From 57f7268b9ffc1a6fcb1389ec76311cc5cc91e507 Mon Sep 17 00:00:00 2001
From: David Young <davidy@funkypenguin.co.nz>
Date: Wed, 22 Feb 2023 22:26:43 +1300
Subject: [PATCH] Add post on proxmox MTU vs VLAN

Signed-off-by: David Young <davidy@funkypenguin.co.nz>
---
 _snippets/channels.md                         |  24 +
 _snippets/common-links.md                     |   1 +
 ...xmox-7-3-enforces-mtu-breaks-vault-raft.md | 175 +++++
 docs/community/discord.md                     |  35 +-
 docs/community/matrix.md                      | 102 +++
 docs/community/slack.md                       |  48 ++
 docs/images/blog/proxmox-set-mtu-1.png        | Bin 0 -> 36067 bytes
 docs/recipes/kubernetes/matrix.md             | 612 ++++++++++++++++++
 mkdocs.yml                                    |  11 +-
 9 files changed, 981 insertions(+), 27 deletions(-)
 create mode 100644 _snippets/channels.md
 create mode 100644 docs/blog/posts/notes/proxmox-7-3-enforces-mtu-breaks-vault-raft.md
 create mode 100644 docs/community/matrix.md
 create mode 100644 docs/community/slack.md
 create mode 100644 docs/images/blog/proxmox-set-mtu-1.png
 create mode 100644 docs/recipes/kubernetes/matrix.md

diff --git a/_snippets/channels.md b/_snippets/channels.md
new file mode 100644
index 0000000..9895140
--- /dev/null
+++ b/_snippets/channels.md
@@ -0,0 +1,24 @@
+## Channels
+
+### 📔 Information
+
+| Channel Name       | Channel Use                                                |
+|--------------------|------------------------------------------------------------|
+| #announcements     | Used for important announcements                           |
+| #changelog         | Used for major changes to the cookbook (to be deprecated)  |
+| #cookbook-updates  | Updates on all pushes to the master branch of the cookbook |
+| #premix-updates    | Updates on all pushes to the master branch of the premix   |
+
+### 💬 Discussion
+
+| Channel Name   | Channel Use                                              |
+|----------------|----------------------------------------------------------|
+| #introductions | New? Pop in here and say hi :)                           |
+| #general       | General chat - anything goes                             |
+| #cookbook      | Discussions specifically around the cookbook and recipes |
+| #kubernetes    | Discussions about Kubernetes                             |
+| #docker-swarm  | Discussions about Docker Swarm                           |
+| #today-i-learned              | Post tips/tricks you've stumbled across
+| #jobs            | For seeking / advertising jobs, bounties, projects, etc |
+| #advertisements   | In here you can advertise your stream, services or websites, at a limit of 2 posts per day                           |
+| #dev              | Used for collaboration around current development.                                                    |
diff --git a/_snippets/common-links.md b/_snippets/common-links.md
index 6003ccf..d81ab31 100644
--- a/_snippets/common-links.md
+++ b/_snippets/common-links.md
@@ -29,6 +29,7 @@
 [jellyfin]:             /recipes/jellyfin/
 [k8s/invidious]:        /recipes/kubernetes/invidious/
 [k8s/mastodon]:         /recipes/kubernetes/mastodon/
+[k8s/matrix]:           /recipes/kubernetes/matrix/
 [metallb]:              /kubernetes/loadbalancer/metallb/
 [kavita]:               /recipes/kavita/
 [keycloak]:             /recipes/keycloak/
diff --git a/docs/blog/posts/notes/proxmox-7-3-enforces-mtu-breaks-vault-raft.md b/docs/blog/posts/notes/proxmox-7-3-enforces-mtu-breaks-vault-raft.md
new file mode 100644
index 0000000..498555d
--- /dev/null
+++ b/docs/blog/posts/notes/proxmox-7-3-enforces-mtu-breaks-vault-raft.md
@@ -0,0 +1,175 @@
+---
+date: 2023-02-22
+categories:
+  - note
+tags:
+  - proxmox
+title: Proxmox 7.3 enforces 1500 MTU, breaks previously-working jumbo-framed VMs
+description: Since upgrading to Proxmox 7.3, I discovered that my vault cluster was failing to sync. Turns out, a new setting enforcing a default MTU per-VM was the culprit!
+---
+
+# That time when a Proxmox upgrade silently capped my MTU
+
+I feed and water several Proxmox clusters, one of which was recently upgraded to PVE 7.3. This cluster runs VMs used to build a CI instance of a bare-metal Kubernetes cluster I support. Every day the CI cluster is automatically destroyed and rebuilt, to give assurance that our recent changes haven't introduced a failure which would prevent a re-install.
+
+Since the PVE 7.3 upgrade, the CI cluster has been failing to build, because the out-of-cluster Vault instance we use to secure etcd secrets, failed to sync. After much debugging, I'd like to present a variation of a [famous haiku](https://www.cyberciti.biz/humour/a-haiku-about-dns/)[^1] to summarize the problem:
+
+> It's not MTU! <br>
+> There's no way it's MTU! <br>
+> It was MTU.
+
+Here's how it went down...
+
+<!-- more -->
+
+## Vault fails to sync
+
+We're using Hashicorp vault in HA mode with [integrated (raft) storage](https://developer.hashicorp.com/vault/docs/concepts/integrated-storage), and [AWSKMS auto-unsealing](https://developer.hashicorp.com/vault/docs/configuration/seal/awskms). All you have to do is initialize vault on your first node, and then include something like this in other nodes:
+
+```
+storage "raft" {
+  path = "/var/lib/vault"
+  node_id = "grumpy"
+
+  retry_join {
+    leader_api_addr = "https://192.168.37.11:8200"
+    leader_ca_cert_file = "/etc/kubernetes/pki/vault/ca.pem"
+  }
+  retry_join {
+    leader_api_addr = "https://192.168.37.12:8200"
+    leader_ca_cert_file = "/etc/kubernetes/pki/vault/ca.pem"
+  }
+  retry_join {
+    leader_api_addr = "https://192.168.37.13:8200"
+    leader_ca_cert_file = "/etc/kubernetes/pki/vault/ca.pem"
+  }
+}
+```
+
+When vault starts up, it'll look for the leaders in the `retry_join` config, attempt to connect to them, and use raft magic to unseal themselves and join the raft.
+
+On our victim cluster, instead of happily joining the raft, the other nodes were logging messages like this:
+
+```bash
+Feb 22 00:38:04 plum vault[32791]: 2023-02-22T00:38:04.126Z [INFO]  core: stored unseal keys supported, attempting fetch
+Feb 22 00:38:04 plum vault[32791]: 2023-02-22T00:38:04.126Z [WARN]  failed to unseal core: error="stored unseal keys are supported, but none were found"
+Feb 22 00:38:04 plum vault[32791]: 2023-02-22T00:38:04.648Z [ERROR] core: failed to retry join raft cluster: retry=2s err="failed to send answer to raft leader node: context deadline exceeded"
+Feb 22 00:38:06 plum vault[32791]: 2023-02-22T00:38:06.648Z [INFO]  core: security barrier not initialized
+Feb 22 00:38:06 plum vault[32791]: 2023-02-22T00:38:06.655Z [INFO]  core: attempting to join possible raft leader node: leader_addr=https://192.168.20.11:8200
+Feb 22 00:38:06 plum vault[32791]: 2023-02-22T00:38:06.655Z [INFO]  core: attempting to join possible raft leader node: leader_addr=https://192.168.20.13:8200
+Feb 22 00:38:06 plum vault[32791]: 2023-02-22T00:38:06.655Z [INFO]  core: attempting to join possible raft leader node: leader_addr=https://192.168.20.12:8200
+Feb 22 00:38:06 plum vault[32791]: 2023-02-22T00:38:06.657Z [ERROR] core: failed to get raft challenge: leader_addr=https://192.168.20.13:8200
+Feb 22 00:38:06 plum vault[32791]:   error=
+Feb 22 00:38:06 plum vault[32791]:   | error during raft bootstrap init call: Error making API request.
+Feb 22 00:38:06 plum vault[32791]:   |
+Feb 22 00:38:06 plum vault[32791]:   | URL: PUT https://192.168.20.13:8200/v1/sys/storage/raft/bootstrap/challenge
+Feb 22 00:38:06 plum vault[32791]:   | Code: 503. Errors:
+Feb 22 00:38:06 plum vault[32791]:   |
+Feb 22 00:38:06 plum vault[32791]:   | * Vault is sealed
+Feb 22 00:38:06 plum vault[32791]:
+```
+
+!!! note
+    In hindsight, the `context deadline exceeded` was a clue, but it was hidden in the noise of multiple nodes failing to join each other.
+
+I discovered that an identical CI cluster on a non-upgrading proxmox didn't exhibit the error.
+
+After exhausting all the conventional possibilites (*vault cli version mismatch, SSL issues, DNS*), I decided to check whether MTU was still working (*this cluster had worked fine until recently*).
+
+Using `ping -M do 4000 <target>`, I was surprised to discover that my CI VMs could **not** ping each other with unfragmented, large payloads. I checked the working cluster - in that environment, I **could** pass large ping payloads.
+
+## It's MTU, right?
+
+> "Ha! The VMs MTUs must be set wrong!" - me
+
+Nope. Checked that:
+
+```yaml
+network:
+    version: 2
+    ethernets:
+        ens18:
+            dhcp4: no
+            optional: true
+            mtu: 8894
+        ens19:
+            dhcp4: no
+            optional: true
+            mtu: 8894
+    bonds:
+        cluster:
+            mtu: 8894
+    <snip the irrelevant stuff>
+```
+
+## Proxmox upgrade broke MTU?
+
+> "OK, so maybe the proxmox upgrade has removed the MTU we set on the bridge." - also me
+
+Nope. Still good:
+
+```bash
+root@proxmox:~# cat /etc/network/interfaces
+auto lo
+iface lo inet loopback
+
+iface eno1np0 inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+	address 10.0.1.215
+	netmask 255.255.255.0
+	gateway 10.0.1.1
+	bridge_ports eno1np0
+	bridge_stp off
+	bridge_fd 0
+	mtu 9000
+
+iface eno2np1 inet manual
+root@proxmox:~#
+```
+
+> "Huh." - me, final state
+
+OK, so every NIC on this proxmox host **should** be at MTU 9000, right?
+
+Well, not exactly...
+
+```bash
+root@proxmox:~# ip link list | grep mtu
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+2: eno1np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master vmbr0 state UP mode DEFAULT group default qlen 1000
+3: eno2np1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
+4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP mode DEFAULT group default qlen 1000
+<snip>
+13: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0v180 state UNKNOWN mode DEFAULT group default qlen 1000
+14: tap100i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0v42 state UNKNOWN mode DEFAULT group default qlen 1000
+```
+
+## MTU is broken on Proxmox :(
+
+Aha, what is going on here? Every interface seems to have been set to an MTU of 1500.
+
+In PVE 7.3, we now have the option to set the MTU of each network interface. This defaults to `1500`, but by setting to the magic number of `1`, the interface MTU will align with the MTU of its bridge.
+
+So we should be able to just set each interface's MTU to `9000`, right?
+
+Well no. Not if we're using VLANs (*which, of course we are, in a multi-networked replica of a real cluster, complete with multi-homed virtual firewalls!*)
+
+It seems that the addition of MTU settings to Proxmox virtio NICs via the UI has broken the way that MTU is set on the tap interfaces on the proxmox hypervisor.
+
+If you use a VLAN tag, your MTU is fixed at `1500`, regardless of what you set. If you **don't** use a VLAN tag, your MTU is set to the MTU of your bridge (*the old behaviour*), regardless of what you set.
+
+So I created a [bug report](https://bugzilla.proxmox.com/show_bug.cgi?id=4547).
+
+## Workaround for Proxmox MTU issue
+
+I was hoping to be able to post a workaround here, a method to allow us to continue to use jumbo frames in our VLAN-aware CI cluster environment. Unfortunately, I've not been able to find a way to make this work, so until the bug is fixed, I've had to revert my CI clusters to a `1500` MTU, which now represents a minor deviation from our production clusters :(
+
+## Summary
+
+MTU issues cause mysterious failures in mysterious ways. Always test your MTU using `ping -M do -s <a big number> <target>`, to ensure that you actually **can** pass larger-than-normal packets!
+
+[^1]: If it's not DNS, it's probably MTU.
+
+--8<-- "blog-footer.md"
diff --git a/docs/community/discord.md b/docs/community/discord.md
index faad220..cafcd6c 100644
--- a/docs/community/discord.md
+++ b/docs/community/discord.md
@@ -38,13 +38,18 @@ Your report message will immediately be deleted from the channel, and an alert r
 
 ### 📔 Information
 
+The following channels are automated, and provide updates for issues like new PRs, subreddit posts, etc:
+
+
 | Channel Name       | Channel Use                                                |
 |--------------------|------------------------------------------------------------|
 | #announcements     | Used for important announcements                           |
 | #changelog         | Used for major changes to the cookbook (to be deprecated)  |
 | #cookbook-updates  | Updates on all pushes to the master branch of the cookbook |
 | #premix-updates    | Updates on all pushes to the master branch of the premix   |
-| #discourse-updates | Updates to Discourse topics                                |
+| #forum-threads     | Updates to Discourse topics                                |
+| #subreddit-posts   | New topics in r/funkypenguin                               |
+
 
 ### 💬 Discussion
 
@@ -57,30 +62,15 @@ Your report message will immediately be deleted from the channel, and an alert r
 | #docker-swarm  | Discussions about Docker Swarm                           |
 | #today-i-learned              | Post tips/tricks you've stumbled across
 | #jobs            | For seeking / advertising jobs, bounties, projects, etc |
-| #advertisements   | In here you can advertise your stream, services or websites, at a limit of 2 posts per day                           |
+| #promotion   | In here you can advertise your stream, services or websites, at a limit of 2 posts per day                           |
 | #dev              | Used for collaboratio around current development.                                                    |
 
-### Suggestions
-
-| Channel Name | Channel Use                         |
-|--------------|-------------------------------------|
-| #in-flight   | A list of all suggestions in-flight |
-| #completed   | A list of completed suggestions     |
-
-### Music
-
-| Channel Name     | Channel Use                       |
-|------------------|-----------------------------------|
-| #music           | DJs go here to control music      |
-| #listen-to-music | Jump in here to rock out to music |
-
 ## How to get help.
 
 If you need assistance at any time there are a few commands that you can run in order to get help.
 
-`!help` Shows help content.
-
-`!faq` Shows frequently asked questions.
+* `!help` Shows help content.
+* `!faq` Shows frequently asked questions.
 
 ## Spread the love (inviting others)
 
@@ -95,10 +85,3 @@ Discord supports minimal message formatting using [markdown](https://support.dis
 
 !!! tip "Editing your most recent message"
     You can edit your most-recent message by pushing the up arrow, make your edits, and then push `Enter` to save!
-
-## How do I suggest something?
-
-1. Find the #completed channel (*under the **Suggestions** category*), and confirm that your suggestion hasn't already been voted on.
-2. Find the #in-flight channel (*also under **Suggestions***), and confirm that your suggestion isn't already in-flight (*but not completed yet*)
-3. In any channel, type `!suggest [your suggestion goes here]`. A post will be created in #in-flight for other users to vote on your suggestion. Suggestions change color as more users vote on them.
-4. When your suggestion is completed (*or a decision has been made*), you'll receive a DM from carl-bot
diff --git a/docs/community/matrix.md b/docs/community/matrix.md
new file mode 100644
index 0000000..b0a7e9e
--- /dev/null
+++ b/docs/community/matrix.md
@@ -0,0 +1,102 @@
+---
+title: Geek out with Funky Penguin's Matrix Server
+description: Geek out in the Fediverse with our Matrix instance!
+icon: simple/matrix
+status: new
+---
+
+# How to geek out in [m]atrix
+
+If you're hesitant to dip your toes into the wall-garden of our [Discord server](http://chat.funkypenguin.co.nz), then Matrix is the place for you!
+
+!!! question "Eh? What's this federated chat thing? Who own my data? (/puts on tin-foil hat) !!"
+    Yeah, I know. I also thought Discord was just for the gamer kids, but it turns out it's great for a geeky community. Why? [Let me elucidate ya.](https://www.youtube.com/watch?v=1qHoSWxVqtE)..
+
+    1. Native markdown for code blocks
+    2. Drag-drop screenshots
+    3. Costs nothing, no ads
+    4. Mobile notifications are reliable, individual channels mutable, etc
+
+## How do I join the Matrix server?
+
+1. If you already have a matrix account, you can use it to access our server (the magic of federation). See the channels list below for details
+2. If you don't have an account yet, [create one](https://m.fnky.nz), using your email address, or just login with GitHub
+3. Use the WebUI, or get one of the [many available](https://matrix.org/clients/) mobile / desktop clients
+4. Join the channels you're interested in (*below*)! and say hi!
+
+## How do I search?
+
+Maybe it's just my years of using Discord, but I expected to be able to enter any search string in the main "search" field in my Matrix client, and have the relevant messages surfaced. Turns out, that's not how it works! The primary "search" field in the Elements UI, for example, searches **room names** (*i.e., show me all the rooms matching the string "chat"*). To search **within** a room, it's necessary to first navigate to that room, and then "room search" is a contextual action you can take **within** the room. I've not yet found out how do a partial string match though (*"chatgpt" matches, but "chatgp" does no*t).
+
+
+## Code of Conduct
+
+With the goal of creating a safe and inclusive community, we've adopted the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/), as described [here](/community/code-of-conduct/), and use of the Matrix instance is subject to this code of conduct.
+
+## Channels
+
+### 📔 Information
+
+| Channel Name       | Channel Use                                                |
+|--------------------|------------------------------------------------------------|
+| [#announcements](https://matrix.to/#/#announcements:m.fnky.nz)     | Used for important announcements                           |
+| #cookbook-updates  | Updates on all pushes to the master branch of the cookbook |
+| #premix-updates    | Updates on all pushes to the master branch of the premix   |
+| #discourse-updates | Updates to Discourse topics                                |
+
+### 💬 Discussion
+
+| Channel Name   | Channel Use                                              |
+|----------------|----------------------------------------------------------|
+| #introductions | New? Pop in here and say hi :)                           |
+| [#general](https://matrix.to/#/#general:m.fnky.nz)       | General chat - anything goes                             |
+| [#cookbook](https://matrix.to/#/#cookbook:m.fnky.nz)      | Discussions specifically around the cookbook and recipes |
+| [#kubernetes](https://matrix.to/#/#kubernetes:m.fnky.nz)    | Discussions about Kubernetes                             |
+| [#docker-swarm](https://matrix.to/#/#docker-swarm:m.fnky.nz)  | Discussions about Docker Swarm                           |
+| #today-i-learned              | Post tips/tricks you've stumbled across
+| [#jobs](https://matrix.to/#/#jobs:m.fnky.nz)            | For seeking / advertising jobs, bounties, projects, etc |
+| [#advertisements](https://matrix.to/#/#advertisments:m.fnky.nz)   | In here you can advertise your stream, services or websites, at a limit of 2 posts per day                           |
+| [#dev](https://matrix.to/#/#dev:m.fnky.nz)              | Used for collaboratio around current development.                                                    |
+
+### Suggestions
+
+| Channel Name | Channel Use                         |
+|--------------|-------------------------------------|
+| #in-flight   | A list of all suggestions in-flight |
+| #completed   | A list of completed suggestions     |
+
+### Music
+
+| Channel Name     | Channel Use                       |
+|------------------|-----------------------------------|
+| #music           | DJs go here to control music      |
+| #listen-to-music | Jump in here to rock out to music |
+
+## How to get help.
+
+If you need assistance at any time there are a few commands that you can run in order to get help.
+
+`!help` Shows help content.
+
+`!faq` Shows frequently asked questions.
+
+## Spread the love (inviting others)
+
+Invite your co-geeks to Discord by:
+
+1. Sending them a link to <http://chat.funkypenguin.co.nz>, or
+2. Right-click on the Discord server name and click "Invite People"
+
+## Formatting your message
+
+Discord supports minimal message formatting using [markdown](https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-).
+
+!!! tip "Editing your most recent message"
+    You can edit your most-recent message by pushing the up arrow, make your edits, and then push `Enter` to save!
+
+## How do I suggest something?
+
+1. Find the #completed channel (*under the **Suggestions** category*), and confirm that your suggestion hasn't already been voted on.
+2. Find the #in-flight channel (*also under **Suggestions***), and confirm that your suggestion isn't already in-flight (*but not completed yet*)
+3. In any channel, type `!suggest [your suggestion goes here]`. A post will be created in #in-flight for other users to vote on your suggestion. Suggestions change color as more users vote on them.
+4. When your suggestion is completed (*or a decision has been made*), you'll receive a DM from carl-bot
diff --git a/docs/community/slack.md b/docs/community/slack.md
new file mode 100644
index 0000000..059e56e
--- /dev/null
+++ b/docs/community/slack.md
@@ -0,0 +1,48 @@
+---
+title: Engage with the Geek Cookbook in GitHub
+description: How to use GitHub to interact with the Geek Cookbook community
+icon: fontawesome/brands/slack
+status: new
+---
+
+# How to geek on Slack
+
+## Get yer invite!
+
+Joing a Slack server requires an invite. To get yours, go [here](https://communityinviter.com/apps/funkypenguin/geek-with-us), or use the form below:
+
+<div id="CommunityInviter"></div>
+<script>
+  window.CommunityInviterAsyncInit = function () {
+    CommunityInviter.init({
+      app_url:'geek-with-us',
+      team_id:'funkypenguin'
+   })
+  };
+
+  (function(d, s, id){
+    var js, fjs = d.getElementsByTagName(s)[0];
+    if (d.getElementById(id)) {return;}
+    js = d.createElement(s); js.id = id;
+    js.src = "https://communityinviter.com/js/communityinviter.js";
+    fjs.parentNode.insertBefore(js, fjs);
+  }(document, 'script', 'Community_Inviter'));
+</script>
+
+## Code of Conduct
+
+With the goal of creating a safe and inclusive community, we've adopted the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/), as described [here](/community/code-of-conduct/). Use of the Slack server is subject to this code of conduct.
+
+## Spread the love (inviting others)
+
+Invite your co-geeks to Slack by sending them a link to this page, or directly to the [invite generator](https://communityinviter.com/apps/funkypenguin/geek-with-us)
+
+## Formatting your message
+
+See Slack's help page on formatting messages, [here](https://slack.com/help/articles/202288908-Format-your-messages).
+
+!!! tip "Editing your most recent message"
+    You can edit your most-recent message by pushing the up arrow, make your edits, and then push `Enter` to save!
+
+
+--8<-- "common-links.md"
diff --git a/docs/images/blog/proxmox-set-mtu-1.png b/docs/images/blog/proxmox-set-mtu-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..d33a566ae0e9815ea5045bd3d5a5c7aa7e8774a6
GIT binary patch
literal 36067
zcmZU*1y~hb_x}xtlsup`2uOE#hcqHmhwhT@ZV-?VX{3}?y1S*jyStHYcn6>R_V)LG
zy{>beBQvvS&)T)tXMOjCzI`K!iiD2@1qFpFEhYXA3JPQh1qIEF2oL<_me;u!_=0wL
zCn*Y5G)TAu{KwT8B5fis4@C?7MudWe#)pD?ItBO$LKFP?Edfmp1@rswASkF{b12w<
z&UpiTKmCgWK2O*D?;GYT^gm|<fBOph_iT{iSD1f)Lo+{Jw%FYF0r+}mE2ZuL1%*xV
z^nsRsNB#>6N*GF7TtwLwdOsB*5$pBE1^Uk@2efE%JZ92Y{umt<o8fp4gFJ<YOEunm
zc@~hdFIWz3DJ-NU)c!_MDGr04_jKQ@Y=%--2K!T!_}Grz(wd0!>gsL|c9m>W9qO!u
zzKI1}r|>%EO%!R*T}&IIi*Z^`>j^#Hl{2W9wQE$E>B}c`Rw7~1LI%EYEU-*=cSaB_
z@HVAdrW?W_pj8}HFD;r3rkE4)Ij={>to#htyuCQETJQcmnJtUsVmba@QMFK`^4AxO
zsiI1&s+rDg2CbUm9J!>`-Ad~PUbV$Hd<RBxbZS-0-t#<_?<dL%3g{C$-C{Wm+7Z<x
zvSs2de=WBjrtM7@?j5>Z?9WvFMB{@vJ68c^_DXzuX%#`h<!l@!asPh&d+Cq18-`27
z;rM!|y?B`5jxd~h&gz4zxw`X@Sab#2_0Eh-XFFrsniex<*@Zfdvy^g)%Zmt@T@eJP
zsQBz9H|Klx4L*0r!Jj`}MtfGgo~=mG^|_zmbvd-`i)ScTFE^>Z=&8(+Pmcd(eSNon
zdpaa!)kWmu80>0ewpQV01XzdDc^|Sj{v#%WSZGnZ_)RJ=V+8T;PrjD>WABRh6TR_F
zx`&HDff_OPcflX2P8DfuFJ7N+Y0gzyY4c8P35ciLq8{c-$55`+2Ee11EjZ5&G&-z^
zSRq1_lEAXULc6|I&bYO_^=eM-{c^HQI|F9P(rI+JM#Ts)D*d!d(P+@|aWY4qK(pDq
zQKeXCp-=!LteB>q*a1$$o0`D5!ExtZ?%fZl)aYX79Y;(sQ_(XFaT2*G`cdlS!O%BB
z{5soFU$|@zcPGCqW|pjF$aTLkzCNjaIh9==&_cRDl*%{7oe*iTS6GeKlW+uHOO0%<
zn%qE#UW#9Jd2^d}KdNflpQw+5IW0l*vib3$p2K3YpC~LI8Y46Hx<MsR*-kv{a$xJ!
zJhsDW+H|Ec+$M&KHj1V9%(&!YBO3kHWSx_R8urFDt8~D!2&UUohB=sfkwTZ!4MUgf
zM54Hr5Ag>KG4>&kJLAzSSac#%43MZWqR}hRHb0X$U!4ix3~1@NYeqt$Oky}@Cft@v
zA<Z&euhBp}v`oQ-7fqrY%*G2J%WE+TX=uN^x0@6s#u0xeRzxC&O2Fwj3G+gr%ZqnQ
zI2M~h!zlbhtw?JpmfdYy!aODc?syV*v{rQ@Pet1;%dKsz@A5Ll2}O_l<xucza9j6k
z(CvlWJxgI96KJFg|1~r#wE4Hfl87KK+6K+65w!a%1!6XnaDuF1M(NDd+lKW|RYE@2
z6)D?QOk>4(mLyH#W;%<n3l<<j(z%vC0*gY6Fd<pRVa=RJ_<{WiJH;Kxt~%+RzRyHI
zY|wkZbStS-L=OdnL82tj!NSB;&lL(hzbt(!%7jH}+`hc$ybqx=ny~_f;Y>0iA{OD$
z8-Q6}Fel*-tYRCjhkHQdkXhr<OQoSGmf$oWOg(U06t|PQ)X+m57<xrnZXI9nPcqH>
z*RYb<jQjCZTlBuk>8_P%h#^lug4}&MT{DjAtks%xk%-+2dP81qal@~XKn%Nj(7$xu
z;C8B2pHnE@>)M>LI>)`^om@s@RRi6qg6O|Kmp`;MN8FX!<=JGGG-6RE?-3kDK^NeX
z%Dx*Z{tVY?Ej2)xw1JqAOy~&K%_}ME)@qWz$vR6B0p2@>%Y2l4Yj?c{r#G@WK~UZT
z7zKgC(qzk_NxDkJ%?HwPR9b|lb4QtTkUN$$>N)S!2n)21!B8+Oz1{=t3!3$?&$K(#
zYR#RZuT9sOgtMn3ix%Fj2Z!CT)=*Ae6g|K2LJ*ULrD=~?3EHz`oXR@Yn?t^Z6qT%A
zvwCV&teu#TkJ(6`Dhi#zfKxMwzr`ff-9UJJA}2R+{9JFp$+MJvC9<xZP%ZK@_;$XI
zl4X`#Gsfq*y*%oLSHZJLXOomcKbU!c%c)S?K-ZnZ<Ir|NV6|jfF2027BKj+Ug8Ti#
z#_YpQROWZ##F{FbBa{yf^pKJk3>J8k2Bz^j&4Hc(3v3rUr;w?xTz!l!d__y{1ef_e
zoC^w|-y{0Ti9rzsiBDN};V9JI;Wxh2=8i0Ju48{YOrRKEbAwxmX%wE(As_OU`}gTj
z6G)&h&~dIMef?-&!o!{fDfYy$HxGXJ!4e&ublicRR3anN#(zroNgVO_bo2XcQ4%NE
zWkpxYU!KdUz80^893zcSfBN@<s$ma#KxaK9nAkybb5GUzr+g_Q=%LJI<-jjsQv$3=
zLn7p!L@J{wR!GYKEmQ!prEnRdLt@}9Ez{Y(J(D6N{kv_SD){^1?#PyT;;0PM0<SB>
z@J@?lY>4_EjU7MybNKhogmn;wJ4y6@F-+D_lfM6E9FF4MlTVWU?4O$aE@+(?TA{Py
zH9fhpWlJyQmg2Ev59MD&{Ju{E_!mE2Z{xC_`d!PoCw$fawbjmRlELZ*7W%oz*GPDY
z9DFnT3p<4$WuE`8<NqpgEe17+#o=8#a96}=LjRs9#<<{)18t%7Pffvh!51GQsvOUG
z2?QLHB2vrebLb)FrwN75!|dPHJ2WPWO^67lO01G6Dl}Be3Jp|GgfNFtWx27}!#G-R
zqgc3xaLe1=*^*4nYO$jCub9TvW>-~uw3FvJ@(cznwggRQmd)v`a!phUWjc^JEjMW`
z6mz3FzU#2e7+1L#Jf`<q-FB)JDn_JiDQJ~YUcGO%+;fkshP;tB!WD3FdV91Vd*s!=
zufpjuQ&*D54sScxq&V?aKQI`%k;U|yH~G1iX)vV<vUWVu|5^r`G^z)&K)ZP)he5;m
zXD&l29Ni>jj90}f0lTu$`dpshWaMKdr(w@~0s)Vt0rk30XOvNm@xu3UAhejgt7cJy
z19}5!gn;1M9}FahilXuFzpdBbCeKV3s8U$GW8>>GKhIO?j|pG6KDYF^nZ`bxf4pO#
z8l0|dI;eL-4S)?#X`H>V&?J*gswJv93)rbL9Lu}tl`f=5>#HZj(Nt~eEShDje4M%S
znxxGq^sToNrVJC)!L4gSv()Xouu)^n?i1iK^A`5yg4Ew6cW?AM5m=74RdTwm;MX^*
zJ?G03D~#=(d6%OLD!c2Mrnu<F(6pk-9}W7aW5#O0P9i+MW4BtNC15rFJW&{LRbOeo
zKN$x?mb@_8Q!DpPsYEX@2vdb8H15PCV0BYurm@gAWssc!uWHApxm-Je@J<m<!!~EM
zcjv4b@-{9j0`C+E$J%HOnvjfkGb%4Sf4#nbWtgItX&>LnYxy~~&OzH5nSMz@<7Fao
z`NxQGtgMVK$2_YpOI@m!aiPtEDu<=C-2zMPFF1#8Z-0>zS<HwKy(0^GhBXrT?^t>l
z*fOeOVRaSW;fF;(=WL}im1m?@(K`b!ZMFs>LxPa73g1*BRaxxSak7(GrzkOTcWDki
z^rm|Dofcfpddc_DlyG3G;{+8v>-ULD!3k!pAoa6gt5NosOKk3pFPzakRV%30_cMOK
z_|fS?EXwD+4$>J|j_G2(H`AVWYwR}wxk*4~V(HTL7)vOqtd^v&;tFP}`Vltu;aLrP
zDYGImy;#;jc%0;YLeT><)#1TZ65UVM5)Cg->mQ9*dpRDc&;284phr@$Y979?-Dbv%
z$Fv=M<-WB$LDGD={F!)Xyyl~Jvx1?AWlKZg*d|=!1wmsw#zg5U=XFyLGg*t?ySM2z
zw&CpaLq71>)!%(P>V4=-6Z}00uxixS%4l76mgKZdm|%ylw|;~^wqgzCd;L2@B>A>%
ztM^&9o>W$OmCr_opeB`#Qub@cw1_N|5t5;nN$3o&%qvq2RxWFYta+yS9#c>}(xzFf
zzi`~8I#0E{2c0NV)cbpZ3ySZ|J`|#YHX8UZPWcJgT;e{v+}%wKq9V`)Y?I_R2vYd{
zx;o9UC{X9Rw6x^%=4Er|?s9G(kv+I`$(@PzeaoO*-^%Fi^Tmtb`9~jubTVEP#Uxq4
z&D(@v7@WKWERly8-DJYeEpGDDh$WnQdNR=Eu3fPl>uQ~?lc121pZ3|}*)N@?Yr|3j
z{HScUr4-Eep8MC!p4Wa|BaG-;MM82qhxA?#u6cU_e3KO-(4kp`u%eFdeHX%gm8}t9
z-Y}#Om2H7C0_h>Oi$$nuVp`l)%&urP7U_8WLUIr6E!+DoC-91tZw_`zmV6K%;?NZN
zjwgB!zf8~?t1q?4xJlbG`3P*3Q2)=31=f{rT-Z*y)|(pAJ=Oddkak)~rpC-gS2z}@
z9UEytNa+B}Xt&sJ+jeNScOTW_%ni!d0={c9tMNxN1M<Vtu9sQa^u;KeX1WNIQQz57
zX+0#i+z*Ehg@&pdXU9t{F5bT|X)QbP2KQm%tbUE$Q>OaWQ&cT`VFspjC{Q1m7lQwV
zcWI+JCWulXT#R5n7~|Z(Q`CNPv5fApe?M03TqHG^X^E&jRA@1~C?Y^g3g+8I$GhuN
zD<}Ha5_)qQi&bS~8<7qwa~zFKo)6T8RV@*#{&8?Jf3<^Bf4OWj=~O;fb@|5WpmWG%
zcJC+loOvqOMDQn6LH^8$i639CN};Ff*6(+!#K5=CuRo2i&fR(4I-UE%PM~0ejtJn1
z+2--1inkQZ%o#X+q((e)-JQ>5WA=wz;H32g*D)>h=Ac{x4^*II_Fj0RhzK<5Q2;Y2
z&&A@7RU10$1@bT6_3KdQS;lihoh;qqLO-Iaft<w3=P;huXhn}biP;y`16`hO8p!{w
zlie?1DG_w#4+&w{)sUoAvs<Q1oC10W1Gs3HVHVvvc$up#=PJI)l6`{vb~5l@t+X}9
zf4bE3Bhy$6n<-v0v%Y^Jq_ih{oozi=tLfdmpzY_^3EK%_#0c@<%l&K0zNa)eG`5_?
zNJ(Vu93QMXe>Vg-D6e1KCr>NE;BdR>@jq^@abZw($KzDFAVEDagl6|5oSart`D5*;
zEbJ2K3ctd=yrOj+nw-!E3*4rK)S|SaU)~%iHfu#k#c^Z&Y;;-V8%yCR_$uD7`)RoT
z+z-oAPY-MF1(;ExU8?KROZfK7#l1;}lc+Fc32DAkXIhYjB+BmE{;rJVL$QfeyOfO%
z-<;rKdF5?1>?<Cln~zZ;*QcMRi>kah^kXJQh{rVkaczVtNn6ga+P#czBDIV0qsp97
z>E<{^h-ZD~?W;?G4huf9k4(RL6?c1V-Rr8;WzEk<hlr8c^0M&#I)2M1z8Cp2_se~~
z--VH?kaEhXk^Hu`nr+DHX-cF7T(tTEW#yi&wh9td_hST`we?mKq{dOZ_uE_|H96kV
zlGxS5j@g2loKL+Y3dLH!biq;fQRGj}F^ZJ%>uQ2cCo<j)?y!A9&`lmhq*u|2mcO)<
z)bsj@*%gdjbNeM*ir*{AJA%eZUr)s-FZ>A9b}lO%<&I!I@jYrQkcbnbC^G;ZI?~-P
zTD$&|GJiu7+I-)ob8=+g+Cye}(^8vh>-0q2MpRFcY?H~Gq3Nx;TC;1D%z&af(I0<6
zAF-VW=XOwjrbxSfSU%~HSB#YoA=bu8k4Imy^m{*gP6;(F4|n1sw9CevNVux<l@S)5
z<~SU_yh4?iF!M&cxs6<@5{!%1y`CUb)A#L>x)1l<#%{tXlXb;tJfC(1uwjpt?UINI
zEeNB?m<AhmTsVt|W(w1^OFRPf7%OD_ESRW5!;OcWF6&$DgE>$(b+|}cZmWKnUlPu<
zPu-n^RzKEbh7phQki=J#sfzi$x(>k#LvH_E4B3O<K@ITmEOgm(#Xk5m9?W19hvVGZ
zzp&UqgtdODVvuoChCD7-|I9J3l0cZV{Zf@&Xt)Q$?BGdB)(w5mddabo@j9$PC115_
zfO8HKhRtxIxru%1Vy(Jh>+srG80-NjO(SzHS)9|F5Ok`27u$@+C~nZODjMZ+*C&!5
zd_5Y{v3q-)(Lz+a^Gy$x+&bJiUC)|5OMba1D5ax$vwe2FQN>ADYt$(iKKbRQ{@kSV
z)T?2k<~H$?%X9SAD(9tj%tJ!R$rZT82X>{eeseA9Ldmxo$Dn=@h2EZ?io#AYy4a#`
zR|3jsJsBB?%w<wjX#uB1ju&|<(z~$7t@y60I|MKGUkAQh8CC;<ZEpyL(ovfridm5H
zjxAA9|EwUcN*nxhfick`HpnXSv&732d$cWV<p#;oB#X_VbenRM0sHb6Rt6vMAmO8)
zu&H(KLc^c5Rfc*_wf4my4#V28{0Q=8g+E9joa#5?$~n$jvq6WZLj+1HesQc-v~YZ=
zk6>aRLT>VI;75F)+n@|LwLRg%RY7+%P$FAzgA}sFQF2#-CN-wgn&8`Bs$b|qnTQ56
zMXE{zyV^01J!Z>ijpliT)vhjZw#M&qJI=|dkW9kVZrDXK*{^wL+qj6`o}c<Ss9dkV
z)F~3KNpZ^?l5q3NHmu3({VsMUAG+mxss>)3tHiG+wvVBQ+Ahb-!Q31Q;i~X8k<WJ9
z9P#_ForgE2b!&6UVC-G2!C~;uQN7imHV%&&jX5$BHJyuRpyS7fjs2D{@o~2Ex#cFa
zC?#uq-KX`FTxlca(AG6(0@hq`hnj-I%ZqaeWWlXUYP^=ZLbWOt)K-5w9yKg4Y)ma{
z`9nsWMSxp7?aX}3-q;T}Ckv(K=rs~$>@bKbIGUYr8NLvNR>IxQ=Wt9rS0(+hxpoFi
zk0jjD$JBfmnWvIJ+Z#u>P-ZfK4{#_Yc7?P#?w3g~4WyZ?RXzPsDvLB{YLDFEi<+QY
z=Lv}sio^s(YYu#KROz;dlQ_~zu95r>(D&XJ(k9Pqd!BdmYb}6~UsyBeG%O!QzDL;U
zfgRJI!k+k<WbgG7k(Ash!DM27iNP+VM=t3nvh2_@Nlu=JZA2faOcYP5@9SVdZlP^h
zI##pWL9Z&?cZB%-ftdmk;TO`M9&UwimtQ)gA@=4PCe&V6eHs7$qUKpL&&eth`WtJ!
z_Fj(2J45Kp!Kv`^=lU9mCXWa(C!Ile`Tn?EpIo4toe&RCJAGk~vrUz4b5FjtZ$T^m
z43cir47i@Y3vXNBXbN=#tiK(MqlIvp`8ayg;=9gb3~!8z^lN9*p3OR$NvcV^I?rSY
ze*G>6N)!KJ0fECQkXM81zqTNUeGmW0#zTd;8XV41q|%`QFOe)EB7`b*EZQu6rLabl
z<8fZ6caysl#=s|ageixqS^3W1dUfdB0!8<sI4WZgX|3zi61Ux|c)nV3TA^n3puEjU
zrX;#g+T>r+GW8hZuTnf8q{Bxv^V`i<pLg&qn<LF)8o?H<-P@07p&a7jLg)(TM^WCl
z2VD7Dwe~g2dCEPIlw|u>e>hH$i+xZ%P2bt`(SiShUSoXdZsjm{5nSb<y2DRxLc}~>
z_lmBkdM{ZX)g&K2wVA>d_1sL*X(lW)eZI>4r5p;;f#PMItg_Nf=5>0{y<?$6MJ@j)
zoCkx9QK3y_%&@?$4;J=k{l=V}iRzCDdZKDVpKx{M4dBQmEayx(0!s2MFKyU&T3SD|
zJaS~aDCK18#gW4Pk03m;iqSwQpYyII!h?~jG|i9shxSU?IHPs{Mkr67NHodvW@(GO
zdZWA3nyk!YwUqS9Zq%P38ekW~UodRrOEoIrs{?eI2t%`q-p+oKU00#wzh?(5D-M=Q
zT;bs3n^W(8wKMwy^tZ7^VKKWQ7&?-#{~d9^S1@uBVI%ry)V$<>Rd-cX*r=c;YSQV?
z698c^EcEA6@~_)}SL!3OpXCFI=fP~{O4}JW=D%^nZ?bUqs>J>L{alS*rqy&w>twO+
z(Zh2>wD^HL154qyD}>_$dc3|-<i@{Yg0DKj7=H>q+d}{O{DGRE%a`Q+|1Hy>tR(x{
zxiLH)cNMSFUyT$b0n~RGoCoz+4PFoe_4PN*W&1aF1!nlSX0YO&NT}cb#PUyeZN&iN
z(Q!NfKLwJI8_L<Rc;C4au$jnxLso(Q%aUNw57MZE@_}@rrT3Es<^YI439i8YKejf2
z744gTS{DHX{@RlVi|Ie>LX(1Dw|r)Kzzp5F&R5CDmLIG7KkbY`wmcsT>39#o@%Dsw
z#}uJ0HqG~{(Fs$PLBdTK)5ZzfCti_ns232W6ygrI)LvSoGYV{UPqzgjTV0=QaGDMh
zUT($l9W^+(wO8~nIn?3HCn3miK~@pJD={8RzBRy#N~2}jc3Sa#74-(V5ZAgl)p?fY
z?&mMhNy(YNj70*A6e5h<qWeuW2!#D@?60l>9Qo)=W(Z~hUHxBP)Dh<Epu}lCKm7rn
z*m`fOSgjv&yjq<9Uk}|NgqG}lN~nO#061Qgonn|Vhx6NTe)b=sBtj?h)ilp{CzM26
zE|cZHFiH!7mivTYC%!9^-3OVz4b|_5=<hjRF1XCWpz|-s-yStDJ)EXLP6IQ4v_)wQ
zl|q%vk{8#|*^tm9|CA$z(MwSEg0p7R<D0PNrMlg`{QY@{p~?hZZ}r2Ievbm<Jc;Th
z?|QH6jRfhVA2v%(K<eicg}m&>vcr(T7H<T@hSx@%nq|jFEY04WGh7hYf@6%={rOaB
zrU|j<FTVxgtc$C)Pg^s&{i%Fh{4TrWKb&XHbAxUz!|^$K(RkLub3Tvv2kp-lD()}l
zhSGc<t^@gdoQs+t+><#hRLin3d7L+sOlQOK*rIikZOI?3a!XFSh<&Do9*)t~`WdR{
z4S*yFt>tH)L7|nv=kqMx(>+w_`wh-Kta0C923g}HZ`G?TlaAju&}-L?r+MF)bNQ%u
zMH1bw*e(DT+ncSls3BhReWsL?bw=V_W+<MNCzr(9;eL5|fOt2lX>%}1EgsUC<w)i`
zDjBL;q&2fjjIa@>I_@%%uoi%TUIk=UD74-KLz2^OwOy3PbJIeO;==iOwIitRjc7;T
z$l#*Kkri0I`<=3m`wm6@>PNZ)^RXONAcbZ2uI=Kp<V$lHcof^NZQUG&^p`nejBf<a
zl|2CaStVOl*>#ye$I<mHCDY(qbTv%msuOWjS682G^19t#!Cc501UiAN2Ey#4G*xQs
zo-g^1v@}}AmOyPbe}lzNJaCuVSEbx1`{|x1()HUJVWaLz4UURB=H`X%n{A^ecwuTq
zK+0{h*1<HH-8@=Wqs%B&WH_-8B_9Gb=5rlFYeHkhpBLyn8k9SCpLrsDfUH_)7^d+R
zkYjToBY44Znj`&A66&>h7ams0rkj2(Xph+Ys#VAH_;oUmLr&ktUU4&TM>ks-^43@O
zwan}#pT`Atw5Hobz9}@4JvAM-Y^9<omVzJmH|H@EBxq(d^OEXgMXoqpmeb%x=s7|%
z2BCHV`ma$0+eEXoHFj&5GWe`UAqRDPMbEmXMSM^RxrcWOTwn1<oZ<=(*LJ}Pbn>;_
z`aVRzK=T9o{qQi6qIQR`S9=IX)mEAZZ*|5aPEx617k+zy>E%|sPu*6a;O%i2aZFXc
zrcL9-OV3}eQ6Y*-Aq&qH_*We9?p0a!mtA`(5(1?wEap@AUCt=nSs5!5aCBT-7rk$-
zxSDenK20U9#h%ZYrq7fQ30er<pT!LAE~ZnXk-Mf2z#hiYs@S`Y)GqrbJhRvbhMFY`
zd<%4Fwf3U)?n)5n1JJW-Z#tLo(h<tqzaoEo%--K_Bk4dMLPAG84?%8#+GF=Zy?0Y4
zNj$?jUK`<un;9e*P%$zJmtePFm$F!>tNdv;U80X>Ch@Z21vrnX>8dUJ+xIm0U7AZ0
zJY&zBom_oGQW&JW5lLbv)a2lY2{qlBWSb`Q``b&GEjE3Iop8tQKB-WN&5g&0qerdG
zi(3t<S1o<mE_mtoy)@SC!F!)a5L3~HHiyN~E9(#I`WD@`h%P|}n4d6N5wVa{7ukmR
z4NX&>R9#tmc^>ah7y1Td&+jjn2#_X`H;#ZtmeBkhYYpofUje-+7AthbjSMts1V06-
z$9}1#8R_v<uGdl3oVE8<p`GH0`CBz!C*HSAj-E9g+uJ1C6;5YSIJ_?wF$(-04Z?S0
zFv>m&-cWaa?MV3M^a=zHhe6{e+2@kF|Me67AcQQ^mb>|4*5Vt%a~%9{=#I-Ml#-ub
z9&{ttQM@tO&L>e6@VJm`&?}MjakyFup5t2bj3Gmf_B+o3621Df98+3r@QLI3GI6vQ
zLp~2<LHbuHXG$)MZn>wpBEM>Kh-2ILP+GgJko<n=HaC$OEpj9#40e9pLdD$Hw0V|!
zfBfy`eeqN&P--~?kd;vzLajQgSwpKv4}HBP<{CN$8Zxq84JP*H-nZE~rAdY}fOlR5
zN!LC;Ts9NsoGpRrnfAvLep!-~nWorDgdn@sJVf#xCbl5o)ds1XMyK^M_D6^hWs4lY
z1><7~I-0z@pwx}bEC@jtwN-TUYdodeV8@5e?v`DT!znc#Nam_ui{u;3cG(&2;E+p4
zb6ca>&?kkgzjRy2n6s`wm>1mKihg%j1j2h5%T*wjtl@uf6z1n6W_BAELEuRjs20g>
z?+cF>!R7Hf>7iQLj*9H-T3Gg9&ldgc_PXnfA)*Y_l&JDm6nV9x8GCva8v!)$8(x|M
zQOCdsZ6ks(7<2D4oq3m0Ahn#iCUHDAGm7>j#^z`|_)Qr5EVKU`gYh@H3qO>oxW4My
z`Ynp`I&SNs+<+I+7i02^n|K{Z3>I*C9lw98&lm+fVa%VT8lOhX22M#hk4k=`IjDHA
zMR0{f8?t^oy1rd{Jd8H;0h1~~Wh~;{WW+OQQqr{%S<F=xmh*P7{R&?jis1+Rjk3L>
z`axsK+^4}E`St)Prbt^4@8ljM5Uy;aFLV-5G~h63nG{^^burTw;xQjR=u8DG)ZU5l
zbHJ_JZ7X%F0sSR{3v&W-2u}M*eb6%of7qLQqg;{i4Jp7CjPai?gD#(Cbe@Wa^kkyV
z3q2onAi5!X9D((!JEHP*Tc~$&F|u6px;zg?Y6M1a94BihbxX2E=^K{!Ehp!|vM>XT
z&I937BbrDOlaVW3y{~r-9dIAeT0bJ)3K9hkA-8N#BDW9G&24vg<XYV0fFMk6CgFNj
zv+wD0_Xl~lQkY>TX_=y^mP+lzy@YxVmJqbdA_yJ&SqA-gdT=u#Oc2!7WAQAJZSrga
z=rp?Z53Y)cxG;>cT$o)_vKRYddqpE$cX7|GlHWkRdl6^E8#?%c4ky*Y+1XjDox2#&
zF<9$+v;{tsNQ7VSLyp(eN^2TB?;_x|+~%r$0}U+&m&zUBbH?W-++g#oL)<AsDBe<D
zvwtrDsUTf3<FK!#ek@D+c{4%Lh?}Axx9Gf?kgJuMSPhf9m}>?srH1K4JXkx-1Ji<a
z>uNZKVaL+PODjGt<l68@(GJXZ7oOBxHAKundaM;g!H~F5$E$*PW`@wG{%KuEonM15
zN1n5clBP9?DMIgk@1pynI(#5Es$_ot{OeZ;6wdNaVy3RLL~Eq~mbB6t#Bn?vk7rRt
za*QY4>*Oj(PhNT#@hjN&=T}$Udr3a35NBoACdFfHnaB<pGq+8}*J{<)3%`K0MI+Aw
zv3To`fD^OWLynJ;u9)38M^wmUK9O<c7%(bYaZ${H7jGo-upH6q=xO&I_>-DmrB6wN
zgK7i~qGF~HWJmVQ_*`I1s7DmVP_90*zVXa3m2i?jbM;Ja>g^)!8k-KTkVN<@i0%}+
zE9f)dRe0?+i)!_u%Hi&~YtHL(Vap)B#JvNdc!ZbDw-pHv&p$-ZDzixEWOPPQp@QFs
zzSxQV0%J9V>tpMSBL?E_?2|=r;7Ue`gKxnvk(h!If|^?QpeJ3+A=|{!b^)%sAnzYq
zLJejg36e5$%b@)cmT~aq>jKMGeJSY(_K;dV!nqrn>(2aN8N$A(v~3-4Y?-79fNSj)
z3m7I&^9ZbJkockhVB8+mM*W@n<D5ltW7`<%8ZfC?)etY}wO;`0o>>66@1dQ}mr%AB
zW{o&hXxD*-M_70-Cy_(E6sgDWGDN9fOMa|`&Ug1L2_9^HMSPD*nA&c4h%iMt$*3?r
zocXYZU0_sWoN<7==jHe|dg+GtQ5TVU0J`<URmiqATP$(Yzh(pA7yRG2wGyLP+Dum4
z94_pJM%V>ezeehi+yiU#H#RvvePDWc*ovW-fwToAb6vSYU8Y{r+BT0|6*+EON`W`r
zkFhN;9?y$?c>3aq!*f|DUc}RB{ajvMLhYReBIt#C4<@`WTQ}CLE!puaV(YQyp=7R4
zmfx7Q5msbglXm>b4bjgk4$#UFBgxT=g9|hDV~4Io5Nzg>TcIYzeu-$J?yu@4)|=1o
z*$V5B*<yz4xXh1ITp`_69nKf-_!tze&_y*g<xw*uMP(aLaIsU|bdy(q-LU(1am@9h
z=0m6?_x;%zG73T_w?qLoY8s4*IkC%grWb77y|GoImN3VG5OyWfU&mz?>9vTzUY^LQ
z-|;0qtL)(I+)j7WDnS`zDgCNMVztdtpgA8Pgww~E3eRFD=#66EB^-+$&Yj>#NzC}V
z5dXnlC*j(wusR%S$oGnDwW(w}i<bX6J-ef?UF)v+u)t~DN=A;Qs3k7-$v26V0tZ1W
zUvC=53YvNQ*w)$_Y>%_;6)B<f9Dyha6ap`z+p}~#eG*@|DBiJ);ZO4cE-KjKrenuz
z?&Q?zt%&z*BInx{@NI&J$#uUbSf;4pG5w_pIjvIfjoP|+AfqIP^Tga`zaj~p#ubZD
z7GW-0gK=e1=y8>BYvyf#q7I5mqYx2ew`*shoQ>fzVK)b_jw+>@9^dgl`oB;^kpQ{4
z#=|Qa9%EC!)XHmf<EMU^=OO^~M{maIIMy1)*f=!^VJ0gzbx{Boa!0Ve!FrFHvvL$d
zTUbjsewoCYv2s{t(1&OFo3hV0c~-PyO_E83ah{i`-GxKkw!PCW61Y|ZkRG)h>RtS!
zTG2W%ut3ZL(g<P&Pg*cr^=Z>&Lqrx(I4s`%2&JpvJsXvc;|)|A*(6KT`g%UApu(q5
za@yZ+Xj~ApMs<)uNLIs|%Oe8Y@n(cLw-v@(ZwV#0zN$@A;m+-epP{+Op!pBJ@OtgG
zO?omqNCn4YkTvFJU=>-nR9a%kz{^}f@jyh=EfAOO@XqUSxnIjp(dHR9I7A`6)u9t#
zjCc*s>u18^HlEgoW8k8DsP`JOeL*@HJ|}fqeeGRVijimyyb`xw;W053IAw_a1>`d`
z=q(Pt97Hh0uZ;+8MgJqEBQeZ7DUz&^z1MpvJMA@oDrj80l~X!<^yP%7@ta1x$sSaK
z$tSD437iOc8+%L5_XjrCP-vSFI2Mz649{aJ9~l9&v1O>2<4ey~4g;VOEQ*FWAWDpk
z?!5tTuY;-v_+AeSVzcGk`H~4scnOJW5vfWE4lc_YhlBLCZjs?Rmf=U%+>>7Ys8ZYA
z({4%m=@7z%<xj9AMHv#I>j@*j*~Rb-ToQf!E5mP{J?9=&mLMH-5C_ZoL+3eLiBHjw
zv`kOYuUX)?9t<?=vKMvP2epQ!C#oD#WN8sh@GR6)qrp(v65Z^9JTc@#2NS_GwrJvu
zOi?EB?T8a{b$wFWv#^u+4{d=pEYsZmNuNK5Kw!zOkf5JviE!yFVLhQ0B1j!#?&mCG
z=z^}AfYL8<#xz()D3c+#$T-vw4o%Fh?exFZW={+y8gY5{RMZuo@vZa?xMe_nG8ES=
z4vBS>n6AkZ`?oaff9f1xh;S&F8WCikYFa>oHO%uDK%pK&3^WR7BE5<ZR8ahX5JG_P
zc8-w-l3?jY`Zo5^hEv?CxNk8x`ERBqCn4-k8<QTntE&9F0PHGubQMJv(G6??(3i=K
zZI($a08>yCf<~2sekzzI=)k5VM>mt}aq4(|gSZoCy=VM`VPfCF65_2LVX#YU?|Ay=
zRsKORZ|g8@t!27#eYlvPPznw)D^|i`aNg{H&@3APfEcz)C%UQ+HlJk_&Q+BD!cIVF
z&<6D&cXK*0ifV2$siRA6yy>7=XfG*@eKTK5lTS0MWPIKezi=y)kY;a$@=5}#Im?nP
zsz^eqN^x|-7zEmlWm}<%l_Sc^m4SEB=6FQRQc~by1r&*71S|%Dg}Ti;EQZ%UFL}lO
z;$LtQEuTvP;T~kIGr|f`VOrDJn)53Db%H2~E@B{X9j|QCZ^A?KN*J+ycOqZ=kX9ux
zaaBnP_RY+b<+u<-!sC)93kk459iO1YEqkIVIDx3l<ru(N>VV%V-u>}War-0C7)H#X
z72+UMTOt(>;OS*ZLEuv3zWABxQp1G`9=TLDlYU&60(x)e3P6(i?kZN<7&wa++OGoA
z3Al#>bIx;C3z&^R^nZSs0r1EEQ!M6lzo+YbP&p+L<6z0QvrqPk-vB^0wa1En3E8p<
zvyZnvk3)=g+pjDp3zCHPCySdO>dv=E$hwGAgdVQeI`7O8$s8WhVF0dFfy`LbLNulD
z1~!D?ZcFIV{D}f3N_EXt+vwiz<`)x2=B9hsJ;mGlH_NR72iIHaF2ufs&eQtN?HH1Q
z=Cjo4h{Gm{Quwc`0D<nDd2T8pI8!3RzN>1+gdkrrQ=(L}+q(JQdCudgu~4m8hvy}V
zl_x-?oq?#DJnJcZzqvfJnbLOAj=W(6w7!e(dklsV9X1bl*PV?-K%A&rYS0mAk5m?L
zc(Wd(u%8w4M#lYSy(fmKRbcyTKy*$*WdO0yU8xrk>^`e@8WOm~bteKSm2OIr0ob+$
z8euw=DlIW;>gew7bm#(jpd0P#9G@pr)5h{pehv8Em73PI6e~4L-%^Fn$CWtsTA-%5
zv|U$%o+PH}mb%{8*&~uFg&GqRK~)KIPh#idhLew8w+Gd#wf4q*fH}4Adu{<5R%=Qq
zbW~J-h;&<NrlB)s#C!(OEL^W$z?(45O>=)A$w|ZzW_3tR7)tjE*-KPaHU4~mhAl1Y
z9)OG3tN_mOAYeCpi^eJuuoWcy_MK+*6Gyo!xCZQBmKn)Q+y6$)Sowa|qId>NO>5<4
zlY+SVXY7P9rY3HF$1!=X86b##erQ3)0|I26zXM!A@n%|XI^=BbSn|YK7VNr+BBSna
z_KKZ%vJ+-~9!`n#m2xBbY$glToq@ofqB$fo9vRk^ib^g~FJHB=>`AL#iE5o9Lcl0H
z3WVu=Q^zl;NKl4x`P+MN&r`VVGH$={>k#wK7FNwZsjClm_s86H%`U+dhsfU?9+m^p
z2}SxMgs)GP)K7!>cp15%O+zHzFhT~BOw-J*=BiL_YTeIwt#1KBRMq@=e-ue5GHBg!
zED>-g*0Kg_U9hTNuuS*5coy@8(+c1EHUfwbXSWmV$qcI(-Sa&Jw|^e5b<Hh3TyROY
zFyq@sAiQ*K0b)E6uD6W<zSK%Z6TH&X^{jd55_(wat-U?0kML>N7haYgO!GKQ8a^ah
z#^qvu+fGqz@#Y`Uw_9;Osael)Wjin*=!Xd7a7g#2^GU1DHE$a*GW9Wh<AdIA*O+MM
z+q?#HYBV8yay^`UTyX}h6)k+WtQ~-Mlmp|C)vt7H#N}{)hU2U)5`_2T5ui)f>w{7u
z#nPFgjpj8^0^;*@L9aTc&JliNt7Hs3GJXkvJN@;?1(&5HHTT>U`;T779XOHU-^>o1
zAH4z0mdtk$gride9M?9YM>F7=GllBli?Ci^I2XCKbg&%Fl9motQ2ZI_ok51rWu4-*
zJxtm#A4Mvr<<VJ&iM0rjwY@o@c6;=!;|s{D(2mhm283IJ=t6h4Q_um>MDMjoyut4r
zjq05b>>cfua^E=Bl>^h$lMX*{jMM`lvAF<K7+R2I#~AHACrzPW6or{YiK0e-w*$x8
z6Dv{BnjsPZFWB=PCd@~t=a8&lE1X~+d8qA@ZAA7F@WP!{$-9M40B?LsV9dw}#lY*~
zdW&iq0~iZ8>}gzq<VnoTUXS;e2bW7eE<?4z?g3|jd(Oou2=2h=UoLtSH(srVb=tum
zi2zok$HVj3N_9a|z~mM~V&T<W@n09;($178vhOAx%<Jl6w(HsZq9Al%K_GPmsLBu7
z;W1-TN6zXN5+n(XqarZi@^!RGY{i1nP=)$Kb1j4(5seDfn@1+gESakdkSDLPbWns=
z&$mW}0rq3sT;IWQ{p>KiAd-lWx9o*bXhKv1BAvWQPz@R)Y!=MxsbXCrQ-g~Qud@-!
z4|8$u%LXe!p1{=ORd&Dhc%Qy!)COa01QWwya+{#zPSZuS;(QHshM#Me9@WoP;U%nf
zTz@E1hJPX7z=7sPTHFH00tFb8mmu<Ud;uE`TKf}W4|GYh5bZ39ZHLR3x;$K1@QsM1
z!N=+JEdusO94n<9wrs?Ox4eZ<B@qw5-SQI4b#pr%;93w4b~pwv$Dgih8#Fj%trdke
zB{*)@XpE@Wd;@nwUDK)Lt+%0+q>w<yON!nS!{-8%W(wK&EJaFQW*{53BP=S|@D-V~
zjDlhw;j+i;*s`U)56Gl!&c-bTN4ZD)c^qzMe!7s3?DxmG63c5Pp^dWTXMuEPU@{=s
zfa{oUQb>7S1F6y5_Cs-vg(J5HQ}=e|_;yFLWg%z3R(?M3ZN(>`&=({NL^2ewusQcJ
zuF1CW20DQAvLC`t#{4-hcL3FDpFRQTqMvPOy8fssxgtVr`3bl3?G==FGxi{WZ0U!p
zmvwBJu_Zf2MK`5pbR+nPH|i0viB!r`<rFtmDUqNkLciX<6}QtLcL5+4U(j=}XKU9d
zvt3wz=3jyo8H!+W1w|VWk>aNTVYzwyXYx!8rmN{prgR~l_^EJaJPH;W7#xYwcIa1n
zexs2{o0hAOPtCNb(ha{?vmS>%r1|33F$&Ub-i3H1kc!S?sd!wZY9kU*Faqt-iWxLP
zF9bS%1q(wYIZyEtN+^sgo_aAEz{7KmrtPRKdS`W!&~)*%j@VA5&M_XpcE({WP_vAJ
ziJX~vUAw!VQKc;NKClgP|5TsA4Y4Qc&2U%*B5keQ-gAt>OdZGZE<%U!Q#4mKYJDoj
zy)S&<61`nbmWRG#G{UIA62wBL_wVT0d$k+3(HES%d|v~wKrO*D9^P~j9uS`4*P|m0
z{?=ar9q9eGm$@NawaU^j|ApPI6J&rm6Ny~fS3$6dYS6kWs`U!i=A9n&dhKgC`)4Ae
zIFfL(gqMxk7Ndh}MbqDlE;hvbCY^6EAocp?(Db71s>R6NkUGYowzdRRzOMG35ae=K
zT2V3s{R&^vW#dFnD~&6A@jj9gV)!9sWw3~}NE`0Tvb!Pd_LgwQLt;%P5u#hBzb5II
zm-2M^b5TnDn~9@%G~fDhrOA5c;oOK^sCFa~W0^q^BK~J>(JKr4BkwWLpB)QRl@1?E
zAcTS`5H-C6Bjbk==VJrmJuhZVzdf|BzNr2nUg!kbJ(bCQxh=ue4kN-^dUGALY%9uK
zgVT)=2=5Q6w$?s9q=VOjw3P6V_^n}|LZ75;70N&Gc2ss|^pX&VEdmbBCa7=6r36+2
z?g&1>s@pQXg&{<^LcsZq2@*;|4AxjRdiHi}jb(i$nAq89yxwi0bwFsuej6bgwSOeE
zHd_&8hko%2%#e;tzbiuA>m>olMb+tBGZ%$EU9%Wpv~w!nXEe8GtNVsu`?e!Mc(xlC
z9e)aj1u;>;>!-p7r|S;hYrQY$$hRYkW)+07@KZD)=WuXA$-Xtn2ILvUNX%^?o3#=<
z`pWf+OvPoQD0`zmllHcKqIEm8YmJa=NX@!?B^=yE66~aPA``a7kmtoKDuwIMks_j@
zRWdnt?3Nlhs87-+jPWhv)SLYIydQ*hRrC%+w|u2jvP<9V(mxKl>_y!7hnaW0TdzYg
zuN<0=?$pH&NfNhtw0_jo<0fKW?kuR(4B`47r`W#M$GcQ*H(U7VL2x3AD63pDuHPf(
z%IT@qj_@Mg=b={rnH=RZ*k>^|U;|^}^*){#a$<=dw4uD7m$K^vE>Xs+6LB5pD*~L}
zU+t5*`UC6uh{gsi6c<2qrk|_N<0sG>(R0m=a!7Y=V_@knZL?S<pn%ND43*O{;)wl9
zQ$PM{Gi2?&?B8x@^76-sP>VmdCxNP=V^O10x;VZY@$!E~lRWZreI&W22WG@K>vcBy
z8d=6U^$)9956`nt(U*)wv9&Iz?<5P7d-_)>RD86njlf?cgzeuxI7aJCZ{nJ-)6leH
z1|GKD1ZDSXB6xajhm+FRz&5@yh`1f>G8fq{vF?ELm#B>jt`Wwx^&7c<P8bQ-j?742
zaH_bHuf(J&b9sID<!;>1uT<BQ9&eJRz+v1EnkL?cIK30!Gx398aRw<Oih-;K2{pYU
zH1Uz&O1{wH^DrEzLHS>K?ad@-8_N<|x~($nIF2N9c405Pv>HCG$~xL+3iy$-80fU5
z2vRZ<B0PQ{W@1tKh;u^`;_lc>mA*NpSw}h9X6CV>E$*__WxHCO?R0}7MTcim&VwC*
zBY4QP)yf76V+0e$vKBROBSy_-l?V59#l-~so+y%stDcgjbV(smbj$im6M$N&u{VO4
zh=Y0re)+HVhHLn^DrTn2dKYQqpPryx-RuwY9XV!7#Ddb}+0xPcF-aK%wpyl2+UtjB
zq<XnPU_4#~UOR(W5<z-PhwzFTthySE06BdtsZGWczuRM87T<t&aHOAX)a_T4`NVDT
zA`Cr#O>^`!a_H3H2a(4Sw>3ti^iKxdAI?!Mo^gxpHaw6HqFmzNggI(CuV3yQ@2y}`
z2%TqJqr}>kpS%%!Q9`0<QzW0{y$dSP1Dxq^V_^{Q?zOQ*!B<=sdUrQFi(O=G${6E*
z&VgYG!ro1Xn{Ij?Ye}vFP!>x<dIRfgbb%1=CNR~$zkN#}d%<Irn!$DkvQfBKH>85_
z=KE8gTK?WQJH|A0DtpLeirO86HB1L~2}pHwrC7xHg-peG-oba)km7y+)xgZDw{hB5
z{$^8#iij?Ui+0^<0N91urG90mtM%yzC$5%jG#*2juG-$J*w@vd1TANTb^joQI{lyS
z7Bik>?Rj?ou`-peBc#%H@Cq}D2BlxF;9?j=vJ%7Bax{yAK*B7`Z^(sN1WAb<2EGm_
z36jlFk5AzkZ)|0gcKRm3Ou;b0rhil7dI9Y7Q3UmN=00DRkqh#{aNUtHoX1VCa`5?q
zI3&QUu^I%&<}Yby{Og^^rS<9NKq`pbIv|wg6W<}Xsl3z%Z?BRw#&Y9&YEJo2tTyWO
z%LtcHX!Ik}RAFoJS3(CILevsY&^K_bSoe7mUIsxW;Unhd#8`*OsX<Npt=Yi9X%mLP
z)xlbPp<)_wn4zSMYj7-zmG|Yp@`ZCp<9bCNj`sXS#+TO>BfrBVlmg!cf2!?cfVV&W
zSDRX{-A@0j%fxB!lbAt%CBj@eE$^r|h{V7)$lN!CTMwl6D3GL>0nPN`1<#6QhP6Xc
z^ShqCS_fTEZrB|Ie`WaoKsjFmnD-Z<`C*K)!H1i8rSd4umxEaiQ9SfkVEWB{gW;rP
zR|SO%!V`bgd$^6^bdg=p0zB>v2hu%$7)pXmJGZlHusI^<P>^#=OL_yC>tvM6%`Z!Y
zJ;sY4+U=*k<Xr#W7qD%CVf(#7pl<<NYh8jF&qJcF!@>LwWETFQoL@%gfFm;al36~P
zrLWPn!Gd0$UR@+*#fGfQS_=pETQtUMx$^=3UejF8S0|m56Y_A*Bq6$+XY5RfWK(9A
zlIHEO#$XCa_VG*Qt<fMTBYzhJ(B@k1+ieJl<h`S4ZRo6pb$9H+n){*g?R9)*eV>Ad
zaf>g?)y9;bu<}f8Dju$Jxe<b_I!rF}<xjIuX#TZYdbg0)Z8>HpSpa8r6N4ILqZlRj
z!s{?L3+6B}`j%8;HJ`A^+Z#ai6DA-wZv*K@Y-kVMmwza=oW%lm6~e)i7}bp3y<n*c
zIVlUtew$SWoK6DUO9+}dH5n>9-<zDRBboFg={|3Lw+M%<uGk?S>tgBj2y6rGPC&<G
z^l>TX`z-~s#Pi#)EzhZ6_9AW{(s=a;JU!i=AJK^GeO(;AVMjn^(O-xB2!R8ZqvKa!
z>{Xc22X0zuJEvl!%R-@ay`_HZZ<4}&&y*>Jh$afZgKeSj^3@6}Xr6b?s9McpO*koA
zKO_5U&LDFIy?p`@8cPi5ogWOMSt!OY{4D7Wl&ItpDe1IK!?636pnUMWhU*yqU@H<f
zjP5iRV*{xc?1A(>|7*7Lyu7$SL=1TPmmqb`%J&vn0nPZLyPRf5PP-h`9xgxlFhNgT
z?#V!b!XI8msZd;bM8{jrB0PSMwQ}0ys+c|BH8oRF`R`7`h_M2&Wi{Eft?BJm@8`bl
zFQgty{ROJ<A^~C1_((l1TSHS`+TT@p0V2htQ*y~p{ue|(-IE3ouNB1dQ>*-^2BS`X
zVps!PdG-HQPUaaXd9#9=B2I+^IkE-Vy=?{PK(4<?GSboY<*5~0W6>&8Uj;ek{JCEg
z73h_rTbq(ICaJ-a=V=6);g2Y~ZUUnM)1fp~00ou71Rnmoqfht)DZo0ONKyUiAYY;L
z!R)hY$y}fF3AH&fbO9p(Qy7bC*zFgfJnZfiRxg%~DF`h*h2UZzP)dKI3pH>vrrJ$S
zgYTa4_Z`+BrD4`;G<ntn2%cIuz9PKdT;*T$2-66Y)Z2F;#aEKriox}D>dj4VEl~tv
z!PRblv4~zg0sP-DXReCGfu8g_4b$2tfGV%bac4B6$w(prou{)GP-qv%?k0VNW61W8
zmHuP%5*c-@f_E*IkY(K&OH%~?aH0fo;E5Vi{QfJ%9Uxbl;{glK;BnZTE;H_X+RMIT
zn8fE&RNe+)yH5U6%@RF7{h5=tCMs1zO+aR&Io-($$Xu9jcXHD$XDiGJqyN`Ce(xV6
z$prfvwpPxUB}MUMLhQy*0Ho!d;P>|YU~VeSb@ka6=lU`b!s{J1oJJyJ5(9C+!1a1e
zWE9}c_dKNlEj~lP{r6n}CGLPKuIedFU3maBQ<i}4++Jh{UGVBF+4~9qX6N0h;&fD8
zW|IB{OGAK&Is>9HD%nxsodACZ;tM*Ec_?0HCo&FW#gmTV+X<kXsC+5lPEHtLv;d$z
zRgNoU%J~n#7Jo-O<3)-mmu+VFo0t_4)Y!Hc0NgJ!MgJbyFRlZ@#x4QS!b}JT*%RC;
zwO**Jt(Yv-<ZGL1^tfcU@yvXeE#nNtY+dLUx_=B026aRNt}$ex&gmdpmQlI}x~Vfv
zHW-bF5M%8s@Y!>%J4_%uorT;6yhb2ld8m($w-2XCK4j|d`ZSdT1;;p<(`ue3ij!Wu
zh8yUWR)F5N8j#Q3u0|J;dIKa%{!324pTP;B-8ZnK5}hR6Gc%fuk#6}7!e2_>iPSY%
z0^4_0o4viNkw@B2f?iwJA5=N)0YcsSn)1O^zIy)lw3Q}u8({Z;AplV>+K`#9R{vHy
z3QLfc7+)v{P5{6y36)rI-g(A2;TJ8WCh<A)3=n37LrQ^eH$xgsXaGQ>3P7DV)e%f&
z*N(wB1h8FmubVSFbHbL7lz)$Da}knU;!<3T$UO`k!^emF2)9B?U@Q9*@8tlbg%cTo
zF6}T(n%=sGKdB2vjeJM2vjBKwK;*E<^wUcf3XGy^w-XYNHQTUm0I=Bc|1<e-p*Y&+
zng;OLHSAWi<0`N?2DBg+fBMQ9!Y(YKV8;-gJwQXA%#`j4=!5dZFbp-24B8?A$~@fr
zn%BXg(q?H9pWUpb=+@(<)@Sb`dV}GR=WEC^^J#Lsy^X?yHE4`)wbBuZQH9qN1!0gi
z+&&TnoMDD_vE{wX{`ixuIQ?#OD4+h%MqMBo!d!{NYB5RQCA&;HlHCSCqvp?Ykgz*@
z0QJ_yWE^WB`g+SSfIMq^mq<5U;JqKvdY&)6^El0``DeoN!xV1`)&-n5n?dRz{f}^&
zII^5d;#bYR$9tFs#f;kGh<dd~D@>6MVO+(s*N-{tg#YGgfW^oW(Wu&Nq-{06G^0L6
zhLHxg#NJ@T-!_*P%%U!-^jh}%_sRowr57lEmQ7}X;rgPPnUtzh?=HYC_??gMWd1#l
z=+`gWa{cw{#CCtWG)aYRLgKH!z5(^L2;EVUx8C0Ab6Na%|EFpEm?TO7&=^Mfigcbl
zS5oFz8CUsJC{ROZjBbM>hDR=m2z(Btty9|i>H@yM_aJYQM0HHr%cUTZKF8}zLCE~_
z-<-1n1C7(7Td2XY2V^F$YYZ2%|IG0~J_6CtRzl$@um5Y^58A)S$|;atD(GMOVg2^6
zC%_Bw?S{Y$zEJsZ?xYraT5Hlx3;6)o;h%+&6%6Q(Q9P;hqW|3Ktv48u7z+()xX}KY
zeT+yzGj~iBJ}(Y&0DU^VAjRLso+B0jZ|4AnwA&8{W&rCvB#r`RXSthRc=7@upAsKO
zVW|GYXSVM5!u!9ebq)MoqcTsWNQ*}cNa+~S&+L5P0c3GWkp{|t?;4kZ14ZRMk#`0s
zd1O2f08teJvz7UeD5SrKU=A77Q4cliBp{_SHR*F)Ru=ke-Za7onU{tG0!_NHL)r7c
zFZ&@ZJaUu0%JL)nUt<IctG@<T=mJ6Yg@pgiK@09S84PpUn*=sN-)R|UXKdzW{W%JF
z8&IH`CuI9P>bj>3^5n?<yVZ&W_9KGd{>8yuu<HL;-dny^8MJ+)lyrA@Ntc3jhosWo
zCEeXEDGf@O2-2Mr(vl+5-Q7s;S>Eq+KfYh~AF#KdJl3(e)>?C2GjpE58qRVvt$y17
zeh%b40BN`aExGkQ-CGC`w$SACtIm3At-0pEB^G5cL`#i7J5`K1;0p&?tLoIaTKykx
z<6=0ISmr@Qhn##D(|<R1e=J$e?bPLcrcTTOc9>mKL9^*n)qaq(Vhs8SmtWN&UuC;d
zc<BGqcB_cOE&RlX#HECx5VTY>N%bK|7ApPwv_fMJZ0!$*qmk$UG+OV(AFSiZDltm`
z4&<(+5%>jtGBJp&I*{7r7s((w$k1qIB(Uh<RJ40jenT+--O7qtqr3_%tA)NlKx9lA
zSQe{!hmx5;$NbNzAV)zxtS8dR+kz~bib6o)y@FMD!mc@hkRZ=aDnWjXb{`;0R0rlK
zcQYcPBoDv?<7CE?0x!KD8Uu)&sqeTJYeJ<;;Ci$&fmr?^bVj{gi_<GyoV=*>vs&rf
zip>HC!U4HZ(PA1=Lz&ONz#Qu-ZRdDv2euInV2Lu}mTnS3-Y(j-c^&#5Px7ea&b|yh
zr2=^S#AL4|kH5iUxU#b%K{joDw`uif&xK9LR;kXuap_k@Rv!R(|M`cq&Ed59T(OWd
zbGczxRPY=+0$NQQNQ}iP$5ny6wH|_!=RG3hB-!F#_&os-H>MJ<5$MQ#cJd+)hL|fA
z-g+NJK<K!7o0$g4mgYr8q#_och;)1XoxrdT0$|cD13Ie#!1B742JOyf$McPq5XB=~
z^9D9V?kfaTD|!B+h9^NYT?iDmK*6WPcb%eXP@M!Mf|`rG?|w4QbR7ar7il}?=O~b(
zud$HL+t$VkosV$4A2n}pl`&~4KvGqNye|-ifVj-d=vyH4FCZZUvOc?xz1)#q8K@2k
zLj<fI?xravf#&FO|5wsJtFZlQsDxo(vuI4iSVPa>ylq@?me;~{N%I4h<rSdeAWnd-
zxTiyh0F<fWp+3`iAq&9jNR&2_5#ypo-+WUm<Rdm>x>O;jN??OiX#)h4jTUL|CMZAa
zf#$krly5!e#M7SSncwn6yubJ%s8x9y*Ia};K<G}`M)W8tbyYvP5ABa9FicHiX^rpm
zq7g92KZV2?FJ|&NneeUT`-A1UCYr5<k;UWoV)yE&s`6|s?-F667C#4zp%<FC$D*5N
z>(k?1tlO7c`Zg;p+rS_OWv#n&W>%d#$67SUrJK`rG(B{_mB4%a^|O#HL6v90Y=;aJ
zTM)9Y4TUhC(3eu{JLO8@>5-SI`W!Rn^QwVI#!nO50F^wF{<wre;^$=@1Bj1$FzaW5
z3y-2S@l`m#_k~p&#2XaKgA2{x^DPM0t}lkjm>8&z+yjReC;)}x^Z9-NZ2UYWu12jf
zi6<B`&ood;q^(cQt@R+42BR2xT-tNh;--D4m~)6aA(;)1l0_?qlFq<0Edq_i0wRc>
zB6;+zx%QLy?#Ut1_YsmUiK!5K${X_~OJ&o42TFTRJvxIOR4v($pjiHq!QIa)yjZ!b
zH(ur+I_7kQwNH`cEfZ!VntF!K;ssH+ekQlbKY964<RW+^-)16q$B-R$<J%>Wgk1oM
zrF6f`@|!N5uu+*NVXto=wh^F}=$HJEHH?&n&!#FVldnMm%y<7B<8+B;q4Q_Z{%Gcl
z;i6NC02uV8Zftru61|9Z8tE8E+LxKdhlx^w+wvsgj$*x5jS$3&XBqx|OR<!6pYL~%
zc{|>js@VWQ_beI{Z+AXkvR_l@jsR-0S>;V`E<|e^a(@Eji2fRj>bM|YcyCCe3xZ1n
zZ;wb?pL{ps5m3~){87=`xD<VhUhHN-3q{ZFg(*F}VO}Tk2>7BwEbcVIdq=h*cyn2O
z1JBiGX}!Z3rJ*}-cyWKN$BP^(L)^weZv&w=U?zid0}xA$-c!IQ?+`5c(LQ!K$T>76
zCEj}qAzF*h_yWFdbT2Fn-Gg3(A3m$|@wRNr3AYO>5t`{T1aU=20raS%NT=_0>#Ots
z+?}Wg$K>UlV-HYV$Ljt-ku--?@U2aHRHb^ypd)k6LldS5<=}r#@16CB1%+v64m2Sg
ztFDf#w*&JIopwO<U9qn@e!4<Rv6FP1<*{VE$>9q)sVwv4TUE^yhQ<9$P_iv=Zfc(j
z@}Xa?bQ1^hxE$*x39kTQ0S2q#MnPqlqiCm$@GX&?1!Z7;ve5(J#hS;N44JzL_@px%
zKi}5n>y-RZ%+P(-oYyoNh}k6=#UNpn8>0Y}#4ET{20n-8pf_=|zJatC+S_GMU<Q<%
z_Q$b>2T9^0*~2DFfhJ;cXCqlv2}$vNjGjszX#QNxqMD*!ew1+y{1F{93`G|?=miPu
znxSQb{VvvCwRf6-b+kBN<OU?wMS0~QG0Xz2gJ1tNAr1+yMbhXAKY%JK!3%Lb;})7U
z6k$;kVGfi7n%ew}5KVFWJSnBd`=&2Pi>=$9%e(h3QzR8txc;AeAPyDhmsaE7(6+$Z
zM{fBectq4aa`p`7xw!JAST4zWa0)pWKEVY!tol)o7@cG=p<y?Ee)k_R<W&NpHW;=_
ze5;}3QgYpea!H?NU{SC`aWN2sQw{-l>NJ0kIR&35rI~*m&%ejmh|XQ;1<NI=00}44
zA4L7Vt9b>S7<!eG5A01VFeU4MaxAJC7W(?}yjgsqoAjKF#XdXQI4PC~0F#9Oj`Wtn
z>CJfD4u#fTN7##SL~v_Fm$OM`hnT-IzBAk~Lyg8_mr~1oVY8*s!-x>9^M>s)%=lv4
z(0(-U)X?cW-jVCbfeg8qSsi1)9w)oRh$qq;9s|$k_ia=^p~E)9ctpgF&8EJnGj9{0
z?6ws$vhBgXihds-6isgW(Z)v#Q+cWblq_`dP~McUO(>C<YQzt#Zcdg8a44yF@GB+O
z>c`|ABrjF&+jjhu`SOy+B@7JT!ke**1h=wy2TZt3)N2J$vLrl%PjaIAOllJ3X(RHB
zW-mMiDlHqsDtrXXG~6;ojEVMHHy)la|A|?Q5A$p2#?OyM$40r?X_zR|CDAJ#8zPxP
zSnFE$6mkjSMp~2@_;T!8?0z4+2_1hMNBp7PJ~U2X$AWQ!d%vJ4S3tW($)uG~(SD^f
z5A@?%lQiQ=Sg66zXP66iUJ0{4I<E{#T2nS>$q>(sD5`WM5C8E$EsUQq{PO-q<C&Wt
znARhrf!8GaErwO!OfS35BgRV~filMl-;G7x$r-CXy6r-m$IxJYr}A^}b%AxMZNauP
zjbjrNm9gy4X+l;46LB&vN?k4ZQ*uoC=#}T+s5dr2GwN#i4pcSM%^sb=dy}*AE7Z@k
zCMhAIn2bf$0NFXqGY4xKL<t2b-Xc_;J;2+@QZA8&-o;-FoeGbn6}g?#d^<O<N;!D7
zouYyJ;z#iJTBF2b<LW|r#^|)ER#LxaOdf-G(uj-#EQSy@j=Y80nhYN4ig}N@Y=H%C
z2niKa`t&OULSxsNI%`$SBGZdVpFlni1L8=t`^;Wf&oUk3iZT}<w_@~y^Noak(Y5)L
z!BLxQ`dMnOl_f=`wShNHc4O03wUKeuYx)HSGSq72Hz;~FZ4;)h8p1nd*xQ4I6-onS
zM?&QypytWC3l{cfb6aiM#k}AQx%_N9c!u{w7k9o6`Xuk`P1rc;Q;-(u6mVc3N?}jO
z6TxU(%6z2PgN|GM>sQZqeZQ^k$Trq_(rbR2SZ$PPPTTtyGw&?@P`fDzwAOQebH2bT
z(cG!~K6P;T4=8j93!XE*^u0MbsWo1saWqVnein61*_1l*tU@7~?&$T%W^cj=1YS$y
zP#f$8jIMk^7`{>h8dm9~kwz&pXmoB7_N2xu;}jb9Yh@!l!EbdOmy^w4E5#LpX`1vr
z#xkk#obf6l!o?mxL?|niS-x(&fcJ`iUDccWwALHCpNI0G88lcCFT7p={cAAPxxo9=
zpC9AXU?(b}afT}lAqakkC=@RY&tCpML5$tiBtiR(DtTS*{a8}Y3k`-_=n5H`a09j|
zG0vMQgKs(Prn@NVN^l2`x|0D$>Qa%a^bHA6{*$|%i9(I{E4gjE5`kBet@(#sjz(48
z-7ounKguuTv2OewFUJQ>)bh6;qO_jY_rWQMgYmCYT>iWbpTK4(4Z|5Br+b}1B5ejY
zvPvJQ!1+1^Y7Kv*kLsOW@NYH)o=J`*oSm`eCKM+-Y|nUI=px61>i!mjWY^JaLn*Hl
z&*#1|5`q@clsAS-((GC@_b-}-X%o4;P7xJ0Yt1KL^_fMGlMGo1zmSd))H)LKCo@b-
z)LVZ`b&~2c%xc7`(|NxYpIv50l~9U!^4P~PUno)JvblI-7S4`Ah0|M^KTk=r^L^(|
z>A=R`o5uf1kDyGXCC;vrhH=be;nVup)5m)&gA3eV_+b=dvYpHuv+|9uVNpTC7L=$Z
zZZ}b7?DfqsKST6h9I{dI2uZ*AS6hSxB=E1EA(-@Fj`l=<t0Uc!cH}>5TJNqxFa9l>
zb0-XyAM8KMd=L^};rq0{PoVE&cl+#uvxTG*#WQ!fd93NNqz4vf@^kbt%0NHoUa;G+
zd|S+p@L?#IC;ZOaNJ_gXeoo91!|u2JGGra(KV#jyDYHkj+B`#jvmV^)*@)nFYP~Az
z+)O0B8rrUV-%lw|x<3efEDzUxS2^J#h_ub$CU9CLzOpqhOV4lEDe8$y+*D{w`7JWF
zQ)1{C^<E)iN2b9X7HKgIlW`vL9vC;{KI54=&$cCWnIIBH!4Gby<m?7R%qO9NH*IH0
z@YYmnlGJeTQJ`6jwOFZ)wDhoK1$&9|;i<+H&!!BBb|_H`3E^(Spb6zoF0AY|f1bXL
zhoXVPcUYXCM4J$Oc%?g3<_g+oE(B=3_ak=S5k>HrJ-@uTp5iV{%n1z8%X0<hW{@Q&
z+CZuAxqlCL>HDFLjym<o2b)NqH=js{Ttlf`uc=TKZy>$Apftb8SDexX^JGdjSuJ*r
z!Y)Nk$W@;z0T~99t2_IiM+4Oa!dASs@IQ}?*(9ibo0$_X)fW0coopbctYn~Y;!Raz
z;sV1mQz`Lo%m4I<pu1+2fuI-#5npxxK`}6(o1b$ZXMC21yfMf*8p`l9=<~cJKsVne
z<g{1`>B%W2u*U1~iEfS5zEaDG+7D4jXc7Exs~#$P1g^Uo7yI^~4qjygyoUFxx8>ia
z9*ASjSUhZ#|7AkJ1)=Yy(48#wa_?vY%%r8%P^c29VPM(zlTDP&nVAuH<cDg`XotuA
z3ik_eK2)DgStw-bzViNEbg%KklW`NH3UgXnb6X>lX-ADJ0UOf24=83}Zw&qGbI*s+
z2Ud>irT>hEEE4$Ts=;y@kda}8A>p;J1F&lARGC_-$vsu&-yuzqLrkvA#wHpr{FU2+
z7{nD0g>3&nQd!F^ezzK6(~n9>sopN1$AT#$3Q`zXbyiK?!Y^z=2||^Ide&$=%S9sK
zUj9|T^%tvYUyM_~Y|>xM>NRnY!h|Z||Nm=Db~*&@s1VRiu^j@TRU<?Y$ogr$5jbB5
zIs7(<QeF)aaTo=H7FGFG+`gzcmR7Ar>>}8qcUjenQUu^s9Ea1`JtS>Geb@l$EyL^v
zh^*<v2HsAq>UtX~14nN9v+mu^_UolufT8};{|ff20V6mrIpw0*7_nS<(DA`uK_J}T
zC>%Q=ab-JPi)L@Isc7zFb-nk$3r1mc+})V3GM0#Q)+pC9W=YJK2;6o8;;W6<U!sqO
zn3~I}0_kjl*Q)QX6U4sifWcV+E37PyvXlH5?|1T-I!%to>EAJUUX9n=XxadNA-xz4
zGHVEeAigIWQ#@vkI#8p}0n#Qd@E#}tZNX-!$XA>-BC!IB^Lk;wTUxrG8JfD&j8j-f
zqV@g{-Vj3|DH4rU&a=0DoRf)YE$?qT!0$y>*c#3HsFDS^j19^JAW%jeq@zv3z^$o$
zLjL~!U7w!hj+n4Xu7a|72}rnAc?9Avecvn*S+AZ5j7E?U%s*2h(&2f!7U~z*Kb&s>
zp#@-#|C47yOPwI+&17d5qq_jwa8wTyH5G9Hf#_bS<TXOD`6dCnT?wPkhpSpmL%(U@
zmM*%$`;s`s3X^~xe7QeeW~r?mP)gMBN}AZ~wfNf!)tz);d!^3vhWMMUR<Dr~m?KHd
z5YH|kUe}QfZvC_5=c)%_kLD@2!mI{b+BwA8bY6#S`2gTo_vN$~0?ENL3%{u_@EdoU
zvmGDKhS^_wU+jds6qsM`&x}ozy+!=6o@pR_yF&xyxe3eDI*7?OkbC}6L^pLJ3uqhD
zm;n_fM7Dkqr=kP8{7IEtL#f=6c)qpBPIN1Iupq>ULopM+XPf20_bS5cR|FdM!?yEL
zjaGNNc>wZ5Fh!*40KmB%#&C~TWefS}#FGns+9bNRWjX_T3a#U%b~^}D0@{apZObh4
zgmTtFkW5TQBnUv0ukvYZ?tt!T{oOX0#L%h=X-xp2@+0;An-)w)0>q7?=(E?%$c~RS
zB_*Y<k3%rE_kcLFhvYS%o|Wh_X;#>>>NY5NR5K|<mabq?r=3!%XnbuTJC%?G>TyU=
zGwSvE+&AQx0CaD>@okc8q}3Wp=ZA|AB`E&@5r>w^_k^Q882_COlyH;ph}JtCp+&nB
z00+<mWa0>oS$i1B(Z8dbFnz=_!IBU(A`@7d?D&K3&V;M7Zmp#@c<1@r!Wm6($@e0_
z{hUgycCb_U{@%LZasK&6Cd_M{<WWzrNRP&woI<fm7OXU~l9cTF$(lMQ&v$3#1&Dgo
z#uV>?s`(daAWCr0RHp%cM2p7189lP~<KuP-<0e?Cb3-u$BRL6aww@Dz9{W3`<OWkO
zaM?5{>{s`9OdIYWQ-6h8afC$>9Qgq~tv@fqo6F60@~)OJJTw$?6tnkyFKG>U;lIFL
z(g1?Yg?}ceKXd;!9$t?g()q1m4gh1PJ69hW*B&kACpZ612wJDge1eCSlUL9ra(^NL
z5XTl8kK~9yIi`@94lW#MJyR`90Mc(p!oc$2%fj}{M#EpF_3CdFl{ju=Jt2DqA7I{O
zkC-U8HxoRXf730wZzlx?)+><8Ky)PK`U}91yX6|f?M~}`N6|7Dq<Lf@+PK~OvIgQ!
z_w$pRh1-$nP5|(4>nnn&K`D`r$J>4B9e9{OYtin(_Zi5Ma_$o;{w-+1*RLRq(zj3O
zL%2ffr|+37nnFI{yzgZPLR`18=j=(|_hMX`5L2x{OyVj$66IyLKaYR#`h<(Guyj(E
zfQLIL2IwT)AtBbWS8-tV<seLdLyn9*{E_wr+#|15Mb`XRr`H)?M~rU3;=%}n$=Z!f
zX{hB|b-{s5SB&&_B2NP0+6jZ7GGn8ponAns(ezDLQd%}Og{tG<!h_K`!(>gzm8Lhs
zwKCu)Hxj9``n6L|ax}TkWMR~ubMoMq>H{1Rlsuq_%^Ge5ybg(>3idB(dQ{2k-_<M6
zR(ha1l(s7iJt-bm@b$nHHiDSn&+Ek&DC2)dc%NSKho(7GnfW5Fh~%$%RsF!F$zbdq
z{PW0wvtPoW!U~66Rst%Rb~j=_M2h#ohg9kFG7%}M&G1GXv5T1QISHa`zy=11qjpJ+
z6L(AW+aRb^j`G)-9OWXi0C@d0j3y54G@v;2&Ih9DCff~el5?gG3{!#a`qZ=|J3*yF
zD3p?Owa4(4;-zgm$vEd{)2^GYx3u;{`5}sQz(u2?gBfTm))MJ=h8$sy*C5&ZdibF<
z8|=Wz{%~AU%0+(fq9>oMToJ%4g(%RtWJfQ>F)$aLytI2K-4+#Cw*khBt{<MEBQq_J
zn9K{uC8it|lhUYBatAysF;MU02$`Z@nJ|%pNi`q{_gY7JP%*>HPW;9HssV<u0J*=p
zW4y2N*9-Hvz!{MM^~;D4y_5z`hsuBUVlE<R$bW;*!U6B|%4-c6j6MlkEf!-ken+&@
ziGF*3qIM}xMagTPw=y;OPXPh!N7SYe`_cb8hQxDKAY~7-a2Csd2_VFvZYoMH4ZeHV
zf8$?}!@!6Af8~N^1bYW38-uH<FaNCog)yzNQs<M+Sy(x~VE)4^;i5tUdsd5U|9Nu)
zJ_ziYgemyH*r_fEn?`8Q5B8z|5@6Pl6r=x_3l3ny{i@JUqk8e?#ox<6lc2OS18AC(
zf=)>5vH#DGo3*<_>u0Y(8i({pkpN@Qz3&9enN<|@$-%J(?MjNJsbCF)1R?MhwUwHA
zU(NC!Bq`s5py5qHKwrc>{Mr6V`iH{r;@L-TOMlP%SYF|p<4y|PBN^VUQGLusMK6%Z
zVOZm_{9qgX2cXrgcQ@+}4e9JDsFvAYu|Lu|=gl`~%MClJcCClgDyzV00L^u83i{>`
z8%5H24E-@cMe}&|4OW>!2uKC&YiZ*6`isc?F1#9+{TZ6WT<)*H)i)*qDki8~XC)Ws
z{B5s!duha}Ef)cw-QXQ?7nq7Ek6pIOvp=-9&X`>%?8}8IL<%1RvZ5>7`-=mWyu#CN
zywFwt<?)kC2a3|=tD-NhXR1LU{l5pGc-6_uL|kS~i=OKuE<c`z*?SHj?{WrS=p%_!
zCSl5w5P^^toyj|(ga`urF159e82V&&mg{8EYALtnXf@#ZBJPT;*Hd*LTjJaHeh5_<
z=5+WJuIn_|dKsjRc+B1ZiMIWbS&y`hMtbuRun(|EGvc$ATGd=sIm@rk1{C4Ck4svF
zcXHdm+RS7%rf1z5wD1UBgT<!=l9sjbg1u#DD<S<m^JzDV!@RD8-x@mLar(AKAEMLy
z&bKTnNWssLFm=REp_5OY4TP4k+xwYubOKyxb^!2f(e?DWztVMhm?=`u;-`830j|sy
zn{<x-kZ<wq?zrG^O4+aqn5Ifvcl3s%g&kbyyTf)#7&pBqeCa`0`9LbW@?-X<y4shq
z=jw|oGxclMKxNb5b^b_f)jzd<2Xq)U0J-Gy=UXUgmq9o(4t^Ob3QwKzk}Gwu{o!Vv
zJ>0xF;3?>p5)r3KO#A&=>(%*K=a%d_f~;<vXVe=dwVfM7uT7!oq;A0T@yVlFulFgw
z&rUQI&|U<OvrU1FG6(K=fn(oyfYyuxyEt!uv)6Q%5@Iywwse$r2)rB45J2;nvtF$A
zV06}~>9I>h#L4pIWbJTPdF~c@0Joj+z;sP`J-s(8V$bhtoF3=%kQ@=D@=>8{c))1&
ze|<O2^yrwqk44kRpWn-^Rby5<EU({jyC<_he+~PQ&*^o=HW0%6_@X}VN){l}T#ta9
z!C~w?KDty(CE>i5Ht$k6CDRNls_Qrf@P&t&)Q1{Q*BP48LoEsFp`6Jg31*0SkH$h9
zWDribK2kh0_p@9f!7H~*C|4FabXW+mf7|R#xBts7E!Pf1Y2fUaF2y_&18J%wOP0U_
zdnh{-rijDz#%#bz7eNIX2FXjVOxA^PMui+<<^@aGg@RtL#%)ZYs0MNEa_gSDc`&O;
z#+G!gsg|`Qy5@Dco`-lOZcF%hoqlhO-Hry)NImt9Vj=!6cc(cE+1D4lwToVZ<sCTm
z3QjG6N{8R@T<Y*;`MeR0eEa@ogo?-<>>-R03{gBXEa~L<n?Xdxe%ZT~5Oy4RS`b9#
zVg5$=*hsBP@cZ}uG<dYVW?IAJwmF_L;s=>lqi=m~Ylp(#Wbn`%AnBzNXKwCb_B`0b
zHrpo+9^-M*69HKHu(Ds@{n;(a1NOe-?Qe++T9sagRkv|ucO}dMbB2NJsY(}{b=Du@
zxs6xnFkz%(M5_}y^>~_+cXGX60r<Q4<O)DDRCm{%IZo_^@6Xqw9Z;t7NqQpUk&*|I
zLDYqs=gsZ@F&gekWolNI-S#J!kXqD)f#`q{PJ-Vvh8R`gz>qmb-bD(=C6Dg&e3Itr
z*bl_^-AnE4E;L4ZxPU-O1xXHuW?Ypm0avpg?zg*|&&=%A$B9NjO&^aW5C$xmugbgK
zW)|1?!t0-%c??ilhFUk<0o%KuSjkHP1&g~rl4BQ;;PoUGxcW7&a9r$a&+RpOjc6aJ
z0+-#aIxzX4A0Z54_=5nNQlPl$%j!S(+sX)lujnap)+z_=r4~rn64LM38S9NoA{$(7
z7T4-}$PH2A)<a{Q1r6$OwttJmMY7{v{mgB%<p}f<0(E-1P{QM+{Bctk)W+dzL{2@x
z@3VW9&b;FQBcN*Zp}qIH%^vJ15QI75GxEoOpy@}ri}rnEANxJjQXC=v8FCk1h)t1r
z7z-%5v^Z)yN65Cf3*tK(YR5W+t1c=~hDa=dkjx#%3xnH!3DB$Sq#q*51J+|PLcGbz
zg_3_AQUs8i08^kmlKGkc_;Z&|(9M6bS$5m|iL6(H(HzH4<x+LN=n+Cn6i429P%|$v
z{LWyE${QUH23!0ibZx->`s&K8;qe@j9Xa)gPcL!euadEPF@&cSW|+n+ukA(LpT~+J
zBkM<PPmc^C4NtjKG+=M)48*;THW;;&5L_So=t1g1xDn`F*?x6&(gwbXn}kSS0Oh-;
zh$Jkm$QckWg_qsmCv+{iH-|pYkmFlAmF7uInOleU3o)eU;acSTDik@0oHFgsMO|~g
zKP6}tLl4CzXkh38K*GD+W&3KdmC}xvMbUor7);WsfE7En7prXjd~IE#|H0<t<3^H0
z7J9Lt${2Wz&|EJr?H%PaoQQ<HeNR4BI344Mq=Wb)x^h_l!%2CEMo_f(VC{06(zghQ
zaCtH)3!Y-j6xP(#EQp?fy$vzC-^aNZ%Thpm=-huN?`d{gbD5~Yyh^fisu-NS@sr8|
zn@U9wv2gb|;cXe)`;*!+gSv3E{rTr5q~-uXsC4O^_%QLO?X<7hGYI5jEnp!f%g$5?
z(Bb+od9?$RHG9a#RL^<@Swp}HwS5hIoqc=CzHO_=^7QjfSd0Z`&!90^ujd|54?eAJ
zPSJ|?ZtIfePV4>GjrgpY&CZPHKUFIcr8gW%HaHqvJdWDhX%HUnI_+QB*b{ewFuNbk
zU)eg_;+dl<^k8Fd01>*p$|-#w^YQ_aM<LR7oT&3+az2Q<?Khcut8xy`!b^>`4nGP`
zekrrF4WbHezN03IMSmudgdDX~(1N{VlF~_GN=e!hI2(XHT=Jp7$YI_{w)CBplWDqd
z_o1*B@+P$bOuj5|48Ll;5+y!dKWeQsor>e%6P@?FE;y(ezTNmkY8{eL3TETP)ojT}
zftja^gIOWUysv19vo)K=SF2O}?zSWw%R+?hGpKX=7{Dm}VbuI?Bk5X4L*rT6VS>b{
z>qZd}_PfvM$HNuYIEd!*8qelSsrsx%rG<<>_!^pZXL{?q&o0A?*Dz7ys)tw#E>`{a
zy0#YI;yEM@xL*ds+9mfMG=gUA-Jethc5`)zYnYvAh&|R~+rD-3`;+D}GS0UbuY@<t
zwl9UhyLCwsWNi&tsS()LDhk{ILuP=FC5(l-)8?s(P44Wq-?E1oE-oe(qKPEdce|gA
zug!QU*c48tdOxo;NpVeZW~BELo@W3{eO!0?3fpVk7x~x=Dzj#)FRRTx_B4NZ`7Iw_
z8(ibG+<kb=Irh=N{^efwc)ir}#J{a}dEwYTn8bccv2POs{~>ZpiR3sOO<)?Q?gLf3
zRCMvtFI^OdP{>(7A`iQZkNP<zlVJ77K@1lPpqhM&T0RCY)Ci<8G7mk1niK!a;{abu
z1S^z@3m4^5ilDl@JeYo4xUc&^cnvoJgh>8=6+e(Z#_0l-P7H!H7Z_sPa|QjM9Y=C9
zxE+v9#fDRVh?DxQ>$mP#Xs>><1T)hfrC<7luX!bS5PBIzL<tshelQ-1LSe%w&E5rq
z)Fz6Dos!4qrm>(GT+SORGbLlcJ@KN>zelHep4}$~#O;SSLBo274X*lK|3KOX!lWzV
zfdEv`%+xrzNa6<|Z{C;a;2!&gNk5)l@XR=IvP9V<ARdL`n=gAhtuDW(p8p?QWoMa)
zdmIM;{&*VIds=r-<7c<ba6^PaA<}*68HI^ff+0MaUycKwY%4DbR}EvjgHC2G4V{1l
z0;w3TEF^=rIQRz2c6Z`rrvO9w)0udt2rl=>YEv29va}2?b_=!1`dGmm8X~OqPZ$_F
zGzv5sbLgjgv$gWUk#F3GlBbXoLpvTHuU&#m!?lIC@TV}%sZD`Tz0G4lm|LumFac;8
zx>T;&{W%4!?5rqiHAghb1RCU8?By6{S2W-1&lVR5WeE95=M!$2_eRom$K?2A%1sJk
zB){7GoNxI|@ymxEh3gNN3Gou2BF*1PwA6t<pDvQn3*0OG5oupro9Qnp;|mFW5m-sO
z^cj3kpJw_5HyIFcdLo`axhM@L3z_R&kkzA>uF0-vY{5nu6628b{CEjXDDwDwr6lxK
zoF!pWLVL7^gPgJ4bzb2a4n3~F!k`QZ$7W_OmY9#tTsBQS3vjnY=JYEDX($T{-tLIW
zy=kK05N<mgBB{`>rC(jFMHO&AK)&YD<@%K;F%O4Tz&2;|7;m*;-`OrZJj(4iDQDVE
zH?by$T(G5j#A@M&Lqq9qPc`=IWVOW0*+-jF#AW;OM?5=*wllTDwZi#57ZDG&bP%}^
zf9q0vE8S2Z1^{9+C`}4Eqng*=i%$;x@#qxb7qflE+x6CI==u5qPiPWDPJ(B^cru9F
zJC)nr;7udU)~3hMGFPDVx4PK-IoQY;CZ0Qj$!BGTs)$n@)YKP6q_^IOCV^1Vv_{SA
zfB$)fIpkGP+68ZC^NZg{e=s5GpA!=k1rg7vlOhKk1CN!MjH^tb;(kTr7fMBU6PeU0
zv^0ERSYlXH2{R?`3ZU1YKlS5cMKGU4q5#6+;y*!OlAcyDF8kNXm_Xo22O8;b2GrXP
zGQp;R{IBWy9G9^q9x*fUq#Ze~xTB-o)6wyt<X+xrXN2Gd+ue7ZeHh%3F`tP`tM%-5
zwaz%A*(83+;`(d*MwE8(va3boYg?gZz4`Fg5-m5~`X;5JYKZ~f0AXfg26u_MR3PPD
zddK*PR2atdUb+;Hyl=<wT;Zv6^iT;N3Sn0C7y{*u0awzugED#eT<Ss-d;=(NC;cK*
z<=j3U3>e;f#S2Tku)&Yz{b}C2u%{>^%evUTH=VR!?RoV4IKcIOce%5~X1Sx@e2|cs
z-t6`DLP9uF9Fo2oVG`z?XlK41rT?$;{3s<Zi$Z+lb@J=<C@eQr!f^pBBXAv8JJXt>
zPzJWGWuo|P!D&yTtnCsT=4iaNxj$AwYJx|hoWIV$wYc-j4w_~GiB>#U5R>t-*mt;$
zYk)=PB3yHwBI`5s`7@<lm#urgUQQK5k45t!GsPVLAc4!D)?L!etsXNRsuC}3yODWZ
z4C<R~CHADwzsYpLl{iNl=uOt6#ggrv?4U*waTkWA38~Hlj5m3swd+Mj5I7v~cO@4K
zPZ1`s!;*{tILVHPnWi&wuSU<TS4#p0jsJ5*3lcaP%@Lt=8O0{)FF~l{GRq1l861P~
zBFrvT;ud2gOA)9<>7Ns|4}O+f(v4zli51^@a#SW&utoAwjP3{oYU6ZfC<H&pnGD=T
zIah7LFm2&KXqO5h!K>qUQVcFS50cicHtG_uR3uKI<h=2HT*VM^$>Og^(RNByqO+Po
zMt+~&3<imgo&w=qn8$vB^5&r4dWxDS<TUacCK0KN(I$`md|TwBtMbHsk&Yh{{ls-b
zL;JbXL~DBKS8yRTrBguF%bKk}f-n#jnPn<BhHOv0V8YcNtvOZ$Lc^1?&=_-5`(i4E
zhEuUvrAewk@@f7FR+jfrvCLz&8E&VlfGF`7)U9^OHoTXgn9K+al3R6oEY3+sZ}?nj
z38fhVkl7m~r&XW8{egqor>t=fdgNUIuwlU<#9m3TS&TG27hLgG6MpneVL%XZXZXay
zlul{=ba%{tEzA*s8drFuy&BPD<a9Q;jI^mG)hGHr5X7pGRmi8Ie{cDLiZLxPSD0u~
z0iqU>beT_rRpCp1%oqmnT0e`^r_`U9wN$Y@rq@`i%0xz(BH}I%&(D~PJ4T14MsGuX
zZPn`dK8wRRM*n3f;G|G3C}eTb8)_|=ceBiA=tiE)WtcLg8xz)XO6Ai@j7zR5jOHR_
zmrI+SeD7r7pQmRR=J1syqNU36Sa4#W5Uc4L8zPk*XnzJfH!%5!xw4IuuMMZ)-z}Z*
z<PQ_dpeu!Zi-Cbbw!?K_vW|eT$qj5OPqo!joAo$-bwcQ4%@78IN$PPLZ84d^^@1Fo
zIcw^u%YALmA`U(V$Dk25Nazy5@V888bq#jF)u}{b7o_=6<a4c*N4^w5Z+!FZ^#1fn
zYV)M$E&>VBudtG3^!M@GlxZ!@uiVp|rr4uvZ63ZqOO!jiY%rDCilODyU#jXA-;uFK
z%%TJc<Fl?lA<?JlyN8%2;u9bqOcqh_-<u7hU`1Ar#->%f98pE*Q68@h_F^ky1jADV
zNaIU7Ih-=XB>~sD&S?ylDRP;hwkP(BCrcJwx%)1RQIwe;o{`^CeH{S6LaM<VBu39r
zSdky`9OPYFaH+i5Cg`ul6Nq4}Stf}#A{;)!3UQowc?QpNVf^CxO-&1s(-F|kak^}E
z`dnw&z-X5UMi<=l1?EU1CL_R1vz^PUrgL)PR2dGZhOxiXtIz5X(+$CZz4H4c=yWe#
z7IeN2^svc{@SM6$RgN|&1F-LmgewG3_-44L`VhjPNw+6&eqpGoeI?%NYWJ^S3d!E#
zoG;tDy*k9w;F=9n;VsY(N)~<T$w}pX<G1KKg&{#SY-8Nga4OEV-YrLthTDPE_WMSa
zlCGZY>q3iL4ni$DEHMS50v}>+r&!1>ydmb?(4H`l>J8V*c$~yVI%iLJV0St1;)B(4
zN9^@iKBl}6P&D@+Zx92Y*Gi9Qf-H@<C(%Zn(4$*7wH&`|hN9Hf6Y4=?3-wAWtACz^
z_2c-}=Rr!vhH?6rT!+(THsgHaX0s(Is)XG0Ag_g%)3a~C>XGB7*oT}^LbxuA-W}t0
zOZ?B_cCOWhBcz*<7oL5C)MKQ>7c&)$J3j^<f}bc0zlVA^iC8h7HtRGyE1Kvcl9m+A
z)NzF-bF+%3v61zhJLu|+GmJ>2e=WdfH9civGkVk8gE5A2eApdU>2=VGVCkf5X5>{s
z6`F6qcrTjGLXIPFjBt%wi`5}*mEaXI&Ucb`I8$lqi4Pdtm8_1Z9fFIt9kNGdq>j8c
zg0`_DGL)u@MG=9m<`*tFa0tsPOS%oRT~3{mf*MGnz4sa4;GgI}LOI9nVmvi9^&Wcw
z5;;jBKDmfpQ1vEUtcqh_Towc#^*;*PkyLVRn76fUXCshxXvY*;)gH`7UQHnvT=vUl
zTcYdDP6l~|RmaraWN?P(qnV7D;Vh>a8XPbTZo^+c+siXR3{bPNzaFdzp^vrnyE&m@
zVG<0uvgOJy^eOg&r>ZQs4fQp}S~W<=7kOiB6^&9n{`la-r%}s=U&B{0AXE2xhyBr+
z-qx<GcHpKvm~;R?N%@GGHU)|E!L*1ubII#G`*b<vPe=AvmpF`dkzsmV^Grfrv&$3l
zJ%TnLtS}H<5Cw_zmXCPp5uyy%0^vVL14oBsfI2vr^brk~z8K~X;u-t-F~?A+|2rOC
z{d$6;Wq7#80ee96UBY1q@!$Ngn+8Nuj|J`Qokb%0h1p+0^e3sh6|WWg#@(?Rjk+FY
zHQYr1%+6pRGNR}!{I1xUlpjMu31LwJIVI#lYxr$yZs|6CK$YJO7bb@+lFV}drG%-F
z?>|8J=LN*73^rZi+^qO_1vO&NhT)!^qgh#heVxaw3q26iS_*ccv1hu;$|vd<4{6B4
zn*+ZH1yPn;qg(%*YcvJ?7Svy3O>PZk;JVPG|8i<1ky1L$>;Q3+XByjKh}^HqA%R{?
zbPA;_s5&9S;a0SkrA}g)$(WR3vhT&r)EaCm`_zES*uaFjSt4V^DiFAl$PCby^1yg%
zX)?5wYLuHHfT7GSqV`7r2c%aC0_27|<xNZ7KSmA7z6;d<h3Ca{VX*jQ%bv?`f71wh
z_*wK{;sr=dlfd^+O=^^i{a=QL2?bCnDVs`VIsfHVM3ty1x&Ht1HWeY&GGt_AE;{Ca
zkD?G?fx?oN?`yD|cMnuA`ycPuUkU^Y@h1>rvtn|o7KceA{ddrSg2e|AC`06?`eOf*
zCBXbFj}nXh?>)Q%_b^4MuO;}OdpHRha(rUCfA8Y~mTYS#*Hn?m!S7XIb=~avv-MG7
zmdPAo5bAnhuLUO>XcQfE^0PvSu7MYD?ne)O5BJCO3k%mM3!1H0n>y!AZ9;BmUs|Gs
z&K5T%_FFTjzZBZWb0{FmQ`hhi(sPyY4P?fM^#Wh+5eUiJ`=XIz!Wy>=lHnIX8Zs$g
zRKoX(iDt;R%)Q47jC?poFl^m&JJ*~3saJ4Mk|LqGuzkt25~BB_Tx=*6sVBLLmRdf<
znA+uiNck)-aW(MWypJq`N@7H0x(Q7BKLRNxa%dhC#r>a{Sn@8+l%H2%m3AcwizSLV
zI(P^zzEIh4g<HQRu2x9E$L7j#<Tfo-gUnV@FRDPu%Oh4H%JeuD93wFlrF6#WrQzj+
zTE#=j^pFAgA2n108I1N_jJamJ^Z$^7j6yJ4c<x6FyC<EjUyZ(&0;8=dbc!S*>3hUv
z0ity}ABYMcLWl!qD!Pg=7vKg*p9|ugf$W53dbkc`88mvGTg-riXK6>AGM_*QoL&;W
zV&d9510=*=Pxb$3shY!}mJvHJFv}(({$;RR!f$TmmwxG>I3(F@Mvr~hqW;mN8Bf=}
zrQOr#I1T^uUDKuEQNtAG%Tm=vyXEGw!v$4u@l3TYD)-42|A}to&XZ|7rr)a8xAu)+
z^acrOcYyRZ3v$SZzDOvbzdo#A1Jwe=2VL1q@D3bD0q_t9H(;%Ccq`QQ4P>2v2K<=P
zTi^Q)AR}^*7kTs))Y*nSu0fx~SAa9c4PvY!(06?^esA_}!7|5hOZd+Q4loo~Da<<4
zAA%h7S^=PSimpe9C8Ui(@&<CE_eC-^l*YhG;{s4k9gWO7D>8Gh7}fiF)43+)m&dLY
zejPor`?KFJt+nSD??)`{fBfo}GHA^C-IaCsO(x0$bysC3c7JL7VVm0q+v#Z!!9#Ix
z$3Uxt)fMM#uEN-W(u`N+P8-`vh>*|K{_XJLshMX{CqpysrgR^eq6-cIck{VuW%{iR
zfDOq9XI>bp$aJ3ek=TQ<Kl|Al^CRVe+az#s-)lDG!iK*Si3tvx{xd|*4`eQAnK=rv
z-%P&o`FuvCWy%8Sb|#RM57OwYdOn+i9>E?6WvtKD&ARJN=bH>!b&gZNvM;<0Zm6?M
z*si!!(&at;pu8ZgOkdz^cGqI>8y|kuS29EDijCc_R6$nDw-T53i|)n#-h|zPN__ut
zj(-MjKrVxy&QJGet=H-XTvrFRWAN1Q31FZb_U9WN2>Co$A)$A`;<ifebHI5Gv^q`T
z?u`L6*tsaD2gK2%;&D7%+pm}{IIEb>K~*{mSd|taLE>*4!4$JFgZTDnWa1QtN^t%&
zM`)m`yD!&5ag-b}gf3KGb2R{NqpA{ezi@tpq_4nWd#r1<x_<@8iTXf<n+f2sj6?Q-
zd?@TREfkzBu<+vD&w&pfQ^krEes@>KW#na~inuehUxA({>XyY1sC4pJDyS!3ei(g>
zPPQA*6|3f9Hk?av2ZFchc94&U9*rW&GgH_&6KHH7jm<gNG-uPhq_4RW?v3`F87rT&
zNuTU`(Ex4n;F(SE7X8ev>e8Y1^(LF9-4lFW?0H#hbVP$=y^We%>x0Mbkrc^7_+hL5
zi%wss+mlpuZp+wrqe2(I=o_u1sJ!;4sh6|7v`ixiR>Lc=nwIbVLTq*wyBR!VCSnd3
z&SQ0N<Zh9~ysjG;cub=S*p)6Iv6C3Yobc)BWc*F??Cn1xX_g<9mJ$bk0~TS&|Ie@?
z{g7ke`=yPU&PO-CUKZp*upVaaPZmY*FSa(CJ3(R`!9gOaJ{uoo7JxL2?B^m_0+9c#
z!OG<){AYvS4EzQvjo?d45s_tM#XwQe#j!Y<kN5&k7A+JcCK@2GlP1lBTM`y^2=e#{
zeVv~}PVI?!wgz%3(dmU`u}oKi-X^3K!RtAwZGu<mCtKY1b2GZL)<FoD3vijBTyk4T
zbl<d}bfa`#L*m`g?7RVG3?ml2kT>W9j!ItuS(Sv7eErFhh8(mBoY`_`jaZR{y>U?j
z9X(+Bz9zowRLnAeQ(VRy!K$xWh!t(H-hL^dN04K0W~(yKZ-3R~eq>U~8p5ddvWo}l
zjrbRz;OVd0tl!<{s-U1y4&)@o)Ohn%{jN_El|u$^8BFI}<_&K~zAn`aubT3@sM%ci
zFlaQr(cf!@sZ_sPO=1=#DqHjScb2){%B<8|%v4{jE68ju+pa|2m6)4xQH|hn@n~;b
z`eE2WXVvE%6`6;`)=)2HO-f(ur;@%Xr9OG%yBP5Fuqq|I9>Xo}1`dJ|%h$2cq(iC&
zSiCpg1Hb!0I%6NDbJsJ1CZMb5$Lu^G6A?jGi9)@@2uCN|1NAxSC<rGwK4I_yi2&=f
zu77JvMoqZ!+us|fkOKjpZu&*AXZpRNuq154Q&vGbDDoUtByzV|svv#x_b#%abk1F~
zdx%LV7#>YEM-CFA2ZWL0?OLpq>WFR}a$%n?cc=QZz+p5;z*dD$FFquJ?<7J6am41K
z`rBIVQQ8B-FRp;%CiwDrS!DMkCRhI>N7NQU%4cbiNGp;ter{;&ta$d&Nyzj&YtHwz
zpbj}4Hgsvz{VCoN@v&j5X8Ui;S2Hc{<MXPm(s<VnA(`RJ+OQu(Pb!ZcPNNC0TI>~V
znp6BIdbSN()rU<R-1-dy+UD!ewhZb_A9SX#P-x$^EH0fti3p0(kj}RU`S|WyIKaE-
zjU?6^Hdl0H>m|67GVdZOrIoVqf8*MaXKSV%=>|uDlycAvZ}ER#k%=WvQ48fKBE^I!
ztuuHN<oUe_NW0|Tj0jG&$o<`R@xq`onIE%=EhONUOF=AXj{QhFr}2~>=^d5on;<yO
zBdUaK0J>0PGV!RSpN-p7VRDYdq*HTRn!KUxjM`i$?e5=`4wd8C7=eQ^du;z1q=Al>
zjx?`0PR?UrZqSeS9qy25-Hku!+k^%ESu6=Jx_JRH=N!hHu*l8500HfGa}UQ~%G3Ss
zXg2UJbk<hgkNbeM2(VqM`EfL4s?(y|w(f0??c2B2R`qhioW~sF)6}%k?G^nKd-<2v
zBLh|U)A6mSi^}#fg7dh>8T=+60tZ)1ADEdh2HAIaLx)FQjcrj&?4NcH{d#V_RI3MN
z3^(F>{Fy4$h13gQJQ{_eGFfHi&vEYc=|yb;C5xd#i`v2r)${6PhR?GOO{?L(LkjST
zH<zWz>K<w*Wcv%vE<CUM|L()iQcy|Mru4<Hamt~!FvsCnY4GTHH=?qW2#iN`t4*ZF
zHJsv#cY*&5eVuxpw1NaP`?F~FTckn;?^r8xL=x+XnxA7&9L0}noB3V^ZceB{g^LOm
z6ZgjW-y_iNs3cLTk+DL?H<^fhOfTI%RzLh$Xs@($ZN0*`zBzH>udsQ@{hn8ufb6mn
z&~4*#+c<>bub4i?R2GP!Qz^ZqY5R5g$~0^ln|5zSq+GQ<mx^SZf7#}T`?E9Tv_DaX
z922!(UsbjqVg*R&Ucfo?4w+_0n~;t)Ry(p2L^GE4<)g<V3u6MaWE+T5mgM0l{Wx2t
zC614^e7AJH0Ccq>%Fuh>Q{CUoL}TNQiSClxZ}-ZKZBW$?|DHl7Dn$uZEyf%gKww(<
zz#*4eik%p8tgfb&fQwhBpH2w0BzC;O*_#mhl7*d}{pXK&?kuo3qp8yAv>&&AoUJ#)
z%XQ}m(xc{Ei9}KqBLBdDh(acAR$vyPa<~b8!+>K!KXuW=V?x$0|C;`X&V>%1Tg=r~
z#|&?auCnd6H&5B&*%x)R;+l_rjV|%+t<Mvp)a+Ux{?yyQUG95jsv$q!cNRH+c4?s5
zY4M_Q!2xNqH>t*ye+HviUv^qM;)NTajrZSqD+F+qo1gHOZ9nwx&3wVXvJ45$n(K5r
z5u!P|GbsDjESE=*uV_Z*AReBpUfA2L$)VauGn^lEL&U*xf^C6qA?9@HBPas<hN(N$
zd(jtf6v%Zs5RJZUgmnOMH}++=+b``XrqT$a1xRo&JZ{4;(Ikey#&$J0m<055yl4Z8
zL(ELJPe)FnmQL8r6hzmQ%vOo{^wP2uAPSbO?}b7n;@nH$R>#1I<UH%(pVfZhe?Cf8
z5()Li$DCqK(e=i-pB)+nLC=6Q#NK?4Z=v+l64oMwvNpkEh=x5O2nqdQVfWskCyuC=
z%Cj!*7@k<X&zxIviyy1jU-0;PRA=)AuW1{`)F0d1J--}|vi8Qjfocj9e7u+5?T-#+
z`i7NMrVcejl=1CJG0=Y5`%au47X?qcn@Z;!d+DQJgK?hJ&o%hlXbg4h7pE_T-Bsgk
z$?M`fuYU(~Iv=W*El4WA`}haVb@{fOlJ5xT=?ky9fukh1p{7v(Ln&gEONHZ+-NSP3
zne?;`RVZVMT)cGcC%)Tm%PA}inbMbj_575^MY9*vXB1YE0X>it&OmZ-AMDpJT3)){
z`Yd8te<vs^VlI+6Gu&<ziiLnIYA<Rm{$0ZAK-^%Q99@4XAPcREZRJtch(7+NB;kUO
zTI2u8?SAlk<zj5eotxRjWFu1=y_DjRbQxMttjZ+4`GW%@Gre};bd_;W72-EU0?Bx1
zJ(9EVC$^5}hR@&T<Po()c2;ww4F+gF22WWw%thjGI(mXb%ewQS&Poy=J9Th0*o$AQ
z>S4hQcm7^o%1%9yu`BH!PZ%Jz=uQ}XhC{g|w8V+>O6ex1Yh*~raqSbQX&>~HKw-$V
zl7-<Z!JX0cSMR?I_A)&5NW?Df>pI81cy<$UReZcpx9i<z{K9$UBL2PueUgGq#j!Pf
zd;LQnUf)!qQV0vGzXj!9TmA;KHz_-uSC1Q9S5X*Vwr>@suM-95SxVt_^h~7-mC6Jn
z;WihmHixSCYs_etVQF!H&y1<|adWRj&qb>>U}&84tQ-9g9+4Z2x#9!Y+<jn8QLdm!
z#V&FeXFgQM1G$Ezm&QegqE%lcttwA-KFQbp|MYR9o8o~;0y?!f<fa)aE3I_QGW4Oz
zsmzGI&8dofFaZ0uFs|UyIs8u>7&HW$F)G&lFM8K)T$jH*H3Svr=3x3X5-nnoYci_U
z=o7wHg4XlzViSn@*%R*f(6?hN%E3UWn?O~5tnl50=kM8(B%F!IUd#2de5j(u4oadQ
z&X*c^Z!da*sAoIt$z$+$5eFJuPDF)+4-}7KafsUQ?z_SQIN|<jX%lhc@V51O=|++#
zdKJ<n{YIQEU&>D-r>@CDGli<ZyIT9r_&2&m1q)G6xX$tVviX>R@9{E@mI%7eAc3{#
z`K$Vqk;zbFCRgP8_jJaxgN!r5?6m&=E*({4gaUNurj^xk{vPYDcQHlw;U@oJJwQrN
z^-b6`=k|%2<O=WnX+GuYc!<;I@>x!`W7V?Z$jcLX&5X7G>kn#VC`TK|V-9Ch@$9UP
z_i7KyG?D&;mHnSVRX`*hqXrzM)*`l%O@kLX9u_;pgF*t+zsLz44OEHvip~}HBc8aa
z1-@J{(0IcOSPV`xNBp-%hjjGxa3^RXx?R;V4p`k?SLapT?cXDL8u~=unM+X$5aR$h
z>_5=T06H`ut{$?|vqr9LDc=iCbI^D%A1t=coc6F-_jA<W-}^p9M;$n7+W+%?X)#4<
z;IVq}SYG$#_jg&cO#2%ra5Xdr=1K+hCgt#*bJm`@+p|`A3TQI^FMbdtfd-AMMsK0B
zu@Hwe;ff_*ldr=b7wf5=8KyyRdpjhjcL4K-8orsj@&lXrBo>W9Dt@K%-?ke1KOfDP
zjKyIuNx>%_qoPeL8Ev|DNI+*eVLD8}W1816Kv9;!@w$&ME~%RF&wK0|SvUTF&JF!W
z6%W;h7#03z)U02+`!&v6dO2>36iEptE^&+A;W}e{Vx)o~cUvl_|MS@Xy(^?ch~Hu{
zQ40DU=|acBhjWe|{uYm}<*@2gSU1m8mqaYh=ddR24_MuMjQ>9G#Y3z3uk}j;3EESI
ri8I^G+MOJ2Rmq*4&bSx+)F%u*<*4suI)W5X;Gdk7l4OOrQSko*o8`iB

literal 0
HcmV?d00001

diff --git a/docs/recipes/kubernetes/matrix.md b/docs/recipes/kubernetes/matrix.md
new file mode 100644
index 0000000..d6b0532
--- /dev/null
+++ b/docs/recipes/kubernetes/matrix.md
@@ -0,0 +1,612 @@
+---
+title: Install Matrix in Kubernetes
+description: How to install your own Matrix instance using Kubernetes
+status: new
+---
+
+# Install Invidious in Kubernetes
+
+# gotchas
+
+Create signing key first. Else you'll ban yourself from the federation!
+
+```bash
+~ ❯ docker run --rm -it ananace/matrix-synapse generate_signing_key                                                                                             ed25519 a_cQgt sOaAmEl7a9s2S0RCr7FT9nzuSjEjYVRrNNzwIKsutzA
+~ ❯
+```
+
+
+Thanks to [Sealed Secrets](/kubernetes/sealed-secrets/), we have a safe way of committing secrets into our repository, so to create this cloudflare secret, you'd run something like this:
+
+```bash
+  kubectl create secret generic matrix-synapse-signingkey \
+  --namespace matrix \
+  --dry-run=client \
+  --from-literal=signing.key=YOURSIGNINGKEYGOESHERE -o json \
+  | kubeseal --cert <path to public cert> \
+  > <path to repo>/matrix/sealedsecret-matrix-synapse-signingkey.yaml
+```
+
+
+echo -e ed25519 a_oDEG IiFDnZsM4TaROTdnFmcfa15Ee/srcF/J2bQ9VP5o0Pk
+Why not Dendrite?
+
+AFAIK, it woen't yet work with SSO (login with GitHub), and requires nats for messaging, which will consume more PVCs on my limited DO cluster!
+
+
+### Create matrix_media_repo database
+
+```bash
+kubectl exec -n matrix matrix-synapse-postgresql-0 -it -- \
+/bin/bash -c PGPASSWORD=$POSTGRES_PASSWORD createdb matrix_media_repo -U synapse
+```
+
+### Create mautrix-discord database
+
+```bash
+kubectl exec -n matrix matrix-synapse-postgresql-0 -it -- \
+/bin/bash -c PGPASSWORD=$POSTGRES_PASSWORD createdb matrix_discord -U synapse # (1)!
+```
+
+1. No hyphens allowed in database names, apparently!
+
+### Register admin user
+
+kubectl -n matrix exec -it $(kubectl -n matrix get pod -l "app.kubernetes.io/name=matrix-synapse" -o jsonpath='{.items[0].metadata.name}') /bin/bash
+
+```bash
+root@matrix-synapse-5d7cf8579-zjk7c:/# register_new_matrix_user -k '<MY REGISTRATION KEY>' https://matrix.funkypenguin.co.nz
+New user localpart [root]: root
+Password:
+Confirm password:
+Make admin [no]: yes
+Sending registration request...
+Success!
+root@matrix-synapse-5d7cf8579-zjk7c:/#
+```
+
+
+
+YouTube is ubiquitious now. Almost every video I'm sent, takes me to YouTube. Worse, every YouTube video I watch feeds Google's profile about me, so shortly after enjoying the latest Marvel movie trailers, I find myself seeing related adverts on **unrelated** websites.
+
+Creepy :bug:!
+
+As the connection between the videos I watch and the adverts I see has become move obvious, I've become more discerning re which videos I choose to watch, since I don't necessarily **want** algorithmically-related videos popping up next time I load the YouTube app on my TV, or Marvel merchandise advertised to me on every second news site I visit.
+
+This is a PITA since it means I have to "self-censor" which links I'll even click on, knowing that once I *do* click the video link, it's forever associated with my Google account :facepalm:
+
+After playing around with [some of the available public instances](https://docs.invidious.io/instances/) for a while, today I finally deployed my own instance of [Invidious](https://invidious.io/) - an open source alternative front-end to YouTube.
+
+![Invidious Screenshot](/images/invidious.png){ loading=lazy }
+
+Here's an example from my public instance (*yes, running on Kubernetes*):
+
+<iframe id='ivplayer' width='640' height='360' src='https://in.fnky.nz/embed/o-YBDTqX_ZU?t=3' style='border:none;'></iframe>
+
+## Invidious requirements
+
+!!! summary "Ingredients"
+
+    Already deployed:
+
+    * [x] A [Kubernetes cluster](/kubernetes/cluster/) (*not running Kubernetes? Use the [Docker Swarm recipe instead][invidious]*)
+    * [x] [Flux deployment process](/kubernetes/deployment/flux/) bootstrapped
+    * [x] An [Ingress](/kubernetes/ingress/) to route incoming traffic to services
+    * [x] [Persistent storage](/kubernetes/persistence/) to store persistent stuff
+    * [x] [External DNS](/kubernetes/external-dns/) to create an DNS entry
+
+    New:
+
+    * [ ] Chosen DNS FQDN for your instance
+
+## Preparation
+
+### GitRepository
+
+The Invidious project doesn't currently publish a versioned helm chart - there's just a [helm chart stored in the repository](https://github.com/invidious/invidious/tree/main/chart) (*I plan to submit a PR to address this*). For now, we use a GitRepository instead of a HelmRepository as the source of a HelmRelease.
+
+```yaml title="/bootstrap/gitrepositories/gitepository-invidious.yaml"
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: invidious
+  namespace: flux-system
+spec:
+  interval: 1h0s
+  ref:
+    branch: master
+  url: https://github.com/iv-org/invidious
+```
+
+### Namespace
+
+We need a namespace to deploy our HelmRelease and associated ConfigMaps into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `/bootstrap/namespaces/namespace-invidious.yaml`:
+
+```yaml title="/bootstrap/namespaces/namespace-invidious.yaml"
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: invidious
+```
+
+### Kustomization
+
+Now that the "global" elements of this deployment (*just the GitRepository in this case*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/invidious`. I create this example Kustomization in my flux repo:
+
+```yaml title="/bootstrap/kustomizations/kustomization-invidious.yaml"
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: invidious
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: invidious
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  validation: server
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: invidious-invidious # (1)!
+      namespace: invidious 
+    - apiVersion: apps/v1
+      kind: StatefulSet
+      name: invidious-postgresql
+      namespace: invidious
+```
+
+1. No, that's not a typo, just another pecularity of the helm chart!
+
+### ConfigMap
+
+Now we're into the invidious-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/iv-org/invidious/blob/master/kubernetes/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+
+```yaml title="invidious/configmap-invidious-helm-chart-value-overrides.yaml"
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: invidious-helm-chart-value-overrides
+  namespace: invidious
+data:
+  values.yaml: |-  # (1)!
+    # <upstream values go here>
+```
+
+1. Paste in the contents of the upstream `values.yaml` here, intended 4 spaces, and then change the values you need as illustrated below.
+
+Values I change from the default are:
+
+```yaml
+postgresql:
+image:
+  tag: 14
+auth:
+  username: invidious
+  password: <redacted>
+  database: invidious
+primary:
+  initdb:
+    username: invidious
+    password: <redacted>
+    scriptsConfigMap: invidious-postgresql-init
+  persistence:
+    size: 1Gi # (1)!
+  podAnnotations: # (2)!
+    backup.velero.io/backup-volumes: backup
+    pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "PGPASSWORD=$POSTGRES_PASSWORD pg_dump -U postgres -d $POSTGRES_DB -h 127.0.0.1 > /scratch/backup.sql"]'
+    pre.hook.backup.velero.io/timeout: 3m
+    post.hook.restore.velero.io/command: '["/bin/bash", "-c", "[ -f \"/scratch/backup.sql\" ] && PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres -h 127.0.0.1 -d $POSTGRES_DB -f /scratch/backup.sql && rm -f /scratch/backup.sql;"]'
+  extraVolumes:
+    - name: backup
+      emptyDir:
+        sizeLimit: 1Gi
+  extraVolumeMounts:
+    - name: backup
+      mountPath: /scratch
+  resources:
+    requests:
+      cpu: "10m"
+      memory: 32Mi
+
+# Adapted from ../config/config.yml
+config:
+channel_threads: 1
+feed_threads: 1
+db:
+  user: invidious
+  password: <redacted>
+  host: invidious-postgresql
+  port: 5432
+  dbname: invidious
+full_refresh: false
+https_only: true
+domain: in.fnky.nz # (3)!
+external_port: 443 # (4)!
+banner: ⚠️ Note - This public Invidious instance is sponsored ❤️ by <A HREF='https://geek-cookbook.funkypenguin.co.nz'>Funky Penguin's Geek Cookbook</A>. It's intended to support the published <A HREF='https://geek-cookbook.funkypenguin.co.nz/recipes/invidious/'>Docker Swarm recipes</A>, but may be removed at any time without notice. # (5)!
+default_user_preferences: # (6)!
+  quality: dash # (7)! auto-adapts or lets you choose > 720P  
+```
+
+1. 1Gi is fine for the database for now
+2. These annotations / extra Volumes / volumeMounts support automated backup using Velero
+3. Invidious needs this to generate external links for sharing / embedding
+4. Invidious needs this too, to generate external links for sharing / embedding
+5. It's handy to tell people what's special about your instance
+6. Check out the [official config docs](https://github.com/iv-org/invidious/blob/master/config/config.example.yml) for comprehensive details on how to configure / tweak your instance!
+7. Default all users to DASH (*adaptive*) quality, rather than limiting to 720P (*the default*)
+
+### HelmRelease
+
+Finally, having set the scene above, we define the HelmRelease which will actually deploy the invidious into the cluster. I save this in my flux repo:
+
+```yaml title="/invidious/helmrelease-invidious.yaml"
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: invidious
+  namespace: invidious
+spec:
+  chart:
+    spec:
+      chart: ./charts/invidious
+      sourceRef:
+        kind: GitRepository
+        name: invidious
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: invidious
+  valuesFrom:
+  - kind: ConfigMap
+    name: invidious-helm-chart-value-overrides
+    valuesKey: values.yaml # (1)!
+```
+
+1. This is the default, but best to be explicit for clarity
+
+### Ingress / IngressRoute
+
+Oddly, the upstream chart doesn't include any Ingress resource. We have to manually create our Ingress as below (*note that it's also possible to use a Traefik IngressRoute directly*)
+
+```yaml title="/invidious/ingress-invidious.yaml"
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: invidious
+  namespace: invidious
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: in.fnky.nz
+    http:
+      paths:
+      - backend:
+          service:
+            name: invidious
+            port:
+              number: 3000
+        path: /
+        pathType: ImplementationSpecific
+```
+
+An alternative implementation using an `IngressRoute` could look like this:
+
+```yaml title="/invidious/ingressroute-invidious.yaml"
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: in.fnky.nz
+  namespace: invidious
+spec:
+  routes:
+    - match: Host(`in.fnky.nz`)
+      kind: Rule
+      services:
+        - name: invidious-invidious
+          kind: Service
+          port: 3000
+```
+
+### Create postgres-init ConfigMap
+
+Another pecularity of the Invidious helm chart is that you have to create your own ConfigMap containing the PostgreSQL data structure. I suspect that the helm chart has received minimal attention in the past 3+ years, and this could probably easily be turned into a job as a pre-install helm hook (*perhaps a future PR?*).
+
+In the meantime, you'll need to create ConfigMap manually per the [repo instructions](https://github.com/iv-org/invidious/tree/master/kubernetes#installing-helm-chart), or cheat, and copy the one I paste below:
+
+??? example "Configmap (click to expand)"
+    ```yaml title="/invidious/configmap-invidious-postgresql-init.yaml"
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: invidious-postgresql-init
+      namespace: invidious
+    data:
+      annotations.sql: |
+        -- Table: public.annotations
+
+        -- DROP TABLE public.annotations;
+
+        CREATE TABLE IF NOT EXISTS public.annotations
+        (
+          id text NOT NULL,
+          annotations xml,
+          CONSTRAINT annotations_id_key UNIQUE (id)
+        );
+
+        GRANT ALL ON TABLE public.annotations TO current_user;
+      channel_videos.sql: |+
+        -- Table: public.channel_videos
+
+        -- DROP TABLE public.channel_videos;
+
+        CREATE TABLE IF NOT EXISTS public.channel_videos
+        (
+          id text NOT NULL,
+          title text,
+          published timestamp with time zone,
+          updated timestamp with time zone,
+          ucid text,
+          author text,
+          length_seconds integer,
+          live_now boolean,
+          premiere_timestamp timestamp with time zone,
+          views bigint,
+          CONSTRAINT channel_videos_id_key UNIQUE (id)
+        );
+
+        GRANT ALL ON TABLE public.channel_videos TO current_user;
+
+        -- Index: public.channel_videos_ucid_idx
+
+        -- DROP INDEX public.channel_videos_ucid_idx;
+
+        CREATE INDEX IF NOT EXISTS channel_videos_ucid_idx
+          ON public.channel_videos
+          USING btree
+          (ucid COLLATE pg_catalog."default");
+
+      channels.sql: |+
+        -- Table: public.channels
+
+        -- DROP TABLE public.channels;
+
+        CREATE TABLE IF NOT EXISTS public.channels
+        (
+          id text NOT NULL,
+          author text,
+          updated timestamp with time zone,
+          deleted boolean,
+          subscribed timestamp with time zone,
+          CONSTRAINT channels_id_key UNIQUE (id)
+        );
+
+        GRANT ALL ON TABLE public.channels TO current_user;
+
+        -- Index: public.channels_id_idx
+
+        -- DROP INDEX public.channels_id_idx;
+
+        CREATE INDEX IF NOT EXISTS channels_id_idx
+          ON public.channels
+          USING btree
+          (id COLLATE pg_catalog."default");
+
+      nonces.sql: |+
+        -- Table: public.nonces
+
+        -- DROP TABLE public.nonces;
+
+        CREATE TABLE IF NOT EXISTS public.nonces
+        (
+          nonce text,
+          expire timestamp with time zone,
+          CONSTRAINT nonces_id_key UNIQUE (nonce)
+        );
+
+        GRANT ALL ON TABLE public.nonces TO current_user;
+
+        -- Index: public.nonces_nonce_idx
+
+        -- DROP INDEX public.nonces_nonce_idx;
+
+        CREATE INDEX IF NOT EXISTS nonces_nonce_idx
+          ON public.nonces
+          USING btree
+          (nonce COLLATE pg_catalog."default");
+
+      playlist_videos.sql: |
+        -- Table: public.playlist_videos
+
+        -- DROP TABLE public.playlist_videos;
+
+        CREATE TABLE IF NOT EXISTS public.playlist_videos
+        (
+            title text,
+            id text,
+            author text,
+            ucid text,
+            length_seconds integer,
+            published timestamptz,
+            plid text references playlists(id),
+            index int8,
+            live_now boolean,
+            PRIMARY KEY (index,plid)
+        );
+
+        GRANT ALL ON TABLE public.playlist_videos TO current_user;
+      playlists.sql: |
+        -- Type: public.privacy
+
+        -- DROP TYPE public.privacy;
+
+        CREATE TYPE public.privacy AS ENUM
+        (
+            'Public',
+            'Unlisted',
+            'Private'
+        );
+
+        -- Table: public.playlists
+
+        -- DROP TABLE public.playlists;
+
+        CREATE TABLE IF NOT EXISTS public.playlists
+        (
+            title text,
+            id text primary key,
+            author text,
+            description text,
+            video_count integer,
+            created timestamptz,
+            updated timestamptz,
+            privacy privacy,
+            index int8[]
+        );
+
+        GRANT ALL ON public.playlists TO current_user;
+      session_ids.sql: |+
+        -- Table: public.session_ids
+
+        -- DROP TABLE public.session_ids;
+
+        CREATE TABLE IF NOT EXISTS public.session_ids
+        (
+          id text NOT NULL,
+          email text,
+          issued timestamp with time zone,
+          CONSTRAINT session_ids_pkey PRIMARY KEY (id)
+        );
+
+        GRANT ALL ON TABLE public.session_ids TO current_user;
+
+        -- Index: public.session_ids_id_idx
+
+        -- DROP INDEX public.session_ids_id_idx;
+
+        CREATE INDEX IF NOT EXISTS session_ids_id_idx
+          ON public.session_ids
+          USING btree
+          (id COLLATE pg_catalog."default");
+
+      users.sql: |+
+        -- Table: public.users
+
+        -- DROP TABLE public.users;
+
+        CREATE TABLE IF NOT EXISTS public.users
+        (
+          updated timestamp with time zone,
+          notifications text[],
+          subscriptions text[],
+          email text NOT NULL,
+          preferences text,
+          password text,
+          token text,
+          watched text[],
+          feed_needs_update boolean,
+          CONSTRAINT users_email_key UNIQUE (email)
+        );
+
+        GRANT ALL ON TABLE public.users TO current_user;
+
+        -- Index: public.email_unique_idx
+
+        -- DROP INDEX public.email_unique_idx;
+
+        CREATE UNIQUE INDEX IF NOT EXISTS email_unique_idx
+          ON public.users
+          USING btree
+          (lower(email) COLLATE pg_catalog."default");
+
+      videos.sql: |+
+        -- Table: public.videos
+
+        -- DROP TABLE public.videos;
+
+        CREATE UNLOGGED TABLE IF NOT EXISTS public.videos
+        (
+          id text NOT NULL,
+          info text,
+          updated timestamp with time zone,
+          CONSTRAINT videos_pkey PRIMARY KEY (id)
+        );
+
+        GRANT ALL ON TABLE public.videos TO current_user;
+
+        -- Index: public.id_idx
+
+        -- DROP INDEX public.id_idx;
+
+        CREATE UNIQUE INDEX IF NOT EXISTS id_idx
+          ON public.videos
+          USING btree
+          (id COLLATE pg_catalog."default");  
+    ```
+
+## :octicons-video-16: Install Invidious!
+
+Commit the changes to your flux repository, and either wait for the reconciliation interval, or force  a reconcilliation[^1] using `flux reconcile source git flux-system`. You should see the kustomization appear...
+
+```bash
+~ ❯ flux get kustomizations | grep invidious
+invidious                 	main/d34779f	False    	True 	Applied revision: main/d34779f
+~ ❯
+```
+
+The helmrelease should be reconciled...
+
+```bash
+~ ❯ flux get helmreleases -n invidious 
+NAME     	REVISION	SUSPENDED	READY	MESSAGE
+invidious	1.1.1   	False    	True 	Release reconciliation succeeded
+~ ❯
+```
+
+And you should have happy Invidious pods:
+
+```bash
+~ ❯ k get pods -n invidious
+NAME                                   READY   STATUS    RESTARTS   AGE
+invidious-invidious-64f4fb8d75-kr4tw   1/1     Running   0          77m
+invidious-postgresql-0                 1/1     Running   0          11h
+~ ❯
+```
+
+... and finally check that the ingress was created as desired:
+
+```bash
+~ ❯ k get ingress -n invidious
+NAME       CLASS    HOSTS        ADDRESS   PORTS     AGE
+invidious   <none>   in.fnky.nz             80, 443   19h
+~ ❯
+```
+
+Or in the case of an ingressRoute:
+
+```bash
+~ ❯ k get ingressroute -n invidious
+NAME         AGE
+in.fnky.nz   19h
+```
+
+Now hit the URL you defined in your config, you'll see the basic search screen. Enter a search phrase (*"marvel movie trailer"*) to see the YouTube video results, or paste in a YouTube URL such as `https://www.youtube.com/watch?v=bxqLsrlakK8`, change the domain name from `www.youtube.com` to your instance's FQDN, and watch the fun [^2]!
+
+You can also install a range of browser add-ons to automatically redirect you from youtube.com to your Invidious instance. I'm testing "[libredirect](https://addons.mozilla.org/en-US/firefox/addon/libredirect/)" currently, which seems to work as advertised!
+
+## Summary
+
+What have we achieved? We have an HTTPS-protected private YouTube frontend - we can now watch whatever videos we please, without feeding Google's profile on us. We can also subscribe to channels without requiring a Google account, and we can share individual videos directly via our instance (*by generating links*).
+
+!!! summary "Summary"
+    Created:
+
+    * [X] We are free of the creepy tracking attached to YouTube videos!
+
+--8<-- "recipe-footer.md"
+
+[^1]: There is also a 3rd option, using the Flux webhook receiver to trigger a reconcilliation - to be covered in a future recipe!
+[^2]: Gotcha!
diff --git a/mkdocs.yml b/mkdocs.yml
index f3e8f56..bf7d3c3 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -259,6 +259,7 @@ nav:
       #   - Kiali: kubernetes/wip.md
         - Invidious: recipes/kubernetes/invidious.md
         - Mastodon: recipes/kubernetes/mastodon.md
+        # - Matrix: recipes/kubernetes/matrix.md
       #   - NGINX Ingress: kubernetes/wip.md
       #   - Polaris: kubernetes/wip.md
       #   - Portainer: kubernetes/wip.md
@@ -293,6 +294,8 @@ nav:
       - Contribute: community/contribute.md
       - Code of Conduct: community/code-of-conduct.md
       - Discord: community/discord.md
+      # - Slack: community/slack.md
+      # - Matrix: community/matrix.md
       - Reddit: community/reddit.md
       - Mastodon: community/mastodon.md
       - Forum: community/discourse.md
@@ -364,7 +367,13 @@ extra:
       link: 'https://so.fnky.nz/@funkypenguin'
     - icon: 'fontawesome/brands/github'
       link: 'https://github.com/funkypenguin'
-    - icon: 'fontawesome/brands/stack-overflow'
+    - icon: 'fontawesome/brands/discord'
+      link: 'http://chat.funkypenguin.co.nz' 
+    - icon: 'simple/matrix'
+      link: 'http://m.fnky.nz' 
+    - icon: 'fontawesome/brands/slack'
+      link: 'https://communityinviter.com/apps/funkypenguin/geek-with-us'       
+    - icon: 'fontawesome/brands/stack-overflow'         
       link: 'https://stackoverflow.com/cv/funkypenguin'
     - icon: 'fontawesome/brands/linkedin'
       link: 'https://www.linkedin.com/in/funkypenguin'