5Y`TX)T;-SOGPY!%cnth5*eYvB+K zVaqiTNHzk_F(?r|f*4rek`fZ%y%GH6ue`aUL-;*0g} zB{mH2^CNKvL8<3a^ z%l9*F>afeKIG&1Sp6(O0xzQif>}rrt^I4L-@oB{6rnD7-MxV`tu@Y;_{6VL<)q9fm zyS`q#PpU(^P1!`fK%BC_rgin)ZT9w0kd*-L^TqqC2A zby#gu0{k;Si-k$e4*bFTGMgW5HN!a{&wDS9IYXceWwT*fjRFLe!ISbKV0*#Rw!U9` z3iUT0&R93Isv8Du9d_Xa)HmU7%EtD}=#kxx>e>w)wL}OCVh+^GgTcZ#q zs)P~Qo`(;>6%_fSp#?s)8aiy=SZlXg+eSrwH(k-AncAgrKU-vWS7wR<_k_qc!2BZ_ z+|l4hlg8P~rQiL4$9}R*^z|i$&%3n3yN}EG;=g}HI*ahP+5O%>SbIUA zXs!!Q-_rmR*ytNpwBMjCuThE|0S2CBDTfc8ZYrVNg_d2N>NPxw>VxC;At@>;)N`1) zd)kr{mGdtjrAMx1B{DBQ$=N=l)%j8UOBtFR4E&|dk!$AFThV5H&ek5zMJ}NpP zjtE<3JYNC;!w&+gIy$b}s0@-8$h7l9#^iwC?hf#BT>`zFXh!n9-j#Xv5d7^YM;&fd zrLu^O6OQHLak|+~Bd^^Gzx940_Y%L3PnRV`^kB1u&AJ=r$hCpp<#L%(l!bBK2{!z2 z1#fHU3qhb_2-7uLm}(T83&771eB_4D6eKE8xo9dB;R1c34@0`G;CmI@jvj)=2!SvQ z>#gVz3>m`X{14F~O+E~hFI7`xpzRy=iryI+7!iG*q#9O{@GZR%!k&#A@FM5Igcz5o zh&ByX$(ak@)rj$}1#}4$4(8^Q$7IrfPHWGzixO7H4;7e<@;`w;$5t7GnHJ>Qw8T75U zB(eh>DlB~d7?>b9xnWK0C~1*Hx3_egnPzsnqrZf+tIq#Y-Q(~fryt&E$wqBR|iJH^*;(Z@!%br>J!3%n3TD%lyzJ(3z$eC9FxBajC- z^G()b(!q+X(aSx?ub%sUhvTAVg%uKUI`#9(18|RJtAZ2SCO#EZ^)u7^Bat-%N|tYx zVQETpK@i4oJA&FYzCuKjwU2u@qFD};i4ZAqM2MN&e*#h9)7emxL_TT3_lN>-#8A%uCQeyJ?k(f>WYH_0=EU<>`k@ioYe5iu2^EbUM5d#rws#!Vt;{ zCTXoAh^^4$pIh}wJ-hO#=Xnt{LMOCya^qqU27fa@zsd}=Akq2wB_+x-Dq?>7$K>X& z`q>27fD+d!uwV#UgriN(K)F& zg(!d=SP{bi;bq&OV11IaROj}=tR2~$aiIw3CT_$ruv9gc069Z_A3+h@QCB(-^v08I!4H!Yj4H zTl%$LSL%RDcdg7=9v@uZAVa3nSM?D|&s}+qfl&nIX>v0aG9I4J(VfHQaDdN=i?~w- zHqO|=x%QYyJ54y27k-lMR40#X@3I8juK~D~KAN%JBJBjxTDv`HY#v*bi+=Z{1rbE1 z&-LaXTtXk>(b8NFU#ccaec5Zhefv~S1ZsF;(`nahyAsmsH(W-oImtzED?692t&69V zr!+g0E0JP5-3UZim|fcd$9-8K);<`Wl_K?Y5pm5Y*`H@dbug&bgbwN)^o@&PPn?uO z@*Bt*&UYjYrdJ_a>}JhhW}$6K_?mYTx(-D~><4vw7-fj%T|Lms+ZEk+SZWeeT;Sqj zY`90`T!9!Q|B^aW@IRfN8RwNb@M2WDtn7($1pQNv{2LFU&{9};;uklfACb9O;iJDeQa(wR26xuZxNFt!@YL0NRglV z;hsUlG3YDl`whL=F# zG!*s0Gx&Aj2t}Y8ID;i6G+=bXu~1E=kDGrYsKGsEmbOIJc>ry5)azQ)4YFWSND)dR zQa8wGYuRBPfylgUXUW3#_f)Tn)5(iWN%3r@gFWEs_H4HF_;*D2JQrVQ$R%o#Tn3vj zacBLxfP7c|D!p23`D>0wL0(m%@#1X`wrbV;)l0q-PYHcPx%@7phYLrM4RZvrC2&KO01~u4HrGO+!(UpTM?%9<`Ig|~19RNw0%%$Y|0+4H;y>|_@L%zn09KxExc$c*lF72oeLKg4u{ql@*-r)jkh|Dyup0K{#c_Cy?NoM;hN77uO)sCf$L};NC z-Xmg?ySay-2&Lw#O%$lJ1Woo}bqCG)*6)^PxLjbk07v%ONXWm|tI9ucXJ%6!7kg&w zj#a&Gw;y9Mwa`1dRD>6v$}{jju$xq3GJMC;%ufwFVgSsTP`NQ-kEXzc{(2L}l?}i(2yPX2zJrz5d@Dv#dHcgjIlA~BxXS46 zSH8#ekq=AObt=UDr%Ki}DQ&hAENbcWy8ONBs+$Ci?hw4csU zzhHyPcZ=MCF1xVwT{8hpGwkp&1YSEo6P*_}!qYo)HA&CNF@CHD?;!SzzWR~VR-QmW)PkbCt`|r5{7<;z- zdCu~-LqT45-~9NU4#&5h9v*18z3*b0Q{K+cG|ZCH^esi&ni+FofSmau=eH(wrTPHi z{(+G46E|6uQ_k)uPC>Ot73qr203!Za+gipn)u;Wbir))2x0FCUMgX0qq=~ZXbRc}x z=8U0gOYm>CKvGw=*8TA`Ok-Fn^?MwY zTMXhOvI-Fr%jH6aCy{rGB_;v1k{-~^?~`YP_2Hw4BZ)){EHwVvIXrX2eUSl;%q(XZ z2s|RN+@iAHkS&5lbpz;3<9ciBWziT`#Q?9ybZCV*vtbI+FJ>=SZf<-UQk&Au-ehaE62VJoV6m7Ee@XP5 zdlU9XkZrr4-Sp()?K~L3vd?5Ol^n@4b7$&|t)#Ylh}CIG%g0gf>VLhRnBqxljG%3F zw(*>myLo&`wj6K(0~Uo`4G?m-41Rx?yMBqeT7{W5dPDeLUF#V^%;VTo#7&>hj9<=i z`R(uf1TQZ95=GWAJkd9z*1=Ws_$A|^z?!5Hx^;+vB6Zlbw_98>yqboyxE&moE~>YpI3}Q*cHQ*?#Su4&N-D z3$8N3p#BvINtEI)GRPLQ(}tt6yqnF+(GwOhm;~&jW}~gVtvj%|(&B#?OsyLEhmu0v zi=6Ip?T0BUrq#I+blz@-`?4)~k>AZy4*#6KlxNrJGbobl-+N^0KUx`5Nz(3u`D`Dk z!D8xPq^QtIxMbp?K&R8khE%NcSd0>98qUJEeQUIaeEvm;(9yGn1mv|<+B+ooPfhNH z!daJjo|qUyWnY=1?jF|J%zi5n;~_A};1s9IPHd&A@uZc54NpB4d$Zbix!X%_HcfKf zb5$GZzhhY6y^I%JI@26cC`eIS2`u&tUvuDG2wPti>0+Kz;$oaqn$0~_=H|XU18haWb>lG_eG%mJL)+I} zz7c0ZDoZW)z-3%_Id^YIzxdxidfpHSZO^@09Adf^_g|I8-fvFthT?YIaO;Z;z?$-w&r?KMBg(UBR$_?rz@4xXUhaBfJ=NOJ5+btx8NkE8aD82uGg)iE zVy@3#6+ACiKsNo3gd^A~Kp*%7fZ)j_5u7AElXB_xGOL}s4;tHl=p=R?RXOC*N4ogD zf;w4kXW0l>RL|XQeaBpoI2uhski{IT(>~I)PfA%v(40}rzd!3BB8BApaWUHa#IQ@} zCeH)7AcshwU;ep7*or0iX+y-@&d?<9CBs_h<%~2Py&2}ELO8-RCRIkSa36#Vg_LMX zvG?+IY_!+#iHN;Xmu%@3QTT*ENUe7uZ=>(H5qcgAfqEYM)6hb>#_{n!I}1l>ooczl z;gL2&peh)JS$x`Nf+`N&S*$}GJ_x2(AO4=x1(!dXYNfv)%Pr)3^W$YW0tp= zKMq4z$f$$TqnyuWudvF%4`-o9({YQ%PD_tV>^LqfBDSykE7HTA#8N9A`30|Rb4MCP zk4UqJz;$N9i1=eZcLyrO&G?D)dYAEfvTtYjL7hwjd0)~gB#JzY)ZF5xph zeL6uC02seX2-Cy_xF!pCWN^4r>XUVYG4*^hepv51nHQd}xM!CmiRpd($@5?7ZYI*a z`54VJNBlB)?`5m{P2%6HLYOTPOT-d$y`bS!+}&t~2u7{jS!0&UF zRq6I;d~MaT=6uOv3QshNif9EO7;has6c7+nx+oJP`Dq31v_Lv1u2g(?W?#Pr5_)0I?nA%!uwOP|{?A$Smfh?;CieAJW%2v9 z*h@UB&9|bT5>2sod_8v%6_kbN{|~(Y2$5id0DZNd>>q)rtZ(FkF^Cm(a`8n)J_{sf&s7E7KuZIe{XfguT1FJQuKg4s7&{s&p z%aGu@)4vqN1b6Kl>FHS+X(@%8V@w;GV#Iw)(Vf~HjRPlTq6O8t zI-CUs1-&Qz-;sxZzvrZAP&fdc_3ZbdAeP`JtaTqJG(|TziQ{bA7l>!y4Rh1XH(vo4 z;A|y43Z`psqUD_li;Cdk$Hl;|9k>no^rkznOFB0*1Kb+my1qWFMLc<<-1>I^v4Inu z04;g^&{HEpCpQ31{G3Da4tDiQ8`E*EaUo`Factsa17-gouL&nG75uS&q^^_mdtgl< zpTB3IlqY%zotN?!N&+2wwj0C2^msWRelTfZqEV!)NkLgXZ^$`);dyL zF@!(If`xZr(&Y0uqQCvbd{;uj*wau0usfgThC|Y}mX~^5v4P6A4~@VZq5}Lfa;);F z{cllQygZ)H9ZA;;5i$g^TyG1n^?oW_lL?(0Tu z604*m)!&tt!k%K!M56r%c6a9XDM>hdB5X^%v&}De$s5Dv6rO$tZwv;*run5f17Q9P zh(z=V2%^VE+>rQK3E@uFe5Lc(BQlN5WQDHJ1)kW;%QX59z&Sl;Y=KnLN{-^K6(QIG z9vQS>J}5~b4~*}C40#bq{qrrOFGb>!&Lqo#`6Y(HX*M81tDl<5sIQX)&+YjS#8k9| zSy(@dTMFhhT&L1~KJ;`n;=pjm5ki63ot>{e6fd}W2<>x9_?VogS7P{y^-P}+UGGOz zCVveV>0ES9!b7FQvL`k^w@XY}>E}EkBVrC?HVK82(a<6T%I&X(+jIfCyKe}$(5(sR zT!STxIE%N=c2>9K|@9GTy=H-wc3deA1!E{2rPw$~+M(HT|A`GPDcwZHa%gP>df z+|sJ1FD9!5QA?@DthR7Z_Uld)Y~_-~d)GN510T-t1mro(mdT%+unQcGO2$#?VH)GC zU2psU%`E~#0hW&)palJ(=axq|qL>DD8XWKZs4EpOo_9dASNKHHu4xVlvdRq@rcSIs zUlO#>6b;tpU`OHVdMh5#+sDCkR_`$b?`**#ga4XC>v zH9O=2c33335)kSYEuszRHEd{x5i3D2POSAW(Cs zrk`|zm+4D;(aJ{yJ>~#IfFlGLKf^_M9hGwV?ih@CJA^6AI)0A;Ud zn#1VXZ*MdwvQi$&rr#$_!(?>DV)?O6Gd-_}#Rc~>0h}y(R%Az@lIVL2sm$J2hdAHY z0A`Jq{uW%!)(t*$X(Ts&S6!_j@hYHpaa0vrVZ8DD;Fpl`C}&rxhGb5`UC>XqmW^tf zyH8`QcEk>*^JyuY!nG<>Pnw?@OL=*~4T49D^Ohg*Nt?#cgx2$hXL4sNT9YHO4-{*u z*OI%VEC+@$qjR<$xOn8#(`85-^g6cA^acLpVubD(hxS5&NG^Wx|b~^I+ zmg+NcC+04zob6IdZWs9v#s-oK@beVGK~gtVP9`5lc4VT6Okh%0*0_-FR$vyg7~vaf zVJ3_Yh}}2C>yn~ZHKCQEp_FU>+?_EwUD*GSIfqH6k(yciWhjylQ7U1hYRid49PgMM zyH^SRsc4_dK&5RtM<%U|b>4 zUpU{-?Csz`mKS!!S0#6G^!{VVx5WiOvT1#PJIN#>MFdCk9pSR1NClhIET;^zA^f^P zz<0WjP!Odt{F33qr1e=JbZZNxwSew1|>E|k*$((b-S7Yw?7HH>R{fnr(tilhUh*hB7y&u z*>5%e1R5if{{cUXzm&=imv_s#i={4rOFt41g7ptX26J9alJBhsa!880-b) z?Y*s^)$xsJ{gagCwy6ZH>94NUyhc+}KR(m)()Fk<@Xg!nUI0JmWDYbPv&+gk_Myzv z4uN4Qf&_J;v}NWjNiJfPoj46>Sv<9b0dfBXx4iWrUq4<|?y~xG?iS(v+mE$~6&SMi z7Nlw|sx`qL(DS9vR>LK!zY8o!jEy}#H;(cyfb9C1_xI=uG=CrR6a}rNJJBEEzaui< zPj6Jw3Xq!0wV-fK&3W9Z!BG)FqG=MXY{<#Hs_Ywe#-x4XSM|u0JP2s~8U}CG`rTTR zB6fw{KZZrada~_q-DVu^q`ByP^ZV#>YGaz{HMx`UVb8Un!}k7%*M$yBi0t&{cpZnQ zksgv4b90w;2{Zgqk+BifhN0coB3x+d%=6a7l2Z{gH@aFbh_C559&JX?#TQ6$r6J; z8}`~8SJiYL`C{t5uGb;@j2Vv?c8Vd0Ra|KD;%gf`GY~Q34d)vn!|A4}&1*u=i*bp3 zXB_m8HHIC+dNc`~AU?c^yv{=3d{P?D%~jv4Lzx(7bjLjpgNUe5gD79~So?XIZBj6R zL|jbI#(0t8zdE>co_Ti5^*VetQ?{L3`NSNP)x^D+#_2*0&u4F!s2DG(j1%=S{%tw$e0?TS~0p<%MOx)UC)@DgTos& zLcXsztS1i+kn#dQ>-8NNt1X{W3wFw=IALpKPE*)8El+=A(i4RmG~G40oIgPR^a#Sc zKemoJt#7+0QNV=T7COP7@*S-QnM)vcX7KB)n5X#fTJyc1i8xpffuSx}scnBS#>Mc7 z7#wh39+0hw!mD5B{UC>Dg?B6;wt8aMdT-`e$jCq;wP4xU=oSE{`l9S3Ybj1+Hp)Zg z1Re|CfYGOVA3vw~fhBG2X31j}ipcc9@ria4GDncjM{7o;MjLbF7bb~mF*vGilg~AvXn>)v3Fyp`Nr7jR% zE%VtW4orZ!A?nxfN|fXB(wfMoJEXnkt03JUEkt9F*>m#ZmEi4?aMTeyR-(7SIoSa!LvnAop%}IKbKAX_%q!kJd2g zx8&Sg5ChHqZiQrV%W`LSH!2BOjZ{?eNSKv2aEUSGa|P{eKNr((R}tDe5#&*x<@Fq_ z3~lzHih-E`4cP$cRA8`6&=?e%I{9tJ1_}02$L+{zKEmoY)S;fIP^xY{p zOYPUH)QFO8ep8Y7-2*NrKHvPI1xEtZ&>W0q*kkci5sH%k_$AV}(5+tPIs#8I#8FnN zdfobAm=!ZE7RRiYvB2?h91H7Jorq~CK#-JkCVZE6U?F-y4)+7K%DgV~#&&ifg^7|z z{G(OSzy!suFLjGaxUug5g}KOoDke!sN7Qq3q%R&H`|x zO+zBAbfVgbB;CV#= z?RMu1W(tH|enRIfir#d$B;e2T_8%itupEO;+o*w}@9R8u?0!axL>7!e3!(f*XLkHi z2;BmoTlbb1wyS42J-S{!CZ8d8cn!ZEu9h6I^r->lENDf^}s>DRM9TW3u zLlG0VWe67Qhlm;tuc-E}dYS4#bLfHzMllJCKZ?E73}7acA3}xjSY4l==@!nXTk<7q z`0ttZzVYkPW&f=r2c2nodUvbJa^Z~eN7UoB)BaAnk+(`zwM)xZ5DN8h1^^q*^z>%F z%^D1F9vm-5s;nDWnciSr7(9ucP(h48gl=+f=p`q2O&N8z-!cHVO6+1|E@k7UKbFG7 zwvom`CwWK<8ZV#^GhZwNx4?3kWgtr`Yt7v3X$i>pLweb-p^M3SlB21lu9}-Yz28j| zFgm}gi%u7N>s9K>35S8x0*?-IrQ~e{{Qg@o2PxZ+6hsU{l{}lku+qBzmn2BZWE1DdV6VIN8nOd}CVIPzpMx0qQ5<%} zG>DYEwK1^VI6@|+FryPCE0W-k`;2Q&+JUH6K)>Cn!1bk&%#YcceO-@8;IU^#b2E$> zD5d8%FVSXVKT23F>eJfaN2og9Q``jwb4gM_aWz#t5S!6GvU(#y5`aooz^^X)lVIeSmV51g zq5+r9%vWHxl9cUzj=!L#M2HYvJhL>Ok`FeEmR21T@SP!>8Nc}wu=3y;M)Y#yCv^-= zdbIuEjSsNKfc_-ZipvK20+PqnapZA#9C{_3Ja=?AbUq>OYE{Nnx#)xR z2>v`Ckz(7_d&*r@?^v8n_n8KDGv!t7)@z_BHre<)5dMT}z&ch6_GmTiba|wu&t*qF zGxJt-pgNZuje9}!Q-Q*4zZ)TV5%kl*_Dr9qMq-BzykmSdYB@(U)F`ZRtw5SmaT@{b|_+GtTuWy zqU*V2c*2tNAjiao6-Nl(a3goYwS^WQ@jVV(5yen;%NOmzaRt;+sw83x`zlLmQ`Glt zxfHaCMFQDRg3IjHwK!Ha@%U7#!sb*-7Xe!&bxq`T$r>y??sdj-(J!x5Vi$1S6)~@g zET}{(7!P+dm$n!1Yo%MS!E(1bacF0D4$TQiO=u&`Xpl(AT~ki%ZUc_V+9>l9e8~YhQo*$})B@YAmRrYikw-Gr@9jbz zUR+HqjX9b#Yy9n4AEafCu~a&$&RSz$H+)Xarz@e~9mhxghJC4K3u*)Pf>beZExrk?)BqKY8}gd)E+&T!v07ppj6E)Q@8IP-09a(Dhz(>+Dy5~FeZ&Ja^J z1A8j-KbI1#yW$B4I4F$ZQHgR+qP||v2EM7 z-S_DAd;ahJDc_PDGqd;Xy=JYoU2-%~$L22|tL!M;*g1?*l~fi5gah9`xhc-`{OJo6 zYQ>2Bak6k(a~;J~6M-t9Nbr+pO;m*Uq4jf4#cr3x zy@A^3^&;ACB(c&yB;eK6KX4Hbf)Nn~OWZ&qtc}Zf_+(^Vn^iI#s+^<16K&q&lIxSfr+87kOSJh{;jb7u!kAdKYF8W%9U&rH) zPN>P5wbQr$#yebtG0zMq4$4%C1@C*5%a%Y_iXtO9@Ck1@?;L&9aD!Fu6aqE@L-4iWM8gG8ROoO^Q$aL z4DHbKBFZxnN%^{2*fSEI^!uhB>n4j3u<#;2w5FXa{_)uoJt~dWhNc5!)B<&QS*6il zL8?iFuK~O&=V;mWyby|1R?dv`z>>BbOm6isU4s3eBIkc*45W;Znu(wsvOs**oO>jM z9D#@Q!=<_ET)n8(a*3$w8vMrS>EB_T&VhwkI!K^7i0(Vob6&kcn_Mwai5u9poTwF;xZ#+1Dd5E>E&DKg4J|X@ z5mUb*xmsK2>`IM9DFTQKuPdz4K6zS4SpSPkty=2W@Nu4+fhDc+uG)ZEBGq5f{B7Ba zrQ_CDjT^pst0#vVM0UF{-#u2%wJ`_*>C}OEm-JI@9Wr``;}yUY->wz_e2>}_QZd(W zpXdB;5?ti|5t_OHmeHmVTE@WmR{p1N?q!_c4%f9PMHXAsR{OVqImsM{Yx)#nplBJ* zaCyEo3#khFMou1$IY;RQh4moT<4?6g?GDD^wdmD-+_3>@fK8%oP}7BCh)N8miHCzx zj9=B?UOsWnRVP}*?kff}n&k$%0Ie;lg>xZ5+|vp=@fxaLM!)A#)w)gW4W&?^YDbo{VeUr z-FQEFJft7zdqhTqI_I?W$QLm|IC*qFrKo{hI$4R&sfYr$yd>%W2F~DDd;fNyeq~J- z>EDCM4U0cp0#aHlV`C_fwQ1W*)SS@E%Net3g#x!fH5AZupsZ``v*LDWCp)fHdLXhp z9wV6}EwB8ub7|52MzxRDqqhso!^O=R33wkFvYiY4xnkz52|4XYsKfsfh?DTU#8AxB z!+2Kl8~|~fA>_m)dW~aXBhvjmc!|7u%2TuDuA8EuVhMyk*nZ6ZSo^Rp^NCVuQRGiY zfYiNbILe#b7S}s6&WZ0Eomz*O7rV=S**CZ79>o0UoS#u%uTMB-t2Nvor|8kP$XZaq z;7wPD9kW~Y`AVfxgg4l&JJWAKFOVBQ$0mkJ56^>MMufB#vYea=5KM0N{l{(!jj5O; zGq@}^^XRc4ufn}|<-I2~ddR>099Z!zrjWL?-i$}q; zHArPXaR|0AG*Mm7G~Z;Kxl%dtT8=vsF>2y0k;(gf&&DZKyBt}$x=H9Zd%XMXWlSZ> zQ0I1MNVxgH`@U>^_j_HHv{C9syyqQMUEu@pErY z84@}~+ru4Dpdaj@up32pF8!{rTKq+%W03lz<8ZNRa-&<~_$LZYAWn|TPFDy+nb~*a zB`0=*ZhIz0kwD?QEc>g}?3W}eMFr@+eGd8ah8Wx>BRI>ry8z}Uek`8VqoTyX$3azm zCwCwZFlkVRLwZ2)5agO&!disL#1$5cmF0>Z-fgS>`CbSf*XkLRov`p&s@8Fa(uvbs z`$;`piPzkNXc5E9<`9P6{dX`}u3>vp>AsRa6VrMXQ;^wa=kl6ecsu94biEGhH9T7N z(N{M6&TS&M+05>leqWK4wx06pTUXnPTcd$z-#Jua1!k_s?(j$*z3>n+4*G z1ca5}i<$g%^lZSNIW?b&SJSBLw)cy_phBg4MqN+{W(!O_@V)T}-*s=abIv~S3hckj z-tT$nVG>^v*}0P)XvGe#|3S`=vKNym3nndfn< z56nTgjPps9Q6w_m>A%Vbh;>3_2I_Aa*#H08TordAoitHxf!DP-`7`xo4cPbt9D z3Fhn}QTk@6)qT(E+({jrEjNRzn9HtE@mX39eh7PhKg$yxZr9EFcgul}n{#hK6qNgQ z4@KE`>V*F9JFiS^QQTCLyV>231#}xh05&q}Kc>>FW1;50P!^OuUN9DMR{8EhP@%-@ zs9Xu6t@Lc8u9=jSUQw|&JxMT(%D_~Sq~#^lJnx*%5A8>uSx0}}--I3y&XUA}wDIu{ zHNnKWrY1>4vp$xI_Q+=~ORFz5b3E^rTYHH3(6ja(=7G-OWsWk{{QCojzZ$Mfz=hw0 zE{RA|D(63%IvfNm+uW<%4nOdM6C?-SnnJ;36fRPB`BS z1_}7R??wZQ>l#=7XJ7`aaF1OiMX&oy2y4iW$y8mqBZ9@vRAfT3AMP`umHxQ=Ig%^q z*5}L8m8%--Z6T$_1x$EK>7f$Zd? z1}%GWzjB0}!^~}qB z7_|U49Q!6jHjV-runSDq~tfva`Cs)2Yr%HGFXVH3V?xf0Oc+UtRTIdeT z_ONbsV6`v~Kl0bg)oMqYNhq(zgbmQns|drJ?y17Nk+`F@7zc$ReY03H{bvH!8tMDQ z+x>$pQXIMoa=LUneJ=~EfV!6RxzP%K@7LPzqfy~*Eu~6Tg<9}~abn00^A^YIWm&*D z_um)HboP7&asOibnl7;dIPf&Iwti$pN;p2C-)pn%`qRT$gDTXAhqZcW7`{EWWq>jM za1(RW2G6-8JDkz*`<6YA*y22~r5TR1h}LhWDWIBDpHTBUn|qbPhzW4W{ZQ!Q79`nj z0Sc?D4-{VS&q%1BI6u>YsSC{gb}t;N|Np{X$9_W6dhd8c^_C|iQ|-TN{QyR&HOHlk zfX_L3_0RyI;7xS#6RPRx_l(D!AZz}{l~MhJFrmXU>COoDIM2rvvxcb3U+BO zF>$>AF4)P)r3Sw-XAPHLhph~#QbiAu)rs%-7XpP1$SRWoIEUbuK%MR<=aQ?Z?Wbb)lo(l+^D_=+$_n}I{Nc^idUqVlV z1Kgv&O-#a-*}hJG;r=~h|6hSmp0mlO?Q(|#mLD_DhLLa(a>QPxYx_(`5yScZ!IQI< zOZJH9aG?Ni)^uj9Q%K{VAO#{(j^Z6l7Q+@!`hw|Y)HOxJZqCmOT9$i0pt5xQO@wcj zLbLhOgFI(s<6-!#>Y3oR>Q#slcbUH8KNC!0@61focQRWk>Lo15A#9&K28mXaI>>pe z<{*lxxGf7ZIoUY3zOF2*AMCAhS(Fe>TZ$cG9g~P=Y)K<|-%=(kVbh+EC|+}{+di5+ z>wZ()r%m$wdg)KOVSL@Gne=0`bqFt@QsCgD&*z2kCC2Gaq#Zh?1-}W?-a;P{_aK$= zQ#M`GL{SF2KGnr`y+oS#GNwponw#g7K(5{uFz5O0W*I!dq7w+cyq<)b%)5xP#{3nJ zk=9B!#po@IAKodkMo8?5QPHEqNH;b&3g0A3{fn%d1wI{t_E%Lcl1evFbopMZvAe=SA4CaUuu6GW;~N%hF>9a2ragrt=UXRC~j` z#<&NzF$ONI4;)yNKy&il6a`$%Ey8H_bc-py}+4v{k2*#B_u**hJj8mSM&Kc zh=wBk_YiLRVQ(^X%1l4=8VK%h`y~|dbT}_%`Qg5c+~$#_hk5$!BkQY69#Hb11ptz+ zAyReX>+W9}%z=qZrSo0OXO+pSd)+)5?5+&0L0*|G_aep(!=sn!zaWS+O8k{L2+niZG2( zE?FWi;ARw)vx)stL3xg48nqGlPWwQUe62v zNZ2;_9q{xPR+I9WuU_h9Oyf#dyd=B@stlWBOiOoKpPT#EW(V)(6JMj*fb9?cZThaA zjB7kv-74>4s`9hC@d;{Hi>peqs%+9#FWCzUji;TAH|aV4;6?yMl&&>{UuLQ9s{f7{?f26vO9NNgdw-Q@%#*@XM2TbnDI}Q(<9VQYo!O*xjL=wr>TM zC3L8m5^_EUasZgd1>gxGU9%9}lS{fE)SGP;?C6uKw_P6XFL>Hhj=1ua40~PTFvkn_ zvwvSFz3ZL_K}?#RetXo9^dODnu}JB*NZKzL+my+^pQpH9^lu3C?cuj`c4-Bg?s+XK zO%YkA>`I*0PxJNMtG^{(EEs+d&6#a`77hyC*f5`rf)6^WQv%C?@|;}`nm%Nd+2jf# zUA(@O3z{y&6_6ouEHYy7|FhOT>BeJl8WVPYN`J7oKm5(QIiD@J)P2C#v%heb?xOsr zHLk@l6%D+22!|if`ms)M!AQ6v2LNWFEK@cL-p;A0K7^gW0E?NxZyv%a(VVRx2UFGT zbfdeH`ppK&?^q6Sv5SL;FvS9Kend~QyfdjBDy3e0h5b>gZ!h5I6qXTX3x?@4NX3{K6CO$ReT4#>*PqzYi zE5LADd(1RFXlKiNZt9V`0|-Wy-5JIqyE(xr;N!bvF>vyeP;=1IytBwLj^}5;rFdgC z0K%O{Jl12EqY|>fD`}&E!KH!H02>gBq z$G%hImOZy6t{y@sk$kD08(IceU$ET6y!5`WV3?`uP#uQFhJT-1K-bC#XdybNt~Sg% zR7;p4j)Ni$7>e@#2tMpTybHntw}?bOk@{02)#q&z(q+(x8`bqn+oMA)84*L#WIRVS zlAo^rB92~FbV#nq(LyJb;Z`UBGJ{~i2VUN})=(s|xqqapAb7}X1_j_kmZMg!8N6$aYc0g33y6^kHVY0CHHQCmkLMN1a3j>jP`WVRi0KH+ICd&OE$qr5h;(+$1 zVpjKkNN1@{_uNu*yRIE`IpicRMTeh6wuiVr*FkAM%HKN<8C*{rHOEZ((A^J{LbN_u zxp=_-*}Gm~SVl@z?ESP8u(X4!=a29;lpDQLQBXC z+41@p3A=nnpK$^*H?`l3k}yE0GnTpgA9vnEnH-nHDB5#ow6j*X`Fqwk&nG>Yq1XeQgp8ifUT+w$BSWZIE0Kd*>#qh2Mq1rZVmR3_oSibz@qeMm zh5H>L(gMG45*X+AEb$rt*sxR;39<+WU6L^n%MrIAZ+nv}0FNbC{6PWf znuY^f0{%o`7I>>pkIVDsy7g`^mG~d>#1>2Ifq7gq>eK`taZI5e3MAQB3g9VvKU}*j zMdEUGKGA>2e_sl4@G(Q733o+ex+^d15d&NvbcTQjg0IWh)i(*&gU;;89IbHu-adfJ zINyXJKYFWujchDDk>M`DLZ9M0q;q5j&Df+*)`K73Wl#3k?&XhnrqsfUZk{VNRquOj z;tn}yml#Co58W#pB+Z2sI3r|oC7uWA5lu<8M@hpw2V z#!n|Jbhwq@wnzRwHbk^M)vcD3G3KA5WwF4%d3-F*wSIS3{U*WY9t%9Vh)`UTA}$`3 zJ-()lm78>9YpGSncvQT8Cg5@v*Uk)=>irPu%D(yc9^4s^X?QG;To!Z7Cba5;FUM#2LdGE(LE}67u6SIb0RVxoy*cV8f%~ zk3p5C{Ko`!T0(sI?LQ^osL-rGXcPF{UhWQzjtP#>ADcC zo{$2Nl`aW=j8kdWzj4A7OQ@_4Zjl<%o?~K*8=^L4^@za)(`mGkyV&h_;tU-*_#ZJ0 zJl`<)_arroX>XvyIy}5T-bk?r9{qUC{b(tD*F$iMXc1gZ;V-v$n;%!dy*!RoZatk<0y9A)k8|24 zM`i;e7yJs%cp!5RXamv@e`-5Sl3(Y#a7wgII=rZUtY(zmzk^lg$Lw)pOMm- z@MkFBXi51WZ-w07Z8{5Cx0x3}#0Y2Y_N&&9=aV|h5%?4$mu8C3x)GYrIP^)V8N~`v zL`BxH;wmkiUyN{MyMtL}}wOuS(Ycg^OPnx|{vroa6h_yxw}{DLQP zcM8X1{nammZR0N-p%r#WiD(?2aLU$ni1$A{-{X0zWU@^`&)7#RruGVp3B

XGsJ9 zPbB_VM?XLaU(5RqHo|XT1(a4R1h5)h=SqLv!7{#yW$JWCy$e!1MVvCg5yB70wZJ4; zEhAiH>%nmh{&NW8)1r}6Ef*oK@VhB%O~5|9bGl0vNrAMjeEU zDfHfvS=<0#CooyOo8}KsTu4)wzHUcccY%d(;pTS!$R)Pra&V4o(1vB#LtMJx-aW_F}v0fEO^&pmgK(Pb5mrHWpHVQ4Go?~>F{*Z=GthZe0#PdYZ&g(1~ zDld>4)3}{DR#&WA_LJY;ke2_C6D8^Q@6iBu`HU*xgjtYvqXH=DbS~bB@!+jG#@7m_ zBuoQwTov#7kgHM_8xd{7qIwAI7PBb7E6}V#5vKA$RbITJ5q?yH?|_R8=s{!?SKpe@ z1`m!sBnLcs!j3-}5xadvnRXu-TjV@MBL|+&`o}U#pvsRI_(j6*Qsgd+Yk5tsCppXQ zhcG7L7I=9HI12JV<^~A@%zF|y=O;F2#2K=-FG05Yg-wHXO*RZRb%8;VhN!-ez1>@T z2X+TO(+{Ul?;`H~r;}+1hj>ZcYKqQqGoyFLSG27_iaiorP!^7|-Q&{%IEec~bZIz< zwEIF7z?8$KQN&|jrRznYbER84a6?wN`c|uK^_ail+q7@Bl0}~<5Ln5BS=f`DIT0O{ z?VA>`FhPI{Ya`K0IM6Uf5}E&-3tC3q2KI@bN zhXa(jXu12wY^phHNrZLy6dZqS{)qkQnh!K!j2W+ySTUaubTXN6nR=F<-}29aN4}UR zvNf7OX&aFAp;@T#w;u7isiNYf;q~#tX}j$Ie%TLL?d#N`{psl*7@`L^q&zMF0R@8sTwR#*WG&nKPKm4pkn z%Owub-}8-!T+g$jwhi`5ua4{mO82>J8E(pO$>=qk)e=B~LLMBv^>15oafe}n=)+qIA{Z*1u9rh~!W)$_>6F+`#~o>h4kjI+&5LJs$2f9h#9 zG8+d4t-57N28jme>Y@9`lC1!R;2i&Y@C*3u9v_fVqcUw+bGLtcL%_CL{7o_-m9pGI zg~p+)9L{E&m-XyWsx+mHb^#2?6wP*TCSkMu-1fdc@OZZ=W<5&c@qwivv6EYk&EIV} zVcud=Mn5%qWWjiA_Uu;saWa6Y=YVNjE~>{U7@DUJZzfyD!$OY%nUjNn#}Ok0d$`iy zl|sd^QoYn-GKN;MX>n-iJlNXs;ZZB5@aymm+;Kei9*2IE5efzB#<;VkNZ@tZjVs>D zvWA>|_LavUQw5MzI^y@KCz9*0LFUv4c=$g}^oh6pce8O;5C>5DgGf7eloFUnzkpOU zGZ~?Te-&~X6H8HJrIBFXl6+3iF&{As)n7n@S^($8uf!DtDBN8pKhDn z4OW$|ah4ei-tR50l}0)^2md@60UiQ!?$kEZ1a7^fxZ=rn8Iga=`ADvM_l&?U8|Iw{ z^a`22Vz}@1q8qz0nHfEK%>GM@`2Hm_tq)q9ZXL>OLEzysl8yGs66wL9s<1(=s zqin^!Us0c49^fqJSKZ}E*aK2+ODEwk=4WP0KAC~SO zFr>)WlZIS&-{!_~`6*D(yd>9alhRoQk=W}XL;r8*JYslMFlN| zNm(oPV$8UGqjJn?IgKvh=8bavVGg(L_r4pMeM`=hB>(}NpXl}aK1cFE3ZX^jQb?NZ zY?Hh9dj(NF&1=u%+eYLJ+Fn?xlK?eqRp8fu4r;2$u{78w!h)vEWnmAytnxkO&hC`g zgpm^^pLurUuxkRh3S^BecS!~U2@fA@JqG?v)~sVn<9{8Qw0Yk)D4#&l$&2bclsCnR zk2wBg3&0%!!@+*C)tER9$6VvrjyJ(Y+CEIZ6IrBh58{;G#KVAbTl9C>S6p?gxU4%6 zCsJFW$*;5wUqK4lwwmnR!_tuh)04FVT5eMG{fIujz#mI$R{Vke>*RsBiepypxEjx7 zg^3Vns*qy}s)>Ic_7HY|42Xx2-jZ-i$JBOE(j^cBt}mI>=uZZ0k9Q~QGKBIb6v z+~u+%52M`S=C^L#aX5>H1+SQ=BX3jQ@9_Yqw7OHaAJo&Z;jtV^*Gy5LbL!AEWP^yzyJQ@lF{Dm6azLdg6qJ(9-iKJhjO%^rqGM_(P74;Ta^h*GfOiW1g`c6-7beZt~dCw9+ z_7D6a9zp&p!6BMvHZ+V)_ulGPQ*&t%vz=C@UE|tGrVt>zSB;k&_3;z5^K|0-Ee0E6 zd(`XGt4mh+E$`KyRUOLraCi|{m&ES_;ZcCC+|NwbbnLP1LalKV{3PMzQ)3y8Uk~!F z#xlrz#E}F(9gL=kgzg(AFsy%tLQt=Akjs9%+`CFvV;EiOYGEIZ?TD| z@Awc~m|~4);sC>CO7ibGeeHTivWI+A?YwgJK3GH~$v#=vq#muTe^YW&*oKHhdjqf^ zSeu3!8hIu6AE`6`h`at=9Cq1ytCfehIIq8wd%x75_3m7Rey%a2!5(Ol7twMeF&CKn zW1Fo(_FWLxLqT#})(2dbzJeG${IO+vNx^{7Y58^}asnwuFVX8SAzSTucm9Uw!ki3F zGznj7f{@Kj49YJlED3iL(khuF4|(I9<9A@jm5z4%LC;eLrf2sZDo4we47@V;AFYrY zCFmK_{q8~7+qox3d+0yjQzftLVb`2fx0p2BeLDgt0(!F`3YXU=sR&f7+?x|sdz5_N zc|!diJHwFxnIDo#(}ho6Gsxk}!9S!lU&mO zeBOpuxPh@V?KEQ8fm!Jfp~HuZ2KvPUr5X9qR7oiKsl)YBg=~7Hf;zX*f>CIydDcf1@-!S&sUkj+h+GZJPd>o0U`Eqrs%c>;(2i90Bnpu@)9e z2Y*;VqIe`?l_XhO17agQZDN6E)Frrxnmt`M)^RI$vGON#iN^EXD5V~|jlDi4-Kh3j z@kkw_05a5vVJ1ap!%y}geLQj31vs+Pa^YXUV4zl6G#(H{xc>y{^^3T2XviOaMh978 z+!HpTsR^0pqpG9p@>I}%4P^L?1P5h@U2$e-#m!8B|1lYFrwztDczo={fmx zHP=Xq3xCucr)EvrMrqo$#qHx9nAR?jd<;V_AtBjiszm`&ouz@wQiy|zxrkRz-PX@1 z&G2)u8dV`73XG)DfMFP-L8lLcPMELQ!xRLmj0^}jXyzb@=%~>kD>f+9Wz2g|%trHt zauZnH&xN>`Ze-yv%jmmBnP*uo{EOR%C^h8?uv^jwVqXaTVb5gzXj(TDgbiM`B_9dm zQ7Ydt0<^(|G7QygRi4egXfTbl=%62rn>jt#V;I9#t@ANQxLk zx}!qFR6Uy?UW_QIOG?OPU76!bG5So@()(EI%+- z(^>rYx@4oy#l_;MF;)FtdwXWO-aK{uOB8Fmzl00+N{B6;aE zGmDC!$+7gOsVrg@3{ebFt4nv1W$S400&wou`j}$V?Z?j!>&>gd6aK?Xpd=|7VT*~iA-&VbdahJ+5 zM|B`l-P!i2vfZLbYL$(uK6iawqMHeVcfqk6UkzN9p+if z3$yiRi=w?GPa1a+2Ncs3f8FO~l}4`U9ClL?pGiipbu)v>pDqE~UPU#{3@s6vi zap8u{N{IylmL&laD=S`Mc-bHv6tK2YEOe{YCd5@LQL9 zb9Kcy=^((O%(Tz`J~cypZ=Cg;Efs{>fBmScPD|%VMBzT!SO{CF#p=^U@L-uKbDOJi zuWSo*%-IK-w&(2r4qR_xG3y*8O4r#$meUym02R}JpUVc~YVl}qj{cw-pIoJ<4rz@c zQ~aD11R1I3!<4_lglUTn^7~&xy3X*)8gQLm@Gt6x-eNprY1>cQ zjTs$bmEvy~+>)6aO2d98g8)-=aKuE+9BkjCrvGMFw%0hW4`HUlFX0wN1kSUGerMld zc7$+#^w%pYYADf%u&TDi%OZ!Eexq%P`pSevXzV%9X<&mzQ*@@lNO2mV1}Y^K&y6~& zFA!YM(}$x{@GRh*XT3AXAnz`eaMgBWH`_Z2200 z9|G;q#cI^B>X>kfNIy}lazy<;g1TFoAMYv|To+q2c@m;)|KEP@B17><-cwd0+N3F6 zRavl1x3w+{Qe%1Zm^D&Fg&U@kh zpStYh_&VSh#$kb+^@EvGnuu6N5DxM;Ci2{b7uSa;qz!pY+|5OJPn^_5waj?n9MFx6$BFGrjfgHl_d@H5 zCX38sQOQs0@6&4d`AChna)@ef)2@Ec<@3H>v85lEUBrstxM!fm2EugqN#j)ULbTa` zH_CteIH&^pO?0NCg%x8x3(|`c$7qsIZ|;l@37ocJC-Exs%+^Yc-zc5(vbjYk;)pT$ zEKV$*L)WwTp!)?b5fNXrflLdyn}!jfbVOpZqKnHe$vsnW2Zb--X7p-(26}yWfwc86 zVeDc;-PXa~*jHbToxtxdM-XG*k06H1F8mOTM#DB13kjXDN)S)jWu`p%=E`7da$dTO zVcQk!4E2dqAK!k@)w7?(v5z-d&~%*fZq%o{CO{24vW#96j79V>!-}E(> znU|`&q?N&bMMJXMM9ssjv-a9T=s?}V2Ia1{o0|B17+>kBAL+D!)Q9);ZvIBEi^Y;x zO*UctLu2d+t9JTP!gQtjve*Kx(*F(&7F5C3q#^DY4aE&wS+T|d%7tIY+ zB+o+A4xR~S2Wow~>ZNj|fOBh(yBR$ytf;Tf&^b}W(DJ+ASRrxbiZe_DOJKDw9F@$U zuEI+8-vI~q;Ik-bw$S&8P{gY{sx`yNSE_!8f>@|Alc#uVd_Lht~D~a_>$M6IiP7N{* zswsh@$Yt1jp{ln>F{4F+THCE2`MZdPAk(zs=+CZXm)b3|F!Pr9-O45lJiTjdMB2s6 z0=?=!T%ktG&nfJ(5wyX zDSOF0@-#nS2e)T%J za{9kAAS&CV1l`=0rd57+H&_Z({P&N*X?L1Y)({Ru&WhO}fm)XX6lC$E!|Je@Wvva@ z&7G$V?4qUmlg67k_BIiLz*`(jEvQJ1c@wWe^xE!Xeh{$j2&7a)l+x*51Y3EKBAN6w+Zw03;^fuzd zGKrfb*05l6ME<`mMuL*bMDdg&h<&4U>|SPAQn>j6d~%5@W%W0?c&jF{Fb2jnXsFe< zrtkgrUC-OcThD$pROzS8M^fD=FVZa&HmZSY-na<4BIP&%YYeR2hgeIi+I$y)JEYpe z#X-H-IEoRkIx<#{GxT1@!M%uT-s9Iv$>lS;Gj+!PYe zNNy8x+(_46^xWpY=c#K(d`AfZ)>H+uE(3Gc!v@?NSfILsS>Us-aFAQKF$tBrzW717 zdGcj{Unl3zF(U@)zsQ#Uf^_L&!F29a`7-xa!_z^cLEMELzeO`)%e|fT2ys}Cu!Z0# zuZF$FAzf5G_40sopVS#G{l74bqXRkTv2nxvPTFkYw{>kkD#q34Eu)(kxnnQifwLp* zZZ~BT1O@}74VBF9aw-~0hUTd2d;iH?CfnK8Pq(>~_UPV|&4kB%$*3cYJ)4fkiRUoX zH0sKeI)m4|v*$jp7cEq!Kbr3HUT0Hp_*1bG$(ZQ)cKS2t0hWMW3)z z8l7((B}4@_Lppq05E7YoXxW~HVeQ|>(8E>NPu%lmh$0xdNxqs%zWIGykqWHEY2owhwEOY+EIc_MnQixn~iS{oh&P!yN=c-R{WIo*HQIhI zJFc7B8?Feai$?#Km9nBBJa3zEe?LwQ?*%%Kelx48TDhA9xJJfn=@As-G|;?)u;L5O*Vr^2oP|(-umkO#+%LF%D|Q#^ENR& z+>sVTD*v}Ylxs+WE|Ax;v6+K1_KQ`fH9f4wp6Y+fLT{~?L5YYf4UPzV;%GZ97cl(! zU#R}o5*?!qof@Gn_=QU@+)`&Tw3v5gD>ZYuy0TY-b4F%LyXp*R`SG)gD4{;5#oXlP z9?>|UZU(f5O5tYW?oD)+|3dyFsD@>?NPvVl01LM|rUcbI@aB;-!H1x9v^`lnxo`Ba&=h)|l6wIWa3wx%YPNKeN-DKs7>NBdWILj4YDNl48k295)0U=a{U+&Y^# zT7X;eYlL14s*QboLrcTiQHnr~80XVzj8d!=wWpj5?n_Ap!<}G*H$>amP6P1dyHl4A zPw}wDfNO3LJ8Kcjzx!W31JsO=P|vYT{YEo#Qw5r$!$npQ^p`iWs&i&LnTRW_j*$8> z-d*yf+21<}sp!80%b>YRrcs62Pro8}Cg<^%vbURdg5+o6QJ>%Qh&?ZfyY__!=@7~9 ztkCAUa7dBBqXleB2dsF0gpc~CFX95qXj`n0xrfL#_=T%}97w`#Jacn5a9X(OHm~p{ zVvDT|pt*2aqB$$fz@<9kKI{b>|MWYdy{MDYgU{yl7R8Pn{}!WyVbeb^R=9U?mlnyH z8La>Zbf*d|3ch$R##&%ZH#)kf49i+%&TrYIO;&{K&*r@0GrSTF+lO**QU7%; zzd*JQK@7-71)!=vspp^bij_kNrCi`qa&z)gSC4y%0i)@{5mJwGJ&9$a6Vwwo4E7#f z?NgcYimN}pM1EuWbeK;3_lPGSD=)8!=ND;Bn18#%hG0I%@SXmG#-e`gusOYp-ykV05IC zU43cM01y14P6QH(qMuLh;~7T`ofFfXJ0r{8H=1b=q>D7iGRXTT6CHQ{(>qVrMDMfs1A?0o z$Ofywp+sx|T_LhWZh8s09OiE4QG93Sg>ln?)8@>GR!}K?ma6Z2oMJ9CceEGzuQKK< z*7XjIP$!@k7x)xCk;FmRz~6csFo#K6X-RW{%@=M*~%hPfN16~KDw;8h)!+PsiPI%_s; zAETbs0;#N8MJKmGcm7j{ID!|e`# zo^W7*()pG%Okm>Sk0gfOM=nq0J0_(?jqSR=-RXjHL@hP#Xm1>Hv2l(*Z&xqn+nuy- zP1R0m{6*V|GXt7RyWYFI*SrcmBV1yOs-oxZ$KFSC^AsRt2kLcdP7;lLhbldjY8cx4 zx`Z5yJaOIlJrAF6PqLmx;{x{vBO~)(8Fg-ZqM@a7XmJXS+`9=Mwd-;+o%-oEYFERTo z!g->HL_p@Q{Arp-xxB~4{L%j%k$+~B{Ok6ruoQT3FSdKhA6RqcC`r?m%;@~eGQ&5n@(ICMC; zBCzVDCFeQ!WXfWyUd)aB&6H?M#$(Hjr?h72*NU~Evi#~&cfTWU?z$pbaB%hi)dN}I z7_)d)W+|i_Ud6k~Pj0XIA6CT1S$PMEPHZd^?*iBHu&VEOgeh5BPwlkYAMl!O^H(rx&uH!35120wvS`9Y0ufI-&bOL91j9$P z4i}o@n4RiSrP&@~cfS*M`WU~m$a2K6w{%<+t%qmn+r(4VPC8+;{7v-l_U84@2$tcw zn2k+9ALc>^F`K$@(jxD;+$qpaiHH2_{XZMwO7~MzBy~rO$%Hdm5;^r8iXwc~o317` zkZROxx$oAG+2bMvA8BXYF;(cqqLVuaKsrN95_~*S-i^YnAMR zp=KR=9KosIXA+|GtO(Tzz9b?d6}5F4fb}-y-_j_IbUIm}SUuP*wd$(7Jp1bVT!A|Z z=qE=$AVW3u2-73s`6=|JL6fWT{Qk6tivNP1*HfA1P-GNiWyLY(xv85^gjL|#%KGoCSC^Qs(FZI` z2xbFv$-a>HYhv*sEclBO&Ts;(=598fPhmb2X_;rW!C(8c8gLHcdy_e)s|^u1&|!(; z23UEZO_eG^SdAMftgo-kv>NpwP0tf<=Yt-p%?q!;RPd_5>c=Q|bc)FZ?dUfiP1Z_a zXjPgK*55bv#xR>df^5Tm%(+!Qm@X87=u!w^YR{WCE(vUc1-x93)Be;6wbWWjJq&E8 zsP88tB3=!CS*k+EOOpqX`JB~yekVg*o}5M0TrGWnA6-yhBbFUW@hA9SRSolB-*kC-;Or*pz5TsvC3?5kjZS4euQMGff^7a{ubS%wM+Wb5sdmq`ypPh@im!C=D&HePNa;_;mu4IHXf=li;K%JNn;`kOmvv3c zJ{+^ZKd2fv_+)kF>Y0FdDy?!Tk8@v73D#&eS6UsnxLWmMs;!2lmId{?`iH-#rce1s z1nqv9N%-PC$6Uv|pRqw#_>W%o#$L@}JhRnVS+y0l_RuBN-MZ#M)E$xi zlGg<%Jk!cdC4rMw)Pa)~q@9<)si%Wa6>iORUS3hft_?TO=|WTni_~mTi}l+&cyJFT z9(+mp&jw^U2P_x=IN;Iub%h)i+Rgzh$96C-s%bvDEg0VC+S^V5yLJ@N;&jYz9A*taFf6a+$5l7~qK}s|obd8DuQ01);2&;YESFC1?D0W% z%Lr$5J*8(15Ab#<3fH{4+T_9G4-0FyDt%EM0@)4SssoL}AO@4H(Hkekz`&CVb6U)F z8R_-axoFTuub!XNSUCBXPnC`{v3L{P zQ_Sdk{^3eCJf|1jI%^lb?AW;ci32d*&a~i%%=+&-z229LL!lx_Zqm~{FMGX2O=(L; zyNja{o=CK8>2%;@s-dh19$rL3ATEfA&yW6cR{^zKM8z%zQE>+mq70rMZu0HizlJ_w zh}xS)RI|%cb`Sz8X_NDNeuO!Fg`~Xu@P+UAB4$8G&oBH9v0UDZ{w043aNGa1i8Y*~ z_Tv?KAm7kqWX+guJs5g3zrnVgmVVm{A*D9 z(!_nxnwG4Edxnf}+I9A(X#25CdPRUTB4asl56WSq>wpUjMv+KwJnA|I%zeI{~Dr7KK_1#<>C z-cmECV>c6Xe>l{3*kKTwWl;qRX>{TX>hNmLHuvI6wmq;UjpLGL9on zNb7KK-Z`xJPQDT)wG?*7sJLO$utjTmj{|K*azmh3U7<7oAn|VYz1oK;zR!8%pbp}P ze9?M15-#Jb6xvn3XQZJKF9US-UAkGvN{lJfbgflCD?`v>nsN}U~IXlR&@9d;R*2wqVL_v8xR#3Gvtr$()253#j$2INN#JF&_W^L zwxC!I(JfJBN`*gx@T`;)V~@_WgCtd=#ly*nQP#7RZDymDAt*sTWh|YD->2&-&!nq@ zY2UOZhgf0MncOF_~HpIV>%Lj%U z$;drZ<+3bTnaj+eg9Z%_9*MP*ihj&l{`5HOm#d=BkLMaL{k(KZq?GwfuQ6F{sYNA# z)%oFd!o?|5jwhSrl~p2lYKXIu(e1!E5-T;!?L(UesxQmkp`zr^pX0;|7=_IGXz=sT zGfTX+)+@$-+rp?jn1D#=+sGtEnGQDi=Hn6b4(&ER#V<*z3b^+4N7p+cmY z<40StP}cO^ppVlZ0SeY4@|WY~uM_XyduEM);kOo*YI#MTz;0vra=#-(0Jd<>-PMnR z#64rpnxhd>+%b?Y*H5T_L2o!qq4eD9sm&V@{$|tZJ`EvvH&V7iMoL0G=&WJJ-(_Wm zECG{~9zPy3;^Kb4tpiVP9D&sG=YnuSl{DEWg?=k;*hp!2Xu)W=i=B-(zH-q3>DlP9 zL3nk}L_H}|%1Pa+^+SP?8%32F%A}$dkVX%-(QOa9U#&BMyWJiHnYXZ);&iY7e(CZr zHg|7ut>K-^Pi}7`yJH`iHRre7cCw@<#@3{BfV6Ol9d5$W@pDYo(I&xn_XzQ6Yxc2j zU-vxeFT#-Dk2yjLv{eLAHkw!wv9&%nv0Q68XvyXa1hr!43uc;3_dE#60gWiJ46rdg zW~=fuGGO5=ILgT%h-az~m~WSggQTSTG@9@Y|2}(GEkdl1iiw%77jIx1il>rNv*mlW z;__m_AF?UhzF|d{kH(vaz%Y%L%eAU4tvOf*uaFE~{(Hb98OoCK@(|JVZza!y9NoA? zCJx^-ZXP!5rX3>(&ig5>#Nx;tveQrM9@yBVk#;bBChz2iE0`vK=Qc_S)b1zjO`Sq> z=JWN>>zuj1|GS>(Awr49+#Z_bQh!VXFr8Ze*dseLmhBzHCmH?Wi(l!zEA;&HZD6q8 zSe5lUM7V`3AX;d z!KmFyI)a%c@3=Z?l|K47S;%Y@?Y&C^v?PIFK^L_KtrO_z{PKi97t!rf4bL~iZR)Rw zM*G?7Cj%p78}d$ne#uPsxdIJ-a`TC0%GGLeR1nZ;`txP-j7bgFt|L$Dt90dM65Qd| zrNd;l{%dC4d8MuVyt}&ddZbKz1nHvBy%ER3ppS(LG?=`NCiw(~S&wV@>k<-DMHH_0 zIN;rjI`ZVc3WOw!q{Nvp~L-y14^MyzMJcNnrPu z#SDx%j$6r6GN#4nhO)8-{8v>@e38%a%WZpf3D*EFTqw9vGT}nAR#7gT1O>y_+uU;CPZL|C-F=u8#%~M%&3Xk;c%IQOjHY z!sv>Xa)6s0Q|%Sxh%-Dwe zmPnM^T$&`CX774%wVag04~PmQGa^uIdwk_kD||WqC+2^*XFD3&(4-1R%78;INsL^*px^36C93Ew%Be7Uuz#Q#}{IJqGG*U`rrXQ zndawr`+PX(BBAlKtCglbZfOk-C2uW;9*$O<)ppQF_i zYRC+H>uEO+wX%c_K80}8MaY7v1)6sLwkp6M!@0K6l%wTp&L}s8D=DC7iEq02bA17&aJ$|qRmZD%MB(2 zqMlWE*c1f941tz7EeUAbwHSK(Z5e}!vg7oB$~8g9Gh!D-X%4y$QK|n%(g%oU0A{sa zhN~&tF~XEOjbQT*7E7yeV?-4eE0jI)pPoqm5l>-2#mBfZL#xw8!JZUo0K$lPOPLY^ zMwicL(-ssDM{7mDm^?B>9R*ww3-7mW$3>#RTz5}s9Y)+4eVO_B#*ST8m0 z%=Bouc2Z%%N2R)qw&N#pfm7x5$3Dvn$qimpf_SHG8sm%Y%_kq^C*InDD$Qw^gRiX} zG7Bn8rd{#W*}=QR`M;C0IkXsEZ`7-IgWy+m%j8>&;qmj*ih4C?r1Y4c zoa+k;4Wo)~aNQqhLk5P4qD?-|)WG8wmI3KZI~=b_#*S*tKsuXpPX`?eceqx-gw>X* zIRoFjPM(Kj5@v^I?DFg4 z)9hGy+@jk;NhG>2LE5E4mAk!<9t&cRS<3P4Io-_KUC!yb(Kd>2muW<6xVGCKL7tWJ zOtgB%4H)JQRLOM}DP4s#JI=sjrX2OL>0q8YWn5ndjxbrzTDhwURR+M+VmL9F1?7WAsFx9+@zqIu_V zgJX`9Q_DB?&vJYyKJI}>q_jut=fpv|OFh*m#@4J>JEy>=_)v5qMRSKtPY(k8D2S_B;zd}q7@f71WcUKkBNDpenilQ#hts|iyO!23rRQi$W85g( zjY=C8$OY#b1IVJ+x@75`&g}YAYuKAY%W4m`OJ9_zoXiO|lp$1}`=8}pZ@p0>=-(Ut z4&l5Rt8^wW5!Sia%9G1d)$$w5?VT5pY`#LY!UrDo0^4$b9iUNpJloZ~UQxwY(dWAq z6IdwYo_}|n!yO>!)Q$t*s)rJwbSOD;pa61TN|PQlWg^69tUU&zW|~Vaqe|rULw4QY zn`S00G6EUSZYWx`JZU)Q(E2c=c3$`R4LJ|xUHo?;p|)GRS;%b0xTm?8{G|x_GhJF@ zQ{W6uEEa#w5c%(N#uR&T{?kE2YvR>tEKbL>Vh2+C>c?wwkOromkuI=11{Wao3{nqk5SUk#Mh9+e-Wj zx(C{ddv?-|x;^=2_1^l{Z6JG({hW|1;epM_H%EAzxSCsW8nh8G6 zd6e;muB(#Xj_&KN!i}@?%)jtRYzW|-Vvbi~#>_(*!yQCLex_*J_{;`e-O`|E%KSrQ zejFD_hZEznKKF{)1cits{cp2Ye*fzvc_5mXg3`=wzJFHxyxY;WlMz&LK_i*VBT=>&qilOD7FtT9`Nwuf z9AIZ9Yo;J-rqBtnHUpcj=DkSv$9Ehlc5rw(`;v0T2SW&paA?-XNU~s8HdJt$_Z&-q z_f;FodfSrJ8-%qqai?JU!I<>;=|JpCyH01QD6on$Xq_|wuDD;)gNp0r>HeHy>+eGS zmb15A^bOTYS_EP-wFWye@cmNOES&V?817rgWMDT1UNJgMS$CN!pWywv4jsB=V`4rx z1*q`Z+2SpIQ6nzrE!Buv_}zoLDh9zUn>PPTo?Hpf5y#E>NmDNFD__>~o-h;S_OPAe zaDyMTN>vs=1Jr_rB&xs(Xv`;Ww8K6KNwvF30*}*w29FbLg>}%|EtFuyU4C`y*tRKI z=SovFva~Cq0f7qfV-{EhagINd>Pp_sqJUf9vH>l;923H|uK!l+n!@{z*bV|w%PkuE zq{QVg1%c&?l<$ERHC!DkN>mB*tvA7^H>Fn_V|@7Izwm6xW|b#ts~9~u)zbj{=S(>% z7xv9#X0tWo5N{&7Nyx+wm^QMif^HQ_w-_qs6NXL-rW3lqOsfAN%}7}@I_E+q{ipYJM_c=-a(PRT|N;be)U1uc0&x6cBkRpHa{fs z(rc-?T!q_l?d(Bu6tP@dI&$D%2ArcJ(cJjL;Oa3clmoMp?azGC57-P@QhrnnJEEQN z>9tHSslRxY$i!NkPt7**PZ*e@8*kVeG1Uu`E)s1r$4!(DH@^UBoMgBaIL!ZCa>;N; z&7DoGkeONiALQB$)&I`q=l55{TOQ{U8Z+smzNlvIdJ(o9Sxn_Zs*2PbQ$}iO{ggmF zOfk;>SIt(nIKaYQ0O|Y8p&!Uzh24a6P2Y0qQ!law1wT-U3@2L8Z|pn}ZM$*EI- zKl{&JY-sli>2hlwygT}}s>-Jy{A4WJ?Bp|x&uNz~Pz9Q#LyvLgw-17RKW1<5U`nNZ zE};9ifB>|YaYUFpMj148+I%oRiMdlRs3StrHd+P@maC6In}GIO$r#R=BrL-kC1hLI zsl~7zYHqQ$0xGWRugcM8kzG!e^S(BZ@(`0e*{#9+M?KVqo1nnKGR4Z(r)9ROU#Eto zQH3&;@=kw3Ap?NVK5+ViTr}!CPSt9ZjH8A~Kb1qAns55KcZr`n%c|`v@teCJt~%NO zAr&pQ0841+?vY+1L1dopoJCXmk6^tUB`t#^&}XA0#$S}{9uzPA_$_-YS^t}haORMc zlAGUanYrB1)VIuya2V2C>`uhZM}RPX9r#fPCAb^*two|-B_s%fnu6I?6iZ5@2VBC? z#c_=MY(Vr1v1{CT5a=Bp1>Ifd0&td9zkFSO(4cT=V7E+gf|ktO!+Z1s+1$*OM4!>! z{WPoC`DTGx$-?-N5*;^95Z+-|c9xO+b9S%r7Z-Cso{KYIf`gp^iYA=As)deaRr2eE zODEDU{Yd^|A@&`^HH&oFN|%^VA1B@TCBIfmV-m+w<%6n&1MY?AAyy`AAShJy4eLtt z&c3ZB@?c#bt7mOH5*G>aDqLc6>;0MGzB5{awRXSA_q}NnH(cM&eOx@&-hyIeyYAXz z^Az7B7YzBh@z8Fu0c3J7N(21)fvhw%nVgi?WA|Ez2e`8W4R{=1o`8Z9UammdFKA)J z?`|gMVkss=k)*~Z<%daM%7LHmWYc`m4ha#tTHnGyV2mO{gFk6%LNJ9hcWr5FC@I>U z;=^iZ%of<$Kimq;p-vQE;(5;-JnJ?wdL_0MonbY`;p*u#e};=-2t9PSnRKsn5%1V3 zriOH&K;r+2o-F4+gnpq*en>1eN|bnQ%Qb?;ze?d~yrfHg_urm|O9hyUPf0 zi6lTfn*V$#5aPXh`y91Cv?1`Ku7JI#T}KhJ*|Q(Jx|nNp?0{pvdeh;wE{MMqA+q;J zeVA_$IREa(-I5yHtoc!IJhZ+)UyKN`J{%)@*-pw#sa)DmNiVwH+{bFS?|v1BYEaGM z21UhO`ZDuF*_k=d#?HDAQAhEMF||#LMe>=x1L~zaQCkVJ-;Ys~U&JUvYKr+5j(dp6 z)a~HgE)?U9@CLR-#uf#_(@bz1x3s%p8^LA6;gJY#OY&^q21eVUpGZUi(uUK!`#@l= zVCHMI&XqF#*NBmNKBMYE;x^+?_z3JmJX?3;###Sq zBM7)9ZTT=L97*rb^-!wCm-X)ha&dl-5(cgMiAanoPcYfc^0VqKu-JCNmuMb$RbKBv zh7`{z$Z^_8Ba_$jGz}!Y?PBEI4S5N5h(Wl^o)j3td1!%0og-VVLY;PG%`A2Q^s5H^Cj~3a|N}+>U*Db$SO<1pI=#2iCj6iBEavOt_WJTS3~atoh!nGS~W%H zjlTZfQKK^3bsJm9=KipMg=K=nD1Gw4qqKhlXLS-0j8nJi(7!@Re zNHW4IPOlJs6;F|1< zV_abLDK)E!F3iTt2Ym-nVl*4QfKgDIm+~*!pX%TTao#hswqU1 zdx1ls65d6`QGQyf4MT5{&&JDD=xS56O%ln*y=ME0O$S3k@LM>&aqjNsNY~Tr=b7J% z(JPx4;pbv*9>*=-rH<9teP}_|`s99G#;1TUH#QFcOxR105rkbdtUN~tgzGPjn^w>h z{1IBDqDa?P`US}=*`Sey6n+j#6kiPYK@_<~_=QQ!2j=>&7jGw4!fg{RMq-g6#tE@? zv7xD2A(s^7{0m9*l6-XhOR|`ltDc}HtA|y{xAAx9;Rp-9(}_BvC-?7_^sH&Qp*(nIL0p6X~x8W{a`&; zBT@uCw;i7IT*YsN$R#kjFiE2bkMrPDALP42Xj#8<*rK6h?a=fenAq~cyKPD!*0amB z$^AeGH%NCW)%CY}7$1cP%a1=o*GniXk=)sW zl#jIJ{s9a@vo+WtM4Fvu@5Kic&4O zH12X)wD5I41k~6ow@+QV&2Jr+i~b*l;m0qe!B86UNgL`9+CQzb2LzSYh&aGw(YMx5 zn{+WLeX_(!Ac$_z-GFXEK=b5{z-Apdg>mP>4z;OHYC?EVlyhS_y1&7Zwd2#E0Ba^Y z!CDzc8(f+C>E3SlK<__5rQyor*a3}U8k7(5E8rVdJA%@@UI?O<|9bu$ir>Me!#ZPmmMD{_nctvp#y+#TB}A}_(jQr%;Cy+6*w zzf8n%wcb@zPZ&a1yO)kJs9>pigUs(zHg2FGZV|*RWi**ZhjGV!v_hm&;Z_V*q_XvR za8%W_V8P=w0^oOM^7{S4*B<~z|5(@ttFNZ%dUWvb5DT-3&BwN#b{geu}Aa;+a{-l@cp#?mz`rp~yCSy!EbYF&>;iqc1$3|~Q zaF4*IW+!2n$UcS$Fo5%=f1Q}v-t&bjP4iOM=@MnUV*4XBR*dzc#97TANSxxDSe$w9 zUf#SiopoKvJ>8@#HfQwI$087~Az>24YF1CbTT{hlCA2VNN8+Mezdr*acb@!Hxy#S^ zm)^Dg`sso+mZ4lW>}}$$|B89+e&9e}G~`d&-h~|MPw+QbG-b$=VPuaS#~lmcACj-LnV9cYI65ADgQm{JrC8rfsOi zY)%x)mfhe5{(8dsg`);#8{Q$NNDfq&X*Org70sK90JmkxR`6(cIP=P%tqM8l>ds4| zY!EFCc?f3K9<*pj%wVumB1@!-&xjM4Gc(5Y#=k@`vHfX(9Fiv^#>s8<9}qR+c5wVd zF+zscr{W!{U3hqWhHEG7q$q9!CCJIBaC*N=`_?6VlnflN0+zMK_1v>tJ`r(7K!Q&z zsE%x|bf67g9e{fWQ|aCSKrLWn@zl*BIabwoiR==-_*3%npsW)@($CAh>YR}%U-*pF z$eL?=EPpocD25(6AD`E6%F&p)i}QG!SRihsv*p$$GfGDe6Y1?}*q>Pr;>{WRO2CYb zIu1Pq$%x3WeC|O#`Mb=DdX*J$E8!H)c(VKS7Wz`B^Ih!ALh}{sXY8NCcxv(0fK>Uq~0Wu5O z(<&hArvxrC=ayr5a*`42m;F~I+_;y>$DyoG5PD}02ITZp`<7`$6y z@F@_AnnR@QT%m1+N`_Qn8b5b`8_3uH7@5a{L#gXr^y?HR6x_-?h_#CCXt&lw7{%AW z@8+4wxzq$+oNP>%aCd~V8~SKf#@EPEN=+EaR*HR#>-#Wq`_$iRymVtuvGd2801bDU zH3$Ah?On^jhc08|Rm<;MH08Rt@(iP0nopJKx*q`^y#HQ)9)8pe`#(*QGc&*{ffUE* zGVw|++1%$Xg>ohk`ePz|N3DDGu{i3`Mo4e{NNNaOR}5=5C%}N9YOVEsB1d6m9^}J} z^LW3UH;rVd-97T$U+&6AQ^xbI<1TxiyWH(m0zt3{jd4Rro9rs;(p{s#Le-Sru$!4j z%?nFL&p1o9?E7g|0e8n?@;Y7$pnQ8i<@Y(Cvn7`DSnLhn#*eG%p6NyZChj~ZEo6fI z`A31l?&QBDw}psSU|Sg02d(?<s0o+pf1WEMk-EZTE^8h1HIeJ;1mc{Cp)?`mCk2z1U zGt{#%<{f!c?0iv>43QR#sYhjSxqBzUU9;{u+y^!(&ouf?wx}QTq<_r}1yv(L@b1v_ z-^B)rG8rc{L_AT(l}iC&5fJ!PGtIYH6l{`x6(Xz?sdRmX1ZoSLL6A4MOo2ED7GaU? z8yw&(Rc6NIfBmgwH3HY?+wH4R(QFPToLy}5?wGV}PFVN_m(^wfsWXQMW zH%3)*#jB29f#13DDHLS4IJ5r@e_*!F+bTk4VTRK*Zj1j#R1zq3Ui_f*qZW7h#&{&+ zer%}TGjpy8QP!-+?*!aLd+{dej1 ztLgnQ=WUh>7PiPu;GK(~Vsoo`EmmYakHp$8{cXF|0lzAFtd9IB+7^776m@u-0<(Vv zSD%Lun4#QHvQht4Bi(IU1Knt0=Q)Bm>s@`0Zo6$=ox}bsZTdDix-$@KwVvMKHd8=> z9U`h0#S~*l$QeGXQ!`&}hVvNm6nZ{J5t-R0)=FZwYdYmvX_3?x>!Bxks*T8SNrf6MplbYn_(z!lk`?nIU!v z=Vn<}kmBA_lHU{A-xwFbtZ%?2>GO);lNlR7Dv8n~&9_5kZqszC1 zC~L||k>16)1L@sav!ya7?H~5C4cC0uydm{1Et~%iTx_NJ^zcCtS7D*CT2jkgMUUbg z3vJ}QEl+87dSfMzTKsPBSl3m{=z3IyvtKgR`pzs(vk{ra8*+8kx+DV_S>F7eRFRN? zB?Ev$u*z$A zy9^RSxBn=;zKoD}k$TRxTWiz4cso$XZJjk(S4&7^I1u&yIb9JglG;Mw9NA{>JAa!y zTc$t2CPxUNM4QezFJ^6cUo=pi@=4Niz|Ld}UA6F)nDtHyzx0Yi(dm@iMHG<5d3Pgf zO!T^|lu3nR>=L`S;l^8~=otWav3EH0&#T6Dzf8o%?)fU6(QT~Kn61sw`VP@>;a(E8 z=-(=0Ls^0HOxzRSKVCnbI~)}14`rQ?Uh}7GNe@OufN#YPi1hBVCpa$L62T~xJW9CJ z%z|6>kpFf1{RAp&GRUvi{bV70`)p<@GKa1!V<8?)D*DGTbCY7~RE~)Kh@82HLA)ZV zgX}`C=0ha$%`^Q)Isv`3yC%-pA z+UEKsL+*fIb0OVHlgEYtzxVDCt{AcpdTCMD&32;yP82VSPr{{Mk;>$`f?$KUX_9*Z z{*n#2N;sif9KJPk&Fo@7NgFYK4y!4b>qhbfr_%&opLT|Lw2vBRLCDJr2Hn$s=l5uGRmVB>ed>1B2YvMTPU@o7-Pay&Dl2F)&D78_DTJiM zm6V*SYy(#a6o-H+qqM{gmqOpBXKInsW*_L>c%D2Zk+Gbey4(yOd}Ms_w^s3o?u4e? z=6=KO9HOW)-s!*JA!XNKpNNYO!IH90ABmY?{rKeHm-limyly1_j=LvQ?ZN029m+a= zYvjWZQrddq9{nb*s2wrbS~GC@V`wQeU`q{|8_|JL$W;#h`Sm>caG%;mKi?(cd4AyL zqyvf6FzCPg9h?0``AnJjj^)DFW_u4J#Y)YcCNbxbkB7B$pvs<+qb3Kdqp=|i---l= zqF9xzyuSUNVg->LJMJ==N5@f{N@yw4WIsG-tQ_z>P5M1rg?M+N8)DBsZPtb(x7?!sQJ!x}ya=33b+!CG(&2r;=NaN62fw;8{yAK49MII7uH8-t44e92wO%NZ` zTHz{|29hSc|5co?)p#Z{?&tB)FLIVg#`aPdAJX=2ALj~F?xjCt=tHE_GAdq%o7@%D zDi7KX1-(bcCrhm!t`eDG;q(_Dt%*9v^XY1;nNut&tJe;s-2IZSdPzY*4;EX=-M#)l z!g?qXtle_Gb#hT9^KLbg7TH78#q9~C>-J%3bt5bwW)r-}bO2fZfM^$e%Kg_u?fb8! z2G>krv4i{H_)ky!s27x_GzX3Mzg!lJH(9@fX=H9jIUtf6gTc*f@W_ZmB4QHs69%y| zm+LN4y6&zt{`9*v-xHu03z1(~?x9plxv% zk1?OfyOT<;3u4mi2aYJ$ppeXXWdx&QQ^})yMJ2z*R`S~of|E8jKODx&`cb)UB`58y zx=RpJUMq+QaY~6j+H%aXbnSHS89w*y0%6rqESB|!V>9@8!fbx3)wKC(0sP395b`2K zDGocsBzbi}8}BJqJa3R!aBqA6!Ha0lPtO%CmFWJ;v4RQfz%7M<`xpD0IlUiN!0eBz zSS6XsT#cvhixLIoOLQeo+{=3o*%oz{cgHnr9sJN^84@i%=<<33`ola*oSD)P5;_gxmorpMcQ&Yp6RDckN}o25QSwYiQw@&MfU ztysg|CzTr%??WdUT|`AP>CL0#!~VhN(3dyA5TFhJwNdx1WR?doU*6-$4{&Hcuy!Xd z1B+1eH{w{_VK+V;mU2ToUzzsSkP+^Cz_|or4Ku7kr2S`J+%ruaL9O86*J57sX?1-Sjn-wfi+vgR^B>(M=s2W`q|=-`@)O;GJRwF&I@H;-hbF{aT}q#hJ59<2dLqQg!?Ng4>%}fj zqiAu!$IQ%Cb@c5eE2-!&I0fPt-0R_Dh^A!wfnRssLoy2ynVsi$;G-2c_v$d*jM7zD z+}+Qzz6;(sVoB;D-Vfh;3J_Ozo5exa4#_73x{sTd7!VzV*XalXMU%C54zhuSgafYr zO4;BYjCLxP&^GFfnQ26b0xz~sjvYGT$+ePs-MTmup3ca z)YsW*hAWsaeD2&DfY3stD&iG_A|{Ulg1DsqbuP_T(yAN<9(dep!V}}p00wp`7Bi)M z+~t`_gUM&FuH`jO+%x|@vVSTfwqtw44ttgAsPi0u#fE1Z(InUQIl7i3xv-8vxAI{{ zJj2DfDVCWw>fAmTYB6i@rp;<9_FwuIUi?MVz2!YCSGB55*DkG6TBnK#H_v%`*)cs? zz&8tB+4-kP3*6`YgwNwSe@$OP>o(sKlhTMOoY9gUHZtZc5V?(eZ#|(KgDkOe=BDP& zDBrtu%HG|0*B;w%3dB4MI)}>|zqY^MxCLp;b$VBmPinXMsyEJ2a}^8O09-ief`#)* zzlB>z*>ENUN6ibRN0eHlHGBm3oD)&k#fF^C7?vlFvJ;U`#HxoB*N)&G{g4LbtkaQ+6ZJ;0a{+Vm)Ap-p+F*d)<&!%oQ z`9kgAfVKh_{rrOWsn~ob=^W03F;h{41bV}|tRm;8=lLkf`TJY_sTL92z6*|VyiPE( z%C!bigaWGJ^rD%UWRkz$V>$yHVt{A%l6`WpOB9S+VRlbp3Oe#x7Ix74XIQ#0d40;$ zURWQG)ok2Vx#Q@XpUvc$|JD}Wu4I_tRJlYPsNUC%q+ZOp z)tF7Xaj^$Z*H5?IlHp9*e7AAk&JGi)2>UTQ*+v;Ek!}>gqCZCFzXsyKh~}kg9shGh zvp^WfO5bU!Z@Ze`vn0}y$Nnp}IRnJOuL|!T1v#3fRIGQIA`|Hj)uVZFW!0m@cFXDb zooY4l9Zo6c+`@>n-%G#Fk-qcbcYT-I;6+&nv4zXEy3$=s#`$t^AI4+GY@EI0(n{gU zImU6}*=7(l_q@SC812@TQ00~3v5q>U5YOv@-LAnWB92#KJ5W+l3iRu)vJeV%^yzZ9 zGP>_t+a<+BL44s{{L;K91i}g(Bo);%ZR%kLUOn@85eAi_+oD%c(++J?oK%#jzS4iJ zvPnL{-<=uA6HS#3u7VC_#C%ADmfkc*rza7Ju;9C)7n7#n)GD3mn7&FrF=CRO?!v!s z%8Uvlql7|k@^rrdQ2M>nRpZ*$umU{ERscFuLj*Z~uuytLleS3sLnkI=$e(Gv_({d# zsm@?8Ded$Zx%GR0N~4c50=Ve32H96q2X&*~`BO*q{|nI&WT~#NG}jO2c`{EU`jBl{ z?`LR~uvjj!$bxbFRX032!1foL%S#}B9^Y5ifU$Nav*1N(Ke^R`r~f!{3FKtn<;s|< zXxCRctoWF5lJEQ%t$ixgbSbs%#6ubi$Pk+xT}q_|d5>E;sX`58fNEu$%-hib&P+yW zlhnFV%j-nOwNesMUhWFq+cJjLO>O`)9d;Yb3P^U|&uvs)}twZsBnGq3x zB6pvPY3X}G4)ik!44C)nepjtFljzorXI%Pj(V7QmYsv@nKSKd62yk6KSc$A@JDf)4vu6Rg&T#Z{aYZb@3^sU{Zu zb6leK;5lKXhuF8E4_T*{6zGjSNj4`lyRRoRT4 z$Sg|kP&_o6vk{o(0LHRC^MCy-l$Ar_AzBa>7qx}vWMK1h|Tb3ZtVWIa3D|n`s<(3U4BH< zuT%7LlCI03aNh3wN>qrjc4!Q!n)7{oOVxN{9H}KrM$mi#zQDh9pt3=i#u{?tjQ*GU(_6$-ex!aW=@4Xh`M5t;JS9 zaz5sv+>;6?a>ilGBjuJeS%OwChRh1vq_<;oKEzR!{tj*_TH1wc=2Ws$STN1hH$0(; z+$qnaFnS#(EVZo1Cbe~$b0wmEeGcVxc`(TWoPEn9HO)G(T8euF4q0M}S|(D89aYQ}aVM2wd@I;MW#2F)&1&Tz<8*$%aspWFgw0$GfOUNRAP0e|R`R`(Oum zD5{^amZU`qZA#L@_U?$$5xZti&(@=z+9F-ky{_6Np+DF1mZ2{CmnZ9OwH~xPR~hNT z_9A9hHDlHXqM8;WrwL+Ln=dmkZIG^yJC1-XS?+2_Q>4Qs2`6#fe8aS&;p%AUJI5CC zXwgK1+;k-&q)CU9dPXaang^WSvDod}dCjnl_Tj}SBjt};F7D$wBFy)K{yz5e+=r+N z8ICeWPL&y`Yo#>Et{6jahr9scxAYy3-`Qt`vg*A7!Q?nS+XeC6`;^4~(on{Q=_Mr2S zYa8Dngi5PVXkxs~Grq$$jp}a81=&X#5TZA2MP}z0lNiY=8T4jn(#BOGTHY>4A@6jZ zwRo>`n-&|Pllnxc1!0$8Z8VH=^EqV7J$njKL2{GFX-p@M4B%D#I~h{DNdqN9P4~bg zXJ9Gjdn%dZGtl~RxVlz+BtO)9_AcEUzYpJK{q?>MFlT>=+b$Jj^4gXljh8vHgkFT$ zc1Oo4^-Mr7dmkX$OJe;jT5+-Ab+5fTX&V28Lce&rKp5TcU=ozBBZ-0%#$VTMi8|qh zi>j$4T5eZmZP$0RYc?%g4vZhwLCUA_# zypP<;Oc8iFK~z^vYB-y%kOgrZ~2ECdbZmMP{%1Q*Lkf zTI`z=U^!*{vG_`&XsSm;{b3&9=vkYinjbYVJb=9^=8Sj%^w!U@b0q02M&fYPTiuxt z_ws->Mb0n{zQ5%EA6aJ|R%H|IZAzp=q$HJ;+H{vlh_rO=EdtWr-61XA-7TG)mJaD| zq+!zy-^2T!`p)^2iwmxqXJ*Z;HEXT=SF@)`lNx2^br>8bEvW8_BKWf9oXja_+c`5@ zl=0o4Izn&|db-2XE7+GI6rn*kunk*{x$En4EqirSbS&`CV6{2EwZ7jCRfCPNYxIg- z1o5Xw9*%ZiLd0i>{<+C+l>qOW5q^6?6)=>72wwP(CpHQ{8xZcOklP#q@Z9t|PQhtN}HZ+iNu|_>8|c`x{f4 zF+ecz7cr{y~3Q0n+&DtK)Dc6-? zJd`g~SAJY|B|ypogJ8Oal$5k*$6^WhuV+Em8IR;Cf`!;atyga~V6Y9?!m-zD{D}rf z-tya<>$3_Xbx;^k=o@If*nsq;mJ;UWHGa0>wMZ1c@q5a|%kQ;Mk9fzOoq)Snc}1(p zllt{zi`(AA&Fn{#{JJU5R*?l{ppgDBlSN(3aFM0{F4*R|2skwJK*ivMcM=(`%Ik&&`ABBQfK!nCv~I*Jb7$C(}1YTbbbY9H+|6uSGcL#^CGEvwl=Cv$C4Z4NNH-U6~f;4WSNh@}YmhYX$T2ir|gb&w~Bw zble*EMEpZ(m9^JCKSIaP{UINW_&?$3_B z6x%H2uE`Thy-p5$ta|~r#3lUg+lOu{Y(H)Q(a?HXh}gCs{{>Q}`O}cTB^ONWiqu@UQWWh(+MJP2bC_r%q6}8BbwC!j~tHLE2CMb zcs(2n3p>~{U4~Y;U(CzPz~3(q3yM!=+ZwN_bcW4Jjrd-8>i9!cDJFI@Cxzs%E?gH0 z{C-<}7J=?esd#6pkA;;dsnWPn6+=>Bv6LzIQTRyDhLhmO~@N}-o z_p(KC{;%^@jzZSNsuDDtSn$bTP#vSU+Ef$)tip{pUQ_!U=s!q$lcG*wxuT5jhfN=4 zhForWxz`-Z!HEBN^IJRm2RknE@jCbIRC_@j3Pv@Lv^R{V8v9a3vR68n<{ z)y=pr(CH0c7Y50O<6houg;3xT450f3AyA}ui2eym*F;K4^>~vS!ua#gFVC*ulN{#n z%U`o^l;61{mPju{AsSfBKf{qm4-J z&FGOj_bcTUPRt`u_WmV9yAn*~MeBLv`m0R0xJSzy{R!Gxd=bISIDc@5sOl|IXAN^a z@YFA+C}^qDYm-CiT*8g~0QEgC+}-$1y5dbZ9{2dDQxAJ^VTOv#_#VTKu3hLz1VDR2@m@lIWEu!;p9ya@kP@c-!h1^~FWZ%XRz@6`G=oGYz z$0B3#VK3{gW-5YId4E0%JT_>4c`3)OzU(43i%IvPe%ZEU(v)Cjb>@i^_swPIp)1f$ z98+9paAUhtX4qoiyc$Gn478FWoa=ATA4C17AYS_S{Nw0;$;Swh#URUMsAO5wK1-!? z9vX0Cwso57@CDI!=8)GgydbN?+g3U>XeNJwJVrR{r6-dA6+h+hqb!lhcs?>R{vX1e znli$&Fx)Nc0J@Mv>izDE&^n=#A0;1D=L{1joeRAJQm8N8$K>=iA>3dq&9QUpoo7&7!_r)&NS>8)e1%}+ zDqZ>U>uVSj@=H+rswTg2SiV!ZE`w^Ps+d}jD@AB%_}=!q2kwHb7g(>r%>+o@?wwNwr#U8+wUqd8(^gX;&NO z%tk{Z?oQ{P4tEN{;qI>f=PG){}_?PnZ^~!c zW4;=l9*r5_BdKZBZm%%dsy^)|A%Bx`D5W6J2SEwsQ?!zsC@axd-@0ILbnFsU6u7R1 zpW3Q(@T1iTrAS|$Kce<^KC6o5d@O7rvceJ8e)!-z3y!V+h`|RuYy`ag=X(67Fz6oy z_%lG0rdRYoMO(yarJ(Fz?-EK5Az3uTeq|yw;T)lt5A;eYQ`80V&EDo!Yho2U04Lq& z6UG?xu0u+Rq5HmTzbmo2gL8l3O)**dpi6P8#XJC~-?W9+O)=Wi413RiTMU`&%$*;J zm-|J95le$CdsVaOWLWfav!-GZzbNI){G_hkJp9YmL`2;Csg7ZOwyBga6Wdt)R?Yo6SUz+N7fQyYnT|4w?z&g-yD9_`1)w9E0JE$z>{xjV{R9 zXisgNs60pZ8~e~ZH#-9pu+$%E4?mKo zewa0Pc)5GBKFckF5|roh+&Gl|VcuNnM=G#W{%dvqSt~$Vf_gQNv!-SX65(>elT)UU zm-TQu^wI>-OJ?<9#1J>4RJU|`AXLCl(8~WSb){w6WZ0gsI;m!FwggGRQhh0tPPOwfomkyH0q^50r+5s^vu%N`j}LP=9j zeyh3oRKZNB9~VkWhGntL)(3w37NrWmN{yX3=5VG@uW1>;I?Jw>mMae zY5V%{css;ZVR7HjHPq-U^&rtzGOQ0H$uTWwrRIH3v8KQ`^-L*sYqK}g>>1}{eN3(R z8}K1M6dKr(u~1c4)>)Rgu>3l+`rJ8oE~s4)B2H=s@EP;dMY>d>TvtS$pxdjL{L zJ$&12p=Xh2mCmONKAQ4d$@b5F3j7@h`Wh<@>E)n-+Ig$V+c4?+o||H(erqVhaa_Sb zC3*CgJJ;|Q%Sc#n080$kZz~3lEjIGvUXvKot(#q};{7}hQ)ozl`I!R>X#hM(=i^lS zZsAUD`u|zT*zd^lR@1N5N^jpRKOKaQAABc+i^i2g=B`ASNX!R2l7?^%xJd}1h@Tu8*5M3|4w>?#dkT~D>2`dV z2IE^P1;4O7!+1_l9F>EP>E$+6R~SV?!mG4<>!eP+Gq7dnZey{bD3W@V+87PwN^<&v ziz#!aa=&77FksB>^(n3?ip1O7^!JLDDl3KWfNYO6lHQUfx5Yv`*IG3|NYU>qF;$LJ zKWjbT{sIjVdapBtI=5b98hY0C?X9kk)D&>Sh6{eOQnMTleCqgqfLa~>vM(G*^&ZUJ z$y}HoK5)vaeAUQ#n;10wF6tiaeGup<^NrSb3@zCl2-#i( zb=>jeJ=TRA)r*qdjqZ~_*AjZW2}JlB8xqbRDX-vpu8?lkSny%*W?GDsY_(pEY-Apn zuZjK5-0+INe{V2tPV(>2|9c)CNcPYiB$@X+fP}fxjbQPgx-l2e7w0Wmm5cFgG}$lc z2EXA47DTI*|NUHFpycj{`kDg%!E$S)XfL;a>*I2RkZd`Rd7}ryBL4x0;g9}zU+sn> z=QI47mA0r$kY}}MGpR+FMD0-x1Ea-{SUl~c-4qIr0-S8Mako#EHqqTUf6GKqe z@6Y??zdyQcCJbfAQ{=tiU@h}I!XEWcH#*whj5!tto!kk@lX)w03xS`IQRLZ*qiRmx z1KQTE!elXRr}JqQbRJ-!VK#a0XVh{Iu3mW-4n+r^7-jC&)8 zZU_%d>RB!&!;0mp9Pu<`kJ0niGyb~{SrL*Q5?#Zo6k@T~L7V&ldfWt5DIY2kQ$$sj=mo}ONhgT^tI<<7) zR8>5f{3dVQgn>%OQ)HN15Zwqrfk6@>yDY#$J=>kFN-rbP8_TECqgRIe>OF`(6)cWq zpX@SOPGeuVIVSX(&?N+gxq1CV`x2Il1E?PLX7QuJrokMoUgRe{3(l}tN@~J^KVv4@ zZI@8fH$%UsvbKFzbAE3Fr|v4f+#Bou%7e2gPUj5v1~nwDS~|@d{69`2U}q^30F&W) z9~$=AJpx^Iw!+Y6PC2k7QP&8ekvem)lasV?yuZBiW57X7f;pdp;I?P7g)>3q6cg8b zB=b6uh^F*fhavBua^*sDB=ZV5H@@=BpXWO2FOf!Z{M*#vX}e->Se&iULDx>9%D zJ3fm4W5H6QS9fA-n(4}+>)o&amT072ZoXz>)JHIk5uIfr{oW9T8Z^Z?80>gt^g-n~ zTl05bj97aGrpt|}Md-kb+Fz_yt@gJ3c%RsPGNJ3+DLZD18Ta%jt^Rm8!>Nlv$w$-D zXLWEVZq*GgYVf6s@nO#>i_Pfdh1l7jNza9w7rp+rHWnt-EjZx0eEb4Iy=HAGs7HUj zE*Owm7>|={I@QIt^tws@pN0!qv5zxqqB|sbCfYYH9bKFs(qpR!=%yi%{6-3i6pdvm z<1i=;miSW?O(-l^=ih=mvo2T~w8p$19Uw1S^ON4uwU&{jDrffDX5YSo?Sa5`wj!tR zx^^W#c_%mTylaw!jDSWAIh$-Z+1*Ewq9wiOp~m~!6nzic{y|}#jSH>fC!|G>o{n-aCO+wK8o-+L1#1 zy`6`GAE_g%+>V5)RyNMWUs=Csp&k!H;F`~^4_+oLU~IbFnayS#9Hby40~_+C{qL`B zfD?S%`c?`Yoz(ak5{<*jR}8P#g_P)Rh`=30)V8LCk->eTDXH{s#Nw?B4Zt&^l3`Xs zII8UZvUDTUD%oK{c8RNZZwCHF}VT-r6Pl|&xJW^ru+X8ux@*Lf5eY*cNN%R+P z)E!P*D3rQ@FlF=xCiOi9`++45$km~hXiZk_vp^&%DP5z=gB$kSC&~5d7s@Mb{RMA! z;+a=A?EZg4Y)6WgYyayML?j)R)Oc+gjYG;7{r%6gyAb7F_O{o`xh9W_N28_m;*6Ci z{#U#XF3c3M?tIYVy`^rQ`FB29$_%7UVXA{wDAgwz8#YqmO;NHTi`-9(sAj}D8p!rI z?KE&LeG;8A5`X#&eO)fObgvTDC0+NW*dTz==@6}?Y=_=YY*Ekwx4U1cRIaHmsGqQ) zP48fh{r|s#yisTA6u+)Wv<%@wrZ;Yr*YjqCt>gQiotw%_`EILEveT7+4a+iu7NbH! zz12x7xAKf-@?FLG;>hx=RM>gL|6QjVl(DFN9%?hxABoa+A3TwwbWa_`xpY#WfBRKd zG%WHP6GNrVk9tn_@;{jf+4+8_E=z>WzxO?7&kG#`rp&&uu&l_LueSW}!F7KWeUx8M zzYBF^^VBC`uuqK{j*_DxKCO*l`q?YqM&Bj%{MAK~5V!-$rlRNq#Yj%68jLhJ`?TT; z0vUMSeDF|A5tW7sE&5a<=?QaJR4k(ep`-u0Za=8nBYnG7iAjc#+);x~GMlZGn*@f{ z6|pRvESOnI_*Q#dNrLAQBtm~#Xs9%sFKp0(SdcyWL-)ZKX^#FJ3cT{Wll#Xl*vDR% z0jK121j0TKmy2Y{T&37{1$`Kp7!+jRp-Ky)1&jObMbz zq~PoP;Uw&*`@6PIPIk$XXzqxfU|)#@7lhqo(Dbc@mH}_m`e2JY=g-%wZ9iB>2A@YQ z`aDs#Ox5K>?`J>@&AvnlN892KE(;|zG{ZN#{DaIZz>C>9yVpO}kLT@lUh>pyGNY-nIE%9l{ z?q~R7y&<}>+x1)6tR1LR3c?i56!~HYcgOx#+WOq*u0!G>a0j1$Ovk1+qtbo7iVo#z zi3i)4#_I9qccCU$dd3wa1jE4gj=KZYjh8y;QfW@O_ZL_B>>KsgoF*HIl_`<3l=28^ z@*-@v_jC~zV&`!ZkGG^qZ?Q;x?N2@avB6h3A5~}dK9L`F4$y~%;86Fy0V!M`D+MU2 zSK)hJeAj}2FIe_D_^!q)a(YY5qddvxKCoX4|9dG>$BRZ&AbLg$pN1aM&9!xNGjIzU zA#HLW%~14ZitVF!E{j!{CE7Yz=F1_0|y0+Vpw0P@asuFa% zHTd%H3T(duc2?2$;;*vdEOfoDQh#fp()6&tcwwN%qHg((<3b+lWQi(XU0Eep>EorF zM&m7s#@W)W+)*?}7V9sqA9?zgCs>WeXDS`kmoV zxR)*d=;lK+ylMms^mnOl2okuk^{Wfe)hA6V;F}vJipH)5KZ@byx$Eg&or*gbU0oG+ zo)&48ofI>k^2iF^^iLQTmdwZ`Sh|4RS~gv`w(b8tY3bh}NP8f4pX}hV#|-2ezo8Mx zmh+xxs#X8v_<&~He3=vDP(i&a5oE5WiIH50FwENL?aLP-n2FD6HVNm7LHxps#C(|5 z?10rcWXo3=&uGMFE>Z|TmU-Xv1x7ycL_J;XO0l4h@Xp`TyJCOt2GgE^LwOqnr}zpj zL@%p(Buvv8-}q+kfP(lIgb8wIr0IwI&}`%H`wM0>04NGSK{W64LYJ5DZFhegWN_(g zSK!Lm9WrI1y14#QbZvJ4-H)Z7v4VOzUrX%XV*kEW`w5-XQjt)L(*gqkowI}`v+FX# zXbcrT1{^0z1B1gVtvI-xz*!jmq<+`G`LpQ7S1$nO?sn%mR^`I+3|Yij)qJs_x`^xu zfSBtR9JQTcNjf$S(I(s5(37*;SC1q>jS0cWn2^Ic^C2AiJ_ogaGxdQdE zh2hk`!6t`ejyk?pLY9nUXSfl;O#rVm)$4B&tIH*#^%KGww1|^c;fHp@%B!aI1+4Fa z*Tx+cv^dbJsh4Jf{lKEBd1Z#NE&6{4^DHe@L z4}_wVZH&|>rcdqn1)}QCxKry_aT51$sm@BW>HGgZ%|}oZv828Qb1)~^^@iaiyHE@A z5DdL2eHC1t?rY%2_bT6_!6D%1T3s*m1P}!PjyVv9Q?el$f12^&q&B&px#+LSR%wau z?wN#)Km?IwZ;|Rva$FPYIHUVt;904(v4kDZFn-i5OP&fx1QQIWBKgtD`>3zDfIh~T zg$gI=z`4~MA0gT8Ahjq~${d%ceeK?CP7{q99{k+>(X7SqL8 zHNg`=VQ8{xcdX^Er$$91pBJoN3jKj-2^qi+l~+TzAaTpeX-vs{#QSEpo4229GnR=N zz8v-fJv^H1Ns6BXfc&@_%K-r8a;20_KVxO`yuiGc(1H(Eo908P_t^DNqHDRLl}%(z z38DFGXI#>%2UA^ID+6%fKb4PsAYM;YgO|ms3kV?VCP{1nQ{p-dVanRZ*K^>GjpQcaq7DNcxJ%m9hjmcH1ubLw!B z#$tRdXHu1z zmYqd|^Mx-;aGQjZunqa|o5HQG9j18p4-Vpf1!lHuXX~c%r?h()W zm@2aQG?%40)dnqf<;cL;$>lgq6!RuD8B_RtedDsjW0h)g*{Cy&kEYJx^3}Zj&S}K9 zXvvaOfF;l3W}}4sKzj2pD6)1%h00x0md2XI>Y!zYQJoOhvh(r3;BF7BMKkO~R#?;Q zd}6{f{ccV8pYuN-S&8LPxV^2o}qZNG- zn|}o`Hgg9)^#Dft3Ytxy3apWOJKrjed%H~eUhu{1mp;I1?s_L=p@^I{hpAck(`VDD z^Wb^J_19xI)!7OIhws2^_=&8dhCmLyXj*9Ag^#w9YH#k zZZ8ojGGFH|%U(}XvoynSwz>W`_Ayo=(HqcxarAwmY#HDPsAE|{pWcStmR8kt4vd+x z1cb7A>tin-{q?89Lj4DNZAmeXt>ttSG3fe~Mx#tU7JbspIZs?p!3Cy{BULUtKETuJ zO0tLyh!C=ZVMx+P`k+<+#tsU~@Wdi_H&v3p8R9S0w2<25c>5}Y$|f$xtl1&(QvD)e zB`;2Q(aWZ+;gH*UWk-+I3f#m)Ik-GpF*vrGwRmu=t)uiQieGUhaC%&9e#Z` z@WZN#D(tpN(>LcaSr7dds{lt^3u57q2%hActF*L8zljN zWCbkR7rS+H@jCH9O!a)APNM{8X$h+BB#%fmDN-MWnoa%Dm5ie^)rumsyz@Jis--J* zXGuhwYrjeo#ex5`?RSe_zfBpfd8G^xKdTUVg00nV#{B`H*s!A|+*LRUa<6?05#WC4 z7nK&$)##2GVCWDFc+^#Y8RVm@^~u39#wUW=UIU%A?TjEFyk;ciiBNv2a3B1P*(;@(s*f|tx$ z8ri{D|D9pfH3T8m>9e-6N1xBw)P{uXK>C^nWT|wTkT@SWtoS&Hl|GMcr>DH^7;G?{ zJ`W;5GIThaDN-V1Ikb+q6Lz`$IPK?lAC{T7wJp~`{9WV(qZ}s}Ox9Q7J|;BbO{n#D zC-EZ|4F7KKG!F2=-mC~7rKnot=XzYtVkYY?l&Y7|0=3LSr8;MrmTTv@?pGVGPM2Z( zRFxnv05^SK`AA3S5p>8Pw%>&nsB5iVe#l^nXa>C_7uKzNRZs2qa+A5=;O)6@&|aha z&1vP7+E$kEytQU;war~2aivX;E0fmK8M5=)1GXXCue4*o66V9{8eC3`SvYm?TQXs7 zD8lj$46k>)TEQIA0$W6baW&6!_>J}IvYTkmtwW~i)&Q(aK}28I!>{CJ>vn&V?@5Hf zJ*D&U#^~w-#f-^KgMQv;>s4X5_Vt7nZ?8wW$h3d_JM;OEhp=ix#?(5QD93X3UexkM zyM*tst0(S`1V;6aXNL12RBLN63IR;87H@9%YjlE6*3FSI)8gLIqKbpF2(r>xYd*zL z<3Q7LwYz;(syV}bo1kqR`^YlLeqk2*S5EIPWZ``smaKGH-9$v?7QvR_T_==TyPbBi z>ac4xAwF5pFY@ptNDU%zyZW%EdEoUFbGx$K%oX&Yb%g9-O`2Kv^l*CtJN0@*2e{NG zMIyy9tQ&!!vGQt-$B7(G7UABk$45;$75i?CYLRBBuM$BqJmc%$+9&X!0>FH@`gT|M zo5QE3o>;JQTegv=kbx4O`uTi=4PNQ}cg#|q)@fqx2j5hg01e^y{x-4=v455EZVp~2 zDKstb$4=hyXkD-zWaXH6B@E8*6i|=Glg`zhJ8NKXi`2r1tFQpIzS_ScRiymbU2~V$ zROVG%30`f+y6jK5@F20~4hS4ZRlMg`)L?MMTiaw-zsTpy(uZ9#(>YK~S)sd&vanN{ zWlObxCJr|@C-JzXq4B{mB1zmn(J+3M@n6@tj}4wpB~*$?wu+eK)>xE2V7#egkiTz4X>WzhkefQ%XGIGmgxe_KhRG-P7f|Y6GMZ!YvV}dS{ zfLb}yO!yFZEe{?#>9Sh)$NEThrc3?$rFomeo_bu)S}OTW*UXCIvg{G}HAd@Sc8#Y& zrc(##j6M?AV%XF&Bv7Pg1mWB4y|A9*cJC zKOW=Ox0eu|XP@o<$rG{{JQSzfe`wh2w743XdjFjUyS0I2rj0PwdMyq%5s0Z~Fd!z2 z2;QNY#Y})Oh4%4UP1&j^vKt8tp4VvP(Qnk9uJ8C^do!{%Y-$74=AFSjfZCi}tm!~U z$7;5+cQlM>{Z2mcMnF%^JtjiAH$Ss6-G}M+Bo<84H;*yQM};=H>id z_6Sk#_^ZdW4m#LL)s`rz`n_|OrXMnEns4S_hO~Tl9v*AHnx-Y-gEYm)rHyKdiqGHhH{TT1(K9m} z=Ms-shIfCd1&Z6IyPv4)9GbByJ{`OD-~2w*>?^6$$8Wgx#j=J&j%oFSm&ss$8fdIF z+Xx(qcQ9D-C$3(T!f-#mo!x;{9TYyK83bJHpHE96)($JPG)gwAt_V@R6!7_Kq_Zre zDZ&XBuG)FwZ2#vhkHzq;5odq@tR+IEJE%_Id}-^;HNZW{e2@xCs3@Ha{qdI z9nBRGmJ7hsx$e#I>KKkWet#h){Da@JuWD~PxBXA`T9n6?KOlpKpjHY-TzRa-dIRWK zHS<_tIIyk42+TuATXL6$ztF7))akcu0xyIZ$am*tZYf5qTc}dxXzC7@*coLSK6XI& z%>6E1W*H*MWLdz61WfO`Eccz=?X@4~z9$UP)-~O{uu>AhmF<%(Z#J zaFA~v{a0Syt-k1qO*>sa+oUS{k^3Ptf#9S@ah8sM z?|U}9%q;D6Ula%034h+8CrSbT2ZMTdmiyoh`g4@FfbeyGtTd(=)NTpU8c4mn<*4O5 ztr=u^&^KzO!C?&N8x#&DxtoM6$U=JLLVc>&L;IJk1@l(?F?1uBIPdWkcsgy1Mw+la zH_ZFT-VD~AY3V#rr9EKD?in&H?W*{D`mBRx*ZUigYR>VB+--$7FE@^oUW~R~s!cz5 zu)(d4ynR^fvjh2uKi$VTK;$VkK_jg%5p5)6@7MXO9VqPj9%;|Msm?D&ugCVL@K zmn2TwMPWlR_M>x_3l?jQn#x%pM?EX=_otHPU;~aG{b=hb&To^tTpv4$Dn!??M~X5t91{+r179$A{rV6t-aRhUGANxMuG?t~PUPXMSTn+#@4 z1GN{tZCA6VLxvZ;norSOe_yz#<*s!1AF;vrr2-^Z_=|Ss(35~I?ugPqPQ%@qNyqG` z++AP&^n^fNs^CWe&5)d6qu}t1&eDzBp*uVe6sGF3E}t_+ON+T1>LcIQ5w(!t{ssdn zTBOGJ6Y#zKU2DzSuZWm70env%)U7Lczue!Y;agv7Z~B0igpXR*p8N0qv4<9ptU(7v zz1@KdL#`1QMvO$FP<@l;!E#KDmTbaaJGwA`J*P!XD-Tiqw#VMwhurJ)k8Ymf-Mypy zcy5Jco~@VK#y{Z2N7v%TuZB{vfeRMA6nIV=%J?0#Vf|g=)#kfI_b0#4Q`Flh+Yn#0 z>jQzBDPdOEy)ebYMuKuJwyk`47(TK>M54XZ^q!!7hA)>%Uic9Y)?gDTta`4^{QQdE zQz;{>ZtiBDWNi>1f=ZZ1Ra@|L=AzwX;5!kY!*?~2%sYieF8Gn=eBjkRKu)+bvv4C4 z#hI^hK@|Wfm0uov!Vh(yoGD?D=E4!CMTXma+{ucw`F*+n8Gyuhq8^zBe2Dh=EkE=I6hMi#*@~!sPZDg`Nw{(!`Duig zyyhx>>@jzm6*=RgMoc4>LVKenBb;_a1Gt(fGamc4UjnQYm4$F-QGx3T%ZUmORcxQ>_Hm*;i%>CG~NPXKw;I z$kzwHI(<{Ln!UkRjlvwUm5>73MXvK^KrHPy*ySj}jH5+}V1M=9W3G2J`$VxcXZspz zHiiiOuOS|B#JoTMF?V;QZtLXxH3f`y6)DRKmE~PwdVi+2rkS`cx*Uz;n-hJ@J*_MK ze3p)X<8In0BLq%+sU*w3zr80!D6X5u2ZV;*LUX?hw;3o@@3Z&TPGu<*ki;`^`Be{f z7B_N0KDOFCR<%iL5`EX;ZHTxF4;hU8)w6```^e_H@%oW=RRS#vS2)4@p;vPD4W#ux8X+GD?FfZqF0vVz-=38^)yrR(+)4r4hKmS(QtDKGab$K5c%!S-Gn?u0tU-w%v87W z6ZtxqoydCx(~jH|YXN9f0WAQjJXxY-5WodP%dPG`N8NrJcyckK|RZFZ?_M?KyzqOpptmr zb=`2?DKrd(9|hHQH(~jKKfP>SWm_tjQjcU<;kteoTzAv>4fbj3u+QWM!t;;Vap|}`Hd?-h?>$@weo2W|l&7s8FjlCSmx|faU!QPb^aYQnOPxbs z6|2m{my`3)+sO!ZvyKi)W)2NDtNS7P{WF)BNCazV0#l zx0%->9{hCzP2e=B4rTApjSlZw$UgggEwgY{`9CI2%x;5b-;1vhxPit36uW4q+%EoZ z_z-PU`x>pq^)4rJExy^vu+q+~yiVWndN%=*XOY-#P(xb2TuT>5Va-hHuq*+aSxI3J zi7uPbhe2WjFRWFIe&j8L7#c7%Hq>lrR%+*@trhF(tJZUk8+%e8WFIWsVPonk8gFRW z3%{?JxOhaJzVm>;0QaaKo7fgTLWLsq_0hhO=6ENZyX(8|+ywSJJ9CV9H8}&9v5h=l zB=^&=tpv@sLVO&U*s{r^p{TtT@ux{UxhbV7YnNvqT=XqYRL~#Rt_;DhfeH~zg>Lsz zM%@`LT?Vm?^2MrHg-M^Ungp7t$ov;9yt|uQg8yb{6mgKcS&zv(a|BNptIYX|tNLXK zxA3o2wmRpj4FZ`*w}9B3-V|Yr;h>2E3$Ms4&#Sk6cB|eFuC9-v_QgTj-Pf~Sc|kvXpbg5QAiyW857U0Cq}q2Jh^PXFX(4=Nn5N9 zWaU(W&y$f_P{??6rZMIDj!*!eFG!EAT>NDEj-n&(`g9+V7wsZ)@3=W`+p|y@5!iC( zz0G`BizcyrmF*2ixoSRtw|)D!->C~>@!bdae5^Ly_|-kQ%^VWfAmxR38CZSW=oG?t zaj-^6@KBWU3yAQN&^H{x^8-5?{#^6Cf)u?9U8fHu&0-hD0-gRzcB{X7K(WjCbVavl z`jJtq9-P?DZ#8%8rXDxBt=qxOSz22Iir9Ye%Uy?pe?^*+z+Dz$Ep@L>>S(>3cGOSK z*!=FxMdkEzeFFcP45~9%0^* z4jh+tN^WodG8!RRgh;rj%;#QM3Br5VKi%jAXBos{Gj=f|1LawH8ms?Ahw)Y5w*5g6 z5$ujG!(&1cDzlLBqCmRCW!%Cze8Z}~S|Na?71_C5O`@b{td13XHC|1D#YKXp+@YN0 zYc!*9(`A(1Bv!&|2rifr7ZvWcH;>!>@JO8mkW3J#P9V3aG5Uo+-}4Z3YuPLH`O0|t z_0b!)F}oBVlFQk>WA6KGRg1c!%G&BqsrUARyFWgBqVV`NWPyKv4T376Cl%*~T*N-Zky~2|BmRMD#;{_Jl4K z0@-L`sa+}^vswmenIHkZV5(2}TKa;2r7gn9e;Gepkv9nbs*>&zjh^sTH635YryO_N zCLNZW?aic+-~o=G3bZ)`y(Wf!-o@%WHJGZ6RUg7y|0ztOj`yCi|6nwWZOb3g>ua7+ z?#@7UItEf1>3(G$POKCD^qc=rh8^?{NwlE9en}&YU49^k5Lo*Gat^0M6I3o-V31%Sp2# z3F)b{Yn`{g_Ppbj34Q{IrPj=r;b%uu8J`^u(j5i1F&5Xe*>pGrAI#Rzc@DE=+V5$k72QL&lJ-rDHBahUdG@ZJ0l8(Y z;a=X!|v%ZSyCTDNPj7v;s7e76|e__9tX596H9k42aB-jd4qG5`1}S`3qf# z{j0`THf?wikVe6Z30i`)7-_>$7rPab0bTUF^e^lr0GX9&b>}Nwe$OClCE@*Bctd z8kZ6<-OMkXNIcW5C-toPkcCnmHG${$DK{zX0MGixqg=TzxJ+fxZW6924<^KZ;*82} zISX>^c_CpT_9#x~CEh-m+MCg_`jzimb^6=(B0!&-U#Nn`D3O=qvs-n4QeRghQ z!}N1DG19kfBK30<5y0`QY6`pUk{v8(%~24qdM_OnZY1 zPZ~#?(iTk6O2vO{h8F%rTpiPAz3BZ4o(VNrenuss-JBLYVE<}|A%)b(TVCMAjDmlQ zDzR4r$en$nhi9{d5h;z~@061(S#XCr4%WSmIS6G?zy1W&w*35SsIQU+wtX(h@yVu) z!gBsYt}&S-|Gj;XPHpXc$5$JvR``wlfh&#qVr*lL(8Dj!aX?GsWVsPGBvX;SY<>rX zdCB@Psf^IkpaQTfX1$0;Dz5)W*AZho&eSk~ZR_oIPwqA90qcd3RNtFB-LqLUSRUJa z$mpQC;_ixwV^|A~uuI(+IQ9~~m9XVYWHV(I1nBClPf6Q4Rp(O21%sf|gEZ9tN!$6Cu|4KbKN?{3>Qj1JrHqvhV(i9F?xa)>GXwpJso+7|O$5UE-N5 z)NL9AuWspucf*P#h~Nl;^RJ83JM_+f<7V{s7H^0z-hVEP%;qROE>@Nxwo%zWm6w~k zswH&tLFO`BzeLw(ErInm$L^*9`SEt&ZSa>G9%bpG`wr0bmz%<;boX;T>!m_et&j+z zYf3eRy=`+7b| ztbXP12mH&ink0 z7M(>e(ijW*INR&g6d z;u2nXgFSqgK-UyTqSu=d3kh0pvHTV&Sb<*QlIGI3>P-mx4dkZ)7YxWMvgyAgS*#8} zpI~=TfD&*w4+ftD*-@JFpg6qT-sJ~Y0yNN}W=AwyoVWa4<|U<8%K$bRaj|XcZ@@LQ zd1Wo~(K(EM)-}H5w=Q6E@mmW~gasIJPtsK)^4v@*Ku`xk*!3n{F)vO@qEg^rHH#6s-H0bCwr%#ZJ%JI*fUk_|#ir0E>+#Tv{dFL9h^A`mtB*?ips@7~bK$jx71TIm#>UO)-F88;U%;r-`{V4!(;0_X} zv(Mez2Le6cN7|lCk&O64=R;>O6w5=YjOidUj640+?qF#rfteXyTVeNrjtp!jSs^N{ z6)%d0SL(yK@NDw=(NE@+2~3eAT~KQRTXW7S>@3xCAg^J9Fuz6*-lQE@-<3CPQAhk}c+hiLJUzN_687d< zeu6`EUkSS4EjW8>uy7dN-5lR@J3A%{+PJUg9eFt_Vc+YbS;Bio(Yxpw`~~j4@Eyt7 zp9&|dC4&G|iUEo%UP*pmL@+&}$AAm+?B&5c?zTu7)u`7wUjftjgUG?P{vap@kbeXL z0e!HqSM$V{K`aQHA^c!t=%4fj5z5#Y-Q(>VIkE(QQQVnJ(i%&}0Nr5h@qTRF+4kdN zd;l29_88Z!M!G%M!?_k7kC@xSNE7(e*R=3g8XxqL@=i3A5-(K0a2=Ue8=8M9*5y=6 z`uN4XURC`$$Lyns1i*9HqIU*&@A4C=c2A_=zD9WmABU=<}Qr1R*=`+%(${2i#BBlL@*;NaZFZ-XcSXnyWmx6<)!Sv97QYx=<;$%Wr%0wGr^dD6 zKzNOaO%g>JWyc1-TnXKZf9=mC%$j^^a^gjwCwD~u`i;3a`+Bac2DHe>L6{^!90QYlRpAs7>Y=pFf-U| zi*|Pj#M&ghb8P2$>FYxqJJ z-=T6~UPI$gB~5U|%*uk;5c(h;<70AzLw;AX(8D@f8k;!`GEXy%@m520>Dl_v=2O-0 z|L%)M^CxF^mU2i2$8FXYF>kq8Gtr}WUNp7(;hh%uADcI)JZMXUb3Iu^DKpI!*u zP=0#18*9gi{lQdamnd-v-8L0w-}p^6;lx{~HSP(yVh!spZ*W=58^~^0Cw>gLX@BpW zc@=bd>jh)juOB1-ud#lGmP6U@>fW0DOuF6&*NEVv&X6jww`PCsLNKqu0RD6n!n#VV zH$x9v@eRetbFM=G-gI!uz8>Y9SAT3zs6~^=OJL=0q~qE-N(KKDK>q*(?64U2OGBP| z12~tp^GTXLEDzff-(1%IE1;MBxa~>O`331^ni#<2Vg`kFk*=9`hqe|Z^pDWYwTfmd z{h~9N%a}(lZScZyyNkE_c-2Nf!otk`YFpey{JmY{)W2*5!8g8D8>@sNISQPD3W$1pxOo3wp==Vq6IchM zWHGxpBgY^&pLARlbv}!>@Oq0Dk;X|@EjJY|=ia=LYbS&tml|QPf}C{?JT#Bziji)t z@gmF4Zv9xv1p>IXB;?U=UB29x80l8s&wX(ud+fKA@R#QGW;92Ny$AT_%?92)Z*qKd8hXS62y5A5(YQ{yAL=S-Mo9QB? zwjegrF2MhHR;nH4Ev`3wTaYF>luuiBAn9fxc%oT)rWrD~0%>IinjTMskImBM$p!nw z`q7+OH9hcPJY7cp{4x=w>-|DdN#sTY2xB+?rLvs6u4czp?2__CjVrBBh{59?urRmM z-wrS_tkxaiQ1KolT;gQ+4|e`*zio;b7(IQ|Ew@E$X@^E>9$ z*~_lQNUk-kgwGDn&1SY{Y;P!7zZ!8G5ewY37l&?IlseU-Z?aSUREnMh&AQ-2G42S9 zN!^3+OT(;bCI2(S0fKEpxLH{(7VRTSnbM3HvYGb$;g%%7bo8+O4G zw!L&Ey1z#`O!=NK7OQ&ou-_ArD_is7l{RXqwfM~2wD2d#DTw8tVy?}(&R~!?CC@aA zHjty~y#3+?eR`JAOu8fip{@SEzUirw2gD}G9_nF+tKUUmS@z>l0uEsNsf3;a+8?h- zgqpAGNxHY59@~|$6PRW`2Ak7O-tC)hS+C5V*-Yjz5d-sKDizu%5LOwpdC~SA`T?>* zzuH1L-vFk44TtrVIbzkX>Tv5z+c4q#8&!xlsSFN0W4`-@-?VoK6OgWoE_xv#kLHN$;TN4E$NL(lEBRAdB;XZtb-C1nVyIlz&^{|)@y_*)uXLHLcF ze=`bNNWdpn375P`Az8nnTYF_altFN&J8DPg4xtSoomJdvXOU>B7RaD=4nzRCMvxpao-+wedPB1J zH?Wrp`W*S-p;^8eLvigs1*%P{C(+BhpDxc-GBIb;tRmWfbdn2CrZ3TPrYzi*uinfe zI6(7kFU0FL^C43g1bsBsdQqWBFUxSfFM|ymf9?ZA=hvhp6~QwD7KEKRGV6 zEA3O+i61uR{)f8jIeEo$ z9bdiI-PPXiaGRb%H#tE1&zv;lfOn@%UB3JE_z{hDvwy$I?mpCNlX`ctei9hhy0>Vp z%2T;MN!P`(k;UlUbLO=iDoSB;PVzcAJm}RJ1|x;BiX2Q!f8x_*gG95Ih{&n^<;K=R?Cv3* zd!IMeIdlHLDb7x6ePg_lG?zayd5yv>`bLS7#g>AOnuqY*_a<9DcAw8AdkObN6}tB= zv4Q-CmX%?xp=W{pJvHbiTYm-=?E12(TcV2%lHGWHdwSTAx=K?OnRHppa%?R8{yy!| zVFF}n;eEWLndlwFQtJKee*Y7N0#?uW+c4F}=3B;vFcZi9wIQt^$$&kE(@L=M+{qAw z0UgX(0xGTC1ij5BmB*&GVRPrG_R`<_P-OjH8St-Aj)0%$T8pKzm`uC z-tC;QK6Gs;$rIU}E*+jUC!o2VD0`idX?T-)z#WW~%H;lyR<|80Xd4slyo<1f52Z1| zRI7@t7HzH2bXoO!gd&wb6L3`Uui_x|RDjh6*mSkBc7J@PS z&|Up(kUY}8)M`wvOA1eLXR+wd6?{LaY?0KZeM9(VxMPszN_fNxEBgX~e_j)LyVuyf zv0FQHpFtc>7kpj|)wEoHI7A!i%A%WkpD@WlAdsHWt4XA>zQD()yp7{;_zbpWo#H`g?%J~iGq}vB*p$8xVzdN)iw2bsJ z9i?mVec*dR&2l@MSI9p44X(UO=nVs9R_=eyr92E5@+H;k>dSQ>)5!mAMuEwKnpgL2 z=lIp`&DFwh0nxuFp)cyNpk`SIK8>AnB+GQc5C6HJCJeBoCtwHfc(uz!Im5S5S%szN zeUNH;h^5>-u~{%)bI?6q&*hLJbpGsk>J)I{Ijl|pq9IjWcOfTn&z{6_wSaRlA2(al zvZEFz%Y~IK7Fy zY!^I^h?nCEK+4WwdB4I%RJMdWU-hp#VH;i{TQ4&|44Z7xf$C2#eBO=>|L`3y zl&GU|W-VZT!`@-jn(_W8I8Rh>6#DPr7W$U#zKAZ;G!W|o`BlS}w$k_Nxs|AkR!cBj zr6)!eYqilT`*`h+i?r|Zm~VF40{#vc)xY>GIiq!D#S$ipl)d_KnY*+8Z96A!~NjK_BiC}5l-dfV*+*9}7+gpux&oO8=2>S2 zL#OwQB+F;V>cat~1~|JW!s9U?;Z@x^R`d0FEW=$sP_1T5DoD8VRXdi*Y=EAb@u8+j z(&ua?Ux24rwYAU&PmXHJtA=9ayj|0wsblp?MmL+;hS&3X?|Q~t)(;yIZ!VB!6(7C= znGdGrwu8w;Gc3ky?wu0p^fL>QH-fQ2daj+Mrzu8efNf$4;Dyo{ky@*B%HO1gJEw^T zv)eIQLnhjmeCm9A!=t{a=0Rz6kmV*!s?a!Vi{RNyAxi*bFqBMYk?CgIM@Q&OIe~x; zv)U})sPD51ndrT`bnw)_-Bb+Mo2d9<0o{h*@ylavZE_e8M8M`*&@TvxQIG&E9A3=zMi3n>vcbn z!kN|O&lfOLEyLyHFuiIZ%yDfM3)uz!hR(o>`L#!B-Z@BU|EV&>7K!_=r%Wb?m@rph&j~cx|r}{YVP8*r5-d0f-?+6ifS+(X+6>sjQHTU9oabmzh~pHRxIyC`H}WkQXJOsdBK7lIHy2K{+G{%D( zc(~t&0_=1aMwThg%udP9qg}cr_YD(OQn8nIP>cPn+7_#8s;Awyvf@-QUP!F`?5QWn z4t9=tCpX!2MwuQTbj^&|;TSnEv+LJa8+#MAb^6?9@~jmRs$SnwV|b$IoFZ?mY%_Gx z*e70a3b-m&DimNj^=*es21&AuVkgV0$g<~2o-BiKmCJs$>-yexz%RVy9lP^wqnKFc zpIs^4Wu0FHZ?UsY8sKwb4c4gI;a)?xV5^ zIzTR>W;x)4-T|5T+P?{<0teJSDDUP}{I2SGsWYZd_T4@~;=N!XyMz5*U61>nir~O* zzMl%a?fxivSM~Tst5EmfM+Vx2f55jle?tVS+#d7k7&zd9Y6q@+gyupI&l|V*O8V(N z#g79EsM3@B?IKPVVwy}c-9E+9Q!_+8lXI9Sz}d0C1iL~*LZx9$zBzp z$hSp;iop+N*iK_L_w9suL-KyQ`vE9$*-opygb$+k6c2bJG!e=ts4e1h0Q@U675{G? znCySgrlOEXZ}5$m#kyq_bHzFsS>8uZAlB2J5x`x-HceFE;d}-GecJ3{#t7B!nxAMj zu)#9A%u7-ywLeQ1FDs;0hxr7$r@1aM=nK~A&~g8#{@8QFzl8cZ{xEQI;_jr!*z@UU zgH#67Ds2AHU-FlcB%ZC6NuFgWeK^R#DWXo~t~2DrJzzl88w}85B?NGXXCTf;UajFx zH;{0Jbu~N{$Mfdr3|;+Mx6YczZdBUrD&&fZ*}Jh>Jr@Mq66HEh(Df*kiE>nAQ-5#V zkAMEF7wOP^N!BLlhU8xH#KzFu$4qDXtpJ1!63S4ys+P>MZk+A1FAi&~!Q%iDcDSkP z<(D+Ql3hAn6Kemk?RIRiz&Nh*R=5!j6Sf}9cZ;=8-hH3^lWohYIk0U-x_L^Ym*Ky) z(?$L!bU&Is*oLq6nX}UYz1G{2DGl=f&=}sCci9-+Y~|>nfrI7HkN!KqjFGv@B>?|- z2JLR1f@?82@e$RVqG3;%p%W^&VFj-x%PGwS7(-WhMn1v$hHa`=g;cI}7diVjT%>9j zUa1a`+4GX^y=9qxfBkv39w@kXB{CUD;3Fh9Y#^zkAD1l|_pMpX-p7w0SnSSzdMc;i zx^aiiR&+qUti}H9L#PQN)w10$vAv!S=J>Sm-qu}G2NW@flsun`G*~4mj9PhSRg{x6 zJfKcj{(kXPuC2hR{|uLs9wtDE&VTSwV?*3OPh;7WSm`wfbG-0WleY;!5=PS5yQXZqC*9Mz+zAYSYIQDwH)z? z9s9wd>oKg1CWt^c$ftc@(=^PXoyeB_gZPP1IOf%~`;^G>K%xm$(7s(buUf-5BDNv% zg6wf7D$a}YBak79vmF#HJfqm`{h5IZT=fjMm{SLvjy3LaFywRWQN50QTiSPDpuJjKs^7{$b`xpCL_Q{7+UBM_%sc1f@%w|#ZH^q9xx0|dB5arpT zKCd^=8AlZvSBAIWYFU==e*io8ZWjpH<(6{VhJg^em*c(Lz?%dQ~!329g+ zce9+5IZYX;qqf-FMd03C184&E?tW}gc@vzF@wWg)9C58(#b+n)isN}bN>KlGRp%>G zncZH-T@#P=l5D$1eMT-&ykskfDcd{T6Ctn+=UN2h?cOhljV6x^ut+S5apyi5jq6aj zdU7bQ;BT!?CpC2C^{8EX#f6P$1jK{bKMu(>6!ec z^&79gUOw^7)iLCztH8)-T%~dI`HZWnc51&UHCz|mP52&MuCw1|^B`DVeS-JjV2b^h z!@G48ZXA?VD|&wo)y0U>ANf}m#|AcOpQj!rteQ0vshcE*O2u|$#p0R6rbqZAFO7J; zO!si$D8?^LSfCQlcNtgy9@(5;Y)~~;!qhVDsS;4G!XfOBbm|IVrms&vJfaOY2{81Y z%$Gna)2KT82i67Pv>))M-p))`k2${5;Bp;rn;Scs&)Kd_G_qr9MDOIbrDb<~@671t zEf}mh{xj&t2S4-RZ%I;F!fnRO8ar8aNjKp!@9A#{4zcL5B3M<|gE!bl%PL#+$ph~u z+j8QUMb##!y{44`D3o)e=tcPPDf$%4>*7!J{8Jl;#`0HQlmB2!e%P>IZ9>@U*+)E6 z97El7(K(n@h{NegHm$KJ?)K6vKq1qMnOYT9UpGO-=o@)j>HE5EXcA5wq^erw;M+MJj3Dk`C>X0_D5&z~X*p zBClg1vnKMIVw5UK7|>`GcPZKsEz^_Uf_@l_8zFY|xtf-fQ1m7&=FrRA^s#k%S6cw(W4 z{$_Uf#I4(1R7Nw&;k!6GSs1X)eKDal4>5aP%06wjcvy5+u*^5DxlcHYc48)(Q~3djG?S93F8A3#Lkm0tns63b zIi911$YlKW>wfV@*S702-InA&_xtPNvIWaW(^5sF@M@v{^&rng85tU0@LU2&w?cEp z-10>p<(6__BFbLuO)&SQUsz0%9n*h_PwH3xUi+x5PfVBdZpAPceGUqX2qavVZrVH< zRg5qp&-4fuOK=n@>~yM#(!cmkJUk=1_z$YK(UTf zRYQ5?UGoZj8b9Y|zaNP^S3FPz&0&YVYz){gU##6$UP`Thb)E!c@V2721n3O6ttOq` zuYa$2Rw0Vphi)eG7ft5w8D5B#lg?Uxxw(-Lw}|N^h{{tp8j%dzr(#jhp+Yb=KmCZTMqZQl4GUH_Qx zZpE;Zx@!RhSMC>-*O@W~ zk@&2a8BPPyn#VMcmhxEG-9&z11dNm|XUpN)THcKYO?d|FZiMgQ4Ts`TSPH)wxO}#x z^Xl_Qoi?$o!w;x#kmmFCYtfo(2kIL%diSbz8TFv%+zZ}OM(OXNOEi1_eHXmSJgb)J zs^UoO*Po0IM%bXnBa!-}75g>4`~SV_@W8q84}w@Ms2o4O{g~OBH$~vx3qg@(5LH z&%bbP16+xFeJ1xh(dlR6UISf}#j*~;Q}bo0 zB`Hr~!_m^D+yDJDVm={v`h~CyrIO^NC4`7eOy!4oD5RQEJlQJExA~`iT`r+MXwVgn zYK>^Z)E3dY`7lucM^8sFy?ROs=Z;9tlU53Aw+a*334{U|LqmTUn1IP;bw&Cf6YwH{ z1{cWGMu5{PgiL&(9y~G%=9j~RBki`L4UxNjkw5v?0*P;B5ujgbB-i@qjVh{n!A4V; z;#&cSIE%M~uSlAF5Qs!p_FW>@P`kPX(kAnfV)|H`BG z!dq@m3vfQjSL?3ixM9%q0BXeMXQ~2qrNhm6D-%JoUC9D zuMNen$}-Jq|G5oVo6DL`er!`_ph{X*S7NIrV_Im8GF?VTYXljV8HRzt3(6()n@5L@ zc0uwJfl}Hy*6EI;sk>z95TE1iGm`(e+Hw>|ukUK|BZAjb{CAh*{X%?`)(1a%9*Q&c zjLDxN{L>5*Dj9-My(~s_WEkG$o056Lh9A^!F`9XXtoUVQ{Tpk~TJGJSzKx=~eUr{O z89Dekh}B3o;atBkBYJ!_0z7;qQBnUx`S}WURrz5zh-&^^KU)Dj?|I_VJ+5bf-BBFNOQ{2CHm!M-nHqvdWt_2W0(^jJS@^VgYe zd)c8xr?Btq29=hy^}*yJy_-K1?wEPuPy%sUw%f+!LmcBAci~i(nL+2FpdJeK zWHB_iTzsQu0ej1112rcsl5JARKXn_0uB+=PD!y+rB+FS;By8 zQIX`3w}rGC1la|zN@JUsFta@dFA{cqU37DGZl)KvD#tz^{iXXwEH^CTvjuwkb~WYw zKCYo7Ix*aiQ$J+t9%cnuvf=Tr!{|ag=C!m{@?Ps18Z%XNjHFv%v(~~w^D304z50K5 zR!+nhlwPwG63qlUgP|qu$J z^hy9I1Y=PrE46`$fy1sa*sQKrxAc0uLl2|q^*`+#xnCTH&QF_sZbD$O#hlC-UmgsZ z66k%}Mn>Eo+aiDm2)=jZ7&tHARjx%!ibeNV%s-@Ei8;9nY%?HEGZZlE9|FJU9`YDf zCC9X>7v0X)MCX5=m8%`o{LGGBN0!%0_g3m-vkEs4Zqcxd)fK|R{NH7d|2a;qb9WqLlsmE7Y9Gc)81qhV^vN&6 zb99=e&&+=z*G+Mz0m&sMUWDF!ySGyZLMQ_EzpHP53>N%OML0VD>vZh;0jIgJdS+V& zB{*30b2u^6TP{VU&@`JBPBG0&pO$7r4L%lFB?MLsvt!Asd^^x8z9P+&i5}6UV|^&m zx@b1BE{$E$sF{lw=wuo)mrzROgZs7GAW|cIq(zUaETRdHCK54%j}gRJt88ysbhL6& zkPJd){vCZ?&;CG7M6P`pP8u-!-^=hTc&R@5guawQW}{-_WDoXMt1e;e;)R%f?#N~Q zSNn~*acIOYbYl`f6n1}jcwKK!n z2AWgl#Q2L)2P+}=51>8XfjVNOfC@j6rXF&q0G)xfmFq5e?sYDPAgzsBF(AJ{Y@o6ADBq=^~bT7_KVZq z(B0SUlca|c%E#FD?KK*PqW^e|2rwxKR1LvWpIItQSg*KB?H{JjI-;nvM-Re%t!bzW zv*O_wTC^PW;ZHu^77P$Q2%ov<_6thOX$o2x5?T;y$)&jNz>T--rpls=P+79WT}#j%=q20FFmDfM}ha+^+~*A zy50YwW)pEtv?7TqQzvo>SxDXLhfcY_t83zoffj%a@T5~}9Szgo?k0;8zhBMSz&5Ox z_}vnKSAV=xsz9V)xISxD7JVq!sC4(sJg@RsBK>-8sk>5QWUdhTq_IYZR^Cw3sv5~n zojMl4Uu5*l_yWUH{u5`$em|u!m+{RaY+{HaC6q*)*Vu4390Gv#NzcLk9H(3w&qyQe z`(89q%?t!I5EPEsD9CG`OCy}46kxM#xIe{RT8M8;SK2&fGoX+5KKOQO zV;qTkt{4h3&|HR@gg9rVoDuDn?HZ1#&2X>lhc*U z83*MGDau@ovipcaYv>52lpDs4pahNNovzqgfaRYC5ht=JfhYK@sxjLGq8+B&_B zRDK-t92SHS{l*B=UybkpO0)0euR2BH*CM&LhT6}FF3gkO_NYbnx&{PkQ6v5a5E^lO&0bXqNHlS!zN zKxSv61?wC*C9k9Xo6M+XsN*lM#8EpY$cgoa5hvZR2Vak+*pM6Xl43{*^*TUo5f|EL z+-m0FfQOpogWj(1)MAxf^?DjAlwH2M-<(ZU=ssjaBFnp&82{C}h1c!_9RwG|pF$#n zU>d5qcy~nHn$|Hm!7nJE z+t`Cp<6;DR1{tk%{+M~jpuly=?`?e1KExfjTw6}N4h{}`nwQx%|ee9qT<-vbRJ~k>Nfi)@71p0?>Q%~wQFOj-Kx2kwlWg{u>i<{0NFmZ z){2|3P108d6Q!?`9H$vcD|({%k~Kg1S+SD?TNIwGV9iRfHSu396JIJl=_63sU~slI z)@0Y1u8@FTLCt~0`((*2*a+Lej-7HC&1Hj4p~L1@Q(Mw2=~6k{?ityO)Xk90xpUb| z7Y|~-6HoXe+BjCd=x-3dBAgG3Q+OjzEwQL5oD-lbNnDS<>}E~nGlSkVAz zqiKbPvtgI;yxD zR~wvDNDOr~B}&&jBJQv*o6j@)!x==b$EhVuKzM^VGpDQQA^p^66^y%)? zG3y$d{b*)A1|%5X`oQfUW%SJ@fOJm@Ug*VE`DSJ=nq^y~K@p<_o(jgW8>nkCp&Wc$ zM^cg>Z`r8Zo}AcnZJ<|XEv**E1HfyvDLAd3QqeesPt?TR&x3x2%WBy>tvjA9Qkjgp z5NJOQ<#qqAH8q%;_{LGDACS;$D{Hh7ne#`I0>O|cP*TV$bwpOt2SU?M$zn!Uc{yK~ z^MC_b*~C+|pbt3bI$fxh)F1;Nv-s`uBvHp85NYygQv|iSNRfe`Hc2Oroc8(Og5_r~$%Ws{L8CzSijngQ-w-*Ud^1lLA=1vRQ`y z9oBMniu>R5-FqqgIAn5_J(Vw3LE~Zn3XbQ(EDIcrmA%0f9le#^VnunMhvROp+^k^^ z=QPzzSqKRAEe663v^d*u1M55WMlk#ha%Zmf!>7)aN!To}XZ3|TlFt&(i&m?&)|{V? zqF%Co#DDk&qn3Phmzu2!irZeDKiH~0waONoiH+~@7oNAUz_h$~&xr7zu~iD9K-lJj zZPa<)#4*ACt%I@>qOYTWBhtfTwoH;+rNFc($JW4!2Pm3g4;?eVHn0$MuF)QHhIW*K zHb1g30C1Q2hvu|e&6L>56Vbpyjn{4&Z2+3S7h;=?pDxoKw(;>1yACKpbvdiTy`a!2 zP8m2ZXlH8?G4;@+OrLYArWVX1iABlqCVIN0MMh`H$^;#u`-C`1l z;i?b+>T27!t3hbzAr$4MiQ8yrvG3p zosmxD(~QueQ-}GcTu~aYjW6-^?R;1qkBvBcL(6j)!Bxg-4#moBCWlvPwT8J|?GDj1 zl!4!8rMf#&(T)nrmYdW5IB}>%f%JeznxocK*du2(>#m^Kz>2r@o@^C$f35e8G52Sx z$lZxxH2vAupQ5aQ#eZJ1UumLOty<~U=1%OJ&i*y4C0hWQBN~R(=h3eeLLC__R@iK3 zbMpksCNWvX*X_9K4gX4dp#WJ}TCc@L8+5x!gd%#xC}tpanfNZv@;Pr@oF!7i@f*I^ z<=fPaf0XTBjQr)@4~z9i)~dYg**fLf6#ub8*7vI#ZjY?$HPft3GL4o!Rb+cENi6Xv z<#ivO0G#CV3Aalsi)lIQkqsS9BeD(KXVl&}=3i|18wqW^^Z8 zPa_`)<~H*Z7`&^nh*tzWI^-x|L;j2#rpS_h18B&r0fYepoR%x7`QaBVexNU#Nm+dN z<;|wBL+cXW*uzIH6Qg@hqbd7jt$h$ehiGPnwPEC);@Ysr@?H!lV|mv!f3F)(X7i;n zap4<+VbNhej&V=%t>*sN!#?uNsudaK9Q9r(fJYOA-|RzUy3j;&i~T<|iqAv-1lRwM zE*u2Vg%eYy<96<#H{h_PSPErjzjZ3RHF;i+r|$7ouHZYvXu0lFT~fXY*mFRkg4)f{ zz87o5Yc!Zb$@082OL<&=QG2*yAS{?2_Bd;SM`+tdEmkt~ctp0w6UhF+-r=!`;DA8>y`{yU_^KCMWQq3|bEiZ3T;&fh}mbs@ypB*TtKf<#Emou6d zJ;hYB_29bSiicxobAL{>=yt`)WGys=hT!+Rms-%KUTlN_eO zFpnLp!F0JIQC#e=ts@?eN`A?Dp}X{68E9%cwZi1&T2pWlFxcTB15hYowh{;f+~LAn zPR>vNMM5D(Fv3s+Vue%uBH+^ zCg4pbx^ttC&wb>xvSqD>U)_3O0B!x;d|)8j0N>-zdEl7{%6NTPBWP)~fu_59Sv1k5 zA0)yp_XiM>JC;mpUwmS&re?$SCk$kJ-#r^KBeHocfNBBI_z3wUjd1pBhymf`RGkF$ zmqflAj%>7$K>yYOha!dxd~L;HFpV{l3Ov`MnMj0G8!M=_&6*?Av!$WWEFdbgc_MGL zf0VvEe0K_H*zI8*wLJaw=EYQ$~fb+b_Fi+7AB>GrIN|x+bdBO%dF_a&}ty9ywe=R{wZ=&Q@WX20)8? zSS#Sa`gYA^h=+{L$djO)%!MZ5xw@QJRelp;VG+aQByk~7ga z+XR2rZ|*Ij6gXg!@ds;MgROdh@M8EP^PHPHWI}q~JrCdGowiv8OS$p=6DGYIWZ{Iz zx1Gh`f9r)OD>HMRCJ^=ikFe}kYNkN6w`mTSWlv8V>k!a0I z3XwMp>16HlQmCky8X2-}ZSIB{aFn{c-Y5Rhdt;d_spT*O278Oeg_jidXsu5fl^Qjw zP{3y$;aUkO8-9^bO?gZ!DH}oJ>Y8Oa_hr+j4@B&I-@5MmX>B|Wr)dR=$Hd6=5?{ji z(oun)cvje=%-plu_~GA*<8bK}_JZbO=>Y?jJ@A<(3Zr|PWp^siX#M3Xo+eOV_S7rfh2J7Hzgw5=@*7h~IG9 zixPD<6cl7c3r#$r9Q=@EFZ!9!-WZ^$Np`>+&|CGX$m)wpM5ON;xx)Ilijnn(-L`~L zFFtMNoiR81$u_hV$MZ^8dK1IQJAZ#k;AoHM?(lI+?C`O=etX0C7ThtY+;?I3NYH!X zp{2y}ouPTZC(3qBA6lRPTnHE<`C}8ytUy5{^C;x=L%_dv&fZ@c7qVSM^q2o(g*OS0 zcPK~+G0sKBGTZ}YG&ysZtXDBLd28?~^rAmC+I!HdqoOeq>#f}7a*u(=sL{DV0EeDO zk*&~q#EIHb9yfFJL2A$bt%sC&v4U>&x0L2J&`JGf@X__z{R?xNgQ2tLLw$dIICoeub88SfBlFGD*c z+}acDkP|j8%zs7q%;5QZ)L6Dl*HiSYpRN6U-pBu0cO_*gyoR+n9-ruybSMEttDOAxF`{YrUYMh_But&>+T^C4Ef6K00a~tAZ=o3l(`HW)lEu!4%26{7Recj z+iIjd$zF2*!O!1^rQG7)(wKA;WNf&!8l9^Wx?jg@$@Idl)N@I$gUnC13aC6rVl7h% z9Ay$CzcE;t_*QN30hG8X5x&HpxY-6JEG+i2S9#1C=(uoBoJ{n&tsDKj;lyJTIk4=7 zOZtKbwr-8mVPTST&YfKJFKy8m>)>T^oqVHH2kHH_Y-%@S`JUZ%2XMkewKWt=$nZYA!q`g1O?UOH-1Lq3MfhfnDJ%;AcnyHL!_T1JvhHFUtdd&2{S69=jfkE>N9 z{nT42@8wIjkGn+i|A)4=K2{Amk7(FU7;&nnGV%hjV=*X}E(K?l;MocuJy}g47#fiT zfRVKtbn9opsf9pR)r#wr3h1ZDywuhv*fFKMB+-L3;sq;L;74P z{l9&-K{^+}+9v)b!f0W_y6yUx=&*F7?4647QIw+Y;7(g*@-H1#e+?5IlVSX+eQrz+ zT|KhH@uWRk${1hkA0hwx2^2F9uC4NJa4)w#-+MOe7arTfu0LW4V!=r~2s-vXps9ZP zGko?uUC+~h9q1K^z8!x;hHdWR>Y=h1F}OI&jm3Ha`W+X-1(8+f$K|1i6rl8DD>+Hz zu>kV9uly`$o(qc{l9P*G;Bpj}3!b|qFF^Z^E&qoAzx#!1y(|-E;_`Z>~DhrCfZwrY>wMOjroxU-7 z^h~>>PY??Xx3d~r=0PA{6*f-M{&R%E0`J(l0RB8EAIY9cqCC`(Kz_E22A z;QV_8uUYwN4=vU$wLqLa=ggmWPi!jHS_s;#@2Gs|jX@iBozAkz22iP7v$Y_WOXMOn z+meUHt7QMXixR{}Ep1jFV3PP2bneh=+BYJmS`RX& zbL~EsQ2(Y;=WhlP0_cc55pJ?H@scMg|GF0wt~uT*Pr)^2JSJCE_hN(qQ|O)RPA4~N3-uPA18o{RV>i~1}>w&mp5KME|G z^6@@~Zg0_tp${RS;qn;fPciQ%b&F&mYB}j9qhB(+oT4no z{-#G=y{-#+u)1=y*nXMZ7OFAj36!qwza|z(`bJNsh&z%@1x5~!n8qlu~oM2 zu|)$aI2}H`zVZx?4*t2CrA(`cI)ct%ZFtUW`>Eq!J2LO(p#~i>{xXM&XtKO1CJ}Wj@n)EK4WJC7DWBA`k60xaFb9y~b zF7?E=?oi5fzhrw6#*5NOt-EXArF_2`U-Y<#Z8(p)@}TnD=wu2Xd{Ns_2O#jlqi%#3 z57Aa2LK?*!CC(CTd(Admuw70(`%J_z%x|9v(s;oQjK>0Ii{8WH9Y7|#ZXUFg?_0gLw@a{1`=z5>&!wt8SMhwkh3{73&uIg7nw1q$f1QXTe^}^l&}tRXYL`Bj z9fC}-p@Ka3@v*n9vKXbCUW=bX%|L)P%lKQ11*b=!E#rHGTs6Wv95Y>Be!*Jv3H_M|D10$RoS{ z;4<@-uX2S?c0CVsk(gU|$J4(dH9t?OhExQ_Ywvn*v&v_pYr+fKc5NB9wUdh&lUU4Y zcks{C>~YG%&P@S3FILyplO=w3^v)wleC;vgO-sf@1$~g|uUGu@V|hySB-~Z&z*YRh zB)nf}WxREt3(3wayz1AR=Qm-AUJB8q5I2BGq}k+j20B<6R+--W{y7b7-1qxu|D!NR z?T(z@olpkqHe(iUW!Dr`h9)HgJ+)hP78G76f6KGE7ykqzUN%h)~0{*$l(q9J-LA-lqmy#@}^bZR5h6)VY4WDH(l^FO$eh%EKA@iC{SF z2gVT8KJAOuR)D@BzwD$@;%Z)uzi%`com$!Oy@zw2TGc;xovVj{Ze?)vE=AB|nvW+R zxh>LX*NDboN`>Qxwl+E4X5e!7DH%`f-yX>8Zu7OUVmj*+gNHvIJ};sqHs@MX7E&NM z2J$fUAmvBNc2UlUpbI2|hI&$~`T#q*PDPugcQ4On^JLLSv!l%HE$!7E=pNn85=cqQ z8o7O=z0n?gP+pm-@F!*aTw>CU)#p)?P4X3Q&r7uaUTsJ7l~1^ft*c_{VXG=U?XHl? z;mPHQ{e{%c24D=0-%SHM?Rh@86IuBAk*n)}_x{U9R13zyYL{Ld6?uXuz{2Hx?*IQV z^_D?#bxpKz@Bo8{z~B-fxI=IV1QH-faCdhfY;Xu3Ah^4`!{F`~+!)?v7AZ;#H$V_6YO=%#b}jA3PD^ju@Tr&|*X(-C;6PraB2gv0}07u2EP+n#@kr&I^V(M*)5!fEDxn9Po*zVb&;b)lqAJXpd!RchKeyY#-gN zgT`ab%&xla_pOg80}0EOZV5fUMBst);i#u8JX;G%ut>_^TN%dgtDT814>Zh;r}4vr z^cfwZp~GkF)f%N(Qf&VfTl8UP(J#h~n|e zEhVmz1v45_5aRkWOJUo4M|Vm$o7L`SYqp-p4%Hvq@~Z2X8zwropIH8$IXRSRSM~Rw zD*AZaZn{-#2Tz^cSETTEexEIoEKLs)Lz-p(8o0D0^4jafyp^m%3pV%c&>UOpW`%K| z>ojGfRljF{L~il&T_JfnCrooueGkZBMC^bL8|0pg7w>vXI99HC5AZ`=FxKrR2-ipbR)-;V z&p)lo@j{*OW|RbU3zgq0Wt6MFO7t}~(hYIyd?4++=bdokRB+?D#^!FbwODfD_WtAio6}RhyieAS#)E^Y zj0D!|Z1^4#X>U*UC&PvR7lNdb5tZ;Kwoc5)|gYbI`|1Y2xllVU?v^6ANVAK~axRbb4-N)k||?G3ew}4jgL@ zxun8c`Mg@l?(HhVm?u_LikI9?ZKOyOKXWK~d8bZVB)M7t%?Vn^W~FzCAh*y%$ewv8 zI=N_IbWlF!!d|p`s=|{b?=F-N^t5ki#k8tYSn z#h6pqyfalIGw98W=)i+u91&brjoTkw>EJ#HyvRqM6FzL$zt1cwas+iPBS{(QXRI=> zT}c|~2J`LD2VG1Hl^QoJ&Qc=Mg!IxibNMTzNbK}Fa=e?tVJQd|LM+U5OTKizo}rCTc_mPf{jxIYnnrDWL= zj#r)aI2dcphpnQn|yKeAnv*^GH`eb?6=FONDz0v?4z{(C@AJUu8S~m-S(nWh- z!&JK!>tNNOVPk57>zhcBJPtS%Di;u=0R$eeH_$L?Kju_>pm~da7noj->ts6?AuxO; zdi%(J=JW@Eo=tYyxfZZ6amMQFY_+w<<8ou6kkz` zWV)F2kJU21TpB-(KaCtUFPqaSOSZGH9z~Z;C;D}%MU!{VqdR;DQP`WWTtn6pT;ebl zJ-t6Hi|*;_9@>`W#FYV6|roscfkoDJUQ5 zpz)xu9-M@E+auKpo@n{&AFFj{hIrvX5yxB7{%7gB zkb#ExK0AUgL(-tcdU?$SAJjn8ae~RPl^op5}_vgJmW1h5BSq;PxaWw2(Q$Lud(LSKE2lj6UPf z)8slbjN|}Yo9@PCN3MgK=koj*c_Qi&6{Vv%NDougKmg8H64#M`!fo$8@h-z;;BApN zGoLfk=TZm|W~fXOB+Br1kE8$j2BG>a*AZ43M}o!tNK4tjQhVrUmbjnHio*7aEM%M2 zol0EdYyVn(S9R7E#cF^HHvhRuJIM8SGUO3YB*+RL_5a@m@QPc@EJGB?#8x6D1vT<E+cBo)2N;g#1qG#Crix0m$ea8muXX}+ZUf$>D{I%hQhKZDCPc#ix z?L1@U9x(l^BLyoIsw6OBWw;_Ir9?$JMZAoW013%nea_n48Ni9DHj`?VKle4JUQ5e8Xj z=a@Stw3f!2nwkk#6-BxBys?HpTh;eH&R5>OaLYWs^pycpNrJ;gW*)c4=2b%;tyT>M zm(B49@S4W5{;Mjk0ZD}dy9O$4{TnnXHfXxJwa7S?q5VTf`YrU4Is#hRGUmt}R0w|% z?$$Pqb5qHnALb*Of@N+s`vZmP{NR#lkNzCDb(*d!ONtC7c2O{npzCS?bWP}LbSDMx z>%a8RgIzw&?(v}^kkLVaG?{xsxeIwGlYkFDVH5r0V4aUA9Yu1NZ)m56w%~Phy3hQF zIEO5pPtzxXjd+Xa*NtaeyKefYT><^7s8?dGA1i2op!gtp$wXRKc|9}sAHqYvUS0>> zDOOJjxnxm;?fJc~)MXn?I%Q;w2frg8`MQ>8+m@$p)>gI$MZS8HH`uKEmC_2rOZo7l zLLHDod|vTiOPVMRv#?&S{Gv#2H_5pkH(3`C2qVcc=QmYZkCV6!v2AD0;Fx?i@e|$& zEnftX!(o6cBF}2=E$Ya8Vo;jX1S~(o^h+eOF;#EE!gg?s7zce6byqMA`D`67X-7E5 zOSajvv9{*$z|Z(S6RGb{2K>l_r9eFOY6if*P?!e!<%9si`|pH)Vye~T+Q;y^<3kyw zyV0b`tk!F2BXf545`1I`My{tKZ#WZ#2$*F`Q`6$81ppa>LMf62b(X_Xc5cLew7hDS z{%}8L3@VRw{;J(?kEli%ZUXwgJZM|#hq=gQY zx&slW8gHNquE5g;nu!4qa{Uz{jjnA5yoz~vA|)Zo*+fTm$CKRr+kQ)-BeUqUvWxYBE-F}O= z)%r_u)TUF$Im36^t*R%9Zo@UyIieq*W6oh>V_$IdOA4L3FPkNYcqH+Wk8xOb3I)8b zrM3zXb|K&mvptERFQZwLkfyLR`Jbi>NAqwvZ}zSzTcqZX;3d`tCUJ0q#CheGPlm8otDVW|~NIxN8;whxLNP$t`m+|;$9>Pj_&(kHLLqkeAN z5HNghp?Ym>UlL25E0g%m%y&;nNJY;AnF|3I@KX(BfIo)tL53jB20^z7B08s`F~Ol) zapyQsHiAV^r+hb?f7^Vj1< z=yvTzQ!K`_NAp%+zW(U(JzIquLDKWFrY(Asvq{Oea))+g$9VTFFGB)-P^tQ-I&u{7 zH1l>v?3F$a5(K-%quw^i)3yz636l_r5nP21GH^5>dNiVwa|{k;EnZEaS7b6BDG{)1 zhFjwGdaFj+d4k>art*tXh&YUhA!p%qW;EGm(;~?pbH&%h_0kfl#k8DD=%>w4E?8^3 z8&_pN7GBLbayI+jJ8;5qzOJR4#)O3jep@|d^**`F`#g6^chgnkU6G*|HnbrScPQrt zV$!D#ph!ZqGyIi$&$eyt^ipL?H*oftL@BB@)%z%vkyNx!*K6x;dKMvbJ;Q^_&Ulw3 z)(Vk#?UV_jy`~0}ANdN}ys^J(E$^7Vle?Tx`?)@&M*R&1dsIL7-^xYygXEo?{mD<$ z9l_BtC6;Fplt+RJ*M9PMXBQ`H-VPH|n(0N1$aCDiHkYFVXe;oxe@k4NTKZq7bdyZo69^o__ew)7eX?rnYtIoO9=XIEP$%Q3EOxMuP4NiTuPd3qkCyX+ty->uGiKwxUl|nh z*ksAqunL$oQ7dh|>1d-@2VraLKI))7)LCE>uXzw;ELY(ie5DJ#T7hlUKqg%YBrg>S zq}yZdf0HyL`{nAXleDp`joZ%uy?01ne)dmDvtt(&2GrfoBvkn06;3CX>-v`3m-!em zmbtqqDF;J?4!S-s5Bw1a|Fy)Qz>0IxxUZQk{)SMbT+MXcU#&oL&ixYpp6N|#;rBq=Rg_Ma6{@f(|0d18cPsweF@wWsBeaqJ1{0(H zb~neI7scgvFd*j8?HJ>+L&Q3-_^HtT#p_HE8B*65kJA7>lt~CFj!qi+-idF6N&bvV zJFa0oj=Of-$y|X((DW8z&9E^(ryB-uDkrFBCOxibf+)AdrHw+YJJI8Lw>M&6S*@k5 z&}Dw^Y@KNBzw;)Q(IYW_@ zRu7%Dj%f>-`Q(h6sQN=1`|OT^zD`hamf`}&GIcX&95DOclg$>Z=Pnr0QHKZIRh=E^h->TW$QjDJZ2wJMh>Ui{aU~Sx_-fpc_21Rrzv=+LjQ~goQ zaKI0>CCq{bnKdeG_s=>P3u(eKU?zL_Uh#Gq!-q)!%v~Wf-im^wD~}yoSR7fb=!tjH z+?3{h%8n(E9f8*+JAvAG?N(2@5W;H0Q$4NoXY|IQZ8bX%SQZ2mdB3L6fnTY#x@kk$ zG)TEJ+em%vMNjQ2H$C^t@U0Aw8%hdixM7gJ8?3Swj-ihdprmB5X`qvs zuFtzQ7**iP@smx1&(tw}J7wg^b4)Z4uH*ZFRb0G-ua-53`pWR{E(;Y&;r7?lnF;;fi#ujMbuk!%q|G-GklfTZ$+5yg(efiq{|&2d6L!Sm8qTfe zE9}nWd%CA#g1pmRtCH@{fo0M1-IM7*oO0jZx5|yMzj%930gR3knNNLs^QE;N7XV;d zY7rr$dv=*@6=Ig*02vFYtKwcp90F|g#Y%fe%ldL?-vcR5(5hf_*WDp}A^Q2U6!n5@ zo!z}Xau*&S?=BL%Bek7bl!2(D4x3Rw5LZ^flR5;2CEQI#`jeTP~mM9#+uHC+t}lQkl}-YP*e3h*OHB_9a%~m+0D$mzkjXn zbcY#GpxSno;@|_FRio^e%7J5-%<1-7m_v0*X$*<$cw(SSK4L8EPASGSm<^uKQv+u4 zXuOUuor#8!$x2*V1JAl21mNDu4myPSUG z9EEQn=<;YX4y17_(Pgdcxt$3(k@)7WyTFuO?B<`3Y>)Na`fgd};aHo>2UpA-f)X2H zUx=iO6T;{X720po(^Nl)axoiaOv3GWpc?kvn``>RO&g*fSr8 zX$egGoKHMjD)loBK>Z-E6Gy4~O zNT$nBG&>pE9c34gdE?973x1FOQsntd5F<~oJ-g z)3NsUMp4(vUnmdHDyRo~um+-}P7lO~uT?4n2STF!UqKrFVvsi#j@8H_+RjWfL1sTMlrnJT~4yZcU>+918FR{dx_K@_B1}O&`v4A8k`){w*R@U z#qx$&Q7~MWjXe_oi^34r&=^b=X6m+*^6q8lOxP0Qv*{Y%|2UtpaGPE=w7Kj%!(FaB zLmDvq*LrSE-Daj3GCuzghy-qs&mNyM>j`+#xO;Yo$Wc$je#*gvV2y}2Vm^FkY&}=+ zf(BHWGWNH9v1M=Rf~q#C9Rg|Typ^Mdt1fh}krbl`c8sO4AMoho&QJU0ROwgncegGz-iP@DKoN6T%DvTZW zuX@!RRg8wUhUm3$pMy$cC9uM8XrYxwfH=LJgO#9nBJb5dv7SY z36Bz;hZH?E5YmU2;oC}n0vjDZVvY7vgu2*4P?;!#H&tCsmp{3Xv*WDwl{aaV<17ce zT9|pM19?mee*dIQUxt770PhBZ-M?Udsz;T@?+r>qaQ>QXR|4 z5bRj4jPypXEyV%D4W|`tIwu)wvkW6<;56!^+8oS>_&1P>wb=Pk86n0!_`0fJR6*Ik z1R*`Jo}oV4-G7-DA4sN*2&r@51~*+65N9#k8f}}Uwx;c6pjU1raRCBYdD|~D5PHID zU_RY_HlJ2F(*SzB(3&d`ax$g4la3H1@5%g5RsCaB$z2pi)&<%F$(+}zx z?;NynGBj5n!a_BLhJ0M$ldRsxNOhaDU3#x9oJcbpu=AK0}D) z+qtlXLuHHxCk~ZYeRa!$S|CQ)%}R=@Iw-zY!cl(?pT}qD;iGla806x%hUeVns@_zT zQ=jb@+1clg5+l-e@j^6?jeHX1hJOqrG7pH^m3S-h>yUK}XMq|4jM{>Ac9nxao)c4; zQJyNchVIzqOE;t1un`c{4`rYiArrxbe)oysMlU$gzu0TT_K5bLPNVUORv$K?2%LDkQOWt(!#9bzICg5LgoQvgdgr~z`C9`E;_Xmn@2k93thnsgR7X?^P zE)M|N<9Sjd*CPU>C;#dm{gvY{_8VsgAeT+&qV?*=LNF2apIy_%JjJu|fn{jGjP;>J zEmcE3XhXNiyQh8xU45g&Upd8`Aglv`vOFGE@OX!h81Abmg3cf0_>R<YP; zK9^UbkZ1G&!qMjul}?$!8f94hzV4nvm(*IKM6G{so2n!co#{(}hHbsRZ=elVMs(Fj zF|>+;$-$K|ZX*3IAYVQT7E`9;>_er4JHTP1M@i&}5QgOWZyN?*as>5=H{Cl#GLp4< z&E}t1|GKBZhO>2BYu%_lk!BaMF02ESg|XzgWw32TAQt(aJx781i5)^*Yg_F$pKKCM zi%HOH$~*VhutCgJ65=>$jr4nF0OL7n*|%G`Dy#LECa?4?nB#)Xe0`K_2O8ZhhAM}a zAe!FeLV zdLWX(`S4jPd$lvpE&q4e?^c;m$V8#3yw={WS!hkA9q?=f3Dfd>o15~t)R{+&Z0ccR zwB9&r|4o_QoZx_a_x)%UfmcrniR|bV@#&~4kLR4*vzG$&m@6MyZUWMA_U5!b=cp1V zHd@9nJwY>HeB3h=M5Qhm4~Esr#_tWvmbOyJ0TT9_n1XVOAN(3}ny*tzv)wbrqO_RQ zhq9dM`7i?-B06$T2A)K*eUGLEr@_Z}n`~3>zjBx88hm{q2cH$j%iy{UB0}CVE5CUU z1NF-v071Z>NAU^vIH*7IKJ`Ko87ZZFh4!SyKH)77n{G^^`yJfjq8cxd5u&Y8O%jn_ zPZ1o&!c5c^eMf0O@ghE%?=Jq2z$e>&m>P0gf|0Ih#<+rMP?(5?V4m7V33g6xzv9!z z-*(aZi3QuYc0w$IIL7vAcQS_DXoO0{>DepGNHA9!A4UM}Fk;g!G^hcaQ8dZw*gYIPWi zx%-&F-NLa3_7V|C&m8i@Zj+WgBszDZOR1C~LO>aGRevovL7SK1(19FHYe$KYdEdm^ zGvE?*s=(f)?_$!d`yC)y5SKCYj7{L~XyFID+dn){DfsHVZ7k(iCgJxj;vT(dCwu=}hp8b$do3 z+yZTQ;Xh~(&?sp$ZA9_pe6dIPp?BhQTJ4xZCl;zI>6xKmVj|SZJ!@&t5rE3WTd~%m zFmA04RJwY>=izI%N1E2NAK_2Ft$DOug^z|U*w$&%%y~ZavXFQH@>*+W*K#2MW8rR! zOlP8$d1Dvj4qeTk{)^6?A}}YvnlPY^&B|&1V8lV$eS(5Al=~pd64&=PZt(*lOE7)1 z`e;i}XEabr{cqd}Yi0X49@|}!;LOcz&lb~zvNRYR#Dy>o$b(6OI?Pq?FNqgA{zEtO zGKC@J);;;J1e;-~KF>C!3JSH7E`*D@2+m}}n8Lpo7<@NUv6A0}Q6XLQZ~@3b_hXIv zb79=3IPAB#Yhd(AsTZk7%ph-+j_9FWVzhpBHrr3fe4w|%&;Ypj^iRr!{;~c=2Gz3HP=kKueRho$skm!myHDtT4Y!TOP*vlT!rybVJ*mw5q-WnHiHh-msLF>@s z>V}BnpisO9xo^Q68lo{a4TW_H;yt+ZoQyhlPZpZ>qh#CjTWY%?DKn@M?Us263vo|N z5v_QmOrpg8HKOg}ZM`knb5g_qwT{|kI5X|S+7(8ix8q2axL|86@>4N#uTVbFeWF}O zFFEL_@&fLiFWkE=eBG}ho41NM9jvz-Zn*v-b{R9hz0U#_@@mk4jfLb(=mmr}4+Wxd zhAUMfsvqEKS$OY#6}NvY6D7b}QI{)s0;V-K) z#U0@pg+Hg}FS*_jqhgh>aky_fdYLU!{;~g-Jk3^Nr>0)z(YE6?wGpyQ%thvrZYNP! ziV32u786ViGDgK!Y4d4LoWWj)2KTiMG$+CUVv^NbyeRiidVLNHB#3=8u)Y1?J#$3L ze7reFb%(}O?mrh;RYHTmMYPYtiuoVE;A{_L{P($yVO0+-fyBZIQI!~T_KaLCYm>a_ z#<0B%Mp0C;fkBH*%!>Unf3uD+4aIX#ZvEK-E_Xa}OoF;z_&h6sXacR+zSg-?;9Gix z12|U1UoI>y4F~!`7dnCDowZ8E`wp%RwfYB2xtpPdW?g&hy|$GXkK{g`)p&HdCI>lG z;IDs!#NPWDRgHwfXg@ZYV9X8!KK^}is~CTz>~n9o&#TLJ!G#1&0r9MDrrYlK1N6TB zLy(dmU!dX-ufh)im=Y6EWcnoh-h>Q^P|(qh6tpqE93h&(%l51D@S|qcn~0NHpewoH z+sjNXtaVa;>v#DkrCP$ytiS110S_BeVd5f5su4fmI`>U|sK zAoEU~&t-d?aQFNZ_00tx(5LULwkzj(h1fzQf?PNBKBb4N%u1jMT5uGJ`)-AOyBN4T z?YBCD4B2kp@KS%;{y3N_Ku~ug@)^dPps0k@!C%>~uIy`Zs#W+^y8aElsU=yg5gWq& zve^Y=Wt68{iq`%`2-3n?1-amxKidm^A|AQz-1yZa(hpW22`?QigV7RPz1^_qI;y!@ zC}`i-plLf(URllKGU)vv+pW+<*J|{(Mm&CcJnazeP%W@2``dKS-&E|OlGFmCfz$+{ zPlrZ0{c-iA;&q#Yz^Qp?SRf*k!U)^GspQL#HuEY2@j7IF7-fy66%KEyLWgb4~g&|Bc)dA1|&y$DN+^4j80_lDBk7(7*f0COOYx(dCM&;U zN=M9LxpUJ@)KHoLOwINAe}N+q7C0EP*@2%WDr)bwe1H6;TIE2)4U$Ke$r%Ri3^NLE zB{>HN9Z4*o#y1+zqX%?A9vCzhzJP%56?JR8%dV}Ee?<5(Eix*1Rs5bSjqo`jpKHFe z8fVkg*+hPN%i>w)X~P+j!OmLo>G^ZLa7B&1zzZcr`ykeS{|xKwlC?whoa)Pl|K&tL z`Kb?}R<)wP{0ChZY?nYCH&@TDhIc=zm5HT8D%>-1j?J`ASqjY9!;$6l)G9TMNmF0VOd=k#i#}WSJ8cvL!~;-<$Fw@6jF=C zVO98|Yt+?-Pv#Hi)VLb(*Z3o!7o%BU>yoxn*&}{BkXKuiB4T5&= z2JXy>v!qwVy0}>{oMgxXF%t+ozu><9UObf<2F8ui>@aw(k! zVNGEpc7!X{uNwv*!;MfEucx9a^=Tho)j#~CDOvr~Us>u%BX~3TtWa%jafhj9l9T(P zqWy{+IdrsJZ@K;Pyl|?7ogjt>`iP)|813~Y$f*;3GveWS7t}%Cg9XwOc|uGu>I{uv zPcB!?IMO_O3PPHY_1%yqkAsc8;PS%=f`rydeMMdcG43z*jGtm(NVgv?p19jqS#!py zRuLgpE%PeP-Kp!;@GFnuT8klmzl5C-ejBI5=nQO0^E&vjV-H(w=qtl7owMH2zafz8 z<83(AQKe0YpsPIQ1E4x1Uv}^IN~6=)a}jJ}9|M7>hT%b1slF4esh!%o6?Cnp{o_ZP zg7)NfJtylcB-9RC0|c<>1s*j8_w=$auP znY2%BiDe3=ihYDc3(J>3w9Z~~`FGu3DrYl)2s^X(y7gA?a6qpEo#{5AAQ&Hf0$;rQ z-Q0wDyw*x?TCQnC%x0_n^9hETiHgo-qB54ICnk&c{PRi^EE?!q;Dd*J$J#%UM5!GxfII!hL_iQOX4O5Nr-WP z&QB#)XfUzfehsX076k$AUnQ}1wYWI`JG2|outWO*W&KuPz9Q*^o+X&tf%;L*I)D8e zXtF8oijI1nQBAj+wgh8vL#FP8BdJ@HmdU#(d?MCw6_f4=!Qi^SKOguN2iZ^!#2z50 zFO^G^cM#pwdE5@B3sp#&mQy=Wt;W>lO=wW*7m;gU% z)sDHy+5t=by=9^qI~5+ekD??Z>#f!zv^stE0?7QBWPDVUyT5vuw-mUh7OyCM!Np$4 z%jdAW9dvT((p-U}SBmyh)l@+nIV;VP`drHtn7ib2<5WK#p$ksz;Gcy7s%#I*<^0$~ z(R|5EGO`)V#CVvEvnIpDVAe43>vHD0&iV112zU$g2=C*1sETn@Tl2l$cN>IPY1DGjJR8p(M9dyb%bE;KhSW~fmyq!@uMU` zd{9zZRT>^=1+pD85@hmFx$ZLxDc5U0pR%xapE-dozQ@z{M22W!d}h-g2Qq;CMQqkd zBZ@)gR1d~aDW!bhO)jUML`U#+ab#zYt#)^{1pYY`@yT|u9$QD6^H($QOrU&Z<=El~ zHnQ`J=<_ARi93{^YVFuhUkgu_a8w2!Az>Y0;>Iy7`~QN*v$CrHG@7e`{87`Oi*a4v zG)-HG|K_Tz{t!%_Nz;uiau<7IRIbPQ%MhTB0;w9W5HJpFR%X|3C#|yTV34p0GgfMe z$5bT6!7P2qsqsoF^Jw|6n2mUJ z^Pvzz(|+g&>P1lc8Q(VN9b}PdEW1RxH9mePk1^uD7q~buE=Q=rmtj?s>rYLax}ChE zL_`X{Rv-EvN7nB1yhJP<&P4@>&>zMLBl^nN<70aNOKtx{02cxK2U0acS+L9m%XWsM z(P5~!A*4IU>1!1cO!~Ak4G?R-$_4*!>Tm mvHFiXCB-T-~ZG4;@js);f-Bx4Bt> zRoH6xa(u^DMsh%6i%;0S~?`m9iW|C$f>a0kbV5^e3bJ=oLkAl2{ zZLtHuvW!y+N)|P(wQ5u^`*_JPQT`$kzsJY1%w)uRt_D8=_7&N)+hsqj?xK`3 zh_@|azavv|MWPvC)MGgN5O*oDaMCXv9CBD?g-?P)-xKLwVh`G(#ZhlFRO*ZT-`y!# zo1Hi9n;e>kC#|F+h$s;NiPKgj)$mt;Y?#@U65f3KqoFLlC5;4u3hO8`kyqWf=A)Y->;I6YbYnLy;y=MHkLSh6JcqswMYL#oc^dpU`HaYnLXn12o z!bd4PXnw*P_$~x4788UTK){9kU#P>jMP89ZeUkNDIYi@iB1-=cEK}(6B?GEd?SG^O zay`21YXY}tVa<-ZfpYq|^^GAyX(>@$nIIXb!RBc)pwv0x^d{|X>KE6+E$8s)d72WL z`y6KtLDwD7s_TyOu6s4j*EHR;qHXb!X#fm%yFz14o;=9-u6q3j8{_5}&MIGAd7zw9 zwdPxt-o0y$%AlK7DU03M8!Id2?jbu<`ag1a54&Ehx3=s_E+C6mu+3TcqIE#~ZU37~ z?}aBEWf6lL4L{SI%LIk5lP|_c0Axt?D_1anVFMfAIkalcrr>tTiFmDAig^ULw7sWK2}!xmP+fx z1UgG0zit)Z(7T=1db+pTw(LKTCoTT{X}W)ua`h9DJNets^2a6x(hMj*icZw`zisDw zrX^ffF6-MiND}l`?eUFUAJz0f%hdu1(pG}L7S6Xoz%4fc>r681 z0-T*sv=`aLdcR0`chY0>6ZHvalztqAop&!&ZfV7<$Y#b1l7*-wE6cgnWG?RZ29%M| zPMjoPagxfx$OCgb;zPbLr^wgh`uLwy{BlNC{*JIv*F8?b^Q@3RBd2!eu3PrYfF881 z8321R*sjQs2v&ne`VV)pU&;?R^@2!C*lD`^Oj}o%^eZyoj+&ANCU5HBEw(k6-Dkw} z7KZ;dF$p^y&TH=4`Vd_e268AdOC+y*&eNhnQEh0d7w4vJd?-KOc(ziJEc_Q%902>w zky{_9P#pk8WOv{E+|Tw<91141X)%*V5NQ)D3#3E7x?+2Pk{>iN5aimS^+lGf5Lwp~ zWRz084`c=6H^)dFW!5?@>2Ly>t>Fi*`3*Q{^0U)oJG~3pmk7?^)+)sL_iV_t^N29cdWCX6Q&v+2>y^P;F_IqVFYofn9J151gg(y^ z#VFW*aOqeo1X#PT`#z+|HfNdx4TZxMaT5#JR@1(HUi_P}R4;J`koOUxsar-xdlPBO zEL%5_pamhnh!Mem46C9<`R9^)-aU}v&Ps*xtK} zbU}MZmqd`kts?;)t%Lef0xnvCRabXiYxWW9<*%3msh6BbZRry#XBGZx0uc<`u<#Vs zLvdU)O%PZ?;eN@u9EFmw*Ne)yM}U4nsUi39bU1bWkEQazmInBh4_R3b%ea7r;hHAV zx-wy~>bLetoh$4q1pojdHR|>i>LrZ*Qd*KN^7g5uie~u46ce(+JM#6NYrKc?G3K-! z@R{M{nws$|*;_TLreD=!G?+kdTkmct^}REBAX#IRv-_CnAn>c!W{@Zm9ILaRkdzx4 z6;)FJhQcvP8trTBeb;P99T)15wH`#M#Nn)FOuKl_Bq1~T^aMnw`(!U)^Zdu{h=5LO z^a3|@tZeyUt(+Mm7^4H;KCg*$_S9x`8C$&COEgh^E8Yvz^O3kA21 zQn&_>0H(6=SpqH0M?b0P1H_jNU6K5PhIpLt16gXLMm_BM_$H(n&RLDHYMGB+-K&ER z2N(K`wc<_gBT9`kP;(gsM|J!0eB=ruA-2IW@-p#ObRxwKW73(HLdD%3>!o`YJ~2&y{Lf(ae+H+LQuf3FG@mh_1Cxyr zgLDEXqzQT`OXA+Dr8?Yq86?ERoWW&bk^Hx}E5FJzK_Dce6MYf;H@W}DKt%i|)@LqUPPyld6R*#pkLy@0ir$JTdIC>>8lj!hD-=h=4-)YgA;T!=F@Q!3Q((r3gzM!*J&kQ;K}xPeh1>NBCc^E&)z_WM+W~UEr{_P52&L z?c(41NKpBJlMM}ZycY%RW8^$`4eEN&OGsD=9_J7~4+!0UEIu9JS#04T861|D;N$fw zsTuoL$RMP9M{Pay=M=v-(W6YRWO2m)=wCAXUn#?dfNCbXQ|I@+b>WXf{&66lQSoH7 zN(4}5bC@$p{x|v@{J+W;k!`~a^6d>oSvBUX<$ZSM0XNoo4o7h>YqZGMl?ai7o=V+X zL0aDUaZ}7e+Ju57Vc7R~)!ij2#07Nmd}#i70>Vkc3_TUV=!Y`cnqjK6yLozf1C&!cS z|2I;>?ruc*Wffo*^B~31t)Lr$X+al*&forhnz`&7CXgX>5=3j*2Dx2wI9WYO@2?jP z$eaBA*rFr6?s;xgc8s zA%1zzUpW8?cwMS}jgahRHaDWfCxd>1Y$cE*QB${mBA#Tn0Z%B*M&yifX$Ryqn2il0 z0k%W?d8%qf)~6}GqIJ(Wa#+3GUBw;EB}kIgfR0AZXePV zkhz`@_f_u+xgNjdTh}Zw>5-y`CiXgsyG{xD+=Ty3JXKTWI7B%)Qr-!%qaH<0cpsRV zbe#2!gXqev#QEzD@-)2e!kdgYL7GS$oya1L9I-2=}nLtq@zA#_Y#;hCQ8q|4ELW43C3h-^Xv&iE*cmKI^P|7Y7z?_ioi zxSNXQ)N;jg|E&4HXAH)N4}$|sll_kRlQ2RkZNtdr@h^sy0rm+F^E@S6MbptGd^j(t zR*&&i9D(m^y%PR9zu%wG&P20622mXw|;KDR&&6pevjPe=1|8c?!z(X@1@qtQW>EQBjM z>pF)|3Y_F^do@$*QXtC1yJ}rr3&u+-tK3z`t@jghq^y1leVmplv>OfI=Ns^WN5Td$tVA0(Z2#D8D1eQ}}k8;{hNvJz`OT5=)RXKcK^_2qUCJa4%tAAe0vr6Kf6Y(z)VbWm#h4+em%t>rT<-|B?wf9 zB`#%7Y*X%y$;o<@^0hyUHYdM%(rDY5fI_Gd3_NRWxM;;+mgq`1#4GUayWXjpR84Ke zJ5dgm?1%*cJg2Mk+p<=5fg$vR;YGG?oH!8EA0g6GP62(cUx)-%Xzl|+rqoNO^Ia3) z-^G?IhHwz5h3X3u97(sQGi&>}a{jM%=%+_`UT;W^YyyPI~V38JKmzVuK0oDR)u5HB;wPk0Wbt*<{9{CPR$X_Eu5`- z&9wK-BYM$es*#Ygp@S8qRCSN^3W9#>w<0iRe@~47<9XvBj6J7r^30nyEhrL-&7_1> zX4&JngM4eX6&+%V30;UYa7+E)-``IW{wi*Y&cC@C_&WwPd>N>&d@>f1pDUu-)%WVN z@*@_iV6GBE5c?_jBr;J!xjP;?nNe-*@RMeLUxuT{{ynBG$DY-2xZ&P%z*={DY?9#!3cFHQ0@ z?_<(Ew0F2cr14bAJDlD=$yT-U$pVanTIboH8WOSzJ}bksujLcEM%KNm{0oVINkxsa z&QiA_h?TRbd=J?xXeaZrz1pi$hQBaK!Xs_Hyx9}>J@1HafZSAeY{y=?AaN*_JJQf= z)_er)rt#RH(mxh4bfNS8w$*AxJ9;{K=Y2Pix6hVoU1nal&k@H#;p=)?Hu*GonUWQg z{}abwfX@KkDWTH86$zjp1JCBYgXzZyu)b_A40nLVBIDk%v=fr7UzdxO5Gn4 z%AUVQI1vDG2lP3`P`GTHIVj*PyiDJmS>aavVl6NAeyAeNngA5Sm>O_K1qg|BaKKFW zZ^2}Yk_XHf;lj^LGGahXybU}MSJ__M#Z8r6X4uzq$#OEV7kN7GBLg_vH)QY1p+P4V z9#q4=t|Wk^DArC%owWt_V9A}NY_$%~)w^Y=QHVt>%AfZ7BqU{4El}nWHMSIEQboL; ztnvvqxG(JG4*+o5xfKnfu`>7>Nx$2tEgT{+fuA{ciI+)~nsXnyO$F=5Q&EDVh;{%6 z@QC1iUtDNme|$iunC`9qTa#OFrUBo26Fxkc*zlikiw*c_1fW$*QzMg3IXfe^0JTK@ z(grzrO{He_#T;1>qa$UYHjZf6FO%sV&L8Qf@X7db{2Euk4+AE@)C7J!vPS%5P-9wh z6;5Koc%Ag8X3C1y%Ehi%hEqEQ>E66ezJXtO&ufJhrx~BG^g8&A z@k}PzbeLF$OlpjO}^60M^6Qq0pCN?V4+A%ItDxr>JRVRLV zzBQOTA7P!V+Sb=kf{M0Ky|O{mR~zKSW@EnEO6Lun;k7htK)zr}wSy$ky^RA90)E^PtQC zfRM;47d64c+bbMU8;+}v#kpp}XJWuVU46K@kl~y|rtsgHO2*9bPOxxs4UF8ci;4d| zY37bdMaJ2r+M}rPWKK;qfj3O-bZfQ`S~8O&iQSgrjs4wU8!H_4_d_1*4qiJ;()Ijy z*kH<35^(3nDVEeMLu z+rpm19r&2<2jdxyU;*`W8)F=k{s#e65*V`a8I+j57(}Wp<{2k}0%k4vH#0aRZek`( z;J4n}WBB>eQTS+d0+K{F*`ml&jXLkF3e2Y3-A;L!yFMOvirZr&)4+X7@FPfv1Gl?#BK_6@#tW?}xthH3L>CZ7D0J(xwO=$-So z75s{(JR$FDC%h-;CkuN09C|&K3T|tkR}*|er*^e9xrj7<`dvDOQC?(z;wbz8SU%h5 z?Vn`m$1?9YjK0+6LpssQ*VAfiAznado6qZ}>jVbSbG>-a?aD%IcuF85C>eypKBVx0 z&y>M(fNB5m;a1`@^dyi#PP2Q`rJ#W>m{usb#zGKTNBH6$v%9O!o+eg5J(+jFcTvzi zB2u&}QzHuCGS(N0)yDDRKp9jVZd~jqfGP4_QQ*f?`{N2F371%{Qr71gH6{ z5&8oALE;1&Rq?IN$wLV;B~1A;KWiSE3Kic585*if6mX5uX^U8x{?a2v&=H)BOz>oM z8;;XK(8c@Zq%GyU6p8AgI%{d>-rM^3V#SH<;MFARUpC{T=LoeE`;Ht`ar3!olg!s@ zCt3@)r(ucU2)O&~SkXQ2T!2po5+n~U!>1K}I$TtP={j5w9#Wv7V9ue~0zT#Bg@@w> ze|c`{GsWoz;JNUvt?icZDCt5lD_!c80UsZPW}qut^8zr3DFE?c7ppL-4N`8wn14Bb z=Q&y92RTH&={(&b>0g(vmswcwV`(psc5?kZ70uAnSMJ2Pl^%#NE});b;u5}Ew$7)^ z<5&JIMr(h+opmTS=niH@(2J4@o=LzY_jDQ*NOC0kmpZi8-PbV)iI`V1_#r6~9g5jt9RF$~e&fwAnejZ17y=EeS8Z=)2>AzgM;5#uJ@ z^uQ0#4vOus8D}rYZ*&)(@9e*1H={Fmy}r9kKzQhu7#F4UK21D^ORq)WMP zMI;*^h=GB^wU;Jy$BmGan5aB#i>Fi%1(z0~m~Uphidal01reG9gJ<7ztY|gk68E@6 zdPXZGO^`m3U82^`mIXFu#`7d{tkw$DY>!-K^*T@7Njcl-c_(5bo?j_Y^5u#jn2%GjOekZ#4k8=sqM2 z_;lS@c|J&L)jddQT|FUpbB>%;B9D-@z9+R@g#kCrl`uq+wfIkNtbZaC$skz3b6wMr zjdh48o)Fh15ngE$Q7c!&)IoRu)Fc&^PmHFjHkwawK~C2Pok|d{>)Uf~f}50cTNgR; zjr&;o6;`q;e!lZ3sPFh%U;bLm=Lam*Zs4N6CUTRg;91w|IOr zDBAvRd&JI%E<)ozY&;c#Ol!VxQvL47z@)|hc{LwIiQ(;aM|5XMI{l=@XT>QrULolH zx~WXGe^P519KXK2Ad&h4S-(KqUK>rVa6)mh2Xw`$QA}yadghmDOiwkXgO_no+c))eL z#~|V9Z?7ROsd+$%Bp$A=Gi)z(Zv%A%W)Xt_Fx&oC7OdU{0J$?chy0>KgU-Jo} zCC%M0Tc*B$mV_%NEHZg>r5$Q#RNbn1VqnYJJqjwT-kROG_aop2e@kJiYe1v6Fd$2_Ox?;-+tPzW;YY($e~AXO;baecoV@>dx>Yu~Ollb5r~Qvd zf>*-Ui|qhW*L6uxXy=9YXvpAr0Y)Y|lYNq{--GlYV9AYRQ~%INB={cf`HafD-iyrk z%Z>7If@v$pL#G6IG=YUE&Bv9OJ_>(F4<61$=XYK|NW^BQR|dbUNS#PVPXpfE;9dc$K8-zI)$9d z_P*&rk@~IVfOFf9bDg`Z@XB?-ahPX43=j_WoTj&{&dYDt>}-3ovlgN?!D<`Xu6Nfb zZPJT0F|s&J#;}?ifDP~EVHf3S$?cuUt2y1#%ZVRLC_tDHfG4PMKUdFPg4;FmYR|A5 z6E*f)FLcX0I%9M#!6wtUmI+A$PPC+tOy{`FJhF71=g9Zzr-3F&2dYHh zl>xiU!EfQ^O?jkC28Jd(y<_|yz1Ka|L=hwLEisM(bz3gcFGlL8*bDL{{^pqGoLzgj z`m=&gnXSzA5^U=@uAlZqw4KixqB;)gRa%yXc69)pe}I`{rU=YqyD01<8Yyq@OcS|9 zHgKrDD@Qb81Ng-QyE*dI_Lv0GgU=) zL{Sp|a~uFYGtR8n6=IDsOT92Nv0GS+_OHJ7E)~DFKDdgEd~TplHqZ9FSr14L4tCBl zfL{U&)gFETS8GjMd?lZ5PKy`T*jHG(0HU&f5>rj!EhPCG?k2FPS!ov|#v*OxLuR=u z1%G>bvr?>m+Q4)RwXTAU9;Yni*nJ=%b+%>MYrJHda;3azdvB9( za(q2MlerU#9t`VMFZ_}zHCu9a!Rhl$e8bcpe8b8HFtrfhHO`>%ci05j4~@Rq7dxYH zZM}ah&s1_g8);n+e{|1NwYxhRH`4W*t7JU<56uwGRvPd|sfCd7xQ&Dn<-}8K-rD?D{N_O1C@OS1O2Sar~)3DrG2+7O1+&Lk}NU^}sM*z66j`nME2jB%z+nM7a%R|i|Z z+GLmYqx+T&z57J4w4p}4Y+~n?*;x0(EFW@U=Vwwl1m;e|tVWSLe9@mEsON>oAi#|S z|0a`WUqLBCUjakv&tB*AqXIt6b)M6R{i!Rb%o_4%O7F^C zAc?pq2zHeBm_7yuyD^?C3F<|Z)>!v7%+{+@ z^Nai0)u8&y4osde|Ap#CXoE@FbREmn#p0JHzt`9yns&2hoQG6282 z4&YZ2b1jC$7a#_ABz*4L*xVBSxq#0LYO&)E{)Y64G>Z5cQ5Kg8C4Mj=BnR#il6OC} zHeG&tHk~ue3E1l*H%#_cbvfn=PlF0sVAxJu?>+Y-#$1p_pPo{e@$cNAEe|_C;NNMX z^-V9~ZT+>FBRbnCU^xqw>NLSl3J7P9G%<~m1wTEcpSd5OswI*zJ}?ZZ(1fn%oL9k& z`hw3sz8X0`ot1e$QOGkMT`aQU^ZnQH1D=|Lq0UpqOR{D^^1v|SkGFM_gcpdmHkYOa zO;WxVq@YTs_D4~VGvvqI(X<{htAD{mO7S=4rkH^ZIB*;;$l4OT588KQ?Awej-=tQR z5{Vuv7ix69o511bjj; z+^51HzpwDmkMW9pyex&4Pc%0&Dz|WOO!}YA5%;)!BOC z-S-V%-6{4Wv#FNTzOX{_f{eTDoBvX4d~0ffJ(zzbs6^+1+x+yUj1j4A7=h;C9}GHZ zfvD1J3Fd&K0a`V&EMfp_S*_P*%si5m_}P$|5zCpdoR`B#OBBWV0WL&X7z@pa9K&}U ziPDGE3b6-i^XJFA>S4yU?Pf;J?jlgS;dXds=fySAhK6#MdQr-XFM3^1^u&lKT7drJ z&E@xq!;+?lQDBJ9T9>OZF-+wiuup%+%AXe$)zLhz-^FVTzi7&e~WzTUSb zq3Y}&5132DrQ{broNc^h=xIsHo$c#(XaAUpZ&?3N%O!lfnoGE&rT#m#BAcE+(^TtF zOs++tUt*bdEn%0wI$Jq{53PI{5nD1j(pLIUrwPCbV+NynIsEVyIWTD-PO-6$t;PHn6ngWh1(Uy{&(o|BH^fZChs`6?)Ic?gm)eO z?c;0qEvx7ynR)F0x=h(QJ6|LDFADS7yZCwj?e#UySHQt)R#>cz6E~) z6kXVyhSuLCFP?6g*qBbgPddVl$q2t5xx~N!r`Z=|{e(U7iB&808V|D=9 z0=SrL;g^OxfzUUBRzSDUG2h^L*Bcl}JCGdi2#>h+|3>UrUFPfW z%K#d6?R`}+2brKY!I;Iy;7-?My&0BCY9^Y5jF*OyCI?_lon8CMxXJz_=ehIu8I7%l zk&Duw2_FFoz?HNq@}x@g@Xm$TR_cl+3UkwZwAOm|%{@z!%IEiJ?-H76(=bY&3>Lln zh0@XYYt$y2x}x>s?$?B2eH%Pn*mX}FdTyUJ#aGg~AuUwnwOG~7 z!HGdcfN}iJ&bN*PS2((KaE|zPx*6_Z#S^P;|5ehttd4;+762Ma;fQj)ljpNNQxa@t zS7b#|(*B{l<82-j2iCo9NX;UuSWxYdU|Sz#qz(-r>*)1E>AP8iUUVXI@FJbgr5aDL z)DMXcUyWgd4qfQo>S~LO{`pKN5{nko;yB%5eO7dE3O>qlZ8g5IMA2Kq#*34I!i#5$ z<6B^c8=gQCd=l4%b?HX`hwi#ZFjb*`4mtdvu>0S@P`^TtrkWwVR-`^FoK1L!fyl+_ z5pQF1@2X9?ByKkc6gP8>phwsWu|7M<-@!S6YB#fj|D;)9%Au$JUDjEbLnBeN(dvm^ z&(ncnFXFPBo!E$|PwhN+@Dxa^PYpDm|CwiG$wrl&E8&a*;`ClJbyw7=VPAo}wAVA& zeJkJ*7U&%D!dt(^07OBTyB>MF)Uzf~t(KZza(% zi}^j8K^&pmJun&LFLQ{^`Kx~ik^&87G$M{LD3yZ(Zl6!)_{CW2jmI95!>N@dUl5zF z?O8J>BwC}jG-s2rFO{hsGAsUE?&r4+kA)b3{|i-X^NdT zUF-oAX_IUhQ*ULE&5_^x!zHxHlVTW>(8#dI@k0P^wU0mE&hxL_h0FV9y0HpVGbbw^ zS%B9AHi}dfAdpIh`My3U;zaWEmFd3!4)Wp=3R$GA4irJSg+%`YxRnMgl@OK>a~xJ% zsru+oQ_dCC&)zVKI|t3H>^OCLzeVcuOko0@8$xJ<^%*hO&`fj@ zS4XqU63up$0+eGI{gBAO+eTko-Eu_ustHDZ4JfvT_&@Rsy*W0JP~(8hChMZ$O}oR; zQy%E(GL6!lX=6*>B=x5J>7mrsol-gdA^0TfpJduXro{D-ktXAyX<5mLcSv!15C8Dz z{Fo?4w6BHaqB7L$EE;fhQo)do#?A2WvMo)mpR|)A=e*v?`QF$>bDwF{)|97L)#s#2 z7ycus_NuSm1!~~UpC8*&k#FuCs2gHbyz3^b6Gy)hbz zN>R!mQ0r0K&woyRZDWrzDY;W#cf)y3zn4%KRi}`dcK_T^yq4_ncNEkIL*}aVji*f2X>)q70yQ=ZU~@wozV}qpUy+Ga+V}Ok(uj zeBXX#H~t!t_^F&m*>*h@Zhz~v9Km>d7{9oJe?&H9(V0MxGFf~bb03Lur2LrC+O<@5 z#t6Vi6`>ZB2sr4{`M8hL`G!i>#rCX2eN4Cg8^{yM_WT@}n)PW+IW}k!ox`yFaMjM* zVZvn#HUSnJb}HY@WD|Vxl+WQ$r--_T2n+?m1tX~UD2@K< z)cwDmsco~VKS`3r|3LN>OTJs1R`I%9FWhAJ>=hExo_DE%1_5m`WT!qfs0F~Y6BZkF zqa@0xnuC9piqV0C=i?WH$endlZMLoV^iBw8ECOWeFZ$vcSLsu_5KHKr10*B@zh{&_8_>IOrNWGx(}JUG7z0r*d_ zi`Kw(?5O=^D@R&fU*XW6(RMOQvcMbSUJ9Qb8l**Z8#pi58D7?|Fk(*>y1=u3l0dS4 zl{^<+a@F^+4|#;dNin^ZhzL@H{})-ap*?(&%sK+Gn?m@OD#XkFFp6*W5hEk55g*1- zp>N-7EoyNM#5|QV_RA8qqW8z|B}=ZaF2B?m{JZs?W}DV)uZGs;L4l=5Bi>&{;lHkl zeq^+VH5X=)#{`V(%*ZXbC!v{&&(O|ouWOj@?;F{4T6f^G)QKC)k^lp$=2VWs%M{GW zucgr^3TLZe?`v38k%#JV zo~`HI-h7maKxJx!_R&fXhn`A1N^1lYOIxV!FQ12PJ^3{**Pznak)&cOnYe<^43e`58Km*LB0FN-Y;>UZ|^BFP$P%pr9>ETm~nIOEue#!+{nL_N8I%YvFP|z z9m*xuKgH)cUj|1&w`Vh31zgtr`iw7h`I)9@x;^wmf;r{6qkHzT#CKs30c(zG{B~DFx}o>!pp)pJvv#qf~m<#g`t6o@{8=w<;|nevm#! z5eHNCDd3~A@~!2(JXHtUkbw5meLNOE?(v()RErHGYwqoMvwKPU7ELrWrSZFE_)`0@ z92$Or6``as+s>}BU7+Cq)KI2MLTacXDiY_%PAfV zkGvH(tldqzoK-hX5gR&p?jKRTjlwB3X_ z_`d2l66xY|hT>CkoXbf0y!~r-uep=!J&GM&4SB^2MLcQG$8NPL6(=5{i6~9=|B6nI z*ZW{X*Gq*(Kg|}PX46PRjM3z4g6!C|hvyt?y!T_8j*W5e)~1%vC>E$reHw@qa=+qT zoey3)%#GQpFN}qox=ux(Z?|pamaHsaT~fP!64fAhthQ|>?5!`kRf9{dL#GQEkYFqk>=yVTAWw==6hA4~Vm9Z+FeEp&_tq=!@RsCuN%;U9P(i4S zMUfFl%56vUj%M(?3{Zt9acotaVoS0u}!%2KDxkR6a>x^Aar4>aVsy%n^@3Zlkyty;6qs4L{$o0KJGXssvd<*Xh z*0&j#Qnn&#xQwob;V_l;01BoBX*ukBG!pSXtV2FVDlkDB6rOGL#wRvG0aP+%K(}Mw zC>Gv-yP^!gfI^IkIZwj?u>!e^|0vAXbH4T=-X~nXu31S zP;NPaQce-xMj}h&)o;=1(EtqS8t$`{=9Dp6YN%BCQ!`%G=T~&ZxTSpEUOE|0xu6%V zP##D-#(kClS*I?3<8X16=VSn?;DbQv4T0!LQz36A;xYUV1|%>Knk<7<|MA#Y?PDwT zH4(aT2hfc0+~*sN>$I5+xem0@HTs(!TR8l^x!D4Z%|+lUh=N2HQfT1&ehQZ*^tEbi z|Hp*RASK&Ex16~y71t*B-jgmY)k8d+KGJdfq*9R>SPMXaYXvOw{A_UJO1$+X>jlf_ zh3k5&O}CWXraP-#XN>l+V7qx=F)(+rh^M2KzG$oa79m;Gl7b$|)IEC++Sm_SyzF@A z_0hsi=l8q`p(4eQB>hfBhgIM0JYpBMYcSLyoUu%W|6+VWd>&krvel<0gi3DCYmOPf z`zpL$pjB_c_ECGncn?lIc4B5XiE2%483b4Joi>6@*kTss@wbL}Ds;fQJvyH`0xy~( zHdJ_XOx|21vf}>YC}TUDb7%KRd)$JpxxfGK)%re{u(rpgu$-HKuF;WNRL12+|CWWv z)0ru^v4?AJq3*J&WlKJRoHci)n*Y1qvzV+?9MaVnauQHQ`-SXW4L((NR^Wi{sc)JZ zN1dTuxR%0uDgLJN&qhf#?j9;Lb`C^nV6VJ&{e>>&r;D>58m8EbIemG8aV#_vQ8W_^ zwut^-+ziuC4~eWGSaZ}FX@}m(;B1UlYHj%mlb9 zBtt{OoI|818REzenF5R3VbinZeH@O6+0@rJ`vE|n5yN;gPX4d!QV?;d0xYuO^9%{I z_B=lbjV*e~iw^+pz?N`ZqrSe}Rt2H}Ha41VE_e{50Lu2OzvYi;WQz6yG;}jPn<3p;Uj;iw z=R`*c7tm)q>Zt}Oq`U)ftA(U)aE!GUQ(4a{j!zG>DiwBv<76 z=d@SXVOb>)^xN)MLKtVy{F*+8avx}1x&Iy38bfKG^8O3U%!ZAYjIauW9JWLH8X=T2 z$>7ZIqB1L}7$Yby5s(A>)Ot2T0Ii~dK_4+x%YiFXgzBZzz)-n0<3%jE6>Y~0M`&q$ z?cS>^gY7iLj`>1oAF_F>fmXn#n7TK=Jalo!h&QI2fR{POWRM|URv~q#d+wT>$Q)v8 zsWXs2#RDyZ!A=a)^7tNIW0M$fvF)kjAI$!i>rNl3w#lDebt~KYd-T3(p_F&Bpm|}iBrz3eE@fZ2X8f~01 z0_3v239`m_7rVs92@$wg2FvYOGu9qcPyJJEWr6P&H3r85n6Z?mKjG%eSS;*V@!0Yy zx2fal(qXno3|jrvQYx{BGJ?h6A`=Y7b3D=Ev!aymyuBN_73IW>Y)W)-&;A6n&?p(2 zR{I6bpBlyoXT{_y4}*54!58b2!0vUN}I+ zn>e@hK4n#EbUH;?#)}|DF=5x4$TsOiDU94*xW-r@Vmx39;8?jk_I(m)Ejr?(*MWFt zo+=zL4L1+2aD^r^ASZOypr+>hG=m7F^XIXZEjQ>hK1gFjsY3JLO!$f^9!;&>Zy`^q z@-zb5)Rf1mTSn@CcB%SlF;Xa=`ZL9TKD0#+gzSHxzH2Tsv%s$OlP1SSKq%lh?gC7Z z2nZMmH9XB}>=9aB*gr~QH-g?x=gzuz4>sE%*ObKQiBBZNi^oN;Z)@^OhwiS27W^Pp z)HUcsg;H0ini5hw|4F1pVIrTzC2w{{cdq^NtM~(!13pMdBPevat;`VQugB8x}Ytg-FfEG-5Fjfutv-unYA4jgV_Fh4E&*AR`SXN{u8;>Jx^ zi82)51cxlkv*FmL^kI_moH3>1%HUl?(*!rsML6KiV6c|6f@xz0;dz0VulqsQ#!7OL zpgf%)GoWD({W!02 zs731PC4y`6QNM}aSvQ{dbbP+bnzW>_yN^?5cN+Mv)#g!3MKt(2w9gfFPY=Uy@_csr z@}qJ)A4$hF#swqG@&i?KLm&~SdC*Ou^nJG)ut6(Tn(Mw9JzfAJyH)nN>tpn%+$6ok zo?}}O@e+{$DgiRt$-`uV#jH7MmSh+7c-`$lO z*=YwkDn`{BdvW~PQmlWHbbiQqtc1E0UnL70qFsG^Vx4_h7Qt%ko77olLXt8KBs1k2 zID|QYO3xL~YqPbxIg-EfCE&`5K^I%YQ3^Z~`415(>P!-)4?Nk*jW1s?z1*|a`g0F_ z=-P0zL0r@ipXl0l)@P{Ma&yUSe6 z;K5vBG}Ta$ObgIK*vc%sU*oJeQ7>i;^GYCZNKweTs&97o9WhMlW}PZcn_WiW6m zH*&}PA;o0MvVs__)xSX<2qtBQuCWo9M*7YcL24y<1S;@$9E4nLn%(4-{yWgqDdkRz5K+&-DltZx~%=NCq)Kjz41*QriJ8jU8H^?J(|L^8XSw|V`j$=*D z&}3qM;pI12J#u@g1!FU|;=Q2dkF9!PXmDI1S0T|3{>GSKBU`+l9F<_lkJ$^j0w@G9 znVx#%zZ|l%Dm4qy_hBke-QSy6YMCIft40eU)P0<(nODg#;;ZXh%@(LAzEofdh_@01)V-Q0oqK-p zz|bk+39RD7RR=O9q3;trX9X@6qx@xomsAk?1O-cyrRoE>4F0a>^Y=%)#KmNSdZqOW zEw*s~-`z|w%EBhD>J(mOK+hpB5=qSu#O|ZhOKa}ubi&!tr$0_& zyX%`ImxHGEo8)5QHFfS+w6=1*R)BHiHe*F*!C2n8N!Ok<8hP}P1TQUY446)e5*jp7 zyAwVKpTS$B>qQ>n8Ii$UHUu2KgaXFT!k~Td-M3Y!YzQ*TNh_}%;jmr<;Y>S4)JE)0 zNokh&^>?MiY8i6Xf(R8fw!Eh;@Ul@~UnXSV$s!w50D5Sr4>b?)~8XMyy>VrWJuj{kRY*$usZIFUG$`DdxqO?Ub^r!do1fh62 z634kWSn63WubB2v|0*Nu97cchaB)}a!{C-LBfO6$4R<$hXHadWA0}Qw&p2J`n*nhq zI(d;5faPgKN)CkAeSD!GtHZMQ`hc8YiAZ^xtfYH>$+qoARKC*2a(3j#Xcq1o6x5Z$ zXHpJyJ_!BeLf?J07}sM@oms0?&1lfcHN-S5|KV_6GiX@QWeMlf5Hs;)4%=feg^CWX zVbk^H(~O3eNIUAKaEazagl*DT>nL@huKvh2q|Ayj?yK2#KR0UplZufGe@WS4CnjYv zYs5k^NrJ{$TZ5e-Xq1p<>ugXr0sQNJ_+jY4n3awxm)S?#Qy^2i6Al^^6I8?kSboy9 zYuCCbcrdLi+7D#41in$Dqze$WKdcx2u<(7lr%UTTX1~kDXKi(n+5O>bKa_w|*#Sj% z`hfHjdcT*2xV*&g_>Sd4(<_fszUS8slYv(t+sQ!+?KoM}A(|zZeVz^fgN{2h>p#HH zlvrg7Ih3Z3kV|Ck$gcaS^cYs6)OG-2hsARQDAu4-D#fTH_GYj5b6$7s!v<|oXvAN% zth3pQiDtc#kak9ph5Hn`Y~mE8V>@N(HT)nJszBT|^@TP#CJ7q9^S+%L>+OCOdGdVD ze0_n_Sp%kf;|bkr;WXV=aI)Kue$u6jFVp@tYM)n&x8K@IdPB0Ym!dlLU4$9>7;ZRlGxa`M&cn2s6X(V z95Avj0MvId=?Edg=|fq()mjUguY%|4049}hyO2`uAVlfjA8EWwt|Q5Y;Zx1Tqo|o7 zfWboJ90D!F0_%ZCL-by1;tx@-yv@Q3=!5xDa>?b_KaSmJtTyY6&hDvAh78`p;TOL8 ztq92#V}@%QkLNN*r`eERW9#}*QVfCCU(BeP+)YyOUA9FtP|b9I~gN$hTjPvOrMd-l6xM#r5}KAw#` zk!#hmw?>k2@gXJz;ZKssw?Nq;ZWXar|Lw6w+E?)vCPyM(NK&`wu|l@;aRS~_Q{tlT~NJgT+HoyHn0IC=kL>o<@A(PIJmsozmD zmqenG$$GcwtCGWJf554ck2AE_!SDBmBRh?TLoH;TV|!1JWEQi(sn#KP28%Ves9LwZ zXjGKwOk{ug<)4$jd#n8e>ha}eukXv1B{>o{U!;6LJLfsHmzGu6C+$5`3OubBzEZR` z=jzLt2v@q2wBbRaG|ZyzOtA9uECyO zfQ|4|Mb1gqnOR7pS1{9RCm+ip*kbR;$s0{+;DXL^HDaZiQqXECtl{Jy5sHDdA-r#F z{%J}5ep$6CLR>9ee+nVM0I8C4?BM)btf|&Z|9xV$J#=E<*SOh(KbjHRBw_9Y1s>Zh za-tFUts4o1)kr4K`6|gMp?FB=j#4V8M-i|-ZC+%oqywaft8-{n7Ng;V88-)jMv{&+ zSjL{B!ruSMerpc#kpogr|im}!OoMFiHwr;}FS=t*)bg}SU1|ji#NmpFpE-;q>?)b(OT}ww- z@VQwCl~fRO01=Zw;x9C*+~4_FQVahO2WK>ujze>HB92y8Fluk-imRSstojP*^|9%c zoHJ;7GD1EC+xhG5NxGaYc~CL-!7Xk0Z>5BU2NzN|avA6RruzCQ?XuQgzlQDv=S!G{JNVfbJ*MfjVZ)ay*7KUtXRNL(hv*CF+HH=s6Ty9<61 z%sdI$CgRm@_!5t-Bv0#FAeEUhV!*zF?y30FY!6jqHe@V$;f_ucU0}?OKGDEk*1F1N z<1*7APC{-?KRGqlMDw{z_o54Y6pCBnOVZGODYB&7fWlpT4_LC02gDXh|9M|g^hcv9 zJWdQmuDE#au1Z)ZmieN(`Zo4yX?gB$!%d>GePieB4NwkTdpN8NY$oy2w&mJ@hiN>P z!4c8mZ2ld(u+HoJG+%XWgOsTq@@vXE3w>~r2 z7@vRhodE5m`0<*TGiz#_BTMV+JuB77flR#+c-4)z(4fs$tgm`@x5M)3b^3HB`gi2V zG13`yTS(8Mg|17K;}0VO^-aj$WV6@!MIA&*LQ<=UF z1I0`(VwQpAGjr#gC)+W_D&q7Kw=5He)2-ntB@dDUaKx2LSoEr=#m7gVRrR*Ql0Eje z;pcVqup33pFOQ)UMjvM(x1}F%u3sNF(Y-sO=-Lem&z>JvZk~;u?`o@FyKc7^>SpnE zn-prRebcTM!W#OJh+3ky5H{KnVui;{%HLil{NsZCzA;jnF%;H^K|vdR7q|Wt^Us`# z*g7C4acZ9+lMf!_J1&KkUp*Gnx#>b!(N~=bxr%*_k000juId@bG7g=FF|!!gQ!8Yl zBu75+LB%6j>3}dX>c0x=?A!*$^EFx|j9MmV);hP;CWokln3Cx`@Y*%JV^o`&UCq-~ zm_X*lS3Y_eO&cjWW^5idEsQh;Eb^8Uv{bBOX+l1PXe9h-z8l6)t!N9pbb``61MyTu zfP8UkuUZu^MiW6<03ikP#S)pG`za6cu;C!<&x{ZzxP419o&`?wugrSLk*C?VM^Jvt}>F|d~X4|eM{#AS1 z)P>**pxCp7{eRf{%D5=sZfivp5GAA==^nZ}MM}D4kVcRWhn8*-knZko9J;$Zq;r6w z8{XUhbKdto=RD6R=f@ZK+}FPM?7gnF*2Z|gG3XVBT!~0|yemPO@z38l|H5uRq(v#o zL!Z6%P=A|k;ZrhRjt|Bd+nMVEoeijiSZ zUi7{ufb$Z$;wx&Agfod7J!kJ`sOX$dc=`(6w5nl{VzN8qKt$p{emFx=#Hh_N|66Qh$W$DN=6%KX$f-k9 znhY$-!a+D`Vd*N=oRw+;q6s=te|Tu+o8ZHJiscmpLxbhzhnN+``ghTfX-SI_WPC$4 z_p*6%f!NRWhToSa7?b1vY4&R*Ik9*3=K8Q~Y=Wxt3Y6ei8uliFu(M)Xrzl=V0P2^E zQi0~jkK)W6&HODjD7A#*=5V4TFFCd3HW4_?pGBBsXrRKT+uGCrI^KVsw&43!&ZR3! zP8{6zd^9yh**UTPvzo#D^sk6r$bN+{3n7*rIp`8gvgND;L&mda-;sHzYXvMu8i%a{ zuT_(D`Gy=*_zsBsfk>zOYu3fdx&M^k-Cl06*dj3{h= zNhSAC-jHWLFDJd2OZJe}TmH`F{*XVWVmd0d#CrTqvbFWr?9Jc$s^$wkR#`6fQk?1k zdF;pp2=`Oo1N112TrQp(E&vABM(WL4OMzpfkZ^9$C$NVjotOx_g`q#sZ@T)Jy6|Sa z&O*TYT4x;2kj#STis%>{*b*X6pHZM2tf{;HTO{hU=QFk37;Tm;OGT{y!jRS==Z~_J zym`NpwIfsIfA5{*rNUauNU$zXQ(~$HfJ8XdytBj3zk-Z15|w zzijjo)3(T~p4fOHlu3y|$9ik>Cgv?d(`}4`y1)3Rd~0fr!+u#boG*oA-Nh*kkYZrB zCnv08`r5zoT{Yc{|LX;?ty24KVT~F#J<1(6%ZlfnbD z|E^DNzL2+e0LP60->DzZTdU5F0Nmt3{iiNR)L!r5wWvHbRmW6nU*CGYjvAB*yrtH@ zSpH}LvI#8h0l{kHEw&^A;{_^Qz?f{9F&5)vA#O5lWiNi^772XR&T$m}rw;wEvXp^| z%!a@TRcDh&s|;boQgAN%0mt2{m8(}3mmFki^~}SpkZH3Ct+MF9{G6R$w3~Rp|BgBK z2|EB?Aep|(k>H`TAYGfx<2dYxyk2Mlq|i$M4BidiocP-R?zzT83F^nVkLH<1K0ow$ zIuO4c1}`Hy#YJ_4Y;c+&v8pd^T5kiJp(J&LtrfFifIULrfm*Bln>)n=TkmZ2R>m!ry2i<$1}3 z0GjYI&p%O@#!G3AO$ThpIq4wR3-YSJSKBme7~D@Ic2e_J{h0k;_m8|y`Gs|NFQX7m zq;NhRqNBqH<>|uD1jW{VX4u8tRFtTo_;}0zihCmQx;Sg=WheRIoI$dR6WTi^1pyl5 z℞e+RK7Q2u=)N3};dJ3(IvgvBYm1fr9bxPn{ZpGv$nf_>B%dSlDxyAZJK$G~)s_ zNjQ?=WZe!`M~UM&!^z~f+t-H4aZ+$S_?e~pHcuZD*3;6xyyNI@NZNdE<5uV7=|D_A z=7A;XmPSU%DBRM1jkf5Ce1CR`7MZmFr2}(5#&dOrj-@Gl4)t>aA&&?W1P!MFIgH}l z*eL(_!Gqe@9?-rbAJE_x5*bfGYep-{QDaqS|v(8bcW*GsQ~JnHCBEf;%9te(K9B9PDB-9 zx)P!`Y0L@ynzre%xCzV&RhoR2M|3q+G#b56b7|42Svrl&{MyZ!wr72@X`)cZf5yLi z@C7sDlG-)iX%PkY%J@Sn7ZylCqK@cHT!274aa}U5@Q>DXX&4g&V_PIxUPIbbd+wD|qID749MY+g#>GXwenux4}D4D-_9y54XwN4 zw{`;ZMv7lOpXW!bLNhV>lwFzd+Kp#Uwf=Tse>ILJMkY>paP;~UpYw29|JeE<{N~0{ zdh|Fk-$sTJdByquoFn`P6@q3Cv&QASX7ed&lf`N(t5jw#3i8DuE#JvhBa3g;I{)!2 zVqhUIz2P$ntY*U$jF7)x<2Nwu`Pm!1rOsTIm~U~LlqM}Igiuu)=jA&k_dbt~kto*m zw2|Iudtma*?6x3m1)WT~^9a`Ur>x{gd#ozyX73J8Nxsx0p7ph2YL$_nwbvH8RK2bSTYDVQH@A;HxcNzKyawuoA^ zqmP`9`NX`NN#6gdb|Jq&00($|+x>8=>hdW3hCkPl06L}pu~+f{j~ns6ZbIvl!P9BX=XG%ObLVv;1r(Jpn>bR`N&5MW#RoPeBiL&cqheMC~SFOT_iCHk?^( zW;a#Ph92*sM+&osr7tB=al}q(k!DLo@ zEhQ?28tzoSE^Qh;%;1G#uX_@0B`nrQwSK6nh^deo$By~MN~J#Wmv$??C?k$S43~p8 zuNwT_vC7yFKhKtH$u0ByYB9W->askEje`g5!5-{R<+sf@J@aHA}F(4Po zIj4~wVD7F^_r}bQwI82I%6)?fty9CX3D!l7@ht%x%PVR%m2#x&{}U?!xyD<^OP)?% zxNZ@!V%yOkBdNYiTN{{Mo7_$E!u{?~{qhU{2h+$t)BN(kxq&(Kd8O}f%yP;xRfByg zzqIwuf!ZYM(pmxnik$H&Ldz1ub7Gq)W$>$G%60n?u^#m@9tz>Yql191$6E z*mLjP3cd+=R@Ej24`DXgul=_A(dA3q`N^aP4F2He!yc&mB;m?qYkN)cn1?kvfU--~2j$INT|G$RNzws-9@ z->v?89Iu}{9Mj72%m}3s@fk5EBXd+kx4m#^CIT6^ze>f>v&sACv zD-bw-5h^6fb+?H!dyFEH(*bq3_1wb)=^96B!QTPw8{!eP zlnQ&q3yaCi$zch*)Yk1QBx8xh)*)@_Cw-@r?PdL+FUOgb@FQCNHZy$>)TjF^n}AN`Jh&&YFut zC!1%L2N|1R&JRbdO=`1qfgv72lKiV2rA76LyBWfia?D>eiW317SqoqjoUA^udR@3` zRc{Rk-Gi-<=+ude01fju$e9&j7or6Iu*(i)plBH22QY;7sqjAaFUJDkL7E5_!kA%M z{R&QZNyNxw?JabN-cfEgA|~zVO7AKMEOnlFH)geoczv+moiLb3VDa~-$@`bjvx_ry zLyi@BblT znEC4Cyzyt`rOJm0qOw-f07vT=fa4MRn*?4G&!>%1?5xC(Tq%DF{4OV7EGik5J#=N8 z*~M`^PlWX0F7n%ThOhW;I~5a2ZD&jpc?f2nR#aoDouVY+R_m&b&Ng=UT6&m#NFUif zE^9hv$Zl2D8x`9q-wS;6eEuj7PgiR8z#jyXu=q_ggu>xmH=!@JtTi5?+4QH5A~YC> zZ2r{xq;lO%hL%pd1mYSs{?EA5_3XKk9A!`M=$$w!my5k|Z+BvK88p8u=_<42fgZ0hQ(Q^VH9@7EDzzCB1LEIDAf@PWaJE_;=D=B>BdJC4T@ROK|C%7`N z{kpNFaDFmpkX(ykV}|jXkMxX<=MpMXB(d)kOaBEf!$~IpKx7s6(0453W;QICfFrhN z*UMUtol${8%#+VJsmNJN;mNlu!RWN&ODq7X1ii*a3rWMq6>H_mJ-(E9HdhWw;&+WV za7*$O;I&Wxdx;fsD$YAVHM)SJ862%J> z|8aZsYZcxB8@d`Bffexfntu z7=&ke0DZJJhi}0E6Js1dVhV!hKANm-U>4Ru4qD+ThO$gxQ9vP7X%{_28SvqoH)atb zTLa>22sfDz8OreB(4QT0J#T%*wMO;;wJHJAVnsi_?$lY$t~^Jbrdh-OesRWdTa@ys z6pA|hV83U&m>@zxB%89myY(r+z0qF0aNXZvQunxRN!@Y{pi@aoQBHisV?=ndQ2Qf{ zfTJzH;q7yhbN|bmv)0a^U#oNL6qNmy(o*I#jk0$#9Zx9W!;vEG<@uv)q8#YhpwG{o zJx9xV*1HPr4v@gZEUq(nK+NLGWd; zgJ7&?=S#NY1_R`^LD|Gw?!3dOcy^Lf=TI)A!Jg}thh_qK^L7zqrtIN<#p;&Rk|x+7 z`qSV$Q^aW1J39ff+;>-vl(!q2`|0h`7v;rN#b4heFu>FiqG3&s=Cda3^G-WsWkd{L zXA4U(a9o$a?;MUbSu51Ul=}(Yp>;exUJq*d(W$JOUa##uuzKt<08$lUxk}oL!&l$q znXPU^W9|^3@iM-oiN(tH6s87P>2rxnnW>E* zgH!vrtCt?pt8VJ@%&%HLozZ7AgHXqgOzf*nhX7`(A07?5+tK#7yu&=EEfZ)k+HYsM zPWo0n0^jIvS&hUUijsr~=n|8HBnRJoBE^mG2RSR?3UMOG+pbxlGu;a;Y8FpW=Rha6 zn#y`SD`>ZJEa2OnT92!ga+OTUb&Tit*)Yl3MpZnRoEZEOhaRz62l}jja}@Q@(L8D( z+_z(CH$fTt>G?hK@iY0P)*%XpBNLbTdxrV7bmSdPFYMx!Zz`aJeHmjBG;DVF;I4S)Uhbt&i;op>&jD@QIKH@jUC(Q>B}l2PJ9Lxfmx_r7zmkZ3)e z180EmM75o=b^@-enZ?~+kJ);@JQMn-Ze0qDsRVL_IpUmD3@VMP4Yr+~QK0LCfdO-g zT-1v12e+9dc=m=n!@_jdW$vYb?gByV`Cj6UI1UMi-s6guM`2sw4%xA#J%nJPkt^l?f)jdj z6j&D}UDFwQyP&cM7oW&&zO`uhf#%TvkilA+v_tIQgXMd~CCEAJE~3NdH#Dl#Rd@pt(GFRf-hGn$=s-AudVFbV2RwVAOT<)t@&M zZksG^qzKxOsCQqFO8=)6i_aC-aLfz(E&^3J!e=uRUCM_)AxzMtx)W9CY{6OT+y$&S zD~Jm=0iY=L7INdt7}ZOHa`c#}+)6j;(A;XbM|tOMT;hDSnT=mmS}Mt%azMM5xt)!^ zfg~Z3E4=;@;bZ&Dd7@6+6`RU#sQ!zTs{>lL<9tzUJSx}<-LqIU5O!4V%4DQOC_mSi zmB9mp?&4&MtmDsa!_)ZMFj>e^rA&r$q_-^$&w(=>)YUI>J$mKrSD`M-K(hBZtnkFyu_a=Pkx6dSX6hJ8ANoRjS9lcJKR< z&Ru}#93c_5&+i&+*D5hNn#pbO}m4WOO&G=cHTLIU^( zkh?l-gz%<|dPi2^CTibOp|&&B6=g#rs;)$f$1U0!5{!P|pJr)qA!1Eipr(!{rQ~LE z3xUA=>jr44)%z1vb|ICT>hn%whPxW&Zbx)40AABu32=(hxB0KsME?CFQPijlW0WOT zA97<}42Qk!wF|ys zum^AcQrNgKsH)_29yPCYbRJFbANd@)fqe+KCy1TegsZSVDX`j1k>dxEjUQgaV+P5) zRzqOnT)fBiV+Jebm?L-U^@&%Z-UT$c&Njbv0^`jXL=X=Nr+iv=&(Fq>%H{1px8zz4 zdjT!$Ad0MJd|R8#EuvP#w)*1Dv@}Z(1!;4&eap$_<3hOq z*>4}i30WW?zjn}5W&hO|&H8@-^U_zKE`X-_RR^%KS_L^tC%l2Y?MW)(E&DXW2~=%z z=6s3h$@3{7TEgvwB3oVHLVR$ErPMt6Eb&+!&OLd~5SkbP0DFBDqK65!0*^X%P^p%G z0S>_xQZ$Li^;n0J95ORQynJi~MfLlJus;l)GTi7M&sh;EO*oG^5UrVY@JZcPNo4>o zQWT%n2eN|Ctx{c@NTzAnw-tTNJQ9)PSi_NFcRG>k0fg#g0XqU${$7pcCO1QxxsC7Q ztk*DHeady zdK|KxA(#^JB1$Y;d`@A&=gw?Z5{wUuhdVd!acgf^p5I@i{A zbmty5i?@>a3tj$|r4&a}pem`G0v3v!ko6g9)ZVujhhb8>Vt{w6$V(5u(iX$uYKCuL zhx)fa&2b47uVaGvr$#k9JX^HG?rtD^2VL>gjH!E{E=2kkln~UPTIGc~s5{qQ;x$Sw zJ|7rK?Azuzb8gZM_Ktm2WQUKc4|GmCISell#jZKA&w6WX2$v_4%_kPyreu+TStw(Y zh{3mY*01);6i^>%S|9{J@b&zMS8Vg^E_887fSVHO0lTaMtm3@zfa!9Z>Xb?QJV%tJ z4d`&E%AuW33tN)K=ekvG!>mPpG&dHC~%1!!>_zLx>+9xKC_|{=9 z$<;VkfLaR_({05k+{&O0Ndh1yfPGMFAY}y)sgW9AlWJcx$!cb0fiv~IOaqS1S7eM% z)#+2hRpM>~JDNm|YEIlvS^)xj9OJ<*+#ZmzcK*0zUOVZr0^H+3flfSw7m~SmYd02= zV$CcbLy|IMT*!M}1YjSCCHNK+Qw(j@}9u9)1Y&Oy0sqz)l2 zLh{P7sSxnN4V}d27&BS# z&%-KR*6WnuUKJ z|Bc|+9WnH#y;s(Q{NYIua+NBoOEvM-*;Kk1>*dsUK+)uESzc6gAbDEw(V;k=Nk7E1 z!Qcz_b@GIMc#0=P=Ldp8btE@3Bl3f6LBTh+xK{ka#CJC-MvA zz-avtOT=zAfY_SCXE~=#=2^+u-?Je@m*s+8#nFd5kW7hW+#5;20=_1?Bop$9@{J(y zIMDYIR*>cvanTad$GE#W^YMIChV7UTgCXu!w%6`$YesP~#3`hWPu6q($Dw_mJUjVr zI@md$4n&t5P%NEK&NPvcz^Ds44O)1!=Pt5PERxZzxY#gZ=diN$>9vRoy-2~8u+M@FB@*CJKk5bO2M8x@F z=e&x_Rx&PoJX$1)qhOeA)>_Y+KdhFMx6ErN1~deVIlA#o6XtKi@bOIZ%igs+f3BBq zr)swXY&>>Z21DBU8W)J7=HNCnTeQ~1zzR7ftCT=1<@#4s-xf(mQUtsby+ex;Q;-@{ z^huaf^qtzd;Uz9?O=guo^{c%BWOmR3;ViSey-ws1;|rFE4dci}i914V-OPuhtuM|# ze@^UGyn>!iw5>%2&Nvqm10&b(T<1qP2jf#XJw zN&%Vry}6T_6!FMsPdr_(-n#4T;(VY%VE>ldh4b{5FSg2S1j4a!*?5>SbAAEUL}&b zN&GhzefTx%BQL%$uK@rAqnn12oOfJ9Y2>oFNBWGyT8}(I=3T)qGU&#B15bLgNA&Pg zXtgcMsLplV_^p%zq)ZQ;7sAP3{@Ojj(c*3X=)5dez;(OK)%sl)9jc1ESw%ECeMVQenVtF9_7&FnrBaK4!+Ya zn8}KM)={mR24le@YafQbVtI4Hk&w1U@&JvUIw*BFCI>js>HGQkf z7R81FP#T)TJ*dsL_1OKCPtiFpUwks`WUtg2IGt0Mg$Kki~^!66EfAV?4m&qFvw6CEVXjhR8T0BVtr_=UIoR4b;!#s~rLXqQc^6Yfo&?m&Z;_!9 zixN6k^$Ca(>!|gYMIV1FRx)62F74we&us^M+oaqb*n_-7KiHA27!kbVB>f z5U%gm+fibY$ zot+x}-tPHm4O0>U{?QHfe3XUl90JH&x@(XUU)RoyE;ICX2X4&t=-_L4Ng`EjoES&^ z@#Yu&_o@DN4!E*~lHA|D-ET6k=K3*j`XBd=jLcSoowwy{IP{}xIEJs`PrksWK9WbI zR2Y~hGIe=ydwDynxe4-c0HhUpVK9D?0MA z+88ELm6%BKD3wJLA^g%7Yhg`34HMUyHzsfdop7T;hc`lige!tEbfaO<$BtM(t<2;+ ziDK;FD=~WA2V(TcyFXsaWN0mZ8)7d5k9C#vBZ)+^RY3mCL zmk91rR&gA6)rlLC{k9wU7M3(H>c*DjH)?4vBV<^WeY&o7YUCIcSDUTX+J39<&>97* z)UVy=`M~2`ae_9#_8W2IbF>w7m{$`h-F3Cr%D?#q{S+sg#|*mmU%cJl5ik^a())1h z5`dXnEc6*OX-&qMYtgCt;Y&EEQ~$0#5f&Z~KuLW4E+Qe~YJ-L=k@57xvoNaZ-jIBg=N47ZCT1Uz<8FNo*FUN>N5@_6B0V z2&ox+jN$TKt>Y$^BE8u;UC@t!Ev)p7x!tSXh2`ZtZ)|nkoOa%G5#{s@#@}`7j*r~0 zSCRO8;LR(mm1Av#YHPBkvq&zAMRd6Eg3eID2ZL%JwimIQ z9s6H54373|;S38aCn5>cz4cZfL%(gD#H-3-I3Qlrhz)70W?Htm>~4z(6$n65QVUKm zR)5V7JMgdv?G{B3h66v_?6+zfj>C>;;>od2{2VQcH*;s?CI*54CV=q*ah-6@zvb1p z^P!lrg5Dog>gCPb7Dibim3D?Ad2kqemNEPT zvjbG7zB>5|Z-k!TcSv-n$#HLWIJY{JR2uu{X4L?!_DL#`cE29j7}Gh}S@xUT@{9YH z(iN!n@l{y*?*yUO_W;6JwCcC$^0{FsB7%O9jhOze^%WJ%0LOb{V(6+HLN-^&v=WdcYvT;l(0xzP1u!IM4F5yj@*s_;N$U0v+|C z+`aB4n*#PLkK>=N8+OS$a-%M+`R^#qde(7f`4iehT&ljh(FI2o*Fb7)52YzxU-LEe z5i_iy+Cv)O8@)2}NyIHQw~MCfl)2hP-m%SW5N#10L!#BwR%6@GMshZPIhtX#m3X$& za{Ft1IHkALDCpzw5vI@qz)G$Ew9NfUXxC4B&|YjZ7)^=;ifR?k{X#}d8pk1PZQI4Z z5LB(`X~#WT{ks(jPeD3^q~3nRRI9~6RgF{dHmT{cT8U7x`)$)jU^9(C>z9#5@_)I_D3Z8Tl|Yj@FUXl zT(j{Lv7qykZG|gpJylY@{oBv?wCo-G68J7P`irI&?|O|kuPOM0Mv83?{c3mvZEfZk z4TfMZ(_r9RvYfu8^Y)Nbj}K%eH8mCJUlpT>T_6JPCH^GB066oV7zVHF;Vol|*wAnz z#hcrcI-NLMF~5oi8()!je)paD+7h#X$j3CJM2xP&FHj&9E>Dae5r+?8?W#P^ph$Ga z(d%lCe#u46(RRDnd?oi08)mLtcTIU46&5Y`>xbFzhzzqJUQxowZad9xiFmfd}DM$|lCJt7H{^Bvb??L6q{ z4&AXOu6rp$7%51=Sv#C23+Ntd6;}OByL_(f(5uAnfja^paU@diC`LdZhRcsW^ZiK> zxVyKsQARORN18zcjlYA~LH1U%qQuOZE=Q}7E)F8Y3lg%3@vZnFDr}(tSUogIVi67Jp^+tI4KVg-|+?9#G)nMg3$NI z>%^=edFnekn}2mK3rd0(OXZRtkolQ4&1w(}_^Y3xBEwHeCcwv1Zpj*)f7Md zsdV*D8W#nIBM||Cavxx;R2Pr$8*^BC_m-!nWbFn%`^(076z#9G=T;+|{-M-rt26--gbv&$e*)s>YJ}S)dC6QtLOhwO^&EfHZ?&-|wAx zjeT7i9`3-L7tyxvL*8T(8`ms}pe6Hc3tCV`t?$B+(s<8*?sY1}zbi1`d^mpOG0<_O zej@ULAMU)YMdr*~?WH3dwjq77`^7!yi?c1Q3+&v`L3C=HmU^MtWBka(A$9wNd{D`e zF|o(jQhuWy$xd*NbVt&hF-C6p*`WF9b>Gaa3vqtMX;-qy2O0pQa@UrQ;e);r7bv1$ zP(DxJnu)NVwE4u@;)(lERCE%N3TP4+UZg@%w?{+AG4iOa7<-I5%L>y$cEB6-p6Wp` zCNx!3k-$VUZy`)MZHbt{mc}hx?_mM%XxZq}dci@{!FfOCSN8?=%C0|1k*m<_dx2Iy zTSPKYu#6Yct*~mpz`mqd?*2M|jxroN!7WV9N(i#@@<2|FHAm$Y2n-mwijzsP8_9CY zr<#LpYtD`)`0^0bA6sk}Zt>~21gMyaO@4QXuXe6FakIL`Kt@^wjX zDR_>}4dV6Y?g<4TO>xM5Xhd~~ zUn0Y*8Ti8rLjIPj7+NN?s7|?n^Sv+Q4F;lz5r2}CR$`b@%|s{DeAkl6yh1*Cw-h9b zxUxcvee|M!15~?7Y&Fp?sw;P zRlJv?eyE<;vJ)$;o6o(f>Hy4~EV^gtpXu`FJzPNALB*wOa7{|egN@jnBJpdKC`qw^nUy@j6c#@k=?k*M$AP-}aX$*F?vD{@ zAUsOvOopvoR)lp{-FlIm@o{SHNP(3E;?{UpreJXH)Z4ah6p_Pi_* z76PYeV0BzHp2lP<*zqiAm+$$MAhn(SkBK`D#4=UGW4o@$=@+w1$m!Q z3Y{PgpNv6lc_Wat?=p56_Ct3h*j<2GhM$TEaQqMmA@*EaP?nUr%<#-sPffy9eCMu> zvq6$&1}q9WR&A|gCMV(-imnb#&3-v~!_9&h)r>m5i~<8R>mZoL%1 z&uHCRMLP4%6-!dN1YZ(H+j)t#Ay(sZb{%_a0iutY>m0NOB}3@a$~ zb)AU!wMkz|J7obBUcf!8iz?=tA^4kliL!O_h#gm47E*KzAm4Z_Vg)le`XTd zWarU0+8BKon0bu6=icJpUuK_S(BC@pIdS_VrG0lj?`|f@OR~2Ue*glhcjnb*pS4H- z$i6GR9LEc>(esF%wu%DS&BcvgSX_hb7+ecpmx7e-kL!a@baGc z>b#Dhj!=evDW+x;ZYQg4{&NOXVq}7i;EH}LRhQ=CFyPMa7)Nonup|H7(Ss0RMW+>@ zJHrHi(oyjv&>^PxiTY+vW;gMD3Ug>0$5T*_Pv_^R- zF<5O1Z&Iq}M_by7nXA_d_~sqU&sJoCvAvNa_lV#GS@ed5Q|t9Rw=H*|jp zTXZW~Y$B0}{;kiM@sv=@(c4+FRo({hLF^3kVSmT7Jk~Y&MOf)o5JxsvSEKw%7OMk9 zq+p^#U2=-1hf)9NGwaK2ad+q)Q9>Q0krjQA=zQKvq`YIT8->i37B7Mf?M%}KBcd2N z25`&?C~H90YLz3q4|%kaNtiQF99CxwjGt~8llThbqwG4Z)qsoinX@f~;f-oKuLYTF z&5MMQj+WE%Zh>Uc@wp*H)iY{YZlj%h_xjTDfW98%$dKeS5 zPUlw0xJoFT!xIYB9c_ML1HJS7RVq5}O;7kMR@De$V9h-G6Hq>a4IvCg@>8SzBM8C%^iQup+17MT&y$sV*U=&1+PCq*OT#BZ2v# zLw_`Zzsw0E-BL#~$6jVC)gcbXWXL{g8K$t!F^$seG}YjA9is&YIrL&y=tSY1ULf-mncVH)_3qy|Kd*{Vtc$ z+A5Aw7njwBR@xtcihLr90N))mjs`H`me@?^GY!fgZA+L(9m>c3&+)P>;?wUPI_{F1xXntB3Mc8Fcv)z1Lq^`iU!oSTIxK zJ02JU8Fwzw14Bqd@aTg=)sG2vCtgfx0du){Udq^K<6e#h>?>f%`1p`khsTx$lFcu zLYGdl@WIp?3dAB2e&Vlj(|%Ue%ed!5Tp+%y4d~ z_;Qps0;v#eF33yJ>&s-ns6vd6h8c!riPGZ>v<G6OtHQu{&GaI#V{r8@JQ6 zFCPGY;el<6T$Im4gu^fzDt762U=4yTaHAGRSE6Vn0@j=vjc@aOtmVBtgUUM&XT4Lm zTEeYo6}IvG=2HH8XVch5%g5kEbjfqU;EtYt*^`dH_h$t2T43{?cO7zF^-D&;jr_2h zgmYi`*(E72_Iq`Nk*kgSeR6rF>-wlTMzxh=5-F3+kZb|g(g%Xeg#Sl3B>iL+^CW? z&OR`kNlhisMP!2rj{w~p8s-)+z^Z)%RVB_^c#s!r3}q1-BAg+Mvs(H_l(?SvnJ>J# zVl+hvDOEZwGRR%b{cFWcxs}64F-bLX)?I0+DWPvqy~wTnxfa9lYcdCe+a&72w~6E+ zYrNQ_g&MdJn(z&4oiV;m(o@z3E-iSkpafKH?R-^rJvSaS&A}Lmw+=Xwe_ws<9u+fk z%%d=4w5YaWN~2zy2&y9~x`3E8Tz}t88+3Lh?tMwmZP$Ow+zn#TuyH}1X^C3>seaS) z+7?e*APb|}(a~lc8I73lRWaDDv!V5=Y%#pKBvB$PssJ8n)vOFGoaGI@Yb+LC-vYc5 zTaeLtu=@ME*QC^&TiHE`p-) z>Tw|;fP5>gRwJ$3}KfB}=>(htR< zvtG11Cy2rQKep-=D~5$PoV(s zYK1xcupNJh7&B@|?Pwqt_G7V3jXldyG;I5p2bhe9q+`nbufxalJ5_L_kxKF`6qCQ# zr?7@+kg>2{&Bc(d2WgJ{913>_g5)5J2v#d9OtxDM56iMZzW~~%mL1$Um5O6-_^Kq-%#Cso;~}y-3v4D zEUrX)&Cr;qs@qn#Z`ea}t0>G;+&v&%JUog1bQT~rkgy8UZ5d5O?im02$y2!hvEme} z-ofc*3+)uOk{IA;(}{LdLq!BYGQbe`hHFwQG3;Y>wlb{)v_SUg>AVkB7x~rw5aJ0n zQdqpONw(9=G?UY$VE^|B28Lrqh#p0kMx9r(OmHooB2}c4b96vSMnzc?I&QM@)VA-w znT3;=t*{^yix=Cg!RTmGZ6b^1Z}!Up`dDI=4kSOe_&t!vyN|ENX zb;g3S2saM>wr&IowC-9{nyBnnGK%krXPr;u1<9K|d6b79UtVC$J6`#R zucAct!ojIK)D07Tl+hES8zY)wj?!{4%+%22@^3%N5PehKRO89MjjT1$q5xEfG}h}ScCpjN(}-khBi-0i;m z4F99!u$-8m&V^el+ZcsSI=?T6otm{nIP}%O30wM@*Heys59$*@=m3nY6^3L+?Cx#@ z_x`t)K-C$kf9NV=MXI$xw4-;s9I*QUB6**GS>C4&O{@+eXib{ebN~Ru0F=C{>TVMN z=9wWC*_QgFCzAe7N?83^&o zFs4YKwv4uzQ{9bMYM@+YpBuEicVBAwV@XGt)_ZUB0&^CCQjl3JW!T9rBE=UbMDowk~<%3?<2jmch z-LPNPwjtClMP+n)ovj^r2h)$IWCfqX)O9sg! zO6~BfdtK~^&6YC6z;^Ep2JOC+*y-(B^I$C)@Q51<+cI)(Dr0eeW#t7}zjtcC-}UIN zmCaNc>VLn@9tP%rz}mc%zS6zCseFv{f2J`DY#Kt99p(R6MW%rKmkwO|OZ3d*acwV- z8!FM?V(M=dP%?c)4DVB(2VtSb?ymN|iuu0V-e1J7hVwQs!TTQGDwHen=4`G{l6#x{ zJ`4oc>~?Hq@}3v>m5xS9pxx20phgx-kj4;6dru!7uKrAqH@m-XMb{qSy?TR8t)F{7 z&XnILn+)0{T;mpg4bxIeIH?24<93+XXzQ+xM9t(lh(OKe)ZWt1b-rEcFK;95#5D)%q+kxaV6ve=<9^rgaqc` zb!g(D+?>4P!)7>Ai(H&DWJ!MP!$W*a5o3`ci&7`2?AC2Hvs~HQOUWT-n&EhD+%!YZ zsFqFf_<7N`IUXTr z4=v}c0$l?&VI7}`z|3b+teGs#+9P#K*~LhQ@L^#2gxY#s>0J{@FICB249{wJm zoc#a5Nv}m?3+v&Oj-f;!i)}sgh&_=P6kY0?)#Vq|byavo&Z=)w=2!AZGtC1#g-MKh zXf)SnFgN@+ebrU|L3f%gSj?XH+5-wcUfo;JF(2MRk=tyF*V|5;VSG`$Wn zR9?IMuBa1twYcplu@&)?c$0LO6ca+7ZB`o+A?o>#hF)2$2VV!( zyrxM-HFwuBuwuXw&v*iGol*0F_!Ohcsxb45%YMVU+L$piBWJVA%Z&#T>p&_Vvxl*C z#nES}Ppkd{ke$k=|?iAr6lnM%z!pGu$AnJ*o=I53TF z2EdLs=^_E0G`2CdKTV&eVG1x4>g8iqF}JECaVNBs)?x?!UK>nB-UOvRN`p;6=HJd7 zW$}L9?+#ACFce4kve)3AC*G=$1El{+4TLFdi#d zSVQ;(aDOg1Y;A9_e$$0BdtL`fF>>KXg|W5T_X~0geh2l;x zWklrC{>7$3=0)!J$8EO4uT5kIe2!V$!2*WaE9fuwz~&0bFAKe7gD&Rf_+5nGFQB}5 z3g!WKC%y&&k##x<^4H9X!0({e@&%ew#oN9X;q^^HetwiR&h;9IM3M|()@kokHID<#151W8ho_t8mdY>g4cNeRqJ?#`rs&ajNOZ{S{f>>Fyhk)f z6@!V$26lm`y6p<{1-bX?Ql?w00wa;Z^9p=wkz!53?vn(NU)2?8C=z~^WaR5xR{d(B z(Ci6o?Dz3$SBiKH(W3=zg>=%|tqN9Wevfd=Ch^zDBi6;)NoD1t?nc=h zn{6CVkuGR+52mD5>Y0~f7#|3^!#dg?JmC=EfQOG~x>soEJ^&_M3$l#w1zi*kZ_V1- zIIi)C`ARqrod41X%uE6F0Ys8ffgi6@`a*35vb1!BHN|9pb}>Su391Cf2H22&v@r&H z^&x4u_A)a;uK^KPDVtP%f|hgsP=39apMwQ$2#bFT-%%7luJO7f%=dnLjO3jW>~hB~ zS#5QPs)jCr1>rsO-%Qt<)Iif7WrJQ;(j^omrKNbTT?c?v9!C3slgGxY=jr(NM~(Sd zrrme#{bXX%@-h~T{t3yt3J{`gP!j_fScnu1{^f1+WZsZubgl6ck9tlL3d%@ zZ;kFylrpU$CSiSq=YDi+m^#>#&N3*$#H79i*j?IC>FU0vHX`&6++%an)xM9*9@_190ev zLxF}m2D6v1@z~r62qof0F!J3OnW4!oYC50CX8VYkR10IT?J#Vr_fkb<3X-tV6U#*K z0+E*^E9pS)`_Kx>?cXy-&48L5-&jDGzt`s|;V`!KqsHas1V$jcnUR>@5=csp{o_2q zmtc<>jw|CmV2hPh1O=~O{_j=xK^_X)1?Z+>Jzw^ncf_1lO3c`Rp5Pm^CHn{ldXCic4zC-<_4utIqy2-?oL^w1oS}*QU;E4c9f$tL#vuQt0 z>5iSBiR#?shopIPR3x2*$tO`*qRTYjue4Q4Z5U%r4>xMUi{ogo-Byc@nUMc1uOZXm z)Z#ztxsFK{R>1LX0=BGfR2tiuOc(-=$iH&`+%3`NVIQ82`qD?;vNeQ#<$}*Sm>v9G zjJ)|~w^-@R2m{P?NCGryNm(f5Q|&IL+NWULviBOK2L0{=GfJT~bKfWvgQCt6nl}(! z1#aBd?81|`rr1%ikh488?!r3X>s;eoKP4j;2*AQFp6ei0Vcw?O+S#;!X{fvF|A+Nwq{;XR79Cw0gVh_$8`Q^c-7fvXcYe6ecdjXv@pa=mV)R6?Is$?}g>u$@oAYgaw|y(=qdHO_yzQ%4I#t zVz$*;>hfW3IOaie^L+|>a8&rCJ}=|0q=qHp9umlv zfr;k27phG?+>PqM(cdi9XEMnKW{!lxxUhGjN)m&8VeMVJ!eUnvS`K2^S@R4v9qNnXv3p&4 z_qD;JSKXPICA@o`tW|sQwW}l0| zz(!WESLWE&oezYzKq5Fj<}HZ${VQowa+ph8W5KaTIYP99@yP?g837=Uemv$-Fg;Qc zV}M0?B-INxDaTK^HU8RwN+`Dy=61yZObVF3At@6Lx%N1&ZIBG*)8Et)peFdK;nwYl zVc$r(j*yyK{ONI&lP4-Zb>mYaUw+~5Q0cBkcv5$QOE}V`{nAapG8^tfA<(gd=$con zERe;=2$ag9D8If;fRbH&y+^*Vw)&%*eC<^3dZziXelp+{)x=8LtdCNbgFEu;wAI2f z8_d1v=3P0&Kxo@k%a-FHE2%@z)cf1goL6^w>PfN3v%9s=Qv|)>Z~alIg=rJODDN>} zt2!TVy~?) zaEfY+u|d=zV~+ja82hffnK6>dYrkJB1xRd;xE8l+m*|FRXeK2*ILEF>$iT!o#(rLZ z)Y0s=jKyIkR*pZ@BMR5}!FhC=r#MR%ZPex0P9hGHK@XF7LezGxP)>^V;kg?vA5G07 zMa?Ne>y8mYIULkw&qyYpjQ%cVxcD$!uSvg`E0%jD=O0i=U1tkNkMiT=HaJxDTMV&u zsZUmJdr8S;YLCOC#g`xPYrqphWl1k??Oyo$<<_+z&6J<`$^y^hhb7*FaJ;3o#W&&| z*Jcy)TLOAoEL!yte}q`M z>F92~Abhsw2v)ZGpJ2lf9r52I07FppetUIRL%6KY%LJbV={r8F>5}mrv5DS)3W{Re zk0yW`xLX@`FBGZOY_Cd*yo~afs8w1x#BqW@@Ai(Qy4WH>@Y0-Sp&5b$y^*rX`FLIn<1Ce zV*)D*8==NM=8W3LD^n#eIXw3iRkklWadfKU9#DoIr$Qc3!pk?<@pnYmkoniTAr8*Z zNQDa7<3nVFi8Do!_xBhcNX(Bp9?y<=te&CMc!9NEFMFvDj#*MG0Ywr8ZE+v;tq*x! z7%8_FwcQ{T71qjF1XvQxkPT$JRM!P8S#+c))8s{h{94q{IlJaT(TPf+AyA$PZLrsF zj~^F|VF}QaWMf>tk6?|}}cEM$MSJ-AOS3wKx1?J?3_z2o1XOwR)zD zaXhPi>()JG;`Q22I>SBi@;!S+De6TWIhO7YHxI(~KX8>k>z#NA{o%=*NbA@aJY78T z6vt*uFafvIx5sdrVt6ns_4^${k!pp;=N9L?Dia;03;5tXI+f!Bahykq;z6nN9}*;+zTdfMviP@+n=;z=BT4dREc~i=)@H{lZ*p~S z26ki@ZL;~~oPPA(vGuLw#7T47+4MQOX7sn{2)XHTv3odvC1EzH5p7X@D$#DDvMWRl ziqw3~r2;@xo}YLpS>lKeEH-%!1$uTmWLlOG*5cNrL%_EYKgNRR0rC4JLj^vDp-hw9SNkz(u%7{c z480mxr8&nWSO}@Jrxd!6+5t&r*$@S8uxZn!uN<*Gh&h1 zE~TF(etb8}eHM^1VsHDR|9YXp;^*c!E#3t#uNEzT1t~_(XfhW#QoaClK7mq%+*a8n zuRBqJmNSM0HdZBiZM;Z*(YI3<&`C2F3dd@!bzcQ|-EJAj^&26SezfPBQAgfMt22l$ zTpu;ESWUf9=+LtmU4zic)a3>iZfO=!BapdK8CV&;cjcP zDsM?kUKvOP!>~{}|2}XQZT^Ye(8Xo)KyZIH?5HeKfE=xWpA$$=9VrpfS1s|PuwLTX;w#=5YI7$Z0hhM-FkI zgjmSN8fu+A-^vu^_qhllT2gFE`!0LN+W=N}aOmTUcaIN|Oo~qfzTL*dY5_;D(5_f{9wvLT=qgdXU-Mji#_`$WfjD<3eQJ!lULI%JWi@3A#Jw2Qd zEt-)G;LLeeP-h(9|0OhIJ1Z7w%0X^gjV1Il>p_0W`=KKN$;nF$Y!94D>~waYuLl+K zreM4foTv1qMp!gXEM49wjE+c?R#&f|s1SCv%&_#$Yz{;}(3i^t#xV-T-;IC6L4xIy zleflKenQk}dVU$aXxL2dxGfp?F6Tyi2>W{9?PVcHx>@MRm7%K~A1B3nekE~#x9@{+ zKf~XmCka~Ql~Jmr+qVzNrFRCNmTHxd0QsHTQ(8bsUZL9!WLsFV=e;qfhgR#uXDxom z;OWght7n3CW&+zJ|6G1s$_9tiVL^umUHtd7+f zdRVsRdg7KG{l3{{`NI!AWUTQTq6~S)_aZu0$KG>Zzb7rAzR|7jin=R*U8FDn=GNW6NCebYzlKun#c3qfO!LLU8Jge=t!73}ykf8plDR#|29;V*u; za`;iFR-^PG{3MBKjX&i4^Y~_nIK=s42>iko+oR$ROy>^yd*(;k$Y0QenqRkCyy)EY z^h0;b0D)&LuE2sVlP}YzKXjoMTR+!SeqU&Q@clkP`>M7x&dkJjwMuf_mPd`Z3wBW8Si-Zg2$}P8U_%LEB#|a0 z0x_khw}7^R3vZn^sEGTYRa2NI%sk$jN`3vUk1y-`s#!N`s(YTm#JWf z<+}6~Q6_7-R!7Nxr{y~Wg!oimc5#$KAj_Sv^b{ZW&_W*qQDf|E$$mg(p~~?iX`C@7 zk$Nyg5xBxZ&WX7fhPV?BKF1sdLO)(#m{DBN9XvT0Ebjbg&605qW#}qRLgXq}?dn$U zquUX+fj5tP3B zQAo%ou{|(m7S@EWs7(+!{W-;*^T4^lAgc+UL+{3^^pQtG-bXo>eD4cyo%d;T+Bdly zObC`B+`f!0JL%L8hK>kCk!6#Yg)>&4w(4K}z86}ZHXl4-dGPAZMxYLupHX=1*1sVg z&GurxdH+q%Fvs<}2qcQKlFg{cX-!0X5fY4HJL5{U>e5nNAPrZZqpOPNiWQ+tKmY6r z`D6Dyx<{F3@efZ6`g*OSJ{|azUCXmf)PUD$an85%+gF4gwx1tD0@(!C`oatdno88M z4f%0{WgMLRh=d#kBSTS4iNHdm?C{9nO}n^#WsBblUdlqA4K!i$oAb{JEk8OTl6DI2 zs#|(2Ht9G`%_JH>Ee?h%KGwayrT`vSIQTQHjp4P^AI-#6=UAZ(Jf7@PvGja<@eH*O zo2*@?_pl&Lv#|_#=ABeM!{-{B;8T$%fRxs91^`j2qxS$u`4yS=G(=Z%M! zkNM(SOU4wPx!%PpVkMvRkai_mnEltgfTdT1-~$K7R+l}5=Y}`3ajhnTDp?<{M*OVg&O=GudJ`5=5M6q~|tlN>HHXr{G=i)5C$X;+$G8USPheysv$yZ$( z-}`EOr|hlp%K_1X2MA=1e4qHRRyXS9Z{2@#f?Bz6tM!(;U!%?pm+MUXUvFTa!(YDs zoOs<+ewsNkb0?zgwA^Xs>QXDJ1;@*5e>Krr7{}kD5hiTlx&cft8{hdS2$1gAt#)cU7h(I-|piFClkf~ZUzbg8Y8MS4l z7>BhE1`^&H*i?XUjlwEHEj0&81z=&CWAhR=HrC=*CDB1Nl7TEuUori*#MQUN z+WYB@1BU*v4sX0IliT0lx*T$NzP$T##XE1k0b(78yRdLsYRh{0>HTc%o;?Eg=u2V z^Z2?aX56t}+!9_{7TM81EPf7o?oSz9m9S_|rgD2+j2F~YS-TzD@y8|vlb(+23f|9G zmU@O1-N6qzREeLHDsOVgWXkyBKM6xDYWH$`kiV~c0IJfPsOA}dSzkktE4!sPhuU3K z@HE^v!s>8J zv@g=q*>D%$8HP7ryli?5#!JlW=vbZC`A@!~-Si7~Dvnv{G%vO7aZ((enD~Tu|M}tZ z%O77yBvTH*U2|dG{c)WXpx&Prn!=X910&oZnyXcNJ-gkvH|B8rd>+%m)*>||t4Vug zw+XsZ%%O?Cy*ia*;ED4o1$WZ~F+V0;3ODV{Ee%QL3H2Ew8p0o$v33f25_A*gYxPPG z3UpBqe2As?RD0SE@3MI!MxL9@?%o{zrZYal%SCh&X@E4llm?HC$wrcWdvg-9!6HCF z7|oU1z9ZfFmF26WL?jBkLmT;4r>Iif^np|POG_Y!1StA;r`n()A``u{vPdajJk$QL z6N6QI=aMhuDTMImc(5a81ikVK`DaeI1rJ#DhPn#6kD4-6vxwzsM0O8r(zR+GjQl{u ze3mI^a>8++?8d)Vl4o%wrT0}&%Bz>vWk!BykoO#mH2n_e*&C(vG=GDgQ)(}2cCBY9 zyvc?iU)Tl|i;$8#BShTLRmdfWfQ0LS)g9AyoB+WE$}k@G!&FX@UVNlPn-a@z&d&K| zpYUtr0rdhd*g&HW_Da|j;is#dwA~LU)fy#o!BSyK3;$hLe!H{_7iSW?L79C6-sr22 zj@|gpQrhfb6p0~A!josA<*z&rZq8j|PKla3fU=1d?cb}ScSS~p1__p#i&2J`^Vs!# zK!UKx`TbjVqi1Uk!f{{1J0csyW|uW#(vRPBJO6I-Xs&Qp@F7dkU3mALYAuZx>Wg4Q zteufuOJHnf!VHnM_&Kw~*@7ajVBNc>0ntuW3l8$vqZ1m8*V!+Z5AtEag+k>yq$hxo z2;h?c(o;57@v%nG4x#_bih-knvZ`ZAVRLS>~9|{$u+5J_i1x2#G2I;sj z1M#ZUTZ9H@2xXnjf}9Lsh~oH$N=?W_=ZURuXhX3y5{P(kQe0+~sccYDbn2uFQ>`j^5~)+z@6Q*l=9{Zw^fk%Zk1uT?RU~Q- zt5=Lfz2lT_IEB7A12$fkU-6#`0#VRzIFQgw)Glogmr9s{?G%)*Co_LMIXo+hR<=a4 zAHVL=t+>u9t1Z9a+y1hiU!&Al_A^FfZUew`=D<{#eNrqR9e4D&eSOOx5v(y)NDRIq zG=KT|f4|cI5LEia@76EiPyLC5^q4Ga{J7F}t%PAe2hrR&Gq89Yp)rY#Ui5BFS&q?| z6}2+&Z(198+G4ybezp#L#n8Q=u_TXDC26h#xG8Es6_OjSQ31fr3vG;g=7bbsPIspVw%{9PGk*-Q)YxZ~S~?V^?|U z&m_V`Q=*QHwGOza-TOEJfL^sjs0f|OQ>#B}V%+AuOx2?y$dEP^C1sp8W&NMfZcEH9 z#vsLpH_zk5DeAcKl)RuJ+QLnH7kSE?!_}zRLo{Gm;%2 ze%v1S^5l$8b1bL=X~-`WdO$3{4_4-AjoGc8l&oZJHLGX$Da28)QKm^ogNG|Aiwf4k z7{gPFweb(bnpJ6(auf=apf~JRQ-0jYOH!Rjm9)xBnlbyG9Vh+R=8zssQT*@9>_`Mr z@6Pqy9w^$|U+q0%3J>Mq{s^rrT+GkWiPxmzq{*m?rIgKw>Wxa`Hu|ZJC^4GFh?+EK z@$757pt&I4PsZ5Qx~t0;#mo_+agJ(b)(7@eJpWsPGaFWH1l~ja<4pumrS}uYvpW z*JduJm$i2|z;BUBIy#;k34yqTyf4f66ji_2%+n^#h6+{Q!b;GWhNXST@5(dFfFncg zw_=;pp5vz&V;M6~->hjTolxVUD+?6R#*6Y&j!h|vw>SXI6?-4M*1A5cp|r%M}xBu9CN8tlzr(eCT^9*Lw=dbs&{~^ z3Y3);z4;?s(O8q1&PACHtFZ)6iVL-E0jqRvhJ9LCL64~cXc|)aak!T8GyW$vLZm6{ z)XF*0#heNvX}ScTDCt}?t^~0pCH9NDqpP&xG9-g*qtcE4a)JMcV?axWORIjHC5R)xRW+w6qFs-{_J$nJh4CckzHPv;|CCmM8~WLa=Pt{QX?uddJ)%~ z^Lwv8FaEm}xoF{3PznnJV(JnNwwM8=MFQ0BZHGiC+)cubI;FH9TC*(j)V z+Zo?d+ZQi`O6$msqCB-1aj!n#j3TtH=-;nALST(}K&7)HAVjie!#*IyHv~zvG`0#5 zx*-i=P+;Td+tt(46k)2M@D$-6BV|+NQx-JNxqn)j-p{FP7zokS?Wqa>JwCWNWaSLG zcZRM(@41(wA%Wq~-)BYw(LBV(UL6+oHMRMn{ScDY^4?xRyueRCOB z5S2Gb#|*}8eD9lqjuL3cK?S>$ml`oEWhGrF{iV%7!~j-^`IIL|MxOynJTf4&a<+me zSYvG3!5wpT+A_C=9*EZh@fPQo&}dhZ%l3IyC#vX<23Y}Qi@C9F9DU7z@2nJFj1&E+ zoRe;*Y>A2Mhz%W4vE$2fJeb;Cs4VP)Y9#;9(;`5;v@KW@D>xmG1{i0+0 zx)IJYL^sP0L(cQR3r5BZr^VE1*=n9l%bPIjXgoG1o1m@4kt`1bq4CC8tsnrWMz}cE zXIkf-GSkbfSn!O5=*B%-Jc|vPCl=rpqdk`y68(H0B}EUI9vYXMHL ztzF^55s!^*aA_h-nMhP8F6k{y8HepMV{j!W@-L?khMP`^OfdnT$rt%?%Q=Q%Me2O5 z`bP`#uzcb}Gow0QA=uBb2De6+uHU2SaTn2Qtdo5Z-3SR8ek(mde=;v-56Rcd1tW(r ze=im%W2V?#(E2&}t!2qekiY!+P81!Ccw84B+&qp(SsvTnHa1LACaV1)X;#3ehy&1& z(=tTb_(J_XG#zO*X<~Fy?FOV5&~4)Ul4gpL6e;i#Ns=-e+fI78#O1#qU6gzi7jmX! zEx*W|^W;EtU?{NfQ4@I{$8;rFfkgZMnteEhV-$D%c6^LPp-Z~09QX?!NR7$_``+Kw zFK=c8tA;3nN$ZBo;;O>a9%16NfUiNDfNNn3E%hUvVCrwOE8|-V9oK;PD?sfpG!q$I zAtnJccvD|bfu7YpvoN>9gT_8Cyd~`sBitRMVH-`Fp9RRvNnyB@arkM{cOTYarp-;~ zh5qf}xoBW%QKsgO3zhEt_YhvcL~V87M#-1X^rtqEUD8n$WOytIW;XXMJlJ2Q&D7e& z$vohO8>G9i+drfu+56u^%h~yxBDgM#nvht(VEKoLa*}VJkCkX>0A(2cLki&)R*BdbuZLdN&$QAD}28 zAZSg}j_2Z4>d6yTxnkqQNZtNQu-x=TDhw+%k6K~~NfMvLe6Qdp8@sBvXF?99eF;$c zc6PpDQWi%Pph&nW8Sx3l0nF6LdeM2sDz$ZkhUogQ_Fhk1l&Mh<@>4v#E);Nn(^bLb zf{thHLaH%|I{-U3^0GZ%`Z~ywcYqnM?gI$|ggun0S4fwX_h;~VDw01f5#)z@OwYbb zBtqNwA^t5#<-4kIP#6&0JLDubr^ddK-Lwqv8920_w zh8wUM2n3xOyxc4=T$UTLeN$Mfe!y#nM#Gu7vBb56-#>y_@YtUyb4-`!_8gumQz27$Y_ilUh#ukkLPL>x-KBmRWGrKOxG06$a4Mpe%LFxm*#; zME}XSj0hpRNXv^-Z111xdg3fBL}W|zXW_t8jLWx^sqyAmg;90^Aa=P z5#iDrKP@D@4++Az_xFI&0WJt)b6sFrki*>PkpeV0PDtq;lpD6TgNAChwkVW2&<7z6 zgC7MX5Wgh*+P`Zrnty^R@4EJh=w`H6)u!owWt5mh5fbu!WCBU3F*6rk;K5?DWLIN$ zeAJMpOmh;5SFekz4#U-8mBTVU<`u3-z(rTVi%?Ou`nT|?ha1w`(~OWk6#?zC0c>WG zI!w?06AoNWV7e-7IGE%SXFobh3RkN&h74sZ^_hHA7_y?dCWUa^V8WxlRGoFt{qrA{ z*?cdf7U+B>@zTugN;Eha$cndckB7P9aAt-nkD3h%19~PU%G?a;drgs(L9dSwZFBD4 zui0H$i5m(q0xsJ4_M6_oOOtIlTOK+iykcT`}E zX*SyWty#MuB0qE!LF0S)za_slq5+j6%jssCV+^5^HB%Kd*IY(TcqmO#Gb2-f7}6Xn z(S64vCRaY`e1KXL4Y)~Bxi%kMMHa$~RypkTklEowbH$40{qO?|5($DEMs*|a>#s08 z_G2O=D7DXstUZ1S77{`F>~@O`i69hx4QXjN?KU^d49>D0)`ZukS0Ewknr32KXg z)exYgeQ%i-T=xmGqQd0TJepdLFw~?%O)MlJ2X1#Nk+9Be^qsuO$~FM@uJ?~2Tapls z7TNcZA`osIO$`MVPxi!iKU-I&wUwiVOTYB#+{;G6fZX7s5sf?jL&UZks+YYq(P zddb8#^PIR0KF(H0L`c^AUJX1;GVz`X62eK!MA1%NbPRZ*YPa{W}g<3x;52I3C(>fnV0;%<{B)pQj5CM0HOMJjrpB z{L0a6mYOhcNrkP;ZS+R6t|Q)he+am5{(f&ks271rGoRb${pP0^I3Az-?}2Bvb9K7)V*J!B(zESK+8$m-QG^z517+aPhZ=Rhiv4}T z2FZT|as4XGP`uU*N4{X=bcLxQQRo5+>39i&Td`279rPGpCl6cBQ{S5 z8JbCY)sL!8qqN#+p6E4yl;skUxD%YxIVtS99aW^;K7!d}Y95G4D3KZz%7ozaV z20nk>>QBFN*xj{ial882tc26OmT%HOsN~xk5gRXWJfVrjgB} zBkwAFgY^^gz;g3@qpVo2L*}9X6C&3UaN*jP$L}mlI(+4Wvh=b;a>(go)3X~%)%UkG zI*Q8z$yaY4N;GBujd996!2j(9_m-3&A=CX&=uM98qF?6G^?agopEvbJD6W%f2*74< zt$p|Gg=R$*)Tk@MLo5P}pTMjvRKu5Z+Xt&teyHY&^Y!sAUrXn2>)$&?I4|tMpcML#U07InpBCw#JzLq03Vtbdo zp~XSK7ni*zbucvW1>qzkd*yQnL9&E7$-R-qR^^Bx0kDA%93JSE-4C3t*oiViTT*4k ziJ;-Cv#sr923Chzq}3~n;uF0*R^zzCc3~lF6JG*U%O7jq`p&Y6+g69%))abOUQ9?0 z-|f&#lvNBjpQL%MPNhYVX?>Fz5dvGn0z^7_^<;j^R!jLGQ_Z?+UNZbGWCy~Din^tl zV?MyCe6W_hcDJU`Z4P`lUUlkbhRpdQYJ`E1v9(}-b7S88TO!an+#|nNzUwV5nS85o zXi}jHOPM;zX3Bg%itjttFf7oO{nqqey628tZ-|9}11cNjq%lb|fDT5vJ@8Zvw^W=RT;i#+m)85NP6tL-*Y^M^6CtJsRHG!W%`H zXqgm+R0skXUF5uBlrT^gP8UJWa3L*;Ruv46nj|m0>LPXV$T-c2+W(1iT=Zh|%N{SQ z+a-NHfuAFbR4S_*d-K_iagq|r!LNJJdnxBiyny6I@j;zQA2MUH3epygFYk&UMXCBt zCf6}~l+}K(EzS!9F0?92rU9=5%33h0;X)g~qb7yeeag|1sJ`qB&{cBJhZ|a^%KHtM z4bxVsX2sb1iycr}Ht`H-U7yn}-JBnH3;t-ab=k2~ZpujDL@(Q*MXx)FgRoinMG=$X zEwa_7LfOPR>`~**jfwnYg5J(T?WV}}`$tX(oHvsLb~@^iwxc^QpcmC+K9zv`-l zRx{TQvQl%(|JssT`x$quDl$R&A6F>(0n%K8%UdC1FXEGyco`08y%a65f+b-hsta>@ z;_!&AMt%duR;XI`sd9)$&t-8;swFhi##n18MuK1l_io3__43mPCNGcLui(q0Z%3>~ z+b;JAo$OHChrcVxr}r5>+2Ywe$W2lw6_2+TZ|jX0-9_?LdqE2l**g5(WzpGiBoabl zpml&kPs)!N83V@M4mxtdCn}Vm)Z3tHcC2>=dsKXV)GY6OsT6!O<&A7Ljm!fc$zT&w zkU7UCwSU6^2oj*1&!5k>9(LbI!eXLNtbdcjD5OIGliQbTbA~NaGRmoM0B+LSUxFi) z#Sw=c|KlD5@Kvt_tN8+CHTUqYH&$mSXQ=`HW!_LUj&GR93U2#fDp$g?LXMC%)h)Mo zzeTG>->)yo_RCe1vaYhs;QiljzqFqg7`_??~R0`kKn~%OT@p1_O(JFm4 z;lzJ;DFc{(E|O&qi(qC-nx5Lv7Wbx+k<3&b3|_PdqA#uFwImZNii}5Z^IA| zMv5#}slW`!v5>sF-)^5bAu-@jZct285^pn_fInR~Y8pEfFH93VHeDuxPWI2aLj0H5 z{pph`7K!W-R^qy^LA5@B)}b{8;-OO7`k-hArG{~gr5TXvv?}!uFB_0zF9$bfk>X({D)BQ^A zOC-FX4qZ%w5Hb=8{ge@I;3Ns#dSs_w+-5E~({N|Bh3jQEgMMLQ1=vYsAG~u1{#4O| za%M{x^*k%xmZzSjlJBN8vAi0deII%7wV#(&lJiK;#=ukk+$MGC=YjAJ)HZdi|QNmTJ>pnXlop_Md2JHeDyiDWR$uz264Z#=t3UGrz| zOxOvEJy0CGB9l)HzXJ+m7p{QVYR9<+zXPvQLh@@F+*bl)20J~1p%UMbh9ba-;GAkfR1Y}U%*?zyqr zOZkDcSp2v`QLq+hX}aDr^e*qBo+-D0io=`7>}QMuiAMGf>cXpb+hN62!5b6(4wYgP zDt}((s3Zzx1#!Leu51-mvP3{M*{MR2*0}{x+oDb$BZb1-f1Oq_`_G04Ss~m#M^br2 z%1hamMaH(W{)jAnnX+$&{=?a*O<0%y3Oin~E(wF6cwk_%0uo4Nc+ey4h;LyNx@bo* zoj3khM6diY)`;=Tc!Wx;6z!@pRfTCG%My&MO+;pD(B=Tqa<0ObcnS;));CLp&?Y+7 z=5#9?cLeM>p{sg;pVT7{@7HKj0DV!U#E+OxWS&IKP3f!r3kluq1qLqc45AV@p6dgVp+HIOpDbvlZ za+M&b&lT|G<(Wu)kRJ9}EY*Vf?N|AZ^N5etlwFd2$18bMY{H2;PveOsbdXx((F|xR z;=~Z=+nzofq31LEXRl?b>UU21ZVpF$HYgm~G`sBi19m&RGnNFfY_`X>(`s!RHA!wk zqnjZ!_%SX@{DmNoS`N?346b~Uq_1l*clO)8KlwOhVZ>9K#ZEbS#TtPKNBLk_nN zh0~rR9>i-zv)l#3?o)ngZXecbWOcm>;i!Y91oaJOh@;&~4e2Yb>_3Mt%<4?etL2g=z;(4a zq&a^(zR(1-4VV=vRR2`*j6$@`e;exa#0qjSg2tXKL{!-?D=(wiAT^#-r)a}B=VV3& zGZ^nO&I;ClW6}N)hTCs$3B8ytW07cY7};2n{=M-cVpIuFWxQZyCzf$xn(b1gC;YLm zPhqN=624OrC4|#_hCl1kQ+%s5A)ECgpJnp}$KVW3c*IKW?ZcnyrG7*~s|~K^CuWsm za!y?9t7a*g?s-eEW+o1R+{ zqF=kb8R9&QS)A_@v$gNWe{hOsr*6#0D5zr5VL1cAo@>}};u!!V_ov_hw z`@#~P%eq1j95*VM^Kpz_uOAfdT+W1VRNV@z{P}8yku^C?#!txv9O2M5ldJa{B|4w{ z6iv32)QEj-k$SVf^1k%rw+aRr5+m<=VM^%d2W)?i>rAkkb2#P$uO{5!N0pfzKa6Tu zc4X?KBR%@bx*`#%KzHyqYFXO+;L~Mjc={wVS-ScxJh?mj6x=O5h24$=Z^}O|^xuU? zBwd<}!QH+zqsu5}`gw&!X@IcE1Mt{4bsNsH6r@1jkbtpD;=3mhN|yc}iC}wrgSl3K zhLEdlCd@of8-}2g)Dc5!+tlT=sb`ycAKMMV>HQ0&`%)K%`Ub2E(HlM|embk}LzT!H z$G?$%atrp_NWlBq@%(sOO$r8evv$cev@MhN^`{wB&*=yKo_}=%TexS9y}j3WBmI=l zQ2#8aUfG!>@`NIC@;Z_S-tQb}qR5r71PW8XV@-DPLZ<_A(+iWuyGx>*w6!Qwj`PvC z27T)V7{Rg;;Oo1Bf%KqkB_TDIY`#J%&l}W zpANA+t7%o3AF6WkK-rHEd-`|U4V9ED>(pjm{BP!pMC2-zE;k>X$VY{MB~<|7g?^!} z6zdx2Fz7KmAtBQCz>F9tYwN$G|M;Wvn_~Q__TnqH0Q=!3oSgJ){WolXK=bj!P@0kU z_iNq6yv0x!VmO^?p46bg2tugJkrz3~QTUXr>;?XU0cLsw4rd7tf1=@2)>uOb;b9DyKe zSLWmf6Kd61hh&?<8-kpfcbkt{zJljh)(Z$X#JsS;s0?)xzNpPh29JJ#odbvA z{`5j&8e^Tq5ajsbj8REc=Ce*o2`G`Sb~laAY=1??c9?28_YNNR_#QcI_${|7yr0W}T}l zTFN{+}lU)ULkruqN!U#VuZ2vcHAPDwHVu-0<#-Pw##|B%&j{-N~)6?!MMw7$dm_1Y^DQ{M)6ho2XJOU~nf# zFG;vCSh(&j@96vVUnTwPJ3e4)u?OAtn-hU?FYMs>PK6Bv;)E(ReUAevbcRE_`wKxZ zQHDrI0DP_j3+we_+-8Z%c$=ZkC*QFLG6$@?^>bCilXOjXG2!Lo7hDLuLZ`Ba$)^ty z5-v}4AzR>-4rBtj=?W+_cK_o$AhwH?*Yl85r~RIm5UVh7d7(x;xUR%dFgW{zyBwuZ zh_em6dZm5{TP?0^iGmH4Rd2+&@s(udlWkOpKWx>U-t|+9I|dR1kCX|Bdx)h!q}&El8{~dqsk>HF=2y?tqyu* z_}5O?c4FUf3+(59%5yH`JOS4iT;VlYF+!dn8%-)0eUU4?w#3zZwr--G$n2?>QI1jK z_j=-6%@U~{2R%bRqBK`%$&by97H+X0dN=XwoafXtU772;jcr0Bu*wBnquH!#2@|-C z$&fTHOk{Nm`-#TU_D0%s9Cq6z`qnS%t)RT1Zv&xl@eB5PGC2n7cK5{Gwo8bvC@8e< zD<+jG%x3pPfUu`f_T9hqcT2K&zkzhXO1M)%QiR2F3y`f;yxPD}p+q(+lj8lvH^pIT z(6c?EjJoHP3lw>HaOiT>fd4GJdCU4~ev7jFs0pMjQp>NgwDXw%oq*?TX`^f|WZ<+= zFidUxW40Yx{;waDG1^&QF6^a6ugmQ#NT}2P3EjVZXOwADHDqI>imlCf`;82wDRciK zR8`fuT^RB9B)ai24PEm5X_)LmJQE$~j1^g)>Ow`PL7!o0Y3LmPOjMOikaN35Js5K) zqPaZm&pW1UUVmpE}OqQC(zNr4eEwMm~Ia8~*;O7tX4Q@35U{X;>;-Ds}5c6X@;7au` zUg31Pjx;(6lV8nt5y{w`#iY^SrLao+`}p;p`0}0R`8jP=d!n^!B@K2@m72+PC-=2G zb-zV1vhA|<^7(s4@h#E`F(M}hZl6K|du)bebm@^)urx=zhiL%@uLNu0JoD4fs{pAX z$Z0hhKqjd36Pm!-!bM3Jgc;rFCH5J|ds<23^1o`*^hAtwl!RmP^q#n0#)R3}BGLZ> zOw{Gz4XC_AE}*s(JmYbbl362uv359<+>u&0M2F|Gl(8$3oIe_`=^@BC_ArwN=lHhY zyxL5-uZV>Z8+@K2*aQy`Uc9!OM-XSWfTY+a6*nv%B-IV+xTQe^K-Z zUC9vO?Y9y|(#I|Roh)GH_sP3z5T9Gb?rBa0;k->OY7B3v_F3(*pZr%TBhXOy!a^M# z_joxLK>>K6M6{DhG(8V$bZ@$qx2Tl1RpnwL99sen6IL?5oOGGeU|}y`!CjQJn;b9? z)*q$bygItY+%b%-M;Et&?SgZ2`Y4e(>RvK-G){Imx~ngGoEnzMLp-*A1r`|pMg#SZ z2ck)kJow^Yo%0r-R z{p5*9)!S^E<6ubPS1b=S#zIWHu^CXy+JNZex(5$lMJ26;^_91+r(Q zOhAUJI)FgGcFC91m;71yl1n-in$4xOcCKnT*CCDf7$Z?im|R1pS_VH!G_dTZm(sK9V0)N_2Yl`y(2VXA&#L|E|qCyNg-L%=htaAW8cCVMl#;BA%w#}BW7BtypsfAjRL;GfN{1JiY#CD%s zePsJnXeOcbM&XYkVTp}5e;RrCKdnJePqMv>goTOxz6Epde=rJ->zb#P8A&#tk19=M zerrQG8yI%hh&Q+ZbWr-^xg&Qi2l^pG1Y*~J6`}KG zJ)uSoPzf9p5TSujaj`#T+H@O?0JM3|ox`JKSX;A40A5XI;9IQ1%K_GG31m+8<`Q?( z^FJNW7GPf0I}9Itvu!t^v`O4w$VF^TzT}flxUfuS_aOiTSE3=pt6CAF9w1!U&qPW1 z?FoD&`%_Kk!(+Gi3MXZ}o^cWEH<5+&B9G%cV}Mw|K4tbCG^8%SlM%X6+}~ezc8BhH z5wjOa5a7{;CvqATWHnKiFrZQ`sq*R7#n7#N&R|TZo2q4wNdS)J*{E-C_BkYA;m$e; zob=`onG333u}_q^F=DMU)lN8GaMV6mIq0ZDTuIDCR4lC#-hq^F@$lZ1eRRok%w&2& zdpy$;(jlTWvR&doHr4RXeLgiPbIF8r=Ht!1ZQV;Xs0}^xq=P$rQF(nyicdGUnc|7)x)L}@Z&ukroV}WVV#xSf z0Q*8~0K5A!72pJ$f3H+y=VNorVa2aIXnI{Y1hP~ZoCdsbnRWi;LdLz|AhGe%V+d0E zV_y0O3TrMaR;D!#;3KI-Vo|uQ$(is8G3067z1Su?tGz&G)#n`n))F zKcrsSWpQPHe%8JTMf>MLFsg(gjj%F)5U}VfrM1nSU?XmK(tkZbJ4ppnnilaIw&sTZ zIT$`0Flf~qOd;XXB9aKh256$MG8q*^%C?omBXR~bb^|J^8J1Tvd7YMewfCvX&? z?GYqL>4zPmFJ|X?FOczgND|R9inyQ6vs!)RJX|F6?oyU|QXwBhX0;S`wE$;ww5_y& z+jksw@lfl+a@11|@LTW7@DTNzM1@CWbH71wgNYvN4(9WuB#M_y!|ekG;bB7%jqPFL z#mi9c4H6}gd=1Mk{sLNb&O1Wp6dR{=6pa;EV!=f#M=g_LalLQ5V1n`>#|@sE6T(*B zoGz0>R3RiG9?W*{we$MMB4#E@S;(Pst&MBfLw=-Lr+YCOFNdaEK+KPXtX<(2D_vj?Er}mPxPf})yj@=Kx zk>VaG~QT9MMjiy1RBtARQhBB zm7rKPK_j(Fd5Z7*vAjRg$_4yG?GOVvmR8>W=F_z2(Pb2 zS?ttuFb`6`Lkk3X^@%XXn^EJGoVX`>*a#I*wAk<#(eN#o1QJ7)@`+lf>GkPdy!c^f z!YwoEgbRe_;oXfc^|Ef*bh3WDhqXi7*JLNydkCU#P468KZEIKCs#fuc6sC%oc6j?% z#Y5djka@awl8qCgc(q`Ilp_dH0q0Z2KO2<~LO+^uE@H4xdR|K%V}+vf_}qIDIQZB~ zEKMoXtBddpsO5hbwmGLJ7NeTmS7Q zb#Jt^E%aY0p~tu{_X;BeCTjacopdeHQrD5RS&M4yKZV?|v9c%@(vcUKX61sSw{L3K zRfs^b2tP=iRS9`9T3KjWjoyzgl@BrX0Zn7mU53lM4#S@tcRitQS+!Gupa)KJy)ZUY~;+TcyO}I%*gk6|lF&-kG-?(IB;`u1cmbW(7NN}M1GH`~S zTJO<^$R_F+jo;p(4OyO8e(xu_DNzUc&vwVa?DY`%8Rd!@OEG#Vk16tmY0v$B+gxKdi=u1_n>pDIPdJdliV{L2(ZvW}IqyRaNNNSxVOKd` z*(T4p_LpPrp51wSXHV4doqJ3;ZUFl!n*+pBvQ$C~(mh8N*p&E|L~aHB!07o7 zU^mgnVTw+^3NfRs$iiU@P@$L)XX@KFn73S9_3j-gu3W}PmYJU4zl3yOLVm5^D;^c9 z>4@O`&YR!#{ryPOccUsi{PiDGK#u+R$HKr6hUZJM*tpd)Hj~Xwl{dawWuAF?5q}z2 zD;c5M*;UHiQjZMh8u`Q1h7++dXL85T2hO%43~}}lQh^lq_&)1paxnjqc|^#)759VN zFk9}}_V^kgjwowP{Ugm11jd@vUnrY8o5&~O(&XG`{X;0I;xgkzIjeD|uhOn)EMXtq z16UkogBb{YcyM=Y4634I|CL2M;P>Tkdt8TGIw4d&@OVV@MvfCni%c( z;dZFv>c}uk!E_HY3AB*59a1Dg+b*Pba$0j;9-tL}z9LA{yqn(rz7#e5NA;@=;X8-& zBFz%3o4=8DrQa{;VKA?!WD75vTTm>kj_T;FR+{_Abf{$Yoap2tv(!&H)8U2(ZK!8R>o0~Mm`L#BnNAzOlnT=k4!FxvF3BZe;kY)KJL-b7*{?_01kn0vd zPKDnGTdGp&gzc%*qX`kCKR}$;R6b*|68g^MPLdQ$G7}VGGM2!FJWL{lak$<)$%Y~Y zkp0=pc-(SO>r(P-gVTn<>9`_sOA#&`5f$eqoeb+x}f`*~D$2{&jkY;ly{9}KQ z4rEsP#rJ2h1?p&_Y~-UmQh(R@7zZrQs1CWOyK@TH21YIX?g)#BWMStoD1H~%CID6X zmqRNvSo%BX%`Y_eU?wec5zaFPZdj^jA1M}s%UNp-oJRRLE;mFf;nrwBcDJ0!W%2!# zQZ^9%1X&Fn_P0@sbl1tuDFctwQsgCRL0MAvI-Ll(el_@kOA28np2N%{9OJCB6~@dn z>toQ;`u*rp&#WR9md}XyRI{qJ$j(iVTD@P_Y?br8ZBz+q0fQJI9QN|s?od2q+n)9Ua z6l}39`)f-YF3y3{W)Qmy7gaAc4}Ji$@AdV@;KcW$_GqrEU0zhlcDM`K-GO+rnQ43M zvUQh2acy_lEk?|)DA<`?{ieLivM&ibGS>b#6DDMRRM*bC7)Y zKO%E7Y%dy#b!Gl^$nAW!>#IH)Qs|;I^8zv8roD=KdwpR79Ik-4UuAj< zpBhrb+2VT z%Bq0hB!gzx7@sm-w&Mn@3Ip0ac@IrwydlC@0>sWA1_%Z@2_m`>Wny{Kw-HTO2%u32 z0eHJ4IeL4-_S@ZbV0xuZJjm78XR9Y9pWextOsD6dh>oE+um~JS@Kq2sQRAJb!{F3V zG&d^B(K1|xZu?u3;K=KT+=L4px?~`#$IKG(sZ@LS&Z)!cWanbk&L@6=dDu7*EX?6W z^59gHA5GdNMJ;yr79N~&#om^KmymWYRWKvnsLF3Uo2186yH<0TJb}>Y5oqeMY~Y3k zLFYQ09qXGy4#FzFu|;fhef6u`$D7cWADKs`Z;K{^V<{_&3Q9<8=&Xr6K2pgHxOL7a zXr=m`j-RMRiZ~?l0*hO@cKjRVB{%Z-IRt8@-mTud-WTE<8OV<_BwFAaCRX3DVjX`m z`X$F-Sep~;Ph|3&mbN&eB#ULD1qe*5YGaCe@_Whvyv@5=fOwYnXC?=e5I!~uhcKX# zIsI*}f>h%^hJIrny+7N%E>ork6eX zaTtGrV^R3=E%=;_xtqH#f!fNP(291Gd_T zs!V5x`vXqRw!ygkBXVmk&53k`{C!+@^uX*laO)+9Za5px0SlEvVr!R+L4t01ewNG@ zUwOVGwpbBoc{k8keu?9`oO@`SX+C>iWIa?ZJKI(nHvfeUT5F2NU&E4iOVETyBQ<*XE=W zKE0^BUca3J672z{55(QzT{|8G)a^M1(oQzWGKv{NULjyn+AI2*+%aYF+c?IJB*(pJ z@m*{;I-dM5=bXnchAf`7w|FRi^*q^`CvNw5Tp}aSNlJvj#u6$L4Mp7vrRQ>3-8LR` zV{~c`q>$P^vYnVEbZ=M+ z9G(B=9*AC1l7pC~Q)XShn_y9M35C`KXHWmqf<3-+n5jJBf)SV>R8Az&U)iOjOo|g^ zx1mdSjsZ{rN%pfN@}~x?aUB{P_``(fY3cx3fh|7crc*1s))Q;)mYJ7k=(_U~lV@vaa0eJLLcc@8fnH~N z3FnBW&XvAv&Kg2GVI59t4*?dN92D8^BE8OjMOx0`+E zGTNw@a&f%S9-k#QqyYCh7;bsRC&vGN0-7(>s=MbUVaJh(<4Z8BK!zU9V?7%YZ*rmT z(MUBdRw%Bp})`32zTZct|5v>GpjG@$B*CNh!?YGX^ZI@{{N zqk?EUMf^j^MjSt6$4v5~Xmfh@>de1fOMn@y(Z1n3knX%2r9vlYZB2N^DPF5*dA{Q7 z_ZSVKd^B#VrW4Ll@MLdEUw6uLdmGHL5Y_wDaY7(ycmkmd0hb{f{V?xbj~uP#e>!YJ zN`Pq;sURHNA6>m-Zm|!wW0!-VoRN@cdU`#`sou zrzd`tnEl(W;3@gDic{15Q#(ml$Szlzs5fVo8<~*)KDvNYgkbBu%@{Ur+@d3ln1@T( zde7woxPUO``bcI)mfF3`rA}eTI5gXF?FFAMzThYQ6ug6_>qe|W-E5m=2XHLSY|E$VF)-Op zqpW<=`oUVmELvH%+MLKhyWvecDc=v+U(7**fKH-x>Ecb(lR;Cb&@BK^4I=76pS(hRQV$tmlz|JM&oPtwQI^v!hvgS-_IWSaJa{0Wzna6Gi{*>S{>6+^`(I8J zQ#0(@?hhD51fRA$!q9uyY3>Cz09}fR8d4jJS4ImhvslMDu;u;RZ`wkyEy7E>Vc^Pi=rJ*xfvmKh6YM*FSp4E6_FMOZJkVGMzJ;!kjU z6ReVX4`Omx!giU7qltu6qbmn?;?3BCN)Go+6^cyCME>-=he z@qo8?zslWf>l9|g*WhvuL0>Hsns2Y%{6x&7G2ag0&5 znM5mP$jg!vZ7*1bAQU$t0&Bf!F?)uqUFlxt73m1{MUIF=)1iO znI2c~k5rWe5g~m&p4ErVet3BvPJw{A=mEbA>b{>Ef%8>3f%s1(ab>&dQDgfZMlJS0 zmOoC@0k`3((LecA`{{nzc08tpC9`Ozp6E{F9AW0U;o3@U_sY@>(8%yo$g4k~@r%+!0coFrEX~GI5jrgf~h1`3p9OGt~?0+|SF8@64u#bOdx%QSt^IBxJ zyNXCcpfL#Ptno4sY%pduxI}@wC+)p1?_>fzX>VjH^&N`N(*&-D@2b7Ov+`Zbcl^xk zpW%vyy(A!aLbZxF)N7uogxPbckFUv%V(hZ%K;pLb^950Iqgg;^JVX0Qln9`YQXTyv z*fJy*rfocVnf=DC8G!e3veCw|DXjPB@Oome=*5=_n{8NCQZ*h^RC!>FVsa0SD&K%{ z4^9;^!wAk@4kD%Ez7Hjr3qc|z_;-R`8ZBLV0tc7`Y0H>v-gQun-V<-%n}PcuD&3 zNq|BvRf)iGXmFBG<+zCrw=Z(+nV6@aXi8n=y~vy=#N7%Y?18=+oz083muR0Ytl5`KKL{)0w`iUoJvj5Yk));n|AetDh|+ z=YpEAIOncum7y}MlWtz7_vcMjRvd!q(C7qe<$E_TS??PG9cROf=3g>RhlhnxHGog` zdolqfeSjeXG(3qHKA7|8M%B?qkY1*?O(0vf1;_4nl765T2}moL$jJ1rHsY-mrvElcP`W`sC(A)QvDJj-w<~;lT)9U2s6myrAdmf)vFOSG>f9O-C9USipU1(gr z1HHcoTzHHFu`+=K`>QW4kVi<{Xo0^IxYdbD!WadKLt6j4fY36l+d#+$jWGT^7C#Ch z>e?~e+;7Jz5L7VO!E(|u+a_i&3Lk;&?Cyh_&HZ#uIS~jmuBKM2EcZDok)Il&ick#REiV0vI2Du`${U?Q#O zO>z{GwJz&)^lDI>w$osnEoq^+WQGfM8oF@#C-y5KA`)bR7jXL z$CN&>zT}I3@&^Freb|NKa1)iH&U=4e9J{NY2C+(RHVJ1i zNf2UUUMO=G%D@+gNxyMDTb&Z8h|Fri2O2VC@gXw`z?dcQd-?9BR@)cablD% zHKPN=VZmU88mHpyn2zwc8y&Kx%X3F8WnF3c8lQ2VYIcAfT9?(H z<1>rOgck~f@J7-&(!e~8H>g%!1tJxl=Tm#*X$DNiQzdvxtBxmd!lXvkc#3^&(*Ih6 zJBH?%yPUS=_Lj@pP`?w5pB;*vTuf^T&Wg`C0S>Cp>Lo3<}rBjz&;Jo{My$?JndYi^g-QxJWbP|ixRqwkz z^;#TM$7r(KExi^SomEjp76uG{-;!zkRvLlLcUV8ly1g&|JUrOH!a>+mTsKinEu*>f zzjYbu+uHNQo$y|Vq`9;a7uhxY@r0zv88Ph4XO*e7A4t?^_LX0PQIBw6j7Ux&=4@p-ZPR(4z0%Q#r$v45IiK$nZ4S##KkeiRAtFNfGT| zBEy3{y={Z-;`#eword0cg&@~3@yFnL*4A!O3>%Q8erFV6zPl@aAO*=)u#i)hPM7)T zR}_%p{+{ESjc1Kfa;|aFDE{HMHaE;{R@Ci3Iwqc7NPnb&SU7&|nWUw={hi{k4fG7(`)s`)*9ogZjDIQ^SibJFM4HT! ziw`_UVma%H`Si<}{-0xsfDg;;Cad4HhHgwX)dcW?qu z>Jy6Ir*s$sCeFiIveRV%&f*DxeU|$uaQc3@g3W<13CN>g8Ix zy()=&a{t*iua^OYV*X}*A1VCuIQBRonO0$QIOAK|^mYzWsPO3%H2I@(vG{y+j!r4| z00kZ>oPgJ|5V)+_@sEAX&=hv+y*Y%X9alE|QclZqGt5<*mC2N5kfv~Wo}HhC&Xz7B znvTcUtqJJM4*syLjv6Ao5ytn*obf2LY^5IXBhd!i5zP%6le~K9eZ~LsAShs1#Q3V( z`m$x}dX7YbO^HORrPgfC1h&R7iG2VAmI=!Jc{&}d*8sf+AZ;kamKK5T5mE;Lx&WO2nlSO(y8{)1YG@Flb}wx=NO+-d%(O1rrjQT)wk`l_h(X+!SK zW0$}Odf7mwx+7x5>kmxqVT*VNyJ|!nxpu)>+N~pQft#dV{#V9xAim>6TS*xuo@MVe zLktAXlMCbfli3j61q~fNQPDxgwA|Mih zsxuPdMK+Xe4NnOlEr50`5OCOEG_K!d2ne$Q=uT;M&Kfsg3ZBG`;6qoBn-2YCFd8T) zjoJA}_DJ`|8MfcR{!fqlK5dA_;=Q4%XotnbTtwcv)CG^o%e!!HYk!G8C6Ep8#Lx<% zshq^lWDi#*ycyd@*5?c)X%`##zR}E}<}&WTC5~)xh*t&Xd8IhyRu5O>URP8oc}~Bo zZ~0q-(3?}UBGdBQNrccG)qaOy-8nP4KW0a^MBpP8fl^|j(l4#7W;dRy#&~r6mB6am zb!v_0yrWPBnvj$q3=KkXl}n*Si%g4k2S7dbN&D~QKZt;n)#4l5*JmE<#|Q1Zlljlt zsPo!BE3<8_!>MdA-+D%-b1hJ2k(b8t)?Q6M$pI+|7InpTBN}aR-U2_Dr^YOdxmA13 zv%dgFt6b=ja=R*-Vd&dNZWNAu1sDl|`e0ZKD3|xD(R@gnkc zzA?kyW{40#>`z~C-LFbK14h7dV1vuuk^7=nw~7b}DSPh=a*Lb!V;X!eP~ zpe*07TcUe?Y07-XaboBBM{Rjs1cuQbNf5K*;Tp;AmZSB6Oxn5oOJfMXd$T(#r1D>2 z0~n7E)a&Hl{x+WOhKBHrX%6KqnU;cHy;b?G#jjw+v__v2A)cpm@g2le|>ZsjYe|WOjfGY+^j;hMWi1 zTv0gP4%XoY#CbJ}D0;=jubw3#Thf%oJT$#gM0?CHikg21nqm$Qw#RFwDBal9U6N~! zNRGuN_}DcH+r(C_KSh|Ad<@ElmfhEl%V@iRh{!PYfg6+)UNM1T(f>~^$lhFxdG}~Y z!Z}(7RW#IS*>Swv9;)2nB{X>%`b|9$-OMXYnKoDMpQ-Dz&Tm4(KpM|6(?P{a^K?D$ zkX-Fl E>eELCW4=q+_FD!XRit@T)eHEQ_F|s99?y@)qL;1{!E^y02?7e4nAH zl>ax4T94xWg@HhVUlC^1ob}av>`JC9?h&fFqz*FeQ;dAhFW zmX>#$&Cven#nNwdf<;f#Qjy+pB{1?_&3q~M=@Owy^(E82eFWZ$BOg=mx)c_7LxS8l z8ZTX0mPS+XwKiaJI&k!?0YK9jrAbWh&(?vQP{x#Xpqa4I`&&DjLYLod(+Aw~4=0c^ zq@IU-RV!?ILe-D2%nCA@S3%|}rw71L)ER%1E`5wc{jMxk#SY`?42DKmstitK#K)K; z-~^`R4uBDFala%z-=QYWFEU@`^DsEK_82F*l{NJy7MMIO9E+uXm)=b_|0gXV=&H5} zQ=Fx*eeIFKcA05{yHkoCYKeY;9Vj#Y_kh>Cvqz&lAjKoo{ll)#LvGG=!Mq1K6e3 z0y#^*{x#(EyxUuQCD)#nw-dnr%h z==^+aemQ67uhc$|YGN`Dfc8UyeE_02lm;*DWQPuqMix+4k{MiQ0j1&h7Vy;J-;OPA zUE#bKoNoFe{-ZyHT%$TCcT&LLpOeAAjR))Hd11&jPQmt! z+4Z&iRuRna&%g#e3TPOR}A{eIVVtY8C`j@NxYvK&Typ7 zGvD2ZL&?&gc#|=71%%Vag_Fb{<&UycV!duUWvKJW-22Zrbe*0wFGk^^^8sAY`6eQ! znn!ffhTRAS?S`)Spl}@$=Mw*c`|y1gpF%bdF=-zfqOb2BIr!p)%O0nZcC%N&WcL#%%1(lEl_t2~A%6h5P%(6w+W8p(+BJNZqMFP}081@$Sp42~8PO zg(CFIO?=*a**(c6Hj>N%@{2LN%mothPBdK91#qV~r1q&!u~8$B;Wh}%RUJ#dDPpiGL>dqjxYvHs)NJ?Z0Xm=dz?)UXd zK z2gsBX3G)yF>$`|Il-ajQ`{f44maCr|GQIcOu+Q4XW>6R9#qRk!h`+(nY8lE-bm>kKc;O8R|6pXYQZ- z^nUuoWIf)kBz?(K6XJ!=_PH`?9X;bQMWStL>j#B8ZbpK3e9G?(QkF(Kg?N~$lIbCd8iQJ4`XdC2AnQ$TMV-OOMHgV5H)DG`sbu818Y$1ae z8^lZ@B4sPMSFSUT3)ZKC?=jKGF1Wbgc-|0>AT_UnJRLf3-X6S;yStZlovHd|r?M~X zvI+5b`mLeKVX|d_LQ;cWqZ)}PIOT^hM*LLq-%9&p%8I}`9WyP>-8Hr-3Uup-1v-+~ zmv}Un*yTPpPoU@4A*T34Bh^VrJSP?Q+zbbt;zE2CMbtj`J!=Qan}8VcWxjqn<2h7% z$8f(OcO-cuL6Mate-K+4V58P0S!CmEKb0e4x*1_-L9FL=zWx*VA-HqFJRMO;M&!44&=A|dUqu&SKppE8 z65r8u4~DHVptW;}GdibfeUGIp?@kD3 z0~7;fI!f*4()(Fg__TDo*BOCN#{l*#+*=Zlv;>dI5B@Ro;FIash*lL8j%=xHyEN}!Jzb^1lLguC@f{*~@@ok}Y6Ut+&`&&CMGTp~9X zDTbSzu+u!|4ZQ4X9-S^krYl`1xeXOONWJbhfvCe*bXIw&7{WS zy?pH;Ip)BQldQm$@FZ#`5H{a0L6tp<;ftS zb&M{Y#pM=zZ`?sea;1bZJWSJp0DCaEob}A}6(jxG@$(AdbP=rdMQxPyuT!wNBFRFN z{H(-Z6Q79s%3sy_(R3d>00AYCp^NPuV&_8C zCjJfhC0r+PO2`ngb zm)#n7$t3D8lg8GzKA6}ki?uDwerjUZ|M&CdfFDb2X-NF_v7WA0yp9oVM(z35{Dx0i z;(ovBFHv}+{NV!$8X<~MIEl>{FRS1K*8^GCC z_M!SHD5akJc~&kBW!>4vw6~0Px-6`5kB;&eqJ$4a;@@NKjqHum=x0A9U^=K_;W#N!|vUb-~Oja~hQ=(*oV*$MJ3GzpIN;L4B9$l|$a&5~4aaXhxZKl^Ja){p-r!p2UX%l_wD2W!&8gt6Zrnv-l|_?%Qk1&<)35EB}BGy;${A=%&P-k$S6mw z6ypnpQb2Ti(2-Ak7niFc9X+zIc$e*+q0Bq;VuOA-o+TO^GZ7t1p=@vG zw!ciT#9%fj72T!*p$T&LdHx!Ay5n7L|KnDBEU-D(nb+j--|Zld%z$jfN>lc{>j<0v z{pRU<(!lPFb9TSw-}mDkUbJ=CfF~Y-eL5RwCHBNm!cluMG!=UcS2`1(x3L(S_halK zK2)u{>ffWo%|XYL$`yTUK~d_=J+wgp>ydvBnOYa`xUxxe>AUON#tbexzmopN!KaL~ za3FPZ=NrQ|@i&y5a5&HzF$>0X;JW)4?qM~m;*cg24Z51mOY^7gUNq7N_9Q_Irx0 z4Etc~!12&@>#ClqqYGh1)Q5QGzsV?2t9*wsd=VSdRl5drADMJ2r64qz1F`^Re2TmPw9B{DLkmiNbRWr}dUAJ5+J76yYVIj1qy;BjDnPjIus1(Hb_)8M42r-N)ues`#gek)h~c$ zty#tNcqhf6f!$@nYde2{E_DO>zvtrb9U%YJvsSZ;Fl&9X`k#UariaznX@4CKk}!Jx zJQ;CXi9wL>>bk!=lac8MXLoB<8R10jP#y~eI@>|k|hr>?E z+@Oz}W5Fi9EWrlh4tP__O_6Zk?8ELRUFMjtiU})4Z1Gi-V@1r9<1V#l<q+mq!Rg+WqwY7 zz8W@hyWeTI1Ejrhf-Y+K-tFigJG?*Bq91n$H}(gIlw9pQV)#tb%1I}c)#;jrK$ZY7rvxnpEZ z_v)Kkb+qKC&n<0V7RK!?uwTMY$$k*_u1?Gbq3FpWCEBnvaaNj$1i2?dJde z(Z`=skN(4%N+?Yx7dcdwKs*rMKMHYFsR$qAAU0J@9%34kbL_}v>J*qFU#J}RLjUKgQ7SgR z2&2089*MGt=l=RiBPC+9tdSs8F@wt?r<7fh6ztoj?~9eWi1DDbHo+MD>|NdBJ!7Gm zvc$GwHf~d5*rq4lZJPURLEqa+RHO#Q>uJU$ zg=R@s`k#dLQSKM)YqMg|@47*iJZ*U-$cu}v*ga-qxb$q@=yUkgWStwmk)c=ozs}Gp`hV^K1qC{bYjY;}6!<}`lS39^KF1Owv#tI9i(k@o z*eKHdRyXpT=T5?cM)VSGTLH+YOdXF0YP^~^hDW>o9RW9-e*=S6=X_JQ*GuO2MkMk+ zD$3|cHa1s1MucmTxI3K4Ht2oAKNkn=^xhzUNdTU#@=8&oBUg;9^uG>zQx|wR#5WQA zl3sR#`X|9R2=ZohaHr8f>qb}xF0v8MRdSlKZb2@tQHjh)6bXGyt&DvRWKaC#N-HN< z!wQFx*UX+L6&qU@=?nq^l#qJ~P0&18I0n7`;<~&hQ2`|T#%U<*ADm*R%`|SBPj9SC z#R>dF#K$X%hrTey?e9Ayk80uX`GrY2t45=zoK}R#w>SD}M#lX29u;;e0yK;NiaU%s z)ZpyN*Nwt*iIj$6yuhBN{TMr*7%uQXn^^#6^0&C*L~7vhc8 ze9iXMIMB)N3DtK;QSdxE=}=pJb3V2P9JrnK8KfukF{w>e82!K_G?ekbL#~=N&DS>8 zC6YP)c?af|#6SMM$?bnXBlFgRz?2rfQ{v>q+k4HKa}n>mx+f<&^QQk!c`YqcqPWgc zM`!H*QqW&;I2sAqta`1l1?sxzZSlk&mpQkxmHEF=Lj)7)xBJf$;I^|V(ue_y03P1H z@*i1B5xZIr6p4&U8hD-l%Z2Q87@%3A5jNXEh^?eJMtB6dc=(Pla6f~oyj)GGP`Q6> zTMUq(Dvf19`8Mtg5oFec{SW(ggnOq9oBiHfwzrvUnB80?k`m!=5)hC`)@5bN8K_E- z?{+5jgY|=sWl_ptyT72MNW3V8Q4UW|;&6%dUmxZI2*LMV2zS$nj_wBRiGj`jEK^Yk zS7TznhEH+nY{UEkSq22C93|>TefT!vnnvYjZ2#=sLfMNnO=<`DT;Sjwk`NNjL3G_6 zmS92OiikKwuJQ3Msqep4`iG0a@bS)yNEFuv^$0M9PO^{05~8^6k%FrJ2bD;COlUK! zgo3YLzfHR3I_jdPz9qfN>sqCF!8Wzs|M~0q3e;{ahD(n-q%MeJsHm<1d%6}VxX)~hw8QT`X9*o{Zph8fA0aks+Nd9s7xi8bf3)z9xUp{bJ2Stmb(NlmQ#(?Q`7JFl3|A`6&AkK{>@ykZ>o2Bsk zS4nNUJmUu0;VsR51x>}JIz5jp@P*0lCV+g|t*-)$Gl1fFcd-RqQINv1tzeCz$unD5(eBzqk87Id?ErqO@@!m!ju7064AL(3z9+AC`zMMuwEp zgYDj4C9t51Br`GB{eUT`sA;lFQQM%y<|PX%w$$i98K%K{K1}8bNyF^^uYRDDA*<`U z;>WRiQVzLYM3jg0oFcHMi-(96{t4xgqfF}b2eQ*yT|3f6os$m?O1bQtkTWd4^WR?) zy-{q}$7f}0gGZj;#!n9^JdJ^p__aZQSl9fc%E>O1L#lydFZf3nu2h4te>?pGtayF} zjNbmHpC+sw)l(k}FNViZPvW0T5`&WMb(QF2oIy9f1MAXdnVf|%lstgyEc-N2F7+Iw zRL!nh27NAy$4gHIo!`jaYu#z6C*So&U~mq%RMn9_$gTiIbqQ6u|6|422Lgjsy{ zlzE1H3L_BCtf!)TcFk91`+1hH%H%X$WPv8r7;~$F?%7xo{lJSB{uAsEgE{F4Lgt+hKYGPNv_YE^^V^!(+O8CiNaW8jBP2~*QaWPI(<)(Uh`^_ohqi09%a82vAWV4UO0n);-} zw-u){h01A1k)SK$_=QfrJ@ojAYNVV{?UVCHSLA`i+P zMnUC{JBsD|JNo20oN%*Vi)*-D-YRphb~h?cu_6WAh;; zQ|(>zG&{&ta}Lv@#+p5Y-v|o0GUH|M;{%{ozX@OH`d(J!yr)Ua9=~GJVcXly<|oQd z0vpDbEK!j1+Y!H~$2;7alHcfMUdJ5Grz3YWO(`P&(+|@&K4F6ifrB8(3e)YymDSpv zW6J7Q-LgYX+1pWO` zVu#|^z|9-4Kpy_h-ugWO33{h>syABG+>CjA!# z%0%h-?S8M8IfT1VWZfv)le8{0bck>lM>4CX4NqZFR60*MxFXo8v4bGHDm{Rqyem z2sxumvYmv(QU#5k#kITY&DN7T82+4^F-#13g7B%kC+GaqX3aNG6MKxg$E%EG*YlFx8?cxe*zzH_~Hgd$QXd?S92x055 z4J>#zs0Ekmk>XY{5qYIVmr7}Qx0^^v^5u3APt;7nAR9waBsJOE>_bqdY6Y#W=)7|I zdR3VLd~>&ytV)bW1uD1e_>S^uqU7?qEr(HyQ>Phpbsot)HGLAIybgszT~8vM4VJ(0 zhD&(ik#ybZ74%RXAE!+loHhf18fh*)q|x-Vnjc%C81B$sA z4`$dUznh7pGUhP?MuvkNv>59z8biy8cX8ACu+vz*!ip6!Br#w4i^2u$H|LbDkHe&qYLKC4*watZJNMSY>R2p@5nB2R|qwgxQz!xny_Y$yX zS>eGzOdpFD5omt*d+9Oe00lpXUaUa#ofZ@DTnKd9<8a%$+-CBX8c(gfA)IEdS?KwW zFHdTa$*SD#*g`0jNjJL?xWvzOJ8DJx(A)azcfF%Iid3Wo7M&1(A%NxSK(?B{j5Ie{ zD7R4l5Kxo!zOF8#rR298!c@pJ+CHz|*NnmMw|dtkdy+O?O3bhmgHMOLZ&br&8^U+Z z*H2Q-`~mBSQ(q-AI9XEwg7lirdx?FD{;dj)N!!dYyrqKz6F;dMN^epS%eDm_X_`NU zo?Q5={C`LZ;rQ85pq~hh0;1*m9T7Im{BCMvGC^g(KUI&pCuj>ee|>}HetNhix4;UjypT+G- zJdyLMJGhX(VMO5h!nS4xix1t}ppEHtw zqkX1il9qCk`24f%09hE0N|Aj`=b&!9jejGBD}!YI32*sQEIj;}>zo8klSl3v_kpx8 z(=(=T!vrh%AVq?fLNECO_OkVcV}S!iFQsOwSNBT5U0p4)0j>tKX&M@PcThkeoeFRnXrf5nqn=1GU(i znY{=^LYA+2%JMhsHiI(q&M4ka78_rz_>eg%-()!R%qMy?{ci`?k}fS=w~Ag=57JXn z7i@#l)e6Jkv6nNR$hr3>06U{UE50c<-6~jHs4G|33F__$>XPfdpM?$Siy}O`yot-E zQ+QsBsx=e5cm0^wq7e3mR*-V8a8n_-wNme7T~;92=}*;&*v^P~=H~}9+c`sTpK=HjIPdmu~#mb0}hV!$96>L@)Lj>G9=26oqEAUtb(ji^1+`JiFToXD??p z$IV1n4EtGL9{bsrI>jJ&{S&3d@#@mCK^P8xb z9lPo;`SqUqc6n*nIgko8xD=x$c*Jk|tDmB}7iQCOJ>#_FuxY}tIia+TnO;?QW0_ey z7|ksdYcL#<6qkXv-f{wcKeD(t*nFnOdl3ZiQ6&}_2*}QrYqy|QP(UPf9w@uk@|Yk% zCkeFL*Adzc5HbQ#=s}+S``iu3eBAw@kw7a0a>|TNr)Hhn*eb@f{uj<)P{AklO{L>Z0--k84?T*3l&r7Yb12*xd9Rzv^@0`jb0@i8K;C3B z1_3%;v|fyCc&r}OJZ8O9ucXl149qPw4@)P-n5J^$w4*nh`g^6{KE?0;Pm3R1Aqbt4f-OYiHRs zQ4S1GsMrD>FX2AN6J$pnm}PB;?|V^%;@Jmedg-t;oqn(#_v(9rPqVrv6$df6f^fZM zVBt8D5*7Nd(t6$(IDYx33=>`>!? zep3B>{x-}g?xzp%aMQhIw(ZEK(8Kv1ELUFL+T{>y;5!RWl@yNmcbNYQfKvKeH=wsP zX43EhN6@hIyET3;1Lxqir|#-^h`ho30-kcyUWG(~r@Ua!_3ptn$uZJ!Xzhz!@n$)2 z^OSfh6^3`!$gT8whJ+MMsbB3y)O<46XX-`eI?FC{vZ$IYIA)Qp`r2C)diO%P622J0 z65q>mJMzP{6LFP8~XW9uDATCn17?eB=oM&!2TEb*u2_A%u#ZN z#xOkl9ueOkoX8lWzpPnqh^aA*K}9$qQ@b3CSJp(+mRMeo9$g@vfm7(>;2Wq8DTj3= zanaUVQ?ck)D6s&Ao=xNJOZZYT>Eisc%nRGrJ z&zR5^%#`^)l?Tzv+6Ao2Z@Ui7mN2njyWbHzgS`7G0b%Q}=KA!e4$do#145LQ`TUJd z;FeW67&44d@}c+y9dy$Q5D}}!GtV1G;V(-UgeA9T*ni6gR449Ed?)fUb&8BWHrpEV z@haLZ=00I~E+Uwo#d-{!54|56lwLC7O1^H~x(&6-HDsk^t~BjsGbOd>X*$feGDL(R zhNG?e@mrhW4)$BVR;BeQ%bGWgYC8LTI-dtIqZ-0QqnzPj@s7`kbTyRfVUFC;k6&LMae zPKNBD@9{jnHz(0oPcZ!pa$e}Gz#jNVMk==*i6~kNLHJ8Yes&&VMzukkOo9c{fC!AA~tl2ZD% zEY@^dW}?p4RxY69coHDeE3qw+ay9t)P<|R#_7@>TCh$X`?i)9GvLZ!iBURscj^>aM zDfWPA;Zj0L@*^S)>$^Wo<<2WegCpZgs)$ebbr#l)x0JP9E`%PciAa-q*4Y4?PcQEx z$5&CF`((iCRvt>y0t8tiE|1Io1e+-ivm!fX@w?8F2SGl6QM!P62KF5edG&UgVyoWI zR5ZtJ%n7v_dftUDD~fGQ!m|VlX; zkav!Bl-7nmoETHc_XW6qtWkSz>I^TIeoqj~k6u0qD4ps>)?=iOnM0A;T4tqg+7tsg z?9sz+qJdVe_?2cn@HIz22$BA_+uG6pJ#XHsBAj0X9Y;njiNcE{2fx(zT0qry{!=@X zY(wQ?LLifZ#!-3jvPi1DC3UhXlrBCZpp+1#VEiw=JB@E!mE^Sa%~D)Op?xK4$cf@w zP!{2EbfvH&Smx_XxDhWIi70hp+Ek6O=aSH`nBkwK6TVajCpI|u8%T$2MaQ-2y1(JaA8O`vwN`bZ{_zT4o4Vfm972ngTwk6T z8%r?UZ|kg)?r1fBb6Tk99Aq%%S!2L1IUq<6B1uV>8#uqoJ? zx}@Rf*$y?IKa#;oo;7Z-R;X>5kIWXCm4ugeVp`{dT%1^jx>D-^=Szz^5}-7>^OuyURF8nsyQE9Fc;ZmwKE$;463WxU`$5EP4bSLCJuvj# zJHem7G4R)`SY2PNijtfh$i-~BepTN0T!gc}&<%=G`yM6<5{#=nYPcr(s ziLX?|u14T4-X(^Dtx+Nl#*zL+M`kF+JIZ?5b)ajU&or?+_wUSSYrgZ+0=M5~)1f*@nBib;$pUwYT(6H~ zHRiQ*cGY0_@d@CEVQ1~(9LTHAwzd9?CDefFS&rQw`%oL{Q=E<)qqaeJ8Ypq&yOBgt z~$um>|{anw}E)tlFf5;OtFkGXz9EA4%`?ix-`$-L@%K&lhfQmhe$@!-4Xs6Wj#Ms&Bm zB>x)%`5{j>0qD!xc%)z8FGb6snxWG3bOW<^-U(*CPW-haluB0C{YcBUm!NK_Pcsxn z5msBII>P$;^;#8HR6)zInR?jzYe!CA;M} z_WkCV>mNej4fKwDI5*}GNzXX-Jf4b~#ua3et?cnD)d$zR>)^ew%a0HGBoL&f^V%;2 zk@6K`z(+TtH`U(EQ^mX0<37AGVw#O-#^;V!WJ~JXM;6z z2K`utckA~99{c9M7%Y5J!OwX|&Ie-M)V_Vl4;)C$7MGAIdolMXiuCgpx@ca)U(yAM zLhJd`Z(Pc)Yc$Uy*tT&{&&5xM*Ks1fs1d0UW-bsuE&|q{_g>39cN05He{S&3h7+v2 z8T=77swP`L&RO`8r5GJd<=BNilUMHoCQEZu1zhaoFa6FT?7?Ms>LK4}wsO<_Jc}St zG;zef{=A<{w{D3Qh*zStuMCl-lwMEd^LQ`382m6cxt50vF~>TZ!J+)JjD!RG(l;sf zOp=|H-H@r|)+qvLMaVZfJ56}!DDL9v=ea@O$+n0dTSjo*jcBLG&ayBJAM=ZpGPH+f z6{_owvv`cee}ie-CW3&MJ>*)e&k0c>uQS1}Sq6a|kS&SKb$$C$24 zUa+r!RN*}CX6Os32W~{+(d~XDz`FTwZ+pr2!I89Eb*y`)*eS^;gp|QvP|FlA{U$>mj!8 zi1{X}uc&~mPDbl|;ipsO#gCp;eeIGvOo%vA?)4a9ZI0hzX2__dBwDt+{Y2idTrzWN zwibf!0XK~JTMHlhwAWiIj-Xe&Kyn=rdBi-E3fi&fvv{9To$;vuJhuHP`VwN_|Cx#b-hR&=AQ=b6TAkLkiz+#XeHHF*Q*t4umcZ# z4wJ`biA`dp`7RyQgA-7Yo*t?oJ8~vTXZX95JGD)3GO?{N`O-bcM=||KWPUH_rX zY4k?t<&v8>dGK;KFeIN<1LcXFpAuU>u8kOoe(7Gx!Sc&-`VG|Gt}%Gz$I(x3@@wtY zz?bU3${D%FWUh9Cv!S_*&jc!=Tg7FD9S5jM8*<-6ZXZm@0h_QtJZya@%}GW&cq-q_ z*Y=Mx#YGf!WYxS4M}^Ab%uxri5xB~iRR|W(7od8F!{9YPW%rQ`SkfO!6mzW; zay@h&fV*qa*4J>M3AG`{VZL-Pb6z{PR}a)Z^l@?wRBZa-WX!(KvC?fbHCj$~LF^>n zC$qm3v$UYC5N@--bBSQ@>XR_p*VWH&=LgreOrUXZcS>IZ(s6aA!o#$LUuwcTU))A4 zSeBUd(}Av=&-<-TxEESap$sue32*!yQwc~FdXDz zb=@rd*lL1d!EXTTGK)dj-9!$>WBbj$@>|0N*)R^}p}ip>b02Ae;*V|Hp0RR zoOhMBxxKL$R_z|czfI{fJhc=G9cK?`?vSUXm;1B?EV%^)t$c_(1gpe){1Ck`z(yn~ z=AxA>>FsU5v?y4CaG;8R!g3B>N3Xu5lsJcE5Tf8sw(kI1;8YB?maK34Y|3|kM>V5< zf`+pzO_~X;fV{Ku&QGh!Z%%6mk>y0q0;srWeV(!=4NbZ!%MADAU-gJ%? zIa zVle+eDLT4ax{z6wkT<;8uXy2&+jjrLtTkLoMW@uQf@;ZOaCj{DP9?H2Wg?8{B+R%; zXxyA#>h8K%iPnA(*!zv3UIt+Dd@`m`e7&K*;eyG=MydM8S5KXzkF=a2JpLIy!@Fq7 zb+Zs;IX;$aM_7Mguacm04ut#186NqsU`)(}7E|j;$_arFKUg6q;}v>}mlWhh-ch`j zv765>Uca&(O3+6-Dfp9B`(>(D-2N^6@)F0K6k6N4q1>Gk)DV_SugP0InmBzD=XocEg z>X=JUV=1W8%gKmjqTddS=hGiLO$2>583M=?pGgwgF}6o_hW&A;+1RLy+8-&%MFtCP z4yR!TW>=v|>c_Z@lMo+WExK}5_rALnCpjEotb941^;q+2_MwwbQKeMd>QmXvpOil% zM#8K)tqV}zVs+TXXglactEf2#+0mRsh@(K-QEf851LC*pU5>B7^R7R83m5TpqNdeL zdX2`zZcp5y{_blv&N->R{f0Lar&}fOaKI!={uDQ~1;d}Ne{Z+b^GlZa6}A|4OK*#h z=9B9&yw>5W{_*_zoSH||IDU@91F9g!!HZp^&kqON$6}REQs(f9?l2>w4!fC{ysqE7 zpY^V2>dO%(7tt15b@`U%8`(=ybpWJV&E4-*b$sK$f?H(_B#OITQ~D(f*fe%1@yVM7 zn`YAm(ao_u*0Z&pF`Cu7AO509X@8jZ^HhYeTr02;EH$12it40pNv))$dVudLAUC}{ zglWOPQUBIn*V7DTJ;Iv=tE8(TTt|b1)*3I#3~bd}lS=IdLW20aSJ} zD%|y$p+eu)x!dE_#f>j(df7JM(HY9LMz`rlV$?RWG@WJIMx#VVh6qwnq7d|Lr=S{h zdtLqf9gb&6!(Pfe*cWNmxuz#-tX`17)7>a|=n{yi-C&y4!Q-?ya`MRnH@VxHP?{I|+U^!(^hZ?mMd-sAmTK z{PZTdoCto3HEY&+?$4mn7w2qgK#g7ZAX}h2Nn{HHWkuENC`UwGba%`_X`K5q&8yk$ z`thy%pO&8lluMj%RrnSPGubz)?WC>MT28SM47}oTVKF!|MG#zN9<(cd*Z$+EYz*RL z3Y&E*x4gpufV&UE$r}FHD%ZReYp4OjSRf(z-AIfe7eb$H+Dz=b2 zzYq?%(GQk>({lM3q*Nlmt9CLGW~j5mHkQA_etnQ~lzrWYaWUo-k$vgkzm{jw?t8q> z)fqotY;v=!>7-G zTI96cu!NQ=e9Vy{n~ivz^g_}mYom8T@Ey5O`>=r>7~Guda%*{fA6!tfQM*~`NulRE zM$>>mJkd&yEA^)QQZM0aiSlGkP?K=|RL5C~?5D)wV}gCxA^*-ne1Q?fu8R6ed`eF? zI|=nzn+KgJ!#BwY+S*Tv@K(f4U^!}A@`g4j0b9GSV+s{C*gq4)$$A10lV&gWdvGNM zE=6=(pbQF!L_*C$`&Ua*g1H-L{glOst~QrR4ys|wBGR=Imf5_Ub-Pp$rKB`U-OV~U z6{PoZ2*4>=V6Gbk5WXIB7gd_R9|D}Gc=rTk+{BSnElU?Lgc8wvssx{~z+*->qXnFY z48l#$@a1$#=2sXp;A2PLLhzE+O+HyuIBm);)526Q%Y0+fG!vSSiDnKRs@5 ztUfWBgDo|(g_~y7vYs*}aK9oidB4Ii^db?Xg<(Nu1Th1GSE@a(%qe28J^3Pq#r*pR z;<9R5@4g!%!Oaq`5pSg0hDj75PAXR(M5@Orp8WoPL9I!^=E#H>F$5Ijs+R90#!qLt z>oy5qM6PEcfN0lajE?05H^C$qKVSCw!Q7|v#tOAp(0ku%ZkL>}l*A&&5`SxmN6bsk zI#gB6?SI8ph~@ig<-c~9w}_6zf&^V|Q6PhvO>@iU%+_v?c!E^(Ab9tKy^1SSAJtcP zPIv(_k%Ig#O4MR=qhl)E_Vqv9;qP4@MRypIS>#tfG^;3>R4XU0P$!I*_qCw&C|pDU zFVmCdwh;E|!di)q(jFx<1YfVT107T$OWd^<&^jaB2E_;$s?fX%;(h5ORBkN0$d~f6 zY~5vD0q}6*WxF#oc3ET?>9u&daV+K~;9j!bV(ZyYK;raZ&EPXah{%GY>V)89J>K7a zh4Wd&ZJdaUvE4#4#2V`;_{82If!nLwKTbm>3W6lQ#uL;9AWn& zDckG-URtx3N*1mTtQt*lxQWU|j}@y&kX#Z@=P|mUIe^UxtH?SulCgyosVC@jJ*gxa zz-4pulS~`p*vkr0{vLSXL?EyjlLu%z+X49)_pnwPE^rT zLlqhUg)nvQGJj5D6I5wq)h%IwlHt3Y6N49;IbFB~+AJ)m0BugMZI1Fc?KVVRJbB=S zPov~uy!@8>u8KComi^LtEJWg&YOm%fP)R*fS-H#f0|>%-aEdt~sv@A(zW*|(Q#Jw3RXr zs-Y_ZvF%F{+MTTrXw}6rISb0+iIYfa*qicd<6fJ6EE319#dW`y>K23XonDyP+}=9E z@S%UiAj9u=KT@n66Uh1}Q1jhs1_VFGvf+Rr3N2GSm;3#$HLJc8Z&{`F-O?xTu7z|B z5nZK9y`|BegSV{OYv7dU$dYB*5q}_ujgm1byiVwHZfnG_yH3UIQzQ9fE8PAp;HMyf zorFQni(z2)BD$_cD~xg{Y&ZQ(QZN6WvO+%LP6 zoX&dcWV%fneqn11s!X7hr=ab}SMSy}4RW=jlE(HU2Y5RO;d72(!!Ge7@3?|4f^2f= zG%QE4_pq8_V*h>5L!Mn2s|m;7)fdYNn4V>NDC2}58+FV>f;+>4z9h~6JjUE` z`=RF3^t#p`C=KLI+l_K2JP|mxWy zy%@#07(w=9Q1}5^N--q>hh5r)XXflVOAMXVvuCWBG7_Sybt^C5l@A%~-kNNuA!^jd zUZCoZ4r!8{pe|$G?>Y3l5v8pz4V`*YEgs`n!xt|PB4!l$ zL>*seYli97v}!#XJaWS$^)UugDt%up$&bfa7N4OrQn3m8Tt;Y$IXNxe@%GzGNcG^9>2|BzhHq!rT4}^B)FhEPS%bH$L z{(96!(1S+R#_SJ_=5NMWLIi*Cz*7g5UxRbhN@2v@`&$PVVliJ^d&|-))|G>{xrG^8l_PJoOfwTsnbttD&!C$T)i$U|L(-OFM@u=30mC;O>So%M>G^!)o zVN0SAY{k}b_KyS=Fd@F)J$cmIK@t2gr=tgADTOpfdghGZ8%iFC+9k}iFTJJ#!)x79 zg6Cw2z_uC}QQK%rp{SH8{DUMSOyvhWU%^MXATD4~Ok#p+{lqG^v zEe0$RL{i1-2KPwUR}wn_CwREva)moP($+oEFLGKTVJLwdQri1oGlCsC?12Evpd3D1 zLz2dl;dVj{?clQkO1iXdWQ+IIms0_y&*l1nWrQa8!L8w#Et7eFtv4)H1wdot`1{H` z0wzbOi+Z}{V+Ti3Vg`PjTvYPQT=8ctw>kU7oZ;Eo%&}o95Lk>zBv{tP(>-$dL}kAH zgMi+zZ}^-(9)DWOIg}FOyGj*Ea`GcLICS!x84a_0ki!>tj0{vg$%i&|VoENN&t(zo zIPL~~nxeQPvCWa}<*fB8VbjqlC1TNjjB!Mn-=mso*O$)rnrs}Gc@TK*(cz0>eE?L= zy=&l)_$-VtZTY_Z?BU&ih1!U|d|k5Q%8-hgC}Om`#q4if3{<)gz7x1wqfzOG(=>&D zkoE&eUkDG&>@^{*`jZG>!+)=GQtkUW3d0n*uE74UH+w3Y!WReCrjW~K4NLy<4Q?sw z81!oj^^iDh7Yb(>$1m>mzeHZc%|@Wu|1#!D6WbjiiQTB`jFQJ!bfa#JTuYCc8^_=F z!zT?-z4h3gcgd9W*$2-52FHIJj?r)^eQW)sq}*v_wwQEPkUC{~D_SpO_lwe3(!u?= z##?9^9z{&+Nu?dVdNHj$Ln&lY_w5_m3WG_{+s>C?uem$mNJ+bR+)k#GHRQwRwyN6p z_e{&^+a}F6(HH%bt2P~BYc+M7C1XNA$o1e>BbMT~zXm{`I{h`zbhiqQ&vBPDi66nP zLp7!nU9@njGt+%Gj_iuDhS^ACq#F>u<(1m-mb@n`aXxDEo zJdz`w!le8%j)X%FVKFxqN}1TtGnX=Wawppcd2q$n?$LzffTlT0ypBG}XW1W09gkLc zsb!nzV+NrjT)Z!Pjk(ogUsj-GvV8i)1Ns%zS$oO){d*_ic5_6+5KqGSby*#>Cb>l3gDoRV=r<8l91Hv{{^@FW}}40@U4PbB_Q< zT@ko=TVeFCC9WG&St)qL5AY2a*lThGz6U^F1=Ci+5m`lJ*x3TENKK%kRJ%ckj}iVz z0p`0M6#{Qh;8;EE7Y`f5sJ}q90`;xujByjijB);XvR_Q7UKjA0zUO{@jt3$W;rD|h zbc}y`Wcn1_R#-m=4*L29?w3QebOgnU|(mmP)_<- z&tYB?CZVAh9(sfAemh)u-QLMtPUW?6N=$^*6oCDqwU1|r zG2VDB3zS<-Fp%)AAqsQ-`U*LXHpW{klKS7f;*k|7kR>W}j7k#=r4w7D!moV|ue)J2 zx5L@AyK|w9t;yNOA3&i4ldX0h^*N%L%%KrKj%oT-5i^Y}pisoxHu*Ir=;Jq_lQ9N7%k zxA(YFZe%AV5LaKu7I@g_P?mRACllzTsd^po;|U^O5VNi>4HHvL?0p;^KTF{Niu`Dj zAirF9AsxcYu*4Fz29DS?vw^lg0l-R5yGPir8szLvR-G z@E)jS_GMJzcpBG=!>H?rh%0NxQ)-TbKO>}T*1uC0FLj!$USy+dY1zxS#PI%@za4zb zn1llw-Qaiw?OK9{+h;k9+eN4`ee#wbCzWgM*gob&J6t16z8o7|3z)$lW{126ZwUtV zrnNlvGx2S%Hp?9HxlM_vBWlIMx5MuF^v~@QL64m`MkYP(q7Q>#+ol|0CtUh`YsN=+ z3iisR1vgVgENknCz|9n8#jJ+P|HoK+HilGdxjr2^100rqDmn z-=7C(pTj4F0*7J)4<&P;TKC!4AM8Vn-iTBGIc z^JuO03t;8xkHNKrG@r@?-_%BOsX5^7;<^QnSL)Mm^x|!?ckI4P&<$_%1Nl|H4b#S% zt2#knM67u-1dSjjL|l_jr+1OREG#J(S5o*tHJx`LmH+?#-$Yi(JcM(MY&ocmV{c_8 zBZ?y{BtnPm&B3vSWFLF)z2`B?ESnsAX7ADO*5~{4_xZzpzsCI>*W-HLazjeYD*)1$ z0k0WGMZCJ!`EO7aW4^vXFd@*NhWEXL(BJOyMRbbQOV{&Myt+j8TfuIZPp~47;M?na zz4~W?btS}p%mM`YOZe&%R&M*t9!kt8)+kB}__}_Oh^5IxYJ`C6?viezx*`Mhk@B0; zLLoax`0EnBu+GE&?&CW_DG30UKG~8@L%OgrMWR44aalKS^cIsUDd5q6NU_odnt>^| z89K{~NnAFAX0Kg%CqFN|#bc6&@_1Ygr&rwS$}CW61jQHR$8VmZo48>)N9a5WsDvcr z1E)VI@1MV^S#0QxXMwK{`IwnN!AR?0u>Xm_5_bx4A?DgWdLUPQSF^44?=^$Ix zB4`O3JN@+7A%VRH`7c_U#_6I9M=0))q=9`k)E+Oy)g}xWw4`$PPZ*rVRhJYqMjm#5 z^uCI&_vQNPDpp{qQ}ZNjbA)2EYA1B0&dWd2*h4C+6UEOI1N5r~9Fmc2gF`mhq6;Hd z`-Bae=VlR8QIDvig$FfjyS z^SVaTEMGq1}0eBnmwn#g7!4t6w`)###O;?cSwrzqVA2r7MBlR^#EWA6;|g!>m2b-Hy}_ z7ps7Qe>||?keek<_nI~FYqB>%(UqoRqruxf_*NorHj|`rog~F+zuml8t8N24ViIJ6 z(WFu-R!~73)RG)>$J1U2?XD~u7U9v1kua;ae)rA?8JYkOi|{1xWI;G@NSHslx*n3o z$umFZ>FDUWLl8$3K>*F^`-f_wDTb@l;59FXGaL^-p^rm2r88bhxZ-8({1Wzir@sO^ zVBZ4^b1hB2n5?3WhFE4+rs#73=d1&>>6X(m@{rky@Bm zAL?Oz`wL(JzXllF3%u#n;h61eOr+E5^% zsz5Y#{Q?;iMmqh;cDjm*+IXnWeZbjo80Q4mHn7iCl8(*}EA=Psp5ITvjJ; z94*}5)NVB&h`q1QIm1$g8Kk~SlcugeC2aX!7F{89D|1dKLW0opqQ-%uB1dfo$4LQJ zdHf^Z2qsB9rbUa3f=)R`pvS;3zUS>e1CuWjE4bm7?7+sNjH_0~TT;ma~Gvoq~m z0lR5eIy(g`kSzsnV->B)lVA$}h1_Sny)!Ta`vw{)uRTS%VV z68b>|O8F_K`;dOgGzj?8*aKo5tCX_;A}zwZas15%vq8mU2^sRdiX`U*Op!{?Hsq02 zTS|OFrNHQzc7ZUxDzj6&0qdoV_!K5@@5DCFSnHlUOpVVm&U3$;nhRsUHK)2n{sJDO zhu2C(>HYNWq3JU-y;eg2SI8v58u5ci-naHXbA9>u&z{hYS5mV}qU6k}xY&sn!|($a zK$~`1GDPE7^x+DfQ_SKnTNsb2Jq_0=YvMr}e|1tjD&Az8HW7i){i!K^7!eFz3&cA%NO-Vq` zT-xXb?2kd%_XBJ~VR0tMwgj&U*IufoaCwC9`Snoi_SCpIljV^R7$vx{VTtu0Y6;_s zRq+TG3k3R3v({Al?4Q0wkrBZGzA27`?eZ#UaulGJCz^G6JE@$&6)k$dLY(C?zLyr- zCn}y$Nera6*sCwE06Vb)(Z=?zq-B}arO8J6Y^iizO39d4n>uv1-ch!&Mc#DOH^R*N zTAwK_YK%en!yK597-$j@EmX;_>A{z^@WKG3LQZ}5ry;&oA)SOWDaWzmA9fy|RbMX|UA$&^&4dgiUEV{>BbOfoSq-YP zY=I|v=j%x0x-_t654k-iPj1k#FTX2rXZQ_EZ2AX32q3r1I;C z&8hZ76*gAWG-xl&jBU&P)@&pEHnsoj3OM-ULPT7xz5@vmj}g!U4mRF#FX+r%XVw8l zT3j73WN=ZaiM{}8{2{`h&_Ut34kNf2#XCp`*^b00%uiT*7JTgPsV`{WV**BYa&S1H zq?nND@OPl}(&X^OXn1u*IbGxOkCv?kF+?0Y=D6&$a+o7m2`Ffe$+xzrQg_Q?O;L0D z!5Rn4_p{7Ilrrb+VWYu#*~g!fFko5Ckd*Jlkb<&klTN`LAzKM!c2*vW(E($M*GuNF z)Uo#43lgolG`=fw*55TEz!a%%cy;1VQFW$BfYWNVHH_fNtmxIS`2RVNjLd{r#Wl)K zy@S6u45Hp=82Uy$Pz(O)+a)?{X2+8vJfrMQB~e9=`8f7}XH6W>Z~8-hDxE^kT?=CW zB0m`!g@O#w^g){0dnCXj>jwBT zr3L^~?b|^$(hD2t5}>eeTq)^qjA^d%U{_0Q?Ttf(&+xqQZhL5X2k79(Xk)@mu1yXH zjbs=coiX74+)VuEG>`nqIGQsL)R(j$L~>78*&<)&0+6YB;PtM5Mp;VoM}=@j*(m9|WY*eYvQ^PHuyJfnoBLn(>I1&ioyH}A3wTfHMD9tCB+=A$0*k`;B!O#p@U zkKlW(Oy*;;Tk7-dlQDwY_hwx)>Ba7%;M>?Wegu={&%fRm7Nu-VFePh+TIX>Jeou!_ z#*CLsI%f^M{FN==6FQ4gjycN|N6CMH_)lXcd9>$b8*kv1C;lZlQx|D{BXU%H!CMFj5e}VjFH`Ra64BnDd>1%kVmAw=g~~epFKxV{|FA7QSk+UQMs)e7%P(# zBJquo37c_tGMMO`J%FWH;#ifNxPM8FlY7(r*|aJdr|dd+PD}Kq+?@NakDg1w%;QSh zj-qZ=rkTVG&+E(GAXuI3n@088JmLDyQPf-WQ?k89fXE0iAVFIVb65iU&~y$vmuiS8 zZp+mlB$olO_wy*lC|8FP2t-O$8< zdk)x%>JbEr1fAESQiAeN&4GDh9NO=){_2?WO0{$#4Y z3i!X~>1I4e=+;nw4H@mbcdZKw8-Oq~uO;nVE->;r+4J1;r6*|xN9ol{8e#K7f6iU& zYK)guE<6xT^z+rEYTg^VD-Hbt{zQVn>HQC*C?4q`NXaHN=w*?(RL2a-hUJK)!$1JJ~oCI7&3$qCm6o~N6zkq3`Wcuc}s^Lczl*)rr^E5 zSXj}oA>{DCieJ8;PXZ}v;||q9Qhe-sfmNtPyEvb%`T_A&vN>^5lZH?aw|X0;Frki- zT2T9!@31EG7C@dYfE(;nR)`n$zw>K@03)l z^ucr#LSi$g%LLBzDm>Qx>wbo``K1fc_`vA9ryr*4sd8HD@M?BoE&I=n$%Kmx?mP!Q zA~p(&>@@r0RnXC9@XpQ0u$|P)qRRBSC6{~mlsvySE|UU?=Rh#mJ!+gBw-p8~#fM9X@CRQw zqU759ub8Q==JrgDm`>~YUEXujS-f@ecQMT>hQEQ;RPiCOYo%dg-jwqvlN7p4Fe)2> z@{y-7NWTv+?jxaXk7N+GjCee~&I>Ohl+fSN%X2$)8cz4r#6%q{JO-*e!^N)hb<2K^ z0=8Jwu1nql*&u=JQU~r)%uZYh#zC(gM!OzP&MKlAV0e4WY<~tqXm|Qwm+G&Kal#=D z5Hj!$>3q);G`^))PWK7VTmXDI`Dxj8tUWQTD?C+@pruniul4Ua!JyQZ8uLZ01$=)LR!UT90(=79IjwMf%tpXJ_CPVu-Q46A$ z3qq1K<3^rUh)<6L^z@2~@+*7G*#&Nq@+{V*CmB|tOT-yE9+q_0i zT+H)BiuwJ|2kJaVtZHkaL!8P}t{k`54 z4U{n)3QouMV*{;1jt{fzyu1c2t__K1%yD5yFyLZjg7^A$|f*27O1)WZg=>7|3Bn2vkPFZ2u#Q{bu0_?v zEbTh+Q?}lkfzkJi4D;g- zlJJjE2IePdD{_%V$SR`r)w~nxH0B5R5D(v%l_&6b4{L>I!4k&K=i8+%P781o_MNPXj(q$=e>Q+AaWE++fR-USOs_o zU(vNjxc?HYKpAmduvs=L9j7l^fZFGc$@Qn!RwW4{r_aDZOVu`zq;?|uw>nlniS!2~ zKg7GMh;XVR#q`>@5)TH8s_a{QbB}Q`!g+4Uh!t=cjOMMsB#Wnpw z42enmg!!ZFD8S%Ee#p$&%Y6l7FCRFNq4mR^3P8KJF2rk28^YfRI{wm-SY6;eyFfy! zw--e3l^autVXJh}AZ zCZVr?t+%^lJ1W>S?!&mjFvMi&fjwU2J?6&!CrWnvn?n{O=SX2PUPCt)J8FuoIb3m0kwN92!eVlt6<=a;tA4y08SyEhTu)chh@hU^ zUMkf?p|yavQ&Ut_^vRz2WPnYCkQKSL(W*JQu8lrSFKczDR>q;rj2CttQ=DEspe%Z- zg@^={rsT__6$gRz(-d&4mah?qiu}pY_wL_8JoVe8SPYi^LE4Alp%XQach3(M<&&Y5 z*u4XOSSY{i+8vke_6PPNuy4c1TkW0kY7Dg>klZ97Y{QKzuhCN}b#Wk{vMQhhX-o9r z6TN>8F4w55qy)f|<;wB=Dll(CIhbwjS<10~k=uyj#l=x>v7m0LnI=Hm{#9$w#ObTw zZu#FB1B0=W;O31|KKPU@W>~X@tI;yCV~*<}5o^MkP6Ir^5F zvc8MrXVwRb5Oawzt+)I<+LXl0KTwb?#tKGkU;VeEOOtDkuSiHDpR)4X6f-l6>8lUQ zG8P-#D{8GpEA#Vr5}E_HWXwWOxwPqIXz*}Z6dTY zKhv+EO1cTSGc)}4$nBVce#0|@TH}*lBva!_oADXuhdD5HLcEYavlsq*emi3`8MlTvLk*)(j%0!#tLZ;IJa`eApi1`1F8kpMOQi;3A3XB>+ zTgpMv^2V983dk%8Ivi~6@4r4NbYhm$b^!#|VAUdM)?lrK=t2Tm&b*?CAng#ieF_uHSR$z~V zLFe8jL=3y~J@wAcA++prt=V_`@rHboR^Z5Z!tIcOzc=DRm%sf76Iw4{#!VL)=2PmW z9Mds<_xh3oHMM^I)jmh8`r)Dn7xN&@hMKBXtLt0uNA30AwS=6sgYg`8yWvqq3gN30 zGwCKu-ElkejbJ4)9$!8rvG;2vO{dvI?gJb}rr97&3X=?h2vvfHw|1X}Un>)Y>M-y* zXB-$%@g(D|p%3|t%rmWvqoJSeChI(vyWG?iXYgow9+)tK%1fwJUKv0g5#sBg=3ioI z;t}5-uh;53AcFrwZj?s~O%u1SH)+TlO#oHzD^Tu%xp*iwk56m&Fcx$<2)?qdgY2-1 zH;87?Jb6SZT|D^$I= z(veeRMQaqN*0-BbTH;|CLDBn?(A?w=Pi{1Yi_oRo7HxkTBR|fp zCDbS3FSWJ4l0`1o)D%g(>;7 z0oF%i21tdsZNMG^jz=&)VCow5E22-R2VJOPWOR>`J2qlgN2wRAG=*>qE;pRi0jV!4 zKZ=FnVRwO%Y6FDk+;~Fc4)MNZwLH=uUw5fp*as7(aPr<8$yo~gOXE;hwK{IwV@*Q zgcAyVtL(_xo{*SltMo?(%1}ny zcZD8Ba~@SEP;EFe0dguj9Bsk?i-0NR7Vhh>Wd9VD2K2rP(`U@i643|s$9GuV^_LxD zpK7?8yfk`(G}cw$ysvY&Rp^te60<5Z^W86fvft2c6nMB~am4pxiRpph<0S}(@f2_x zY50MO`KRduOhN^53#vtmr<}(B;Qulq|8cQnIOYh>9^PSihSA1$-E5q0!3-4=9o&xNKC> z{M9(DY=_cEWOy-K^~fQ&fSuw)j3Yg+r`T!Uz`bSik|XDz$FB?zYm~|*xNt`!t4PB( zvHMjL&)Ld5-8cuo$5!9I4?#&|4~WEqb6ie%$rEmUtQBOyG8_cf5BvuNvK^KX6Pc$GtWktvI3UIupi{96`sN{L7!w|~Z6v-b%*gCE-}&K|8u{JX+ODS*X0 zaGBgz=ueB-*_G#{`FZk=W`)a0;__`K-}|*pzV#Ria#uWcs)PFAL4z=v3)b`p5~lXq zrK`SA&8%?c6S8>=g1+4&K7B+V-X&>SMG8D6nd52~A)R8Iow(C>u@=r(I$)o4;p1FR z);!KA*RU8h`R=~KvsF@93i&4Fd2Z0HI!tTJJmKK3H}a{FYF8pd^}bZ!DAJs^DPHe6oj4Wh8R1)*&275KC+kbYt}htgvQ29__>?*5%%0{_^$~FFf0ki-cu%=9!m&t^ZDmMyyMAqI~`G0;D6}Wl* zJX*|99SGp_ONe?lOufsRwhJs&dWg@=0>vG*Se=T{=&yF~zsB<_z7;HXemzWet?=h@ zh?QphD}pYC-b^-SJ#Mz@@RdE*)9@lcoUJ~>ELPkOy-_;aAq}@+59=av8bG?_LqW)b zYiE|!rC#f>lU+Ki0Bg9+05pqfx*mA8{h%R7$y!Sq^;%fY;Z=XpBIK@7zz4Zpm;Q$? zgsF>Q%~U^RNaOPx=Bj6wiQwj22e_J@GoluQ#`(A`!=dW8_Yz^YF@$0&_$(-HFCoc& z#ydK%b=CVyy7?@K`|^4pvE_v@49XIe7XE5m?90OHBJetlZ%I+ZJ*3Nt zDfh%FkIm4;iV1KqF&)M^Y^i~2ekCrTbC27D0U@j-Wftu9h*H(jGI%0Fv&bI#T^cU& zwZs5V=lbEiZT{j`j!~0^<5Ei8K~@cx5NeQ*HJJFK+*TU?rN^y*Ymm4r$fsb}9uh)2 z;qp_jI&LAZ#CA1XWTP~*k&MYVd$VLwzDg0!=YdB`<2|-f-n;owRbn}z+-Y$mo>tXJ zq=8j4&{)F$zJ&TLK0nX78J0rf)TP&CLRPuNWxynXg-{yJvN^ReJiu*72NxGKm|xy&8!h;0TQb>>DbH&ULO3ds@GAvj+}({98gxH5&Mm45j!S3zlOo zo*pxz2KVE&UkQtd1qZ!pA&YPpLu?SupIkVn`lZ^rx_e6RcB$^|YeSp+`?X9@B7EoF_a&u*xY)nkT1r6^S(>!XVeXg-Jur>a9**9v*xpZv z9v)os4RB15qLO*e%?;EgG3ZaM%SSOo>UVR2PG8o{Rw%-^*ibL4@3Yu%4OIWsMxWD) zrMuCbn-FR1kaMcnRuY${TR&a@lOQ7o8I!|5uget#lk zB|x|6iPKq*13lAO^4my!N~YBE;oJtt&j~9Dt^*t82ddo{VS(p*v4Yjwnu#~79C=B8 z&VfruC2W34#151LPHy3#A@kv1?RvT4F)ZTy56=TV;0?i!9OlQ1E8X(FtYZ|`a3`_f f(zwBge{q6&4Ih~$jjR3#{5@0DP$-dm>-YZvFjoCa diff --git a/manuscript/index.md b/manuscript/index.md index 04735b6..d842744 100644 --- a/manuscript/index.md +++ b/manuscript/index.md @@ -8,7 +8,7 @@ hide: ## What is this? -Funky Penguin's "**[Geek Cookbook](https://geek-cookbook.funkypenguin.co.nz)**" is a collection of how-to guides for establishing your own container-based self-hosting platform, using either [Docker Swarm](/ha-docker-swarm/design/) or [Kubernetes](/kubernetes/). +Funky Penguin's "**[Geek Cookbook](https://geek-cookbook.funkypenguin.co.nz)**" is a collection of how-to guides for establishing your own container-based self-hosting platform, using either [Docker Swarm](/ha-docker-swarm/design/) or [Kubernetes](/kubernetes/). [Dive into Docker Swarm](/ha-docker-swarm/design/){: .md-button .md-button--primary} [Kick it with Kubernetes](/kubernetes/){: .md-button} @@ -44,7 +44,6 @@ So if you're familiar enough with the concepts above, and you've done self-hosti :wave: Hi, I'm [David](https://www.funkypenguin.co.nz/about/) - ## What have you done for me lately? (CHANGELOG) Check out recent change at [CHANGELOG](/CHANGELOG/) @@ -59,7 +58,6 @@ I want your [support](https://github.com/sponsors/funkypenguin), either in the [ * Tweet me up, I'm [@funkypenguin](https://twitter.com/funkypenguin)! 🐦 * [Contact me](https://www.funkypenguin.co.nz/contact/) by a variety of channels - ### [Sponsor](https://github.com/sponsors/funkypenguin) / [Patronize](https://www.patreon.com/bePatron?u=6982506) me ❤️ The best way to support this work is to become a [GitHub Sponsor](https://github.com/sponsors/funkypenguin) / [Patreon patron](https://www.patreon.com/bePatron?u=6982506). You get: @@ -77,7 +75,6 @@ Impulsively **[click here (NOW quick do it!)](https://github.com/sponsors/funkyp Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS](https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url) / [CNCF](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url)-[certified](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) [cloud/architecture consultant](https://www.funkypenguin.co.nz/about/), I've been doing (*and loving!*) this for 20+ years, and it's my bread and butter! :bread: :fork_and_knife: [Get in touch](https://www.funkypenguin.co.nz/contact/), and let's talk business! - !!! quote "He unblocked me on all the technical hurdles to launching my SaaS in GKE!" By the time I had enlisted Funky Penguin's help, I'd architected myself into a bit of a nightmare with Kubernetes. I knew what I wanted to achieve, but I'd made a mess of it. Funky Penguin (David) was able to jump right in and offer a vital second-think on everything I'd done, pointing out where things could be simplified and streamlined, and better alternatives. @@ -92,7 +89,7 @@ Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm ### Buy my book 📖 -I'm publishing the Geek Cookbook as a formal eBook (*PDF, mobi, epub*), on Leanpub (https://leanpub.com/geek-cookbook). Check it out! +I'm publishing the Geek Cookbook as a formal eBook (*PDF, mobi, epub*), on Leanpub (). Check it out! ### Sponsored Projects @@ -100,7 +97,7 @@ I'm supported and motivated by [GitHub Sponsors](https://github.com/sponsors/fun I regularly donate to / sponsor the following projects. **Join me** in supporting these geeks, and encouraging them to continue building the ingredients for your favourite recipes! -| Project | Donate via.. +| Project | Donate via.. | ------------- |-------------| | [Komga](/recipes/komga/) | [GitHub Sponsors](https://github.com/sponsors/gotson) | [Material for MKDocs](https://squidfunk.github.io/mkdocs-material/) | [GitHub Sponsors](https://github.com/sponsors/squidfunk) @@ -108,4 +105,3 @@ I regularly donate to / sponsor the following projects. **Join me** in supportin | [LinuxServer.io](https://www.linuxserver.io) | [PayPal](https://www.linuxserver.io/donate) | [WidgetBot's Discord Widget](https://widgetbot.io/) | [Patreon](https://www.patreon.com/widgetbot/overview) | [Carl-bot](https://carl.gg/) | [Patreon](https://www.patreon.com/carlbot) - diff --git a/manuscript/kubernetes/cluster.md b/manuscript/kubernetes/cluster.md index 16e67b3..56cf0a2 100644 --- a/manuscript/kubernetes/cluster.md +++ b/manuscript/kubernetes/cluster.md @@ -42,7 +42,8 @@ DigitalOcean will provide you with a "kubeconfig" file to use to access your clu Save your kubeconfig file somewhere, and test it our by running ```kubectl --kubeconfig= get nodes``` Example output: -``` + +```bash [davidy:~/Downloads] 130 % kubectl --kubeconfig=penguins-are-the-sexiest-geeks-kubeconfig.yaml get nodes NAME STATUS ROLES AGE VERSION festive-merkle-8n9e Ready 20s v1.13.1 @@ -51,7 +52,7 @@ festive-merkle-8n9e Ready 20s v1.13.1 In the example above, my nodes were being deployed. Repeat the command to see your nodes spring into existence: -``` +```bash [davidy:~/Downloads] % kubectl --kubeconfig=penguins-are-the-sexiest-geeks-kubeconfig.yaml get nodes NAME STATUS ROLES AGE VERSION festive-merkle-8n96 Ready 6s v1.13.1 @@ -80,7 +81,6 @@ Still with me? Good. Move on to creating your own external load balancer.. * [Helm](/kubernetes/helm/) - Uber-recipes from fellow geeks * [Traefik](/kubernetes/traefik/) - Traefik Ingress via Helm - [^1]: Ok, yes, there's not much you can do with your cluster _yet_. But stay tuned, more Kubernetes fun to come! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/kubernetes/design.md b/manuscript/kubernetes/design.md index 8b099a3..60b3d02 100644 --- a/manuscript/kubernetes/design.md +++ b/manuscript/kubernetes/design.md @@ -15,21 +15,21 @@ _Unlike_ the Docker Swarm design, the Kubernetes design is: ## Design Decisions -**The design and recipes are provider-agnostic** +### The design and recipes are provider-agnostic** This means that: - The design should work on GKE, AWS, DigitalOcean, Azure, or even MicroK8s - Custom service elements specific to individual providers are avoided -**The simplest solution to achieve the desired result will be preferred** +### The simplest solution to achieve the desired result will be preferred** This means that: - Persistent volumes from the cloud provider are used for all persistent storage - We'll do things the "_Kubernetes way_", i.e., using secrets and configmaps, rather than trying to engineer around the Kubernetes basic building blocks. -**Insofar as possible, the format of recipes will align with Docker Swarm** +### Insofar as possible, the format of recipes will align with Docker Swarm** This means that: diff --git a/manuscript/kubernetes/diycluster.md b/manuscript/kubernetes/diycluster.md index 88aad81..e1b4ce9 100644 --- a/manuscript/kubernetes/diycluster.md +++ b/manuscript/kubernetes/diycluster.md @@ -310,4 +310,4 @@ Feel free to talk to today's chef in the discord, or see one of his many other l The links above are just redirect links incase anything ever changes, and it has analytics too --> ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/kubernetes/helm.md b/manuscript/kubernetes/helm.md index 21b0780..60ad966 100644 --- a/manuscript/kubernetes/helm.md +++ b/manuscript/kubernetes/helm.md @@ -31,7 +31,6 @@ To rapidly get Helm up and running, start with the [Quick Start Guide](https://h See the [installation guide](https://helm.sh/docs/intro/install/) for more options, including installing pre-releases. - ## Serving ### Initialise Helm @@ -44,15 +43,14 @@ That's it - not very exciting I know, but we'll need helm for the next and final Still with me? Good. Move on to understanding Helm charts... -* [Start](/kubernetes/) - Why Kubernetes? -* [Design](/kubernetes/design/) - How does it fit together? -* [Cluster](/kubernetes/cluster/) - Setup a basic cluster -* [Load Balancer](/kubernetes/loadbalancer/) Setup inbound access -* [Snapshots](/kubernetes/snapshots/) - Automatically backup your persistent data -* Helm (this page) - Uber-recipes from fellow geeks -* [Traefik](/kubernetes/traefik/) - Traefik Ingress via Helm +- [Start](/kubernetes/) - Why Kubernetes? +- [Design](/kubernetes/design/) - How does it fit together? +- [Cluster](/kubernetes/cluster/) - Setup a basic cluster +- [Load Balancer](/kubernetes/loadbalancer/) Setup inbound access +- [Snapshots](/kubernetes/snapshots/) - Automatically backup your persistent data +- Helm (this page) - Uber-recipes from fellow geeks +- [Traefik](/kubernetes/traefik/) - Traefik Ingress via Helm - -[^1]: Of course, you can have lots of fun deploying all sorts of things via Helm. Check out https://artifacthub.io for some examples. +[^1]: Of course, you can have lots of fun deploying all sorts of things via Helm. Check out for some examples. --8<-- "recipe-footer.md" diff --git a/manuscript/kubernetes/index.md b/manuscript/kubernetes/index.md index bf0e4a1..f2c94df 100644 --- a/manuscript/kubernetes/index.md +++ b/manuscript/kubernetes/index.md @@ -2,6 +2,7 @@ My first introduction to Kubernetes was a children's story: + ## Wait, what? @@ -44,7 +45,7 @@ Let's talk some definitions. Kubernetes.io provides a [glossary](https://kuberne ## Mm.. maaaaybe, how do I start? -If you're like me, and you learn by doing, either play with the examples at https://labs.play-with-k8s.com/, or jump right in by setting up a Google Cloud trial (_you get \$300 credit for 12 months_), or a small cluster on [Digital Ocean](/kubernetes/cluster/). +If you're like me, and you learn by doing, either play with the examples at , or jump right in by setting up a Google Cloud trial (_you get \$300 credit for 12 months_), or a small cluster on [Digital Ocean](/kubernetes/cluster/). If you're the learn-by-watching type, just search for "Kubernetes introduction video". There's a **lot** of great content available. diff --git a/manuscript/kubernetes/loadbalancer.md b/manuscript/kubernetes/loadbalancer.md index 5fac6d1..9ddbb63 100644 --- a/manuscript/kubernetes/loadbalancer.md +++ b/manuscript/kubernetes/loadbalancer.md @@ -31,14 +31,14 @@ We **could** run our webhook as a simple HTTP listener, but really, in a world w In my case, since I use CloudFlare, I create /etc/webhook/letsencrypt/cloudflare.ini: -``` +```ini dns_cloudflare_email=davidy@funkypenguin.co.nz dns_cloudflare_api_key=supersekritnevergonnatellyou ``` I request my cert by running: -``` +```bash cd /etc/webhook/ docker run -ti --rm -v "$(pwd)"/letsencrypt:/etc/letsencrypt certbot/dns-cloudflare --preferred-challenges dns certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d ''*.funkypenguin.co.nz' ``` @@ -48,7 +48,7 @@ Why use a wildcard cert? So my enemies can't examine my certs to enumerate my va I add the following as a cron command to renew my certs every day: -``` +```bash cd /etc/webhook && docker run -ti --rm -v "$(pwd)"/letsencrypt:/etc/letsencrypt certbot/dns-cloudflare renew --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini ``` @@ -56,13 +56,13 @@ Once you've confirmed you've got a valid LetsEncrypt certificate stored in `/etc ### Install webhook -We're going to use https://github.com/adnanh/webhook to run our webhook. On some distributions (_❤️ ya, Debian!_), webhook and its associated systemd config can be installed by running `apt-get install webhook`. +We're going to use to run our webhook. On some distributions (_❤️ ya, Debian!_), webhook and its associated systemd config can be installed by running `apt-get install webhook`. ### Create webhook config We'll create a single webhook, by creating `/etc/webhook/hooks.json` as follows. Choose a nice secure random string for your MY_TOKEN value! -``` +```bash mkdir /etc/webhook export MY_TOKEN=ilovecheese echo << EOF > /etc/webhook/hooks.json @@ -100,8 +100,8 @@ echo << EOF > /etc/webhook/hooks.json { "type": "value", "value": "$MY_TOKEN", - "parameter": - { + "parameter": + { "source": "header", "name": "X-Funkypenguin-Token" } @@ -122,7 +122,7 @@ This section is particular to Debian Stretch and its webhook package. If you're Since we want to force webhook to run in secure mode (_no point having a token if it can be extracted from a simple packet capture!_) I ran `systemctl edit webhook`, and pasted in the following: -``` +```bash [Service] # Override the default (non-secure) behaviour of webhook by passing our certificate details and custom hooks.json location ExecStart= @@ -135,7 +135,7 @@ Then I restarted webhook by running `systemctl enable webhook && systemctl resta When successfully authenticated with our top-secret token, our webhook will execute a local script, defined as follows (_yes, you should create this file_): -``` +```bash #!/bin/bash NAME=$1 @@ -153,9 +153,9 @@ fi # Either add or remove a service based on $ACTION case $ACTION in - add) - # Create the portion of haproxy config - cat << EOF > /etc/webhook/haproxy/$FRONTEND_PORT.inc + add) + # Create the portion of haproxy config + cat << EOF > /etc/webhook/haproxy/$FRONTEND_PORT.inc ### >> Used to run $NAME:${FRONTEND_PORT} frontend ${FRONTEND_PORT}_frontend bind *:$FRONTEND_PORT @@ -170,13 +170,13 @@ backend ${FRONTEND_PORT}_backend server s1 $DST_IP:$BACKEND_PORT ### << Used to run $NAME:$FRONTEND_PORT EOF - ;; - delete) - rm /etc/webhook/haproxy/$FRONTEND_PORT.inc - ;; - *) - echo "Invalid action $ACTION" - exit 2 + ;; + delete) + rm /etc/webhook/haproxy/$FRONTEND_PORT.inc + ;; + *) + echo "Invalid action $ACTION" + exit 2 esac # Concatenate all the haproxy configs into a single file @@ -188,8 +188,8 @@ haproxy -f /etc/webhook/haproxy/pre_validate.cfg -c # If validation was successful, only _then_ copy it over to /etc/haproxy/haproxy.cfg, and reload if [[ $? -gt 0 ]] then - echo "HAProxy validation failed, not continuing" - exit 2 + echo "HAProxy validation failed, not continuing" + exit 2 else # Remember what the original file looked like m1=$(md5sum "/etc/haproxy/haproxy.cfg") @@ -212,7 +212,7 @@ fi Create `/etc/webhook/haproxy/global` and populate with something like the following. This will be the non-dynamically generated part of our HAProxy config: -``` +```ini global log /dev/log local0 log /dev/log local1 notice @@ -256,7 +256,7 @@ defaults ### Take the bait! -Whew! We now have all the components of our automated load-balancing solution in place. Browse to your VM's FQDN at https://whatever.it.is:9000/hooks/update-haproxy, and you should see the text "_Hook rules were not satisfied_", with a valid SSL certificate (_You didn't send a token_). +Whew! We now have all the components of our automated load-balancing solution in place. Browse to your VM's FQDN at , and you should see the text "_Hook rules were not satisfied_", with a valid SSL certificate (_You didn't send a token_). If you don't see the above, then check the following: @@ -267,7 +267,7 @@ If you don't see the above, then check the following: You'll see me use this design in any Kubernetes-based recipe which requires container-specific ports, like UniFi. Here's an excerpt of the .yml which defines the UniFi controller: -``` +```yaml spec: containers: @@ -305,7 +305,7 @@ The takeaways here are: Here's what the webhook logs look like when the above is added to the UniFi deployment: -``` +```bash Feb 06 23:04:28 haproxy2 webhook[1433]: [webhook] 2019/02/06 23:04:28 Started POST /hooks/update-haproxy Feb 06 23:04:28 haproxy2 webhook[1433]: [webhook] 2019/02/06 23:04:28 update-haproxy got matched Feb 06 23:04:28 haproxy2 webhook[1433]: [webhook] 2019/02/06 23:04:28 update-haproxy hook triggered successfully diff --git a/manuscript/kubernetes/snapshots.md b/manuscript/kubernetes/snapshots.md index c048e4f..07cae9b 100644 --- a/manuscript/kubernetes/snapshots.md +++ b/manuscript/kubernetes/snapshots.md @@ -8,6 +8,7 @@ Now that we're playing in the deep end with Kubernetes, we'll need a Cloud-nativ It bears repeating though - don't be like [Cameron](http://haltandcatchfire.wikia.com/wiki/Cameron_Howe). Backup your stuff. + This recipe employs a clever tool ([miracle2k/k8s-snapshots](https://github.com/miracle2k/k8s-snapshots)), running _inside_ your cluster, to trigger automated snapshots of your persistent volumes, using your cloud provider's APIs. @@ -33,10 +34,8 @@ If you're running GKE, run the following to create a RoleBinding, allowing your If your cluster is RBAC-enabled (_it probably is_), you'll need to create a ClusterRole and ClusterRoleBinding to allow k8s_snapshots to see your PVs and friends: -```` - +````bash kubectl apply -f https://raw.githubusercontent.com/miracle2k/k8s-snapshots/master/rbac.yaml - ``` ## Serving @@ -45,7 +44,7 @@ kubectl apply -f https://raw.githubusercontent.com/miracle2k/k8s-snapshots/maste Ready? Run the following to create a deployment in to the kube-system namespace: -``` +```bash cat < The generations are defined by a list of deltas formatted as ISO 8601 durations (this differs from tarsnapper). PT60S or PT1M means a minute, PT12H or P0.5D is half a day, P1W or P7D is a week. The number of backups in each generation is implied by it's and the parent generation's delta. +> +> For example, given the deltas PT1H P1D P7D, the first generation will consist of 24 backups each one hour older than the previous (or the closest approximation possible given the available backups), the second generation of 7 backups each one day older than the previous, and backups older than 7 days will be discarded for good. +> +> The most recent backup is always kept. +> +> The first delta is the backup interval. To add the annotation to an existing PV, run something like this: -``` - +```bash kubectl patch pv pvc-01f74065-8fe9-11e6-abdd-42010af00148 -p \ '{"metadata": {"annotations": {"backup.kubernetes.io/deltas": "P1D P30D P360D"}}}' - ``` To add the annotation to a _new_ PV, add the following annotation to your **PVC**: -``` - +```yaml backup.kubernetes.io/deltas: PT1H P2D P30D P180D - ``` Here's an example of the PVC for the UniFi recipe, which includes 7 daily snapshots of the PV: -``` - +```yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -119,7 +109,6 @@ accessModes: - ReadWriteOnce resources: requests: storage: 1Gi - ```` And here's what my snapshot list looks like after a few days: @@ -132,8 +121,7 @@ If you're running traditional compute instances with your cloud provider (I do t To do so, first create a custom resource, ```SnapshotRule```: -```` - +````bash cat < webhook_token.secret kubectl create secret generic traefik-credentials --from-file=webhook_token.secret ``` @@ -169,20 +169,20 @@ Run ```kubectl create -f phone-home.yaml``` to create the pod. Run ```kubectl get pods -o wide``` to confirm that both the phone-home pod and the traefik pod are on the same node: -``` +```bash # kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE phonehome-traefik 1/1 Running 0 20h 10.56.2.55 gke-penguins-are-sexy-8b85ef4d-2c9g traefik-69db67f64c-5666c 1/1 Running 0 10d 10.56.2.30 gkepenguins-are-sexy-8b85ef4d-2c9g ``` -Now browse to https://, and you should get a valid SSL cert, along with a 404 error (_you haven't deployed any other recipes yet_) +Now browse to `https:///.env` files all over, and tracking changes to all of these. To this end, there's a `config` dictionary defined, which includes a subsection for each recipe. Here's an example: @@ -43,4 +43,4 @@ config: AWS_ACCESS_KEY_ID: {{ "{{ vault_config.traefik.aws_access_key_id }}" }} AWS_SECRET_ACCESS_KEY: {{ "{{ vault_config.traefik.aws_secret_access_key }}" }} AWS_REGION: "" -``` \ No newline at end of file +``` diff --git a/manuscript/premix/ansible/operation.md b/manuscript/premix/ansible/operation.md index 990215e..90e275d 100644 --- a/manuscript/premix/ansible/operation.md +++ b/manuscript/premix/ansible/operation.md @@ -16,7 +16,7 @@ Now we'll be creating 3 files.. Create a new file at `ansible/hosts.your-username` containing a variation on this: -``` +```bash [your-username:children] proxmox_servers proxmox_vms @@ -62,11 +62,11 @@ bebop ansible_host=192.168.38.203 The variables used in the playbook are defined in the `ansible/group_vars/all/main.yml`. **Your** variables are going to be defined in a group_vars file based on your username, so that they're [treated with a higher preference](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) than the default values. -Create a folder under `ansible/group_vars/` to match the group name you inserted in line \#1 of your hosts file, and copy `ansible/group_vars/all/main.yml` into this folder. Any variables found in this file will override any variables specified in `ansible/group_vars/all/main.yml`, but any variables _not_ found in your file will be inherited from `ansible/group_vars/all/main.yml`. +Create a folder under `ansible/group_vars/` to match the group name you inserted in line \#1 of your hosts file, and copy `ansible/group_vars/all/main.yml` into this folder. Any variables found in this file will override any variables specified in `ansible/group_vars/all/main.yml`, but any variables _not_ found in your file will be inherited from `ansible/group_vars/all/main.yml`. To further streamline config, a "empty" dictionary variable named `recipe_config` is configured in `ansible/group_vars/all/main.yml`. In your own vars file (`ansible/group_vars//main.yml`), populate this variable with your own preferred values, copied from `recipe_default_config`. When the playbook runs, your values will be combined with the default values. -!!! tip "Commit `ansible/group_vars//` to your own repo" +!!! tip "Commit `ansible/group_vars//` to your own repo" For extra geek-fu, you could commit the contents of ``ansible/group_vars//` to your own repo, so that you can version/track your own config! ### Secrets @@ -79,19 +79,19 @@ Enter [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.h Create a password file, containing a vault password (*just generate one yourself*), and store it _outside_ of the repo: -``` +```bash echo mysecretpassword > ~/.ansible/vault-password-geek-cookbook-premix ``` Create an ansible-vault encrypted file in the `group_vars//vault.yml` using this password file: -``` +```bash ansible-vault create --vault-id geek-cookbook-premix vars/vault.yml ``` Insert your secret values into this file (*refer to `group_vars/all/01_fake_vault.yml` for placeholders*), using a prefix of `vault_`, like this: -``` +```bash vault_proxmox_host_password: mysekritpassword ``` @@ -100,7 +100,7 @@ vault_proxmox_host_password: mysekritpassword The vault file is encrypted using a secret you store outside the repo, and now you can safely check in and version `group_vars//vault.yml` without worrying about exposing secrets in cleartext! !!! tip "Editing ansible-vault files with VSCode" - If you prefer to edit your vault file using VSCode (*with all its YAML syntax checking*) to nasty-ol' CLI editors, you can set your EDITOR ENV variable by running ` export EDITOR="code --wait"`. + If you prefer to edit your vault file using VSCode (*with all its YAML syntax checking*) to nasty-ol' CLI editors, you can set your EDITOR ENV variable by running `export EDITOR="code --wait"`. ## Serving @@ -114,13 +114,13 @@ To run the playbook selectively (i.e., maybe just deploy traefik), add the name I.e., to deploy only ceph: -``` +```bash ansible-playbook -i hosts.your-username deploy.yml -t ceph ``` To deploy traefik (overlay), traefikv1, and traefik-forward-auth: -``` +```bash ansible-playbook -i hosts.your-username deploy.yml -t traefik,traefikv1,traefik-forward-auth ``` @@ -130,7 +130,7 @@ Deploying on full autopilot above installs _a lot_ of stuff (and more is being a To deploy the base infrastructure: -``` +```bash ansible-playbook -i hosts.your-username deploy.yml -t infrastructure ``` @@ -139,6 +139,3 @@ This will run the playbook up through the `traefik-forward-auth` role and leave ### Deploy (with debugging) If something went wrong, append `-vv` to your deploy command, for extra-verbose output :thumbsup: - - - diff --git a/manuscript/premix/kubernetes.md b/manuscript/premix/kubernetes.md index a398fd1..c7df6f9 100644 --- a/manuscript/premix/kubernetes.md +++ b/manuscript/premix/kubernetes.md @@ -1,3 +1,5 @@ +# Warning + !!! warning "This section is under construction :hammer:" This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)'s "premix" repository So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #dev channel if you're encountering issues 😁 diff --git a/manuscript/premix/swarm.md b/manuscript/premix/swarm.md index a398fd1..c7df6f9 100644 --- a/manuscript/premix/swarm.md +++ b/manuscript/premix/swarm.md @@ -1,3 +1,5 @@ +# Warning + !!! warning "This section is under construction :hammer:" This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)'s "premix" repository So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #dev channel if you're encountering issues 😁 diff --git a/manuscript/recipes/archivebox.md b/manuscript/recipes/archivebox.md index 0f39696..dc6895b 100644 --- a/manuscript/recipes/archivebox.md +++ b/manuscript/recipes/archivebox.md @@ -1,18 +1,18 @@ +--- +description: A self-hosted internet archiving solution +--- # Archivebox - [ArchiveBox](https://github.com/ArchiveBox/ArchiveBox) is a self-hosted internet archiving solution to collect and save sites you wish to view offline. ![Archivebox Screenshot](../images/archivebox.png) +Features include: -Features include - -* Uses standard formats such as HTML, JSON, PDF, PNG -* Ability to autosave to [archive.org](https://github.com/ArchiveBox/ArchiveBox/wiki/Configuration#submit_archive_dot_org) -* Supports Scheduled importing -* Supports Realtime importing - +- Uses standard formats such as HTML, JSON, PDF, PNG +- Ability to autosave to [archive.org](https://github.com/ArchiveBox/ArchiveBox/wiki/Configuration#submit_archive_dot_org) +- Supports Scheduled importing +- Supports Realtime importing --8<-- "recipe-standard-ingredients.md" @@ -22,7 +22,7 @@ Features include First, we create a directory to hold the data which archivebox will store: -``` +```bash mkdir /var/data/archivebox mkdir /var/data/config/archivebox cd /var/data/config/archivebox @@ -72,22 +72,17 @@ networks: external: true ``` - ### Initalizing Archivebox Once you have created the docker file you will need to run the following command to configure archivebox and create an account. `docker run -v /var/data/archivebox:/data -it archivebox/archivebox init --setup` - ## Serving ### Launch Archivebox! Launch the Archivebox stack by running ```docker stack deploy archivebox -c ``` - - [^1]: The inclusion of Archivebox was due to the efforts of @bencey in Discord (Thanks Ben!) - ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/end.md b/manuscript/recipes/autopirate/end.md index 0adf53b..7da47f6 100644 --- a/manuscript/recipes/autopirate/end.md +++ b/manuscript/recipes/autopirate/end.md @@ -1,8 +1,8 @@ +# Launch Autopirate stack + !!! warning This is not a complete recipe - it's the conclusion to the [AutoPirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. -### Launch Autopirate stack - Launch the AutoPirate stack by running ```docker stack deploy autopirate -c ``` Confirm the container status by running "docker stack ps autopirate", and wait for all containers to enter the "Running" state. @@ -11,4 +11,4 @@ Log into each of your new tools at its respective HTTPS URL. You'll be prompted [^1]: This is a complex stack. Sing out in the comments if you found a flaw or need a hand :) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/headphones.md b/manuscript/recipes/autopirate/headphones.md index 2fc0508..c110324 100644 --- a/manuscript/recipes/autopirate/headphones.md +++ b/manuscript/recipes/autopirate/headphones.md @@ -2,6 +2,7 @@ description: Headphones is an automated music downloader for NZB and BitTorrent --- # Headphones + !!! warning This is not a complete recipe - it's a component of the [autopirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. @@ -51,4 +52,4 @@ headphones_proxy: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/heimdall.md b/manuscript/recipes/autopirate/heimdall.md index 2dbcc31..210518a 100644 --- a/manuscript/recipes/autopirate/heimdall.md +++ b/manuscript/recipes/autopirate/heimdall.md @@ -2,6 +2,7 @@ description: Heimdall is a beautiful dashboard for all your web applications --- # Heimdall + !!! warning This is not a complete recipe - it's a component of the [autopirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. diff --git a/manuscript/recipes/autopirate/index.md b/manuscript/recipes/autopirate/index.md index b6afeb3..fefd193 100644 --- a/manuscript/recipes/autopirate/index.md +++ b/manuscript/recipes/autopirate/index.md @@ -6,7 +6,7 @@ description: A fully-featured recipe to automate finding, downloading, and organ Once the cutting edge of the "internet" (_pre-world-wide-web and mosiac days_), Usenet is now a murky, geeky alternative to torrents for file-sharing. However, it's **cool** geeky, especially if you're into having a fully automated media platform. -A good starter for the usenet scene is https://www.reddit.com/r/usenet/. Because it's so damn complicated, a host of automated tools exist to automate the process of finding, downloading, and managing content. The tools included in this recipe are as follows: +A good starter for the usenet scene is . Because it's so damn complicated, a host of automated tools exist to automate the process of finding, downloading, and managing content. The tools included in this recipe are as follows: ![Autopirate Screenshot](../../images/autopirate.png) @@ -25,7 +25,7 @@ Tools included in the AutoPirate stack are: * [NZBHydra][nzbhydra] is a meta search for NZB indexers. It provides easy access to a number of raw and newznab based indexers. You can search all your indexers from one place and use it as indexer source for tools like [Sonarr][sonarr] or [Radarr][radarr]. * [Sonarr][sonarr] finds, downloads and manages TV shows - + * [Radarr][radarr] finds, downloads and manages movies * [Readarr][readarr] finds, downloads, and manages eBooks @@ -44,7 +44,6 @@ Tools included in the AutoPirate stack are: Since this recipe is so long, and so many of the tools are optional to the final result (_i.e., if you're not interested in comics, you won't want Mylar_), I've described each individual tool on its own sub-recipe page (_below_), even though most of them are deployed very similarly. - ## Ingredients !!! summary "Ingredients" @@ -88,9 +87,9 @@ To mitigate the risk associated with public exposure of these tools (_you're on This is tedious, but you only have to do it once. Each tool (Sonarr, Radarr, etc) to be protected by an OAuth proxy, requires unique configuration. I use github to provide my oauth, giving each tool a unique logo while I'm at it (make up your own random string for OAUTH2PROXYCOOKIE_SECRET) -For each tool, create /var/data/autopirate/.env, and set the following: +For each tool, create `/var/data/autopirate/.env`, and set the following: -``` +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -98,7 +97,7 @@ PUID=4242 PGID=4242 ``` -Create at least /var/data/autopirate/authenticated-emails.txt, containing at least your own email address with your OAuth provider. If you wanted to grant access to a specific tool to other users, you'd need a unique authenticated-emails-.txt which included both normal email address as well as any addresses to be granted tool-specific access. +Create at least /var/data/autopirate/authenticated-emails.txt, containing at least your own email address with your OAuth provider. If you wanted to grant access to a specific tool to other users, you'd need a unique `authenticated-emails-.txt` which included both normal email address as well as any addresses to be granted tool-specific access. ### Setup components @@ -106,7 +105,7 @@ Create at least /var/data/autopirate/authenticated-emails.txt, containing at lea **Start** with a swarm config file in docker-compose syntax, like this: -```` +````yaml version: '3' services: @@ -114,7 +113,7 @@ services: And **end** with a stanza like this: -```` +````yaml networks: traefik_public: external: true @@ -127,4 +126,4 @@ networks: --8<-- "reference-networks.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/jackett.md b/manuscript/recipes/autopirate/jackett.md index c845136..1a76f00 100644 --- a/manuscript/recipes/autopirate/jackett.md +++ b/manuscript/recipes/autopirate/jackett.md @@ -47,4 +47,4 @@ jackett: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/lazylibrarian.md b/manuscript/recipes/autopirate/lazylibrarian.md index 3d4a563..72797cf 100644 --- a/manuscript/recipes/autopirate/lazylibrarian.md +++ b/manuscript/recipes/autopirate/lazylibrarian.md @@ -3,6 +3,7 @@ description: LazyLibrarian is a tool to follow authors and grab metadata for all --- # LazyLibrarian + !!! warning This is not a complete recipe - it's a component of the [autopirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. @@ -61,4 +62,4 @@ calibre-server: --8<-- "recipe-autopirate-toc.md" --8<-- "recipe-footer.md" -[^2]: The calibre-server container co-exists within the Lazy Librarian (LL) containers so that LL can automatically add a book to Calibre using the calibre-server interface. The calibre library can then be properly viewed using the [calibre-web](/recipes/calibre-web) recipe. \ No newline at end of file +[^2]: The calibre-server container co-exists within the Lazy Librarian (LL) containers so that LL can automatically add a book to Calibre using the calibre-server interface. The calibre library can then be properly viewed using the [calibre-web](/recipes/calibre-web) recipe. diff --git a/manuscript/recipes/autopirate/lidarr.md b/manuscript/recipes/autopirate/lidarr.md index afd7afd..6c310e6 100644 --- a/manuscript/recipes/autopirate/lidarr.md +++ b/manuscript/recipes/autopirate/lidarr.md @@ -2,6 +2,7 @@ description: Lidarr is an automated music downloader for NZB and Torrent --- # Lidarr + !!! warning This is not a complete recipe - it's a component of the [autopirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. diff --git a/manuscript/recipes/autopirate/nzbget.md b/manuscript/recipes/autopirate/nzbget.md index aca6086..32325df 100644 --- a/manuscript/recipes/autopirate/nzbget.md +++ b/manuscript/recipes/autopirate/nzbget.md @@ -49,7 +49,6 @@ nzbget: [^tfa]: Since we're relying on [Traefik Forward Auth][tfa] to protect us, we can just disable NZGet's own authentication, by changing ControlPassword to null in nzbget.conf (i.e. ```ControlPassword=```) - --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/nzbhydra.md b/manuscript/recipes/autopirate/nzbhydra.md index 37f50d5..abe307d 100644 --- a/manuscript/recipes/autopirate/nzbhydra.md +++ b/manuscript/recipes/autopirate/nzbhydra.md @@ -62,4 +62,4 @@ nzbhydra2: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/radarr.md b/manuscript/recipes/autopirate/radarr.md index f0453b6..cb735c2 100644 --- a/manuscript/recipes/autopirate/radarr.md +++ b/manuscript/recipes/autopirate/radarr.md @@ -60,4 +60,4 @@ radarr: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/readarr.md b/manuscript/recipes/autopirate/readarr.md index 53a209d..dad8cfe 100644 --- a/manuscript/recipes/autopirate/readarr.md +++ b/manuscript/recipes/autopirate/readarr.md @@ -4,6 +4,7 @@ description: Readarr is "Sonarr/Radarr for eBooks" # Readarr + !!! warning This is not a complete recipe - it's a component of the [AutoPirate](/recipes/autopirate/) "_uber-recipe_", but has been split into its own page to reduce complexity. @@ -23,7 +24,6 @@ Features include: * Full integration with [Calibre][calibre-web] (add to library, conversion) * And a beautiful UI! - ## Inclusion into AutoPirate To include Readarr in your [AutoPirate][autopirate] stack, include something like the following in your autopirate.yml stack definition file: @@ -59,4 +59,4 @@ radarr: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/rtorrent.md b/manuscript/recipes/autopirate/rtorrent.md index 277d440..1e316c2 100644 --- a/manuscript/recipes/autopirate/rtorrent.md +++ b/manuscript/recipes/autopirate/rtorrent.md @@ -52,4 +52,4 @@ rtorrent: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/sabnzbd.md b/manuscript/recipes/autopirate/sabnzbd.md index afbf507..d2b6ae7 100644 --- a/manuscript/recipes/autopirate/sabnzbd.md +++ b/manuscript/recipes/autopirate/sabnzbd.md @@ -58,4 +58,4 @@ sabnzbd: For example, mine simply reads ```host_whitelist = sabnzbd.funkypenguin.co.nz, sabnzbd``` --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/autopirate/sonarr.md b/manuscript/recipes/autopirate/sonarr.md index e4dce2d..425ab9f 100644 --- a/manuscript/recipes/autopirate/sonarr.md +++ b/manuscript/recipes/autopirate/sonarr.md @@ -46,4 +46,4 @@ sonarr: --8<-- "premix-cta.md" --8<-- "recipe-autopirate-toc.md" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/bitwarden.md b/manuscript/recipes/bitwarden.md index 4133227..0fe6e9b 100644 --- a/manuscript/recipes/bitwarden.md +++ b/manuscript/recipes/bitwarden.md @@ -32,9 +32,10 @@ Bitwarden is a free and open source password management solution for individuals We'll need to create a directory to bind-mount into our container, so create `/var/data/bitwarden`: -``` +```bash mkdir /var/data/bitwarden ``` + ### Setup environment Create `/var/data/config/bitwarden/bitwarden.env`, and **leave it empty for now**. @@ -86,7 +87,6 @@ networks: !!! note Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk! - ## Serving ### Launch Bitwarden stack @@ -97,7 +97,7 @@ Browse to your new instance at https://**YOUR-FQDN**, and create a new user acco ### Get the apps / extensions -Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins! +Once you've created your account, jump over to and download the apps for your mobile and browser, and start adding your logins! [^1]: You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/vaultwarden/server). All of the elements are contained within a single container, and SQLite is used for the database backend. [^2]: As mentioned above, readers should refer to the [dani-garcia/vaultwarden wiki](https://github.com/dani-garcia/vaultwarden) for details on customizing the behaviour of Bitwarden. diff --git a/manuscript/recipes/bookstack.md b/manuscript/recipes/bookstack.md index c0a790a..038c507 100644 --- a/manuscript/recipes/bookstack.md +++ b/manuscript/recipes/bookstack.md @@ -20,7 +20,7 @@ I like to protect my public-facing web UIs with an [oauth_proxy](/reference/oaut We'll need several directories to bind-mount into our container, so create them in /var/data/bookstack: -``` +```bash mkdir -p /var/data/bookstack/database-dump mkdir -p /var/data/runtime/bookstack/db ``` @@ -29,7 +29,7 @@ mkdir -p /var/data/runtime/bookstack/db Create bookstack.env, and populate with the following variables. Set the [oauth_proxy](/reference/oauth_proxy) variables provided by your OAuth provider (if applicable.) -``` +```bash # For oauth-proxy (optional) OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= @@ -136,4 +136,4 @@ Log into your new instance at https://**YOUR-FQDN**, authenticate with oauth_pro [^1]: If you wanted to expose the BookStack UI directly, you could remove the oauth2_proxy from the design, and move the traefik_public-related labels directly to the bookstack container. You'd also need to add the traefik_public network to the bookstack container. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/calibre-web.md b/manuscript/recipes/calibre-web.md index 3729d2c..249881b 100644 --- a/manuscript/recipes/calibre-web.md +++ b/manuscript/recipes/calibre-web.md @@ -22,7 +22,6 @@ Support for editing eBook metadata and deleting eBooks from Calibre library * Support for reading eBooks directly in the browser (.txt, .epub, .pdf, .cbr, .cbt, .cbz) * Upload new books in PDF, epub, fb2 format - --8<-- "recipe-standard-ingredients.md" ## Preparation @@ -31,7 +30,7 @@ Support for editing eBook metadata and deleting eBooks from Calibre library We'll need a directory to store some config data for Calibre-Web, container, so create /var/data/calibre-web, and ensure the directory is owned by the same use which owns your Calibre data (below) -``` +```bash mkdir /var/data/calibre-web chown calibre:calibre /var/data/calibre-web # for example ``` @@ -42,7 +41,7 @@ Ensure that your Calibre library is accessible to the swarm (_i.e., exists on sh We'll use an [oauth-proxy](/reference/oauth_proxy/) to protect the UI from public access, so create calibre-web.env, and populate with the following variables: -``` +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -52,7 +51,6 @@ PGID= Follow the [instructions](https://github.com/bitly/oauth2_proxy) to setup your oauth provider. You need to setup a unique key/secret for each instance of the proxy you want to run, since in each case the callback URL will differ. - ### Setup Docker Swarm Create a docker swarm config file in docker-compose syntax (v3), something like this: @@ -118,4 +116,4 @@ Log into your new instance at https://**YOUR-FQDN**. You'll be directed to the i [^1]: Yes, Calibre does provide a server component. But it's not as fully-featured as Calibre-Web (_i.e., you can't use it to send ebooks directly to your Kindle_) [^2]: A future enhancement might be integrating this recipe with the filestore for [NextCloud](/recipes/nextcloud/), so that the desktop database (Calibre) can be kept synced with Calibre-Web. [^3]: If you plan to use calibre-web to send `.mobi` files to your Kindle via `@kindle.com` email addresses, be sure to add the sending address to the "[Approved Personal Documents Email List](https://www.amazon.com/hz/mycd/myx#/home/settings/payment)" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/collabora-online.md b/manuscript/recipes/collabora-online.md index ca9ee93..52e0267 100644 --- a/manuscript/recipes/collabora-online.md +++ b/manuscript/recipes/collabora-online.md @@ -30,7 +30,7 @@ This presents another problem though - Docker Swarm with Traefik is superb at ma We run a single swarmed Nginx instance, which forwards all requests to an upstream, with the target IP of the docker0 interface, on port 9980 (_the port exposed by the CODE container_) -We attach the necessary labels to the Nginx container to instruct Trafeik to setup a front/backend for collabora.. Now incoming requests to **https://collabora.** will hit Traefik, be forwarded to nginx (_wherever in the swarm it's running_), and then to port 9980 on the same node that nginx is running on. +We attach the necessary labels to the Nginx container to instruct Trafeik to setup a front/backend for collabora.. Now incoming requests to `https://collabora.` will hit Traefik, be forwarded to nginx (_wherever in the swarm it's running_), and then to port 9980 on the same node that nginx is running on. What if we're running multiple nodes in our swarm, and nginx ends up on a different node to the one running Collabora via docker-compose? Well, either constrain nginx to the same node as Collabora (_example below_), or just launch an instance of Collabora on _every_ node then. It's just a rendering / GUI engine after all, it doesn't hold any persistent data. @@ -42,7 +42,7 @@ Here's a (_highly technical_) diagram to illustrate: We'll need a directory for holding config to bind-mount into our containers, so create ```/var/data/collabora```, and ```/var/data/config/collabora``` for holding the docker/swarm config -``` +```bash mkdir /var/data/collabora/ mkdir /var/data/config/collabora/ ``` @@ -59,7 +59,7 @@ Create /var/data/config/collabora/collabora.env, and populate with the following 3. Set your server_name to collabora.. Escaping periods is unnecessary 4. Your password cannot include triangular brackets - the entrypoint script will insert this password into an XML document, and triangular brackets will make bad(tm) things happen 🔥 -``` +```bash username=admin password=ilovemypassword domain=nextcloud\.batcave\.com @@ -93,8 +93,7 @@ services: Create ```/var/data/config/collabora/nginx.conf``` as follows, changing the ```server_name``` value to match the environment variable you established above: - -``` +```ini upstream collabora-upstream { # Run collabora under docker-compose, since it needs MKNOD cap, which can't be provided by Docker Swarm. # The IP here is the typical IP of docker0 - change if yours is different. @@ -128,7 +127,7 @@ server { # Admin Console websocket location ^~ /lool/adminws { - proxy_buffering off; + proxy_buffering off; proxy_pass http://collabora-upstream; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; @@ -160,7 +159,7 @@ Create `/var/data/config/collabora/collabora.yml` as follows, changing the traef --8<-- "premix-cta.md" -``` +```yaml version: "3.0" services: @@ -195,14 +194,14 @@ Well. This is awkward. There's no documented way to make Collabora work with Doc Launching Collabora is (_for now_) a 2-step process. First.. we launch collabora itself, by running: -``` +```bash cd /var/data/config/collabora/ docker-compose -d up ``` Output looks something like this: -``` +```bash root@ds1:/var/data/config/collabora# docker-compose up -d WARNING: The Docker Engine you're using is running in swarm mode. @@ -230,19 +229,19 @@ Now exec into the container (_from another shell session_), by running ```exec < Delete the collabora container by hitting CTRL-C in the docker-compose shell, running ```docker-compose rm```, and then altering this line in docker-compose.yml: -``` - - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml-new +```bash + - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml-new ``` To this: -``` - - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml +```bash + - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml ``` Edit /var/data/collabora/loolwsd.xml, find the **storage.filesystem.wopi** section, and add lines like this to the existing allow rules (_to allow IPv6-enabled hosts to still connect with their IPv4 addreses_): -``` +```xml ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} @@ -252,7 +251,7 @@ Edit /var/data/collabora/loolwsd.xml, find the **storage.filesystem.wopi** secti Find the **net.post_allow** section, and add a line like this: -``` +```xml ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} @@ -262,35 +261,35 @@ Find the **net.post_allow** section, and add a line like this: Find these 2 lines: -``` +```xml true ``` And change to: -``` +```xml false ``` Now re-launch collabora (_with the correct with loolwsd.xml_) under docker-compose, by running: -``` +```bash docker-compose -d up ``` Once collabora is up, we launch the swarm stack, by running: -``` +```bash docker stack deploy collabora -c /var/data/config/collabora/collabora.yml ``` -Visit **https://collabora./l/loleaflet/dist/admin/admin.html** and confirm you can login with the user/password you specified in collabora.env +Visit `https://collabora./l/loleaflet/dist/admin/admin.html` and confirm you can login with the user/password you specified in collabora.env ### Integrate into NextCloud -In NextCloud, Install the **Collabora Online** app (https://apps.nextcloud.com/apps/richdocuments), and then under **Settings -> Collabora Online**, set your Collabora Online Server to ```https://collabora.``` +In NextCloud, Install the **Collabora Online** app (), and then under **Settings -> Collabora Online**, set your Collabora Online Server to ```https://collabora.``` ![CODE Screenshot](../images/collabora-online-in-nextcloud.png) @@ -298,4 +297,4 @@ Now browse your NextCloud files. Click the plus (+) sign to create a new documen [^1]: Yes, this recipe is complicated. And you probably only care if you feel strongly about using Open Source rich document editing in the browser, vs using something like Google Docs. It works impressively well however, once it works. I hope to make this recipe simpler once the CODE developers have documented how to pass optional parameters as environment variables. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/cyberchef.md b/manuscript/recipes/cyberchef.md index 6864b5f..9a14412 100644 --- a/manuscript/recipes/cyberchef.md +++ b/manuscript/recipes/cyberchef.md @@ -14,10 +14,10 @@ Are you a [l33t h@x0r](https://en.wikipedia.org/wiki/Hackers_(film))? Do you nee Here are some examples of fancy hax0r tricks you can do with CyberChef: - - [Decode a Base64-encoded string][2] - - [Decrypt and disassemble shellcode][6] - - [Perform AES decryption, extracting the IV from the beginning of the cipher stream][10] - - [Automagically detect several layers of nested encoding][12] +- [Decode a Base64-encoded string][2] +- [Decrypt and disassemble shellcode][6] +- [Perform AES decryption, extracting the IV from the beginning of the cipher stream][10] +- [Automagically detect several layers of nested encoding][12] Here's a [live demo](https://gchq.github.io/CyberChef)! @@ -70,4 +70,4 @@ Launch your CyberChef stack by running ```docker stack deploy cyberchef -c ``` ### Create (and verify!) Your First Backup -Once we authenticate through the traefik-forward-auth provider, we can start configuring your backup jobs via the Duplicati UI. All backup and restore job configuration is done through the UI. Be sure to read through the documentation on [Creating a new backup job](https://duplicati.readthedocs.io/en/latest/03-using-the-graphical-user-interface/#creating-a-new-backup-job) and [Restoring files from a backup](https://duplicati.readthedocs.io/en/latest/03-using-the-graphical-user-interface/#restoring-files-from-a-backup) for information on how to configure those jobs. + +Once we authenticate through the traefik-forward-auth provider, we can start configuring your backup jobs via the Duplicati UI. All backup and restore job configuration is done through the UI. Be sure to read through the documentation on [Creating a new backup job](https://duplicati.readthedocs.io/en/latest/03-using-the-graphical-user-interface/#creating-a-new-backup-job) and [Restoring files from a backup](https://duplicati.readthedocs.io/en/latest/03-using-the-graphical-user-interface/#restoring-files-from-a-backup) for information on how to configure those jobs. !!! warning An untested backup is not really a backup at all. Being ***sure*** you can succesfully restore files from your backup now could save you lots of heartache later after "something bad" happens. diff --git a/manuscript/recipes/duplicity.md b/manuscript/recipes/duplicity.md index 667239d..98a0253 100644 --- a/manuscript/recipes/duplicity.md +++ b/manuscript/recipes/duplicity.md @@ -1,4 +1,6 @@ -hero: Duplicity - A boring recipe to backup your exciting stuff. Boring is good. +--- +description: A boring recipe to backup your exciting stuff. Boring is good. +--- # Duplicity @@ -54,7 +56,7 @@ I didn't already have an archival/backup provider, so I chose Google Cloud "clou 2. Seriously, **save**. **it**. **somewhere**. **safe**. 3. Create duplicity.env, and populate with the following variables -``` +```bash SRC=/var/data/ DST=gs://jack-and-jills-bucket/yes-you-can-have-subdirectories TMPDIR=/tmp @@ -72,7 +74,7 @@ See the [data layout reference](/reference/data_layout/) for an explanation of t Before we launch the automated daily backups, let's run a test backup, as follows: -``` +```bash docker run --env-file duplicity.env -it --rm -v \ /var/data:/var/data:ro -v /var/data/duplicity/tmp:/tmp -v \ /var/data/duplicity/archive:/archive tecnativa/duplicity \ @@ -101,7 +103,7 @@ duplicity list-current-files \ Once you've identified a file to test-restore, use a variation of the following to restore it to /tmp (_from the perspective of the container - it's actually /var/data/duplicity/tmp_) -``` +```bash docker run --env-file duplicity.env -it --rm \ -v /var/data:/var/data:ro \ -v /var/data/duplicity/tmp:/tmp \ @@ -119,7 +121,7 @@ Now that we have confidence in our backup/restore process, let's automate it by --8<-- "premix-cta.md" -``` +```yaml version: "3" services: @@ -156,4 +158,4 @@ Nothing will happen. Very boring. But when the cron script fires (daily), duplic [^1]: Automatic backup can still fail if nobody checks that it's running successfully. I'll be working on an upcoming recipe to monitor the elements of the stack, including the success/failure of duplicity jobs. [^2]: The container provides the facility to specify an SMTP host and port, but not credentials, which makes it close to useless. As a result, I've left SMTP out of this recipe. To enable email notifications (if your SMTP server doesn't require auth), add `SMTP_HOST`, `SMTP_PORT`, `EMAIL_FROM` and `EMAIL_TO` variables to `duplicity.env`. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/elkarbackup.md b/manuscript/recipes/elkarbackup.md index 0cf42f8..6a4b2d5 100644 --- a/manuscript/recipes/elkarbackup.md +++ b/manuscript/recipes/elkarbackup.md @@ -6,6 +6,7 @@ description: Real heroes backup their shizz! Don't be like [Cameron](http://haltandcatchfire.wikia.com/wiki/Cameron_Howe). Backup your stuff. + ElkarBackup is a free open-source backup solution based on RSync/RSnapshot. It's basically a web wrapper around rsync/rsnapshot, which means that your backups are just files on a filesystem, utilising hardlinks for tracking incremental changes. I find this result more reassuring than a blob of compressed, (encrypted?) data that [more sophisticated backup solutions](/recipes/duplicity/) would produce for you. @@ -22,7 +23,7 @@ ElkarBackup is a free open-source backup solution based on RSync/RSnapshot. It's We'll need several directories to bind-mount into our container, so create them in /var/data/elkarbackup: -``` +```bash mkdir -p /var/data/elkarbackup/{backups,uploads,sshkeys,database-dump} mkdir -p /var/data/runtime/elkarbackup/db mkdir -p /var/data/config/elkarbackup @@ -31,7 +32,8 @@ mkdir -p /var/data/config/elkarbackup ### Prepare environment Create /var/data/config/elkarbackup/elkarbackup.env, and populate with the following variables -``` + +```bash SYMFONY__DATABASE__PASSWORD=password EB_CRON=enabled TZ='Etc/UTC' @@ -60,7 +62,7 @@ Create ```/var/data/config/elkarbackup/elkarbackup-db-backup.env```, and populat No, me either :shrug: -``` +```bash # For database backup (keep 7 days daily backups) MYSQL_PWD= MYSQL_USER=root @@ -175,7 +177,7 @@ From the WebUI, you can download a script intended to be executed on a remote ho Here's a variation to the standard script, which I've employed: -``` +```bash #!/bin/bash REPOSITORY=/var/data/elkarbackup/backups @@ -229,4 +231,4 @@ This takes you to a list of backup names and file paths. You can choose to downl [^1]: If you wanted to expose the ElkarBackup UI directly, you could remove the oauth2_proxy from the design, and move the traefik_public-related labels directly to the app service. You'd also need to add the traefik_public network to the app service. [^2]: The original inclusion of ElkarBackup was due to the efforts of @gpulido in our [Discord server](http://chat.funkypenguin.co.nz). Thanks Gabriel! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/emby.md b/manuscript/recipes/emby.md index 593dd96..9898035 100644 --- a/manuscript/recipes/emby.md +++ b/manuscript/recipes/emby.md @@ -18,7 +18,7 @@ I've started experimenting with Emby as an alternative to Plex, because of the a We'll need a location to store Emby's library data, config files, logs and temporary transcoding space, so create /var/data/emby, and make sure it's owned by the user and group who also own your media data. -``` +```bash mkdir /var/data/emby ``` @@ -26,7 +26,7 @@ mkdir /var/data/emby Create emby.env, and populate with PUID/GUID for the user who owns the /var/data/emby directory (_above_) and your actual media content (_in this example, the media content is at **/srv/data**_) -``` +```bash PUID= GUID= ``` @@ -82,4 +82,4 @@ Log into your new instance at https://**YOUR-FQDN**, and complete the wizard-bas [^2]: Got an NVIDIA GPU? See [this blog post](https://www.funkypenguin.co.nz/note/gpu-transcoding-with-emby-plex-using-docker-nvidia/) re how to use your GPU to transcode your media! [^3]: We don't bother exposing the HTTPS port for Emby, since [Traefik](/ha-docker-swarm/traefik/) is doing the SSL termination for us already. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/funkwhale.md b/manuscript/recipes/funkwhale.md index dee7bda..6f561ce 100644 --- a/manuscript/recipes/funkwhale.md +++ b/manuscript/recipes/funkwhale.md @@ -20,7 +20,7 @@ You will be then able to interact with other people regardless of which pod they First we create a directory to hold our funky data: -``` +```bash mkdir /var/data/funkwhale ``` @@ -95,16 +95,16 @@ networks: ### Unleash the Whale! 🐳 -Launch the Funkwhale stack by running `docker stack deploy funkwhale -c `, and then watch the container logs using `docker stack logs funkywhale_funkywhale`. +Launch the Funkwhale stack by running `docker stack deploy funkwhale -c `, and then watch the container logs using `docker stack logs funkywhale_funkywhale`. You'll know the container is ready when you see an ascii version of the Funkwhale logo, followed by: -``` +```bash [2021-01-27 22:52:24 +0000] [411] [INFO] ASGI 'lifespan' protocol appears unsupported. [2021-01-27 22:52:24 +0000] [411] [INFO] Application startup complete. ``` -The first time we run Funkwhale, we need to setup the superuser account. +The first time we run Funkwhale, we need to setup the superuser account. !!! tip If you're running a multi-node swarm, this next step needs to be executed on the node which is currently running Funkwhale. Identify this with `docker stack ps funkwhale` @@ -132,11 +132,10 @@ Superuser created successfully. root@swarm:~# ``` - [^1]: Since the whole purpose of media sharing is to share **publically**, and Funkwhale includes robust user authentication, this recipe doesn't employ traefik-based authentication using [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). -[^2]: These instructions are an opinionated simplication of the official instructions found at https://docs.funkwhale.audio/installation/docker.html +[^2]: These instructions are an opinionated simplication of the official instructions found at [^3]: It should be noted that if you import your existing media, the files will be **copied** into Funkwhale's data folder. There doesn't seem to be a way to point Funkwhale at an existing collection and have it just play it from the filesystem. To this end, be prepared for double disk space usage if you plan to import your entire music collection! [^5]: No consideration is given at this point to backing up the Funkwhale data. Post a comment below if you'd like to see a backup container added! [^4]: If the funky whale is "playing your song", note that the funkwhale project is [looking for maintainers](https://blog.funkwhale.audio/~/Announcements/funkwhale-is-looking-for-new-maintainers/). ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/ghost.md b/manuscript/recipes/ghost.md index f76eccf..da6ef15 100644 --- a/manuscript/recipes/ghost.md +++ b/manuscript/recipes/ghost.md @@ -6,7 +6,7 @@ description: Ghost - Beautiful online publicatio (who you gonna call?) [Ghost](https://ghost.org) is "a fully open source, hackable platform for building and running a modern online publication." -![](/images/ghost.png) +![Ghost screenshot](/images/ghost.png) --8<-- "recipe-standard-ingredients.md" @@ -16,7 +16,7 @@ description: Ghost - Beautiful online publicatio (who you gonna call?) Create the location for the bind-mount of the application data, so that it's persistent: -``` +```bash mkdir -p /var/data/ghost ``` @@ -48,7 +48,6 @@ networks: external: true ``` - ## Serving ### Launch Ghost stack @@ -59,4 +58,4 @@ Create your first administrative account at https://**YOUR-FQDN**/admin/ [^1]: A default using the SQlite database takes 548k of space ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/gitlab-runner.md b/manuscript/recipes/gitlab-runner.md index 4bfd574..35aabd2 100644 --- a/manuscript/recipes/gitlab-runner.md +++ b/manuscript/recipes/gitlab-runner.md @@ -24,7 +24,7 @@ Existing: We'll need several directories to bind-mount into our runner containers, so create them in `/var/data/gitlab`: -``` +```bash mkdir -p /var/data/gitlab/runners/{1,2} ``` @@ -66,7 +66,7 @@ From your GitLab UI, you can retrieve a "token" necessary to register a new runn Sample runner config.toml: -``` +```ini concurrent = 1 check_interval = 0 @@ -94,5 +94,4 @@ Launch the GitLab Runner stack by running `docker stack deploy gitlab-runner -c [^1]: You'll note that I setup 2 runners. One is locked to a single project (_this cookbook build_), and the other is a shared runner. I wanted to ensure that one runner was always available to run CI for this project, even if I'd tied up another runner on something heavy-duty, like a container build. Customize this to your use case. [^2]: Originally I deployed runners in the same stack as GitLab, but I found that they would frequently fail to start properly when I launched the stack. I think that this was because the runners started so quickly (_and GitLab starts **sooo** slowly!_), that they always started up reporting that the GitLab instance was invalid or unavailable. I had issues with CI builds stuck permanently in a "pending" state, which were only resolved by restarting the runner. Having the runners deployed in a separate stack to GitLab avoids this problem. - ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/gitlab.md b/manuscript/recipes/gitlab.md index ac003a3..15cbb0e 100644 --- a/manuscript/recipes/gitlab.md +++ b/manuscript/recipes/gitlab.md @@ -1,5 +1,3 @@ -hero: Gitlab - A recipe for a self-hosted GitHub alternative - # GitLab GitLab is a self-hosted [alternative to GitHub](https://about.gitlab.com/comparison/). The most common use case is (a set of) developers with the desire for the rich feature-set of GitHub, but with unlimited private repositories. @@ -14,7 +12,7 @@ Docker does maintain an [official "Omnibus" container](https://docs.gitlab.com/o We'll need several directories to bind-mount into our container, so create them in /var/data/gitlab: -``` +```bash cd /var/data mkdir gitlab cd gitlab @@ -27,8 +25,9 @@ You'll need to know the following: 1. Choose a password for postgresql, you'll need it for DB_PASS in the compose file (below) 2. Generate 3 passwords using ```pwgen -Bsv1 64```. You'll use these for the XXX_KEY_BASE environment variables below -2. Create gitlab.env, and populate with **at least** the following variables (the full set is available at https://github.com/sameersbn/docker-gitlab#available-configuration-parameters): -``` +3. Create gitlab.env, and populate with **at least** the following variables (the full set is available at ): + +```bash DB_USER=gitlab DB_PASS=gitlabdbpass DB_NAME=gitlabhq_production @@ -115,8 +114,8 @@ networks: Launch the mail server stack by running ```docker stack deploy gitlab -c ``` -Log into your new instance at https://[your FQDN], with user "root" and the password you specified in gitlab.env. +Log into your new instance at `https://[your FQDN]`, with user "root" and the password you specified in gitlab.env. [^1]: I use the **sameersbn/gitlab:latest** image, rather than a specific version. This lets me execute updates simply by redeploying the stack (and why **wouldn't** I want the latest version?) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/gollum.md b/manuscript/recipes/gollum.md index 1013bf9..03a507b 100644 --- a/manuscript/recipes/gollum.md +++ b/manuscript/recipes/gollum.md @@ -16,7 +16,6 @@ Gollum pages: * Can be edited with your favourite system editor or IDE (_changes will be visible after committing_) or with the built-in web interface. * Can be displayed in all versions (_commits_). - ![Gollum Screenshot](../images/gollum.png) As you'll note in the (_real world_) screenshot above, my requirements for a personal wiki are: @@ -40,7 +39,7 @@ Gollum meets all these requirements, and as an added bonus, is extremely fast an We'll need an empty git repository in /var/data/gollum for our data: -``` +```bash mkdir /var/data/gollum cd /var/data/gollum git init @@ -51,7 +50,7 @@ git init 1. Choose an oauth provider, and obtain a client ID and secret 2. Create gollum.env, and populate with the following variables (_you can make the cookie secret whatever you like_) -``` +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -122,4 +121,4 @@ Authenticate against your OAuth provider, and then start editing your wiki! [^1]: In the current implementation, Gollum is a "single user" tool only. The contents of the wiki are saved as markdown files under /var/data/gollum, and all the git commits are currently "Anonymous" ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/homeassistant.md b/manuscript/recipes/homeassistant.md index 63a8c6d..c591e53 100644 --- a/manuscript/recipes/homeassistant.md +++ b/manuscript/recipes/homeassistant.md @@ -18,7 +18,7 @@ This recipie combines the [extensibility](https://home-assistant.io/components/) We'll need several directories to bind-mount into our container, so create them in /var/data/homeassistant: -``` +```bash mkdir /var/data/homeassistant cd /var/data/homeassistant mkdir -p {homeassistant,grafana,influxdb-backup} @@ -26,15 +26,15 @@ mkdir -p {homeassistant,grafana,influxdb-backup} Now create a directory for the influxdb realtime data: - -``` +```bash mkdir /var/data/runtime/homeassistant/influxdb ``` ### Prepare environment Create /var/data/config/homeassistant/grafana.env, and populate with the following - this is to enable grafana to work with oauth2_proxy without requiring an additional level of authentication: -``` + +```bash GF_AUTH_BASIC_ENABLED=false OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= @@ -126,8 +126,8 @@ networks: Launch the Home Assistant stack by running ```docker stack deploy homeassistant -c ``` -Log into your new instance at https://**YOUR-FQDN**, the password you created in configuration.yml as "frontend - api_key". Then setup a bunch of sensors, and log into https://grafana.**YOUR FQDN** and create some beautiful graphs :) +Log into your new instance at https://**YOUR-FQDN**, the password you created in configuration.yml as "frontend - api_key". Then setup a bunch of sensors, and log into .**YOUR FQDN** and create some beautiful graphs :) [^1]: I **tried** to protect Home Assistant using [oauth2_proxy](/reference/oauth_proxy), but HA is incompatible with the websockets implementation used by Home Assistant. Until this can be fixed, I suggest that geeks set frontend: api_key to a long and complex string, and rely on this to prevent malevolent internet miscreants from turning their lights on at 2am! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/homeassistant/ibeacon.md b/manuscript/recipes/homeassistant/ibeacon.md index a2e1768..93504a1 100644 --- a/manuscript/recipes/homeassistant/ibeacon.md +++ b/manuscript/recipes/homeassistant/ibeacon.md @@ -8,7 +8,7 @@ One of the most useful features of Home Assistant is location awareness. I don't ## Ingredients 1. [HomeAssistant](/recipes/homeassistant/) per recipe -2. iBeacon(s) - This recipe is for https://s.click.aliexpress.com/e/bzyLCnAp +2. iBeacon(s) - This recipe is for 3. [LightBlue Explorer](https://itunes.apple.com/nz/app/lightblue-explorer/id557428110?mt=8) ## Preparation @@ -17,10 +17,10 @@ One of the most useful features of Home Assistant is location awareness. I don't The iBeacons come with no UUID. We use the LightBlue Explorer app to pair with them (_code is "123456"_), and assign own own UUID. -Generate your own UUID, or get a random one at https://www.uuidgenerator.net/ +Generate your own UUID, or get a random one at Plug in your iBeacon, launch LightBlue Explorer, and find your iBeacon. The first time you attempt to interrogate it, you'll be prompted to pair. Although it's not recorded anywhere in the documentation (_grr!_), the pairing code is **123456** Having paired, you'll be able to see the vital statistics of your iBeacon. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/huginn.md b/manuscript/recipes/huginn.md index 2abc3a1..2239ee7 100644 --- a/manuscript/recipes/huginn.md +++ b/manuscript/recipes/huginn.md @@ -6,6 +6,7 @@ description: A self-hosted, hackable version of IFFTT / Zapier Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn's Agents create and consume events, propagating them along a directed graph. Think of it as a hackable version of IFTTT or Zapier on your own server. + --8<-- "recipe-standard-ingredients.md" @@ -16,7 +17,7 @@ Huginn is a system for building agents that perform automated tasks for you onli Create the location for the bind-mount of the database, so that it's persistent: -``` +```bash mkdir -p /var/data/huginn/database ``` @@ -24,7 +25,7 @@ mkdir -p /var/data/huginn/database Strictly speaking, you don't **have** to integrate Huginn with email. However, since we created our own mailserver stack earlier, it's worth using it to enable emails within Huginn. -``` +```bash cd /var/data/docker-mailserver/ ./setup.sh email add huginn@huginn.example.com my-password-here # Setup MX and DKIM if they don't already exist: @@ -36,7 +37,7 @@ cat config/opendkim/keys/huginn.example.com/mail.txt Create /var/data/config/huginn/huginn.env, and populate with the following variables. Set the "INVITATION_CODE" variable if you want to require users to enter a code to sign up (protects the UI from abuse) (The full list of Huginn environment variables is available [here](https://github.com/huginn/huginn/blob/master/.env.example)) -``` +```bash # For huginn/huginn - essential SMTP_DOMAIN=your-domain-here.com SMTP_USER_NAME=you@gmail.com diff --git a/manuscript/recipes/instapy.md b/manuscript/recipes/instapy.md index 354911e..4f3dab1 100644 --- a/manuscript/recipes/instapy.md +++ b/manuscript/recipes/instapy.md @@ -20,7 +20,7 @@ Great power, right? A client (_yes, you can [hire](https://www.funkypenguin.co.n We need a data location to store InstaPy's config, as well as its log files. Create /var/data/instapy per below -``` +```bash mkdir -p /var/data/instapy/logs ``` @@ -65,18 +65,18 @@ services: ### Command your bot -Create a variation of https://github.com/timgrossmann/InstaPy/blob/master/docker_quickstart.py at /var/data/instapy/instapy.py (the file we bind-mounted in the swarm config above) +Create a variation of at /var/data/instapy/instapy.py (the file we bind-mounted in the swarm config above) Change at least the following: -```` +```bash insta_username = '' insta_password = '' -```` +``` Here's an example of my config, set to like a single penguin-pic per run: -``` +```python insta_username = 'funkypenguin' insta_password = 'followmemypersonalbrandisawesome' @@ -117,6 +117,7 @@ Launch the bot by running ```docker stack deploy instapy -c After swarm deploys, you won't see much, but you can monitor what InstaPy is doing, by running ```docker service logs instapy_web```. @@ -125,4 +126,4 @@ You can **also** watch the bot at work by VNCing to your docker swarm, password [^1]: Amazingly, my bot has ended up tagging more _non-penguins_ than actual penguins. I don't understand how Instagrammers come up with their hashtags! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/ipfs-cluster.md b/manuscript/recipes/ipfs-cluster.md index ab7b406..c76faf2 100644 --- a/manuscript/recipes/ipfs-cluster.md +++ b/manuscript/recipes/ipfs-cluster.md @@ -1,9 +1,9 @@ +# IPFS + !!! danger "This recipe is a work in progress" This recipe is **incomplete**, and remains a work in progress. So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) if you're encountering issues 😁 -# IPFS - The intention of this recipe is to provide a local IPFS cluster for the purpose of providing persistent storage for the various components of the recipes ![IPFS Screenshot](../images/ipfs.png) @@ -22,7 +22,7 @@ Since IPFS may _replace_ ceph or glusterfs as a shared-storage provider for the On _each_ node, therefore run the following, to create the persistent data storage for ipfs and ipfs-cluster: -``` +```bash mkdir -p {/var/ipfs/daemon,/var/ipfs/cluster} ``` @@ -32,7 +32,7 @@ ipfs-cluster nodes require a common secret, a 32-bit hex-encoded string, in orde Now on _each_ node, create ```/var/ipfs/cluster:/data/ipfs-cluster```, including both the secret, *and* the IP of docker0 interface on your hosts (_on my hosts, this is always 172.17.0.1_). We do this (_the trick with docker0)_ to allow ipfs-cluster to talk to the local ipfs daemon, per-node: -``` +```bash SECRET= # Use docker0 to access daemon @@ -72,10 +72,9 @@ services: Launch all nodes independently with ```docker-compose -f ipfs.yml up```. At this point, the nodes are each running independently, unaware of each other. But we do this to ensure that service.json is populated on each node, using the IPFS_API environment variable we specified in ipfs.env. (_it's only used on the first run_) - The output looks something like this: -``` +```bash cluster_1 | 11:03:33.272 INFO restapi: REST API (libp2p-http): ENABLED. Listening on: cluster_1 | /ip4/127.0.0.1/tcp/9096/ipfs/QmbqPBLJNXWpbXEX6bVhYLo2ruEBE7mh1tfT9s6VXUzYYx cluster_1 | /ip4/172.18.0.3/tcp/9096/ipfs/QmbqPBLJNXWpbXEX6bVhYLo2ruEBE7mh1tfT9s6VXUzYYx @@ -101,7 +100,7 @@ Pick a node to be your primary node, and CTRL-C the others. Look for a line like this in the output of the primary node: -``` +```bash /ip4/127.0.0.1/tcp/9096/ipfs/QmbqPBLJNXWpbXEX6bVhYLo2ruEBE7mh1tfT9s6VXUzYYx ``` @@ -111,8 +110,7 @@ You'll note several addresses listed, all ending in the same hash. None of these On each of the non-primary nodes, run the following, replacing **IP-OF-PRIMARY-NODE** with the actual IP of the primary node, and **HASHY-MC-HASHFACE** with your own hash from primary output above. - -``` +```bash docker run --rm -it -v /var/ipfs/cluster:/data/ipfs-cluster \ --entrypoint ipfs-cluster-service ipfs/ipfs-cluster \ daemon --bootstrap \ /ip4/IP-OF-PRIMARY-NODE/tcp/9096/ipfs/HASHY-MC-HASHFACE @@ -120,7 +118,7 @@ docker run --rm -it -v /var/ipfs/cluster:/data/ipfs-cluster \ You'll see output like this: -``` +```bash 10:55:26.121 INFO service: Bootstrapping to /ip4/192.168.31.13/tcp/9096/ipfs/QmPrmQvW5knXLBE94jzpxvdtLSwXZeFE5DSY3FuMxypDsT daemon.go:153 10:55:26.121 INFO ipfshttp: IPFS Proxy: /ip4/0.0.0.0/tcp/9095 -> /ip4/172.17.0.1/tcp/5001 ipfshttp.go:221 10:55:26.304 ERROR ipfshttp: error posting to IPFS: Post http://172.17.0.1:5001/api/v0/id: dial tcp 172.17.0.1:5001: connect: connection refused ipfshttp.go:708 @@ -144,7 +142,7 @@ docker-exec into one of the cluster containers (_it doesn't matter which one_), You should see output from each node member, indicating it can see its other peers. Here's my output from a 3-node cluster: -``` +```bash / # ipfs-cluster-ctl peers ls QmPrmQvW5knXLBE94jzpxvdtLSwXZeFE5DSY3FuMxypDsT | ef68b1437c56 | Sees 2 other peers > Addresses: @@ -178,4 +176,4 @@ QmbqPBLJNXWpbXEX6bVhYLo2ruEBE7mh1tfT9s6VXUzYYx | 28c13ec68f33 | Sees 2 other pee [^1]: I'm still trying to work out how to _mount_ the ipfs data in my filesystem in a usable way. Which is why this is still a WIP :) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/jellyfin.md b/manuscript/recipes/jellyfin.md index fbe1df4..1fdc9be 100644 --- a/manuscript/recipes/jellyfin.md +++ b/manuscript/recipes/jellyfin.md @@ -18,13 +18,13 @@ If it looks very similar as Emby, is because it started as a fork of it, but it We'll need a location to store Jellyfin's library data, config files, logs and temporary transcoding space, so create ``/var/data/jellyfin``, and make sure it's owned by the user and group who also own your media data. -``` +```bash mkdir /var/data/jellyfin ``` Also if we want to avoid the cache to be part of the backup, we should create a location to map it on the runtime folder. It also has to be owned by the user and group who also own your media data. -``` +```bash mkdir /var/data/runtime/jellyfin ``` @@ -32,7 +32,7 @@ mkdir /var/data/runtime/jellyfin Create jellyfin.env, and populate with PUID/GUID for the user who owns the /var/data/jellyfin directory (_above_) and your actual media content (_in this example, the media content is at **/srv/data**_) -``` +```bash PUID= GUID= ``` @@ -91,4 +91,4 @@ Log into your new instance at https://**YOUR-FQDN**, and complete the wizard-bas [^2]: Got an NVIDIA GPU? See [this blog post](https://www.funkypenguin.co.nz/note/gpu-transcoding-with-emby-plex-using-docker-nvidia/) re how to use your GPU to transcode your media! [^3]: We don't bother exposing the HTTPS port for Jellyfin, since [Traefik](/ha-docker-swarm/traefik/) is doing the SSL termination for us already. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/kanboard.md b/manuscript/recipes/kanboard.md index b40f7e5..b21ce6e 100644 --- a/manuscript/recipes/kanboard.md +++ b/manuscript/recipes/kanboard.md @@ -19,7 +19,7 @@ Features include: * Free, open source and self-hosted * Super simple installation -![](/images/kanboard.png) +![Kanboard screenshot](/images/kanboard.png) --8<-- "recipe-standard-ingredients.md" @@ -29,7 +29,7 @@ Features include: Create the location for the bind-mount of the application data, so that it's persistent: -``` +```bash mkdir -p /var/data/kanboard ``` @@ -37,7 +37,7 @@ mkdir -p /var/data/kanboard If you intend to use an [OAuth proxy](/reference/oauth_proxy/) to further secure public access to your instance, create a ```kanboard.env``` file to hold your environment variables, and populate with your OAuth provider's details (_the cookie secret you can just make up_): -``` +```bash # If you decide to protect kanboard with an oauth_proxy, complete these OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= diff --git a/manuscript/recipes/keycloak.md b/manuscript/recipes/keycloak.md index b002633..d1fd0d2 100644 --- a/manuscript/recipes/keycloak.md +++ b/manuscript/recipes/keycloak.md @@ -16,7 +16,7 @@ description: Kick-ass OIDC and identity management We'll need several directories to bind-mount into our container for both runtime and backup data, so create them as follows -``` +```bash mkdir -p /var/data/runtime/keycloak/database mkdir -p /var/data/keycloak/database-dump ``` @@ -25,7 +25,7 @@ mkdir -p /var/data/keycloak/database-dump Create `/var/data/config/keycloak/keycloak.env`, and populate with the following variables, customized for your own domain structure. -``` +```bash # Technically, this could be auto-detected, but we prefer to be prescriptive DB_VENDOR=postgres DB_DATABASE=keycloak @@ -48,7 +48,7 @@ POSTGRES_PASSWORD=myuberpassword Create `/var/data/config/keycloak/keycloak-backup.env`, and populate with the following, so that your database can be backed up to the filesystem, daily: -``` +```bash PGHOST=keycloak-db PGUSER=keycloak PGPASSWORD=myuberpassword @@ -128,4 +128,4 @@ Launch the KeyCloak stack by running `docker stack deploy keycloak -c /realms/master/.well-known/openid-configuration* +We've setup an OIDC client in KeyCloak, which we can now use to protect vulnerable services using [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). The OIDC URL provided by KeyCloak in the master realm, is `https:///realms/master/.well-known/openid-configuration` !!! Summary Created: * [X] Client ID and Client Secret used to authenticate against KeyCloak with OpenID Connect ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/komga.md b/manuscript/recipes/komga.md index 9f8e527..b5d4873 100644 --- a/manuscript/recipes/komga.md +++ b/manuscript/recipes/komga.md @@ -13,7 +13,7 @@ So you've just watched a bunch of superhero movies, and you're suddenly inspired ## Ingredients --8<-- "recipe-standard-ingredients.md" - * [X] [AutoPirate](/recipes/autopirate/) components (*specifically [Mylar](/recipes/autopirate/mylar/)*), for searching for, downloading, and managing comic books + *[X] [AutoPirate](/recipes/autopirate/) components (*specifically [Mylar](/recipes/autopirate/mylar/)*), for searching for, downloading, and managing comic books ## Preparation @@ -21,7 +21,7 @@ So you've just watched a bunch of superhero movies, and you're suddenly inspired First we create a directory to hold the komga database, logs and other persistent data: -``` +```bash mkdir /var/data/komga ``` @@ -73,4 +73,4 @@ If Komga scratches your particular itch, please join me in [sponsoring the devel [^1]: Since Komga doesn't need to communicate with any other services, we don't need a separate overlay network for it. Provided Traefik can reach Komga via the `traefik_public` overlay network, we've got all we need. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/kubernetes/kanboard.md b/manuscript/recipes/kubernetes/kanboard.md index abea3dd..87e6e30 100644 --- a/manuscript/recipes/kubernetes/kanboard.md +++ b/manuscript/recipes/kubernetes/kanboard.md @@ -1,4 +1,4 @@ -#Kanboard +# Kanboard Kanboard is a Kanban tool, developed by [Frédéric Guillot](https://github.com/fguillot). (_Who also happens to be the developer of my favorite RSS reader, [Miniflux](/recipes/miniflux/)_) @@ -28,7 +28,7 @@ Features include: When you deployed [Traefik via the helm chart](/kubernetes/traefik/), you would have customized ```values.yml``` for your deployment. In ```values.yml``` is a list of namespaces which Traefik is permitted to access. Update ```values.yml``` to include the *kanboard* namespace, as illustrated below: -``` +```yaml kubernetes: namespaces: @@ -45,7 +45,7 @@ If you've updated ```values.yml```, upgrade your traefik deployment via helm, by Although we could simply bind-mount local volumes to a local Kubuernetes cluster, since we're targetting a cloud-based Kubernetes deployment, we only need a local path to store the YAML files which define the various aspects of our Kubernetes deployment. -``` +```bash mkdir /var/data/config/kanboard ``` @@ -53,7 +53,7 @@ mkdir /var/data/config/kanboard We use Kubernetes namespaces for service discovery and isolation between our stacks, so create a namespace for the kanboard stack with the following .yml: -``` +```bash cat < /var/data/config/kanboard/namespace.yml apiVersion: v1 kind: Namespace @@ -67,7 +67,7 @@ kubectl create -f /var/data/config/kanboard/namespace.yaml Persistent volume claims are a streamlined way to create a persistent volume and assign it to a container in a pod. Create a claim for the kanboard app and plugin data: -``` +```bash cat < /var/data/config/kanboard/persistent-volumeclaim.yml kind: PersistentVolumeClaim apiVersion: v1 @@ -91,14 +91,15 @@ kubectl create -f /var/data/config/kanboard/kanboard-volumeclaim.yaml ### Create ConfigMap -Kanboard's configuration is all contained within ```config.php```, which needs to be presented to the container. We _could_ maintain ```config.php``` in the persistent volume we created above, but this would require manually accessing the pod every time we wanted to make a change. +Kanboard's configuration is all contained within ```config.php```, which needs to be presented to the container. We _could_ maintain ```config.php``` in the persistent volume we created above, but this would require manually accessing the pod every time we wanted to make a change. Instead, we'll create ```config.php``` as a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), meaning it "lives" within the Kuberetes cluster and can be **presented** to our pod. When we want to make changes, we simply update the ConfigMap (*delete and recreate, to be accurate*), and relaunch the pod. Grab a copy of [config.default.php](https://github.com/kanboard/kanboard/blob/master/config.default.php), save it to ```/var/data/config/kanboard/config.php```, and customize it per [the guide](https://docs.kanboard.org/en/latest/admin_guide/config_file.html). At the very least, I'd suggest making the following changes: -``` + +```php define('PLUGIN_INSTALLER', true); // Yes, I want to install plugins using the UI define('ENABLE_URL_REWRITE', false); // Yes, I want pretty URLs ``` @@ -107,7 +108,7 @@ Now create the configmap from config.php, by running ```kubectl create configmap ## Serving -Now that we have a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and a [configmap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), we can create a [deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), [service](https://kubernetes.io/docs/concepts/services-networking/service/), and [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for the kanboard [pod](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). +Now that we have a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and a [configmap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), we can create a [deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), [service](https://kubernetes.io/docs/concepts/services-networking/service/), and [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for the kanboard [pod](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). ### Create deployment @@ -115,7 +116,7 @@ Create a deployment to tell Kubernetes about the desired state of the pod (*whic --8<-- "premix-cta.md" -``` +```bash cat < /var/data/kanboard/deployment.yml apiVersion: extensions/v1beta1 kind: Deployment @@ -160,7 +161,7 @@ kubectl create -f /var/data/kanboard/deployment.yml Check that your deployment is running, with ```kubectl get pods -n kanboard```. After a minute or so, you should see a "Running" pod, as illustrated below: -``` +```bash [funkypenguin:~] % kubectl get pods -n kanboard NAME READY STATUS RESTARTS AGE app-79f97f7db6-hsmfg 1/1 Running 0 11d @@ -171,7 +172,7 @@ app-79f97f7db6-hsmfg 1/1 Running 0 11d The service resource "advertises" the availability of TCP port 80 in your pod, to the rest of the cluster (*constrained within your namespace*). It seems a little like overkill coming from the Docker Swarm's automated "service discovery" model, but the Kubernetes design allows for load balancing, rolling upgrades, and health checks of individual pods, without impacting the rest of the cluster elements. -``` +```bash cat < /var/data/kanboard/service.yml kind: Service apiVersion: v1 @@ -191,7 +192,7 @@ kubectl create -f /var/data/kanboard/service.yml Check that your service is deployed, with ```kubectl get services -n kanboard```. You should see something like this: -``` +```bash [funkypenguin:~] % kubectl get service -n kanboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE app ClusterIP None 80/TCP 38d @@ -202,7 +203,7 @@ app ClusterIP None 80/TCP 38d The ingress resource tells Traefik what to forward inbound requests for *kanboard.example.com* to your service (defined above), which in turn passes the request to the "app" pod. Adjust the config below for your domain. -``` +```bash cat < /var/data/kanboard/ingress.yml apiVersion: extensions/v1beta1 kind: Ingress @@ -225,7 +226,7 @@ kubectl create -f /var/data/kanboard/ingress.yml Check that your service is deployed, with ```kubectl get ingress -n kanboard```. You should see something like this: -``` +```bash [funkypenguin:~] % kubectl get ingress -n kanboard NAME HOSTS ADDRESS PORTS AGE app kanboard.funkypenguin.co.nz 80 38d @@ -234,21 +235,20 @@ app kanboard.funkypenguin.co.nz 80 38d ### Access Kanboard -At this point, you should be able to access your instance on your chosen DNS name (*i.e. https://kanboard.example.com*) - +At this point, you should be able to access your instance on your chosen DNS name (*i.e. *) ### Updating config.php Since ```config.php``` is a ConfigMap now, to update it, make your local changes, and then delete and recreate the ConfigMap, by running: -``` +```bash kubectl delete configmap -n kanboard kanboard-config kubectl create configmap -n kanboard kanboard-config --from-file=config.php ``` Then, in the absense of any other changes to the deployement definition, force the pod to restart by issuing a "null patch", as follows: -``` +```bash kubectl patch -n kanboard deployment app -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"`date +'%s'`\"}}}}}" ``` @@ -258,4 +258,4 @@ To look at the Kanboard pod's logs, run ```kubectl logs -n kanboard kubernetes: namespaces: @@ -43,7 +42,7 @@ If you've updated ```values.yml```, upgrade your traefik deployment via helm, by Although we could simply bind-mount local volumes to a local Kubuernetes cluster, since we're targetting a cloud-based Kubernetes deployment, we only need a local path to store the YAML files which define the various aspects of our Kubernetes deployment. -``` +```bash mkdir /var/data/config/miniflux ``` @@ -51,7 +50,7 @@ mkdir /var/data/config/miniflux We use Kubernetes namespaces for service discovery and isolation between our stacks, so create a namespace for the miniflux stack with the following .yml: -``` +```bash cat < /var/data/config/miniflux/namespace.yml apiVersion: v1 kind: Namespace @@ -65,7 +64,7 @@ kubectl create -f /var/data/config/miniflux/namespace.yaml Persistent volume claims are a streamlined way to create a persistent volume and assign it to a container in a pod. Create a claim for the miniflux postgres database: -``` +```bash cat < /var/data/config/miniflux/db-persistent-volumeclaim.yml kkind: PersistentVolumeClaim apiVersion: v1 @@ -91,7 +90,7 @@ kubectl create -f /var/data/config/miniflux/db-persistent-volumeclaim.yaml It's not always desirable to have sensitive data stored in your .yml files. Maybe you want to check your config into a git repository, or share it. Using Kubernetes Secrets means that you can create "secrets", and use these in your deployments by name, without exposing their contents. Run the following, replacing ```imtoosexyformyadminpassword```, and the ```mydbpass``` value in both postgress-password.secret **and** database-url.secret: -``` +```bash echo -n "imtoosexyformyadminpassword" > admin-password.secret echo -n "mydbpass" > postgres-password.secret echo -n "postgres://miniflux:mydbpass@db/miniflux?sslmode=disable" > database-url.secret @@ -105,10 +104,9 @@ kubectl create secret -n mqtt generic miniflux-credentials \ !!! tip "Why use ```echo -n```?" Because. See [my blog post here](https://www.funkypenguin.co.nz/beware-the-hidden-newlines-in-kubernetes-secrets/) for the pain of hunting invisible newlines, that's why! - ## Serving -Now that we have a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and a [configmap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), we can create [deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), [services](https://kubernetes.io/docs/concepts/services-networking/service/), and an [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for the miniflux [pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). +Now that we have a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and a [configmap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), we can create [deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), [services](https://kubernetes.io/docs/concepts/services-networking/service/), and an [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for the miniflux [pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). ### Create db deployment @@ -116,7 +114,7 @@ Deployments tell Kubernetes about the desired state of the pod (*which it will t --8<-- "premix-cta.md" -``` +```bash cat < /var/data/miniflux/db-deployment.yml apiVersion: extensions/v1beta1 kind: Deployment @@ -159,7 +157,7 @@ spec: Create the app deployment by excecuting the following. Again, note that the deployment refers to the secrets created above. -``` +```bash cat < /var/data/miniflux/app-deployment.yml apiVersion: extensions/v1beta1 kind: Deployment @@ -207,7 +205,7 @@ kubectl create -f /var/data/miniflux/deployment.yml Check that your deployment is running, with ```kubectl get pods -n miniflux```. After a minute or so, you should see 2 "Running" pods, as illustrated below: -``` +```bash [funkypenguin:~] % kubectl get pods -n miniflux NAME READY STATUS RESTARTS AGE app-667c667b75-5jjm9 1/1 Running 0 4d @@ -219,7 +217,7 @@ db-fcd47b88f-9vvqt 1/1 Running 0 4d The db service resource "advertises" the availability of PostgreSQL's port (TCP 5432) in your pod, to the rest of the cluster (*constrained within your namespace*). It seems a little like overkill coming from the Docker Swarm's automated "service discovery" model, but the Kubernetes design allows for load balancing, rolling upgrades, and health checks of individual pods, without impacting the rest of the cluster elements. -``` +```bash cat < /var/data/miniflux/db-service.yml kind: Service apiVersion: v1 @@ -241,8 +239,7 @@ kubectl create -f /var/data/miniflux/service.yml The app service resource "advertises" the availability of miniflux's HTTP listener port (TCP 8080) in your pod. This is the service which will be referred to by the ingress (below), so that Traefik can route incoming traffic to the miniflux app. - -``` +```bash cat < /var/data/miniflux/app-service.yml kind: Service apiVersion: v1 @@ -264,7 +261,7 @@ kubectl create -f /var/data/miniflux/app-service.yml Check that your services are deployed, with ```kubectl get services -n miniflux```. You should see something like this: -``` +```bash [funkypenguin:~] % kubectl get services -n miniflux NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE app ClusterIP None 8080/TCP 55d @@ -276,7 +273,7 @@ db ClusterIP None 5432/TCP 55d The ingress resource tells Traefik what to forward inbound requests for *miniflux.example.com* to your service (defined above), which in turn passes the request to the "app" pod. Adjust the config below for your domain. -``` +```bash cat < /var/data/miniflux/ingress.yml apiVersion: extensions/v1beta1 kind: Ingress @@ -299,7 +296,7 @@ kubectl create -f /var/data/miniflux/ingress.yml Check that your service is deployed, with ```kubectl get ingress -n miniflux```. You should see something like this: -``` +```bash [funkypenguin:~] 130 % kubectl get ingress -n miniflux NAME HOSTS ADDRESS PORTS AGE app miniflux.funkypenguin.co.nz 80 55d @@ -308,11 +305,10 @@ app miniflux.funkypenguin.co.nz 80 55d ### Access Miniflux -At this point, you should be able to access your instance on your chosen DNS name (*i.e. https://miniflux.example.com*) - +At this point, you should be able to access your instance on your chosen DNS name (*i.e. *) ### Troubleshooting To look at the Miniflux pod's logs, run ```kubectl logs -n miniflux -f```. For further troubleshooting hints, see [Troubleshooting](/reference/kubernetes/troubleshooting/). ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/kubernetes/template-k8s.md b/manuscript/recipes/kubernetes/template-k8s.md deleted file mode 100644 index 58cadcd..0000000 --- a/manuscript/recipes/kubernetes/template-k8s.md +++ /dev/null @@ -1,262 +0,0 @@ -#Kanboard - -Kanboard is a Kanban tool, developed by [Frédéric Guillot](https://github.com/fguillot). (_Who also happens to be the developer of my favorite RSS reader, [Miniflux](/recipes/miniflux/)_) - -![Kanboard Screenshot](/images/kanboard.png) - -!!! tip "Sponsored Project" - Kanboard is one of my [sponsored projects](/#sponsored-projects) - a project I financially support on a regular basis because of its utility to me. I use it both in my DayJob(tm), and to manage my overflowing, overly-optimistic personal commitments! 😓 - -Features include: - -* Visualize your work -* Limit your work in progress to be more efficient -* Customize your boards according to your business activities -* Multiple projects with the ability to drag and drop tasks -* Reports and analytics -* Fast and simple to use -* Access from anywhere with a modern browser -* Plugins and integrations with external services -* Free, open source and self-hosted -* Super simple installation - -## Ingredients - -1. A [Kubernetes Cluster](/kubernetes/design/) including [Traefik Ingress](/kubernetes/traefik/) -2. A DNS name for your kanboard instance (*kanboard.example.com*, below) pointing to your [load balancer](/kubernetes/loadbalancer/), fronting your Traefik ingress - -## Preparation - -### Prepare traefik for namespace - -When you deployed [Traefik via the helm chart](/kubernetes/traefik/), you would have customized ```values.yml``` for your deployment. In ```values.yml``` is a list of namespaces which Traefik is permitted to access. Update ```values.yml``` to include the *kanboard* namespace, as illustrated below: - -``` - -kubernetes: - namespaces: - - kube-system - - nextcloud - - kanboard - - miniflux - -``` - -If you've updated ```values.yml```, upgrade your traefik deployment via helm, by running ```helm upgrade --values values.yml traefik stable/traefik --recreate-pods``` - -### Create data locations - -Although we could simply bind-mount local volumes to a local Kubuernetes cluster, since we're targetting a cloud-based Kubernetes deployment, we only need a local path to store the YAML files which define the various aspects of our Kubernetes deployment. - -``` -mkdir /var/data/config/kanboard -``` - -### Create namespace - -We use Kubernetes namespaces for service discovery and isolation between our stacks, so create a namespace for the kanboard stack with the following .yml: - -``` -cat < /var/data/config/kanboard/namespace.yml -apiVersion: v1 -kind: Namespace -metadata: - name: kanboard -EOF -kubectl create -f /var/data/config/kanboard/namespace.yaml -``` - -### Create persistent volume claim - -Persistent volume claims are a streamlined way to create a persistent volume and assign it to a container in a pod. Create a claim for the kanboard app and plugin data: - -``` -cat < /var/data/config/kanboard/persistent-volumeclaim.yml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: kanboard-volumeclaim - namespace: kanboard - annotations: - backup.kubernetes.io/deltas: P1D P7D -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -EOF -kubectl create -f /var/data/config/kanboard/kanboard-volumeclaim.yaml -``` - -!!! question "What's that annotation about?" - The annotation is used by [k8s-snapshots](/kubernetes/snapshots/) to create daily incremental snapshots of your persistent volumes. In this case, our volume is snapshotted daily, and copies kept for 7 days. - -### Create ConfigMap - -Kanboard's configuration is all contained within ```config.php```, which needs to be presented to the container. We _could_ maintain ```config.php``` in the persistent volume we created above, but this would require manually accessing the pod every time we wanted to make a change. - -Instead, we'll create ```config.php``` as a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), meaning it "lives" within the Kuberetes cluster and can be **presented** to our pod. When we want to make changes, we simply update the ConfigMap (*delete and recreate, to be accurate*), and relaunch the pod. - -Grab a copy of [config.default.php](https://github.com/kanboard/kanboard/blob/master/config.default.php), save it to ```/var/data/config/kanboard/config.php```, and customize it per [the guide](https://docs.kanboard.org/en/latest/admin_guide/config_file.html). - -At the very least, I'd suggest making the following changes: -``` -define('PLUGIN_INSTALLER', true); // Yes, I want to install plugins using the UI -define('ENABLE_URL_REWRITE', false); // Yes, I want pretty URLs -``` - -Now create the configmap from config.php, by running ```kubectl create configmap -n kanboard kanboard-config --from-file=config.php``` - -## Serving - -Now that we have a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/), a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and a [configmap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/), we can create a [deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), [service](https://kubernetes.io/docs/concepts/services-networking/service/), and [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for the kanboard [pod](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). - -### Create deployment - -Create a deployment to tell Kubernetes about the desired state of the pod (*which it will then attempt to maintain*). Note below that we mount the persistent volume **twice**, to both ```/var/www/app/data``` and ```/var/www/app/plugins```, using the subPath value to differentiate them. This trick avoids us having to provision **two** persistent volumes just for data mounted in 2 separate locations. - ---8<-- "premix-cta.md" - -``` -cat < /var/data/kanboard/deployment.yml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - namespace: kanboard - name: app - labels: - app: app -spec: - replicas: 1 - selector: - matchLabels: - app: app - template: - metadata: - labels: - app: app - spec: - containers: - - image: kanboard/kanboard - name: app - volumeMounts: - - name: kanboard-config - mountPath: /var/www/app/config.php - subPath: config.php - - name: kanboard-app - mountPath: /var/www/app/data - subPath: data - - name: kanboard-app - mountPath: /var/www/app/plugins - subPath: plugins - volumes: - - name: kanboard-app - persistentVolumeClaim: - claimName: kanboard-app - - name: kanboard-config - configMap: - name: kanboard-config -EOF -kubectl create -f /var/data/kanboard/deployment.yml -``` - -Check that your deployment is running, with ```kubectl get pods -n kanboard```. After a minute or so, you should see a "Running" pod, as illustrated below: - -``` -[funkypenguin:~] % kubectl get pods -n kanboard -NAME READY STATUS RESTARTS AGE -app-79f97f7db6-hsmfg 1/1 Running 0 11d -[funkypenguin:~] % -``` - -### Create service - -The service resource "advertises" the availability of TCP port 80 in your pod, to the rest of the cluster (*constrained within your namespace*). It seems a little like overkill coming from the Docker Swarm's automated "service discovery" model, but the Kubernetes design allows for load balancing, rolling upgrades, and health checks of individual pods, without impacting the rest of the cluster elements. - -``` -cat < /var/data/kanboard/service.yml -kind: Service -apiVersion: v1 -metadata: - name: app - namespace: kanboard -spec: - selector: - app: app - ports: - - protocol: TCP - port: 80 - clusterIP: None -EOF -kubectl create -f /var/data/kanboard/service.yml -``` - -Check that your service is deployed, with ```kubectl get services -n kanboard```. You should see something like this: - -``` -[funkypenguin:~] % kubectl get service -n kanboard -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -app ClusterIP None 80/TCP 38d -[funkypenguin:~] % -``` - -### Create ingress - -The ingress resource tells Traefik what to forward inbound requests for *kanboard.example.com* to your service (defined above), which in turn passes the request to the "app" pod. Adjust the config below for your domain. - -``` -cat < /var/data/kanboard/ingress.yml -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: app - namespace: kanboard - annotations: - kubernetes.io/ingress.class: traefik -spec: - rules: - - host: kanboard.example.com - http: - paths: - - backend: - serviceName: app - servicePort: 80 -EOF -kubectl create -f /var/data/kanboard/ingress.yml -``` - -Check that your service is deployed, with ```kubectl get ingress -n kanboard```. You should see something like this: - -``` -[funkypenguin:~] % kubectl get ingress -n kanboard -NAME HOSTS ADDRESS PORTS AGE -app kanboard.funkypenguin.co.nz 80 38d -[funkypenguin:~] % -``` - -### Access Kanboard - -At this point, you should be able to access your instance on your chosen DNS name (*i.e. https://kanboard.example.com*) - - -### Updating config.php - -Since ```config.php``` is a ConfigMap now, to update it, make your local changes, and then delete and recreate the ConfigMap, by running: - -``` -kubectl delete configmap -n kanboard kanboard-config -kubectl create configmap -n kanboard kanboard-config --from-file=config.php -``` - -Then, in the absense of any other changes to the deployement definition, force the pod to restart by issuing a "null patch", as follows: - -``` -kubectl patch -n kanboard deployment app -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"`date +'%s'`\"}}}}}" -``` - -### Troubleshooting - -To look at the Kanboard pod's logs, run ```kubectl logs -n kanboard -f```. For further troubleshooting hints, see [Troubleshooting](/reference/kubernetes/troubleshooting/). - -[^1]: The simplest deployment of Kanboard uses the default SQLite database backend, stored on the persistent volume. You can convert this to a "real" database running MySQL or PostgreSQL, and running an an additional database pod and service. Contact me if you'd like further details ;) \ No newline at end of file diff --git a/manuscript/recipes/linx.md b/manuscript/recipes/linx.md index d3342d7..1bcbf27 100644 --- a/manuscript/recipes/linx.md +++ b/manuscript/recipes/linx.md @@ -4,7 +4,7 @@ description: Quickly share self-destructing screenshots, text, etc # Linx -Ever wanted to quickly share a screenshot, but don't want to use imgur, sign up for a service, or have your image tracked across the internet for all time? +Ever wanted to quickly share a screenshot, but don't want to use imgur, sign up for a service, or have your image tracked across the internet for all time? Want to privately share some log output with a password, or a self-destructing cat picture? @@ -26,7 +26,7 @@ Want to privately share some log output with a password, or a self-destructing c First we create a directory to hold the data which linx will serve: -``` +```bash mkdir /var/data/linx ``` @@ -34,7 +34,7 @@ mkdir /var/data/linx Linx is configured using a flat text file, so create this on the Docker host, and then we'll mount it (*read-only*) into the container, below. -``` +```bash mkdir /var/data/config/linx cat << EOF > /var/data/config/linx/linx.conf # Refer to https://github.com/andreimarcu/linx-server for details @@ -87,7 +87,6 @@ networks: Launch the Linx stack by running ```docker stack deploy linx -c ``` - [^1]: Since the whole purpose of media/file sharing is to share stuff with **strangers**, this recipe doesn't take into account any sort of authentication using [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). --8<-- "recipe-footer.md" diff --git a/manuscript/recipes/mail.md b/manuscript/recipes/mail.md index 63d912f..c442de9 100644 --- a/manuscript/recipes/mail.md +++ b/manuscript/recipes/mail.md @@ -26,7 +26,7 @@ docker-mailserver doesn't include a webmail client, and one is not strictly need We'll need several directories to bind-mount into our container, so create them in /var/data/docker-mailserver: -``` +```bash cd /var/data mkdir docker-mailserver cd docker-mailserver @@ -41,7 +41,7 @@ The docker-mailserver container can _renew_ our LetsEncrypt certs for us, but it In the example below, since I'm already using Traefik to manage the LE certs for my web platforms, I opted to use the DNS challenge to prove my ownership of the domain. The certbot client will prompt you to add a DNS record for domain verification. -``` +```bash docker run -ti --rm -v \ "$(pwd)"/letsencrypt:/etc/letsencrypt certbot/certbot \ --manual --preferred-challenges dns certonly \ @@ -52,11 +52,12 @@ docker run -ti --rm -v \ docker-mailserver comes with a handy bash script for managing the stack (which is just really a wrapper around the container.) It'll make our setup easier, so download it into the root of your configuration/data directory, and make it executable: -``` +```bash curl -o setup.sh \ https://raw.githubusercontent.com/tomav/docker-mailserver/master/setup.sh \ chmod a+x ./setup.sh ``` + ### Create email accounts For every email address required, run ```./setup.sh email add ``` to create the account. The command returns no output. @@ -69,7 +70,7 @@ Run ```./setup.sh config dkim``` to create the necessary DKIM entries. The comma Examine the keys created by opendkim to identify the DNS TXT records required: -``` +```bash for i in `find config/opendkim/keys/ -name mail.txt`; do \ echo $i; \ cat $i; \ @@ -78,16 +79,16 @@ done You'll end up with something like this: -``` +```bash config/opendkim/keys/gitlab.example.com/mail.txt -mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuQqDg2ZG8ZOfI1PvarF1Gcr5cJnCR8BeCj5HYgeRohSrxKL5utPEF/AWAxXYwnKpgYN837fu74GfqsIuOhu70lPhGV+O2gFVgpXYWHELvIiTqqO0QgarIN63WE2gzE4s0FckfLrMuxMoXr882wuzuJhXywGxOavybmjpnNHhbQIDAQAB" ) ; ----- DKIM key mail for gitlab.example.com +mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuQqDg2ZG8ZOfI1PvarF1Gcr5cJnCR8BeCj5HYgeRohSrxKL5utPEF/AWAxXYwnKpgYN837fu74GfqsIuOhu70lPhGV+O2gFVgpXYWHELvIiTqqO0QgarIN63WE2gzE4s0FckfLrMuxMoXr882wuzuJhXywGxOavybmjpnNHhbQIDAQAB" ) ; ----- DKIM key mail for gitlab.example.com [root@ds1 mail]# ``` Create the necessary DNS TXT entries for your domain(s). Note that although opendkim splits the record across two lines, the actual record should be concatenated on creation. I.e., the DNS TXT record above should read: -``` +```bash "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuQqDg2ZG8ZOfI1PvarF1Gcr5cJnCR8BeCj5HYgeRohSrxKL5utPEF/AWAxXYwnKpgYN837fu74GfqsIuOhu70lPhGV+O2gFVgpXYWHELvIiTqqO0QgarIN63WE2gzE4s0FckfLrMuxMoXr882wuzuJhXywGxOavybmjpnNHhbQIDAQAB" ``` @@ -131,7 +132,7 @@ services: deploy: replicas: 1 - rainloop: + rainloop: image: hardware/rainloop networks: - internal @@ -158,7 +159,7 @@ networks: A sample docker-mailserver.env file looks like this: -``` +```bash ENABLE_SPAMASSASSIN=1 ENABLE_CLAMAV=1 ENABLE_POSTGREY=1 @@ -170,7 +171,6 @@ PERMIT_DOCKER=network SSL_TYPE=letsencrypt ``` - ## Serving ### Launch mailserver @@ -181,4 +181,4 @@ Launch the mail server stack by running ```docker stack deploy docker-mailserver [^2]: If you're using sieve with Rainloop, take note of the [workaround](https://discourse.geek-kitchen.funkypenguin.co.nz/t/mail-server-funky-penguins-geek-cookbook/70/15) identified by [ggilley](https://discourse.geek-kitchen.funkypenguin.co.nz/u/ggilley) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/mattermost.md b/manuscript/recipes/mattermost.md deleted file mode 100644 index 1a5d65f..0000000 --- a/manuscript/recipes/mattermost.md +++ /dev/null @@ -1,110 +0,0 @@ -# MatterMost - -Intro - -![MatterMost Screenshot](../images/mattermost.png) - -Details - ---8<-- "recipe-standard-ingredients.md" - -## Preparation - -### Setup data locations - -We'll need several directories to bind-mount into our container, so create them in /var/data/mattermost: - -``` -mkdir -p /var/data/mattermost/{cert,config,data,logs,plugins,database-dump} -mkdir -p /var/data/runtime/mattermost/database -``` - -### Prepare environment - -Create mattermost.env, and populate with the following variables -``` -POSTGRES_USER=mmuser -POSTGRES_PASSWORD=mmuser_password -POSTGRES_DB=mattermost -MM_USERNAME=mmuser -MM_PASSWORD=mmuser_password -MM_DBNAME=mattermost -``` - -Now create mattermost-backup.env, and populate with the following variables: -``` -PGHOST=db -PGUSER=mmuser -PGPASSWORD=mmuser_password -BACKUP_NUM_KEEP=7 -BACKUP_FREQUENCY=1d -``` - -### Setup Docker Swarm - -Create a docker swarm config file in docker-compose syntax (v3), something like this: - ---8<-- "premix-cta.md" - -```yaml -version: '3' - -services: - - db: - image: mattermost/mattermost-prod-db - env_file: /var/data/config/mattermost/mattermost.env - volumes: - - /var/data/runtime/mattermost/database:/var/lib/postgresql/data - networks: - - internal - - app: - image: mattermost/mattermost-team-edition - env_file: /var/data/config/mattermost/mattermost.env - volumes: - - /var/data/mattermost/config:/mattermost/config:rw - - /var/data/mattermost/data:/mattermost/data:rw - - /var/data/mattermost/logs:/mattermost/logs:rw - - /var/data/mattermost/plugins:/mattermost/plugins:rw - - db-backup: - image: mattermost/mattermost-prod-db - env_file: /var/data/config/mattermost/mattermost-backup.env - volumes: - - /var/data/mattermost/database-dump:/dump - entrypoint: | - bash -c 'bash -s < /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.psql - (ls -t /dump/dump*.psql|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.psql)|sort|uniq -u|xargs rm -- {} - sleep $$BACKUP_FREQUENCY - done - EOF' - networks: - - internal - - -networks: - traefik_public: - external: true - internal: - driver: overlay - ipam: - config: - - subnet: 172.16.40.0/24 -``` - ---8<-- "reference-networks.md" - -## Serving - -### Launch MatterMost stack - -Launch the MatterMost stack by running ```docker stack deploy mattermost -c ``` - -Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in mattermost.env. - ---8<-- "recipe-footer.md" \ No newline at end of file diff --git a/manuscript/recipes/mealie.md b/manuscript/recipes/mealie.md index 11ff342..677ba1a 100644 --- a/manuscript/recipes/mealie.md +++ b/manuscript/recipes/mealie.md @@ -10,10 +10,10 @@ Easily add recipes into your database by providing the url[^penguinfood], and me ![Mealie Screenshot](../images/mealie.png) -Mealie also provides a secure API for interactions from 3rd party applications. +Mealie also provides a secure API for interactions from 3rd party applications. !!! question "Why does my recipe manager need an API?" - An API allows integration into applications like Home Assistant that can act as notification engines to provide custom notifications based of Meal Plan data to remind you to defrost the chicken, marinade the steak, or start the CrockPot. See the [official docs](https://hay-kot.github.io/mealie/) for more information. Additionally, you can access any available API from the backend server. To explore the API spin up your server and navigate to http://yourserver.com/docs for interactive API documentation. + An API allows integration into applications like Home Assistant that can act as notification engines to provide custom notifications based of Meal Plan data to remind you to defrost the chicken, marinade the steak, or start the CrockPot. See the [official docs](https://hay-kot.github.io/mealie/) for more information. Additionally, you can access any available API from the backend server. To explore the API spin up your server and navigate to for interactive API documentation. --8<-- "recipe-standard-ingredients.md" @@ -23,7 +23,7 @@ Mealie also provides a secure API for interactions from 3rd party applications. First we create a directory to hold the data which mealie will serve: -``` +```bash mkdir /var/data/mealie ``` @@ -31,7 +31,7 @@ mkdir /var/data/mealie There's only one environment variable currently required (`db_type`), but let's create an `.env` file anyway, to keep the recipe consistent and extensible. -``` +```bash mkdir /var/data/config/mealie cat << EOF > /var/data/config/mealie/mealie.env db_type=sqlite @@ -89,8 +89,8 @@ Launch the mealie stack by running ```docker stack deploy mealie -c [^1]: If you plan to use Mealie for fancy things like an early-morning alarm to defrost the chicken, you may need to customize the [Traefik Forward Auth][tfa] rules, or even remove them entirely, for unauthenticated API access. [^2]: If you think Mealie is tasty, encourage the developer :cook: to keep on cookin', by [sponsoring him](https://github.com/sponsors/hay-kot) :heart: ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/miniflux.md b/manuscript/recipes/miniflux.md index 17ca00d..99448c9 100644 --- a/manuscript/recipes/miniflux.md +++ b/manuscript/recipes/miniflux.md @@ -26,7 +26,7 @@ I've [reviewed Miniflux in detail on my blog](https://www.funkypenguin.co.nz/rev Create the location for the bind-mount of the application data, so that it's persistent: -``` +```bash mkdir -p /var/data/miniflux/database-dump mkdir -p /var/data/runtime/miniflux/database @@ -36,7 +36,7 @@ mkdir -p /var/data/runtime/miniflux/database Create ```/var/data/config/miniflux/miniflux.env``` something like this: -``` +```bash DATABASE_URL=postgres://miniflux:secret@miniflux-db/miniflux?sslmode=disable POSTGRES_USER=miniflux POSTGRES_PASSWORD=secret @@ -52,7 +52,7 @@ ADMIN_PASSWORD=test1234 Create ```/var/data/config/miniflux/miniflux-backup.env```, and populate with the following, so that your database can be backed up to the filesystem, daily: -``` +```env PGHOST=miniflux-db PGUSER=miniflux PGPASSWORD=secret @@ -124,7 +124,6 @@ networks: - subnet: 172.16.22.0/24 ``` - ## Serving ### Launch Miniflux stack @@ -135,4 +134,4 @@ Log into your new instance at https://**YOUR-FQDN**, using the credentials you s [^1]: Find the bookmarklet under the **Settings -> Integration** page. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/minio.md b/manuscript/recipes/minio.md index eed29c9..10df15b 100644 --- a/manuscript/recipes/minio.md +++ b/manuscript/recipes/minio.md @@ -27,7 +27,7 @@ Possible use-cases: We'll need a directory to hold our minio file store, as well as our minio client config, so create a structure at /var/data/minio: -``` +```bash mkdir /var/data/minio cd /var/data/minio mkdir -p {mc,data} @@ -36,7 +36,8 @@ mkdir -p {mc,data} ### Prepare environment Create minio.env, and populate with the following variables -``` + +```bash MINIO_ACCESS_KEY= MINIO_SECRET_KEY= ``` @@ -89,13 +90,13 @@ To administer the Minio server, we need the Minio client. While it's possible to I created an alias on my docker nodes, allowing me to run mc quickly: -``` +```bash alias mc='docker run -it -v /docker/minio/mc/:/root/.mc/ --network traefik_public minio/mc' ``` Now I use the alias to launch the client shell, and connect to my minio instance (_I could also use the external, traefik-provided URL_) -``` +```bash root@ds1:~# mc config host add minio http://app:9000 admin iambatman mc: Configuration written to `/root/.mc/config.json`. Please update your access credentials. mc: Successfully created `/root/.mc/share`. @@ -107,11 +108,11 @@ root@ds1:~# ### Add (readonly) user -Use mc to add a (readonly or readwrite) user, by running ``` mc admin user add minio ``` +Use mc to add a (readonly or readwrite) user, by running ```mc admin user add minio ``` Example: -``` +```bash root@ds1:~# mc admin user add minio spiderman peterparker readonly Added user `spiderman` successfully. root@ds1:~# @@ -119,7 +120,7 @@ root@ds1:~# Confirm by listing your users (_admin is excluded from the list_): -``` +```bash root@node1:~# mc admin user list minio enabled spiderman readonly root@node1:~# @@ -133,7 +134,7 @@ The simplest permission scheme is "on or off". Either a bucket has a policy, or After **no** policy, the most restrictive policy you can attach to a bucket is "download". This policy will allow authenticated users to download contents from the bucket. Apply the "download" policy to a bucket by running ```mc policy download minio/```, i.e.: -``` +```bash root@ds1:# mc policy download minio/comics Access permission for `minio/comics` is set to `download` root@ds1:# @@ -154,7 +155,7 @@ I tested the S3 mount using [goofys](https://github.com/kahing/goofys), "a high- First, I created ~/.aws/credentials, as follows: -``` +```ini [default] aws_access_key_id=spiderman aws_secret_access_key=peterparker @@ -164,7 +165,7 @@ And then I ran (_in the foreground, for debugging_), ```goofys --f -debug_s3 --d To permanently mount an S3 bucket using goofys, I'd add something like this to /etc/fstab: -``` +```bash goofys#bucket /mnt/mountpoint fuse _netdev,allow_other,--file-mode=0666 0 0 ``` @@ -172,4 +173,4 @@ goofys#bucket /mnt/mountpoint fuse _netdev,allow_other,--file-mode= [^2]: Some applications (_like [NextCloud](/recipes/nextcloud/)_) can natively mount S3 buckets [^3]: Some backup tools (_like [Duplicity](/recipes/duplicity/)_) can backup directly to S3 buckets ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/mqtt.md b/manuscript/recipes/mqtt.md deleted file mode 100644 index c80d996..0000000 --- a/manuscript/recipes/mqtt.md +++ /dev/null @@ -1,207 +0,0 @@ -hero: Kubernetes. The hero we deserve. - -!!! danger "This recipe is a work in progress" -This recipe is **incomplete**, and is featured to align the [sponsors](https://github.com/sponsors/funkypenguin)'s "premix" repository with the cookbook. "_premix_" is a private git repository available to [GitHub sponsors](https://github.com/sponsors/funkypenguin), which includes all the necessary .yml files for all published recipes. This means that sponsors can launch any recipe with just a `git pull` and a `kubectl create -f *.yml` 👍 - - So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) if you're encountering issues 😁 - -# MQTT broker - -I use Elias Kotlyar's [excellent custom firmware](https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks) for Xiaomi DaFang/XiaoFang cameras, enabling RTSP, MQTT, motion tracking, and other features, integrating directly with [Home Assistant](/recipes/homeassistant/). - -There's currently a [mysterious bug](https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/issues/638) though, which prevents TCP communication between Home Assistant and the camera, when MQTT services are enabled on the camera and the mqtt broker runs on the same Raspberry Pi as Home Assistant, using [Hass.io](https://www.home-assistant.io/hassio/). - -A workaround to this bug is to run an MQTT broker **external** to the raspberry pi, which makes the whole problem GoAway(tm). Since an MQTT broker is a single, self-contained container, I've written this recipe as an introduction to our Kubernetes cluster design. - -![MQTT Screenshot](../images/mqtt.png) - -[MQTT](https://mqtt.org/faq) stands for MQ Telemetry Transport. It is a publish/subscribe, extremely simple and lightweight messaging protocol, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The design principles are to minimise network bandwidth and device resource requirements whilst also attempting to ensure reliability and some degree of assurance of delivery. These principles also turn out to make the protocol ideal of the emerging “machine-to-machine” (M2M) or “Internet of Things” world of connected devices, and for mobile applications where bandwidth and battery power are at a premium. - -## Ingredients - -1. A [Kubernetes cluster](/kubernetes/cluster/) - -## Preparation - -### Create data locations - -Although we could simply bind-mount local volumes to a local Kubuernetes cluster, since we're targetting a cloud-based Kubernetes deployment, we only need a local path to store the YAML files which define the various aspects of our Kubernetes deployment. - -``` -mkdir /var/data/config/mqtt -``` - -### Create namespace - -We use Kubernetes namespaces for service discovery and isolation between our stacks, so create a namespace for the mqtt stack by creating the following .yaml: - -``` -cat < /var/data/mqtt/namespace.yml -apiVersion: v1 -kind: Namespace -metadata: - name: mqtt -EOF -kubectl create -f /var/data/mqtt/namespace.yaml -``` - -### Create persistent volume claim - -Persistent volume claims are a streamlined way to create a persistent volume and assign it to a container in a pod. Create a claim for the certbot data: - -```yaml -cat < /var/data/mqtt/persistent-volumeclaim.yml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: mqtt-volumeclaim - namespace: mqtt -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -EOF -kubectl create -f /var/data/mqtt/mqtt-volumeclaim.yaml -``` - -### Create nodeport service - -I like to expose my services using nodeport (_limited to ports 30000-32767_), and then use an external haproxy load balancer to make these available externally. (_This avoids having to pay per-port changes for a loadbalancer from the cloud provider_) - -``` -cat < /var/data/mqtt/service-nodeport.yml -kind: Service -apiVersion: v1 -metadata: - name: mqtt-nodeport - namespace: mqtt -spec: - selector: - app: mqtt - type: NodePort - ports: - - name: mqtts - port: 8883 - protocol: TCP - nodePort : 30883 -EOF -kubectl create -f /var/data/mqtt/service-nodeport.yml -``` - -### Create secrets - -It's not always desirable to have sensitive data stored in your .yml files. Maybe you want to check your config into a git repository, or share it. Using Kubernetes Secrets means that you can create "secrets", and use these in your deployments by name, without exposing their contents. - -``` -echo -n "myapikeyissosecret" > cloudflare-key.secret -echo -n "myemailaddress" > cloudflare-email.secret -echo -n "myemailaddress" > letsencrypt-email.secret - -kubectl create secret -n mqtt generic mqtt-credentials \ - --from-file=cloudflare-key.secret \ - --from-file=cloudflare-email.secret \ - --from-file=letsencrypt-email.secret -``` - -!!! tip "Why use `echo -n`?" -Because. See [my blog post here](https://www.funkypenguin.co.nz/beware-the-hidden-newlines-in-kubernetes-secrets/) for the pain of hunting invisible newlines, that's why! - -## Serving - -### Create deployment - -Now that we have a volume, a service, and a namespace, we can create a deployment for the mqtt pod. Note below the use of volume mounts, environment variables, as well as the secrets. - ---8<-- "premix-cta.md" - -``` -cat < /var/data/mqtt/mqtt.yml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - namespace: mqtt - name: mqtt - labels: - app: mqtt -spec: - replicas: 1 - selector: - matchLabels: - app: mqtt - template: - metadata: - labels: - app: mqtt - spec: - containers: - - image: funkypenguin/mqtt-certbot-dns - imagePullPolicy: Always -# only uncomment these to get the container to run so that we can transfer files into the PV -# command: [ "/bin/sleep" ] -# args: [ "1h" ] - env: - - name: DOMAIN - value: "*.funkypenguin.co.nz" - - name: EMAIL - valueFrom: - secretKeyRef: - name: mqtt-credentials - key: letsencrypt-email.secret - - name: CLOUDFLARE_EMAIL - valueFrom: - secretKeyRef: - name: mqtt-credentials - key: cloudflare-email.secret - - name: CLOUDFLARE_KEY - valueFrom: - secretKeyRef: - name: mqtt-credentials - key: cloudflare-key.secret -# uncomment this to test LetsEncrypt validations -# - name: TESTCERT -# value: "true" - name: mqtt - resources: - requests: - memory: "50Mi" - cpu: "0.1" - volumeMounts: - # We need the LE certs to persist across reboots to avoid getting rate-limited (bad, bad) - - name: mqtt-volumeclaim - mountPath: /etc/letsencrypt - # A configmap for the mosquitto.conf file - - name: mosquitto-conf - mountPath: /mosquitto/conf/mosquitto.conf - subPath: mosquitto.conf - # A configmap for the mosquitto passwd file - - name: mosquitto-passwd - mountPath: /mosquitto/conf/passwd - subPath: passwd - volumes: - - name: mqtt-volumeclaim - persistentVolumeClaim: - claimName: mqtt-volumeclaim - - name: mosquitto-conf - configMap: - name: mosquitto.conf - - name: mosquitto-passwd - configMap: - name: passwd -EOF -kubectl create -f /var/data/mqtt/mqtt.yml -``` - -Check that your deployment is running, with `kubectl get pods -n mqtt`. After a minute or so, you should see a "Running" pod, as illustrated below: - -``` -[davidy:~/Documents/Personal/Projects/mqtt-k8s] 130 % kubectl get pods -n mqtt -NAME READY STATUS RESTARTS AGE -mqtt-65f4d96945-bjj44 1/1 Running 0 5m -[davidy:~/Documents/Personal/Projects/mqtt-k8s] % -``` - -To actually **use** your new MQTT broker, you'll need to connect to any one of your nodes (`kubectl get nodes -o wide`) on port 30883 (_the nodeport service we created earlier_). More info on that, and a loadbalancer design, to follow shortly :) - ---8<-- "recipe-footer.md" \ No newline at end of file diff --git a/manuscript/recipes/munin.md b/manuscript/recipes/munin.md index c1ad829..04154f7 100644 --- a/manuscript/recipes/munin.md +++ b/manuscript/recipes/munin.md @@ -1,4 +1,3 @@ - --- description: Network resource monitoring tool for quick analysis --- @@ -23,7 +22,7 @@ Depending on what you want to monitor, you'll want to install munin-node. On Ubu On CentOS Atomic, of course, you can't install munin-node directly, but you can run it as a containerized instance. In this case, you can't use swarm since you need the container running in privileged mode, so launch a munin-node container on each atomic host using: -``` +```bash docker run -d --name munin-node --restart=always \ --privileged --net=host \ -v /:/rootfs:ro \ @@ -38,7 +37,7 @@ docker run -d --name munin-node --restart=always \ We'll need several directories to bind-mount into our container, so create them in /var/data/munin: -``` +```bash mkdir /var/data/munin cd /var/data/munin mkdir -p {log,lib,run,cache} @@ -48,7 +47,7 @@ mkdir -p {log,lib,run,cache} Create /var/data/config/munin/munin.env, and populate with the following variables. Use the OAUTH2 variables if you plan to use an [oauth2_proxy](/reference/oauth_proxy/) to protect munin, and set at a **minimum** the `MUNIN_USER`, `MUNIN_PASSWORD`, and `NODES` values: -``` +```bash # Use these if you plan to protect the webUI with an oauth_proxy OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= @@ -132,4 +131,4 @@ Log into your new instance at https://**YOUR-FQDN**, with user and password pass [^1]: If you wanted to expose the Munin UI directly, you could remove the oauth2_proxy from the design, and move the traefik-related labels directly to the munin container. You'd also need to add the traefik_public network to the munin container. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/nextcloud.md b/manuscript/recipes/nextcloud.md index 726ccf0..d5e4411 100644 --- a/manuscript/recipes/nextcloud.md +++ b/manuscript/recipes/nextcloud.md @@ -5,7 +5,8 @@ description: Share docs. Backup files. Share stuff. # NextCloud [NextCloud](https://www.nextcloud.org/) (_a [fork of OwnCloud](https://owncloud.org/blog/owncloud-statement-concerning-the-formation-of-nextcloud-by-frank-karlitschek/), led by original developer Frank Karlitschek_) is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. - - https://en.wikipedia.org/wiki/Nextcloud + +- ![NextCloud Screenshot](../images/nextcloud.png) @@ -19,7 +20,7 @@ This recipe is based on the official NextCloud docker image, but includes seprat We'll need several directories for [static data](/reference/data_layout/#static-data) to bind-mount into our container, so create them in /var/data/nextcloud (_so that they can be [backed up](/recipes/duplicity/)_) -``` +```bash mkdir /var/data/nextcloud cd /var/data/nextcloud mkdir -p {html,apps,config,data,database-dump} @@ -27,17 +28,17 @@ mkdir -p {html,apps,config,data,database-dump} Now make **more** directories for [runtime data](/reference/data_layout/#runtime-data) (_so that they can be **not** backed-up_): -``` +```bash mkdir /var/data/runtime/nextcloud cd /var/data/runtime/nextcloud mkdir -p {db,redis} ``` - ### Prepare environment Create nextcloud.env, and populate with the following variables -``` + +```bash NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=FVuojphozxMVyaYCUWomiP9b MYSQL_HOST=db @@ -51,7 +52,7 @@ MYSQL_PASSWORD=set to something secure> Now create a **separate** nextcloud-db-backup.env file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://discourse.geek-kitchen.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_) -```` +````bash # For database backup (keep 7 days daily backups) MYSQL_PWD= MYSQL_USER=root @@ -163,8 +164,8 @@ Log into your new instance at https://**YOUR-FQDN**, with user "admin" and the p To make NextCloud [a little snappier](https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html), edit ```/var/data/nextcloud/config/config.php``` (_now that it's been created on the first container launch_), and add the following: -``` - 'redis' => array( +```bash + 'redis' => array( 'host' => 'redis', 'port' => 6379, ), @@ -178,31 +179,31 @@ Huzzah! NextCloud supports [service discovery for CalDAV/CardDAV](https://tools. We (_and anyone else using the [NextCloud Docker image](https://hub.docker.com/_/nextcloud/)_) are using an SSL-terminating reverse proxy ([Traefik](/ha-docker-swarm/traefik/)) in front of our NextCloud container. In fact, it's not **possible** to setup SSL **within** the NextCloud container. -When using a reverse proxy, your device requests a URL from your proxy (https://nextcloud.batcave.com/.well-known/caldav), and the reverse proxy then passes that request **unencrypted** to the internal URL of the NextCloud instance (i.e., http://172.16.12.123/.well-known/caldav) +When using a reverse proxy, your device requests a URL from your proxy (), and the reverse proxy then passes that request **unencrypted** to the internal URL of the NextCloud instance (i.e., ) -The Apache webserver on the NextCloud container (_knowing it was spoken to via HTTP_), responds with a 301 redirect to http://nextcloud.batcave.com/remote.php/dav/. See the problem? You requested an **HTTPS** (_encrypted_) url, and in return, you received a redirect to an **HTTP** (_unencrypted_) URL. Any sensible client (_iOS included_) will refuse such schenanigans. +The Apache webserver on the NextCloud container (_knowing it was spoken to via HTTP_), responds with a 301 redirect to . See the problem? You requested an **HTTPS** (_encrypted_) url, and in return, you received a redirect to an **HTTP** (_unencrypted_) URL. Any sensible client (_iOS included_) will refuse such schenanigans. To correct this, we need to tell NextCloud to always redirect the .well-known URLs to an HTTPS location. This can only be done **after** deploying NextCloud, since it's only on first launch of the container that the .htaccess file is created in the first place. To make NextCloud service discovery work with Traefik reverse proxy, edit ```/var/data/nextcloud/html/.htaccess```, and change this: -``` +```bash RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] ``` To this: -``` +```bash RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] ``` Then restart your container with ```docker service update nextcloud_nextcloud --force``` to restart apache. -Your can test for success by running ```curl -i https://nextcloud.batcave.org/.well-known/carddav```. You should get a 301 redirect to your equivalent of https://nextcloud.batcave.org/remote.php/dav/, as below: +Your can test for success by running ```curl -i https://nextcloud.batcave.org/.well-known/carddav```. You should get a 301 redirect to your equivalent of , as below: -``` +```bash [davidy:~] % curl -i https://nextcloud.batcave.org/.well-known/carddav HTTP/2 301 content-type: text/html; charset=iso-8859-1 @@ -215,4 +216,4 @@ Note that this .htaccess can be overwritten by NextCloud, and you may have to re [^1]: Since many of my other recipes use PostgreSQL, I'd have preferred to use Postgres over MariaDB, but MariaDB seems to be the [preferred database type](https://github.com/nextcloud/server/issues/5912). [^2]: I'm [not the first user](https://github.com/nextcloud/docker/issues/528) to stumble across the service discovery bug with reverse proxies. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/nightscout.md b/manuscript/recipes/nightscout.md index a5c2179..776c465 100644 --- a/manuscript/recipes/nightscout.md +++ b/manuscript/recipes/nightscout.md @@ -6,11 +6,10 @@ description: CGM data with an API, for diabetic quality-of-life improvements Nightscout is "*...an open source, DIY project that allows real time access to a CGM data via personal website, smartwatch viewers, or apps and widgets available for smartphones*" -!!! question "Yeah, but what's a CGM?" - A CGM is a "continuos glucose monitor" :drop_of_blood: - If you have a blood-sugar-related disease (*i.e. diabetes*), you might wear a CGM in order to retrieve blood-glucose level readings, to inform your treatment. - - NightScout frees you from the CGM's supplier's limited and proprietary app, and unlocks advanced charting, alarming, and sharing features :muscle: +!!! question "Yeah, but what's a CGM?" + A CGM is a "continuos glucose monitor" :drop_of_blood: - If you have a blood-sugar-related disease (*i.e. diabetes*), you might wear a CGM in order to retrieve blood-glucose level readings, to inform your treatment. + NightScout frees you from the CGM's supplier's limited and proprietary app, and unlocks advanced charting, alarming, and sharing features :muscle: ![Nightscout Screenshot](../images/nightscout.png) @@ -25,14 +24,15 @@ Most NightScout users will deploy to Heroko, using MongoDB Atlas, which is a [we ### Setup data locations First we create a directory to hold Nightscout's database, as well as database backups: -``` + +```bash mkdir -p /var/data/runtime/nightscout/database # excluded from automated backups mkdir -p /var/data/nightscout/database # included in automated backups ``` ### Create env file -NightScout is configured entirely using environment variables, so create something like this as `/var/data/config/nightscout/nightscout.env`: +NightScout is configured entirely using environment variables, so create something like this as `/var/data/config/nightscout/nightscout.env`: !!! warning Your variables may vary significantly from what's illustrated below, and it's best to read up and understand exactly what each option does. @@ -164,7 +164,6 @@ networks: Launch the nightscout stack by running ```docker stack deploy nightscout -c ``` - [^1]: Most of the time, you'll need an app which syncs to Nightscout, and these apps won't support OIDC auth, so this recipe doesn't take into account any sort of authentication using [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). Instead, NightScout is secured entirely with your `API_SECRET` above (*although it is possible to add more users once you're an admin*) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/openldap.md b/manuscript/recipes/openldap.md index 34c3926..d307d38 100644 --- a/manuscript/recipes/openldap.md +++ b/manuscript/recipes/openldap.md @@ -30,7 +30,7 @@ What you'll end up with is a directory structure which will allow integration wi We'll need several directories to bind-mount into our container, so create them in /var/data/openldap: -``` +```bash mkdir /var/data/openldap/openldap mkdir /var/data/runtime/openldap/ ``` @@ -42,7 +42,7 @@ mkdir /var/data/runtime/openldap/ Create /var/data/openldap/openldap.env, and populate with the following variables, customized for your own domain structure. Take care with LDAP_DOMAIN, this is core to your directory structure, and can't easily be changed later. -``` +```bash LDAP_DOMAIN=batcave.gotham LDAP_ORGANISATION=BatCave Inc LDAP_ADMIN_PASSWORD=supermansucks @@ -67,7 +67,7 @@ Create ```/var/data/openldap/lam/config/config.cfg``` as follows: ???+ note "Much scroll, very text. Click here to collapse it for better readability" - ``` + ```bash # password to add/delete/rename configuration profiles (default: lam) password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ== @@ -137,7 +137,7 @@ Create yours profile (_you chose a default profile in config.cfg above, remember ???+ note "Much scroll, very text. Click here to collapse it for better readability" - ``` + ```bash # LDAP Account Manager configuration # # Please do not modify this file manually. The configuration can be done completely by the LAM GUI. @@ -392,7 +392,7 @@ networks: Create **another** stack config file (```/var/data/config/openldap/auth.yml```) containing just the auth_internal network, and a dummy container: -``` +```yaml version: "3.2" # What is this? @@ -417,9 +417,6 @@ networks: - subnet: 172.16.39.0/24 ``` - - - ## Serving ### Launch OpenLDAP stack @@ -436,4 +433,4 @@ Create your users using the "**New User**" button. [^1]: [The KeyCloak](/recipes/keycloak/authenticate-against-openldap/) recipe illustrates how to integrate KeyCloak with your LDAP directory, giving you a cleaner interface to manage users, and a raft of SSO / OAuth features. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/owntracks.md b/manuscript/recipes/owntracks.md index c42e492..151f8a8 100644 --- a/manuscript/recipes/owntracks.md +++ b/manuscript/recipes/owntracks.md @@ -21,7 +21,7 @@ Using a smartphone app, OwnTracks allows you to collect and analyse your own loc We'll need a directory so store OwnTracks' data , so create ```/var/data/owntracks```: -``` +```bash mkdir /var/data/owntracks ``` @@ -29,7 +29,7 @@ mkdir /var/data/owntracks Create owntracks.env, and populate with the following variables -``` +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -107,4 +107,4 @@ Log into your new instance at https://**YOUR-FQDN**, with user "root" and the pa [^2]: I'm using my own image rather than owntracks/recorderd, because of a [potentially swarm-breaking bug](https://github.com/owntracks/recorderd/issues/14) I found in the official container. If this gets resolved (_or if I was mistaken_) I'll update the recipe accordingly. [^3]: By default, you'll get a fully accessible, unprotected MQTT broker. This may not be suitable for public exposure, so you'll want to look into securing mosquitto with TLS and ACLs. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/paperless-ng.md b/manuscript/recipes/paperless-ng.md index 9767c03..4d703da 100644 --- a/manuscript/recipes/paperless-ng.md +++ b/manuscript/recipes/paperless-ng.md @@ -8,7 +8,6 @@ Paper is a nightmare. Environmental issues aside, there’s no excuse for it in ![Paperless Screenshot](../images/paperless-screenshot.png) - --8<-- "recipe-standard-ingredients.md" ## Preparation @@ -17,7 +16,7 @@ Paper is a nightmare. Environmental issues aside, there’s no excuse for it in We'll need a folder to store a docker-compose configuration file and an associated environment file. If you're following my filesystem layout, create `/var/data/config/paperless` (*for the config*). We'll also need to create `/var/data/paperless` and a few subdirectories (*for the metadata*). Lastly, we need a directory for the database backups to reside in as well. -``` +```bash mkdir /var/data/config/paperless mkdir /var/data/paperless mkdir /var/data/paperless/consume @@ -29,13 +28,13 @@ mkdir /var/data/paperless/database-dump ``` !!! question "Which is it, Paperless or Paperless-NG?" - Technically the name of the application is `paperless-ng`. However, the [original Paperless project](https://github.com/the-paperless-project/paperless) has been archived and the author recommends Paperless NG. So, to save some typing, we'll just call it "Paperless". Additionally, if you use the automated tooling in the Premix Repo, Ansible *really* doesn't like the hypen. + Technically the name of the application is `paperless-ng`. However, the [original Paperless project](https://github.com/the-paperless-project/paperless) has been archived and the author recommends Paperless NG. So, to save some typing, we'll just call it "Paperless". Additionally, if you use the automated tooling in the Premix Repo, Ansible *really* doesn't like the hypen. ### Create environment To stay consistent with the other recipes, we'll create a file to store environemnt variables in. There's more than 1 service in this stack, but we'll only create one one environment file that will be used by the web server (more on this later). -``` +```bash cat << EOF > /var/data/config/paperless/paperless.env PAPERLESS_TIME_ZONE: PAPERLESS_ADMIN_USER= @@ -48,6 +47,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://gotenberg:3000 PAPERLESS_TIKA_ENDPOINT=http://tika:9998 EOF ``` + You'll need to replace some of the text in the snippet above: * `` - Replace with an entry from [the timezone database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) (eg: America/New_York) @@ -158,13 +158,14 @@ networks: - subnet: 172.16.58.0/24 ``` + You'll notice that there are several items under "services" in this stack. Let's take a look at what each one does: * broker - Redis server that other services use to share data * webserver - The UI that you will use to add and view documents, edit document metadata, and configure the application settings. * gotenburg - Tool that facilitates converting MS Office documents, HTML, Markdown and other document types to PDF * tika - The OCR engine that extracts text from image-only documents -* db - PostgreSQL database engine to store metadata for all the documents. [^2] +* db - PostgreSQL database engine to store metadata for all the documents. [^2] * db-backup - Service to dump the PostgreSQL database to a backup file on disk once per day ## Serving diff --git a/manuscript/recipes/photoprism.md b/manuscript/recipes/photoprism.md index bcd28aa..419089c 100644 --- a/manuscript/recipes/photoprism.md +++ b/manuscript/recipes/photoprism.md @@ -6,7 +6,6 @@ description: ML-powered private photo hosting [Photoprism™](https://github.com/photoprism/photoprism) "is a server-based application for browsing, organizing and sharing your personal photo collection. It makes use of the latest technologies to automatically tag and find pictures without getting in your way. Say goodbye to solutions that force you to upload your visual memories to the cloud." - ![Photoprism Screenshot](../images/photoprism.png) --8<-- "recipe-standard-ingredients.md" @@ -16,13 +15,14 @@ description: ML-powered private photo hosting ### Setup data locations First we need a folder to map the photoprism config file: -``` + +```bash mkdir /var/data/photoprism/config ``` We will need a location to store photoprism thumbnails, as they can be recreated anytime (althought depending on your collection size it could take a while), we store them on a "non-backed-up" folder -``` +```bash mkdir /var/data/runtime/photoprism/cache ``` @@ -36,7 +36,7 @@ In order to be able to import/export files from / to the originals folder make Photoprism has with its own running db, but if your collection is big (10K photos or more), the perfomance is best using an external db instance. We will use MariaDb, so we need the folders for running and backing the db: -``` +```bash mkdir /var/data/runtime/photoprism/db mkdir /var/data/photoprism/database-dump ``` @@ -45,7 +45,7 @@ mkdir /var/data/photoprism/database-dump Create ```photoprism.env```, and populate with the following variables. Change passwords -``` +```bash PHOTOPRISM_URL=https://photoprism.example.com PHOTOPRISM_TITLE=PhotoPrism PHOTOPRISM_SUBTITLE=Browse your life @@ -77,7 +77,7 @@ MYSQL_DATABASE=photoprism Now create a **separate** photoprism-db-backup.env file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://discourse.geek-kitchen.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_) -```` +````bash # For database backup (keep 7 days daily backups) MYSQL_PWD= MYSQL_USER=root @@ -169,4 +169,4 @@ Browse to your new browser-cli-terminal at https://**YOUR-FQDN**, with user "adm [^1]: Once it is running, you probably will want to launch an scan to index the originals photos. Go to *library -> index* and do a complete rescan (it will take a while, depending on your collection size) ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/phpipam.md b/manuscript/recipes/phpipam.md index 141aa50..ee77167 100644 --- a/manuscript/recipes/phpipam.md +++ b/manuscript/recipes/phpipam.md @@ -28,7 +28,7 @@ Enter phpIPAM. A tool designed to help home keeps as well as large organisations We'll need several directories to bind-mount into our container, so create them in `/var/data/phpipam`: -``` +```bash mkdir /var/data/phpipam/databases-dump -p mkdir /var/data/runtime/phpipam -p ``` @@ -37,7 +37,7 @@ mkdir /var/data/runtime/phpipam -p Create `phpipam.env`, and populate with the following variables -``` +```bash # Setup for github, phpipam application OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= @@ -62,7 +62,7 @@ BACKUP_FREQUENCY=1d Additionally, create `phpipam-backup.env`, and populate with the following variables: -``` +```bash # For MariaDB/MySQL database MYSQL_ROOT_PASSWORD=imtoosecretformyshorts MYSQL_DATABASE=phpipam @@ -74,8 +74,6 @@ BACKUP_NUM_KEEP=7 BACKUP_FREQUENCY=1d ``` - - ### Setup Docker Swarm Create a docker swarm config file in docker-compose syntax (v3), something like this: @@ -161,4 +159,4 @@ Log into your new instance at https://**YOUR-FQDN**, and follow the on-screen pr [^1]: If you wanted to expose the phpIPAM UI directly, you could remove the `traefik.http.routers.api.middlewares` label from the app container :thumbsup: ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/plex.md b/manuscript/recipes/plex.md index 9daf20d..9c9d9fe 100644 --- a/manuscript/recipes/plex.md +++ b/manuscript/recipes/plex.md @@ -16,7 +16,7 @@ description: Play back all your media on all your devices We'll need a directories to bind-mount into our container for Plex to store its library, so create /var/data/plex: -``` +```bash mkdir /var/data/plex ``` @@ -24,7 +24,7 @@ mkdir /var/data/plex Create plex.env, and populate with the following variables. Set PUID and GUID to the UID and GID of the user who owns your media files, on the local filesystem -``` +```yaml EDGE=1 VERSION=latest PUID=42 @@ -87,7 +87,7 @@ Launch the Plex stack by running ```docker stack deploy plex -c [^2]: Got an NVIDIA GPU? See [this blog post](https://www.funkypenguin.co.nz/note/gpu-transcoding-with-emby-plex-using-docker-nvidia/) re how to use your GPU to transcode your media! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/portainer.md b/manuscript/recipes/portainer.md index e63c585..781c914 100644 --- a/manuscript/recipes/portainer.md +++ b/manuscript/recipes/portainer.md @@ -7,7 +7,7 @@ description: A UI to make Docker less geeky !!! tip Some time after originally publishing this recipe, I had the opportunity to meet the [Portainer team](https://www.reseller.co.nz/article/682233/kiwi-startup-portainer-io-closes-1-2m-seed-round/), who are based out of Auckland, New Zealand. We now have an ongoing friendly working relationship. Portainer is my [GitHub Sponsor][github_sponsor] :heart:, and in return, I maintain their [official Kubernetes helm charts](https://github.com/portainer/k8s)! :thumbsup: -[Portainer](https://portainer.io/) is a lightweight sexy UI for visualizing your docker environment. It also happens to integrate well with Docker Swarm clusters, which makes it a great fit for our stack. +[Portainer](https://portainer.io/) is a lightweight sexy UI for visualizing your docker environment. It also happens to integrate well with Docker Swarm clusters, which makes it a great fit for our stack. Portainer attempts to take the "geekiness" out of containers, by wrapping all the jargon and complexity in a shiny UI and some simple abstractions. It's a great addition to any stack, especially if you're just starting your containerization journey! @@ -21,7 +21,7 @@ Portainer attempts to take the "geekiness" out of containers, by wrapping all th Create a folder to store portainer's persistent data: -``` +```bash mkdir /var/data/portainer ``` @@ -115,4 +115,4 @@ Log into your new instance at https://**YOUR-FQDN**. You'll be prompted to set y [^1]: There are [some schenanigans](https://www.reddit.com/r/docker/comments/au9wnu/linuxserverio_templates_for_portainer/) you can do to install LinuxServer.io templates in Portainer. Don't go crying to them for support though! :crying_cat_face: ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/privatebin.md b/manuscript/recipes/privatebin.md index e37b247..4034a7d 100644 --- a/manuscript/recipes/privatebin.md +++ b/manuscript/recipes/privatebin.md @@ -16,7 +16,7 @@ PrivateBin is a minimalist, open source online pastebin where the server (can) h We'll need a single location to bind-mount into our container, so create /var/data/privatebin, and make it world-writable (_there might be a more secure way to do this!_) -``` +```bash mkdir /var/data/privatebin chmod 777 /var/data/privatebin/ ``` @@ -59,4 +59,4 @@ Log into your new instance at https://**YOUR-FQDN**, with user "root" and the pa [^1]: The [PrivateBin repo](https://github.com/PrivateBin/PrivateBin/blob/master/INSTALL.md) explains how to tweak configuration options, or to use a database instead of file storage, if your volume justifies it :) [^2]: The inclusion of PrivateBin was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz). Thanks Gerry!! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/realms.md b/manuscript/recipes/realms.md index bc5caa3..eea4a47 100644 --- a/manuscript/recipes/realms.md +++ b/manuscript/recipes/realms.md @@ -32,12 +32,13 @@ Features include: Since we'll start with a basic Realms install, let's just create a single directory to hold the realms (SQLite) data: -``` +```bash mkdir /var/data/realms/ ``` Create realms.env, and populate with the following variables (_if you intend to use an [oauth_proxy](/reference/oauth_proxy) to double-secure your installation, which I recommend_) -``` + +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -106,4 +107,4 @@ Log into your new instance at https://**YOUR-FQDN**, authenticate against oauth_ [^1]: If you wanted to expose the Realms UI directly, you could remove the oauth2_proxy from the design, and move the traefik_public-related labels directly to the realms container. You'd also need to add the traefik_public network to the realms container. [^2]: The inclusion of Realms was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz). Thanks gkoerk! ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/restic.md b/manuscript/recipes/restic.md index 71d5f6c..e34570f 100644 --- a/manuscript/recipes/restic.md +++ b/manuscript/recipes/restic.md @@ -6,6 +6,7 @@ description: Don't be like Cameron. Back up your shizz. Don't be like [Cameron](http://haltandcatchfire.wikia.com/wiki/Cameron_Howe). Backup your stuff. + [Restic](https://restic.net/) is a backup program intended to be easy, fast, verifiable, secure, efficient, and free. Restic supports a range of backup targets, including local disk, [SFTP](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#sftp), [S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3) (*or compatible APIs like [Minio](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#minio-server)*), [Backblaze B2](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#backblaze-b2), [Azure](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#microsoft-azure-blob-storage), [Google Cloud Storage](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#google-cloud-storage), and zillions of others via [rclone](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#other-services-via-rclone). @@ -23,7 +24,7 @@ Restic is one of the more popular open-source backup solutions, and is often [co We'll need a data location to bind-mount persistent config (*an exclusion list*) into our container, so create them as below: -``` +```bash mkdir -p /var/data/restic/ mkdir -p /var/data/config/restic echo /var/data/runtime >> /var/data/restic/restic.exclude @@ -36,7 +37,7 @@ echo /var/data/runtime >> /var/data/restic/restic.exclude Create `/var/data/config/restic/restic-backup.env`, and populate with the following variables: -``` +```bash # run on startup, otherwise just on cron RUN_ON_STARTUP=true @@ -70,7 +71,7 @@ RESTIC_FORGET_ARGS=--keep-daily 7 --keep-monthly 12 Create `/var/data/config/restic/restic-prune.env`, and populate with the following variables: -``` +```bash # run on startup, otherwise just on cron RUN_ON_STARTUP=false @@ -98,7 +99,6 @@ RESTIC_PASSWORD= !!! question "Why create two separate .env files?" Although there's duplication involved, maintaining 2 files for the two services within the stack keeps it clean, and allows you to potentially alter the behaviour of one service without impacting the other in future - ### Setup Docker Swarm Create a docker swarm config file in docker-compose syntax (v3) in `/var/data/restic/restic.yml` , something like this: @@ -144,7 +144,7 @@ networks: Launch the Restic stack by running `docker stack deploy restic -c `, and watch the logs by running `docker service logs restic_backup` - you should see something like this: -``` +```bash root@raphael:~# docker service logs restic_backup -f restic_backup.1.9sii77j9jf0x@leonardo | Checking configured repository '' ... restic_backup.1.9sii77j9jf0x@leonardo | Fatal: unable to open config file: Stat: stat /config: no such file or directory @@ -175,14 +175,14 @@ Repeat after me : "**It's not a backup unless you've tested a restore**" The simplest way to test your restore is to run the container once, using the variables you're already prepared, with custom arguments, as follows: -``` +```bash docker run --rm -it --name restic-restore --env-file /var/data/config/restic/restic-backup.env \ -v /tmp/restore:/restore mazzolino/restic restore latest --target /restore ``` In my example: -``` +```bash root@raphael:~# docker run --rm -it --name restic-restore --env-file /var/data/config/restic/restic-backup.env \ > -v /tmp/restore:/restore mazzolino/restic restore latest --target /restore Unable to find image 'mazzolino/restic:latest' locally @@ -199,9 +199,8 @@ root@raphael:~# !!! tip "Restoring a subset of data" The example above restores the **entire** `/var/data` folder (*minus any exclusions*). To restore just a subset of data, add the `-i ` argument, i.e. `-i plex` - [^1]: The `/var/data/restic/restic.exclude` exists to provide you with a way to exclude data you don't care to backup. [^2]: A recent benchmark of various backup tools, including Restic, can be found [here](https://forum.duplicati.com/t/big-comparison-borg-vs-restic-vs-arq-5-vs-duplicacy-vs-duplicati/9952). [^3]: A paid-for UI for Restic can be found [here](https://forum.restic.net/t/web-ui-for-restic/667/26). ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/rss-bridge.md b/manuscript/recipes/rss-bridge.md index a10b6cb..97462de 100644 --- a/manuscript/recipes/rss-bridge.md +++ b/manuscript/recipes/rss-bridge.md @@ -10,7 +10,6 @@ Do you hate having to access multiple sites to view specific content? [RSS-Bridg --8<-- "recipe-standard-ingredients.md" - ## Preparation ### Setup data locations diff --git a/manuscript/recipes/swarmprom.md b/manuscript/recipes/swarmprom.md index d225d6d..1422b14 100644 --- a/manuscript/recipes/swarmprom.md +++ b/manuscript/recipes/swarmprom.md @@ -18,10 +18,9 @@ cAdvisor (Container Advisor) provides container users an understanding of the re * [Alert Manager](https://github.com/prometheus/alertmanager) Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, Slack, etc. * [Unsee](https://github.com/cloudflare/unsee) is an alert dashboard for Alert Manager - ## How does this magic work? -I'd encourage you to spend some time reading https://github.com/stefanprodan/swarmprom. Stefan has included detailed explanations about which elements perform which functions, as well as how to customize your stack. (_This is only a starting point, after all_) +I'd encourage you to spend some time reading . Stefan has included detailed explanations about which elements perform which functions, as well as how to customize your stack. (_This is only a starting point, after all_) --8<-- "recipe-standard-ingredients.md" @@ -37,7 +36,7 @@ Grafana includes decent login protections, but from what I can see, Prometheus, Edit (_or create, depending on your OS_) /etc/docker/daemon.json, and add the following, to enable the experimental export of metrics to Prometheus: -``` +```json { "metrics-addr" : "0.0.0.0:9323", "experimental" : true @@ -46,12 +45,11 @@ Edit (_or create, depending on your OS_) /etc/docker/daemon.json, and add the fo Restart docker with ```systemctl restart docker``` - ### Setup and populate data locations We'll need several files to bind-mount into our containers, so create directories for them and get the latest copies: -``` +```bash mkdir -p /var/data/swarmprom/dockerd-exporter/ cd /var/data/swarmprom/dockerd-exporter/ wget https://raw.githubusercontent.com/stefanprodan/swarmprom/master/dockerd-exporter/Caddyfile @@ -74,7 +72,8 @@ chown nobody:nogroup /var/data/runtime/prometheus Grafana will make all the data we collect from our swarm beautiful. Create /var/data/swarmprom/grafana.env, and populate with the following variables -``` + +```bash OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= @@ -392,4 +391,4 @@ Log into your new grafana instance, check out your beautiful graphs. Move onto d [^1]: Pay close attention to the ```grafana.env``` config. If you encounter errors about ```basic auth failed```, or failed CSS, it's likely due to misconfiguration of one of the grafana environment variables. ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/template.md b/manuscript/recipes/template.md index 23be6a5..b199c9d 100644 --- a/manuscript/recipes/template.md +++ b/manuscript/recipes/template.md @@ -84,7 +84,6 @@ networks: Launch the Linx stack by running ```docker stack deploy linx -c ``` - [^1]: Since the whole purpose of media/file sharing is to share stuff with **strangers**, this recipe doesn't take into account any sort of authentication using [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). ---8<-- "recipe-footer.md" \ No newline at end of file +--8<-- "recipe-footer.md" diff --git a/manuscript/recipes/tiny-tiny-rss.md b/manuscript/recipes/tiny-tiny-rss.md index 98555a0..19e995f 100644 --- a/manuscript/recipes/tiny-tiny-rss.md +++ b/manuscript/recipes/tiny-tiny-rss.md @@ -20,7 +20,7 @@ description: Geeky RSS reader We'll need several directories to bind-mount into our container, so create them in /var/data/ttrss: -``` +```bash mkdir /var/data/ttrss cd /var/data/ttrss mkdir -p {database,database-dump} @@ -32,7 +32,7 @@ cd /var/data/config/ttrss Create ttrss.env, and populate with the following variables, customizing at least the database password (POSTGRES_PASSWORD **and** DB_PASS) and the TTRSS_SELF_URL to point to your installation. -``` +```bash # Variables for postgres:latest POSTGRES_USER=ttrss POSTGRES_PASSWORD=mypassword @@ -125,4 +125,4 @@ Launch the TTRSS stack by running ```docker stack deploy ttrss -c [![Size](https://images.microbadger.com/badges/image/funkypenguin/athena.svg)](https://hub.docker.com/r/funkypenguin/athena/)| Athena cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/athena.svg)](https://hub.docker.com/r/funkypenguin/athena/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/athena.svg)](https://hub.docker.com/r/funkypenguin/athena/) -[funkypenguin/alertmanager-discord](https://hub.docker.com/r/funkypenguin/alertmanager-discord/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/alertmanager-discord.svg)](https://hub.docker.com/r/funkypenguin/alertmanager-discord/)| AlertManager-compatible webhook to send Prometheus alerts to a Discord channel |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/alertmanager-discord.svg)](https://hub.docker.com/r/funkypenguin/alertmanager-discord/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/alertmanager-discord.svg)](https://hub.docker.com/r/funkypenguin/alertmanager-discord/) -[funkypenguin/aeon](https://hub.docker.com/r/funkypenguin/aeon/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/aeon.svg)](https://hub.docker.com/r/funkypenguin/aeon/)| Aeon cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/aeon.svg)](https://hub.docker.com/r/funkypenguin/aeon/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/aeon.svg)](https://hub.docker.com/r/funkypenguin/aeon/) -[funkypenguin/bittube](https://hub.docker.com/r/funkypenguin/bittube/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/bittube.svg)](https://hub.docker.com/r/funkypenguin/bittube/)| BitTube cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/bittube.svg)](https://hub.docker.com/r/funkypenguin/bittube/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/bittube.svg)](https://hub.docker.com/r/funkypenguin/bittube/) -[funkypenguin/cryptonote-nodejs-pool](https://hub.docker.com/r/funkypenguin/cryptonote-nodejs-pool/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/cryptonote-nodejs-pool.svg)](https://hub.docker.com/r/funkypenguin/cryptonote-nodejs-pool/)| nodeJS-based mining pool for cryptonote-based mining pools, supporting advanced features like email/telegram notifications |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/cryptonote-nodejs-pool.svg)](https://hub.docker.com/r/funkypenguin/cryptonote-nodejs-pool/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/cryptonote-nodejs-pool.svg)](https://hub.docker.com/r/funkypenguin/cryptonote-nodejs-pool/) -[funkypenguin/conceal-core](https://hub.docker.com/r/funkypenguin/conceald/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/conceald.svg)](https://hub.docker.com/r/funkypenguin/conceald//)| Conceal cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/conceald.svg)](https://hub.docker.com/r/funkypenguin/conceald/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/conceald.svg)](https://hub.docker.com/r/funkypenguin/conceald/) -[funkypenguin/git-docker](https://hub.docker.com/r/funkypenguin/git-docker/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/git-docker.svg)](https://hub.docker.com/r/funkypenguin/git-docker/)| Git client in a docker container, for use on immutable OS (Atomic) hosts|[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/git-docker.svg)](https://hub.docker.com/r/funkypenguin/git-docker/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/git-docker.svg)](https://hub.docker.com/r/funkypenguin/git-docker/) -[funkypenguin/home-assistant](https://hub.docker.com/r/funkypenguin/home-assistant/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/home-assistant.svg)](https://hub.docker.com/r/funkypenguin/home-assistant//)| home-assistant |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/home-assistant.svg)](https://hub.docker.com/r/funkypenguin/home-assistant/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/home-assistant.svg)](https://hub.docker.com/r/funkypenguin/home-assistant/) -[funkypenguin/htpc-cron](https://hub.docker.com/r/funkypenguin/htpc-cron/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/htpc-cron.svg)](https://hub.docker.com/r/funkypenguin/htpc-cron/)| htpc-cron |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/htpc-cron.svg)](https://hub.docker.com/r/funkypenguin/htpc-cron/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/htpc-cron.svg)](https://hub.docker.com/r/funkypenguin/htpc-cron/) -[funkypenguin/kepl](https://hub.docker.com/r/funkypenguin/kepl/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/kepl.svg)](https://hub.docker.com/r/funkypenguin/kepl/)| KEPL cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/kepl.svg)](https://hub.docker.com/r/funkypenguin/kepl/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/kepl.svg)](https://hub.docker.com/r/funkypenguin/kepl/) -[funkypenguin/koson](https://hub.docker.com/r/funkypenguin/koson/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/koson.svg)](https://hub.docker.com/r/funkypenguin/koson/)| koson |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/koson.svg)](https://hub.docker.com/r/funkypenguin/koson/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/koson.svg)](https://hub.docker.com/r/funkypenguin/koson/) -[funkypenguin/loki](https://hub.docker.com/r/funkypenguin/loki/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/loki.svg)](https://hub.docker.com/r/funkypenguin/loki/)| loki |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/loki.svg)](https://hub.docker.com/r/funkypenguin/loki/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/loki.svg)](https://hub.docker.com/r/funkypenguin/loki/) -[funkypenguin/masari](https://hub.docker.com/r/funkypenguin/masari/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/masari.svg)](https://hub.docker.com/r/funkypenguin/masari//)| Masari cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/masari.svg)](https://hub.docker.com/r/funkypenguin/masari/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/masari.svg)](https://hub.docker.com/r/funkypenguin/masari/) -[funkypenguin/monero](https://hub.docker.com/r/funkypenguin/monero/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/monero.svg)](https://hub.docker.com/r/funkypenguin/monero/)| Monero cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/monero.svg)](https://hub.docker.com/r/funkypenguin/monero/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/monero.svg)](https://hub.docker.com/r/funkypenguin/monero/) -[funkypenguin/monkeytips](https://hub.docker.com/r/funkypenguin/monkeytips/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/monkeytips.svg)](https://hub.docker.com/r/funkypenguin/monkeytips//)| MonkeyTips cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/monkeytips.svg)](https://hub.docker.com/r/funkypenguin/monkeytips/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/monkeytips.svg)](https://hub.docker.com/r/funkypenguin/monkeytips/) -[funkypenguin/minio](https://hub.docker.com/r/funkypenguin/minio/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/minio.svg)](https://hub.docker.com/r/funkypenguin/minio/)| minio |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/minio.svg)](https://hub.docker.com/r/funkypenguin/minio/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/minio.svg)](https://hub.docker.com/r/funkypenguin/minio/) -[funkypenguin/mqtt-certbot-dns](https://hub.docker.com/r/funkypenguin/mqtt-certbot-dns/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/mqtt-certbot-dns.svg)](https://hub.docker.com/r/funkypenguin/mqtt-certbot-dns/)| mqtt-certbot-dns |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/mqtt-certbot-dns.svg)](https://hub.docker.com/r/funkypenguin/mqtt-certbot-dns/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/mqtt-certbot-dns.svg)](https://hub.docker.com/r/funkypenguin/mqtt-certbot-dns/) -[funkypenguin/munin-server](https://hub.docker.com/r/funkypenguin/munin-server/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/munin-server.svg)](https://hub.docker.com/r/funkypenguin/munin-server/)| munin-server |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/munin-server.svg)](https://hub.docker.com/r/funkypenguin/munin-server/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/munin-server.svg)](https://hub.docker.com/r/funkypenguin/munin-server/) -[funkypenguin/munin-node](https://hub.docker.com/r/funkypenguin/munin-node/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/munin-node.svg)](https://hub.docker.com/r/funkypenguin/munin-node/)| munin-node |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/munin-node.svg)](https://hub.docker.com/r/funkypenguin/munin-node/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/munin-node.svg)](https://hub.docker.com/r/funkypenguin/munin-node/) -[funkypenguin/mwlib](https://hub.docker.com/r/funkypenguin/mwlib/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/mwlib.svg)](https://hub.docker.com/r/funkypenguin/mwlib/)| mwlib |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/mwlib.svg)](https://hub.docker.com/r/funkypenguin/mwlib/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/mwlib.svg)](https://hub.docker.com/r/funkypenguin/mwlib/) -[funkypenguin/mqttwarn](https://hub.docker.com/r/funkypenguin/mqttwarn/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/mqttwarn.svg)](https://hub.docker.com/r/funkypenguin/mqttwarn/)| mqttwarn |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/mqttwarn.svg)](https://hub.docker.com/r/funkypenguin/mqttwarn/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/mqttwarn.svg)](https://hub.docker.com/r/funkypenguin/mqttwarn/) -[funkypenguin/nginx-proxy-letsencrypt](https://hub.docker.com/r/funkypenguin/nginx-proxy-letsencrypt/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/nginx-proxy-letsencrypt.svg)](https://hub.docker.com/r/funkypenguin/nginx-proxy-letsencrypt/)| nginx-proxy-letsencrypt |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/nginx-proxy-letsencrypt.svg)](https://hub.docker.com/r/funkypenguin/nginx-proxy-letsencrypt/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/nginx-proxy-letsencrypt.svg)](https://hub.docker.com/r/funkypenguin/nginx-proxy-letsencrypt/) -[funkypenguin/nzbdrone](https://hub.docker.com/r/funkypenguin/nzbdrone/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/nzbdrone.svg)](https://hub.docker.com/r/funkypenguin/nzbdrone/)| nzbdrone |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/nzbdrone.svg)](https://hub.docker.com/r/funkypenguin/nzbdrone/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/nzbdrone.svg)](https://hub.docker.com/r/funkypenguin/nzbdrone/) -[funkypenguin/owntracks](https://hub.docker.com/r/funkypenguin/owntracks/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/owntracks.svg)](https://hub.docker.com/r/funkypenguin/owntracks//)| Owntracks |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/owntracks.svg)](https://hub.docker.com/r/funkypenguin/owntracks/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/owntracks.svg)](https://hub.docker.com/r/funkypenguin/owntracks/) -[funkypenguin/oauth2_proxy](https://hub.docker.com/r/funkypenguin/oauth2_proxy/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/oauth2_proxy.svg)](https://hub.docker.com/r/funkypenguin/oauth2_proxy/)| OAuth2 proxy supporting self-signed upstream certs |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/oauth2_proxy.svg)](https://hub.docker.com/r/funkypenguin/oauth2_proxy/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/oauth2_proxy.svg)](https://hub.docker.com/r/funkypenguin/oauth2_proxy/) -[funkypenguin/plex](https://hub.docker.com/r/funkypenguin/plex/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/plex.svg)](https://hub.docker.com/r/funkypenguin/plex/)| plex |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/plex.svg)](https://hub.docker.com/r/funkypenguin/plex/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/plex.svg)](https://hub.docker.com/r/funkypenguin/plex/) -[funkypenguin/radarrsync](https://hub.docker.com/r/funkypenguin/radarrsync/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/radarrsync.svg)](https://hub.docker.com/r/funkypenguin/radarrsync/)| Python script to sync multiple Radarr instances |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/radarrsync.svg)](https://hub.docker.com/r/funkypenguin/radarrsync/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/radarrsync.svg)](https://hub.docker.com/r/funkypenguin/radarrsync/) -[funkypenguin/ryo-currency](https://hub.docker.com/r/funkypenguin/ryo-currency/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/ryo-currency.svg)](https://hub.docker.com/r/funkypenguin/ryo-currency/)| RYO cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/ryo-currency.svg)](https://hub.docker.com/r/funkypenguin/ryo-currency/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/ryo-currency.svg)](https://hub.docker.com/r/funkypenguin/ryo-currency/) -[funkypenguin/rtorrent](https://hub.docker.com/r/funkypenguin/rtorrent/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/rtorrent.svg)](https://hub.docker.com/r/funkypenguin/rtorrent/)| rtorrent |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/rtorrent.svg)](https://hub.docker.com/r/funkypenguin/rtorrent/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/rtorrent.svg)](https://hub.docker.com/r/funkypenguin/rtorrent/) -[funkypenguin/sabnzbd](https://hub.docker.com/r/funkypenguin/sabnzbd/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/sabnzbd.svg)](https://hub.docker.com/r/funkypenguin/oauth2_proxy/)| sabnzbd |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/sabnzbd.svg)](https://hub.docker.com/r/funkypenguin/sabnzbd/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/sabnzbd.svg)](https://hub.docker.com/r/funkypenguin/sabnzbd/) -[funkypenguin/turtlecoind](https://hub.docker.com/r/funkypenguin/turtlecoind/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/turtlecoind.svg)](https://hub.docker.com/r/funkypenguin/turtlecoind/)| turtlecoin |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/turtlecoind.svg)](https://hub.docker.com/r/funkypenguin/turtlecoind/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/turtlecoind.svg)](https://hub.docker.com/r/funkypenguin/turtlecoind/) -[funkypenguin/temasek](https://hub.docker.com/r/funkypenguin/temasek/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/temasek.svg)](https://hub.docker.com/r/funkypenguin/temasek/)| temasek |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/temasek.svg)](https://hub.docker.com/r/funkypenguin/temasek/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/temasek.svg)](https://hub.docker.com/r/funkypenguin/temasek/) -[funkypenguin/turtle-pool](https://hub.docker.com/r/funkypenguin/turtle-pool/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/turtle-pool.svg)](https://hub.docker.com/r/funkypenguin/turtle-pool//)| turtle-pool |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/turtle-pool.svg)](https://hub.docker.com/r/funkypenguin/turtle-pool/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/turtle-pool.svg)](https://hub.docker.com/r/funkypenguin/turtle-pool/) -[funkypenguin/turtlecoin](https://hub.docker.com/r/funkypenguin/turtlecoin/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/turtlecoin.svg)](https://hub.docker.com/r/funkypenguin/turtlecoin/)| turtlecoin |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/turtlecoin.svg)](https://hub.docker.com/r/funkypenguin/turtlecoin/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/turtlecoin.svg)](https://hub.docker.com/r/funkypenguin/turtlecoin/) -[funkypenguin/x-cash](https://hub.docker.com/r/funkypenguin/x-cash/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/x-cash.svg)](https://hub.docker.com/r/funkypenguin/x-cash/)| X-CASH cryptocurrency daemon/services |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/x-cash.svg)](https://hub.docker.com/r/funkypenguin/x-cash/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/x-cash.svg)](https://hub.docker.com/r/funkypenguin/x-cash/) -[funkypenguin/xmrig-cpu](https://hub.docker.com/r/funkypenguin/xmrig-cpu/)
[![Size](https://images.microbadger.com/badges/image/funkypenguin/xmrig-cpu.svg)](https://hub.docker.com/r/funkypenguin/xmrig-cpu/)| xmrig-cpu |[![Docker Pulls](https://img.shields.io/docker/pulls/funkypenguin/xmrig-cpu.svg)](https://hub.docker.com/r/funkypenguin/xmrig-cpu/)
[![Docker Stars](https://img.shields.io/docker/stars/funkypenguin/xmrig-cpu.svg)](https://hub.docker.com/r/funkypenguin/xmrig-cpu/)| \ No newline at end of file diff --git a/manuscript/reference/data_layout.md b/manuscript/reference/data_layout.md index 7dd0cb2..77ddb46 100644 --- a/manuscript/reference/data_layout.md +++ b/manuscript/reference/data_layout.md @@ -14,4 +14,4 @@ Runtime data (*typically database files or files-in-use*) are stored in `/var/da ## Static data -Static data goes into `/var/data/[recipe name]`, and includes anything that can be safely backed up while a container is running. This includes database exports of the runtime data above. \ No newline at end of file +Static data goes into `/var/data/[recipe name]`, and includes anything that can be safely backed up while a container is running. This includes database exports of the runtime data above. diff --git a/manuscript/reference/git-docker.md b/manuscript/reference/git-docker.md deleted file mode 100644 index 7e662fa..0000000 --- a/manuscript/reference/git-docker.md +++ /dev/null @@ -1,52 +0,0 @@ -# Introduction - -Our HA platform design relies on Atomic OS, which only contains bare minimum elements to run containers. - -So how can we use git on this system, to push/pull the changes we make to config files? With a container, of course! - -## git-docker - -I [made a simple container](https://github.com/funkypenguin/git-docker/blob/master/Dockerfile) which just basically executes git in the CWD: - -To use it transparently, add an alias for the "git" command, or just download it with the rest of the [handy aliases](https://raw.githubusercontent.com/funkypenguin/geek-cookbook/master/examples/scripts/gcb-aliases.sh): - -``` -alias git='docker run -v $PWD:/var/data -v \ -/var/data/git-docker/data/.ssh:/root/.ssh funkypenguin/git-docker git' -``` - -## Setup SSH key - -If you plan to actually _push_ using git, you'll need to setup an SSH keypair. You _could_ copy across whatever keypair you currently use, but it's probably more appropriate to generate a specific keypair for this purpose. - -Generate your new SSH keypair by running: - -``` -mkdir -p /var/data/git-docker/data/.ssh -chmod 600 /var/data/git-docker/data/.ssh -docker run -v /var/data/git-docker/data/.ssh:/root/.ssh funkypenguin/git-docker ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -``` - -The output will look something like this: -``` -Generating public/private ed25519 key pair. -Enter passphrase (empty for no passphrase): Enter same passphrase again: Created directory '/root/.ssh'. -Your identification has been saved in /root/.ssh/id_ed25519. -Your public key has been saved in /root/.ssh/id_ed25519.pub. -The key fingerprint is: -SHA256:uZtriS7ypx7Q4kr+w++nHhHpcRfpf5MhxP3Wpx3H3hk root@a230749d8d8a -The key's randomart image is: -+--[ED25519 256]--+ -| .o . | -| . ..o . | -| + .... ...| -| .. + .o . . E=| -| o .o S . . ++B| -| . o . . . +..+| -| .o .. ... . . | -|o..o..+.oo | -|...=OX+.+. | -+----[SHA256]-----+ -``` - -Now add the contents of /var/data/git-docker/data/.ssh/id_ed25519.pub to your git account, and off you go - just run "git" from your Atomic host as usual, and pretend that you have the client installed! \ No newline at end of file diff --git a/manuscript/reference/networks.md b/manuscript/reference/networks.md index ef846b5..58ec4dc 100644 --- a/manuscript/reference/networks.md +++ b/manuscript/reference/networks.md @@ -41,4 +41,4 @@ In order to avoid IP addressing conflicts as we bring swarm networks up/down, we | [Duplicati](https://geek-cookbook.funkypenguin.co.nz/recipes/duplicati/) | 172.16.55.0/24 | | [Restic](https://geek-cookbook.funkypenguin.co.nz/recipes/restic/) | 172.16.56.0/24 | | [Jellyfin](https://geek-cookbook.funkypenguin.co.nz/recipes/jellyfin/) | 172.16.57.0/24 | -| [Paperless NG](https://geek-cookbook.funkypenguin.co.nz/recipes/paperless/) | 172.16.58.0/24 | \ No newline at end of file +| [Paperless NG](https://geek-cookbook.funkypenguin.co.nz/recipes/paperless/) | 172.16.58.0/24 | diff --git a/manuscript/reference/oauth_proxy.md b/manuscript/reference/oauth_proxy.md index 5cfe466..101ba53 100644 --- a/manuscript/reference/oauth_proxy.md +++ b/manuscript/reference/oauth_proxy.md @@ -1,3 +1,3 @@ # Oauth2 proxy -I've deprecated the oauth2-proxy recipe in favor of [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). It's infinitely more scalable and easier to manage! \ No newline at end of file +I've deprecated the oauth2-proxy recipe in favor of [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/). It's infinitely more scalable and easier to manage! diff --git a/manuscript/reference/openvpn.md b/manuscript/reference/openvpn.md index dd59bf9..20d4552 100644 --- a/manuscript/reference/openvpn.md +++ b/manuscript/reference/openvpn.md @@ -10,13 +10,13 @@ In my case, I needed each docker node to connect via [OpenVPN](http://www.openvp Yes, SELinux. Install a custom policy permitting a docker container to create tun interfaces, like this: -```` +````bash cat << EOF > docker-openvpn.te module docker-openvpn 1.0; require { - type svirt_lxc_net_t; - class tun_socket create; + type svirt_lxc_net_t; + class tun_socket create; } #============= svirt_lxc_net_t ============== @@ -35,7 +35,7 @@ Even with the SELinux policy above, I still need to insert the "tun" module into Run the following to auto-insert the tun module on boot: -```` +````bash cat << EOF >> /etc/rc.d/rc.local # Insert the "tun" module so that the vpn-client container can access /dev/net/tun /sbin/modprobe tun @@ -47,7 +47,7 @@ chmod 755 /etc/rc.d/rc.local Finally, for each node, I exported client credentials, and SCP'd them over to the docker node, into /root/my-vpn-configs-here/. I also had to use the NET_ADMIN cap-add parameter, as illustrated below: -```` +````bash docker run -d --name vpn-client \ --restart=always --cap-add=NET_ADMIN --net=host \ --device /dev/net/tun \ @@ -55,4 +55,4 @@ docker run -d --name vpn-client \ ekristen/openvpn-client --config /vpn/my-host-config.ovpn ```` -Now every time my node boots, it establishes a VPN tunnel back to my pfsense host and (_by using custom configuration directives in OpenVPN_) is assigned a static VPN IP. \ No newline at end of file +Now every time my node boots, it establishes a VPN tunnel back to my pfsense host and (_by using custom configuration directives in OpenVPN_) is assigned a static VPN IP. diff --git a/manuscript/reference/troubleshooting.md b/manuscript/reference/troubleshooting.md index 2830da9..58e5264 100644 --- a/manuscript/reference/troubleshooting.md +++ b/manuscript/reference/troubleshooting.md @@ -23,4 +23,4 @@ For a visual "top-like" display of your container's activity (_as well as a [det To execute, simply run `docker run --rm -ti --name ctop -v /var/run/docker.sock:/var/run/docker.sock quay.io/vektorlab/ctop:latest` Example: -![](https://github.com/bcicen/ctop/raw/master/_docs/img/grid.gif) \ No newline at end of file +![ctop screenshot](https://github.com/bcicen/ctop/raw/master/_docs/img/grid.gif) diff --git a/manuscript/sections/README.md b/manuscript/sections/README.md index c9efe0d..65d4937 100644 --- a/manuscript/sections/README.md +++ b/manuscript/sections/README.md @@ -1 +1,3 @@ +# What is this? + This directory exists to allow me to pull in markdown docs into the LeanPub book structure, which won't show up in the online version. diff --git a/manuscript/sections/chefs-favorites-docker.md b/manuscript/sections/chefs-favorites-docker.md index 9081880..f3e6a409 100644 --- a/manuscript/sections/chefs-favorites-docker.md +++ b/manuscript/sections/chefs-favorites-docker.md @@ -1,3 +1,3 @@ # Chef's Favorites (Docker) # -The following recipes are the chef's current favorites - these are recipes actively in use and updated by @funkypenguin \ No newline at end of file +The following recipes are the chef's current favorites - these are recipes actively in use and updated by @funkypenguin diff --git a/manuscript/sections/chefs-favorites-kubernetes.md b/manuscript/sections/chefs-favorites-kubernetes.md index 9081880..f3e6a409 100644 --- a/manuscript/sections/chefs-favorites-kubernetes.md +++ b/manuscript/sections/chefs-favorites-kubernetes.md @@ -1,3 +1,3 @@ # Chef's Favorites (Docker) # -The following recipes are the chef's current favorites - these are recipes actively in use and updated by @funkypenguin \ No newline at end of file +The following recipes are the chef's current favorites - these are recipes actively in use and updated by @funkypenguin diff --git a/manuscript/support.md b/manuscript/support.md index b8ad6e0..43df410 100644 --- a/manuscript/support.md +++ b/manuscript/support.md @@ -46,7 +46,7 @@ Found a bug in your soup? Tell the chef by either: ### Buy my book 📖 -I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (https://leanpub.com/geeks-cookbook). +I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (). ### [Sponsor][7] / [Patreonize][8] me 💰 @@ -65,19 +65,17 @@ Impulsively **[click here (NOW quick do it!)][11]** to sponsor me, or instead th Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business! - - -[1]: http://chat.funkypenguin.co.nz -[2]: https://www.youtube.com/watch?v=1qHoSWxVqtE -[3]: https://discourse.geek-kitchen.funkypenguin.co.nz/ -[4]: https://discourse.geek-kitchen.funkypenguin.co.nz/ -[5]: https://discourse.geek-kitchen.funkypenguin.co.nz/ -[6]: https://github.com/funkypenguin/geek-cookbook/issues -[7]: https://github.com/sponsors/funkypenguin -[8]: https://www.patreon.com/funkypenguin -[10]: https://www.patreon.com/bePatron?u=6982506 -[11]: https://github.com/sponsors/funkypenguin -[12]: https://github.com/funkypenguin -[13]: https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url -[14]: https://www.funkypenguin.co.nz -[contact]: https://www.funkypenguin.co.nz \ No newline at end of file +[1]: http://chat.funkypenguin.co.nz +[2]: https://www.youtube.com/watch?v=1qHoSWxVqtE +[3]: https://discourse.geek-kitchen.funkypenguin.co.nz/ +[4]: https://discourse.geek-kitchen.funkypenguin.co.nz/ +[5]: https://discourse.geek-kitchen.funkypenguin.co.nz/ +[6]: https://github.com/funkypenguin/geek-cookbook/issues +[7]: https://github.com/sponsors/funkypenguin +[8]: https://www.patreon.com/funkypenguin +[10]: https://www.patreon.com/bePatron?u=6982506 +[11]: https://github.com/sponsors/funkypenguin +[12]: https://github.com/funkypenguin +[13]: https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url +[14]: https://www.funkypenguin.co.nz +[contact]: https://www.funkypenguin.co.nz diff --git a/mkdocs-material/README.md b/mkdocs-material/README.md index 5187580..030e5e5 100644 --- a/mkdocs-material/README.md +++ b/mkdocs-material/README.md @@ -1 +1,3 @@ +# What is this for? + This directory exists in case we want to add theme overrides (like favicon) diff --git a/mkdocs.yml b/mkdocs.yml index 257d5df..555dd6f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -55,7 +55,6 @@ nav: - Chef's Favorites: - Auto Pirate: - recipes/autopirate/index.md - # - Start: recipes/autopirate.md - Headphones: recipes/autopirate/headphones.md - Heimdall: recipes/autopirate/heimdall.md - Jackett: recipes/autopirate/jackett.md @@ -139,20 +138,8 @@ nav: - OAuth Proxy: reference/oauth_proxy.md - Data Layout: reference/data_layout.md - Networks: reference/networks.md - - Containers: reference/containers.md - - git-docker : reference/git-docker.md - OpenVPN : reference/openvpn.md - Troubleshooting: reference/troubleshooting.md - - Work-in-Progress: - # - MatterMost: recipes/mattermost.md - - IPFS Cluster: recipes/ipfs-cluster.md - - MQTT: recipes/mqtt.md - # - HackMD: recipes/hackmd.md - # - Mastodon: recipes/mastodon.md - # - Mayan EDMS: recipes/mayan-edms.md - # - Shaarli: recipes/shaarli.md - # - UniFi Controller: recipes/unifi-controller.md - # - CyberChef : recipes/cyberchef.md - Kubernetes: - Preparation: - Start: kubernetes/index.md diff --git a/overrides/README-OVERRIDES.md b/overrides/README-OVERRIDES.md deleted file mode 100644 index 907b308..0000000 --- a/overrides/README-OVERRIDES.md +++ /dev/null @@ -1 +0,0 @@ -blah diff --git a/scripts/local-markdownlint-and-fix.sh b/scripts/local-markdownlint-and-fix.sh index 56c92f8..86301cf 100755 --- a/scripts/local-markdownlint-and-fix.sh +++ b/scripts/local-markdownlint-and-fix.sh @@ -1,7 +1,7 @@ docker run --rm \ -v "$(pwd):/data:ro" \ avtodev/markdown-lint:v1 \ - --config /data/.markdownlint.json \ + --config /data/.markdownlint.yaml \ --ignore /data/_snippets \ --fix \ /data/**/*.md diff --git a/scripts/local-markdownlint.sh b/scripts/local-markdownlint.sh index fc125c5..0f0d438 100755 --- a/scripts/local-markdownlint.sh +++ b/scripts/local-markdownlint.sh @@ -1,7 +1,7 @@ docker run --rm \ -v "$(pwd):/data:ro" \ avtodev/markdown-lint:v1 \ - --config /data/.markdownlint.json \ + --config /data/.markdownlint.yaml \ --ignore /data/_snippets \ /data/**/*.md diff --git a/scripts/recipe-footer.md b/scripts/recipe-footer.md index bad2c50..4b04870 100644 --- a/scripts/recipe-footer.md +++ b/scripts/recipe-footer.md @@ -1,3 +1,4 @@ + ///Footnotes Go Here/// Updated @@ -10,11 +11,10 @@ Did you receive excellent service? Want to make your waiter happy? (_..and suppo Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the [RSS feed](https://mastodon.social/@geekcookbook_changes.atom), or leave your email address below, and we'll keep you updated. (*double-opt-in, no monkey business, no spam) +

- - ## Your comments? 💬 -[patreon]: https://www.patreon.com/bePatron?u=6982506 -[github_sponsor]: https://github.com/sponsors/funkypenguin \ No newline at end of file +[patreon]: https://www.patreon.com/bePatron?u=6982506 +[github_sponsor]: https://github.com/sponsors/funkypenguin

ZB6JQfkCLJGaL)EA%t`dtpWde}s7C`Op>`P>Z3^`a|+gmlMTJuo)1$ zj&Du@WTXLndvyz1GCMIhgJh*4GjK-95xG-Izbo}i%U!w~oa|QY^4_^Eid|j47hRX| zo{$v!y7+aW1q1Sx6GATR+xKyS?AP*!^KuR`dyN@TLtp$1Y_e)fF)6^PUHH4Y3{%m_BtREuKmZIn zwM0u+c%U2|e|{_mm^0cW!#N43-hwFk^iK`sjC2u7X>6H7Q;+s?P}4vJ#F;2LDj(bVxU}hK#l}D z;CGAGUV@d3FfDNr#=y)|mR8a`U66XgCYq)E6iJJ-ZN;%0S+}4yyFOrAK`|pLbgOz0 zx%Qh};=QjX4t(H_r%!|>U{ zijead>R>>^sL`tetv?CRc^{3_97V^USFHQD_GEJoH)eY#yOJw&0#e`}dWeR9SA?vV zi4er|6BdVITaT{zWTDw#Til-fB=irM3OiXj#L=+toX#)Im2Ur-KbZwTwqT()MF7Xg zMdUXutzh8nDsuY$Z-dZ(Cinq1(w`f`k||eA3SE~OTlDu-RzAsb!a1O9P-n2C!*k>W z>lqgQcXrlofldR>$>KetjZ0h_fS)d?Tn^MN^IUAYVQA%+Xid9VgBw|Z7CQP*C&6`Y z+tLJg;AjhM8|n_pNBGW!f9nlm#ozOf z1r^>uFp#}OK#U*(YK%p%(FGM9J&OL2#{Wzmm^dJV7##aHACsE+q1jqmMGrd>U-=x% zTG$8;Khd*~*9AxI+l$AcoY!vAJq-DD#Jcbs7_+r)Z%?Fsf__A@FFOk%0seo^(-Qvf zr|8E=Hu~;v6#N*=?Z85j62LydH@*b@eLcH=zs536lpvCI|2Q>t;Ont)rS#7v;X1nk zCX0%a<&4!y#u@PoFMrjXB4Ad*Kc%$;{!bubi|9Vs1BSBk6wA<1vcA{N6;URE^_&gy z-73y0oJb7`vN3Y@Z)_yERG3eb##icOzt`a(sp?VeR~)oJ=Sxl;V81fZ>XCScnv9V| zhxiLF_ocB8aP|W=!0<;Uz99f0#7Q8OA9?19YuRp9KK=#0#1)r zWdE)-{WS9It(fo3W+s=SdVEqTI%uI%+{_>N7wdf_Z?vT{E+73QbSgg#?GKO8Nxf*$ zhksQ1k24NA&I+|m4dc&LS9-(fzzL=QUcvocCqeXgVQr@h;NUPjqE=kA(_{W zc;|&lzumyI_WIB?1R)+izM9Dt1#~LYMopYyxzQ2vO&(Xru+FisU0I*H&x zH3)^lRI`C3sU;Q8^0#!VMwr{5!{$HttQ}ID*Y#ifSFPQZ4dtw?<{IU$s2wF|RWM3r zRgd{?WgMK<4KH=>?8&dZo=lpT{CRUv<#v(i26ypa9aur0Yx~#OM?lVrlFUQz-2CrJ z>9tjj5t3ydbA z^uq=L6-Z`+9tuK1pUPAOS{G){lRPmV6W^^`)ks@@Tnvqf9Sz-rD3S}R8TH2|XUXp} z!S)ZEuuv>m+qVfGA1Yz=b@WE> zh$=U@$6*$lS0;r1Z4qK0x$KOH0B_&4JfmT0yZrT}&|IdS#A4=cdW;({{7ty*-y6}# z9>l1lEKK+BgNe$J(py!|AQ0RvS5z68ODM0}L+B9GCcf`EV%{scl2C5-`SGh=yesI- zX?B=9OU4gwn;=A|CIB^`wkEFer*C!2fbd)aS836~+CX*uxp+e+LYUc(n)r>%}S zPPh|f3*28G9~XF<7-_Py16V7{+uP}-Vm6-deumGRHIHaHb#-e9Z=YN3EatQ<96rvQ zSy_jQ`Lr{>F@3|Km%f#ZM{Wn!um^6l$yYl?odR+t{)7b0(fOZleZ#*Qe}`5>oapgQ z$|nf(hWj~1eu4)H21Fv#PSbl|xZjZABAp?ej&6dgshC(=1>ri%)h(v&;A)@C#g2mI zA=$}3&_th&lxM8j`gfBuCm;k-{Pl0qZ@dxTa8B6ep&_Az zMwjMUvSc}y!qyCXzs`fcV9r{S60*b98oTiZ;h8)RV+Oq;M=;XTRWOwcI6X*fTI~*r z1tIf;qXVlxX1`ISwiM>pL3k_SsdOpH=zlEQXuU#9D+s%#nsChFaKSX|?$)q)tZ`gNd+VNmw4X}? zUbAb1YisPW8Fpsita>CYS5jwzt&O?VocwLiK<%vpt-Mxy*{{kTAgk@YQ|RSbP~qJ4 z&vyf8*_NQ5tX-jr;E5GIuz7FM?uGOmKE<}u$IZJGBReOXb`dW-OG`?*71_dlri~3V zajfM|9j6B^Sy;)9c=V@t0X^3;dH(_>j7DFGO5hG!F6T^>Y{fNYmVb|;%>_A5lZ5YL zAViSgGRbM}7aNq@04$bladYtipa>CQcsik(W~Gt!Rhq~Z4Vq5>6Qgr2jDOp6areUqT^`9=sLFz?>! zYj_7aef#<)Rllj7o19I4@p!D{64Bq}ORin^U~j~QyOzOEtPpo!>(|mb@e>};X|P?g zqxr^CU!QxJXz@;g={d;GY`CApnGvQ~!d75zOfilf0F3P05uqYhf-sY(n6IWHj$5e& z(EWUYEMY;bFI*C2DSb?qq9e2Xi{OpHdj_dvf>Vtke(7UtEHaR+7c(%syo(QRDxXE2 z6Roo`#D#+WjbA+`g;w{g4=Rk~Xds*PGSWW32oz3~7X1T6w;X z;^9R)5pxJgP$rGId?c@{{Ff>?K2nM!#%}8z&C2uYi=YWMc{PNb`Q$IgROGs4eWLxU za(LWn@fb{``%<~$gHQl_b#HZm5-obe}rL zCjXgD$3ul`fxsIh?Ta>qk>X=Ph$#NwS((0mez95hSSvi5W<4T)E+X%KuymwG=-ut~}>!}!VnHy$_k zS6W0+psxViNOH@6x4w4w)7;{Nbu?k#Z3%(i`J^EXd z?S&veW!7)-SbvjB1$?Q zIJ*hnjTrm4pTBMe>D9x;={hG~)5~#M!Yv3WESZ~ni6I)JTN^gc5~Qf)Wi>hKEf8XX zd+c*@MJ(3x$_n|Vl(bcW7z)udPp1rgt9hmIk#TP~DcTeRW-k-QZ&8fWGfdv0HgB2o zooCjweFV%MIfduiJiq1MbEoo!zr|?G?lLHO#;3D+}**#-(GP zxAyOhCStbgq%SR zFD`UP?9fQv!Y9ATP97wwILUGDIxu+bcmMn?4p2EI$ikDEMrEHWX`;C{Ovga3lQ^F> zmftdsaSSY=mib9@_63T-bbcuEzn340&h>kX2ngf1wiJRJYY3iRvtyZoWa(hJpLChqe?-ITQmyrT)F!L)SNw=2SRhySOptWazxL`l%te0_FDA!Un zU^td96)O=08P<7mR7#{IbBbHXd5^#Cw6~b@v_*@yu795VUe{dthk;!b(n%;9cr~Ff z{eiBr;_7#eCNW3<;JE3v&$Wv|OOSc~o1?+0BbB3(H7QQ+F9;_#dc|dG@y>xFeK~)) zyAC!qRVNJ&FJ*awX&Kl*PQL8Vmi2Dxml=@Sz+{IIK>Eh`OOg_cky^3yq;Y5{GQCtb zbU7vbbj6;@Z0qs8UH$TYoo2d@n~x6pIu2ES`j(SmS1o%%Utw`DZ?m11Nh+CczD(j6 zSv!vZ0IL8yp&{84XW(cm;{6xfP8GaG>akVwPZjZg64H!bWMf@CT5CU@n!8Q##PW>~ zaT1a8g>OyMmyg@C_at>nVF@6PR}T>r^52fV)8ZrA7fOTFbrJjU`w83MAHM_Ll=kYzZUW`Wa4$UOF;j@TETS>`ZW;y`_0! zWJyhjh(P5yDhCT7CAIsK5H;ca{9oXdZsl{7G~h;G$=@1R4NW=!s1pYy@ilSXR|fKy zi~SyWBhZP7j&LGye?8~_%0{#$wwx^LUpVQbVZd^82%6g-`jl@oS@~l*MO z0vFt`6U5tE^w5lf%4nisQ(Z|xx#+a$X_FG7GF}*diHp04M*W%R!vnj98TP75?|6@h z)Q6q=EhU})TYMVXxa)6ivO~A8RTZNrbnK=Z7v} zxoIGcRh>Q+eYHZii|T!qOG!;oD!&w6`4LsNLKS{kbFKOAREh7_*F13ZSYkIPXL{Iy z2m-!@{~s3MopGI4p*{QDu<|&O>|>!<;ck9&Ai9H*&2uL(()6SmvDSeI*IAycs7`sX zQbzTr+tF*3*rPL_Z$gDPYp;-(eU#C7n0TZtmKx`wJWb>mpc?9)A1-7_f@f(}<`w#a z;v*DzQVsczvrMhCqSlY5*9%Xk<;#Y4;p1BR273kn=T)Tx!J4H0{=gas!$#l%2ATp9 z98`$Kzt0xKYXGn=I2j)xTi76vE=#U*ml^ed9jNAD;V{m+`QGv~9uqbqvc&PK9SnY_DN?pqcIzby#RBrvDwtKKQHd$g&!}U>*!2oVIg9^Q07W8Y;G3iV3FX#TWFJv zQlZ(|Hh(@cPlNCE$g5x3Am7HsUFt#tbjpcP7;N)V z0%?K&+7N3scf72`YSf@=wmF}hvv78CS#%K*>k#e`743h2K`FtRmYm3qjjv0Zcpd+` zO#zJP>r+LUgpzQM+o@540p_8B@5$x-e;iSVpH{GlszZdENB`D(7{>$U0G|9KUae{T zBVR_J(;#f=2zJzGsbzLp-TC>{Eg9}njtCuW1!+xYbmdEFz#kc%O8(CLaBq(~m**mn z!!|%XriQd2=xlj)K}{vy(9m$snu+~iwcp}l&edt31JWwK#B zJ^hFmmmq#nIQ&sn4rNiFJT)P26L6@2GM8D#FMWYe15F`W43Ds3B_B~&4X%J%y=+?f3?k-b zbf0z2^J!x_)h!_#X>5jMP+x9chTT1ceB54IYPk#e0ZC3y+yjZdCf!m5Z*D_?yep95D!b`vZC)P*>BBD~J>;px+qc{*Oo(4s z0DWL}7uX;t!x}A(VPD4CmM=o7a3>svpB8W)H>E3H7Wzq$Xxm5`E*DU>H)Ny6Uabx) zwTnTh(f^mtf3DU#y`N{Kt<%(>_nwU|YHBu96+Fy;KEy2r7v;^&CV0hD&ZFC>>Eczi7&}q z#`#yB?x_i8hvYATMUje^E?r!gWn$3wCvOCRZit7yaL<8;t>O zB9bpg`4TkdaNr-Mqg+S68Kohg}vK!e5jU0Ti6A+S~^+a z=R%Yr9xAh*grWgmR2;q`VE--xj<)dP8Z(g=B4!Hc+&(`z* zF2_b}x;=~pJ_x#}4q}UO%jRgb$-(5dWw5rzTWZx|VOv++E@jF*s+kHT&AM`6W*iV4 zAm2*|5tj2ekvBpzLYb)J%nttE@NGlCx3;rC@wk^Oa=h~@@AF~(>3K^RO!8su&xIcc z-2qIj_sKC&YRhMEz&k@qekQiqE8?G{}l;uTyC9J4Se%U2!~ zr`F4nQI_r6HkgI6;X(g>6>-J?Oc-CQS0Wh!A;d&uCp{LMi6fW)yMN}P1BGI^lZ-%! zdtJ!IbU>~c_~v~fxXX0^D+rRP0NCO04?%BDQi!arS)^V_HHjo6gmNec=1MUwn?-;F z7OqhP^8@WZF`ru|_8pvPpAx@)KhxQZppm0C)fUUeFP@bbAioMwff2zAJF#H12bWz8 z*IY>Ut!?eQT2~=hrqDe@CT&Ac?2SL^vBjH%?KqC4Y<827^M~!Ytf^lduSjA+=aim_ zphyi+rW|J_WEei0W8^;|Ebx&()Bi@-Now~XXXNn8;5wLhjqTuQNylA)<)kgR=F_pY z=sH<25g8ugpLL;zL}oyc2HW*#mC$rcym-jL=*bGe%oLS( zYJHFAHTwD%gCvR!XP}@UN!-s5-6COuXK)v5Tmxeie_VY|PV_%?8f+tE)!>4(4sPwc zrkQWa1g2FKxi9W9+&~G`K-XC3-kj41;zq-|I5N?mKxgc7W&mbHky$uR>^#OcRmQ=; zeWoDY+fd6L+0eMWn;Mn9Se3Dm9^bQ_>+4y*?Y1^#MV)KMn=3;Xo*b{^bt*cb@a5si@VY^W-GBe> zk5Sd^q}==LPQNWsW9b=fv-@VaoZByLhqgVIRM@MZW*C7SJ$E`BgE(`_7>lks(us%E z&Me8;JMpHWJ8;H}v}x6)D9>t`p`-pGHyaL8(zZ!&?`4|<4`tm|qn!BT754%1T!fyE zzI#e~`ZYr03V;hNmJ^5}yejz&!%n1~f_$Zp*_7OLZqU|HEN=V-Xzoot1tr6iq*-8h zgJ&rz6DbZMbQEGJ!N3O0afK8F%8tE=T@gY~32qpi3=_Mh_Ti+Et2`DQA~^vd)HOMc zdW6v~9`dI~-;9PLfZtwYqV;0?84$~2gZB2jWc%Vk8)H%GKhKbOTDLLx639Ne_{e1m zH`SLM8v(34vo~^zK^1 z|M4iXtuYsLjVtcW7-Up^ee0}mTw6Va1!aY{bdGa}+??_r^-2pr-s~Sqqoxs#FA5#w zi$^_&hr=WTQ35a!0%7-*qeM%KqGdhsyQi|@7znnJw{@%B;lLP_FDU$25Z6x^ zp+ov|kp4T?)DF}C0!gQN^9T#Jd`^3NTS@`>S+Qdh9~0?lA*=1C37Eyg!??uTGJ^oM zroWhEpVUhH@C?G{^`~%NcgNP+k}}=mJY{69trEAKd6%T)RrUAnz>II*(f&nQ=z}nQ z*B>Sx!$BL+8QjrT>YKS~shHtSI+MuqTR=j6^V;io>Tj#P+w5J&v@kg?e*Pzdtd^M$@LHvQFzEI4y#=ukyqi%*&TJD4EF^5>xsu=T4OxEvUI# zw}rytV1hB0AZvcEc_2$u?e3&U4=dm}!cRIT4@;F40GpP(WMzBK>8N-_Wer3Lpz7=E zrTi3uR>qvQYc2fQnkYj#a6c>sJU&=g2ggCq>dAdqsRo$V{~R6tea^w$ZXzQ6=i)BA zG0FUAFZT>STv+=ikc@bf;961vbJP1)^;C2Szt4jmbM~`$#BWJ5VTNnZ;Ns;hiysB_ znqz(S*m?-I#fF-K+25ZRLuErraJCz-mc}l!mdGAr1USho*W(H|(Myq%`2v)9qT1KY<9C`3@A!hr*^{ z?X>}tL-UP1vE2C!w0y+FG&RKEj>^0rDkL_JHXNGx+2RocuN1v9i_p(;l(ME+L|*X=wxB$-oE@ct=!38v?#aTp$>ch!=7;mBmN(_9G^_uMW8!5`O{) ziUc4+GjX5>h#*2(N+>hl_R_|}0#~%W8ac_|D%}ZvN^e@7dlQMno~r zbCeqd8JiUm)r&9_&gbwf}CGPfMgwDIh$JGy%BEDrs!aO~uQrf;Yz;m;P zEX%un9Hux9YRTTcUje)xXiyUEUo_3tn{R6Pj@CD&M2gIWqm%sd^FP7`>AdLWVH(DK z!l;d9k=Zv%^E&z`wcYN>$?J=_&}-eNd%e=n&bO7-^A6X>N%Mi2i~C~93b9aF`b#uW zuy-L+EG**Nw{KO6nUvKd+io7--mPEn`CwpXQks%^xQsRF=*LO`$IaJ>&(lcM-p|R5 z!o1g|iu5n&%O2pq5@8Xh)_sDa#d-)r5-hdob!}A`2I}3LW5T@2CHNa-MnCx_CLyb!9hZZ4fwlNGBy^NQ%!PkY!e@`8mof|+hNL|y*vM1t};QTt-?9^CrMb! z=|$_`q{oZ&cS*o7V7myTAhjYO752gJCv93|Lhl7t^q?MB8wmoUWT^{KRki$QL>bA5 zgNiF=Ry56H-=ySd0o$dFIq{1I5v&2d}UIP<#+x$1)ZDRTvx)>0X;0 zQLM9s;CJ|uLIGVue9mw%U4PPvb~()jz#`$!OxfgL2#yJrRPA1%xPi>_09Gh7lAb3A z#jn_A*Ng|qpjQkKYB((gM?y?^!WuDPwqM0%0e(xOqN(-2W;iBnQxN<==>TCofmmMn z7T(nKxTnuBv*-$k{65L}eN2nN{l15wtDUd%n-lha1(~i>ad;?j*^>ShdU{!587rx+ z>+{SdL&i%}KPV{kgImCd=QlFGRRMWkMd+`Bd%_}~zl;)=S_R5ln0mQ)B1D}7tmaX6|{FdXkf2g?%g*%X9;O|vqdHqGB4!Yk?-{uwjmyNb=25|m;9rr-zL>wTWZJMM5$gE7UucgEq z<1~mMM}F2x#KV7ccvuxl@DUJ>NlutL{~5NJWO{S~AtV{9FMN*<$}=mA5-;ETPY&zf z^epv$ptWv$=;;Uf^J8=v;Kj=1WYrYLi(Mg2m4MHiaje@^MWHO#KqAzU0L&PS!bG)k zaOyQ*-|{7iDJdCYSYjgXYgP8}(%+Fha78f;Ymjv?8>M2ytaVrKC{JbT8$LV=oD?X3 zuWmK`5y#<1Nmf2NC5dI%|B;+J0m~&Y`)vs*)+zi&r5+WO@*9?+?reM^|01J;h2W3- zE1l;3E1c^2vN5%|+dh#!W=lOo;mi_4N+ziUG9QcWp|r6VtfIwPgJPdm{}g}TQ@g}Y z=x#|sI~6&beOqeAc+xhag|o$3jin~AmCV`8OgZS;YP?8kvdRK2OcdjUCy#W-_wq|? z(9Ao0Q99BT!%KqNh`oteF7F+g*Y}M?_P8qek#1Po3Dk5MrjntF_#5SA@6(*P&uxtf zCbb8=X8Tn9O$6~ar&t^<;T8Wi+4L}3Vxd@t%@*UgFAqwMUI(9UGV!KfZr$Dazuef= z9D533@&rEN-p7!`NU&J@{{iH)H6YSvtdJvL?T}3JLKo`oZc@~4^QNqk#CAJqgPe*3 z5WgDfap{jg8)wpGi63AO7Fij=`JryRI!B{Xy^gJZHJiV>&kxH^0C zeTvMigInp!Llh$pQTm;PITay~N;n8=Zf68Um`lZ;-8vsHS5WYe^Z#s^P<8{*hJLdN5vH8Y6LL`$N5qNPr4qm&drXH{ zfv>H>C%mZ|+vW{&**K$VJ3DuArMm`KCwkkf28oS5`g~RW7_26~%b6=KOEDeqlgG_y zEHk4M_%XL@DrywBML106z-ByL0r%@YVt-yXfPSl0!(Q?+oY;&9QHHcB-$urphdRmD zZ!RSPd0X;$Ujt7xS8tC>dK^7zzknhHhIBl!hkhJ0BKLiSPu3}LGi_9&v|pr9-IC{K zndFc-45zQRTfRA&Znwt;W-j=Nt|$zA8pA7rF+;*0;Rcy6G+<{mZn@M0ocdeZX3MdnJ>g3 zXM$EM5d~=sRa!1uNOgv$DU;x5PzMQ_-*GgXGoqHx(d-y#3 zV~znSy_&_cbc}5v=oP;2kiu6vvWVEV%)HmWEsh#yQ=oE)h6#V6cDAMgEmi2hoxA-2 zZiL13SlpREsfh>#VCmfZ?=F^iT= zmhZ6%HS1X~z~vBbv~q2X4-{v>!-U5;Pxj&N)3IesxX{>Lm|Lp1myD5AL9r_hN-K*+Rr~Zn&f%M{UH$0t^8h5ra zSqA>laUS|=s&wF^PpI;}+Ehbfryk{qT_YmcJN^p~R{1I3Wb|5Sgq!_dUMzix@JEf( zW%yQ}NFPNkMWMn|;DFz$?oCecc=@+SeZlO?Ltp^D{WR3Jeeu@$ge zCjEk5d!pq@XCa|JJe#N1;0oUE;DGxqYBYXhiNaWA9*Z}~c$oT57os(|y)Wa>TKt8C ze)O{+wbNF&gt;SHu1?f@$k zTA0tRU47IoBl_*TV@Iz%)m>%y(p6!lkeRzvQ-e;T+ov>JR^nbJHvJ#ko$5%V>Yv;H zMrLIIp=x!1*-qL+5Qe+Dp!$MO-~SV!QPq@3n$k7iH@4J8MMvPdykX0 zS6LR>?Tq$RbbyQ=<3!M(sgg}$;;h;VB)|WVR@zL5`b|U*6n5iZK|Z4ibFZ{6F2mtk zRy^nYbzr;YUY@uRwM8l*LGA4rJfonIMZ3fr^Gk+~td~7^iocd7hCP8L|0qSHQb^OC zmGFxV0|R|bf?747By`rOzQj6LeoC33m;G`wZzT0l0!5B!gj)KRAut$51~5rx=R%|9 z#U*6T>A6WrK7!a;HJTAsWG^wpzK43YVp$5N1%?RA7RvSt!a8#{bY&Ce_j2jH0L%A$ zdf{Ze7z8SgCl${8;TED3VDyPd=?^uZi2%(iEV^e;t`3(80ROHi0nkrdelehsg8+om zd2-$C{o{y@U||vO{_cklE0cGzK3x~hNK2ZShL1{w)<)7FUic?k8B;e4e`8;jic<}= z5#qMSxzkAF+l>>C14=Z*L~>evGm$R2SoYX_m7)r#?Wmvg%wNFHG!^(ht>aw}|2rB; zF!3L!+NKV~=plT|sej1CEKLL(d!?o+^Vgobe8DxR5^u56b7K6$t(?Bfa$?R=Eb}R7 zrg6OwXrd#Zwo^EZ_L$%C;@OY@!*t9Fz4{eQ*YB&vR^;m$-c@$j4_`hxAw=bBfL#Xf z8q2Zgs^g9eWwE0Ua6(o^SV!EQM9L}JdZQICdS$(NeD`_^HSbxUQ`gPQ!y2h{Yjxva z(!cf9q?{?}{_lnE-XR4Kn0#P+sglkUL8pAHNsRKhB}id25V8I==mjKhK)8DbVvL#5 z(=^Bd)clhb$AWs2uCJ*uBANalO=sa3b@P6Gnq4Gz2?-IFW$Es&mF^BfTDn8Jm+o$m z66sbt7U^z~mQp%IQ4oH6KhNv?AI#2PGxM2i&Uv42)O4_2aBb$KfxNJa5EEC3Ai$Lx z2y{iGYXTxOLG`sM-Pni*7i+riXp)%36-D0zL@^aY7Pvqj|EI+^{mNIem_ids#ARG; zd&Xb@i&~h|UFVTsI;fpAs7RA4{1mpN<^Sbwf|4ugE(ju^upY-;eT3yxc+(6$5x=(!src(NGCklpTI|5Hl5?i zC?-|lsY%Hgm+ufxg^7gvL<5!qEHy+X?E@U`&3>AZWkHab6dXdrdC2b_X5uU>5yMer z*4uRtH}-v{7C(JKqVx83h5LWOBRqYomJ<~tA1F!k+!NHsJ~#OFN%i&KU`)v!e})uL zA`ZFi#Ad_{!Y?P`woVYqRUWd$WYcV+FIc9PsLFoe z*Hxs1*c`~07Nqw4QO)^n&S0J;VcGGPyP#M5+nW!=4tR9=)WtDXjW%=Ht^!yLdMw%h z+Jz{d<>lxXuc+y(132k*h825BC-VFI+7ni(f`|{*G`M%}cW3=ZHb*EThE^H30qMLzo*ey?Cx*FB~k| zJgbjL4iotF3bEarK22!eNaHt?^2-^*vt8ZO7T(GPrlD2bUJm}CAV9NB5nww-EqpnUrK)kp2-((z$f;uP? z;)T;Lr&qbKH{=p5P1RKUJwxW>B5!U0+qG-2*t1!h>Zg{sc6D^*9Uc?m?ACT1Pf5!Q zi+%_+1hqvpZWt6x8eR9{ayumgTLI)kfLDmD#zfwIBgWX}oy;Z`eOCaAgYP6`Mn}`G zLrfZF?A9LgKO#-09ZZn}=XwxXnA0(Af}4Epo2PU^dE)MB>g`|V`M|fZt12&-!BDzFY2G^9zh}=g zl`%orRa#QeTjTO9b;_QY&ou96sRXE+-?#9ODLT-kE9aGJ_Ydh$QsWgfe?zU)jj=*10&RU9X1tk*XP4vpkkEl3|PcrSeLGBi}hF}a3(wc|0ZL-26`o$7Fn=9(f#Py$A$E#~)$o8X zL0{L`3IU`=^t-oJ&f0g;}PPTclyK^v6xqV728PwUhmC<3@G`j66P2n`&+L)@$ zzpmRSKVBx#VxJ{M#U=(qc(z4$D%d4)OD>P3IrB8s8`=c5m^P`FG5MZ6kE3YGivxC& zmpue)k<03(Uz2uk4+g%c+$E9u%(4-F$v6y{nW7IgOSZoOFhOLOA{t{-9?$wdnM?Yf z0M4|UeL|ghn}<~dalrtK5U4L%3gTskL=-GRh@*yNrk;ovKLvVvZrEeGv-(nuxqFp% z1`XLieSOIsM^DT<&8cP}Y?UOlmZmYXe8+ch#as7OcEe1~hU|Ny1i;?|<}jNt{bdx% zd$u0l2l(Fodo*b1ed6ipeUI6qN*1(-NA-H_vb~|eg(2Jo8gs)TlMwl^^p29jKUYy8 z?&g+vZ(c>W7wk}xjwALts~(WRpA1fIo-xHqqbk`5H`5}B#57!#BWCggeiDu4EwQhS z*+l(b7Gw$ueV~}5D)Cq|)^C}R20@LxeL}xQkT~MYw72GPNP}#^z|W#J znxwzZb%HOm;w&)h-7PDuYSF7iDtRPWX z_mSwG z-X8(+Lu0|BmqHqY>X5}d!eugFj9*x5&+r9{2aoK1bFqF4=JeB3tQMT38x#ta*b`S; z9EnLt4$OTbu?tQ8=l%@&;%%Z-yE)CS>WGQ(u6+D-or*1Fgk{c(xC2YrB&=&xW3oz| zi-OlAHAjBWDMm_Xvl@lBpe+mI%I(D?X1HLHh%8ZnmPZpau<@qo-3GqIgSrhm@W7!NKufb0_ItE z<8w=XH+@K_a`&P-`k>zv_G;Gi=EgMY!}1{zV=Gz2E&dmXx*OP%5WQPoZgjrF%1fA_ zDn0nG0?@6Hewk@kCiYpY!p($T;YgVSrw0=qcZ6HI5qx<;pO820-%o^f{{0ee`vGpJnRzGr1^|DijC^cj7JnYS@Hg2OqohI~C7zo{ z{2DOL<^NR2v+-&F%k=OFWJ7Y(-oq!2O(qUh>h{nSa0Yp3(|70%Yzt|BI;}A%+g03y z0N(7Q_ItA3b(D>`g5w=IO+p5<(rbqIyzN|eZ(9v(z+V(ixpMo$g?UI4J9l|W{8Gto zcJ1tXshsQ{UNfww7;Q1X5NE?x!4tBj5dDyaY*W-sJ3;|UGi@eM%oYYdS9@NbVR6+6 zAm5_FIbGW_wCC+&*nK6x9byYOE#rr#*QGk)}i^dBsq2+_vYFAp zM)HRZ-PA!>nL8EC-SxBK;2<9OL86Qz+YjrC=kU)_YT$!aM7ol+`q^$usrxW60O=b}KE4)ug_NFd-lQK^%%_=Ins-Tw?0KEl z!(4|$SL>ABvsU!8bZw$}OwDk5s`o-HNh$r)>OA%6T6ZimC-x8;co$rJbT4`Fih=b@ zWb-q=9AXS?)$1In>}FL;AG_OwZ#CTriDW(dB&%Q#eIMAu^92Lvx7aK{hC#t^Cg4E) zvd@;y6DnB@N^~SIc;k&R>Us0sfF>J9t^kuS^`D#Nl#=+YjShXaOLHwHAzj;Z>>^^Q zcLmMcVYi>l<1v2@(fNlL#DZj25p~46P%Q3K<2@1xLJxjv7&2!P-KBb{D;FaTu!{8g z^(F}9pnREVxN8(5Zj#tYF>i(q+n~rpaLZzLH=!_*2vFp=ABBvVa(8y`0braZK8YD4 zFqM-FEm=(PKd$$H;+mAg&cMSQ*7D)Xig797r;GW`&B1}}7Udsh3lgp}Y{j1su*AlWw@1I& z!)Wx5)}mveWww$`8p3p+{KhrtM>uW5{vLL1YHCAr1+0?2HZkQ{)4`i{rOD;BdCSMa zV-hu;^-p_r!7Ox=q$#=azvoHh(o?sp?d<73`6_~_CO=#YZIh1Fy&?y`BosT% zLIcGq;=^rg^?<27&+k#R1>`yuxnnjroYp6WPOV#cTPy{*B}}kX>U&7;F=!|{>jZWU zHR{zk{|kAs7jHsbp`(v$5mUzkX2G`LY_|LqF zOua~DIQ_JJ-(*;8W&HobW?7;SjeM@xtkq!NaCMHwvz_km-2#5;_BS$tGF z9v{H5Uzp{`Y%I0WXshM#7y%{FFR74%f-R}l=#E@Qk6}eZ_@o+?5Caq}Ca{FN3(J$_ z^Q`=X@z#l^(*%S_cj&Vw3~w~lZ9!bE=}a3=81?NYM`M=^Ibq~A@?ZfK*qKmWonSqz zQ4)h8y}O|M(r_-}DiEZz#wp!|! zy@7tdtsX$+vrN=vuiqYAI687n(L{H(xp;S^;d3$Ux~u+pM`p^&5jjAxJCknk{A=XY z`7iA|<@U|>^NIn-;#Q;UUO&WzQZ6^%P!_N008pADqs0(LB>g=((V~`UWxYq48?tYO zcb2Fl85hgfL5)V2&T$WqGZ_7=?a@jNo$yQZ{9E45B@n+WIbRw+d#pth#hYrLQUMi7 zsK8JTO+s_5{p~jCTW$T}Z3yhR#9ki<0uumrQYJCduYnp+8YA9rU^bGtXj5p>uh%Y76>bND5}VS7Bl4iK&U