From f243f440c3c86e2c4349ae7266ea76adce1d244e Mon Sep 17 00:00:00 2001 From: "Hrankin, Aleksandr (contracted)" Date: Thu, 19 Feb 2026 11:34:13 +0000 Subject: [PATCH] init --- .devcontainer/Dockerfile | 53 ++++ .devcontainer/devcontainer.json | 39 +++ .gitignore | 18 ++ README.md | 271 ++++++++++++++++ ansible/ansible.cfg | 6 + ansible/playbooks/ceph/00_install.yml | 12 + ansible/playbooks/ceph/01_bootstrap.yml | 10 + ansible/playbooks/ceph/02_share_pubkey.yml | 12 + ansible/playbooks/ceph/03_setup_cluster.yml | 10 + ansible/playbooks/dns/install_powerdns.yml | 19 ++ .../dns/setup_systemd_resolved_config.yml | 17 ++ ansible/playbooks/docker/install.yml | 9 + ansible/playbooks/gitea/main.yml | 9 + ansible/playbooks/harden/harden_node.yml | 20 ++ ansible/playbooks/harden/harden_proxmox.yml | 21 ++ ansible/playbooks/k8s/install/k8s_master.yml | 12 + ansible/playbooks/k8s/install/k8s_worker.yml | 10 + ansible/playbooks/node/change_hostname.yml | 11 + ansible/playbooks/node/execute_command.yml | 11 + ansible/playbooks/node/push_dir.yml | 11 + ansible/playbooks/node/remove_file.yml | 10 + ansible/playbooks/node/remove_user.yml | 10 + .../ntp/chrony/00_setup_edge_ntp_node.yml | 16 + .../ntp/chrony/01_setup_core_ntp_node.yml | 14 + .../ntp/chrony/02_setup_client_ntp_node.yml | 19 ++ ansible/playbooks/packer/install.yml | 9 + ansible/playbooks/packer/run.yml | 11 + ansible/playbooks/proxmox/enable_snippets.yml | 9 + .../proxmox/lxc/download_template.yml | 11 + ansible/playbooks/proxmox/lxc/shutdown.yml | 11 + ...tup_proxmox_no_subscription_repository.yml | 9 + ansible/playbooks/proxmox/vm/download_iso.yml | 12 + ansible/roles/ceph/00_install/tasks/main.yml | 43 +++ .../roles/ceph/01_bootstrap/tasks/main.yml | 9 + .../roles/ceph/02_share_pubkey/tasks/main.yml | 25 ++ .../ceph/03_setup_cluster/tasks/main.yml | 40 +++ ansible/roles/ceph/04_setup_rgw/readme.md | 48 +++ .../roles/ceph/05_create_k8s_pool/readme.md | 28 ++ ansible/roles/ceph/readme.md | 85 ++++++ .../push_powerdns_configs_to_node/readme.md | 38 +++ .../tasks/main.yml | 37 +++ .../templates/dnsdist/dnsdist.conf.j2 | 41 +++ .../templates/docker-compose.yml.j2 | 142 +++++++++ .../templates/nginx/nginx.conf.j2 | 53 ++++ .../templates/pdns-auth/pdns.conf.j2 | 21 ++ .../templates/pdns-recursor/recursor.conf.j2 | 46 +++ .../postgres/initdb/01-pdns-schema.sql.j2 | 103 +++++++ .../handlers/main.yml | 9 + .../setup_systemd_resolved_config/readme.md | 4 + .../tasks/main.yml | 9 + .../templates/dhcpcd.conf.j2 | 45 +++ ansible/roles/docker/handlers/main.yml | 4 + ansible/roles/docker/tasks/main.yml | 74 +++++ ansible/roles/gitea/README.md | 109 +++++++ ansible/roles/gitea/tasks/main.yml | 23 ++ .../gitea/templates/docker-compose.yml.j2 | 78 +++++ .../roles/gitea/templates/nginx/nginx.conf.j2 | 23 ++ .../roles/harden/fail2ban/handlers/main.yml | 14 + ansible/roles/harden/fail2ban/tasks/main.yml | 58 ++++ .../fail2ban/templates/fail2ban.local.j2 | 6 + .../harden/fail2ban/templates/jail.local.j2 | 18 ++ .../roles/harden/nftables/handlers/main.yml | 12 + ansible/roles/harden/nftables/tasks/main.yml | 22 ++ .../nftables/templates/proxmox-nftables.j2 | 36 +++ .../nftables/templates/vm-nftables.conf.j2 | 32 ++ .../roles/harden/sshd_config/tasks/main.yml | 25 ++ .../00-sshd_config-hardening.conf.j2 | 107 +++++++ .../unattended_upgrades/handlers/main.yml | 15 + .../harden/unattended_upgrades/readme.md | 17 ++ .../harden/unattended_upgrades/tasks/main.yml | 49 +++ .../templates/20auto-upgrades.j2 | 4 + .../templates/50unattended-upgrades.j2 | 10 + .../k8s/install/00_python/tasks/main.yml | 8 + .../roles/k8s/install/01_helm/install-helm.md | 3 + .../roles/k8s/install/01_helm/tasks/main.yml | 20 ++ .../k8s/install/02_common/tasks/main.yml | 172 +++++++++++ .../k8s/install/03_master/tasks/main.yml | 136 +++++++++ .../k8s/install/04_worker/tasks/main.yml | 13 + ansible/roles/k8s/readme/install-k8scommon.md | 109 +++++++ ansible/roles/k8s/readme/install-k8smaster.md | 53 ++++ ansible/roles/k8s/readme/install-k8sworker.md | 14 + ansible/roles/k8s/readme/install-keyclock.md | 87 ++++++ ansible/roles/k8s/readme/install-netbird.md | 288 ++++++++++++++++++ ansible/roles/node/change_hostname/main.yml | 20 ++ .../roles/node/execute_command/tasks/main.yml | 5 + ansible/roles/node/push_dir/tasks/main.yml | 7 + ansible/roles/node/remove_file/tasks/main.yml | 5 + .../roles/node/remove_user/defaults/main.yml | 6 + ansible/roles/node/remove_user/tasks/main.yml | 13 + ansible/roles/ntp/chrony/handlers/main.yml | 5 + ansible/roles/ntp/chrony/tasks/main.yml | 74 +++++ .../ntp/chrony/templates/00-allow.conf.j2 | 5 + .../chrony/templates/00-upstream.sources.j2 | 4 + .../roles/ntp/chrony/templates/chrony.conf.j2 | 47 +++ ansible/roles/ntp/readme.md | 20 ++ ansible/roles/packer/install/tasks/main.yml | 48 +++ ansible/roles/packer/run/tasks/main.yml | 33 ++ .../proxmox/enable_snippets/tasks/main.yml | 4 + .../proxmox/install_nvidia_driver/readme.md | 41 +++ .../lxc/download_template/tasks/main.yml | 10 + .../roles/proxmox/lxc/shutdown/tasks/main.yml | 5 + .../tasks/main.yml | 30 ++ .../proxmox/vm/download_iso/tasks/main.yml | 18 ++ argocd/applications/netbird-core/main.yml | 67 ++++ .../applications/netbird-dashboard/main.yaml | 65 ++++ documentation/images/arch-diagram.jpg | Bin 0 -> 479442 bytes documentation/issues/issue-0.md | 88 ++++++ documentation/issues/issue-1.md | 85 ++++++ documentation/issues/template.md | 39 +++ ...ate_and_setup_lxc_container_with_packer.mk | 28 ++ makefiles/01_create_vm_golden_template.mk | 34 +++ makefiles/02_create_vms.mk | 24 ++ makefiles/03_harden_nodes.mk | 31 ++ makefiles/04_setup_dns.mk | 29 ++ makefiles/05_setup_ntp.mk | 26 ++ makefiles/06_setup_ceph.mk | 31 ++ makefiles/07_setup_k8s.mk | 40 +++ makefiles/bootstrap.mk | 24 ++ packer/proxmox/debian13/debian13.pkr.hcl | 91 ++++++ packer/proxmox/debian13/http/preseed.cfg | 100 ++++++ packer/proxmox/debian13/readme.md | 16 + packer/proxmox/debian13/scripts/10-base.sh | 10 + packer/proxmox/debian13/scripts/90-cleanup.sh | 22 ++ .../modules/k8s/ceph/k8s-ceph-csi-rbd/helm.tf | 19 ++ .../k8s/ceph/k8s-ceph-csi-rbd/namespace.tf | 3 + .../k8s/ceph/k8s-ceph-csi-rbd/variables.tf | 15 + .../k8s/ceph/k8s-ceph-csi-rbd/versions.tf | 6 + .../k8s/ceph/k8s-ceph-rbd-storage/secret.tf | 13 + .../k8s-ceph-rbd-storage/storage_class.tf | 27 ++ .../ceph/k8s-ceph-rbd-storage/variables.tf | 20 ++ .../k8s/ceph/k8s-ceph-rbd-storage/versions.tf | 5 + .../modules/k8s/crunchy-data/operator/helm.tf | 26 ++ .../k8s/crunchy-data/operator/namespace.tf | 5 + .../k8s/crunchy-data/operator/outputs.tf | 7 + .../k8s/crunchy-data/operator/variables.tf | 33 ++ .../k8s/crunchy-data/operator/versions.tf | 6 + .../crunchy-data/postgres-cluster/manifest.tf | 60 ++++ .../crunchy-data/postgres-cluster/outputs.tf | 7 + .../postgres-cluster/variables.tf | 46 +++ .../crunchy-data/postgres-cluster/versions.tf | 7 + terraform/modules/k8s/metallb/helm/main.tf | 7 + .../modules/k8s/metallb/helm/versions.tf | 7 + .../modules/k8s/metallb/resources/manifest.tf | 31 ++ .../modules/k8s/metallb/resources/outputs.tf | 3 + .../k8s/metallb/resources/variables.tf | 22 ++ .../modules/k8s/metallb/resources/versions.tf | 7 + .../modules/k8s/nginx_ingress/helm/locals.tf | 18 ++ .../modules/k8s/nginx_ingress/helm/main.tf | 9 + .../k8s/nginx_ingress/helm/variables.tf | 10 + terraform/modules/k8s/openebs/helm.tf | 8 + .../modules/k8s/openebs/storage_class.tf | 25 ++ terraform/modules/k8s/openebs/variables.tf | 26 ++ terraform/modules/k8s/openebs/versions.tf | 6 + terraform/modules/k8s/valkey/helm.tf | 39 +++ terraform/modules/k8s/valkey/namespace.tf | 7 + terraform/modules/k8s/valkey/secret.tf | 13 + terraform/modules/k8s/valkey/variables.tf | 35 +++ terraform/modules/k8s/valkey/versions.tf | 14 + terraform/modules/powerdns/record/main.tf | 7 + .../modules/powerdns/record/variables.tf | 19 ++ terraform/modules/powerdns/record/versions.tf | 10 + terraform/modules/powerdns/zone/main.tf | 6 + terraform/modules/powerdns/zone/outputs.tf | 3 + terraform/modules/powerdns/zone/variables.tf | 15 + terraform/modules/powerdns/zone/versions.tf | 10 + terraform/modules/proxmox/lxc/main.tf | 72 +++++ terraform/modules/proxmox/lxc/variables.tf | 126 ++++++++ terraform/modules/proxmox/lxc/versions.tf | 10 + terraform/modules/proxmox/vm/main.tf | 63 ++++ terraform/modules/proxmox/vm/variables.tf | 55 ++++ terraform/modules/proxmox/vm/versions.tf | 8 + terraform/readme.md | 5 + terraform/stacks/k8s/configs/config | 18 ++ terraform/stacks/k8s/main.tf | 122 ++++++++ terraform/stacks/k8s/providers.tf | 9 + terraform/stacks/k8s/variables.tf | 84 +++++ terraform/stacks/k8s/versions.tf | 14 + terraform/stacks/powerdns/main.tf | 41 +++ terraform/stacks/powerdns/providers.tf | 4 + terraform/stacks/powerdns/variables.tf | 23 ++ terraform/stacks/powerdns/versions.tf | 10 + terraform/stacks/proxmox/lxc/main.tf | 37 +++ terraform/stacks/proxmox/lxc/providers.tf | 10 + terraform/stacks/proxmox/lxc/variables.tf | 137 +++++++++ terraform/stacks/proxmox/lxc/versions.tf | 10 + .../proxmox/vm/cloud-init/user-data.yaml.tpl | 36 +++ terraform/stacks/proxmox/vm/locals.tf | 72 +++++ terraform/stacks/proxmox/vm/main.tf | 41 +++ terraform/stacks/proxmox/vm/providers.tf | 17 ++ terraform/stacks/proxmox/vm/variables.tf | 50 +++ terraform/stacks/proxmox/vm/versions.tf | 10 + 191 files changed, 6183 insertions(+) create mode 100755 .devcontainer/Dockerfile create mode 100755 .devcontainer/devcontainer.json create mode 100644 .gitignore create mode 100644 README.md create mode 100644 ansible/ansible.cfg create mode 100644 ansible/playbooks/ceph/00_install.yml create mode 100644 ansible/playbooks/ceph/01_bootstrap.yml create mode 100644 ansible/playbooks/ceph/02_share_pubkey.yml create mode 100644 ansible/playbooks/ceph/03_setup_cluster.yml create mode 100644 ansible/playbooks/dns/install_powerdns.yml create mode 100644 ansible/playbooks/dns/setup_systemd_resolved_config.yml create mode 100644 ansible/playbooks/docker/install.yml create mode 100644 ansible/playbooks/gitea/main.yml create mode 100644 ansible/playbooks/harden/harden_node.yml create mode 100644 ansible/playbooks/harden/harden_proxmox.yml create mode 100644 ansible/playbooks/k8s/install/k8s_master.yml create mode 100644 ansible/playbooks/k8s/install/k8s_worker.yml create mode 100644 ansible/playbooks/node/change_hostname.yml create mode 100644 ansible/playbooks/node/execute_command.yml create mode 100644 ansible/playbooks/node/push_dir.yml create mode 100644 ansible/playbooks/node/remove_file.yml create mode 100644 ansible/playbooks/node/remove_user.yml create mode 100644 ansible/playbooks/ntp/chrony/00_setup_edge_ntp_node.yml create mode 100644 ansible/playbooks/ntp/chrony/01_setup_core_ntp_node.yml create mode 100644 ansible/playbooks/ntp/chrony/02_setup_client_ntp_node.yml create mode 100644 ansible/playbooks/packer/install.yml create mode 100644 ansible/playbooks/packer/run.yml create mode 100644 ansible/playbooks/proxmox/enable_snippets.yml create mode 100644 ansible/playbooks/proxmox/lxc/download_template.yml create mode 100644 ansible/playbooks/proxmox/lxc/shutdown.yml create mode 100644 ansible/playbooks/proxmox/setup_proxmox_no_subscription_repository.yml create mode 100644 ansible/playbooks/proxmox/vm/download_iso.yml create mode 100644 ansible/roles/ceph/00_install/tasks/main.yml create mode 100644 ansible/roles/ceph/01_bootstrap/tasks/main.yml create mode 100644 ansible/roles/ceph/02_share_pubkey/tasks/main.yml create mode 100644 ansible/roles/ceph/03_setup_cluster/tasks/main.yml create mode 100644 ansible/roles/ceph/04_setup_rgw/readme.md create mode 100644 ansible/roles/ceph/05_create_k8s_pool/readme.md create mode 100644 ansible/roles/ceph/readme.md create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/readme.md create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/tasks/main.yml create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/dnsdist/dnsdist.conf.j2 create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/docker-compose.yml.j2 create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/nginx/nginx.conf.j2 create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-auth/pdns.conf.j2 create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-recursor/recursor.conf.j2 create mode 100644 ansible/roles/dns/push_powerdns_configs_to_node/templates/postgres/initdb/01-pdns-schema.sql.j2 create mode 100644 ansible/roles/dns/setup_systemd_resolved_config/handlers/main.yml create mode 100644 ansible/roles/dns/setup_systemd_resolved_config/readme.md create mode 100644 ansible/roles/dns/setup_systemd_resolved_config/tasks/main.yml create mode 100644 ansible/roles/dns/setup_systemd_resolved_config/templates/dhcpcd.conf.j2 create mode 100644 ansible/roles/docker/handlers/main.yml create mode 100644 ansible/roles/docker/tasks/main.yml create mode 100644 ansible/roles/gitea/README.md create mode 100644 ansible/roles/gitea/tasks/main.yml create mode 100644 ansible/roles/gitea/templates/docker-compose.yml.j2 create mode 100644 ansible/roles/gitea/templates/nginx/nginx.conf.j2 create mode 100644 ansible/roles/harden/fail2ban/handlers/main.yml create mode 100644 ansible/roles/harden/fail2ban/tasks/main.yml create mode 100644 ansible/roles/harden/fail2ban/templates/fail2ban.local.j2 create mode 100644 ansible/roles/harden/fail2ban/templates/jail.local.j2 create mode 100644 ansible/roles/harden/nftables/handlers/main.yml create mode 100644 ansible/roles/harden/nftables/tasks/main.yml create mode 100644 ansible/roles/harden/nftables/templates/proxmox-nftables.j2 create mode 100644 ansible/roles/harden/nftables/templates/vm-nftables.conf.j2 create mode 100644 ansible/roles/harden/sshd_config/tasks/main.yml create mode 100644 ansible/roles/harden/sshd_config/templates/00-sshd_config-hardening.conf.j2 create mode 100644 ansible/roles/harden/unattended_upgrades/handlers/main.yml create mode 100644 ansible/roles/harden/unattended_upgrades/readme.md create mode 100644 ansible/roles/harden/unattended_upgrades/tasks/main.yml create mode 100644 ansible/roles/harden/unattended_upgrades/templates/20auto-upgrades.j2 create mode 100644 ansible/roles/harden/unattended_upgrades/templates/50unattended-upgrades.j2 create mode 100644 ansible/roles/k8s/install/00_python/tasks/main.yml create mode 100644 ansible/roles/k8s/install/01_helm/install-helm.md create mode 100644 ansible/roles/k8s/install/01_helm/tasks/main.yml create mode 100644 ansible/roles/k8s/install/02_common/tasks/main.yml create mode 100644 ansible/roles/k8s/install/03_master/tasks/main.yml create mode 100644 ansible/roles/k8s/install/04_worker/tasks/main.yml create mode 100644 ansible/roles/k8s/readme/install-k8scommon.md create mode 100644 ansible/roles/k8s/readme/install-k8smaster.md create mode 100644 ansible/roles/k8s/readme/install-k8sworker.md create mode 100644 ansible/roles/k8s/readme/install-keyclock.md create mode 100644 ansible/roles/k8s/readme/install-netbird.md create mode 100644 ansible/roles/node/change_hostname/main.yml create mode 100644 ansible/roles/node/execute_command/tasks/main.yml create mode 100644 ansible/roles/node/push_dir/tasks/main.yml create mode 100644 ansible/roles/node/remove_file/tasks/main.yml create mode 100644 ansible/roles/node/remove_user/defaults/main.yml create mode 100644 ansible/roles/node/remove_user/tasks/main.yml create mode 100644 ansible/roles/ntp/chrony/handlers/main.yml create mode 100644 ansible/roles/ntp/chrony/tasks/main.yml create mode 100644 ansible/roles/ntp/chrony/templates/00-allow.conf.j2 create mode 100644 ansible/roles/ntp/chrony/templates/00-upstream.sources.j2 create mode 100644 ansible/roles/ntp/chrony/templates/chrony.conf.j2 create mode 100644 ansible/roles/ntp/readme.md create mode 100644 ansible/roles/packer/install/tasks/main.yml create mode 100644 ansible/roles/packer/run/tasks/main.yml create mode 100644 ansible/roles/proxmox/enable_snippets/tasks/main.yml create mode 100644 ansible/roles/proxmox/install_nvidia_driver/readme.md create mode 100644 ansible/roles/proxmox/lxc/download_template/tasks/main.yml create mode 100644 ansible/roles/proxmox/lxc/shutdown/tasks/main.yml create mode 100644 ansible/roles/proxmox/setup_no_subscription_repository/tasks/main.yml create mode 100644 ansible/roles/proxmox/vm/download_iso/tasks/main.yml create mode 100644 argocd/applications/netbird-core/main.yml create mode 100644 argocd/applications/netbird-dashboard/main.yaml create mode 100755 documentation/images/arch-diagram.jpg create mode 100644 documentation/issues/issue-0.md create mode 100644 documentation/issues/issue-1.md create mode 100644 documentation/issues/template.md create mode 100644 makefiles/00_create_and_setup_lxc_container_with_packer.mk create mode 100644 makefiles/01_create_vm_golden_template.mk create mode 100644 makefiles/02_create_vms.mk create mode 100644 makefiles/03_harden_nodes.mk create mode 100644 makefiles/04_setup_dns.mk create mode 100644 makefiles/05_setup_ntp.mk create mode 100644 makefiles/06_setup_ceph.mk create mode 100644 makefiles/07_setup_k8s.mk create mode 100644 makefiles/bootstrap.mk create mode 100644 packer/proxmox/debian13/debian13.pkr.hcl create mode 100644 packer/proxmox/debian13/http/preseed.cfg create mode 100644 packer/proxmox/debian13/readme.md create mode 100644 packer/proxmox/debian13/scripts/10-base.sh create mode 100644 packer/proxmox/debian13/scripts/90-cleanup.sh create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/helm.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/namespace.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/variables.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/versions.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/secret.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/storage_class.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/variables.tf create mode 100644 terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/versions.tf create mode 100644 terraform/modules/k8s/crunchy-data/operator/helm.tf create mode 100644 terraform/modules/k8s/crunchy-data/operator/namespace.tf create mode 100644 terraform/modules/k8s/crunchy-data/operator/outputs.tf create mode 100644 terraform/modules/k8s/crunchy-data/operator/variables.tf create mode 100644 terraform/modules/k8s/crunchy-data/operator/versions.tf create mode 100644 terraform/modules/k8s/crunchy-data/postgres-cluster/manifest.tf create mode 100644 terraform/modules/k8s/crunchy-data/postgres-cluster/outputs.tf create mode 100644 terraform/modules/k8s/crunchy-data/postgres-cluster/variables.tf create mode 100644 terraform/modules/k8s/crunchy-data/postgres-cluster/versions.tf create mode 100644 terraform/modules/k8s/metallb/helm/main.tf create mode 100644 terraform/modules/k8s/metallb/helm/versions.tf create mode 100644 terraform/modules/k8s/metallb/resources/manifest.tf create mode 100644 terraform/modules/k8s/metallb/resources/outputs.tf create mode 100644 terraform/modules/k8s/metallb/resources/variables.tf create mode 100644 terraform/modules/k8s/metallb/resources/versions.tf create mode 100644 terraform/modules/k8s/nginx_ingress/helm/locals.tf create mode 100644 terraform/modules/k8s/nginx_ingress/helm/main.tf create mode 100644 terraform/modules/k8s/nginx_ingress/helm/variables.tf create mode 100644 terraform/modules/k8s/openebs/helm.tf create mode 100644 terraform/modules/k8s/openebs/storage_class.tf create mode 100644 terraform/modules/k8s/openebs/variables.tf create mode 100644 terraform/modules/k8s/openebs/versions.tf create mode 100644 terraform/modules/k8s/valkey/helm.tf create mode 100644 terraform/modules/k8s/valkey/namespace.tf create mode 100644 terraform/modules/k8s/valkey/secret.tf create mode 100644 terraform/modules/k8s/valkey/variables.tf create mode 100644 terraform/modules/k8s/valkey/versions.tf create mode 100644 terraform/modules/powerdns/record/main.tf create mode 100644 terraform/modules/powerdns/record/variables.tf create mode 100644 terraform/modules/powerdns/record/versions.tf create mode 100644 terraform/modules/powerdns/zone/main.tf create mode 100644 terraform/modules/powerdns/zone/outputs.tf create mode 100644 terraform/modules/powerdns/zone/variables.tf create mode 100644 terraform/modules/powerdns/zone/versions.tf create mode 100644 terraform/modules/proxmox/lxc/main.tf create mode 100644 terraform/modules/proxmox/lxc/variables.tf create mode 100644 terraform/modules/proxmox/lxc/versions.tf create mode 100644 terraform/modules/proxmox/vm/main.tf create mode 100644 terraform/modules/proxmox/vm/variables.tf create mode 100644 terraform/modules/proxmox/vm/versions.tf create mode 100644 terraform/readme.md create mode 100644 terraform/stacks/k8s/configs/config create mode 100644 terraform/stacks/k8s/main.tf create mode 100644 terraform/stacks/k8s/providers.tf create mode 100644 terraform/stacks/k8s/variables.tf create mode 100644 terraform/stacks/k8s/versions.tf create mode 100644 terraform/stacks/powerdns/main.tf create mode 100644 terraform/stacks/powerdns/providers.tf create mode 100644 terraform/stacks/powerdns/variables.tf create mode 100644 terraform/stacks/powerdns/versions.tf create mode 100644 terraform/stacks/proxmox/lxc/main.tf create mode 100755 terraform/stacks/proxmox/lxc/providers.tf create mode 100644 terraform/stacks/proxmox/lxc/variables.tf create mode 100644 terraform/stacks/proxmox/lxc/versions.tf create mode 100644 terraform/stacks/proxmox/vm/cloud-init/user-data.yaml.tpl create mode 100644 terraform/stacks/proxmox/vm/locals.tf create mode 100644 terraform/stacks/proxmox/vm/main.tf create mode 100644 terraform/stacks/proxmox/vm/providers.tf create mode 100644 terraform/stacks/proxmox/vm/variables.tf create mode 100644 terraform/stacks/proxmox/vm/versions.tf diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100755 index 0000000..959291e --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,53 @@ +FROM debian:bookworm-slim + +ARG DEBIAN_FRONTEND=noninteractive +ARG TERRAFORM_VERSION=1.8.5 + +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates curl unzip git \ + make openssh-client \ + python3 python3-pip python3-venv \ + locales gnupg \ + && rm -rf /var/lib/apt/lists/* + +# Генерируем UTF-8 локаль +RUN sed -i 's/^# *\(en_US.UTF-8 UTF-8\)/\1/' /etc/locale.gen \ + && locale-gen + +ENV LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 + +# --- Packer (через HashiCorp APT repo) --- +RUN set -eux; \ + curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg; \ + codename="$(. /etc/os-release && echo "$VERSION_CODENAME")"; \ + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com ${codename} main" > /etc/apt/sources.list.d/hashicorp.list; \ + apt-get update; \ + apt-get install -y --no-install-recommends packer; \ + rm -rf /var/lib/apt/lists/*; \ + packer version + +# --- Ansible (в venv) --- +RUN python3 -m venv /opt/ansible \ + && /opt/ansible/bin/pip install --no-cache-dir --upgrade pip \ + && /opt/ansible/bin/pip install --no-cache-dir ansible \ + && ln -sf /opt/ansible/bin/ansible /usr/local/bin/ansible \ + && ln -sf /opt/ansible/bin/ansible-playbook /usr/local/bin/ansible-playbook \ + && ln -sf /opt/ansible/bin/ansible-galaxy /usr/local/bin/ansible-galaxy \ + && ansible --version + +# --- Terraform --- +RUN set -eux; \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) tf_arch="amd64" ;; \ + arm64) tf_arch="arm64" ;; \ + *) echo "Unsupported arch: $arch"; exit 1 ;; \ + esac; \ + curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${tf_arch}.zip" -o /tmp/terraform.zip; \ + unzip /tmp/terraform.zip -d /usr/local/bin; \ + rm -f /tmp/terraform.zip; \ + terraform version + +WORKDIR /work diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100755 index 0000000..abd7e97 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,39 @@ +{ + "name": "debian-devops", + "build": { + "dockerfile": "Dockerfile" + }, + "remoteUser": "root", + "forwardPorts": [ + 8006 + ], + "portsAttributes": { + "8006": { + "label": "Proxmox 8006" + } + }, + "customizations": { + "vscode": { + "extensions": [ + "saoudrizwan.claude-dev", + "hashicorp.terraform", + "redhat.vscode-yaml", + "EditorConfig.EditorConfig", + "eamodio.gitlens", + "bierner.markdown-preview-github-styles" + ], + "settings": { + "editor.formatOnSave": true, + "[terraform]": { + "editor.defaultFormatter": "hashicorp.terraform", + "editor.formatOnSave": true + }, + "[terraform-vars]": { + "editor.defaultFormatter": "hashicorp.terraform", + "editor.formatOnSave": true + } + } + } + }, + "postCreateCommand": "git --version && ansible --version && terraform version && packer version" +} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cb6ccab --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +.ssh +.env* +inventory* +terraform.tfvars + +# Terraform +**/.terraform/* +**/*.tfstate +**/*.tfstate.* +**/*.tfplan +**/crash.log +**/crash.*.log +*.auto.tfvars +*.auto.tfvars.json +**/.terraform.lock.hcl +**/.terraform + +# **/terraform.tfvars \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..0a815ad --- /dev/null +++ b/README.md @@ -0,0 +1,271 @@ +# 🧠 DevOps Infra Stack --- Proxmox + Ceph + Kubernetes + DNS + +Fully automated self-hosted infrastructure. + +![Project Logo](documentation/images/arch-diagram.jpg) + +The project deploys: +- Proxmox infrastructure +- Golden VM templates via +Packer - VM provisioning via Terraform +- Hardened nodes (SSH, nftables, +fail2ban) +- DNS (PowerDNS) +- NTP (chrony hierarchy) +- Ceph cluster +- Kubernetes cluster +- K8s apps (MetalLB, ingress, postgres operator, +valkey) + +Everything is deployed via Makefile + Ansible + Terraform + Packer. + +------------------------------------------------------------------------ + +# 🏗 Architecture + +Infrastructure components: + +- Proxmox host (bare metal) +- LXC packer builder +- Golden VM templates +- VM nodes: + - DNS + - NTP + - Ceph (3 nodes) + - Kubernetes master + - Kubernetes worker +- K8s stack: + - MetalLB + - nginx ingress + - Crunchy Postgres Operator + - Valkey (Redis alternative) + +------------------------------------------------------------------------ + +# 📦 Technology Stack + +- Proxmox VE +- Terraform +- Ansible +- Packer +- Docker + Docker Compose (for DNS) +- Ceph +- Kubernetes +- Helm +- PowerDNS +- Chrony +- nftables + fail2ban hardening + +------------------------------------------------------------------------ + +# 🚀 Full Infrastructure Bootstrap + +Main entrypoint: + +``` bash +make -f bootstrap.mk +``` + +It will execute: + +1. VM creation +2. Hardening +3. DNS setup +4. NTP setup +5. Ceph cluster + +------------------------------------------------------------------------ + +# 🧱 Deployment Stages + +## 0. Create LXC + Packer + +``` bash +make -f 00_create_and_setup_lxc_container_with_packer.mk +``` + +- Download LXC template +- Create LXC via Terraform +- Install packer inside LXC + +------------------------------------------------------------------------ + +## 1. Golden VM template + +``` bash +make -f 01_create_vm_golden_template.mk +``` + +- Download ISO +- Upload packer config +- Build golden image +- Shut down packer LXC + +------------------------------------------------------------------------ + +## 2. Create VMs + +``` bash +make -f 02_create_vms.mk +``` + +- Enable cloud-init snippets +- Terraform creates VMs + +------------------------------------------------------------------------ + +## 3. Harden nodes + +``` bash +make -f 03_harden_vms.mk +``` + +- Remove packer user +- SSH hardening +- nftables +- fail2ban + +------------------------------------------------------------------------ + +## 4. DNS + +``` bash +make -f 04_setup_dns.mk +``` + +- PowerDNS install +- Zones + records via Terraform +- systemd-resolved config + +------------------------------------------------------------------------ + +## 5. NTP + +``` bash +make -f 05_setup_ntp.mk +``` + +Hierarchy: +- edge NTP server (proxmox) +- core NTP server +- clients use core NTP server + +------------------------------------------------------------------------ + +## 6. Ceph + +``` bash +make -f 06_setup_ceph.mk +``` + +- install +- bootstrap +- share keys +- cluster init + +------------------------------------------------------------------------ + +## 7. Kubernetes + +``` bash +make -f 07_setup_k8s.mk +``` + +After installation: + +``` bash +ssh user@k8smasternode -p 10525 +``` + +Replace cluster endpoint with localhost tunnel. + +Then: + +``` bash +terraform apply -target=module.metallb_helm +terraform apply -target=module.crunchy_operator +terraform apply +``` + +Get credentials: + +``` bash +# postgres +kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.user}' | base64 -d; echo + +# valkey +kubectl -n valkey get secret valkey-users -o jsonpath='{.data.default}' | base64 -d; echo +``` + +------------------------------------------------------------------------ + +# 📁 Project Structure + + ansible/ + terraform/ + packer/ + makefiles/ + bootstrap.mk + +------------------------------------------------------------------------ + +# 🔐 Requirements + +Before running: + +- SSH access to Proxmox +- Proxmox API token +- terraform.tfvars filled +- inventory.ini filled +- kubeconfig path specified + +------------------------------------------------------------------------ + +# 🔭 Planned Services & Future Stack + +The following services are planned for the next deployment stages: + +- **NetBird** --- internal VPN mesh network (currently working on this + stage) +- **Keycloak** --- unified authentication and identity provider across + services +- **Monitoring stack (Grafana, Loki, Prometheus, Trickster)** --- + monitoring and observability tools\ + *(previously deployed, but not yet integrated into this project)* +- **FreeIPA** --- centralized user and identity management inside + operating systems +- **Vault** --- centralized storage for passwords, tokens, and + operational credentials +- **OpenNebula** --- additional virtualization layer for providing + user VM spaces\ + *(similar to AWS EC2 for internal infrastructure)* +- **Nextcloud + LibreOffice** --- Google Cloud alternative for + collaborative document editing\ + *(Nextcloud deployed previously, but not yet within this project)* +- **Element + Matrix** --- Telegram-like communication platform\ + *(stack deployed previously, but not yet integrated into this + project)* +- **LLM (local language model)** --- neural network for text + processing\ + *(GPT‑2 already tested; LLaMA 7B planned as MVP depending on + available resources)*\ + Future usage: + - LibreOffice document assistant + - Matrix/Element chatbot integration +- **Kafka** --- message queue layer between LibreOffice, Element, and + LLM services\ + Ensures reliable request delivery and acts as a service integration + layer +- **OCR tools** --- document recognition and conversion pipeline\ + Enables transforming documents into formats suitable for LLM + processing and search + +------------------------------------------------------------------------ + +# 🧠 Project Idea + +Self-hosted cloud platform, own mini cloud. Fully autonomous infrastructure. + +# 👤 Author + +Aleksandr Hrankin diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..4b7ff20 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = ./inventory.ini +roles_path = ./roles +host_key_checking = False +deprecation_warnings = False +interpreter_python = auto diff --git a/ansible/playbooks/ceph/00_install.yml b/ansible/playbooks/ceph/00_install.yml new file mode 100644 index 0000000..e6ab32f --- /dev/null +++ b/ansible/playbooks/ceph/00_install.yml @@ -0,0 +1,12 @@ +--- +- name: install ceph + hosts: + - dev-kyiv01-vm-ceph-main-01 + - dev-kyiv01-vm-ceph-main-02 + - dev-kyiv01-vm-ceph-main-03 + become: true + + roles: + - role: ceph/00_install + + # ansible-playbook playbooks/ceph/00_install.yml -i inventory.ini diff --git a/ansible/playbooks/ceph/01_bootstrap.yml b/ansible/playbooks/ceph/01_bootstrap.yml new file mode 100644 index 0000000..d964c93 --- /dev/null +++ b/ansible/playbooks/ceph/01_bootstrap.yml @@ -0,0 +1,10 @@ +--- +- name: bootstrap ceph + hosts: + - dev-kyiv01-vm-ceph-main-01 + become: true + + roles: + - role: ceph/01_bootstrap + + # ansible-playbook playbooks/ceph/01_bootstrap.yml -i inventory.ini diff --git a/ansible/playbooks/ceph/02_share_pubkey.yml b/ansible/playbooks/ceph/02_share_pubkey.yml new file mode 100644 index 0000000..3cfdc9d --- /dev/null +++ b/ansible/playbooks/ceph/02_share_pubkey.yml @@ -0,0 +1,12 @@ +--- +- name: share ceph pubkey + hosts: + - dev-kyiv01-vm-ceph-main-01 + - dev-kyiv01-vm-ceph-main-02 + - dev-kyiv01-vm-ceph-main-03 + become: true + + roles: + - role: ceph/02_share_pubkey + + # ansible-playbook playbooks/ceph/02_share_pubkey.yml -i inventory.ini diff --git a/ansible/playbooks/ceph/03_setup_cluster.yml b/ansible/playbooks/ceph/03_setup_cluster.yml new file mode 100644 index 0000000..611187b --- /dev/null +++ b/ansible/playbooks/ceph/03_setup_cluster.yml @@ -0,0 +1,10 @@ +--- +- name: setup ceph cluster + hosts: + - dev-kyiv01-vm-ceph-main-01 + become: true + + roles: + - role: ceph/03_setup_cluster + + # ansible-playbook playbooks/ceph/03_setup_cluster.yml -i inventory.ini diff --git a/ansible/playbooks/dns/install_powerdns.yml b/ansible/playbooks/dns/install_powerdns.yml new file mode 100644 index 0000000..f0bf212 --- /dev/null +++ b/ansible/playbooks/dns/install_powerdns.yml @@ -0,0 +1,19 @@ +--- +- name: setup powerdns + hosts: + - dev-kyiv01-vm-dns-main-01 + become: true + + roles: + - role: install_docker + + - role: dns/push_powerdns_configs_to_node + vars: + dns_stack_root: /opt/dns-stack + + - role: node/execute_command + vars: + chdir: "/opt/dns-stack" + command: "docker compose up -d" + + # ansible-playbook playbooks/dns/install_powerdns.yml -i inventory.ini diff --git a/ansible/playbooks/dns/setup_systemd_resolved_config.yml b/ansible/playbooks/dns/setup_systemd_resolved_config.yml new file mode 100644 index 0000000..fc1d5ae --- /dev/null +++ b/ansible/playbooks/dns/setup_systemd_resolved_config.yml @@ -0,0 +1,17 @@ +--- +- name: setup systemd resolved config + hosts: + - dev-kyiv01-vm-dns-main-01 + - dev-kyiv01-vm-ntp-main-01 + - dev-kyiv01-vm-ceph-main-01 + - dev-kyiv01-vm-ceph-main-02 + - dev-kyiv01-vm-ceph-main-03 + - dev-kyiv01-vm-k8s-master-01 + - dev-kyiv01-vm-k8s-worker-01 + become: true + roles: + - role: dns/setup_systemd_resolved_config + vars: + dns_ip: 192.168.0.100 + + # ansible-playbook playbooks/dns/setup_systemd_resolved_config.yml -i inventory.ini diff --git a/ansible/playbooks/docker/install.yml b/ansible/playbooks/docker/install.yml new file mode 100644 index 0000000..f7e4482 --- /dev/null +++ b/ansible/playbooks/docker/install.yml @@ -0,0 +1,9 @@ +--- +- name: install docker + hosts: + - ec2 + become: true + roles: + - role: docker + + # ansible-playbook playbooks/docker/install.yml -i inventory.ec2.ini diff --git a/ansible/playbooks/gitea/main.yml b/ansible/playbooks/gitea/main.yml new file mode 100644 index 0000000..eac0b49 --- /dev/null +++ b/ansible/playbooks/gitea/main.yml @@ -0,0 +1,9 @@ +--- +- name: copy gitea configs to node + hosts: + - ec2 + become: true + roles: + - role: gitea + + # ansible-playbook playbooks/gitea/main.yml -i inventory.ec2.ini diff --git a/ansible/playbooks/harden/harden_node.yml b/ansible/playbooks/harden/harden_node.yml new file mode 100644 index 0000000..948ad62 --- /dev/null +++ b/ansible/playbooks/harden/harden_node.yml @@ -0,0 +1,20 @@ +--- +- name: harden node + hosts: ec2 + become: true + roles: + - role: harden/fail2ban + + - role: harden/unattended_upgrades + + - role: harden/sshd_config + vars: + ssh_port: "{{ ssh_port }}" + + - role: harden/nftables + vars: + ssh_port: "{{ ssh_port }}" + # ntp_port: "{{ ntp_port }}" + nftables_conf_name: "vm-nftables.conf.j2" + + # ansible-playbook playbooks/harden/harden_node.yml -i inventory.ec2.ini -e "ssh_port=25105" diff --git a/ansible/playbooks/harden/harden_proxmox.yml b/ansible/playbooks/harden/harden_proxmox.yml new file mode 100644 index 0000000..79fa909 --- /dev/null +++ b/ansible/playbooks/harden/harden_proxmox.yml @@ -0,0 +1,21 @@ +--- +- name: harden node + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: harden/fail2ban + + - role: harden/unattended_upgrades + + - role: harden/sshd_config + vars: + ssh_port: "25105" + + - role: harden/nftables + vars: + nftables_conf_name: "proxmox-nftables.conf.j2" + ssh_port: "25105" + ntp_port: "123" + + # ansible-playbook playbooks/harden/harden_proxmox.yml -i inventory.ini diff --git a/ansible/playbooks/k8s/install/k8s_master.yml b/ansible/playbooks/k8s/install/k8s_master.yml new file mode 100644 index 0000000..304089a --- /dev/null +++ b/ansible/playbooks/k8s/install/k8s_master.yml @@ -0,0 +1,12 @@ +--- +- name: install k8s master + hosts: dev-kyiv01-vm-k8s-master-01 + become: true + + roles: + - role: k8s/install/00_python + - role: k8s/install/01_helm + - role: k8s/install/02_common + - role: k8s/install/03_master + + # ansible-playbook playbooks/k8s/install/k8s_master.yml -i inventory.ini diff --git a/ansible/playbooks/k8s/install/k8s_worker.yml b/ansible/playbooks/k8s/install/k8s_worker.yml new file mode 100644 index 0000000..76e780a --- /dev/null +++ b/ansible/playbooks/k8s/install/k8s_worker.yml @@ -0,0 +1,10 @@ +- name: install k8s master + hosts: dev-kyiv01-vm-k8s-worker-01 + become: true + roles: + - role: k8s/install/02_common + - role: k8s/install/04_worker + vars: + k8s_kubeadm_join_command: "kubeadm join 192.168.0.105:6443 --token 5n2fv0.w67ya3tqfz8ucsae --discovery-token-ca-cert-hash sha256:9e944ac89557d42bd335ef175d232b3d78fd4b2af5935db23d52e443de539aad" + + # ansible-playbook playbooks/k8s/install/k8s_worker.yml -i inventory.ini diff --git a/ansible/playbooks/node/change_hostname.yml b/ansible/playbooks/node/change_hostname.yml new file mode 100644 index 0000000..57861b9 --- /dev/null +++ b/ansible/playbooks/node/change_hostname.yml @@ -0,0 +1,11 @@ +--- +- name: change hostname + hosts: test + become: true + gather_facts: false + roles: + - role: node/change_hostname + vars: + hostname: "dev-lviv01-vm-k8s-worker-01" + + # ansible-playbook playbooks/node/change_hostname.yml -i inventory-local.ini diff --git a/ansible/playbooks/node/execute_command.yml b/ansible/playbooks/node/execute_command.yml new file mode 100644 index 0000000..6f55068 --- /dev/null +++ b/ansible/playbooks/node/execute_command.yml @@ -0,0 +1,11 @@ +--- +- name: execute command + hosts: all + become: true + gather_facts: false + roles: + - role: node/execute_command + vars: + command: "{{ command }}" + + # ansible-playbook playbooks/node/execute_command.yml -i inventory.ini diff --git a/ansible/playbooks/node/push_dir.yml b/ansible/playbooks/node/push_dir.yml new file mode 100644 index 0000000..fe454f3 --- /dev/null +++ b/ansible/playbooks/node/push_dir.yml @@ -0,0 +1,11 @@ +--- +- name: push dir + hosts: all + become: true + roles: + - role: node/push_dir + vars: + resource_dir: "{{ resource_dir }}" + target_dir: "{{ target_dir }}" + + # ansible-playbook playbooks/node/push_dir.yml -i inventory.ini diff --git a/ansible/playbooks/node/remove_file.yml b/ansible/playbooks/node/remove_file.yml new file mode 100644 index 0000000..916143e --- /dev/null +++ b/ansible/playbooks/node/remove_file.yml @@ -0,0 +1,10 @@ +--- +- name: remove file + hosts: all + become: true + roles: + - role: node/remove_file + vars: + file_path: "{{ file_path }}" + + # ansible-playbook playbooks/node/remove_file.yml -i inventory.ini diff --git a/ansible/playbooks/node/remove_user.yml b/ansible/playbooks/node/remove_user.yml new file mode 100644 index 0000000..55f73ea --- /dev/null +++ b/ansible/playbooks/node/remove_user.yml @@ -0,0 +1,10 @@ +--- +- name: remove user + hosts: all + become: true + roles: + - role: node/remove_user + vars: + user_name: "{{ remove_user }}" + + # ansible-playbook playbooks/node/remove_user.yml -i inventory.ini diff --git a/ansible/playbooks/ntp/chrony/00_setup_edge_ntp_node.yml b/ansible/playbooks/ntp/chrony/00_setup_edge_ntp_node.yml new file mode 100644 index 0000000..ce8884d --- /dev/null +++ b/ansible/playbooks/ntp/chrony/00_setup_edge_ntp_node.yml @@ -0,0 +1,16 @@ +--- +- name: setup edge ntp node + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: ntp/chrony + vars: + chrony_upstream_sources: + - ntp.time.in.ua + - time.google.com + - time.cloudflare.com + chrony_allow_networks: + - 192.168.0.0/24 + + # ansible-playbook playbooks/ntp/chrony/setup_edge_ntp_node.yml -i inventory.ini diff --git a/ansible/playbooks/ntp/chrony/01_setup_core_ntp_node.yml b/ansible/playbooks/ntp/chrony/01_setup_core_ntp_node.yml new file mode 100644 index 0000000..c8119b7 --- /dev/null +++ b/ansible/playbooks/ntp/chrony/01_setup_core_ntp_node.yml @@ -0,0 +1,14 @@ +--- +- name: setup core ntp node + hosts: + - dev-kyiv01-vm-ntp-main-01 + become: true + roles: + - role: ntp/chrony + vars: + chrony_upstream_sources: + - ntp-edge.infra.hran + chrony_allow_networks: + - 192.168.0.0/24 + + # ansible-playbook playbooks/ntp/chrony/setup_core_ntp_node.yml -i inventory.ini diff --git a/ansible/playbooks/ntp/chrony/02_setup_client_ntp_node.yml b/ansible/playbooks/ntp/chrony/02_setup_client_ntp_node.yml new file mode 100644 index 0000000..1f62eb7 --- /dev/null +++ b/ansible/playbooks/ntp/chrony/02_setup_client_ntp_node.yml @@ -0,0 +1,19 @@ +--- +- name: setup core ntp node + hosts: + - dev-kyiv01-vm-dns-main-01 + - dev-kyiv01-vm-ceph-main-01 + - dev-kyiv01-vm-ceph-main-02 + - dev-kyiv01-vm-ceph-main-03 + - dev-kyiv01-vm-k8s-master-01 + - dev-kyiv01-vm-k8s-worker-01 + become: true + roles: + - role: ntp/chrony + vars: + chrony_upstream_sources: + - ntp-core.infra.hran + chrony_allow_networks: + - 192.168.0.0/24 + + # ansible-playbook playbooks/ntp/chrony/setup_client_ntp_node.yml -i inventory.ini diff --git a/ansible/playbooks/packer/install.yml b/ansible/playbooks/packer/install.yml new file mode 100644 index 0000000..9c83426 --- /dev/null +++ b/ansible/playbooks/packer/install.yml @@ -0,0 +1,9 @@ +--- +- name: install packer + hosts: + - dev-kyiv01-lxc-packer-main-01 + become: true + roles: + - role: packer/install + + # ansible-playbook playbooks/packer/install.yml -i inventory.ini diff --git a/ansible/playbooks/packer/run.yml b/ansible/playbooks/packer/run.yml new file mode 100644 index 0000000..2c1499f --- /dev/null +++ b/ansible/playbooks/packer/run.yml @@ -0,0 +1,11 @@ +--- +- name: run packer + hosts: + - dev-kyiv01-lxc-packer-main-01 + become: true + roles: + - role: packer/run + vars: + packer_config_dir: "/opt/packer/proxmox/debian13" + + # ansible-playbook playbooks/packer/run.yml -i inventory.ini diff --git a/ansible/playbooks/proxmox/enable_snippets.yml b/ansible/playbooks/proxmox/enable_snippets.yml new file mode 100644 index 0000000..9d46a4d --- /dev/null +++ b/ansible/playbooks/proxmox/enable_snippets.yml @@ -0,0 +1,9 @@ +--- +- name: enable snippets + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: proxmox/enable_snippets + + # ansible-playbook playbooks/proxmox/enable_snippets.yml -i inventory.ini diff --git a/ansible/playbooks/proxmox/lxc/download_template.yml b/ansible/playbooks/proxmox/lxc/download_template.yml new file mode 100644 index 0000000..76a2681 --- /dev/null +++ b/ansible/playbooks/proxmox/lxc/download_template.yml @@ -0,0 +1,11 @@ +--- +- name: download lxc template + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: proxmox/lxc/download_template + vars: + lxc_template_name: "debian-12-standard_12.12-1_amd64.tar.zst" + + # ansible-playbook playbooks/proxmox/lxc/download_template.yml -i inventory.ini diff --git a/ansible/playbooks/proxmox/lxc/shutdown.yml b/ansible/playbooks/proxmox/lxc/shutdown.yml new file mode 100644 index 0000000..6d40df3 --- /dev/null +++ b/ansible/playbooks/proxmox/lxc/shutdown.yml @@ -0,0 +1,11 @@ +--- +- name: shutdown lxc container + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: proxmox/lxc/shutdown + vars: + lxc_id: 200 + + # ansible-playbook playbooks/proxmox/lxc/shutdown.yml -i inventory.ini diff --git a/ansible/playbooks/proxmox/setup_proxmox_no_subscription_repository.yml b/ansible/playbooks/proxmox/setup_proxmox_no_subscription_repository.yml new file mode 100644 index 0000000..5d133f2 --- /dev/null +++ b/ansible/playbooks/proxmox/setup_proxmox_no_subscription_repository.yml @@ -0,0 +1,9 @@ +--- +- name: configure proxmox no-subscription repo + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - proxmox/setup_no_subscription_repository + + # ansible-playbook playbooks/proxmox/setup_proxmox_no_subscription_repository.yml -i inventory.ini diff --git a/ansible/playbooks/proxmox/vm/download_iso.yml b/ansible/playbooks/proxmox/vm/download_iso.yml new file mode 100644 index 0000000..795bc4a --- /dev/null +++ b/ansible/playbooks/proxmox/vm/download_iso.yml @@ -0,0 +1,12 @@ +--- +- name: download vm iso + hosts: + - dev-kyiv01-psy-proxmox-main-01 + become: true + roles: + - role: proxmox/vm/download_iso + vars: + vm_iso_name: "debian-13.2.0-amd64-netinst.iso" + vm_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/{{ vm_iso_name }}" + + # ansible-playbook playbooks/proxmox/vm/download_iso.yml -i inventory.ini diff --git a/ansible/roles/ceph/00_install/tasks/main.yml b/ansible/roles/ceph/00_install/tasks/main.yml new file mode 100644 index 0000000..a40f82d --- /dev/null +++ b/ansible/roles/ceph/00_install/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: apt update + ansible.builtin.apt: + update_cache: true + +- name: apt upgrade + ansible.builtin.apt: + upgrade: dist + +- name: install base packages + ansible.builtin.apt: + name: + - ca-certificates + - curl + - gnupg + - lvm2 + - podman + state: present + +- name: swapoff + ansible.builtin.command: swapoff -a + changed_when: true + +- name: comment swap in /etc/fstab + ansible.builtin.replace: + path: /etc/fstab + regexp: '^([^#].*\s+swap\s+.*)$' + replace: '# \1' + +- name: install cephadm and ceph-common + ansible.builtin.apt: + name: + - cephadm + - ceph-common + state: present + +- name: cephadm version + ansible.builtin.command: cephadm version + changed_when: false + +- name: ceph -v + ansible.builtin.command: ceph -v + changed_when: false diff --git a/ansible/roles/ceph/01_bootstrap/tasks/main.yml b/ansible/roles/ceph/01_bootstrap/tasks/main.yml new file mode 100644 index 0000000..24cb447 --- /dev/null +++ b/ansible/roles/ceph/01_bootstrap/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: cephadm bootstrap + ansible.builtin.command: > + cephadm bootstrap + --mon-ip 192.168.0.102 + --initial-dashboard-user admin + --initial-dashboard-password password + --allow-fqdn-hostname + changed_when: true diff --git a/ansible/roles/ceph/02_share_pubkey/tasks/main.yml b/ansible/roles/ceph/02_share_pubkey/tasks/main.yml new file mode 100644 index 0000000..382ab97 --- /dev/null +++ b/ansible/roles/ceph/02_share_pubkey/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: get cephadm pub key (run once on ceph01) + ansible.builtin.command: ceph cephadm get-pub-key + register: ceph_pubkey_cmd + changed_when: false + delegate_to: dev-kyiv01-vm-ceph-main-01 + run_once: true + +- name: set ceph pubkey fact for this play + ansible.builtin.set_fact: + ceph_pubkey: "{{ ceph_pubkey_cmd.stdout }}" + run_once: true + +- name: add ceph pub key to root authorized_keys + ansible.posix.authorized_key: + user: root + key: "{{ ceph_pubkey }}" + state: present + when: inventory_hostname in ["dev-kyiv01-vm-ceph-main-02", "dev-kyiv01-vm-ceph-main-03"] + +- name: restart ssh + ansible.builtin.service: + name: ssh + state: restarted + when: inventory_hostname in ["dev-kyiv01-vm-ceph-main-02", "dev-kyiv01-vm-ceph-main-03"] diff --git a/ansible/roles/ceph/03_setup_cluster/tasks/main.yml b/ansible/roles/ceph/03_setup_cluster/tasks/main.yml new file mode 100644 index 0000000..c7ab359 --- /dev/null +++ b/ansible/roles/ceph/03_setup_cluster/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: add host ceph02 + ansible.builtin.command: > + ceph orch host add dev-kyiv01-vm-ceph-main-02 192.168.0.103 + changed_when: true + +- name: add host ceph03 + ansible.builtin.command: > + ceph orch host add dev-kyiv01-vm-ceph-main-03 192.168.0.104 + changed_when: true + +- name: add osd ceph01 sdb + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-01:/dev/sdb + changed_when: true + +- name: add osd ceph01 sdc + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-01:/dev/sdc + changed_when: true + +- name: add osd ceph02 sdb + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-02:/dev/sdb + changed_when: true + +- name: add osd ceph02 sdc + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-02:/dev/sdc + changed_when: true + +- name: add osd ceph03 sdb + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-03:/dev/sdb + changed_when: true + +- name: add osd ceph03 sdc + ansible.builtin.command: > + ceph orch daemon add osd dev-kyiv01-vm-ceph-main-03:/dev/sdc + changed_when: true diff --git a/ansible/roles/ceph/04_setup_rgw/readme.md b/ansible/roles/ceph/04_setup_rgw/readme.md new file mode 100644 index 0000000..301f6fc --- /dev/null +++ b/ansible/roles/ceph/04_setup_rgw/readme.md @@ -0,0 +1,48 @@ +# "[1/8] Проверка кластера" +ceph -s +ceph orch status + +# "[2/8] Создаём realm/zonegroup/zone (если уже есть — будет ошибка; можно игнорировать или сначала проверить list)" +radosgw-admin realm create --rgw-realm=default --default || true +radosgw-admin zonegroup create --rgw-zonegroup=default --master --default || true +radosgw-admin zone create \ + --rgw-zonegroup=default \ + --rgw-zone=default \ + --master \ + --default || true + +# "[3/8] Коммит периода (обновляем конфиг мультисайта)" +radosgw-admin period update --commit + +# "[4/8] Проверка realm/zone" +radosgw-admin realm list +radosgw-admin zone list + +# "[5/8] Деплой RGW сервисом через cephadm/orchestrator" +ceph orch apply rgw default --placement="1" + +# "[6/8] Проверка что RGW поднялся" +ceph orch ls +ceph orch ps --service-name rgw.default +ss -lntp | grep -E 'rgw|civetweb|beast|7480|80|443' || true + +# "[7/8] Создаём admin (system) пользователя — ТОЛЬКО для ops" +# Важно: system user не для приложений, а для админских операций/автоматизации ops +radosgw-admin user create \ + --uid="admin" \ + --display-name="RGW Admin (system)" \ + --system || true + +# "[8/8] Создаём пользователя для Crunchy pgBackRest + бакет" +# Создаём отдельного юзера под pgBackRest +radosgw-admin user create \ + --uid="crunchy-backup" \ + --display-name="Crunchy pgBackRest" || true + +# Создаём бакет и назначаем владельца (uid должен существовать) +radosgw-admin bucket create \ + --bucket="crunchy-pgbackrest" \ + --uid="crunchy-backup" || true + +# "=== Итог: креды для Crunchy ===" +radosgw-admin user info --uid="crunchy-backup" diff --git a/ansible/roles/ceph/05_create_k8s_pool/readme.md b/ansible/roles/ceph/05_create_k8s_pool/readme.md new file mode 100644 index 0000000..d09f374 --- /dev/null +++ b/ansible/roles/ceph/05_create_k8s_pool/readme.md @@ -0,0 +1,28 @@ +```bash +ceph -s +ceph fsid +ceph mon dump | egrep 'mon\.' -n +ceph osd pool ls + +# создать pool (pg_num подбирай под размер кластера; для старта можно 64/128) +ceph osd pool create k8s-rbd 128 + +# включить application "rbd" (важно для CSI) +ceph osd pool application enable k8s-rbd rbd + +# (опционально) инициализировать rbd метаданные +rbd pool init k8s-rbd + +# (опционально) выставить репликацию size=3 (или как у тебя принято) +ceph osd pool set k8s-rbd size 3 + +ceph auth get-or-create client.k8s-rbd-csi \ + mon 'profile rbd' \ + osd "profile rbd pool=k8s-rbd" \ + mgr "profile rbd" + +# посмотреть ключ +ceph auth get client.k8s-rbd-csi + + +``` \ No newline at end of file diff --git a/ansible/roles/ceph/readme.md b/ansible/roles/ceph/readme.md new file mode 100644 index 0000000..fa59ddb --- /dev/null +++ b/ansible/roles/ceph/readme.md @@ -0,0 +1,85 @@ +# ЭТАП 0. Подготовка ОС (на всех Ceph-нодах) + +## обновление системы +apt update && apt upgrade -y + +## базовые пакеты (без chrony/dns/hosts) +apt install -y \ + ca-certificates \ + curl \ + gnupg \ + lvm2 \ + podman + +## отключаем swap (ОБЯЗАТЕЛЬНО для k8s; для Ceph не строго, но лучше сразу) +swapoff -a +sed -i '/ swap / s/^/#/' /etc/fstab + +## проверка дисков (убедись, что OSD диски пустые) +lsblk + +# ЭТАП 1. Установка Cephadm (на bootstrap-ноде и затем на всех нодах) + +apt install -y cephadm ceph-common +cephadm version +ceph -v + +# ЭТАП 2. Bootstrap кластера (только на первой ноде / mon) + +cephadm bootstrap \ + --mon-ip 192.168.0.102 \ + --initial-dashboard-user admin \ + --initial-dashboard-password password \ + --allow-fqdn-hostname + +ceph -s +ceph orch ps + +# ЭТАП 3. Добавляем остальные ноды в orchestrator + +ceph cephadm get-pub-key +systemctl restart ssh + +ceph orch host add dev-kyiv01-vm-ceph-main-02 192.168.0.103 +ceph orch host add dev-kyiv01-vm-ceph-main-03 192.168.0.104 + +ceph orch host ls + + +# ЭТАП 4. Добавляем OSD (на каждой ноде) + +## bootstrap-node (локальная) +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-01:/dev/sdb +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-01:/dev/sdc + +## vm-ceph-kyiv-02 +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-02:/dev/sdb +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-02:/dev/sdc + +## vm-ceph-kyiv-03 +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-03:/dev/sdb +ceph orch daemon add osd dev-kyiv01-vm-ceph-main-03:/dev/sdc + +## Проверка: + +ceph osd tree +ceph -s + + +# ЭТАП 5. Пул под k8s RBD + +ceph osd pool create k8s-rbd 64 +ceph osd pool application enable k8s-rbd rbd + +ceph osd pool ls +ceph osd pool get k8s-rbd all + +## Мини-чеклист + +ceph -s +ceph orch host ls +ceph orch ps +ceph osd tree + +# Delete broken cluster +cephadm rm-cluster --force --fsid e3b4050a-e8be-11f0-84c2-027a4c119066 \ No newline at end of file diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/readme.md b/ansible/roles/dns/push_powerdns_configs_to_node/readme.md new file mode 100644 index 0000000..d727354 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/readme.md @@ -0,0 +1,38 @@ +# example dns path in Debian13 +App → glibc resolver → /etc/resolv.conf (127.0.0.53) → systemd-resolved → 192.168.0.1 (Proxmox) + +# before role running +```bash +sudo systemctl disable --now systemd-resolved + +sudo rm -f /etc/resolv.conf +echo -e "nameserver 1.1.1.1\nnameserver 8.8.8.8" | sudo tee /etc/resolv.conf + +docker compose down +docker compose up -d +``` + +```bash +# pdns-auth web/api через nginx +curl -i -H 'Host: auth.infra.hran' http://127.0.0.1/ + +# recursor web/api через nginx +curl -i -H 'Host: recursor.infra.hran' http://127.0.0.1/ + +# dnsdist web через nginx +curl -i -H 'Host: dnsdist.infra.hran' http://127.0.0.1/ +curl -i -u 'admin:CHANGE_ME_DNSDIST_WEB_PASSWORD' -H 'Host: dnsdist.infra.hran' http://127.0.0.1/ + +# windows +C:\Windows\System32\drivers\etc\hosts + +127.0.0.1 auth.infra.hran +127.0.0.1 recursor.infra.hran +127.0.0.1 dnsdist.infra.hran:8084 + +# check from browser +http://dnsdist.infra.hran:8080/ +http://auth.infra.hran:8080/ +http://recursor.infra.hran:8080/ +``` + diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/tasks/main.yml b/ansible/roles/dns/push_powerdns_configs_to_node/tasks/main.yml new file mode 100644 index 0000000..f3b1803 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/tasks/main.yml @@ -0,0 +1,37 @@ +- name: ensure directory structure exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "root" + group: "root" + mode: "0755" + loop: + - "{{ dns_stack_root }}" + - "{{ dns_stack_root }}/postgres/initdb" + - "{{ dns_stack_root }}/pdns-auth" + - "{{ dns_stack_root }}/pdns-recursor" + - "{{ dns_stack_root }}/dnsdist" + - "{{ dns_stack_root }}/nginx" + +- name: render stack files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ dns_stack_root }}/{{ item.dest }}" + owner: "root" + group: "root" + mode: "0644" + loop: + - { src: "docker-compose.yml.j2", dest: "docker-compose.yml" } + - { src: ".env.j2", dest: ".env", mode: "0600" } + - { + src: "postgres/initdb/01-pdns-schema.sql.j2", + dest: "postgres/initdb/01-pdns-schema.sql", + } + - { src: "pdns-auth/pdns.conf.j2", dest: "pdns-auth/pdns.conf" } + - { + src: "pdns-recursor/recursor.conf.j2", + dest: "pdns-recursor/recursor.conf", + } + - { src: "dnsdist/dnsdist.conf.j2", dest: "dnsdist/dnsdist.conf" } + - { src: "nginx/nginx.conf.j2", dest: "nginx/nginx.conf" } + register: rendered diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/dnsdist/dnsdist.conf.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/dnsdist/dnsdist.conf.j2 new file mode 100644 index 0000000..b7074a0 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/dnsdist/dnsdist.conf.j2 @@ -0,0 +1,41 @@ +addLocal("0.0.0.0:53") +addLocal("[::]:53") + +-- ACL для клиентов, которым вообще можно отвечать +addACL("127.0.0.0/8") -- localhost на IPv4 (машина сама себе). +addACL("10.0.0.0/8") -- приватные сети RFC1918 (часто VPN/корп сеть). +addACL("172.16.0.0/12") -- приватные 172.16–172.31 (сюда попадает и 172.30.x, docker-сеть). +addACL("192.168.0.0/16") -- типичная домашняя LAN. +addACL("::1/128") -- localhost на IPv6. +addACL("fc00::/7") -- IPv6 ULA (аналог приватных) +addACL("fe80::/10") --IPv6 link-local (адреса “на линке”, часто у интерфейса). + +newServer({ + address="172.30.0.11:5300", + pool="auth", + name="pdns-auth" +}) + +newServer({ + address="172.30.0.12:5301", + pool="recursor", + name="pdns-recursor" +}) + +-- Авторитативные зоны -> в pool auth, остальное -> recursor +local authZones = newSuffixMatchNode() +authZones:add("infra.hran.") + +pc = newPacketCache(100000, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60}) +getPool("recursor"):setCache(pc) +getPool("auth"):setCache(pc) + +addAction(SuffixMatchNodeRule(authZones), PoolAction("auth")) +addAction(AllRule(), PoolAction("recursor")) + +webserver("0.0.0.0:8084") +setWebserverConfig({ + password="CHANGE_ME_DNSDIST_WEB_PASSWORD", + apiKey="CHANGE_ME_DNSDIST_KEY", + acl="127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, ::1/128, fc00::/7, fe80::/10" +}) diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/docker-compose.yml.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..6d0f2aa --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/docker-compose.yml.j2 @@ -0,0 +1,142 @@ +services: + postgres: + image: postgres:16 + container_name: dnsstack-postgres + restart: unless-stopped + environment: + TZ: Europe/Kyiv + POSTGRES_DB: pdns + POSTGRES_USER: pdns + POSTGRES_PASSWORD: CHANGE_ME_POSTGRES_PASSWORD + volumes: + - /opt/dns-stack/postgres/data:/var/lib/postgresql/data + - ./postgres/initdb:/docker-entrypoint-initdb.d:ro + networks: + dnsnet: + ipv4_address: "172.30.0.10" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} -h 127.0.0.1 -p 5432"] + interval: 2s + timeout: 3s + retries: 30 + start_period: 10s + logging: + driver: "json-file" + options: + tag: "dnsstack.postgres" + max-size: "20m" + max-file: "10" + + pdns-auth: + image: powerdns/pdns-auth-50:latest + container_name: dnsstack-pdns-auth + restart: unless-stopped + depends_on: + postgres: + condition: service_healthy + environment: + TZ: Europe/Kyiv + volumes: + - ./pdns-auth/pdns.conf:/etc/powerdns/pdns.conf:ro + networks: + dnsnet: + ipv4_address: "172.30.0.11" + expose: + - "5300" + - "8083" + ulimits: + nofile: + soft: 10064 + hard: 10064 + logging: + driver: "json-file" + options: + tag: "dnsstack.pdns-auth" + max-size: "20m" + max-file: "10" + + pdns-recursor: + image: powerdns/pdns-recursor-53:latest + container_name: dnsstack-pdns-recursor + restart: unless-stopped + environment: + TZ: Europe/Kyiv + volumes: + - ./pdns-recursor/recursor.conf:/etc/powerdns/recursor.conf:ro + networks: + dnsnet: + ipv4_address: "172.30.0.12" + expose: + - "5301" + - "8082" + ulimits: + nofile: + soft: 10064 + hard: 10064 + logging: + driver: "json-file" + options: + tag: "dnsstack.pdns-recursor" + max-size: "20m" + max-file: "10" + + dnsdist: + image: powerdns/dnsdist-20:latest + container_name: dnsstack-dnsdist + restart: unless-stopped + depends_on: + - pdns-auth + - pdns-recursor + environment: + TZ: Europe/Kyiv + volumes: + - ./dnsdist/dnsdist.conf:/etc/dnsdist/dnsdist.conf:ro + networks: + dnsnet: + ipv4_address: "172.30.0.2" + ports: + - "53:53/udp" + - "53:53/tcp" + expose: + - "8084" + ulimits: + nofile: + soft: 65535 + hard: 65535 + logging: + driver: "json-file" + options: + tag: "dnsstack.dnsdist" + max-size: "50m" + max-file: "10" + + nginx: + image: nginx:1.27-alpine + container_name: dnsstack-nginx + restart: unless-stopped + depends_on: + - pdns-auth + - pdns-recursor + - dnsdist + environment: + TZ: Europe/Kyiv + volumes: + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro + networks: + dnsnet: + ipv4_address: "172.30.0.3" + ports: + - "80:80/tcp" + logging: + driver: "json-file" + options: + tag: "dnsstack.nginx" + max-size: "20m" + max-file: "10" + +networks: + dnsnet: + driver: bridge + ipam: + config: + - subnet: "172.30.0.0/24" diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/nginx/nginx.conf.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/nginx/nginx.conf.j2 new file mode 100644 index 0000000..2407301 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/nginx/nginx.conf.j2 @@ -0,0 +1,53 @@ +worker_processes auto; + +events { worker_connections 1024; } + +http { + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + # auth.infra.hran -> pdns-auth:8083 + server { + listen 80; + server_name auth.infra.hran; + + location / { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://pdns-auth:8083; + } + } + + # recursor.infra.hran -> pdns-recursor:8082 + server { + listen 80; + server_name recursor.infra.hran; + + location / { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://pdns-recursor:8082; + } + } + + # dnsdist.infra.hran -> dnsdist:8084 + server { + listen 80; + server_name dnsdist.infra.hran; + + location / { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://dnsdist:8084; + } + } +} diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-auth/pdns.conf.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-auth/pdns.conf.j2 new file mode 100644 index 0000000..7f00088 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-auth/pdns.conf.j2 @@ -0,0 +1,21 @@ +local-address=0.0.0.0,:: +local-port=5300 + +launch=gpgsql +gpgsql-host=postgres +gpgsql-port=5432 +gpgsql-dbname=pdns +gpgsql-user=pdns +gpgsql-password=CHANGE_ME_POSTGRES_PASSWORD + +api=yes +api-key=CHANGE_ME_PDNS_API_KEY + +webserver=yes +webserver-address=0.0.0.0 +webserver-port=8083 +webserver-allow-from=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + +disable-axfr=yes +version-string=anonymous +loglevel=4 diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-recursor/recursor.conf.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-recursor/recursor.conf.j2 new file mode 100644 index 0000000..5486675 --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/pdns-recursor/recursor.conf.j2 @@ -0,0 +1,46 @@ +# PowerDNS Recursor 5.1+ YAML config + +incoming: + listen: + - "0.0.0.0:5301" + - "[::]:5301" + allow_from: + - "127.0.0.0/8" + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + - "::1/128" + - "fc00::/7" + - "fe80::/10" + +outgoing: + source_address: + - "0.0.0.0" + - "::" + +webservice: + webserver: true + address: "0.0.0.0" + port: 8082 + api_key: "CHANGE_ME_RECURSOR_API_KEY" + allow_from: + - "127.0.0.0/8" + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + - "::1/128" + - "fc00::/7" + - "fe80::/10" + +logging: + loglevel: 6 + quiet: false + +recursor: + version_string: "anonymous" + + forward_zones_recurse: + - zone: "." + forwarders: + - "1.1.1.1" + - "8.8.8.8" diff --git a/ansible/roles/dns/push_powerdns_configs_to_node/templates/postgres/initdb/01-pdns-schema.sql.j2 b/ansible/roles/dns/push_powerdns_configs_to_node/templates/postgres/initdb/01-pdns-schema.sql.j2 new file mode 100644 index 0000000..6c4ef0d --- /dev/null +++ b/ansible/roles/dns/push_powerdns_configs_to_node/templates/postgres/initdb/01-pdns-schema.sql.j2 @@ -0,0 +1,103 @@ +-- PowerDNS Generic PostgreSQL schema (gpgsql) +-- Source: PowerDNS pdns/modules/gpgsqlbackend/schema.pgsql.sql + +CREATE TABLE domains ( + id SERIAL PRIMARY KEY, + name VARCHAR(255) NOT NULL, + master VARCHAR(128) DEFAULT NULL, + last_check INT DEFAULT NULL, + type TEXT NOT NULL, + notified_serial INT DEFAULT NULL, + account VARCHAR(40) DEFAULT NULL, + options TEXT DEFAULT NULL, + catalog VARCHAR(255) DEFAULT NULL +); + +CREATE UNIQUE INDEX name_index ON domains(name); +CREATE INDEX catalog_idx ON domains(catalog); + +CREATE TABLE records ( + id BIGSERIAL PRIMARY KEY, + domain_id INT DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(65535) DEFAULT NULL, + ttl INT DEFAULT NULL, + prio INT DEFAULT NULL, + disabled BOOL DEFAULT 'f', + ordername VARCHAR(255), + auth BOOL DEFAULT 't' +); + +CREATE INDEX rec_name_index ON records(name); +CREATE INDEX nametype_index ON records(name, type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX ordername ON records(ordername); + +CREATE TABLE supermasters ( + ip INET NOT NULL, + nameserver VARCHAR(255) NOT NULL, + account VARCHAR(40) NOT NULL, + PRIMARY KEY (ip, nameserver) +); + +CREATE TABLE comments ( + id SERIAL PRIMARY KEY, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) DEFAULT NULL, + comment VARCHAR(65535) NOT NULL +); + +CREATE INDEX comments_domain_id_idx ON comments(domain_id); +CREATE INDEX comments_name_type_idx ON comments(name, type); +CREATE INDEX comments_order_idx ON comments(domain_id, modified_at); + +CREATE TABLE domainmetadata ( + id SERIAL PRIMARY KEY, + domain_id INT NOT NULL, + kind VARCHAR(32), + content TEXT +); + +CREATE INDEX domainmetadata_idx ON domainmetadata(domain_id, kind); + +CREATE TABLE cryptokeys ( + id SERIAL PRIMARY KEY, + domain_id INT NOT NULL, + flags INT NOT NULL, + active BOOL, + published BOOL DEFAULT TRUE, + content TEXT +); + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + +CREATE TABLE tsigkeys ( + id SERIAL PRIMARY KEY, + name VARCHAR(255), + algorithm VARCHAR(50), + secret VARCHAR(255) +); + +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); + +CREATE TABLE luarecords ( + id SERIAL PRIMARY KEY, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + content VARCHAR(65535) NOT NULL, + ttl INT NOT NULL, + prio INT DEFAULT NULL, + disabled BOOL DEFAULT 'f', + ordername VARCHAR(255), + auth BOOL DEFAULT 't' +); + +CREATE INDEX luarecord_name_index ON luarecords(name); +CREATE INDEX luarecord_nametype_index ON luarecords(name, type); +CREATE INDEX luarecord_domain_id ON luarecords(domain_id); +CREATE INDEX luarecord_ordername ON luarecords(ordername); diff --git a/ansible/roles/dns/setup_systemd_resolved_config/handlers/main.yml b/ansible/roles/dns/setup_systemd_resolved_config/handlers/main.yml new file mode 100644 index 0000000..d7476f0 --- /dev/null +++ b/ansible/roles/dns/setup_systemd_resolved_config/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: restart dhcpcd + ansible.builtin.shell: | + set -euo pipefail + dhcpcd -k eth0 || true + sleep 1 + dhcpcd -f /etc/dhcpcd.conf eth0 + args: + executable: /bin/bash diff --git a/ansible/roles/dns/setup_systemd_resolved_config/readme.md b/ansible/roles/dns/setup_systemd_resolved_config/readme.md new file mode 100644 index 0000000..fa24356 --- /dev/null +++ b/ansible/roles/dns/setup_systemd_resolved_config/readme.md @@ -0,0 +1,4 @@ +```bash +cat /etc/resolv.conf +getent hosts ntp-edge.infra.hran +``` \ No newline at end of file diff --git a/ansible/roles/dns/setup_systemd_resolved_config/tasks/main.yml b/ansible/roles/dns/setup_systemd_resolved_config/tasks/main.yml new file mode 100644 index 0000000..5374c4d --- /dev/null +++ b/ansible/roles/dns/setup_systemd_resolved_config/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: render dhcpcd.conf (DNS override) + ansible.builtin.template: + src: dhcpcd.conf.j2 + dest: /etc/dhcpcd.conf + owner: root + group: root + mode: "0644" + notify: restart dhcpcd diff --git a/ansible/roles/dns/setup_systemd_resolved_config/templates/dhcpcd.conf.j2 b/ansible/roles/dns/setup_systemd_resolved_config/templates/dhcpcd.conf.j2 new file mode 100644 index 0000000..ca9f908 --- /dev/null +++ b/ansible/roles/dns/setup_systemd_resolved_config/templates/dhcpcd.conf.j2 @@ -0,0 +1,45 @@ +# A sample configuration for dhcpcd. +# See dhcpcd.conf(5) for details. + +# Allow users of this group to interact with dhcpcd via the control socket. +#controlgroup wheel + +# Inform the DHCP server of our hostname for DDNS. +hostname + +# Use the hardware address of the interface for the Client ID. +#clientid +# or +# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. +# Some non-RFC compliant DHCP servers do not reply with this set. +# In this case, comment out duid and enable clientid above. +duid + +# Persist interface configuration when dhcpcd exits. +persistent + +# vendorclassid is set to blank to avoid sending the default of +# dhcpcd-::: +vendorclassid + +# A list of options to request from the DHCP server. +option domain_name_servers, domain_name, domain_search +option classless_static_routes +# Respect the network MTU. This is applied to DHCP routes. +option interface_mtu + +# Request a hostname from the network +option host_name + +# Most distributions have NTP support. +#option ntp_servers + +# A ServerID is required by RFC2131. +require dhcp_server_identifier + +# Generate SLAAC address using the Hardware Address of the interface +#slaac hwaddr +# OR generate Stable Private IPv6 Addresses based from the DUID +slaac private + +static domain_name_servers=192.168.0.100 1.1.1.1 8.8.8.8 diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml new file mode 100644 index 0000000..ff6a2c5 --- /dev/null +++ b/ansible/roles/docker/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: update apt cache + apt: + update_cache: yes diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..93dadd8 --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,74 @@ +--- +# 1) Чистим потенциально битый repo-файл (как у тебя было) +- name: remove broken docker repo if exists + file: + path: /etc/apt/sources.list.d/docker.list + state: absent + +# 2) Минимум нужных пакетов +- name: install prerequisites + apt: + name: + - ca-certificates + - curl + - gnupg + state: present + update_cache: yes + +# 3) Keyring + ключ +- name: ensure keyrings dir exists + file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + +- name: download docker GPG key + get_url: + url: https://download.docker.com/linux/debian/gpg + dest: /etc/apt/keyrings/docker.gpg + mode: "0644" + +# 4) Repo (архитектура через ansible_architecture -> amd64) +- name: add docker apt repository + copy: + dest: /etc/apt/sources.list.d/docker.list + content: | + deb [arch={{ 'amd64' if ansible_architecture in ['x86_64','amd64'] else ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable + +# 5) Пробуем поставить containerd.io, перебирая версии (и сразу держим) +- name: install first working containerd.io (skip broken versions) and hold + shell: | + set -euo pipefail + apt-get update + mapfile -t versions < <(apt-cache madison containerd.io | awk '{print $3}' | sort -V | tac) + + for v in "${versions[@]}"; do + echo "Trying containerd.io=$v" + if apt-get install -y "containerd.io=$v"; then + apt-mark hold containerd.io + exit 0 + fi + done + + echo "No working containerd.io version found in repo" + exit 1 + args: + executable: /bin/bash + changed_when: true + +# 6) Docker пакеты (containerd.io уже стоит/held) +- name: install docker packages + apt: + name: + - docker-ce + - docker-ce-cli + - docker-buildx-plugin + - docker-compose-plugin + state: present + update_cache: yes + +- name: enable & start docker service + service: + name: docker + state: started + enabled: yes diff --git a/ansible/roles/gitea/README.md b/ansible/roles/gitea/README.md new file mode 100644 index 0000000..c1306e2 --- /dev/null +++ b/ansible/roles/gitea/README.md @@ -0,0 +1,109 @@ +# Gitea Setup Notes + +## 1️⃣ Добавление HTTPS сертификата (Let's Encrypt + Nginx) + +### Установка certbot +ставим certbot на хост (НЕ в контейнер) + +``` bash +sudo apt update +sudo apt install certbot python3-certbot-nginx -y +``` + +### Базовый nginx конфиг (HTTP → прокси в Gitea) + +Файл: `./nginx/nginx.conf` + +``` nginx +server { + listen 80; + server_name gitea.quietblock.net; + + location / { + proxy_pass http://gitea:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} +``` + +### Получение сертификата + +``` bash +sudo certbot certonly --standalone -d gitea.quietblock.net +``` + +Запрашивает SSL сертификат для домена через standalone режим. + +После успеха сертификаты будут: + + /etc/letsencrypt/live/gitea.quietblock.net/fullchain.pem + /etc/letsencrypt/live/gitea.quietblock.net/privkey.pem + +### Docker nginx сервис + +``` yaml +nginx: + image: nginx:stable + container_name: nginx + restart: always + + ports: + - "80:80" + - "443:443" + + volumes: + - ./nginx:/etc/nginx/conf.d + - /etc/letsencrypt:/etc/letsencrypt:ro + + depends_on: + - gitea +``` + +### Финальный nginx конфиг (HTTP → HTTPS + SSL) + +``` nginx +server { + listen 80; + server_name gitea.quietblock.net; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name gitea.quietblock.net; + + ssl_certificate /etc/letsencrypt/live/gitea.quietblock.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gitea.quietblock.net/privkey.pem; + + location / { + proxy_pass http://gitea:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} +``` + +Что происходит: - HTTP редиректится на HTTPS - nginx использует SSL +сертификаты - HTTPS проксируется в контейнер gitea + +------------------------------------------------------------------------ + +## 2️⃣ Создание администратора в Gitea + +### Зайти внутрь контейнера + +``` bash +docker exec -it --user git gitea /bin/bash +``` + +Открывает shell внутри контейнера gitea от пользователя git. + +### Создать администратора + +``` bash +gitea admin user create --username adminuser --password 14881488 --email you@mail.com --admin +``` diff --git a/ansible/roles/gitea/tasks/main.yml b/ansible/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..227487e --- /dev/null +++ b/ansible/roles/gitea/tasks/main.yml @@ -0,0 +1,23 @@ +- name: ensure directory structure exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "root" + group: "root" + mode: "0755" + loop: + - "/opt/gitea" + - "/opt/gitea/nginx" + +- name: render stack files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "/opt/gitea/{{ item.dest }}" + owner: "root" + group: "root" + mode: "0644" + loop: + - { src: "docker-compose.yml.j2", dest: "docker-compose.yml" } + - { src: ".env.j2", dest: ".env", mode: "0600" } + - { src: "nginx/nginx.conf.j2", dest: "nginx/nginx.conf" } + register: rendered diff --git a/ansible/roles/gitea/templates/docker-compose.yml.j2 b/ansible/roles/gitea/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..b1187fa --- /dev/null +++ b/ansible/roles/gitea/templates/docker-compose.yml.j2 @@ -0,0 +1,78 @@ +version: "3.9" + +services: + postgres: + image: postgres:15 + container_name: postgres + restart: always + + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + + volumes: + - ./data/postgres:/var/lib/postgresql/data + + networks: + - gitea_net + + gitea: + image: gitea/gitea:latest + container_name: gitea + restart: always + + environment: + - USER_UID=1000 + - USER_GID=1000 + + # DB + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=postgres:5432 + - GITEA__database__NAME=${POSTGRES_DB} + - GITEA__database__USER=${POSTGRES_USER} + - GITEA__database__PASSWD=${POSTGRES_PASSWORD} + + # basic + - GITEA__server__DOMAIN=${GITEA_URL} + - GITEA__server__ROOT_URL=https://${GITEA_URL}/ + - GITEA__server__SSH_DOMAIN=${GITEA_URL} + - GITEA__server__HTTP_PORT=3000 + - GITEA__server__SSH_PORT=2222 + + # security + - GITEA__security__INSTALL_LOCK=true + - GITEA__service__DISABLE_REGISTRATION=true + + volumes: + - ./data/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + depends_on: + - postgres + + networks: + - gitea_net + + nginx: + image: nginx:stable + container_name: nginx + restart: always + + ports: + - "80:80" + - "443:443" + + volumes: + - ./nginx:/etc/nginx/conf.d + - /etc/letsencrypt:/etc/letsencrypt:ro + + depends_on: + - gitea + + networks: + - gitea_net + +networks: + gitea_net: diff --git a/ansible/roles/gitea/templates/nginx/nginx.conf.j2 b/ansible/roles/gitea/templates/nginx/nginx.conf.j2 new file mode 100644 index 0000000..77f41ce --- /dev/null +++ b/ansible/roles/gitea/templates/nginx/nginx.conf.j2 @@ -0,0 +1,23 @@ +server { + listen 80; + server_name gitea.quietblock.net; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name gitea.quietblock.net; + + ssl_certificate /etc/letsencrypt/live/gitea.quietblock.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gitea.quietblock.net/privkey.pem; + + location / { + proxy_pass http://gitea:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + client_max_body_size 50M; +} diff --git a/ansible/roles/harden/fail2ban/handlers/main.yml b/ansible/roles/harden/fail2ban/handlers/main.yml new file mode 100644 index 0000000..902e346 --- /dev/null +++ b/ansible/roles/harden/fail2ban/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: validate fail2ban config + listen: "validate and restart fail2ban" + become: true + ansible.builtin.command: fail2ban-client -t + register: f2b_validate + changed_when: false + +- name: restart fail2ban + listen: "validate and restart fail2ban" + become: true + ansible.builtin.systemd: + name: fail2ban + state: restarted diff --git a/ansible/roles/harden/fail2ban/tasks/main.yml b/ansible/roles/harden/fail2ban/tasks/main.yml new file mode 100644 index 0000000..157fd22 --- /dev/null +++ b/ansible/roles/harden/fail2ban/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: install fail2ban + deps + ansible.builtin.apt: + name: + - fail2ban + - python3 + - python3-systemd + - nftables + state: present + update_cache: true + become: true + +- name: enable & start nftables + ansible.builtin.systemd: + name: nftables + enabled: true + state: started + become: true + +- name: ensure fail2ban directories exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: "0755" + loop: + - /etc/fail2ban + - /etc/fail2ban/jail.d + - /etc/fail2ban/filter.d + become: true + +- name: deploy /etc/fail2ban/fail2ban.local + ansible.builtin.template: + src: fail2ban.local.j2 + dest: /etc/fail2ban/fail2ban.local + owner: root + group: root + mode: "0644" + notify: validate and restart fail2ban + become: true + +- name: deploy /etc/fail2ban/jail.local + ansible.builtin.template: + src: jail.local.j2 + dest: /etc/fail2ban/jail.local + owner: root + group: root + mode: "0644" + notify: validate and restart fail2ban + become: true + +- name: ensure fail2ban enabled and started + ansible.builtin.systemd: + name: fail2ban + enabled: true + state: started + become: true diff --git a/ansible/roles/harden/fail2ban/templates/fail2ban.local.j2 b/ansible/roles/harden/fail2ban/templates/fail2ban.local.j2 new file mode 100644 index 0000000..be364af --- /dev/null +++ b/ansible/roles/harden/fail2ban/templates/fail2ban.local.j2 @@ -0,0 +1,6 @@ +[Definition] +loglevel = INFO +logtarget = /var/log/fail2ban.log +socket = /run/fail2ban/fail2ban.sock +pidfile = /run/fail2ban/fail2ban.pid +dbpurgeage = 86400 diff --git a/ansible/roles/harden/fail2ban/templates/jail.local.j2 b/ansible/roles/harden/fail2ban/templates/jail.local.j2 new file mode 100644 index 0000000..8bf2bb4 --- /dev/null +++ b/ansible/roles/harden/fail2ban/templates/jail.local.j2 @@ -0,0 +1,18 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 ::1 + +findtime = 600 +maxretry = 5 +bantime = 1h + +backend = systemd +banaction = nftables[type=multiport] + +[sshd] +enabled = true +port = 25105 +filter = sshd +maxretry = 5 +findtime = 600 +bantime = 1h +mode = aggressive diff --git a/ansible/roles/harden/nftables/handlers/main.yml b/ansible/roles/harden/nftables/handlers/main.yml new file mode 100644 index 0000000..0048f09 --- /dev/null +++ b/ansible/roles/harden/nftables/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: validate nftables config + ansible.builtin.command: + cmd: nft -c -f /etc/nftables.conf + listen: apply nftables + changed_when: false + +- name: reload nftables + ansible.builtin.systemd: + name: nftables + state: reloaded + listen: apply nftables diff --git a/ansible/roles/harden/nftables/tasks/main.yml b/ansible/roles/harden/nftables/tasks/main.yml new file mode 100644 index 0000000..6968cee --- /dev/null +++ b/ansible/roles/harden/nftables/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: install nftables + ansible.builtin.apt: + name: nftables + state: present + update_cache: true + notify: apply nftables + +- name: deploy nftables config + ansible.builtin.template: + src: "{{ nftables_conf_name }}" + dest: /etc/nftables.conf + owner: root + group: root + mode: "0644" + notify: apply nftables + +- name: enable and start nftables service + ansible.builtin.systemd: + name: nftables + enabled: true + state: started diff --git a/ansible/roles/harden/nftables/templates/proxmox-nftables.j2 b/ansible/roles/harden/nftables/templates/proxmox-nftables.j2 new file mode 100644 index 0000000..92263bb --- /dev/null +++ b/ansible/roles/harden/nftables/templates/proxmox-nftables.j2 @@ -0,0 +1,36 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; + policy drop; + + iif "lo" accept + ct state established,related accept + + # SSH + tcp dport {{ ssh_port }} accept + + # ICMP + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # Proxmox Web/API (LAN only) + ip saddr 192.168.0.0/24 tcp dport 8006 accept + + # NTP + ip saddr 192.168.0.0/24 udp dport {{ ntp_port }} accept + } + + chain forward { + type filter hook forward priority 0; + policy drop; + } + + chain output { + type filter hook output priority 0; + policy accept; + } +} diff --git a/ansible/roles/harden/nftables/templates/vm-nftables.conf.j2 b/ansible/roles/harden/nftables/templates/vm-nftables.conf.j2 new file mode 100644 index 0000000..b925be3 --- /dev/null +++ b/ansible/roles/harden/nftables/templates/vm-nftables.conf.j2 @@ -0,0 +1,32 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; + policy drop; + + iif "lo" accept + ct state established,related accept + + # SSH + tcp dport {{ ssh_port }} accept + + # udp dport {{ ntp_port }} accept + + # ICMP + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + } + + chain forward { + type filter hook forward priority 0; + policy drop; + } + + chain output { + type filter hook output priority 0; + policy accept; + } +} diff --git a/ansible/roles/harden/sshd_config/tasks/main.yml b/ansible/roles/harden/sshd_config/tasks/main.yml new file mode 100644 index 0000000..35d89bc --- /dev/null +++ b/ansible/roles/harden/sshd_config/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: ensure sshd_config.d directory exists + become: true + file: + path: "/etc/ssh/sshd_config.d" + state: directory + owner: root + group: root + mode: "0755" + +- name: deploy sshd config file + become: true + template: + src: "00-sshd_config-hardening.conf.j2" + dest: "/etc/ssh/sshd_config.d/00-sshd_config-hardening.conf" + owner: root + group: root + mode: "0644" + validate: "sshd -t -f %s" + +- name: restart SSH service + become: true + service: + name: ssh + state: restarted diff --git a/ansible/roles/harden/sshd_config/templates/00-sshd_config-hardening.conf.j2 b/ansible/roles/harden/sshd_config/templates/00-sshd_config-hardening.conf.j2 new file mode 100644 index 0000000..8b7717a --- /dev/null +++ b/ansible/roles/harden/sshd_config/templates/00-sshd_config-hardening.conf.j2 @@ -0,0 +1,107 @@ +# --- MAIN --- + +# Change default port 22 → {{ ssh_port }} (reduces noise from scanners) +Port {{ ssh_port }} + +# Optionally limit interfaces (default is all) +# ListenAddress 0.0.0.0 # IPv4 +# ListenAddress :: # IPv6 + +# Allow only SSH protocol version 2 (v1 is insecure) +Protocol 2 + + +# --- AUTHENTICATION --- + +# Disable root login (only via sudo) +PermitRootLogin prohibit-password + +# Disable password login (keys only) +PasswordAuthentication no + +# Disable interactive keyboard auth (OTP, TOTP, etc.) +KbdInteractiveAuthentication no + +# Disable challenge-response auth (legacy) +ChallengeResponseAuthentication no + +# Enable public key authentication (main method) +PubkeyAuthentication yes + + +# --- ACCESS --- + +# Allow only specific user +# AllowUsers adminuser +# Or alternatively allow a group: +# AllowGroups sshusers + + +# --- FUNCTION RESTRICTIONS --- + +# Disallow empty passwords +PermitEmptyPasswords no + +# Disallow user environment modification (~/.ssh/environment) +PermitUserEnvironment no + +# Disable X11 forwarding (no GUI sessions) +X11Forwarding no + +# Disable TCP forwarding (no tunnels) +AllowTcpForwarding yes + +# Disable gateway ports (no external binding) +GatewayPorts no + +# Disable VPN tunnels via SSH +PermitTunnel no + +# Disable SSH agent forwarding +AllowAgentForwarding yes + + +# --- ANTI-BRUTEFORCE & STABILITY --- + +# Login timeout (20 seconds) +LoginGraceTime 20 + +# Max 3 auth attempts per connection +MaxAuthTries 3 + +# Limit simultaneous connections +# Allow 10 new, start dropping at 30, max 60 queued +MaxStartups 10:30:60 + + +# --- SESSION ACTIVITY --- + +# Ping client every 300s (5 minutes) +ClientAliveInterval 300 + +# Disconnect if no response twice +ClientAliveCountMax 2 + +# Disable TCP keepalive +TCPKeepAlive no + +# Skip DNS checks for faster login +UseDNS no + + +# --- SFTP --- + +# Use internal SFTP subsystem +Subsystem sftp internal-sftp + + +# --- CRYPTOGRAPHY (optional) --- + +# Modern key exchange algorithms (if supported) +# KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256 + +# Modern ciphers +# Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + +# Modern MAC algorithms +# MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com diff --git a/ansible/roles/harden/unattended_upgrades/handlers/main.yml b/ansible/roles/harden/unattended_upgrades/handlers/main.yml new file mode 100644 index 0000000..385b736 --- /dev/null +++ b/ansible/roles/harden/unattended_upgrades/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: restart unattended-upgrades + ansible.builtin.service: + name: unattended-upgrades + state: restarted + enabled: true + +- name: restart apt timers + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - apt-daily.timer + - apt-daily-upgrade.timer diff --git a/ansible/roles/harden/unattended_upgrades/readme.md b/ansible/roles/harden/unattended_upgrades/readme.md new file mode 100644 index 0000000..32e92ff --- /dev/null +++ b/ansible/roles/harden/unattended_upgrades/readme.md @@ -0,0 +1,17 @@ +```bash +## Проверить, что таймеры включены и “тикают” +systemctl status apt-daily.timer apt-daily-upgrade.timer +systemctl list-timers --all | egrep 'apt-daily|apt-daily-upgrade' + +## Проверить, что unattended-upgrades реально запускался +systemctl status unattended-upgrades.service +journalctl -u unattended-upgrades --no-pager -n 200 + +## Проверить логи и фактические действия +ls -l /var/log/unattended-upgrades/ +tail -n 200 /var/log/unattended-upgrades/unattended-upgrades.log +tail -n 200 /var/log/unattended-upgrades/unattended-upgrades-dpkg.log + +## Быстрый “самотест” (прогон в dry-run) +unattended-upgrade --dry-run --debug +``` \ No newline at end of file diff --git a/ansible/roles/harden/unattended_upgrades/tasks/main.yml b/ansible/roles/harden/unattended_upgrades/tasks/main.yml new file mode 100644 index 0000000..985cc5f --- /dev/null +++ b/ansible/roles/harden/unattended_upgrades/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: ensure required packages are present + ansible.builtin.apt: + name: + - unattended-upgrades + - apt-listchanges + - gpg + state: present + update_cache: true + +- name: ensure debian-security repo is present + ansible.builtin.apt_repository: + repo: >- + deb http://deb.debian.org/debian-security + {{ ansible_facts.lsb.codename | default(ansible_facts.distribution_release) }}-security + main contrib non-free non-free-firmware + state: present + filename: debian-security + update_cache: true + notify: restart apt timers + +- name: deploy /etc/apt/apt.conf.d/50unattended-upgrades + ansible.builtin.template: + src: 50unattended-upgrades.j2 + dest: /etc/apt/apt.conf.d/50unattended-upgrades + owner: root + group: root + mode: "0644" + notify: restart unattended-upgrades + +- name: deploy /etc/apt/apt.conf.d/20auto-upgrades + ansible.builtin.template: + src: 20auto-upgrades.j2 + dest: /etc/apt/apt.conf.d/20auto-upgrades + owner: root + group: root + mode: "0644" + notify: + - restart unattended-upgrades + - restart apt timers + +- name: enable & start apt timers + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: true + loop: + - apt-daily.timer + - apt-daily-upgrade.timer diff --git a/ansible/roles/harden/unattended_upgrades/templates/20auto-upgrades.j2 b/ansible/roles/harden/unattended_upgrades/templates/20auto-upgrades.j2 new file mode 100644 index 0000000..29a82d7 --- /dev/null +++ b/ansible/roles/harden/unattended_upgrades/templates/20auto-upgrades.j2 @@ -0,0 +1,4 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; +APT::Periodic::AutocleanInterval "7"; diff --git a/ansible/roles/harden/unattended_upgrades/templates/50unattended-upgrades.j2 b/ansible/roles/harden/unattended_upgrades/templates/50unattended-upgrades.j2 new file mode 100644 index 0000000..8f377cf --- /dev/null +++ b/ansible/roles/harden/unattended_upgrades/templates/50unattended-upgrades.j2 @@ -0,0 +1,10 @@ +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename}-security"; +}; + +Unattended-Upgrade::Automatic-Reboot "false"; +Unattended-Upgrade::Automatic-Reboot-Time "03:30"; +Unattended-Upgrade::Automatic-Reboot-WithUsers "false"; + +Unattended-Upgrade::Remove-Unused-Dependencies "true"; +Unattended-Upgrade::MinimalSteps "true"; diff --git a/ansible/roles/k8s/install/00_python/tasks/main.yml b/ansible/roles/k8s/install/00_python/tasks/main.yml new file mode 100644 index 0000000..c8927f3 --- /dev/null +++ b/ansible/roles/k8s/install/00_python/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure required Python libraries are installed + ansible.builtin.apt: + name: + - python3-pip + - python3-kubernetes + state: present + update_cache: yes diff --git a/ansible/roles/k8s/install/01_helm/install-helm.md b/ansible/roles/k8s/install/01_helm/install-helm.md new file mode 100644 index 0000000..320af2a --- /dev/null +++ b/ansible/roles/k8s/install/01_helm/install-helm.md @@ -0,0 +1,3 @@ +```bash +curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash +``` \ No newline at end of file diff --git a/ansible/roles/k8s/install/01_helm/tasks/main.yml b/ansible/roles/k8s/install/01_helm/tasks/main.yml new file mode 100644 index 0000000..8d62c91 --- /dev/null +++ b/ansible/roles/k8s/install/01_helm/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Download Helm install script + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + dest: /tmp/get-helm-3.sh + mode: '0755' + +- name: Install Helm + ansible.builtin.command: /tmp/get-helm-3.sh + args: + creates: /usr/local/bin/helm + +- name: Verify Helm installation + ansible.builtin.command: helm version + register: helm_version_output + changed_when: false + +- name: Show Helm version + ansible.builtin.debug: + var: helm_version_output.stdout diff --git a/ansible/roles/k8s/install/02_common/tasks/main.yml b/ansible/roles/k8s/install/02_common/tasks/main.yml new file mode 100644 index 0000000..33124db --- /dev/null +++ b/ansible/roles/k8s/install/02_common/tasks/main.yml @@ -0,0 +1,172 @@ +# roles/k8s/k8scommon/tasks/main.yml +--- +# === 1. Обновление пакетов и базовые утилиты === +- name: Install base packages + ansible.builtin.apt: + update_cache: yes + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + state: present + +# === 2. Отключить swap === +- name: Disable swap immediately + ansible.builtin.command: swapoff -a + changed_when: false + +- name: Backup fstab + ansible.builtin.copy: + src: /etc/fstab + dest: /etc/fstab.bak + remote_src: yes + force: no + +- name: Comment out swap entries in fstab + ansible.builtin.replace: + path: /etc/fstab + regexp: '^\s*([^#].*\s+swap\s+.*)$' + replace: '# \1' + +# === 3. Модули ядра === +- name: Write kernel modules config for Kubernetes + ansible.builtin.copy: + dest: /etc/modules-load.d/k8s.conf + content: | + overlay + br_netfilter + +- name: Load overlay module + ansible.builtin.command: modprobe overlay + changed_when: false + +- name: Load br_netfilter module + ansible.builtin.command: modprobe br_netfilter + changed_when: false + +# === 4. sysctl для Kubernetes / containerd === +- name: Configure Kubernetes sysctl params + ansible.builtin.copy: + dest: /etc/sysctl.d/99-kubernetes-cri.conf + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + +- name: Apply sysctl settings + ansible.builtin.command: sysctl --system + changed_when: false + +# === 5. Установить containerd === +- name: Install containerd + ansible.builtin.apt: + update_cache: yes + name: containerd + state: present + +- name: Ensure containerd config directory exists + ansible.builtin.file: + path: /etc/containerd + state: directory + mode: '0755' + +# ВАЖНО: всегда пересоздаём config.toml, как в manual script +- name: Generate default containerd config (overwrite) + ansible.builtin.shell: | + set -o errexit + containerd config default > /etc/containerd/config.toml + args: + executable: /bin/bash + +- name: Enable SystemdCgroup in containerd config + ansible.builtin.replace: + path: /etc/containerd/config.toml + regexp: 'SystemdCgroup = false' + replace: 'SystemdCgroup = true' + +- name: Set correct CNI bin_dir in containerd config + ansible.builtin.replace: + path: /etc/containerd/config.toml + regexp: 'bin_dir = .*' + replace: 'bin_dir = "/opt/cni/bin"' + +- name: Set correct CNI conf_dir in containerd config + ansible.builtin.replace: + path: /etc/containerd/config.toml + regexp: 'conf_dir = .*' + replace: 'conf_dir = "/etc/cni/net.d"' + +- name: Enable and restart containerd + ansible.builtin.systemd: + name: containerd + enabled: true + state: restarted + +# === 6. Подготовить директории для CNI === +- name: Ensure CNI directories exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: '0755' + loop: + - /opt/cni/bin + - /etc/cni/net.d + +# /usr/lib/cni → /opt/cni/bin, только если /usr/lib/cni не существует +- name: Check if /usr/lib/cni exists + ansible.builtin.stat: + path: /usr/lib/cni + register: cni_usr_lib + +- name: Create symlink /usr/lib/cni -> /opt/cni/bin (if not exists) + ansible.builtin.file: + src: /opt/cni/bin + dest: /usr/lib/cni + state: link + when: not cni_usr_lib.stat.exists + +# === 7. Репозиторий Kubernetes v1.34 === +- name: Ensure apt keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Download Kubernetes repo key + ansible.builtin.shell: | + set -o errexit + curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.34/deb/Release.key \ + | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg + args: + executable: /bin/bash + creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + +- name: Add Kubernetes apt repository + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/kubernetes.list + content: | + deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ / + +- name: Update apt cache after adding Kubernetes repo + ansible.builtin.apt: + update_cache: yes + +# === 8. Установить kubelet, kubeadm, kubectl и зафиксировать версии === +- name: Install kubelet, kubeadm, kubectl + ansible.builtin.apt: + name: + - kubelet + - kubeadm + - kubectl + state: present + update_cache: yes + +- name: Hold Kubernetes packages + ansible.builtin.command: apt-mark hold kubelet kubeadm kubectl + register: hold_result + changed_when: >- + 'hold' in hold_result.stdout + or 'marked' in hold_result.stdout + or hold_result.rc == 0 diff --git a/ansible/roles/k8s/install/03_master/tasks/main.yml b/ansible/roles/k8s/install/03_master/tasks/main.yml new file mode 100644 index 0000000..62cbe9b --- /dev/null +++ b/ansible/roles/k8s/install/03_master/tasks/main.yml @@ -0,0 +1,136 @@ +# roles/k8s/k8smaster/tasks/main.yml +--- +# === 9. kubeadm init (аналог шага 14) === +- name: Initialize Kubernetes control plane (kubeadm init) + ansible.builtin.command: > + kubeadm init + --apiserver-advertise-address={{ ansible_default_ipv4.address }} + --pod-network-cidr=10.244.0.0/16 + args: + creates: /etc/kubernetes/admin.conf + +# === 10. kubeconfig для root и пользователя === +- name: Ensure kubeconfig directory for root exists + ansible.builtin.file: + path: /root/.kube + state: directory + mode: "0700" + +- name: Copy admin kubeconfig for root + ansible.builtin.copy: + src: /etc/kubernetes/admin.conf + dest: /root/.kube/config + owner: root + group: root + mode: "0600" + remote_src: yes + +- name: Ensure kubeconfig directory for user exists + ansible.builtin.file: + path: "/home/adminuser/.kube" + state: directory + owner: "adminuser" + group: "adminuser" + mode: "0700" + +- name: Copy admin kubeconfig to user home + ansible.builtin.copy: + src: /etc/kubernetes/admin.conf + dest: "/home/adminuser/.kube/config" + owner: "adminuser" + group: "adminuser" + mode: "0600" + remote_src: yes + +# === 11. Ждём API-сервер === +- name: Wait for Kubernetes API to become reachable + ansible.builtin.command: kubectl get --raw=/healthz + register: api_health + until: api_health.rc == 0 + retries: 30 + delay: 10 + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +# === 12. Ставим Flannel CNI (НЕ ждём Ready ноды до него) === +- name: Install Flannel CNI + ansible.builtin.command: > + kubectl apply --validate=false + -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml + register: flannel_result + until: flannel_result.rc == 0 + retries: 10 + delay: 6 + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +- name: Wait for flannel DaemonSet to be Ready + ansible.builtin.command: > + kubectl -n kube-flannel rollout status daemonset/kube-flannel-ds --timeout=300s + register: flannel_rollout + until: flannel_rollout.rc == 0 + retries: 5 + delay: 15 + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +# === 13. Теперь ждём, пока нода станет Ready === +- name: Wait for control-plane node to become Ready + ansible.builtin.shell: | + kubectl get node "$(hostname -s)" \ + -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' + register: node_ready + until: node_ready.stdout == "True" + retries: 30 + delay: 10 + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +# === 14. Ждём CoreDNS === +- name: Wait for CoreDNS deployment to be Ready + ansible.builtin.command: > + kubectl -n kube-system rollout status deployment/coredns --timeout=300s + register: coredns_rollout + until: coredns_rollout.rc == 0 + retries: 5 + delay: 15 + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +# === 14. Разрешаем поды на master (как шаг 18), если нужно === +- name: Allow scheduling pods on control-plane node + ansible.builtin.command: > + kubectl taint nodes --all node-role.kubernetes.io/control-plane- + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + when: false + +# === 15. Проверка статуса кластера === +- name: Get nodes + ansible.builtin.command: kubectl get nodes + register: nodes_out + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +- name: Show nodes + ansible.builtin.debug: + var: nodes_out.stdout + +- name: Get all pods in all namespaces + ansible.builtin.command: kubectl get pods -A + register: pods_out + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +- name: Show pods + ansible.builtin.debug: + var: pods_out.stdout + +# === 16. Вывести join-команду (как шаг 20) === +- name: Get kubeadm join command + ansible.builtin.command: kubeadm token create --print-join-command + register: join_cmd + +- name: Show join command + ansible.builtin.debug: + msg: "Use this command on workers: {{ join_cmd.stdout }}" diff --git a/ansible/roles/k8s/install/04_worker/tasks/main.yml b/ansible/roles/k8s/install/04_worker/tasks/main.yml new file mode 100644 index 0000000..e4bf33c --- /dev/null +++ b/ansible/roles/k8s/install/04_worker/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# === 2. Join в кластер (аналог kubeadm join в ручном скрипте) === +- name: Join node to Kubernetes cluster + ansible.builtin.command: "{{ k8s_kubeadm_join_command }}" + args: + creates: /etc/kubernetes/kubelet.conf + +# === 3. Убедиться, что kubelet включён и работает === +- name: Ensure kubelet is enabled and running + ansible.builtin.systemd: + name: kubelet + enabled: true + state: started \ No newline at end of file diff --git a/ansible/roles/k8s/readme/install-k8scommon.md b/ansible/roles/k8s/readme/install-k8scommon.md new file mode 100644 index 0000000..8d7b9a5 --- /dev/null +++ b/ansible/roles/k8s/readme/install-k8scommon.md @@ -0,0 +1,109 @@ +```bash +# === Стать root (если ещё не) === +sudo -i +``` + +```bash +# === 1. Обновление пакетов и базовые утилиты === +apt-get update -y +apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release +``` + +```bash +# === 2. Отключить swap немедленно === +swapoff -a +``` + +```bash +# === 3. Убрать swap из /etc/fstab (чтобы не включался после перезагрузки) === +cp /etc/fstab /etc/fstab.bak +sed -i '/ swap / s/^/#/' /etc/fstab +``` + +```bash +# === 4. Включить модули ядра overlay и br_netfilter === +cat </etc/modules-load.d/k8s.conf +overlay +br_netfilter +EOF + +modprobe overlay +modprobe br_netfilter +``` + +```bash +# === 5. Настроить sysctl для Kubernetes и containerd === +cat </etc/sysctl.d/99-kubernetes-cri.conf +net.bridge.bridge-nf-call-iptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +net.ipv4.ip_forward = 1 +EOF + +sysctl --system +``` + +```bash +# === 6. Установить containerd === +apt-get install -y containerd +``` + +```bash +# === 7. Сгенерировать конфиг containerd и включить SystemdCgroup === +mkdir -p /etc/containerd +containerd config default >/etc/containerd/config.toml + +# Включаем SystemdCgroup +sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml + +# (Опционально) Убедиться, что пути CNI прописаны как /opt/cni/bin и /etc/cni/net.d +sed -i 's@bin_dir = .*@bin_dir = "/opt/cni/bin"@' /etc/containerd/config.toml +sed -i 's@conf_dir = .*@conf_dir = "/etc/cni/net.d"@' /etc/containerd/config.toml + +systemctl restart containerd +systemctl enable containerd +``` + +```bash +# === 8. Подготовить директории для CNI-плагинов === +mkdir -p /opt/cni/bin +mkdir -p /etc/cni/net.d +``` + +```bash +# === 9. Фикс пути для flannel: /usr/lib/cni → /opt/cni/bin === +# ВАЖНО: если каталог /usr/lib/cni уже существует — ЭТУ команду пропусти +ln -s /opt/cni/bin /usr/lib/cni +``` + + + + + +```bash +# === 10. Добавить официальный репозиторий Kubernetes (pkgs.k8s.io, ветка v1.34) === +mkdir -p /etc/apt/keyrings + +curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.34/deb/Release.key \ + | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg + +cat </etc/apt/sources.list.d/kubernetes.list +deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ / +EOF + +apt-get update -y +``` + +```bash +# === 11. Установить kubelet, kubeadm, kubectl и зафиксировать версии === +apt-get install -y kubelet kubeadm kubectl +apt-mark hold kubelet kubeadm kubectl +``` \ No newline at end of file diff --git a/ansible/roles/k8s/readme/install-k8smaster.md b/ansible/roles/k8s/readme/install-k8smaster.md new file mode 100644 index 0000000..ef00597 --- /dev/null +++ b/ansible/roles/k8s/readme/install-k8smaster.md @@ -0,0 +1,53 @@ +```bash +# === 13. Посмотреть IP адреса мастера === +hostname -I + +# Запомни нужный IP (например, 192.168.0.26) и подставь его в следующую команду. +# POD CIDR под Flannel — 10.244.0.0/16 +``` + +```bash +# === 14. Инициализация control-plane (kubeadm init) === +kubeadm init \ + --apiserver-advertise-address=192.168.0.154 \ + --pod-network-cidr=10.244.0.0/16 +``` + +```bash +# === 15. Настроить kubeconfig для root (чтобы kubectl работал без доп. флагов) === +mkdir -p /root/.kube +cp /etc/kubernetes/admin.conf /root/.kube/config +chown root:root /root/.kube/config +``` + +```bash +# === 16. (Опционально) Скопировать kubeconfig обычному пользователю adminuser === +# ЗАМЕНИ adminuser на своё имя пользователя +mkdir -p /home/adminuser/.kube +cp /etc/kubernetes/admin.conf /home/adminuser/.kube/config +chown adminuser:adminuser /home/adminuser/.kube/config +``` + +```bash +# === 17. Установить Flannel как CNI-плагин === +kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml +``` + +```bash +# === 18. (Опционально) Разрешить запуск pod'ов на master (single-node кластер) === +# Если хочешь использовать мастер и как worker: +kubectl taint nodes --all node-role.kubernetes.io/control-plane- +``` + +```bash +# === 19. Проверить статус кластера === +kubectl get nodes +kubectl get pods -A +``` + +```bash +# === 20. Получить команду для присоединения worker-узлов === +kubeadm token create --print-join-command + +# Скопируй полностью выведенную команду "kubeadm join ..." — она понадобится на worker. +``` \ No newline at end of file diff --git a/ansible/roles/k8s/readme/install-k8sworker.md b/ansible/roles/k8s/readme/install-k8sworker.md new file mode 100644 index 0000000..d7aa049 --- /dev/null +++ b/ansible/roles/k8s/readme/install-k8sworker.md @@ -0,0 +1,14 @@ +```bash +# === 21. Выполнить join-команду, полученную на мастере === +# Пример (ЭТО ТОЛЬКО ПРИМЕР, ИСПОЛЬЗУЙ СВОЮ КОМАНДУ ИЗ ШАГА 20): + +kubeadm join 192.168.0.154:6443 --token 9jz5xr.xvwirgtsp2v2brge \ + --discovery-token-ca-cert-hash sha256:e09d4918b52e647af493e8345504ecb9907e79637a52932e730df350d3f76ede +``` + +```bash +# === 22. Проверить с мастера, что worker добавился в кластер === +# Команды выполняются на master-узле: +kubectl get nodes +kubectl get pods -A +``` \ No newline at end of file diff --git a/ansible/roles/k8s/readme/install-keyclock.md b/ansible/roles/k8s/readme/install-keyclock.md new file mode 100644 index 0000000..972d72f --- /dev/null +++ b/ansible/roles/k8s/readme/install-keyclock.md @@ -0,0 +1,87 @@ +```bash +helm repo add codecentric https://codecentric.github.io/helm-charts +helm repo update +``` + +```bash +kubectl create namespace keycloak +``` + +```bash +vim values-keycloak.yaml + +# Какой именно Keycloak ставим +image: + repository: quay.io/keycloak/keycloak + # Подставь нужную версию, например ту, которую ты хочешь зафиксировать + # (пример — 26.0.7, но лучше глянуть актуальные теги на quay.io/keycloak/keycloak) + tag: "26.0.7" + pullPolicy: IfNotPresent + +replicas: 1 + +# HTTP-путь, по которому будет доступен Keycloak +http: + # "/" или "/auth" — на твой вкус, я делаю "/" для простоты + relativePath: "/" + +# Подключение к внешней БД PostgreSQL +database: + vendor: postgres + hostname: postgres-postgresql.postgres.svc.cluster.local + port: 5432 + database: keycloak + username: keycloak_user + password: "password" + +# Команда запуска Keycloak (рекомендуемый стиль с kc.sh) +command: + - "/opt/keycloak/bin/kc.sh" + - "start" + - "--http-enabled=true" + - "--http-port=8080" + - "--hostname-strict=false" + - "--hostname-strict-https=false" + - "--proxy=edge" + +# Ingress NGINX на keycloak.local +ingress: + enabled: true + ingressClassName: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + rules: + - host: "keycloak.local" + paths: + - path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/' + pathType: Prefix + tls: [] # позже можно включить TLS через cert-manager + +# Переменные окружения Keycloak +extraEnv: | + # Админ и пароль + - name: KEYCLOAK_ADMIN + value: admin + - name: KEYCLOAK_ADMIN_PASSWORD + value: password + + # Настройки прокси / hostname + - name: KC_PROXY + value: edge + - name: KC_HOSTNAME + value: "keycloak.local" + + # JGroups discovery через headless-сервис чарта + - name: JAVA_OPTS_APPEND + value: >- + -XX:+UseContainerSupport + -XX:MaxRAMPercentage=50.0 + -Djava.awt.headless=true + -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless + + + +helm install keycloak codecentric/keycloakx \ + --namespace keycloak \ + --values values-keycloak.yaml +``` diff --git a/ansible/roles/k8s/readme/install-netbird.md b/ansible/roles/k8s/readme/install-netbird.md new file mode 100644 index 0000000..9ad6529 --- /dev/null +++ b/ansible/roles/k8s/readme/install-netbird.md @@ -0,0 +1,288 @@ +```bash +helm repo add jaconi https://charts.jaconi.io +helm repo update +``` + +```bash +fullnameOverride: "netbird" + +config: + database: + DB_TYPE: postgres + HOST: postgres-postgresql.postgres.svc.cluster.local + PORT: 5432 + NAME: netbird + USER: netbird_user + PASSWD: password + +relay: + enabled: true + config: + NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080" + +signal: + enabled: true + +management: + enabled: true + config: + NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000" + NETBIRD_SIGNAL_PROTOCOL: "https" + NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local" + NETBIRD_RELAY_PORT: "33080" + NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478" + NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478" + +dashboard: + enabled: true + service: + type: ClusterIP + ingress: + enabled: false +``` + +```bash +openssl rand -hex 32 + +kubectl create secret generic netbird-relay-secret \ + -n netbird \ + --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d" + +``` + +```bash +helm install netbird jaconi/netbird \ + -n netbird \ + --create-namespace \ + -f netbird-values.yaml + +or + +helm upgrade netbird jaconi/netbird \ + -n netbird \ + -f netbird-values.yaml +``` + +```bash +kubectl -n netbird get pods +kubectl -n netbird get svc +kubectl -n netbird get ingress +``` + + +```bash +vim netbird-dashboard-deployment.yaml + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbird-dashboard + namespace: netbird + labels: + app: netbird-dashboard +spec: + replicas: 1 + selector: + matchLabels: + app: netbird-dashboard + template: + metadata: + labels: + app: netbird-dashboard + spec: + containers: + - name: dashboard + image: netbirdio/dashboard:0.45.1 + ports: + - containerPort: 80 + env: + - name: NB_MANAGEMENT_API_ENDPOINT + value: "http://netbird.local:30830" +``` + +```bash +vim netbird-dashboard-service.yaml + +apiVersion: v1 +kind: Service +metadata: + name: netbird-dashboard + namespace: netbird +spec: + selector: + app: netbird-dashboard + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP +``` + +```bash +vim netbird-dashboard-ingress.yaml + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: netbird-dashboard + namespace: netbird +spec: + ingressClassName: nginx + rules: + - host: netbird.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: netbird-dashboard + port: + number: 80 + + +``` + +```bash +kubectl apply -f netbird-dashboard-deployment.yaml +kubectl apply -f netbird-dashboard-service.yaml +kubectl apply -f netbird-dashboard-ingress.yaml +``` + +```bash +C:\Windows\System32\drivers\etc\hosts +``` + +# k8s + +```bash +vim netbird-application.yaml + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: netbird # как будет называться приложение в ArgoCD + namespace: argocd # namespace, где установлен ArgoCD +spec: + project: default + + source: + repoURL: https://charts.jaconi.io # тот самый helm repo + chart: netbird # имя чарта + targetRevision: "*" # можно зафиксировать версию, пока пусть будет любая + helm: + releaseName: netbird # как будто ты делал "helm install netbird ..." + values: |- + fullnameOverride: "netbird" + + config: + database: + DB_TYPE: postgres + HOST: postgres-postgresql.postgres.svc.cluster.local + PORT: 5432 + NAME: netbird + USER: netbird_user + PASSWD: password + + relay: + enabled: true + config: + NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080" + + signal: + enabled: true + + management: + enabled: true + config: + NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000" + NETBIRD_SIGNAL_PROTOCOL: "https" + NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local" + NETBIRD_RELAY_PORT: "33080" + NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478" + NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478" + + dashboard: + enabled: true + service: + type: ClusterIP + ingress: + enabled: true + className: nginx + hosts: + - host: netbird.local + paths: + - path: / + pathType: Prefix + + destination: + server: https://kubernetes.default.svc + namespace: netbird # сюда чарты будут ставиться + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + +kubectl apply -f netbird-application.yaml -n argocd +``` + +```bash +kubectl create namespace netbird || true + +kubectl create secret generic netbird-relay-secret \ + -n netbird \ + --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d" +``` + +```bash +helm repo add jaconi https://charts.jaconi.io +helm repo update + +vim netbird-dashboard-values.yaml + +image: + # Версия образа UI; есть тег v2.22.2 на Docker Hub + # см. netbirdio/dashboard:v2.22.2 :contentReference[oaicite:2]{index=2} + tag: v2.22.2 + +auth: + # OIDC-провайдер (например, Keycloak) + authority: https://keycloak.example.com/realms/homelab + audience: netbird + clientID: netbird + supportedScopes: > + openid profile email offline_access netbird-api + +netbird: + # HTTP API management-сервиса NetBird (тот же, к которому коннектятся клиенты) + managementApiEndpoint: https://netbird.example.com + # gRPC endpoint того же сервиса + managementGrpcApiEndpoint: https://netbird.example.com + +ingress: + enabled: true + className: nginx + annotations: + # Пример для cert-manager, можно убрать если не используешь + cert-manager.io/cluster-issuer: letsencrypt + hosts: + - host: netbird.example.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: netbird-tls-certificate + hosts: + - netbird.example.com + +# namespace можно выбрать любой, но обычно используют netbird +kubectl create namespace netbird --dry-run=client -o yaml | kubectl apply -f - + +helm install netbird-dashboard jaconi/netbird-dashboard \ + --namespace netbird \ + --values netbird-dashboard-values.yaml + +``` \ No newline at end of file diff --git a/ansible/roles/node/change_hostname/main.yml b/ansible/roles/node/change_hostname/main.yml new file mode 100644 index 0000000..9acdd1c --- /dev/null +++ b/ansible/roles/node/change_hostname/main.yml @@ -0,0 +1,20 @@ +--- +- name: Set hostname + ansible.builtin.hostname: + name: "{{ hostname }}" + +- name: Ensure /etc/hosts has proper hostname entry + ansible.builtin.lineinfile: + path: /etc/hosts + regexp: "^127\\.0\\.1\\.1" + line: "127.0.1.1 {{ hostname }}" + create: yes + backup: yes + +- name: Reboot system + ansible.builtin.reboot: + msg: "Rebooting after hostname change" + connect_timeout: 5 + reboot_timeout: 300 + pre_reboot_delay: 0 + post_reboot_delay: 10 diff --git a/ansible/roles/node/execute_command/tasks/main.yml b/ansible/roles/node/execute_command/tasks/main.yml new file mode 100644 index 0000000..ed05840 --- /dev/null +++ b/ansible/roles/node/execute_command/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: execute [ {{ command }} ] command + ansible.builtin.command: "{{ command }}" + args: + chdir: "{{ chdir | default(omit) }}" diff --git a/ansible/roles/node/push_dir/tasks/main.yml b/ansible/roles/node/push_dir/tasks/main.yml new file mode 100644 index 0000000..6c62d03 --- /dev/null +++ b/ansible/roles/node/push_dir/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: copy local directory to remote node (recursive) + ansible.builtin.copy: + src: "{{ resource_dir }}" + dest: "{{ target_dir }}" + mode: "0644" + directory_mode: "0755" diff --git a/ansible/roles/node/remove_file/tasks/main.yml b/ansible/roles/node/remove_file/tasks/main.yml new file mode 100644 index 0000000..93d5a8d --- /dev/null +++ b/ansible/roles/node/remove_file/tasks/main.yml @@ -0,0 +1,5 @@ +- name: remove file + become: true + ansible.builtin.file: + path: "{{ file_path }}" + state: absent diff --git a/ansible/roles/node/remove_user/defaults/main.yml b/ansible/roles/node/remove_user/defaults/main.yml new file mode 100644 index 0000000..354f345 --- /dev/null +++ b/ansible/roles/node/remove_user/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Удалять ли домашнюю директорию и почту (/var/mail/) +remove_user_home: true + +# Форсировать удаление даже если есть процессы (полезно для билд-юнитов/packer) +remove_user_force: true diff --git a/ansible/roles/node/remove_user/tasks/main.yml b/ansible/roles/node/remove_user/tasks/main.yml new file mode 100644 index 0000000..8d90e8f --- /dev/null +++ b/ansible/roles/node/remove_user/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: remove sudoers drop-in for {{ remove_user }} user (if exists) + ansible.builtin.file: + path: "/etc/sudoers.d/{{ remove_user }}" + state: absent + mode: "0440" + +- name: remove {{ remove_user }} user + ansible.builtin.user: + name: "{{ remove_user }}" + state: absent + remove: "{{ remove_user_home }}" + force: "{{ remove_user_force }}" diff --git a/ansible/roles/ntp/chrony/handlers/main.yml b/ansible/roles/ntp/chrony/handlers/main.yml new file mode 100644 index 0000000..3a5f6fe --- /dev/null +++ b/ansible/roles/ntp/chrony/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart chrony + ansible.builtin.service: + name: chrony + state: restarted diff --git a/ansible/roles/ntp/chrony/tasks/main.yml b/ansible/roles/ntp/chrony/tasks/main.yml new file mode 100644 index 0000000..17b65eb --- /dev/null +++ b/ansible/roles/ntp/chrony/tasks/main.yml @@ -0,0 +1,74 @@ +--- +- name: install chrony + ansible.builtin.apt: + name: + - chrony + state: present + update_cache: true + +# чтобы не было “двух клиентов времени” (минимально и без сложных проверок) +- name: stop and disable systemd-timesyncd (if exists) + ansible.builtin.service: + name: systemd-timesyncd + state: stopped + enabled: false + ignore_errors: true + +- name: ensure /etc/chrony/sources.d exists + ansible.builtin.file: + path: /etc/chrony/sources.d + state: directory + owner: root + group: root + mode: "0755" + +- name: ensure /etc/chrony/conf.d exists + ansible.builtin.file: + path: /etc/chrony/conf.d + state: directory + owner: root + group: root + mode: "0755" + +- name: deploy /etc/chrony/chrony.conf + ansible.builtin.template: + src: chrony.conf.j2 + dest: /etc/chrony/chrony.conf + owner: root + group: root + mode: "0644" + notify: restart chrony + +- name: configure upstream sources + ansible.builtin.template: + src: 00-upstream.sources.j2 + dest: /etc/chrony/sources.d/00-upstream.sources + owner: root + group: root + mode: "0644" + notify: restart chrony + +# server-mode: allow clients (опционально) +- name: configure allowed client networks (optional) + ansible.builtin.template: + src: 00-allow.conf.j2 + dest: /etc/chrony/conf.d/00-allow.conf + owner: root + group: root + mode: "0644" + when: chrony_allow_networks | length > 0 + notify: restart chrony + +# если раньше был allow, а теперь роль как client — подчистим файл +- name: remove allow config when not needed + ansible.builtin.file: + path: /etc/chrony/conf.d/00-allow.conf + state: absent + when: chrony_allow_networks | length == 0 + notify: restart chrony + +- name: ensure chrony is enabled and started + ansible.builtin.service: + name: chrony + enabled: true + state: started diff --git a/ansible/roles/ntp/chrony/templates/00-allow.conf.j2 b/ansible/roles/ntp/chrony/templates/00-allow.conf.j2 new file mode 100644 index 0000000..818adf9 --- /dev/null +++ b/ansible/roles/ntp/chrony/templates/00-allow.conf.j2 @@ -0,0 +1,5 @@ +# Managed by Ansible: allow NTP clients (server) +deny all +{% for net in chrony_allow_networks %} +allow {{ net }} +{% endfor %} diff --git a/ansible/roles/ntp/chrony/templates/00-upstream.sources.j2 b/ansible/roles/ntp/chrony/templates/00-upstream.sources.j2 new file mode 100644 index 0000000..5c5446f --- /dev/null +++ b/ansible/roles/ntp/chrony/templates/00-upstream.sources.j2 @@ -0,0 +1,4 @@ +# Managed by Ansible: upstream NTP sources +{% for s in chrony_upstream_sources %} +server {{ s }} iburst +{% endfor %} diff --git a/ansible/roles/ntp/chrony/templates/chrony.conf.j2 b/ansible/roles/ntp/chrony/templates/chrony.conf.j2 new file mode 100644 index 0000000..0e2341b --- /dev/null +++ b/ansible/roles/ntp/chrony/templates/chrony.conf.j2 @@ -0,0 +1,47 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Use Debian vendor zone. +# pool 2.debian.pool.ntp.org iburst + +# Use time sources from DHCP. +# sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specifies the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specifies the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can't be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapseclist /usr/share/zoneinfo/leap-seconds.list + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d \ No newline at end of file diff --git a/ansible/roles/ntp/readme.md b/ansible/roles/ntp/readme.md new file mode 100644 index 0000000..b4739a7 --- /dev/null +++ b/ansible/roles/ntp/readme.md @@ -0,0 +1,20 @@ +```bash +vim /etc/chrony/chrony.conf + +# закоментить +pool 2.debian.pool.ntp.org iburst +sourcedir /run/chrony-dhcp + +# задать внешние апстримы отдельным файлом +cat >/etc/chrony/sources.d/00-upstream.sources <<'EOF' +server ntp.time.in.ua iburst +server ntp2.time.in.ua iburst +server time.google.com iburst +server time.cloudflare.com iburst +EOF + +# применить и проверить +systemctl restart chrony +chronyc sources -v +chronyc tracking +``` \ No newline at end of file diff --git a/ansible/roles/packer/install/tasks/main.yml b/ansible/roles/packer/install/tasks/main.yml new file mode 100644 index 0000000..0f4964d --- /dev/null +++ b/ansible/roles/packer/install/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: install base deps for HashiCorp repo + ansible.builtin.apt: + update_cache: true + name: + - ca-certificates # чтобы качать по HTTPS + - curl # чтобы скачать packer/плагины + - gnupg + - lsb-release + - unzip # packer часто в zip + state: present + +- name: ensure keyrings dir exists + ansible.builtin.file: + path: /usr/share/keyrings + state: directory + mode: "0755" + +- name: add HashiCorp GPG key (dearmored) + ansible.builtin.shell: | + set -euo pipefail + curl -fsSL https://apt.releases.hashicorp.com/gpg \ + | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + args: + executable: /bin/bash + creates: /usr/share/keyrings/hashicorp-archive-keyring.gpg + +- name: add HashiCorp APT repository + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/hashicorp.list + mode: "0644" + content: | + deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main + +- name: install packer + ansible.builtin.apt: + update_cache: true + name: packer + state: present + +- name: check packer version + ansible.builtin.command: packer version + register: packer_version + changed_when: false + +- name: print packer version + ansible.builtin.debug: + var: packer_version.stdout diff --git a/ansible/roles/packer/run/tasks/main.yml b/ansible/roles/packer/run/tasks/main.yml new file mode 100644 index 0000000..79ff512 --- /dev/null +++ b/ansible/roles/packer/run/tasks/main.yml @@ -0,0 +1,33 @@ +--- +- name: ensure packer exists + ansible.builtin.command: packer version + changed_when: false + +- name: packer init + ansible.builtin.command: packer init . + args: + chdir: "{{ packer_config_dir }}" + changed_when: false + +- name: packer fmt + ansible.builtin.command: packer fmt -recursive . + args: + chdir: "{{ packer_config_dir }}" + changed_when: false + +- name: packer validate + ansible.builtin.command: packer validate . + args: + chdir: "{{ packer_config_dir }}" + changed_when: false + +- name: packer build + ansible.builtin.shell: | + set -euo pipefail + stdbuf -oL -eL packer build -on-error=cleanup -timestamp-ui . + args: + chdir: "{{ packer_config_dir }}" + executable: /bin/bash + environment: + PACKER_LOG: "1" + PACKER_LOG_PATH: "" diff --git a/ansible/roles/proxmox/enable_snippets/tasks/main.yml b/ansible/roles/proxmox/enable_snippets/tasks/main.yml new file mode 100644 index 0000000..8fff466 --- /dev/null +++ b/ansible/roles/proxmox/enable_snippets/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: enable snippets on storage "local" + ansible.builtin.command: > + pvesm set local --content backup,iso,vztmpl,snippets diff --git a/ansible/roles/proxmox/install_nvidia_driver/readme.md b/ansible/roles/proxmox/install_nvidia_driver/readme.md new file mode 100644 index 0000000..3f0fe72 --- /dev/null +++ b/ansible/roles/proxmox/install_nvidia_driver/readme.md @@ -0,0 +1,41 @@ +## 1.0 Быстрая проверка, что GPU видна хосту +lspci -nn | grep -i nvidia + +## 1.1 GRUB +nano /etc/default/grub +GRUB_CMDLINE_LINUX_DEFAULT="quiet iommu=pt" +update-grub +reboot + +## 1.2 VFIO модули +nano /etc/modules-load.d/vfio.conf +vfio +vfio_iommu_type1 +vfio_pci +vfio_virqfd + +## 1.3 Привязать GPU к vfio-pci по ID +nano /etc/modprobe.d/vfio.conf +options vfio-pci ids=10de:2d58,10de:22eb disable_vga=1 + +## 1.4 Заблэклистить nouveau (и не ставить nvidia на хост, если passthrough нужен “чисто”) +nano /etc/modprobe.d/blacklist-nouveau.conf +blacklist nouveau +options nouveau modeset=0 + +## 1.5 Пересобрать initramfs и перезагрузиться +update-initramfs -u -k all +reboot + +## 1.6 Проверка: GPU реально ушла в VFIO +dmesg | grep -E "AMD-Vi|IOMMU" | tail -n 50 +lspci -nnk -s 01:00.0 +lspci -nnk -s 01:00.1 + +## В Proxmox создай PCI mapping для RTX 5070 +Datacenter → Resource Mapping → PCI Devices → Add +Сделай маппинг: +rtx5070_gpu → 0000:01:00 + +dmesg | grep -E "IOMMU|AMD-Vi" + diff --git a/ansible/roles/proxmox/lxc/download_template/tasks/main.yml b/ansible/roles/proxmox/lxc/download_template/tasks/main.yml new file mode 100644 index 0000000..94dafa3 --- /dev/null +++ b/ansible/roles/proxmox/lxc/download_template/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: update LXC template index + ansible.builtin.command: pveam update + register: pveam_update + changed_when: false + +- name: download LXC template + ansible.builtin.command: "pveam download local {{ lxc_template_name }}" + args: + creates: "/var/lib/vz/template/cache/{{ lxc_template_name }}" diff --git a/ansible/roles/proxmox/lxc/shutdown/tasks/main.yml b/ansible/roles/proxmox/lxc/shutdown/tasks/main.yml new file mode 100644 index 0000000..b8edc4a --- /dev/null +++ b/ansible/roles/proxmox/lxc/shutdown/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: shutdown LXC container + ansible.builtin.command: pct shutdown {{ lxc_id }} + become: true + changed_when: true diff --git a/ansible/roles/proxmox/setup_no_subscription_repository/tasks/main.yml b/ansible/roles/proxmox/setup_no_subscription_repository/tasks/main.yml new file mode 100644 index 0000000..114f516 --- /dev/null +++ b/ansible/roles/proxmox/setup_no_subscription_repository/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: remove proxmox enterprise repo + ansible.builtin.file: + path: /etc/apt/sources.list.d/pve-enterprise.sources + state: absent + +- name: remove ceph enterprise repo + ansible.builtin.file: + path: /etc/apt/sources.list.d/ceph.sources + state: absent + +- name: remove duplicate no-subscription entries from /etc/apt/sources.list + ansible.builtin.replace: + path: /etc/apt/sources.list + regexp: "^deb .*pve-no-subscription.*$" + replace: "" + ignore_errors: true + +- name: ensure proxmox no-subscription repo file exists + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/pve-no-subscription.list + content: | + deb http://download.proxmox.com/debian/pve trixie pve-no-subscription + owner: root + group: root + mode: "0644" + +- name: update apt cache + ansible.builtin.apt: + update_cache: yes diff --git a/ansible/roles/proxmox/vm/download_iso/tasks/main.yml b/ansible/roles/proxmox/vm/download_iso/tasks/main.yml new file mode 100644 index 0000000..4061fc0 --- /dev/null +++ b/ansible/roles/proxmox/vm/download_iso/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Ensure ISO directory exists + ansible.builtin.file: + path: /var/lib/vz/template/iso + state: directory + owner: root + group: root + mode: "0755" + +- name: Download Debian netinst ISO + ansible.builtin.get_url: + url: "{{ vm_iso_url }}" + dest: "/var/lib/vz/template/iso/{{ vm_iso_name }}" + mode: "0644" + owner: root + group: root + force: false # не перекачивать, если файл уже есть + timeout: 60 diff --git a/argocd/applications/netbird-core/main.yml b/argocd/applications/netbird-core/main.yml new file mode 100644 index 0000000..81835dd --- /dev/null +++ b/argocd/applications/netbird-core/main.yml @@ -0,0 +1,67 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: netbird-core + namespace: argocd +spec: + project: default + + source: + repoURL: https://charts.jaconi.io # Helm repo + chart: netbird + targetRevision: "*" + helm: + releaseName: netbird-core + values: |- + # fullnameOverride = базовое имя ресурсов внутри кластера. + # Оставляем "netbird", чтобы сервисы были: + # netbird-management, netbird-signal, netbird-relay и т.п. + # Если потом захочешь, можно переосмыслить, но так проще стыковать. + fullnameOverride: "netbird" + + config: + database: + DB_TYPE: postgres + HOST: postgres-postgresql.postgres.svc.cluster.local + PORT: 5432 + NAME: netbird + USER: netbird_user + PASSWD: password + + relay: + enabled: true + config: + # Адрес, который будут видеть клиенты (обычно внешний / LB) + # Пока можно оставить сервис кластера, позже сменить на внешний. + NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080" + + signal: + enabled: true + + management: + enabled: true + config: + NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000" + NETBIRD_SIGNAL_PROTOCOL: "https" + NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local" + NETBIRD_RELAY_PORT: "33080" + NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478" + NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478" + + # ВАЖНО: dashboard в core-чарте выключен, + # чтобы UI поднимался только отдельным чартом netbird-dashboard + dashboard: + enabled: false + + destination: + server: https://kubernetes.default.svc + namespace: netbird + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true +# kubectl apply -f main.yaml -n argocd +# kubectl create secret generic netbird-relay-secret -n netbird --from-literal=netbird-relay-secret-key="86..." diff --git a/argocd/applications/netbird-dashboard/main.yaml b/argocd/applications/netbird-dashboard/main.yaml new file mode 100644 index 0000000..ff62a43 --- /dev/null +++ b/argocd/applications/netbird-dashboard/main.yaml @@ -0,0 +1,65 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: netbird-dashboard + namespace: argocd +spec: + project: default + + source: + repoURL: https://charts.jaconi.io + chart: netbird-dashboard + targetRevision: "*" + helm: + releaseName: netbird-dashboard + values: |- + image: + # Версия образа UI + tag: v2.22.2 + + auth: + authority: https://keycloak.example.com/realms/homelab + audience: netbird + clientID: netbird + supportedScopes: > + openid profile email offline_access netbird-api + + netbird: + # !!! ВАЖНО !!! + # Здесь указываем тот же домен, по которому приходит трафик снаружи. + # На первом этапе можем просто использовать netbird.local – он будет + # ходить к backend'у через ingress-nginx. + managementApiEndpoint: https://netbird.local + managementGrpcApiEndpoint: https://netbird.local + + ingress: + enabled: true + className: nginx + annotations: {} + hosts: + - host: netbird.local + paths: + - path: / + pathType: Prefix + + # Пока TLS можно не поднимать (нет cert-manager / real cert'ов): + tls: [] + # Если будешь использовать cert-manager: + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt + # tls: + # - secretName: netbird-tls-certificate + # hosts: + # - netbird.local + + destination: + server: https://kubernetes.default.svc + namespace: netbird + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true +# kubectl apply -f main.yaml -n argocd diff --git a/documentation/images/arch-diagram.jpg b/documentation/images/arch-diagram.jpg new file mode 100755 index 0000000000000000000000000000000000000000..b22b802f1778351bc743e432feb5c0ec2c863429 GIT binary patch literal 479442 zcmeFZ1yoyGw?CS;rvioI(4d8o;!uJWZ}B9!7J?LaDDKcxL5hb!a9S)l#T`ytTuX3* z6fa)f;icdAj@D z;^+BaBz(Vzqd$8G0ET$}1TK|(~|4Ezula}~N zd%3@G$MdNFq+PW&W%0BHo@TfH3vKon+Wdv@06ZvlY&lYf@6z6StE-T(mA1AmtN ziOCC7SJQuV_Y3}b-O368*u?+<#QFdL#a94;5b=*X{NZ2B?E$`u9zQQ<{Kp#L0I&o+ z06+mw0CNB@o`L`#0r&yJS2%zy;Kucz>F4nVKK*j*m!Ij*ty?#55!@jpB)CIBKuAPF zM0oe!T>=7PGU9tAq@-k|ghb>N0xrPpPPB?n6W#Yv`GJc*Q56E31Y_Kmx+L&s;oz zEi11WA`ldk(bRTzk404vVp+9x%&d@cA7riFUbW3FfM37K{Pa*x!942+P~IY&%`)fn z(hhsD(%Uciq3Q8cx_0x=dEsYw^XJ&NZr{Pz%98=EU%PSrmm4?naNfj2gJ;H9lHFt` z=YOhki^7z}<=5B`l#sGdgFkLlfn+qzT<53-1d%(eLa$`CGRwiAvGZ4x03v+5>tr{` z0MdZd+}{!S`}{Woe z(!m;_8f=T@E!AWl66Q7(vh1G520dlkzoQdStkT2jTK<`Pv?pJoCrqEF$j>v7A3JVS zx$Q`0HR-oKl(C)PV@JCQr<+iR3RO@01fDVsLQBNVJ%sAf5V@gAF)O8#2Gi~dxa8qB zT?~ru?Zjx5nPiXoI^Cppe0IWHa%ARIM6@e}N!r{}{}&s(A|2$?6MfeL%HfCF=4wBD z*`P`+XRWeA(JS2_G#FrxWmRr_v^xz{kWVyk8iJpSQyv{4qo4JBDmHmihiQ_4`e%$C z2s@rD+UwbcwVjU*?TcsMhAc?PEo*e~bT_r_K0Fc--bi*0Hq-jXi;DbSQgmT%6EW~< zoa1o^sdrAl8vOMlWsP^cd`!-gj_gO%dsUB<9aTlYc12H@??@=xqVSTB z`$gix_U#-VPL3n=ymx6NBC70RgW?Y{0o968H?ac|W_GJ?4jR=-wS3EO1_6#|@ZW;` zgJ(p|ft?S{jx@HI8P_ZkJaikX56-b_+vt79j&BTn@;-=I-70(ClgB+dR{$TvA35^h zAT(>#LDm_RH077UlEO!ukG`cGqQ{0i3EOW|3nW#)gu05ue8MI;1m|NEvfUJdQc!2` zfbf6@xm3MJB;^-3F9TxF4W2Ce%U%Igm<|G!H~odK0D64;E$wW^0Kme%#eWl^|CQ~| zHu;b$#SsqO_^7sgOu8|+aO9w08 z1O^f>wXn^R32~Mk!F@eZl7^^opKG|vvvhuRg|i@=8k#ik;gXq^l^4U+5CSR>r$4s$^S4NhFT=ev8LNGVW7 z16(_?Sj7xJLp&@|UXC~?P|i!EXgkNyxsA;hY1w#31dP`0(%-U3K(Ovt?C9InN4*xn zSwddPl}jtv-@ttiXmAa^`~b5ZmcpV!5RzXj)4QRk7M7#3iKTO=6fd2c+uR+`6?nZWS5~tw_jDG(b-B9frZ^R){b!xF*v=zT} zfArnwpc4Gf%-rUGmEPa^{~-c5j;){|&4|#@8Ubm*nDyF28sqsyqjMiVOx}1f47JLX zZDWJ7JZ|^2&|Pi~q{z*b3m(QsN@l}&qMc2Olm@fvg87IOy`wb9-Ie-ssu!LKeC0!h zJC_J6L|*Pe0ai{2@sH>X)_1sWlcVTz_uD{nG}PwI#j(} zHZm0THo1>zBc2iG9%ysn0_pTN`f8Y3?@LD)@$^W=@C^of{Pqe!I*>BT+OSSs|BgDV zNmK|u`Qr1}*RySetKWsAvAD#ZOTWm3Kq}j7@h~TW<%*}YVI?P4*53pamWx}Ea;&Sy zv$l}A4|)s%Ne`Q$ReMvRY3UioU!t1m_YdDM@TEY{wLbOKDgIKQVh|5)Ma}<%(wz5ZQY66 zr5#RlfD%3*DetSsqH169shKZAJu;FtfTu=A`btRw``5+Jo-LUT6(>W{b%FUU#<> zD}Z;HkxbxhdyPx<%_)$Ef5viih_uHyxF|fTKRdtYa_K}mzq4`@7olv?sAnbb*0vlT zGp#r;m~aKa%H~$K`@@yPL)P!}?w2jXJ5wF~bJHzSZRr?0%FqjpQAW9qVvBw5bqUNy z(R~I!XcoG+*APj-Efi~Ks&w;2`sKCbA^rP3lO37I_t3_i-5Gav)<^l^(6|e_kJAq| z6}ypA7uI#V*$vq7(?dxkd)@M3o-8`=Zb-j@e_2S^W$x(Ptl3qxW_)iJ`-?fD)D^De zi+jU>Yds9!|3mHnC;Kg09Dkcl>UYQTJNz?0Aehi;y%~oZjY}4Ql^jh(kXX31*+$S4 z5phS?c2kJc=&1fU>*11HCi`akN{xMPJktzJ`NCAV&-I~40e6HJi*0>Dhgr92Yny*O z>(>Q8H)JYnvL}mFmd)uEV5Q7fQ_zWH7!78f{ggb0$}yPCVRv(}_1D<_;a6EhVdDrw z{N@(_y$6iW&is*mVb0TedAyn$_v&URTefX;&d3C~xgzp;dYIBdWcx|yz;=#wsABmg zV^!Q8aD&&c<8{F1ig<#XJV-v};lV;wOZ>;fLL+C@7DK@TOnS8SuD8U)?We>0D{Z={ z1hL|=K8temv9GQMp+{8f(=~CkY=PBdbI{YppxHSfbMLsPt>fEg`QKZe6ki<1QdyVl z)hy>VNq6%mZe^O)fo$2U+0CA!4SjB@)GDq!50|!Dft)tjoFC3tFwH_#d(<&5RKP~~ zQRnQ2#M}YRiHqQtz_lvXiP;Sf z6gu8YmMtxj>C0W2dXS{2kwhDskYzmUQ!!f^(b+D8dE2B=%j>YB>lcP0Ng8)|Ie{Xs z044rm0%x1|S7QK*WzCfCRxh#p-5et2&#wSL; zO5<#U_=0@4IDTUADXD z3fwZjF0iq7pEzeNh<9SB=t9BgGJSA7?j0+AYqb&N?w13Ljh0pz?2YH#(%Vzab%j3VUC*Loa6ECR!+884_~3Y-k9TcWH{N&F zXYT}jLPxEuU3p4Y^Wn(6XL)uR0I*AW{%@=2-;Dnff!mB@Q)>_D3V@zEvT5S9>46ok z9ZL%rpMag^TCKIZ=T+ zQ+Yol7<=I6>3t^ziF;ZpdR{>tFw?+KM` zNqx~NQ*#EyJk&uL%lXZc`gPs>*@y+;eCUNL`FI>$LH@9!G43uh=V$ z%KlaeXIX#V4{p~6)>>$0`#cyy)SsBvdFZpBo%*5%rq--+g4_>51AlvA$g7e)C4TqA zhgcuhWdlil!(N^K7%MBM=3K18+L2~-5+cJtAmBOCPZ#3C%tm=(P2D zBaAC0{z39!s7opvQ|HqofW&=BV11s}aN^`@WdYW`0NW^w{*(+O0BE zNEEkg6-i)?*ig+D*?rkLh!~o|Xlteqk!DMczDmTZ-eJ5jIScSotS4Dfc;cDbmpQT~ zqIoXv5%@dK^9tC4S=nwc6c_*+-0uHmABnBTMM51GD!$el3Bc4i(_qMw;Urqc;GQtU zgc`9<&NOVhzxDitr6<@j(5nF|vLbYU!Xq)D-(sG8u{vgsu2T>h24xdp%)a~eo=4ui zm%1zAS`DY5XX-|IV|oumI}5aj8p~Q^TnFYf><|y_hY;{9e@%#GhKZ0Wb|R7-cB`U6 zJ+-!-9%{d|ZkjJ?6!7Rr!g^g(IKo2%ebT)4OK^y%03sYLoLz|OF~$2_|4#o7 z0@uDH3>EW~-F(7Gc(tZ)sC=9i8*Y~8t2klTxO{NC`NrJ^^hHM9W&RZ)(R=9%V7(Po z5VQ>F1AIRIBgZHjG;x-(mT~e@;K`%r-!mamCWnD5rfI1IlRViyN0R(DsM;EZQ(x#S+C%b`HfP5pJqnax~9-t6_ zI*|?*wk*tSpOM@;;JPG1s!{Qqtn;vw}PzG?8!ydSwH$j3{YLTg>=Lo0I@ znT>K^Yic8v)EH9ehx%`3p#?LWc#B}J`Pu{T%J<%TYV#%!UmHSLRSA=j=6HN)#` zV>qwax_i1`Si#xllVn)IvjUKS%M!Ud5<^3DUoZNmMgQUnyehvsKBm1rHR01pTXjr# zvZuY}*ZuQlxQEl4P; zh~gUB&4Z7txw~}tHc;p7$V58_Z*?~@cR5PlGMLWsmz*RpF`LKZD)wPJ0lK_+A1S=v z;?;NRAL={%5B1H!t8X5G-k%-s2K-ay>wciMoa^2e-8EW|J9*L{xZ_Py(mV5 zw1C`f$L?n@UTh~1bD(f2Ut(?plX#XSH;2_7noW)Cvd&| zUa4>u<1YrInJ`WCojwKYGBV$VM}j7lsb#IEwQ!JgG8vG`pl*ntKqKjN*<_dQYk@x; zT*XnZ`67Twye{z3mwrXxLt1)UJ4ag)xO+ZZS?uYeg@v@#?`z`co5Ebgl^?Hv5#)Sk z>hCk3;Xv9lALG5(CN<6+)W)1N6<*n~|36uG$e!!|Z}*-5EA-YsW!&rLd^pzSBzuoG zj90iAYo%Zj5LgzAo@dP7NC>W$$yBS3WLS&^erVh9V|xC>%%o23jLmXq>{aPT!uAP& z5dV|g(GpsluV~ISNq!$e;0gZm>i?eagFoaWD+nOs`_H`M=v?Xde^xMk>2qO$fI6SY z<{k1Cpr7?cnh1Q{^3nbpvm;nXj%p4x2eIa`wU{3JguZ1x)>TI3*O$*3x5&p$ON^0& zSkq;1yKV5ILYj;`w4AZt=;y5^Ax?pjh~4dG{H^%u72pYW!MJr7~;y>~Eb>Gotacwn))}oPacy`=?0GHTjDszSrQ!o)k z0V-5<$Re<@et-7&MFZ6~eXjr(^MUaoLB2PsB=YBto~A2`nRqB9 zL=UmxDtkTyCK~^fq(7L6tx`{Zs^55Z9+3;qM$ zr+;XF$R2l(-HX#4{Yi1$Ol7xPi-$21zMJt979DC2imP`Szqoa2ouel;8{}96(D~29 zZfWXs&gb%E&Pfw3R;#-6QTHfZW-OhxOMbh>98p7y+;hpAZgm;cR+1r~1LiCEk&&KT zwV2k-w8JjQUvpfPnrx)1VY3BHKH|2`!GU2C?oSNLI-vMA#(EN3@bdql zQnTdYejR~O$-NIb9Qa2?6;}ug-x}!0Hl>*67eds&(Gy1$Tbe4D$}R-TR^uk{x_YK| zV7rdI#^r5ykg!&@s0w}JreJX+Ok?!`chMY=kND;fLCB8GS*6Ed;8c>bGVai-NK7&0DJxDCB zasHJjB*9u)dhj&thdt82Rp-fnSE*Rk7w;b8dy7rc<@0Q#>>KNmb<*qBe^nty4u6eR z!8@g@sqI0Gf}X?c1L7DUE$JjVA|IylX*@JEqIV!KR5v)SXvXbi?Au62n<2oFD&bKH zmlx3`g;Ty6DCs#3CsDMmF4fG(gLq%eX-^BF6<*zqX=d$`I2YzgeTnl&;2%EShKf1K8rvA-A< zm%016^W;PXmx8YK!UYz$*|-WLV{HR_Zwz=yh6zD>P)=gp3oEM$QNd!Na?G( zzSZU={C_2e8+EYTebq$4UPHmr>J=DBy@sm{rt6^#yZB&N`e|gg z@7Gy*2^0GhCiY6stmhG6<7ZQ9n|E~r@0DCSF#d(+%vubgHYwL{XNoc2WsgBZ(}hirjOR0V3JQ>c?6=TXe|lKj(a? zT-!BLY@R)I_`{cIL>Q}-5k}4YS=;99LSw-%5j#nmHsC>q)}YZ(BKvhe{4WT-{tNw9 z8$e4FN zeDm!9%AJ7HMgPpN_H60AZ_b`8Uv|#|IN$$%Gy3~X#B;P&BC?T^L5>uVy&G^=7ybjIt}xx@Z0r?)%49|&x<7d+ zH@Miu16%;0tBTK|hE_Lk4(yp)XB>Rx+E}TotS{uhx*V|JxY|L18fvqtrZ(Bmu zP-bbjWx1|N)(c-Srw37##O#`QOb{CQ5si(Dri|C=#bKzTP0po0=p53EaxaeH3gWNl zx(BDqJm{==mzyZ)V9UE|a|AuU>!#uO@k68+=+zXb5QWp@X4{w=p~9fcItK@tZri-M z1f9IKfhfaXUho;}3Q+E8!r*NcOhbOr9W)`%7u6^rvj@zvCLOYkGuKg5iWwr;VNZQ% zB;0#~0P&U|bUJcrX&(fv@;J6yAk!_Ka>(IkQy0>P&t2D2PIUKcD9IKimh3Wwn2(4F zq}-A4ik--?+^P6$#N*|!Tt-7PWYpY|5e@U8{hBEzo^VSv&6nQM2bM#rsW?~liOTt| zhfvk_v|j7tlKJ86dhL8C?iv`mQA>pHAV2IF8ONTmc0!UwppnoTbOGXG;r4N)gXqIU zrLTuy0a{GoaoS2$$V|ph*+R9^RYT&5Q@*3}<*X8?nn;<>7!=yn@e06SVl|>7+mzi9 z&1qnQb_9l~s}*JmIs_OtWi&BY>uPrtuxS8ciym?%Iv$(H?M=v$B^r_VzAAE{?vwP^ za`$P7hhfev4WBjsvHHD5u;$ccb)*s&R@hsg;te27`YWiMmt9WyKt`H9%KPXot;?MJL|>V31DlKta-Id6v#x#~!m`kPqR@X>L-SX*idgg%JIou&H|jJE>% zEGc83wwiyjaKsQtouIy(=LEBNU50P&JH`6iYEX9^ADzuNFdV`@Y4{cANXX@IF!0lc zMjY`TeJTTbL{nXg>cz?!ay?%4AmrUY+>QxMR{PB~_4PzYxmZzp9kmXGpnYUGJ3}+3 z^jluztw)|C+fO+V<5?pTr;V@U@~VGa>~I$c_P_*OBlZdnX?nw~zj?$- z`kH(y64^o^4(nt~E zMDy|jbns@z5K3ynE11xC@4+F2zkj-Wt-U5Od&;C|O3k2sW*2>%P}8Ilsf@W_-nyAu zSms>OY>VYR81|-&qf`+YrMBZT%^5Tu=;kyp{O5fa(*S3dhrC1Fnv(R%^GrP%U8tvn`E5Iw3 z`5DilZ?Rj;q5%n(P7R`KOHZ8=fS_p}5SGtmh`-*p{VpS`yOj@|NgW#dDYR5@w^m$vKzmt<;*JdOqR+*&3V%721qMAje4r-cdi<;z{m}YtJAYTfXC%z z4K7a%I)bHrE_WUD^&660;9FVDphxvSLkQ;_)G;Y4p;gwYy@=c4`TikMj-(&6<*+@U znrXqp{rO^g4p*!t)$NH1EYMr(D3_f8rjC>$hr-}yEE_Derxv^q&)3Sm1H_XKfL}xQ zZQCq8HcZPiCJ!#VS}!z0Jz^sk{;_KAMf zO{~~GNm>CVqj{YdVoVaR&#UEZU3&6R(kG8vyNY))L8BkWAOQbGtzIRe-H+TSjMaKv ze(W2A*Bg7Sno>=-C}V0V%Zg+SjYt=blx5JJD?qk=9X5Vm)@bK)TrK26=Z=(*w2t5r zYiyK}CAAUALKU)R!4-R`7N|!a7`qYV-P!Y-pmK%!UI-Tgwp$3MQI1;=F!`juFCJhP z&l#H%KHfZ8Nf-I7vBdi6a3)bW`vy+clUt}LY$YbjgIOwx=1rgm|LMfVkk0cnJJTUy zCYi{p4aMQi@gop@*20nCnN`^pAnN_jS#m(dvnxP{dQAR2Cl#m5nXM@=lQo_2Y0-A7 z_0W-6SVDxK4TQ&_}GMZf@8et!d6` zA-*+R0T@}&ELqa_uzXZ}hM6Ac$M?E|J=>EVMi$BYtpWyv-4@w&tO&H8?dCT=CFgT7 z?I*p*wnLx0H0$2!$db6f^MIN_%fnL=BccN$dUhfsivid}?)VoYf^T|FlD%^qdV``< zT=t?W6qbG8+9kwbKI1y5U2D7-KO$9%!=)3uwQUDc$?A?B_n-AcF7QutLsJTZ9jeam z?JG}rdLoi=a$uZC4MXeuv$xg;JH@D4BuMkFdn|cqZzShB1j5p6FOqucaV%uLqjxJU zX;@EVZ7Whwr)*HsDPS%~qP?V|*uD2iKtQUjcKuIAKW{PjECM&E>$E?_&Ujk&bUCL_ ztw|V%qrV{ATE(Qbb8WCPeSP5Y8Zo3M9-%j`B>n!$#4U5}g~#;*xydyhQ5fj3glR(v zf4zgRhXI;-xgqUROUm{8Xu9*G^c*K6*{rHk@rt1h?#}YSBL~Ow#T*%}a%fLcBY5l^9dF5c&#_<)|0#@Z#I!~` zKazup%-4oD%MCl5SF_(f{c80d5L2H1G3(tKaz>3!4czbXfsqoE7h3bygXPJmC@MzF=AH4g^rwjnFkpe8R@dY1#n1(VPWXDwaQNLYOG(_ zRR2d-C7+qJOH{+&Ds^##-(52X`*#aM;{lZZzS+}{%Y06G;|;r6G$RqfV?VhYq=SLX z4&KPT(KJNo$9$?`Dy_BW?KyU`&hBbOsMjV+3JR8GP8OC&!JAaH*pwH#0oJ(olVOxlo>&O!!RWQ7(o-1+KdU*^*t9=m*xvxKg%2)pPRDc-oIT;C;^ zz90RYJ&5-=_8AfIxp`nWgHxiR@(}Tjkh>4MK>02hLx}+H$7-Igf~bsuJB^NH_MSl(rWf^Y@jHub~)xQFmzkdDhPGv0q z#S)!$I<&QEW%A=Vx@j_ffo+St_+fkfgY1D`j5%+`+Ns!!MD{3oSVC|rm@L^)gFOtf zT^@SGJ5wB8_^JAf@Zh5UQC-G^mUG5N7uy|1#Wz;`Gf7NtpsX%N%S($4eR34u@?~LJ zeUW8}<(r_H*9+lpD!TEGJ`lTG#tSCD*DmtZo~r3kgx0tVzPc%iZV{e_Gw=Js_fpw- zQXFqn_t}+X6gvsH0z=rRv@C3O`-?f(r|p)v!(Ab;0GL&}9;Xa`W6&EqIBq$zdRH5juyB7-`y-F+mxGjRVac|m%3<+({1FR%?`%bY z8VT(R@npNTuh#_g>LaQl^n1L?Su#$01Z2j(GZo+p+X;bXD2Ey?wwp9}Mk6Wj@I{(b zzxLh+!tvt*@3kr}kvYUW`+KxP*I~(+mehhHpo`+5h+z16IvjCGkquQVfh$~E1Q?bN zonJpViW<0IfLe?1-4@^w0%jPm9Sn?-9Sw8!wc%=)q_aZ{6^|4~t zgOdm9ic-&_=68g$)XOBcbRr4_&3CN$jd&?m&E(z|#>EnBPFL>Mmgr<-15y~5IVD7? z$8$9i+gE^*OT_N*hX(Dr#|qNm9BuQekF!uy&G#P`|`^~}9$bsH3(ogeoaRHK=^RP5#=-rJQCnE$GVL#ERCPLBI6%&3|on{^HwhjPI*+&OZ49 zTUhI^5D1m#R#TUOJ1UTd4^4%;Zr3-M>_Zr{M;Q(%?pT9@qjnG*Nh;_I+KZrX8S_#l z{cIljBLWFM`JUXhQOVjywg`LZ6#xnZlH6!6F7_tT)d6eja6mU(aau-N0~~xuiv!N( zIoaMg_>0KLLxoh$NX&%^ zy5huJhYE$&>cufB=&Ys9*`VzWMqKvV=;TPYGmo*^rR{;*NZ_G_pY{;1V0ga4R1wra z`TJOwWP}!F|3S25c%=D@hl@aA`A1!MKtlCrJ(9y!d1rTv`d|X%;col~6-t#Wz;EW) zxtT};iL3JvfD}- zd)3#XrSJl4g1gkYblS$WpaZ^@-Y)F5Gk6n(xhM;oUb_PH;945eSLO4QTPy>B$%f_2 zIuRjI9zk@Z|C;n|jspkr0UFgO5xz~L@Up4u?-bK^ru2EM!t3KT(&rZ}8|3{=?wq`7 zdKgfrIrCJMfw=M!yJN;S#kXbYS*Cg3;-gA}((B*7PAx0yhB=}Am_y;ocLxJUQcZPU z%;&a66LunmGoMqnnJ>Cn7cclP3Ne8e`G1)DXuDRzKS+&JNSD|Aww;;IS9KnZG9b3t zYx|nvK#(zkn43w3>iqtk`}Y}O>fGYt(qb`njEYVEivtS zii5j{9zeA1-SgH%!u$Rc4YrEo?)Vw)n=CmUT>(CwBE{Of=Bwq@^y#S$z%1p;X} zHi{!o2i(^7+ixg_#)o&qLL;JFJ3Frc8#uZa*LM6B!sc99(Zmcy_(n8qXfE5=xB}zk z&Wd30PI2}WTIJrjOZ73`l`FvPsIUv(2rKIztnz^alteUOhIgNq7yv&-)PA1--3J_O zW9ss!w;FI@VW8WF8s-otn~XUcokYBWo6LaL`Oj6V3{Ius_q$hha|bK(r7YR{Sepd+ z2#B><+e+9L*{l(a!u>fYx~L*lWK3~ysv}hLw1N1cVr_?>x`-{xM2Hj@YeJgwki5jq z5t8u~Je(X}S{QGXmOB3)hq1apMR>$LRUNfX%)^s6;ld?lE|obRT~m3v13bQ6??nY> zP7JZ6%!olERQB_i4b(n%)~thQ$)4Brt51w^a?7Peb|`DtRu+HOvI9vMkl#7+is_@hep)bDL1{iHB}VH1WR~p^a(7iU=NB( z!^-(FUIb>S?@U>Y2#&m~@HM{+OVa9nkOrk&lyC0bKWD-U+1#hE&e4_Rr5B2$reIYP z81KWsGSu~LeI2s)gUHtQQl`z`!HZthN%Yyq4S2NU)VhdvW${B>$y1d4NZHoYj~wcj z58c`K)L+9a1kq5oNx95f=acBi2b|{O_X_A0t5<=h)njE_2&7VkpV`YlCH055{%Kg? zlJrIzy2F^Tr5w?+*mm9q5Rh>$K~7oIm_ew@Euc`YF%}TN62-LB%erS_(5Fr=Ca{4~ z(Av}u$xX2k+Cs7t8BIjvphN}l^vI}H(9p*T;~5C`ne|L|Bn*1!IETa1mLyHc)wDh! zOV+M!RnBLdjL)jLlv5C>yPkbSm=aCp9GA9+jT(%qQscbm?aV*}shsNoQ>x|A+n{@w z9Fe3d%JAL5`~wTf@*<*UQoh^5dUcD#p??*N)}WfVg)W2fQ6i43&V5$^W{IXWvB9j+ zLvf*+(E+y>4hLHG6@SBKYjdfV+a+eNb-O3?BNZhF69o(X-P&JWP{s;X^_8|{f}z6`pN}` zbC}G$bQg^j3|sbSqpBtpoCv_XvX=%+z|^!g8#PjJA4xeZQmZ#zx7)Ns)B-kKPUA zm@iMxxN7llYV0<$>wu}=*o(~^$TMJoiEUBj&p{GblI6=~sd2=5 zQ=02L>$*1+1?NcS0YTs6MNb?)=nOH~+I~M}KZRvxJYvIQ+og`RdsgdFh||H{&&W#Yo!*yR;|Npsp<+t-C`eMrM1`z9F2)7z`EUCLM= z*YEe?4bw1A`gTcRZPf4<2R3_7DB(2Fq9j8m2Ug(X4KH0Z7r*7$>xmKlm2~%wE4>Id z*pjx3&_Cj`s_r2Dvc_bAG2Y>pk!&?JAIkUmZU0&K8c!3;ey?&x@1cT*B+(f8ypD|C z2_35+(DCfR@oZu9pk-Om-Ou-(v8M}D>(mI>kbQT%$v16hi{?6c0u305>~5Bo7~G;7 zxiKD|=e=s$o@Oy@>l~+&cRFxvT(fY0ijONg{RyX^B69lNB0zq`gEE`uwAH0B3FR#%}48PSAYfCOTv~>nt&JYJEn&U{UT_TUlc~@^VH0HEZv=oQNIw>RA~vi5Wmz8|D0Hkpno^Uw zc)|Hj(q+gw$T=)?W7VAB6`nwu4F8tYcPV!4e!$msq<#fx6_VJURVl&+r{1Rgh(TCY zAoC%8^Dm;EG+87Maiyp77&UjDVwFLMTp=AJhMOA>pOj=rw>YZgOo`dNr}dq|Bjg zdG$3@R`YAYiSo+^dk)Dk*k`A%z-s%x$5}R!j>*vU>KNGCtl3n2S>mC$s%=fJ&CqDN zBbUtgB-lUx%O#+*Q%{uQoSf0agK~X9a(3PUf2|jxa?8i~FyCdU^KK{nIGr}kC(ne0 zD*yv!6>!naRPd)fP^rq~IcE#o08Nu!SJ9H1OdmfS2b1|`0woVWGTHuC6z+HpBj>CfriqHr3;g%fu zUo$93h_yi}WXp?`mLEavN#Q{opVv3iR`^V@tq(x~7EX}I=_zEtzc zCHs6`;o;a9b>t-u4(sb9JWKkSh==K?v?n;*-AzP95?zYVtEo;EL8iAv39}&^U1*?_ z+vm7gv(SY`zIDmF297=;{>-X|FRtPCP-0a?KU?d`ru)M|C~I7F z@Q>eKSV+Kn}#|G2KkD@#UU1&Nr33L4poA8{| z4&;;9(V!a%tEm=b;REzJrJ(~vpjsCmaEEBHcXCyj2#74Rd*C8oR z62cRf5^qrCc-I&bv0+^%9Pq|Mz9v`pQwHwY+_R}d+WTOuv-ZS~Yp5NeAtevFU~C9U z{>}ROBM=MA8t%*5_jaG?wS+YDq)oa$C9Cc_66RKqeg9S?kl!&eCp1TXQX#fzeMl^I z%}o5YCZ~)166#Aat#<7$LJy*rC0W;b$bxePt%D%5E?EU8aJ3IB3aA37ga_qVXRoN9 zqzX&N!}@d+dh?1I6>yDm^9s**p>&}vgB3MXSS#CFsrj?{^2y>NPZ~uF&4m=0%LIXp zk&BbltEXHRbWK~U>RVQ&B`K@R#tYv|OQBAa@AQ=MA&S7fDH*NKS1f!t-c23y4)Gk< zAJ*s`IP2JCFVh0eLppSNMa%jTeUCM>`DaT#vJxkzd4x;$k60Z29PBhQT=hS{Hodc; zUxkGPI?}hx`6aX~*4P4pv9Sk0;1-9uj*IFf8B+U41^0G*TK4XY7;9I1^#zj9JJFg_%rf6S7X?erTk~+tNH)~x5G*YG(w&XIz%t44@$DF#_1NsK zm!GILp2Mr+J^X^>c@lt7@V%_Q?9SL3;NhO*y8p~VIE!kHOU3I|VZlt4HqvxVd@zHb zG9-hIfw%NqR!l_WEd{COc2gn++gDHrobA&5*8+9yrP|glXZj^$JXdG)*M##bb{%0pr8lJ^ z(q+npxEnktcIq{j<$MvKJ9%xU5B}Ku<6|KIG?C@eTg$jpwfGu8+Cg)M28fps<{EEPWJ zfG_YuGB9OIsRC^eQR$x6J~B4QPHEUn2@W_CzGP@ydBc8RFg4jQMUlXV-rY^Fa)*Xl zq{hF}*Pic$?7&;j9#&;fwqT-4lWNX?KYxVCRFZ>EnYL2!GGs;CcDb}k6 zAal&@H@G<*^vg<+8~U;I;OcoIY$bb0+E_*H4}}K8u^1h*407i)w8tcTEbdsK>4TSS zyBPPXfm%=8Gut5hjVnO+W#N1@<^kA%s`!PF0_wxF+F}1-TF*H8Xs0AFUc9gNqdyzp zIH;!5*jGr)L#$N~HdLW0!DnAK#Xor8z*l?( z4TF)R%#(F-cMVTl4l3q085A@xcNiKX#ODddxH5SOi_i|ahk z|NnPd{~*q3!e%5osV`Nx)c!E!XQBD+19TJ`1r~gJdf%QKYzj^(K zoL0+IW{o?I=tnhUTpP(!=#+$t&;3oQviQS?6s~T1(g*3;yaJj8!Kbab;rQ~u+&VGQ z#AtH$(voJ=GM>MXb_xAE59hxZea%17`%o&drO`RpP?? z_@dOZwC~*ohec6(K`_4&?9`!pT7`;A#$q8E)}ACy$$Xfno(TTP&;Ok5ITO#G%6nYG ze8MP{Gdq1bl@oBbkF_)LgfHDf&&Xz_hR43WSX^0;D3pb3`)&+b?n*DDNm~p|FU^V5 zg&51vu#@UYB>IRv5UhH~HUzO=d9ye;V+=O7=dd~!SeXd#c<|-E{Hs>FkY!OaF4a8d z3Wq7X#XM!NiCHwMsiS;0DU~!@LE7wfdK+y^z&K^ikv)kQY_;J*#F&vxa9TzHpNs}&2$Gg z2_I`ssT1$SZu07Omq+bJ(dm2wTRf?Sk49eI@+Do{fMrT5{v(P$Ho)VB#4}qmz$hkKlRv{zBYU8l`v*HTF>3R z&JI-L&;CkXYH#h_BqqdGl>$3n4@6Tv61tuAuqtK=|zTvh>5AN`>{blY~YLyEKrUk&$sC zxbEgqHYWe`htR2n;K*j*5Ve3S0f}KrgLZsABSU~{vQy`ErX|L2!3ry4kx04qfhRM%Xg+W3Fl_H?%Yim~9G3wQ z*AJ*1fl?kux&a*QM?Og67i~-8mkJ<$pU`)tVwEbcWGLz)MZ0P7dS;BFg@2gIpzFxd zp-{f&XuA^MVs;!mFHx4|Ix0;sAs#4aLTrzFT?W?9Wx}rltiWcx@&3#9UFN69&o&1GTWCf1`PB z8pM7rb-c%5&4;i^dY8wD>+zyvRn~PdWzmHFNeR4B_H&oN?f3;NUK#did`tLZqSH9z zO)L{$#`<5|F9Ff-c9a{x`%2<$9Mj|@y#a3fkfvM$BDh#_QoZm36H`Sg+T59O32sjr zA)0Cd6~sMoE8~|G3}o&u_H}sHZD&T+03)0;8%1*3;oe|j)Sg2|F;v0FBw}voC5Yrq z#Mq4k!js?`|F%LIh4<@ne%vBlmbmRK0Y24q`_#)$`%EB!8jdhDOrA?^(@nUPU(g)| z+&VkwRucfUKbi5Q$OmcKpS{Td&Dyi`>sLyY32X{Td_5xSSXJ{Irre$4gCj{1)cOJ5KxU^N&Spe4|Z}aaPVoGVna+7;&C` zxB=K*13EXGbQH5YI$8X~h5`#5v2(oN8Y?%G+maVq@lYmfzDr=4QHPh^`G`T>(AUCj zYc<9Xb)K?Fw}fAg5*)}5*Gm?`XC|KUh*QaM0E9P%!Wpd8J%O?*9c^+&>S0}&qf_#E zd2F-X<4V5Iy0qk5PfhTKKw1)}npn`3dbXby@lg!&3hEog{{Ch%Rs`(enAZu`!ut8X zdv$rfyVQQC^Ox^}Y7TRDw6=S&*%(Vh%~IyoziRwZ+n?M?m&oIng#t=7m*_QP+R!9* z^~aqy4B);{fh+=DB_J>n{GNXBa%+o}DiTm`aggFvYTaSY+ia4(Jg6&Yp$>|f8JvsU z>;aJILfR0d+f-9LP*i>hP~ez9mBBTQ2zJc9YiHyqh{QW%cS=F|-@i7`<(Y)t*~sotsaX|_D-X_b5KY>l zLdphBifAr)AI9_QcJwYp$vz(%p3CD%V@O&^nIWDZ(CtcGnCFV+#>konD%y{!7;D$p-IryLp zGt{5_k?^~&Wk&vY|BH9c->DudkH>WGWB#AK8jn+Z9K`o>HBjd)HyiWbb|w#%;^ zs^})^m&=Ee1(?hDZuulnJNSe$33BEf103XVPbvrqEn5poUY2y9a`oA}avECOWtwfP zg6YlMdcNiQ^qaYrUth%?an|FJ#VN0Lzxf({6%x2Rl6%KlnTaE>=KZ1F+05p zSM8gET5tvv6V)eD1FE%gvN%O~M{u>sAY^UcSZBXVC?Ey}f7BD6?C2t~2ZcgV@$9LK ztA$DzWImeKn9Z?w+*mE7ov`K1(6i!qxsJSOC5MjORv5w!S{N*F!Zrz4 z)BaF!laFVBevsMDOLC)hBef`m9@*Dgj^ec&4Lo?Spw8`~#QPKO@zYWrWgY`rVu}u= zKQ@&+y3vpTgF>#FhAhaIpVfJ#gn9fI`mOK{9d3Ewc(EL2^NX_hLJdGwKy;w!*8ns9SMnxvu{ZMJ&DYvyxwR}Y%lB`wG9HF>uSZ?v`<~$|p-6}&Zw?r?HQjwR#Xb{o45Hfrws_+My-}@UfOiF z<$OyFfS&K;h05M2|m##LL5MbxWC)f-DS~SXw-^t2`KISxbo7g3rRrWi}IO zvl?x-9mZyc4Hhnn=9UU0@@K6)I95h?JF`0r`%g+dTbV2mDV2dQ>$UPk)D6$!)S+cg zQB85I4$WKq_`VdR;mXx%QD0EeI%E%76Qt4Y0C-51@FsVMIf2ZnPLuzS_Jm9$jqr1` z`|lQc{ZL&e&VV|l1^?5iZs*UR7so{%hhIY8Iqm}f{ssOX9RElE5aE~Q2RZ*l=-!?;<3)}0AjN&MiaXiE*;eZauFK{8Y{+tkY zCUsN{Uf=j+lx87KW->R#W=G8;PNl**B5|>u>r!)1>d|34xz<(xtd;B3dB&Tp;IUXx zY>&LW-zxE`R@P^0@+=`aVL>H1mHhY{od)>h_*RQAfF7|8Ya>~mcuPV@I6i+qF+WL& z*j#ofFr6w6w&^`m*2iw9mq=d8Fto0`wXfPw37t$;{FJ4aXx$?h-Qod^$14aaS+YrJ!Ebzfvb~qlwVIIcj;DpgT^@X&7Mkng9vp9Ik(Ixa zGpFmjg?wA6$JEl=y3?**j-kn6!6SJ|x>0~}td133Ua6iB`In{zP5p7z$XQCL4ym;R zb1id<{o?z5pr8+y^cu`$f0$`(@GC|x^ncZY+l^TaD~2Ob z1-5_~_68#@5_l4jI3{{D1IB>X;KQBigy|5Qjw^hc&V5t8T2XBM81&baNvFXNw}w1Rze_SL(e zhxlx}&`p!nj-ae!J>QNhf4s|aVSDcfR0B$0g-F;CqB!?~a=cO%JY(5zn=T1f#q1nC z1}H)&q++;|o!*o0a4>BHq$Tw~AZNnLwD=@4kX@t}BLzF#?$lCGr2Jn6KBBTVT%qP3dSoBX-*^Y6tWKh;FJ`*Aj~&EFCP@^L)+;)? z1TU)pZP1!ed}g3@!j4}hZ8eDf=p|q{)>q5f9G6{nwNz13UOGKsnbd)5+bO0{RxeF0 zbZ0GT-dD}(fNQ8&yK%=t5j#W5hboeTc8QCBjEEBFEGjvytfiZ};gm?RBfYnPVZKP* z)Re)~`>W_A5|YT6Qe}_(Wy_2dKGXW^#Sv2IVbrtwBgAxQr-zzyfVu`rWrIKj!x_K! z#dZ!n*6VK9lz|@dg87)rhllrtJp6t7$tLhU;v#G0Vhow6CQrnLc81sN8&Q~^(s*-Vw- zU#rCf29*}-CeCYRKtxnf8oarN72Rs>l-yxkg@|_8x^1p=73@dc`o? zPiA@r5dxkTx0URr?wAwGSQ2i04Ixs{^gu4Mo2yeG6hH<_jztMQJqVz{pEGu+1ubUf z8R=gRl#vhzgO}A>eCgPQzx19jb`|p=@is16K4%7Y^}6{pWR%(T&Aiu;w)6}??bro( zoY-Q848Kah6Fm1VpCvi zuu_@{qiY~@9gkvkMa@RznEr@gH9q_H>(}_pF8Ch+DE|v^@!~1f$G^-bX|-wnlLoYn z=XMtiHM?2#P?8RFf5qh>cfM`JL_pN4gNA4o(eLKsUuK0KK6_ABmY-xvPMW)b?ul5p z!?aT0o50}^(3J2fzmjZy)3Z^Q(&gB?VCueg7cVlRw&FOG+c}z@fphuj^hJ>qd#E$z z8l|_#(=mIxO?DekhY{UG!_YT6-(#jKioOWEv(AyNMx)hAHEd1F@V=WGE%=BHlVHqQ zrrMjE=*tvA#dJ+Qx{|k7o&MZT9L9Uiq?yHtKsZH@n`@HTf;Kc(T7+MKk$7q5#^A(^BPJb zt}MG(&}E)~_7x6W5PF}ao>~vr{ zYq$1MhY|6hxlPse^9-?zg>P)4-GQ$?XKK3lUk-ntSQI3sZ+U@p8XtPG3;`R!Ho1)OYtTVUAd;r`(68_a+`+wqBe#~b(c^kBe8n6juKzsDt4ldYCR*bjmkgp&AKAt-Med!SDVg$NhG61ptHOsbS5mB1MTGm> z;9XN+wh!)pZVj&%zI%IR!YlWrPx|qY5JM{iKJ6_4Qa)3%=s$I9JyI~Ral5JhVn&9e zZIjPhaIL7W(7|~+aj7yzsl$2&F-a^Oh#u_$%|h%;P!VdnFYUdVN4Cs3(g(SjdST(- z%!#05DXVJNBp>M0GtT7YUM7~a=h>e^L`*uCRAvZ}fc$hXd zy4Uw1J6PW_;baNVA9a61U5y`pxWDN;zl?*A{;w)30z8`NzqUBuLDlh!i!`>+TC#t; z3JD%N2KUS+-vkRfZ|h#wAAWM=N|(*cvBz{HFGhDN1DLX4m9ZsxC=jd#zzzx@fe>{k zo6PUh`fxlJ8hJR4btZ~!qeQe}9Wjc#!N zSy0>}#34Y`|G6WKxszomONNAtYgNIkrQ|+;5`+dT9T6*3gY3*;71PjOxlQO#e(v0| zwyL2PGxz3Di)Rw*R-$LaX zy(G6coHEOfQT#-ym2Gw-JJlD?vc#bPQJ(?p4D8c`y+XXvjE} za5JJV>|UU^142hQC}u_joyKJpmzAUxkVVJHFI1_Lb3#4j=@C7wWgV6(PJUjuuqfal zBh(>6g6mb5;)m;xe9%x3NI;^o9Ky%K$2xE5bLy1F>qCVQJwpc9Hzw+Jd&wyIHqRl= zsTS&yoE^xVP61{VmbY$bz#ywU8})kXTCbJ6k27vq&RbF7?)RQn2i`6Am_NiEJ{R7~ z(su)i02uibK@=6fD(#PFr-dW%jH?3H`zL~@l`3!M)U$g*odzFgqfOSkxfWvwnvmJ# z5*RQNMbzNntA0Fdt}ysQ7RXG=D-hv=QOQL721AyB;st^n~*kPR9~Oa)UxDg-9}GVs7Vz$0#N^k4!NM2h^Ye959DU z_&QktdbDN)&cr{)RUK%N+knC9%cUW;-1rR?6QW$ca0+D!Ko|RCLy>RBy56Aa6+<|f zL`Xi&dVj7ro6mfJ2a0G#fKBi{V#@GR}CZgUPxIY!!nObI3Vi z)qHan6FmD|Bbu2KL?KP2GJ^YJM3^9)L_f?CKjuHEajg2 za$yfXOKXa9zuuw<=>WnwAvwOED6EY-g(F_=B8TUwo%2nHsq0ebBp z0%I*;opEH{w_jeykvx-#TXubggCI=#-l1KJJuBOm1GEvGqq5jC>R=w{#SJX7nQK)0*?e1G`0^ zB(`oumH2+gf+dNzK^uR*0;eoFM6TWZTe4NV;U6n9Kv*@A-C2XGuR5AK*jgFj0JyVr z5%YF$j>Te?sy=ApWg)Ts(Q-f@5QOI0nY>IQC zOR)%;6atj_mO+z3y1EQN!Evl;J#@zuUZrbmc&97hO>66Wwg#;?YTH5+iQG(Kmyb}+ z0jcpSbPpZ2fq;%x?2bJObMJ-6PQwS=omYQ2chkz{yVW(FgRl{;qFlvlwZ#00!5271 zt6rP%_{U3dt(u2%5Hr3)F4w2rw%M2-OcKbVK|@t3y(B1vIIDwg56z!FA@#Z`75v6g zq-RRG8wI4g{fSTvBeCpRnqQ(h&nLjCyh8g|C%o1Y4YEIwWqqb0KWrs~FL3zsvW-lU zz^z#RH>eNC|f}PA&p-R&_GLv$M=HM{g$w~iuEUBFE+1O!E{1)e?uvcdduR(#Y+fI z*<;txc(DejaeG5o>qOtuAjquV+zbF4H1HjKdvRx983hCFAokM_4;TQYaW^mR0Z8u!dzr6|a2-z~_(GIupyPwcvLJ_@pHcr?c?Dm5P zT^g@n=w=PK6;VT5-`TV>aE6UA&&~8Z(x#D5dFVtKE)#;GQSGhsmDhi^c;;7MDaUoO zwca=+ZLAFO*;taw#}W5{_#uX@nQqNmqexp5le=K5kWbU*FAl8BInb-{TF(y0Oy(Y? zb;eMK_Q;JXVUAh)4|H$(i$Ht$x^R|*pvs9pIh)pCWK0? z*-Z#{j2M!b#ZbD6pVGba<7CTs&MM(FWFMiTWN(ZL*HtVDBUl{QRfML7PUo3Il9%?$ zVgWBy;g5l=DrNk1HbxvUrHk9r1z%juD}=cbJ%tp+i))X>q%Yi))I{)m;%_iSvPdS3#AyCH1`j zi`J#F3d4LAmMX#!`=|HcmW*JgGE)oBCRIHYxJF9{v6Yqfh-xXLfc>XqA1g6-mRwMc$b57pKbb+1#+AR6&zzF6@HO@fZ<`_@ z7}>i-e!!sSwvmQx@MVAWYL!qtQ(AZN z=_Hv>qD!0&V#boz4uw!fkEyz_(`)K$PY0M+RmEC8mTghRG*#p#(X~5fsF!)%+MC#U z#jsH(^PKb-3SHMsddQl7=%QQs5x0@UT6 z*(*X9Wz=5T04SCm9b`-i?mT?qn=ru88NC3p&U==pKjKXSR*gX=T>YC+%#cWM=V^N? z`|;O@*X)18j43}8{0I2*|K6ckx0r#+I3N8BtD-u0buvYn01K#UwqJV8->xpaLUQHb z?A-U1pKok7ni*4Q>hfnRSSXLO^PylP7)LC-5Lez z2WUN$pPDup}?3Z-STek=VMhAIejEx zM7$mfUr&6hmoQCmgXrt&r{OLiPWqe@?1;Si*SrwQzosx8~T4=%io(azQJc@m)@Qa>_)kA*Wv)V$QU&u3jo z*hVQx)=HhEt@N5Zn@%D8?ch@*Wt=ttkeka4&(vw)(CZH}s&XHC+-FUWpQLI^;CQ*t zW>!~s?>B4_+$A+0d+V;js;zA!oZa49s(To2?v%Aop}^DCs}&FcuvgoGx^nndPRq1a zrV0^Lex4Shj2d0O6a7t6@h~|F4A~P9EbGj|)H8Qfmi#5Gr{rAFyFk~mo*16#R3)(X zy3>Vjwvd33IX-;tW8%UW4Z#6GrI)?MJj&fEd=n1-fZk=fr zkaN~u`u@LTb|Y*xJpcOQOe@m0#=c%bB74ChIM`Z_0M^wjxqBBfxS@TPj@=Fv1XehdUq!PZ*kviB^kl4)zKTvu-Jfhv>0C;GdKgd-4CvPx!wNn@gvmD)jewZ3i7a zX@`FPPPKt-p^( zS9F`RM5l4sr@xkFeXO;9642C~*jR4Lw8a_kbr-p3`ITD}t$Nu>D;0JW!f4i+KoIeM z7jj}(D7rLUi(M5_ZNnu1?&3R*n;5MKc=a%AN&dq{FK=szWmkEng+d9g0JpMkjEF#8E?mH#XuZ!`U zhvA3p-JSGb_e_$D2ZKr!ycKaPck~w$}Wp z3)t*Qw8O2tlfp8xI8}J)ku9Wl~q@~@6 z{xdq#Z|CwNqL%FT7xJEim^f8~y;OgC4<@S?mF6rkjqhp=`!EWW>ZZyYLy`hg9LW@- z>ty69`#~gK7+N_cmmjiSw=np2(^{|tb_>V|+%DCWo9Ej#*;vhXgUTC>3A2_U+b>}A zS8a8pjiru$vf)dfdudXa`U*$wjcqT&a>B$kgAd8-IbpQIMll?HGFBP^hWl@TD?)ab zC8#aPj$A`~<;IJIs2#f^b1pyOwVRI@!Tnc6ke!zPAD<$WBoDX)PGeeU`Ps8-#+)JH8+h{M7;`$u^cdjD zm57@}$;u+M=fxDQp76-pitir?%aJ&Yp*`g>#R?jANd?63u+SX& zlOPJ=T|wr#T(0$6>)@GNHd*%;j&H{zS4^Y00aKy;soYzi>Y2-U=A3vuM3;SCH0H)QHFNb; zjlg7%wUTAeT*q!~!(QsT{CzAid`Cl3sklf$%Qs&ko}{hb@?vctC0N&a?vu+Xd7skl zkpzQG{!4c$s>EULkBJLB@F9(@B(^HIi|4(!7ElUOLU*h|qBu$?e4*aK?LA+ltvKQe zG;C*)5h*JcK1RNUvcl!Z5Vi(Nv4oVeBnu`%GxfvI27Ee~1-BG%>kfPVhGBkQUmL6Z=Lk)b5K6ksg2tuU-@R8Lc;1svwWb9eq(eAzHfkdbDGBi3TcV`7CicOkTcp z#hnqdjz4XG16Z+k$?c@Ifs}gS0hbKF3!v>Fyz911*{EHeUJ^44Mg#GcKRd3>cc@hT zDPL)J??;!$wX;h890H+r9GXou(2t@<`L9V~zCLM|GIfTo<6!*MzJ<=tu=dxGI07;4 z#*BWWICwx)$fD4i63#X%;xwujDE_#0LR*r!Y9xs{{?$VmvzoBC8#gujgr}jzi3D@b zK6TvavP?!G&cnQ(yU+H{TgKxyHtv|R=ia_q4FuCRN(W?TJ&pQ0CjO11ooEhoMHgRoL3q6l z`_lIFovt>Fb*?WO7m0p-JYUy|{z*}Vn}*%=SP-42;*Nxh=eNjI7m$iU?a_9_v}5tn z#?eJEwODl}$5_V}hZ4|rdas_=APITlh;zWx8d3UAu(L24oa8{f(UWmn$Fe++_V7i% zfNJs!{1in}*0 z!G@k%2H&Ynx6i*IBss;n^7LRLpi2j_+2Q)0MY$etp$pF=t_$lMuFk6%bH9P;( zjsw-d`oy&Qf8g*Z?g;W1mX|G_jefx^%_)F1gd3xz@=uVk8Y2RlA z*R&c)qo#G&DkGk@?fsw`s{owI6e`z4Bf|L@GpZ=WJTm+=osFWGhE|S1U@9AmFo2n}5sMLBlGrP*E~CZUN{NEz&0uRu?HC{HJ|#XqfmE$X`g$ci+v}UhrO9t! zO2~WX1uWcxNrSh%N}Y4ct1qykC&%FxzKWsURz=H<>;xe!EK5j~`*Xruz8Zk`0Qqu& z*}KDD53n-b_O;S7+@H_X?BPopf}*1(X`Zp%$J2Q(Uv<cK~f84ki(3&+m=t>!C1&dc@BZ4VCrSp zRtHre(IQ9%4QKG0Sr-xeqY&mq^R2De9mVZI) z3t`-+BI}}s=8m=8?ueSJ&H&f8z^nKrE|P{Opf9+1#JlzUq;lK3_?5#rV}zS3tl6LF z?pQ`-!2`I$5{3s40DYO_(cW%E^1k9bysuT=O7xbue&$ zWoft%&{VrSoAexd+8d`u<>_-uWR1 zY@8x1LP;NCk*SWtZwYm8CEQO}i=FT-vSP4Kd27alKMB5Y`7f>9Drrr{L_M5g(H!rr zD4lNyF17@9ElF(rnA*{vmR13&Unvv^hqt&qov(@4viiI_QAIQ(@*N=pn@-Y#cwm%g zCkmMYdxnQ-EHvdO^#`ogOA)xvhPH+9Coq#x`0?l)h20H; z{kWe5C3PH^H~cT(zQ*`(IX-A4FviccWWieyXG3ylOkImc&%r*YbkF|Miupkp=n{b!8CpeFrX+cPt-a0+ju1mV| zoBb?&p>n$TM&23dC&9!VxgSB}^$R+1XJNI? zj&18)+q=O!Ls+YNH zf61DEf6B)?uQBkGAlP5Tf05@skyBbzCx00aRe4T0-2WfveO zu?b|W*Tt**MEm!n9yA1A(O>@2ey#fU2Kcvd6~Fs?DE~i!{eQnUzdie>!2Xv9wf7N^ z?J>3Q7PM%P&Eh>>Tz$TcE}?EWAjuv@41ef?_arv5#n0#?rm^miWZ)`|on0WSlMU{m zqnx{y+^lEze(&VNX4iibNcitQB42H$qp@U;Op+T(%E5fXchE%F0+>5FLiea@f+NZ{ zFPg`~7*5x~xHM^qJCS;>& zKVsB3Q;Y6#IT%~e{wn94q9{=qelk5wAACS(9yF!Ne#Z*lNwXoExk52`(<9IjxfL3Bo=K7$Lz?s_&;>)7IXe zQFCpwbHzD10_|BAxAzb7gGcAmEVI~ToRc*fi(O9Kvh~Ycylfp~U*PbL-rbT?f7x`r zC>(F)J(-x4%y`rLu-EM2-#9~jJn?(XK3c)jSE?sor7$4c--zk*j_{yKMefz~ArRRQ zNaYKzB*45~;yugVr0sKoI(KBVvvM-o5>!`$Mps71%&WX{#OD?=3f}C+=Bll1PMo0} zePW?dyk}4qkH_L}Tw$zWo7J2T%y&NNo_0i)IIQQ_g!fpC7nK>#lyx-5YZQZfdU^r4Be$mx z7on2_d8!;D^!{n1*SY|$rofCiKmtri=$ma5d6f}PBpZSK;5fjRche6`uks6pbb zOeNpFb0BxJ!1Op@nVHpV58=2-{)%J|#j!!kBN7#sf=1$_r{5%%Z9NMCvEPU4T#R+v zeP2{TN2crgTtVAW zLjAq`ZnF<+Zs+##3MNk1Ahk&i$F7fX#j`_dC2p$i!XynD(r4iaS)-dg%|D`Ag~-G2 zMjw7OaUeeFUJ($lW0sqcF})Gn5$RdA+Z#RO`0Pb>)Q-|zr|u=}`@iG(Af^lWNvXCZ zjVIrK1)fZNCW+6K6>>{;N|BP(t`=C2FWk%QDm2EI_ zJQIElBra-#xWDHoc`>5`jnsdsZoq>FQcS+sAiC1ZG$+1Vq@!Adqxkt~LV&5Co@vCS z!2op$7jW%Q4~xfQ!HPY#K%m5Io5X(Z_Ud=NIjJbSQI}Q*_5#qPR~&K7j-oz7HHJ#5 zc&O+G@eb7Mep!ZEaT_=1oKk@z@_=2>&EaGCet1-qLeG>3(-!~c=JUH{ku`^IO6iD= zS?3CCmSnx1Y$kjMLIKJ9$S$e0fC0;S`b45xpV&#^Yu0D}O7%UXofqfjhiM_h%a_Yh z%XfDwfm=!bq~Qd;;XFbs1y`}&`}iKOPpJ;HuRH6{Nbrr;|J(Mjq5Lm%{(lYS|I?L^ z@4@q5+dovbZ2PzC`HsI7Ts?}xH~8?ns>+g>Aa6{Eb9}xZRJn<94`YnrFG+fc6X}25 z+=RvndhCRepcFOflKeYd8gxR#WiWDYKCkRn@=7+mW^9r<~&&(>|fd=Ao2 zs_0<<7uKQ>%!@6X|3T>J@+t?PF;wfZx zi6PZRwKX=ph}aEVURl;~|Fr|mfxhWpk8zgzu@{_u!R?944{SuL0#nP$Ibkfx!p zmV`LJkXPw`^rNQEM4$dra`)Mm?Th?C>*&`<-P|mii?9cx>_D!{ZKiKUyHRctU`!l` ztUvik=L@LpViBBVwCEY1__gPViJr(=B??C!QblISF^8 zRarlto_*eHuWP)DT8I^&K3dM(q?u(!ZEkIC(#nc$XdiCB%^A`Sea-o1WXCNGWi+Q0 ziY|!{z%e7c2T2M%uNpCP6XZV$C=kLbzi@G5M~lbT@!oHBF7@9`3MKXVi(OKco#uUH zK>y}Tr+z+mINY~LeoR8N_C)y4TmGRq^^A3TfsM)5CC`1c?J-}G&_NaIrvV+^{&n(_ z8f8%QIop#eaI$r&2vL*u%z4<*#*YZe&~O($7rX2`nO|Jb!jk>qGG~tiI^7GJBQ+AG zs>m^C*(&Vow616RIzB;Hur4hcIZKq5!NU;L7;Oa3s@a7)kR;168Tk&Z_73Bc&Ri;l zVV$ElYVN+Y$9QJz)(6r)xUZpZpn=G!a?n!}_2znw>BkPNKc(`mVCAerSwdqEuMR}6 z8TaKZYvM!S>e1#!!zLpOW%o_wBXz@f4la&P+RD@Gt2Th;5U&ZXw&qpjZGWI@@H`KDVOhj6m$!F!0 z6Ki!9fYKQamYh_$+BH zbOu&ABjk20-eYK17VcF7V(!_4mhH>LaR_P4<|&o2G&y}6@~2Y^8K<#b-j0!aQ54Sg zGnL{GPIULnsX35`KD`n~P)->nhgbwwr17>IZ}4 z^`!9Y#Sjzc?YbDfq-iSMIOn|lN$_G8C(3-XOs!-!uL%DsHrwS@97y7 z_&OtWrCYyO-bUT+C@sr$MX=uPAhF;74z~o`_sPsm{Wn;uVsMvzexGBiK%a_)5^9CN zCQoo->f4~-r^feZ(~GHJo3H+m$NaaTfZE~as$-=0U82MLRPn#X1t6-G&b(_^T-EpO z_|{~q*vXBPgbZ8tT;7r==n&C)^~skbuZ=HqxqifFYLb}H zr-@&sL5BT-yXG0SM_acF|HaBA-MT5CU__;2_kx&x<|&WiAHwQhYB3veOP0*E1s7Yd zJWPYmXEiMlK0WPHdDw(?B^Bf>WXJMiWFTl=&K$}9JL>2**tGxZQPJ6H{R*mtN>Ku9%m zTSL6*&`h#ZBg8;0=VNLHNdf1QcCQVO-0cs>tnLc>YS~KAhQpqYDfN>ud`lEHLu{^# zez8xZbVa&KXU87uu}rM>{e~5T4`7ljw;nL>)UJbU;o-4^tOrnh!9bH;dozcKE3e`DO6f5IN@ot3OL_gZ_d`JJDs*OY*ST73PU&KD-9``S1|U#XP$ zl(F$`gAM^3+UsAt&pD#YS(WZZS=-GJ7tBr6@Ts9T0S#HZDcDJufSJR+a}9tLW1|FS zW%0XOsCYEYz1zcTA4%44uLko?ULP^4SP}J=W2{R$_=8L(T}ANYjm?3{eCgRDMbKGrSM^%QRR z6iZ!PnMxdC?N+M~&#$1Y7vg+b8PF!`Pe+pUa-ixC-kn5NeLghi&zI1?1(Jw~OxZX7 zIMBLI`xoA)jYaoDcU|-?`5JoctKOd}`1-bfES_mkn>5?@ zO}4Lp_g44V+b)Ms_bN^1a#z#75o=h`E=W^FHYD+WwlzP*2 zDKQzke#)M550iq<5=gZeF+owJ*dWl99Snq%Tp$wCg7kC~bseRjyvUKZl9Fnjzg0Qp zM{kDaNp^FhzT|IxoObk#QZez22!J;Ch8{U<&f<9dIF$mUKNxc0&S86pdaPB;PF9PD=d zw}j|l$#Ax>F36zX)cD8GN{6p7!Q$SS_=y++^@%U!x>Re7i=3q>5E}*Q2%^3-ygM2} zl7}xSXlT4NtdF+hg$In(?tn%28&V6_M8A}02(#o^QE#;04oTuQQ%kKij_={_p>w}P z3rNj&L(hm6bE*Zv(ZK`6Kgg0gi3>Cy1)t`|rxLWgqlUXg^RTwH%tEmNq3w?^~RPL%c**G4h6!fF95=}JaXm?3L0m^AM z*zcRIgPPdonDn+ziHR&F^P08CUMeuwIsExLZK*1 z0gfyHO}pud%_ll;g8RU4LWwx&nWcNTxs(uM;_MY!|C8r#EHmgvMEUX3hiKozAnUmw z;WyQf0AH+&0wup%Svbs3N;I=QqRV{KN<@wJfDvj5mF4WDu&Lmtr`?silxKaYEnIB- zEZMVkpT)u4`*Eea1@+RacM{}ltd308hC|lTtWI`6IJo_fd}N?oY0WuF%Qv{{v_^3b zU~^F{!ZcYkiVzn0F@qeZ4DgTXs565V*XkBM;~uBdeL#wa_7p{PkqUVRH`CEEw?C}3 zu@>xBd6`^b<+aV;WUiP$((U1~r;?UN!uo&Fi1iSe>5VM9ZT78qZe5jr@%wT7-I1mU zCF&aaBemfmVm5Gp5J<)ASl-gM`Hnp^oW5QD3@&e5k9Scf^8wHnsDzi1-1^w61A zOUKkP@+oVD80~XOZGb>tBhdI9C||zg6Yqs8XOi;N7+lDX?|2~E6t5%sbd7cbG#_{% z^JPIdah=RRX`?|eK?1M>bbw_hrJ#-f9P}VxFm&YUMzZ?Go1>>3hg!|y?Q~ci4;xq` zEDX;kbm6AJ)t#pQ%Rc5!ZRK#w?^Xip-NIATw%K`OM9y~Q)(|=;TZAriyS(KRe5k7J zjnI&xEPS#DtTjeu3*x#N*7WVp$vY`a7qTZ#nB7&Ck%j^W_hl*eOvlU>#bUK=wpsbw zk*1n_FZG^WL0W`=iysaj8*rFHu(0+qX`h)k{jwva$IJU$hd^|yUuKO=__=D9Gzes* zMyfgRs?#s&D0;DjRHcDA*Ujc$rO8Z80yGv~)Z1a8aLVixm6+HvRi4CCLj{BCyaNJ( z6P>3YVyez!W}M|jvHBZ1CQI9D9(74Zk2IiNT-^zia&P_bM4s!pulokR_}=fm@}`QU zArkfSJw(}TeRW-;TuWWsmF(W*>u}eI9UNUeC}U3H35#DwTH_qy&hGiGUOrNq&G%#(JNneW<8* zwi~Iew3(M}%>x>bcn+A)lg=%DMeZ++i8#$pm1Roj+v^?`unF$t_j?DB%}7ZKi}MqM zYzv}DaPbP@{hWc0
  • sHaN0uW$Q?WiLV8sPjuKAC;ko%wjo#L$Zl!lLUl>j#2Vad z8)Zc4hMO~+%WPt3PpKm7(%w*E=gzqzdY3-kQnYf6%_gd)H;tr^d; zJ?F}=_Vr#z3F*6DpD7p+$45DVGfdp90M%6?Dj9=?NOW&>^yAJS15c%E<_jH3Q4_ix zNbIN2`I&EQXM7{pxh5V??rYe{oN0`i!^D{95|>SVUa-gsZ^AV?CiKk|mTn7UR8SBWGQ$G?>rTxzVB5wSy~d&YhRuM(X8kuzXrc#N(Dub z@MvG}ELu=i)AD?@8DCG6CeW@(P98e>i zq~%~1)F9S~v;-~N%=EotOTy>y=~a7!A54{vFpl33kFP`%u>-6U3T?^m{P9vC#JJORnjAFu08P*D*8UQ)H)nPR~U!X0Bc+b zE%;P_cWlxPc;+_3Rk<9C35AP?WS6ssW{~6v;U7A@NV3H>H=p;Hx~Sbm~U%qZNZ#j8g$#47-P0DLarb6j-!2HXw1` z((;C)lQ(E)K>%XdR5V1d5JY9f+D1R3VvT@Z7w^3p6Zzb5f-|F~q|4&@Rz$Z-Vg1^Z zlc}PdraCIB$qZwB2mxNxe8yleL^det^8R5_f{JU8{|`&TM=RHPn2<&cDldLkh>q6S zM?$VqU|?9-hsv3{7uB-Eh{e$Hifph8wy?*o$G?)G5gpgr=iGEQ1DIu$xOWq;b|tIHa{_#R|r7kGaGlaqL?zZ{Vn zJo>j&|63pYQVNfRFFrjoVmQ>=d%o(r2aDa0_6~U7{b*(`TB)j<&pe!|KuaSJLP_AJ8-D3198^@7xM?$% zUIHJmWCu=!lu)_|(6O6f*_P-;Gc?ny173n_;g5dr5^Vu=BjXMqU2YfoJ2&a#--ZN_ zt-9k zjwjUsA+4HiJYY69rJFzG-Uyx{eMVzUYiF{b=iCCv%@`Sedza8_t%>7YMAv*F=ggMR z5;zH|h)C?C>84C>P1NLyqL(|b<2z>!ay{evEfW-n=W}EN(fnhylP^m zAkUbX*=YVW##lQYZ5D-5QKgafYRKX=Q%cNIL`a1t!i*mGTKbjdPLAZ=`6e4(PwTXv z+{u>UL_nBbWfUiV0U}fq*1!mR5dgNclc+S$nPJ5;xgHck*LnX;)$&9mj!05ekeic= zJbMZ8;wDA%$|BWfqbjZEHV3YGG^MJ3w|evnrfZdgn+eZ=8L(F^eYogiiik9k1O}RvWZTcnhQ63oU3vG6WFy!-({h+z1o?k%o{qq z$n1yGI|e0sSNMi=^#|2snX0At`e!AB#e)+!ph!178ymZb$Oap8w1t)Qj$$j$kV|ei ztaZ;>P{p|@TcK~TvBCy};-p4hq@tf%DGHoMgQfPyQ&*6>05zCC+v@qXC1hmFXq;2Cs9F zM9rJx6(+MCeN`P!NVPpU{}Nr%AW1R?xUkPa*b~~P5F+gSnD9F^!rYU4nd0bkf9w83 zj9EC)dQKoG33kZ=I##Xzr{mMxJ7CGiXqCI?96=SnfY^!KD47j+0PsBUj&js2_{b;nz;IB883OadP?*+k(1g&e zo4klo$pXstSdpqfoxNtur4JO)>Q}rVLAz`2l{o8lvrcR|8v}b@DQ`o?py)-j3esL% z5N^5aQLG)Fw~xf7KkCS7`v1N#I%6YV`@iXf9A1lhwR6J5)%RiF`{xP3E`l(_58(?^;0)D?^`nQ^WpeiZfW$kb- z>GYZ5`CE;GS7aBpcWsEb83&#Rf@_0f?so;a=pWb7)|)~&vVBH66r`xgZ-~*M{kw|~ zC*CuJT@y#TR7iFYy9`Z zcqYhJOX}OnH~kqvTv^(Qvd{t2X7h#>ecvmcx^`0S7>v|r0j7GFC`G0&*p{%csz6z&D=+EuQ>X0g7eCwBg`&k9_=Y0~H7Z$qj zr$4U$ok? zd8>E~pX5`YZF16&jX2ZrDT4g4ecs)N+slx41*cCuYW%UW9q&{oNHq2^Y8ogmd67sN7dT*@0%>y{G0&Hjbdhmmm7 zilr$co7HjUHOfe}t8mM99L3Q!G$apFHO5We?BJqkD<>FKe24U=FPq-v)2TAcS6_~{ z!A%s8-X{gjo0T0q%FSHvhAsw*fo|dDPm|e!NDr1A{}&l0R=lE}Q^VN_wsT|3qp4!w zlL(CNyD~;Y`YR@Pnp6v*ApbIuk)LfNUOs!1PFCV^8Ix)VXOB*0R1jDAEycEYw&Xrc zam9B^I()S#j>=HQ`ep8TdE8W#KJ86I%KH0iH{SAHo4A55PWLeW@~JJijgjFU@u0Hb zQSQh6s^je6aUK7!qhJ@b1K!#^T!!&yj+rZFwvQo5MZE>0qGGF}8h&Fn%1Kp*g=m_I zXzXqA4%{nIS2SV}EJ#}3_?*Atzypdo0Ub_jcPbWFxFQe$o|Z4c9~x~CW7u(6LfsiU z#@bOX0l0C?zmYh~`wr|UEIm}1l$jTu?c)9!`LdxN<7MwDWoVG==No0WSIq}4p6m83 zWvi7F5@xka1Q2`-0$0>Cw+8?c8K7Wf*FhVF*Cn=<)%3=>O9(v&TsFG zs?pOTpb$6Fy{cz?<7KIwk&LyOrkg59SbCs##L9 zI{0a8{IVJwaK3>ZD4g6~k~zIutm#xJPw;+RC>Bzs(w17|t7|pH$q+)Z|9-=Uf=7_m zd_)7lGfq88usZ<$cGzGV$)6<}!Jh&3Jfbg2nyfl|D-05T5&iBYwr-qLv8pG)ONgi)V4JCN$m)Z%^KO1McFmm+QJNLD?G|rK*^)EgWt#xV*q8HxBF8Q_~33bT+35nUn@f`I9VPW5^$UB>Ti$N z(^7m0m|=6~?(zwW!RJFjd*V7kHL!=(a#f^M-rlW3zk}{shJ-CU<^}*gN~7^b;l3Jj zgMmIA#?D^SozxXh=Muwr)8j(I_3nPgV1jO3!&}Y$mUMqX-mJ_VWDb&e2V0?Gj1D5Z zn074RVcfn6eB$-w(slZ5cUom}n!C?Kvpy_ZclG;)7n&e8uEjwTqY>YWB3<%g!pO*e z%>n&~Tl}9gQnFtQm;c1PE+mtwNoEfdW>wmSujzfYpHy(QqXtH!3-3zQP4E;WL#4EM zm(^7q0fl*W6lSxgF-C^>Ql=a(;}y-bp*(iIZ_8IhohlU?% zZ$W2FV{(+kVEj~lDmla|%+Y%?$-B_9Gp)*zh;Rw|XYTGZfgLyI&hDGz+Jf=MW~$mK zs&7I$01qA$ENf?Rm7_6WoH~Jv0yHP8qcU)#e}7s!JXfz!D0hC1yh}j4t{p2yu})PqVSb72xi+`!(e*~GlytdMrnUnSS7KgkF>E;1N2QAGHw<{%9DFFCNnfhD zv+e4{rQr@X?V`8RqvZ+SrVc~o8Xwo)CS*Wq(qVk^>d1T;Ad{%Qycs;XdtpE6*)IPu zUF({z;WCYR4;N=SZ*rBVpb!C&A}BYs6O3WsaH=h_aY{de9|74H`@DyJhpIIN!nxKZO?|mT*E8{9vyk`{`x(!0N6}I&yO6wc&UoxbwocnH zWAyA}7bqNlFA2q%zRc_GxXM=B-`Y8;N0CsT%t>xHBpE`7Py3F%>Phx}HfKsbzP+{L z$+$k9zTit~M#c&;ab({sLvdI#acpZb;aO!Tvmi)LdQrUObIe{oq@iE@&E_qdf>E8E z-REM#kJ_K1T5%t2FJI~n6wT2=o@N$=N9c{_L%$CX(rslcrLnPjUU+`r?4KSINvZzN zalG)aQq%u2b^mmbe%)|-cg6mnGyBh+JCf$&U#wNKUo+|eCVQtYngL~eB#no`qYJ$U z$t;O2osK0h?bVe#$5Le5HDl7HiVDp`0dJST3^c8RVT>X3@h`ApQJy5T{y;BWB6`2s z)c}?XfsjABrL3ma_X4jkZY$$j=Y&7isqb6^cO9i|lBNUDoXU=HlhV|-`05KA|6D1- z$B^D{vLUq?{vTd6?rcWF0=EIMQt?c{2=|nDLS6ixSnpa2=V>q*qgLYAp(5Xvd-)=< zVzE-lniNfLzO?%dpl_fFa5Uu-TwB~(RySQQ!afbg=jET=dGxf|AUio#bIxw;K21S= z5Zfx|I94Ifl46;%pTlTsr*kN~O%?oI51{GZEl%bpyO`bC$x^PO2$h;$F>9r4xL@&7x&0#1;Nc*LK9YUgTu~2YX_r_li zYQs?^7&ol#m3}Bxh^Qqy^86`$R4o2kK-cNjt)Rsl+SPnqUE4xmH4RIa2eeCg*lTQ) zO4a>5h>Mcb*KHMd`A6QSiSCDs*C7zbTmFpGR6}X5m{f&C>!fq-Q$3NJwzEJWs0v`2 zri0X?SrU}ml z&<_CBtQ7PNKFdfn#J0{)J_=(}mk6G%+yjvZfB)IEe%MR(iocF zWYF5Yen;i%;6oOLck4$lp!eQh$i}F?NIA|3&y~yZW=Wb!jZp@U)NODVDw&lVi{|vL zO+&&FX+*F;Jd!6{`gzD2-KzYGEsC&8p`Is|+F3ok9+mY77eg}fTZ!B1cn>ch4IXjEBM;53@@Nk|Ln^y=rl4IM?$=) z(yW85imEE~JH2n)_eU<*M*sG$S4|#7(?Oo9QL*Dsext(1YceY=oF&ri+0HIN{2gjQj%&yfPg!zDQ;d~CRrgFgK>71v}P5zdqPwdkt^t(KWl{Mr;*kHSHy zLR?UsrjNnC(C0tMKG7)bdi<99*AL5NypR4l>;2=M+_1uT@v{#8(!f^n*Mjh0kA5Q= z&;Pvsvj=`wjA0jjSTj$kov(0y3D&sCCC%t~AIi5XK~zT)C%qUj9;_`!2bnmvgv_LJH16JYWWc-PPKegTV+q*5V2&-)4d82Xd!^^-sHZ;d!6houDpn3#RYIf(+f3(ekz;fIM6+nXrk#lwXDEYt zYc&8yibHqKOmz0V7s*cj*3VbM(pk|E#7QiQE)1*VcVP6m7tyLR(>+(5Uz)#0D^eR3 z2lg^&dkT3O92}o-tKxq%P{6ZWTgEP4!aNQqmbB?h*Ybj0t2^L2a!afgUM+3f<*diq zJ(vyl9h>Jxf@d!1%Bp2xz1n9h?Q*<2kcn^`@ffeXk!%j!N02j)?tnJ<*WZ^}G*#5d zSJ?W+x`aUCg;%G+Po9d1<}d;(_G0RKQ3xn@Uv-`?pTqQk<#7j^^0?(8e0ApeBwTTf zSQ$Vsd+a2BmTH8RV){L1Qr1?xwo0N>$5We&KnK8G7Xv(SIsZ%I38$AC*wV?&9J;&% zi6N|2a4{hA1lpe^<>{FZc44|)XIv5AxX~3nar)O*6n!;}9@1Oh>rM5cVk-tO zon6VrS{Qq;`}3D(N+1RX(_2rN7hU2a;@;SB?viVB*|@Jh)Us}?raXCaye}i~nCex8 z-q^}y>R=j8fLDE|>Lu=yQhfljZ3nb6J6SUnp?}$|$~^0$H+6?deJZa7ExM6~zO1CA zq1l$hs;Jm(AMa+ki2N>#<JIhR+}JuIbB2K)=Z(OMXVhm$mIZ zer%w3Pk;Z7*IP)gS$b0TLmVa_i?0@67ta>meISmt9^!9|Wvem~g1Fi@>}hIkueIfho*35KlIzK7CPeTg*cg)>buwaW>mOyv@a{w^mmd_FOYi_iiHO16 zA)Z6sR8OHAUA)F(-C!U)kX^p7HxMR~^{@WcrUS-E~U5g4xksn;Q(>fQR!NYm&~MvTwEyK@2dlco8ke@w~$8iLqBLd87@ zZ|nt}cu3KVE>9bOpPGv4PPWL`JBRQ8xApP=qo;9!uv&YIC9hgbcXdS5RMA$+hBY)= z1xY~WbCm3N9!)w3wTqVi!rCw(yHxmhM2xmS*@!>SefSICfrO9+H~a$6_&2Hs$*K7} z76hreIdrH1RfoXByzct`HN!j1Dq%!=H=>?1#}T{WA7tn1BY~97CZq2g3Na8zIw0#4 zb$9+meOr|!QaTMxj&LZ7K`$|b+_OJK?5{f~IH|+636)!5DpSlk8*AT?PgmHX(PDJY zZGY9*LO1=n-vIj?FH3*wx4NmSuTpi=6TcY1k(dr~p-P-A7C=P0a$EcjMM9R^477;% zzVoec2EyG|vTRM>jvY4>p-z1x&AWr*YS=gpbLk8vwk)555({gssJ&%9_ zjxD@%@H;%kPK6BBFxd(jWIE@pXw||_&)XpZ8GaH*ALrYe>BK%wtcrMcmTWLR^mN0RQ)%R7xP9;BQ(<_#JnQasq1Js&6ztT= zGC5_Yzqh6=F@z^8-kiywNcUa8I2aCag<`w zRx$Gy8lA;cStV~YTeLg`1jMn04wi%?_5sfzR(y`7B|kH-m(!0rbN_U}b*maKkE zx7lU4`j%B|A9@dtJIE*1XXUUVW?RQ6qnf$^++CcPnVSeq2A&Q{HxqPOE5f#FdL35a z#x$?2!~J4@8EFkcg#>&uF|DKEt0ip@3fUWu_-Eh&uvlO5-V;@AMr?+YU{<&cG<@$LsJ}xaznaE-lwy7ox0~x)ek8hX)G+mBB-)#Maqn&$ zJ=f}b&O7MS&foyOp+CCc0lF+5|#8jmt_=G*@^ z_10-+Xt|69>HfT}6m>7SJKl|H@A-x;QHS0@if;v|E}>S%msUd)T&ywcrL4ccpK&h| z^%OdztuoCm#;;TiBke!w*C2Yh+4REI$7v9x>h<;B(?u6bef4UeoF;n~&cVGml)KYD zcFYXpEcP6mp%0Hk?>$*HK)i3af#vu=TAr4<&Yoa*oeg6<#o$c%ad!tMSll7asb59P z2edIofcgUlEz+8)huDp##bk8$WX0Q=JQZlgZlRS$g3B306(% z7*7n|7WLpl#ovAb;eE5mi{q1f_hp`N+R(@r#kAbDJXd+r#98M^ajSOol6_omk0-Di z&|;k;k4+9&feGzYI=sl%T^THs<5LrjR9Q;&H5)HwmjhIHgyp2D=(FY~i;wNj0oO-x zfC{JcoYk{O{^!4Rdpx+HpfIa2R9)SahCm?5xUsf`bsJmCP+$?$TA3UmB`O35f+R){ z3k%jb4()L+7PYh$&fPALa3G}#1Lr=PQ0GLbdWOT>qlO*UsTZ|=UuX2^Fm=bRWXq?bjlwd@p&kemx>1$p!xB^`AZPi#OPJlSX^JJwaVccSX9_^q#=Z zTGY~pk~ZIGc2T@qaUBvd??O%{^6p`ij6-vTxqrCCf#MRr@EA8-ewJnE!PxN$qh{=;vuZ|GJh;MEUV(noM*-(!E6L zGsI>Z(g_qQ#gAJG2g-B?%FNP7g@05o7SC41P=!U+2prKpWvYJKCfL}Ta`Numw80PP z<_xI0fXrhR^r8B#3tOO0`f5_3E)vp7-=t{vEDx=ezG~Y^E^-X#b^*U;fTs*;}vDpcyOLnF+`H-0xSfuLa{lFrCsOP7X0to%@%gNZ~gP%HO3>EAMl^8wxXajO3z4gT#MhetuY=>B6H;-%G5@ zOSBj7V{kIv@!#U`b)oQ;+A#fE1)B-dD)aSWs2$0A{ir4WC|+!wMbo~wp+oTjqRCSp z=2jtAh`AxM(e#%_^_xZv-F0#75+>N`_pm}?6(xtVA5P+_5wi9}CmfHoT3lGcZ?k6| zZQ2cS9<>P`$W9VigPDap4cl)(Dvfi?lW~|m@T0gyeC4gadk3F=oz-KiamU zgF93f4L|m2;Z^35zSf|ioh7l)iz4EUVg{P(I#MDZy|qy)uhfs8^&PkH%BLs` zcTRva@UV-_+E%cEOn&@pSl|2{>kDkd{ZwD+!6_zYmjWn-z~S+EgRj@?dro=#;NU{5ZOJVVf`wF1+H7Oz<*3d+VC0_p}?#qlK9ouQkI67)UzwG(9(xv+qBnKdi``>7$zXd z@8D=PHT2%1eYE9PJ1Mqq&LRYC=+NqFIy(|Pr8%Yf^j|*- zKKie3;+M$x?SD;VnNi)q`!6K>8edA%YHOgbC=0N+!a_)~(=3oP+{xV5{2fKrKUdFR zBTr#=#%6H&MP?d}0GMZR=gx9z_ET4NpJ{m|5y5~O!S|ONE*16& z$OhZC^TOn?|VN>RUYExc-a`Cwh zF=#`@l-FThLGz{WMnfM~5{FBx`wWh`x|?Fi?44ZwrcDfx&%U~wL1-HqD?{N=VQ-(g zuCwWDMA(bd%&17#uo$kpj<|Gs1foDXZ2m*_%MC!7+!*za+{GL1pXS6O>cYpYOGuIC zsA~lgwOt&t*4n$c8%93b9I+VHI%lh%UmLv5k53CIaVY&DZ?Nxr@zIC{;}?hh?meBV z#_zW6s=S$AQ6E%%;7j8CJeLl#9o>i=W!Bw{`Y)zU`dVCj0#RzwXpx1tHGpWZTWB8h zyY6348Z6T^KX4i8vNb^vY+8!RovEUdIlU=BoiW1byqE3Y|8mE1Mv=+(j&kW)sS(3( zJ^bEu=&_Uk{@=IkK&WXMR+pfz8q}1z*D7>FEH=o? zn8iC`?-7D z>r{AP*U4>vDOOilk>+0Z(2B6bX&BhH?=!*?2%d1@@L0#25V#~1Il3U@yK_uH@R?4w z$0JO;=r~<;*vtsTomsXej=0|?tZyCW)XYfyhQkR6d3Um_2cq^UDb~$2VIQd+E#wNq z!4MA-;!A8;}A!wqkzzZ#R-r;evZ#1kriTz_zE#(z-W>|8vvYz=+zxI}Y^0hihK(}4EE6tqP6|2k1mhl|gnW4(88;neZ{!Q-TY=}yo8Z@zv zD$#8W&1iCHq=5o(ujooW-|c~oPpuaGxV!RH{c57AcGI|+(WeaF6UhtFf((vW5u@vK zCvs8urP|t`b8;kC73W9mI9oXcSLL?|LU}?7y-`Sw>9{&V16|O~>OAQ+QSm^9oa>QB zcIs@hH*IoRrLOo^<&I3>toueDZD0QFoatZje?ARhNu?Ej`O>n# zeCYe@dH=ur=dXy2f9q`r3=JuJ_-)?jEq(~i$nCT6B+aVwc-X5s1Jy{{_U%@8H+Rlf zSk~-1|AWYkq>%+DHL}nDT$TUl{lBOOF63CB3}@GZkx?B6WhY|TL(wO5YB9xUf(AuV z17q7{&d&hy#=v?aKBzlG%?lF-3&M$&;}Bm)!w zj6i6=@f{S;pCQ!R^@{gBKwjvZjLWIImgo_){V7vLH%|Ly)9FnmC56nrABsydVVlnN zY0hmM3`S?na&PI)75&WlyAV{_2PYipBC^8U3m8ggyYf3I-;0w^4ps<91>XMOu~}1M z;J|M_7-nEt^B0#*%)x8d>UX=h{eMtMNgeC(l%oUsew2Li+HvWqy(pL9m>97T!yx5c z@*LS8zq_wjYFV*Rc+3&PkF?vQbbcsr+{lL>jZQa8$otVXXi0;o;QNCtaKys~u$gad zQ9JvsSmFIwd{>bS`MWGdS{}}d>Lje{y3>?~-FvDGPR+xCLfVBI1w_Ig5Y91bD11!Z zs*HR3Rk^K%Ti_2e2iSS4RWu96{e>2=Yw=u9K-uQ!_AXE5`g-c*&KVd!(W5#dNEzXwes3Ux6@dB^O&q`615Eonw z`TYe&=5;hc00;J^gwFV2LsCk*fSinVHM9);G>iSo>1xTJJ=IQ20)jmo#uSrD$>HuK z7I^pLo^I%4G_{=|sF+7x4Mmmue%(2dxp1Q`AQ2MQmYq4=&dyQ(dAnvtzwiso8n?W zN-RZ;0+&+qRm-D?*%lDL%V^i*#5FBnZs zG$a|V|FL%5voE#9@P(X|iz2$odpDVC81lUTAj2!LQ5mDI9ZvKvKS%*#C}kUKs5jE6 zJ95W5>V~yEM#Apx#%Z^ru0Av$@p^YkJvm8T#Uqb~-MEuDZBKCt!b2yBoO=T6+ef7k znX~v|r%8nW4eplgZZW_1yxU4_ z3T6q%4Hp(OsJ&R8w(R$C!AUy}rMY?pn{^zn4UwSmWESMNG^U-m@ggli*~Ih5+L*+M zuLXU}FdLO$jal;EDw_7A-Ov#P#x|>+TLu+2YrfYHd(!oACW5e2qBEBB2oXA^i-viS z@W(wL)yLFFo>5%vdZSx#QW3}?@|I}fpe1@z$a&*@9qg=l&Z*oZlJoF%CRyGpio0QG zZegqpqeFr~)t+5A=elX|>O!`a$##}+0*-}xbPG6p_FXH?J3h^e_xySsYLDa0N}&C# znwpBWwRM2C^+R95t8Z-K40LblRQ)E=JXzg!7|=9vvNdTaHl+CKv)<1SIV{(v)FYqt zWQvj)PPI&S=x=0y&N+(W)w4c{O%5n7A&fFUzIf;;woP)^(1rv>j2#yo{FdDsqHZo< zwdgI7drqPgQW#4&pY4O9GPySQc~9S8FC*89k>_+!@boOb*lb^Kp5J4w8t~LN{7&7C zbA_YOgco|Iqo}Xj`3Aujuw%H~s9$RDKR!7suB$^|syLo?^c7F3L8!G!7M;z7mi7FPiB8+kfnp zV&q0n(zDjeJ}(y9juQp3MO>>-YI6|Q9Md+Pf* z$xFuXlq67Q)}{lX4S8DnbEXgtJw&TV1@?_z)ayR+x`!- zb>~Xj^ZHSN)sy*T@`f~fC+8`2z9SrjD1%Jz;}-{w)w1Rx-2~+<8)~}mdDgO1}!Dpe!_!cnt6ky~*;n*2w=ndUZJ_VDiKZ@dnS%Vp zHy7!X(^wX2m@o)Nbvm@|E?uBw&UWMf)ozhG>$X1x)W?F@!z0;v_Ba+A*4oVPQL|NJr*;kYa2@B%lJ z4d~CX(X3(RhCYCnm5R~Sq3HHC_6eZSg|K(-19KY1v%iCv`TXZP@6 z+r(Y+ZRU+axOqgxP`o!ZGT(tMc0woqLXNF5?$AxJMn7B8*^KUPyfM~i8B2eCb+Wbe z4>A|9;=w+JsCENUGiPSx$t7*(a+Jy>$2!N-M%pYPvHy@3Xhe=^g6A<|;ux_k`_rSV=j~Hg5z7 zs&W4`ATBz?;DsZ!%c^8=AtRqaP?P&9qnB_-T-Mf34iY8&u;!}_STkP4f@kEgR4K;*$ zn8ftNtV`jhHey=gy5@z(S8+_~&Fct!eNk+|#9lyU!C>EuM<1mLGZERE#wp(I4mNJ1 zBPxl8wi1lD4IeUrc=#95oi9FKX?t$Klgswxz3%y;ih8&ZFd(Q|(dE<3g_{4ke@5KX z9uS?DM|?|?EWKBos+rRGVQO~kJBv5rq{r6pPdo#KEToJBBJ&zPSox}^f$#o7Mu=pk z!1%Q%2tAPvsg&+-FbbPh{T;Crki^7V0>uC1LeW8v|K6{ITxdofbZatn{=Lt-`C+aj78LHwO*4Q&=l3_8$F zLdE}L?>)oXO1gAWx!ukIg9#=ZkN^>l$e3U-Ng^4Mv&o2@L^R;GP0m6H1O{wCiHgZ_a$~x!rT;oSAv1* zXt{2z%7CoeSFLZTZ59!gF(#%*e(cIgQrpF$`iqpRp6DS9Ox}}}%STIW!j}Twe<*dP z;nVtB%V7P_gN7Djn;IISU;nA|00@-Mo#D zF*7XsCGQutrNBad2{Rgz)ULQ5I`+6`Y|l9=IY?q}T(oFJ<3h(CV;vz@nIPyysVOfv zXMli8QWVzDRuSGbx)Z!b59*MnIPj*-ji28LihHQ0!yvcz5MINNJ)OEut1%+B0Z)>% zyWa}=L>F{QCrO~;fnot-{XZ$t|8x2uYJry!gJ*>GVb64%z>oDIPfl;gkM-f!LeQ0z zD`0W3E1l$~WHJkj#1)f~!R_jXnCW|BJ;#+qEZ*#Nc`A}fb+)8C z*X#;;GApO;$wZsGRfOk$2Ot@xCK(SuFtp zw#*ii z1j6*>`4VsN(NSbPioKH7on+2om0=WK_F(Gu-w45#`9uL)Te&kG)$a8-mi7HI3|T!Xqn;8Y5Duwp4>DJcwmsD7YczXjPa7}ue+sLV|Mmc$k}SNo(^?8 zXW5t1BIZohsrLBfV}Iw%Z!(T0?}W{8rM354DXGN~^WIadkINF~6BMyR*-^nBYgSiG z_rGLuGsRM9$-mmB^vqOe1KgUWPkmG`<~D1CQZDK)B?Un_-kcyjkCzJhg2F*y3u+6$ zTH~8@N3CgiQptrFW>KN7F3g$jlSb0Tf~r&)wUmMjJnWPZ+S1+KY~U%b(=5p>5I?Kb zTDCOS#m(_Dy!t4M32&X%U7!BtkYV| zZ5U~3X%sI|;EjS^W}Ot=;JIMPLi{YTBoRe(cACb>GdU*Ww6s_-etOuK3@mGb1It>& z!@3DaYj)0LG%vY<1#y6Eq-nCb54*afA@A3Cshc&3-D1=L4>~0dlj?q_D90*mBTDAyMJhVXqu~ zV{^k$1uA|xasZ-fm03yl971GFsd%9T5+w=1aNO=P-@Lm`0_>shasCz)?+VEwAjm3g z+8zBy;RRObAdxr$Mk)8LT63j2ldOt*U%U8ai^bhXJ#yi+Wk1NSqXPO-6JVG^){kf; z0{DgJv!6x#N|t4U((83-YYch-0LgRym!dW9zB^7A5@K+4XAvN=)ITCpFd(L)Xnbp$Vh=wg~>AY z)9+4!YNcUSdgNVpP*sn+S4sd;?8IaD_$GS9x^(-prU-Bz_YHtk#R%#Hw2e9l=3+8u z)@j$mddTE+ZIo9ixn_RsNYVI&)P{qb^HpRFeFvqY4mZ~Ai1!_ihX?3aAF=q(koGm{ z%b(lfALlpT*gn!!jl17UO_Eln$C;T3`Y3}>KMhmi^st^kU4iF;tVSOXFT3>y!n>hH zI}E34+Irepj~#qR_*CwtPzI@P`@@kSgRqW85(jXbaW7UcqdQCp5`dVEx^$&^(!8QR0vbi35)-FE<+ zw1t7OMEI8|+=9e2=Uav>8hC+6)iZiu+?E5(S$uoOouG~lR5FiDw~E*AqPQKG)RBkL zk$zb{VSxje>+S7VHd|xpOmD`LJa;IWcVTE9g~39H2spKLs+=*6+e8ud)sB400VsvQ z?rKtwr01Pl-@@B12D>kOj_4%VHwc;I#k4O+6#X0^&`yJL;KkA;v#K4Q(iV_Q@PB?; z_$Bk`Y7i^AS#o3NlNAtEovHebkHqu^&~v$QIyNUcm4kCZ#a*|dl{oTK8Qtvdy*06ZzxKx_1pTWQ$~*eC z#E1X8bo_67=dQA3oJo8l?MSTI0bloK1JszmYK>qlTQdU8U&E#s;sOtZG7tyixs1r` z2!WllPi`ez{-Q-M*0%9>Rp%!X#~%-wQWJ9h8sfhL)*YH79FY3Kl^2_@$zGDA(CbU- z`OaIBDd}pA=Oyx5i=Yg#8FxM3S>j!Yy_P5GKu$6aXQl!}isq$z^1+eH6|SL!3Iz%g zC<*;Zt=T`sA+VghuaIRyP1uQLB~9&1cK*xD-4MnliUkkRyi;@D`VR9IPe^1B*{r!8 zXRP11_2_4uuvvP^^9^PUDnC0QJaJ!y9)0e|$n?DS=fRF;P>%9>wFh3O?tVFEZ zDX4^-)N+kj(r%IWAjrb0=hyyo$=S7*eeXND(G5K9p)!<}=t3oB5@9p}_&9!c5d9JO z4v0cynx*xKAN-=RbVTszD?H~Xc=RFGsXsjW$65Po+yoryFN;$_iS{{4w?5=ZHTa<{ z5C|)7l{9~HIKkAD|Ce$H?VsnOyH&AVpeMQdQ@%Pwu?LUZinj;0D#L092VavegIS^Z)<7Jn8k^iK z4IJX1Yf~Tl%12Kvy6b(PO*GWCeaqJOYA`P>c;Y;V1w$}%tRaSuk=fD_1M|BS9sKm? zxj~}1+$se;hj?OoxYV1=yWxjkZC|Rz%{s95ia^2?c$42Tz9284Sw5NowECpUY|4%S zR15+uH=`KW8M!|ET0-Z~&4Fpzs$I%VQZ#RFk5rnz=!ukcV(E^tCxQeY5PV-H>g(;N zLj#Am8y^JpW2T@WFe5NM)P!+A$oDnik!YV_3*R1nGHM*$Fu2A4gF+;SL9hNbK#$oL$wv)26K#BK$ zb@B;`kmY!L^^LK*h)dw`{G%?eN<9@yo(aMCf^?2&>iAsoN*Y}P-DO`s4374(;Qjnp zGr*G*L;4U)*FsZlvao@>7L%zn@VMP4P1TJ(R@$4j_BL0EcnO5^H9(#sLl>6`UMn*d z-GS%Vmn~r52jb*_$HY|a!On{wH*4UichR<(p-HhxJKwhW((o|rSWv|KxlWglk#xuX zFEWLHS5&y(y(n%uskDdN469Cr9^8)F-vVdvQg!gf9lY4UXFQ&aAu+w>85iY~txGN& zOOa;=I0DG4$dtUgah@jW(q@&KR@hp%u3wU->URajPa0%M8yqJB#1gp4?E<&B>eDDZ zbL!li%@IrG*_@06W1SWfAj@J3IkR^-PJ16|tb9c2R5r^bApiAF(HTj+y`p6lp6df< zDo7Q~4#g~)nGc(p&(l5ot7iJ=y(_E zbkHtpwZo)3rkejKb_nqukk-(osX`#)^dT{2g`QsAx|r7l5LVVK5Bce9L^R$Ql^GNa zo0l-w7uGfh=@anbXhaiBLT2*{1ASn5jC(507WE@(2ZJwgH9K*02p0V9AC7HZTJq3C znP{DbRzsUMaWPYQ^ug*GtqYGtQ#MDA*|5$6DiGJ!?k*yWc_LnzWBY$09W67S_3+XwRxz!YBQXRMQzs zxwQw)@i(F>EOo|0c4)JT-~?~d8yn6?63cATGU9&03xCXik_%pGhnRH4iu8aRziFt# z>yz&Q@S%lJrXjVbm3j2(ed&j9WO@39Mq_B>;K^}@QyV& zH29d1EmN7mHy~&)gO3Y#fbnwI>YX;7Mu1&!mE%6u$-fP+N&})GR@(!)e)2>AaIFzg zc8zy7+K9X2xAIijGHWdD?NK!@aJ9T z)&+Tdqy85I_7FO{@u(`t19zG#^u%rfCru%l5%g4cSjx$aKqL}Lfgvwx+E9V=WZ(R z5qiQEeLBBv`#IxiLRKbaDMW%VQE_rak$t-ru`efa{PH&Kic0t*@uyNyyA7M^W`lx= zo-NbGGWJ1ALkm4owx?4rQa9r8xn*Yt&k>p9y2ct618&5DVDBA$Jx2B`+N-$3zxGnl zS)9G^BW5aqMGmQTN>&xNrjcHMWWvrGNr~ngGVgrH07R$PF*2?{{wiXho4)RNiKc|80GspdUyxw!Zt+Hcp^!MjykXM`hAGpIhG-;ol+iF zrB|LFYGepClC4Cw0MFuX)&Z-kdEj#RL<_?rPvUjEOhbj{0`pE^YcY_4k_#Kb8=F;7 zZxp=nhmR;<1WB+GH%s5g%B{pWB@pJS`g4;gg0b2^akoOEY2}?s;gN+{nuq!=*;k$D z5mJ+=(*5DJv?Mt^78?QpNN`q6apE!(VGrH_abV7%&_PD}5C7AWeAg~kx%x8V%cJB%3N9E{-p4*&tXYX1hvd zXRcq!br8kMoEyswv&LK82}H~=@^sTv|E8etpFL#41bpK(LWf6MPA-Osmva(`!Va+5 z*DQe9R7+19X!UFh1S^X)iuv{Y2@J5z*t7MjBBrSKjyHT~@LxWlVGq zNh)9MJSCL|SlYJ28+B_W8pT>gcO?XoA<)VmFoI^~$X3o9UP$tK-X%8ebEIienXGfv zeuJh&cc(Bt?&c2k%uEGZ3Df27w(;QO^ZbAoq^qn+ zbI72Maey9BUK}-TZuJUJ_DfEk?ya4Ad?oDh57^qgMq6 zg?0CRmeNTr-z(KqpnF^*AK4a*Zj)BDrU@9Himlq!=>5W3j{LaBCjQkm(v(r{UM?Oe z=A*=Kz2*5(>LZq$uD~v|cCA;9@6)4U%ln1#pU4H5FMT zlu1i=U0_|6p-q^SkTa?@a>3fn-=MVZ+92{8t3ffKLEE&(q4<}S%Eh1{3fOh>LJ{q(HP|Ey~S~#Wx;h_70`_W?74QomT}CntffI!{#z@h32Vs`4)O5jJ;-^ej?ax z;$!we?C5Yn<(w-gv)rVGT#br3u)REwNT_3fj3=}2$&?n}J}ZM?fCi&cjB92M3p&3I z-7G?d9{Os&6Y>{WfI?L%!OVKm(Z_dvUtjrPrZ4f;kbvaqW|koAKiR)vo<0#>8gZ;4mJsSZ0tZ@-{>-_NN$4ncy`Y?@mNmR|0?+YgS zbFjhemrsFl5+|=oKaixbCv#sdeAtKNrh)8%gA=r22>K2ao5&K>K`@~zo|HBkD&yNE znlAFSoz7tvHO>m7yzhcwkhArnD-=?zbIu{ zKB6m+V$snI>=Dt=5ug=(pxYB5{501?*+9+$?!K{NY|V0KC;f`-mBmPA(F$T_rp?+e z|L#C)RWKVjfiWt~^H0+8|HF$Lz2YJg=8#C`+kH?E=j4_O?KkQ+ccXueGae}{8ld+X zJZqWP(zAjvZudDqqnCZLrwncuSSQbjZJ!58Tlm|`6`#r#M_(**EBdybBs3lej&X{0 zSm;(*(r#-nb(od2C?6E07qnoejB&Nq|s>F;* zK~Gm+#PLfT9l0OWUg>I)X|S2p2yyXJ8eh5|dGdMX^35M+e&|8O*hXluLe)E8M6C^N z-kY}vLCfWwW=5Xg1WV4Tc@?>=Q=h&h>x1ojALOVzN@Lh*>Z1^>CPog2`$m^ir|Zz?cZ!zl^E;lY zu;wv-?WNmTI#j~KyR(gUW?=+Gs})k#7mr6}rA5XSr6cCxRK_KCx6V2k$6r6B=a2yf zYO-W_eT>4M#8}?PUb%CrfB}b1#1+7%#)yF7PUUCx^R3eN9Uz{vTGxsFX1C}zA(wA? zeyq?wEF{nM=&TvC!8UN`NpdeJP&ScRJ5Vw-5Uw1Src>A8GBTwRvU`?No@J+EefU5}>NB`L*>C zc1Ewq3mdphKj+h&-E?kE>Im>iZ4SLI!q^x#>_*KQH6;&Z0Id;Is1mXMC&$87gPwys zw}-sYGpm#|u=oNY#nK_xo(ZlLECPd)UF@a*?H&#$aplof6Do{PPP{-uIcZ5^GIW$p z0H3n}sn#UFPwW{qpbHY&IenE4;TnQ)72|U7dgbQKqhQ^`I8&|z+LmU`xdznRZ>?_% zER0Xhstp(q#Ueyh^6aXvNBw?kzmdzvwu&-BTPNqt&@6+nZDkeL6PqB*WaSlzJb%>PK~jHPRGFh+2Z$X4O=_x~k}C_oTqL z;m${E;%*%=5xod5>8Tq*6>H{D*Wvv@f%R3SwdRc8#=k@}QbnY#2XJPP6`Rj-sb`Ny z9?>evc#Dbor^j%1#CJzW=j$P}WzF6J!xi9g+0?6osHO2s>gP{cI|~>`)JMx4y0GBJ z=Sq)jnJw{HVhRK{nta6!h{){ph(=^r>nprcQADTe@o}M2CzkS$DMV}H$Qf(GQV&Gt zeLVVO1XS3=)-WpZOVLOcy;GjsRWc#wwne|S{ z4>tlxS&>EK1qDIf+R?fS98bE;0w(Q%(r6H97)@aDB}NiI*aHB5G0M@ISxOvF;K^_f zu5H}~cgC3x?1!7iTBJ#>*2v8!=0M;~WrYPovKF#a%69Q1;j(^LGQuh7vXxehe0M&# zfxQgFRyvobhZlkfL|KFGPOEMZDH3n{G%1aj}@t$bC7@wF*hkLpGImxf+er zV`ej5zE0QymC6R_+U>wxr7Q5)oxf{y31?KjzspM+RKbq#Ph~@-oam3TjJ3YP}@9;^- z(%WphLI=I!f@IAmkZ{-_pqkB#R+`N|*$kE>`RaSK0}hRMjG|cpbQ+r^XPPNn7m@g; z&bm}1>!FLe;tP+Q*S}~i8xC-nBQCecFKb0}Cqak#5;JG?Vxi{fN<#Rec!X zr@sn}^_H$5$vkT?J^i-(uv>hsM}uHzg?|0~r;DpU)zDL`Okq>k@6(|~A<<7C{rUXA ztN<#*oJAek_!nOq;+iwE#fKBMWAV0QksmEoggY%FtQSD6p@nu`Sz!dC9iBJRQ@2hs zBtkWIcypM0NTZb!l*$>1o{L%#sgobJ^3Ts4&T&(Enz|T+ji?VM<>|&HjMBJtwTo}2^ zAGfOS)$lD-TweqQMAHA<1BF&`lLWRx_YFToIw{Y<8R49UtpT4$Kc8Q_@jv+jpdZP8 zC@Q2m;#odQX-I5ViHBG8R}@<82~CDYMq5;pTA;+bgTgBK=`(m78%(|fe#??hDw8DQ z6wCE~TxKLV$F;V6`G$=9?>hTsvF|Mp<3?Sd_sAKnbT^I5YsD*@PE z{`FAnwmFnT27XmeTOOZYma0r|F5q|xg^`q+C_I^Q!lBe(!XX_@_(f4aExlQjK2_M(!FkCd$o z&&rHsZ~S!rce>?I-~7|Xf1rSy-kyep*cMeS?qE(yXMVCN^hUR0g2kj~bA>;(Y$1te zG8%0U>~hA-sk+6t!SleT;lEFp6;;(cYwj%Ar1V|;StE4Lsrx{%5ZjP*|o@(pry z2`MTmbG&5l7U80*OQzKoxt1COdBwoV6M>Wws=t$VekDleD5p}(`|flnB9!|3#L%Gp z#$Y+cjCgDQu%JyGn=>QEXAwL-oF;aJr#6aK&i5In46Ncaf>0zZ{$DoT1+&OV>rZF%P94VOi7U%rVC;eMQFstamr|gd#TOP)7wNEXbrtXMHv>{! z&hJ?FIOfcRFrwYkzV?3yd@J8!Icz~(ZpsaOASw|5YdJch{SKJ7Sy0&w8M>H^Oq26< zG<}b^Bt7LA&6&ivsysWZaDM4d z+cZtZjlJ$!UwWQmC){T`V<|FS@Mn!BUgC+ zJ2uUt*VO;TY=wEJRcXG3Dy5g6Pz;suxAKp~eXsnkap<4l2$|^qxO}PNDALFMk1dur z`FO7#PM;AfxC$Y$$jNTt2<@ht&e3&wLSI0~R~4Ow&l-INTO$bIfRS-7OWb!reK1ct z@WS`q<+mRpy^AryA(1nj;4co7Tw~Ud3E~v3SrbJrDFR_GozjGugQiYXJ#Hl0GjoB* z$a>&(jTJuQ(Y0L`bMQxu1n2#bmi2Z*M7?%bkH^=x4FpL_eRdvSQk~D?exz~b!em;8 zP6tR^Gj);j3U@w>mIIxU;Oy7Y{Lj=v|HRSMR%Dy|i-JYoBA zODi@-Nn(g9?%T(hSLcMd4#Z{raD)Hd#MOlyz<x zrXDCQosg%{AwDQpA#wRzz)pBGckTg8?YmbSfZfuy%u`eNB`L%qCGbx_YwC1o{Q|np zK>w8J(X`ZQ1Khh^uJI;XHcZv6k z{<{k(PJKp5C)B8rgt8do(-hh)a)9sXuESOt?btydI<Lz{Z`yLtJ$0cNp79==;S6%O3t_Pg6LJ9>{us~>~qPx zbqoReOVfQdiUaj)yxS`FcC}Y?{7ngAlzN(BUzHkDn~X4X!EArqjxU|6sTQ-`g~LL` zw6i}JrgdZtwgzo+1&4l}T!O3HyKZg|uS_{#9+e$YZvV5LTNF(@`!Z72!WE8RbkzI) zS;Bs5UeSN{65wa?`cut*>c5|R>FWQBCG2cjxhcdgkzu7pC)fG&&iz=hFs#!&skF!t ztBtv<8O|A-Fzjn}<}FJBDj#_tr&r*5cB?OEC!teOGkIB#@m(H`&k1TH!RVEPU?)1` zjyHvoE*h|_>zJEfsZo->nPCmAQp4(d^2`l)$F|NO2(Y%dVVPJkvn(N5)6C4&A31kO z{urj7SWm}K>!j(Omklu(eJgeZvDZVaa22HE>{8xheKMX7{k2qI*}0y1D12O7H1a4x zLlDYg!wj9Vu0We1IUzBOdYL@+7GWq^Sp+oUv^|*FLfTLB*y|!(>{|b{*Tcx_=!q4J zFO{Y!ttE_WZ(UEPHKI%kHNlWHs0ZwUN!*UiwV@BQXYet~7F%LkHD06+GSXUC@w|C5 ze&uIz{nJ47XkDNfIgOc>5_hBHsq#PYO+Si?OnUuivH6pT{<8$r7sDqB+ZlX3&Ua{C z(ox-^tmP|jnkEqDLqhT^Dx!60^ZN5oajKNqXyW(^_zQiNXiPZew7PnBUdKjw!{5r# z4sT>K{@0EANV2yDWt~bjAfaq~6V>1fD5m;EK89bm97}vuX8_gNp4|}4XYV|?E}N;) zT#~m=uB5vHzQf?pD8`_Pr3vO1>`Zsbmn+epE32J|j?-L-%D#0mYF<@RXdRPJUfQtG zz-(6gcSD+PrFsc#FQydU*0_buPVtWUj8m^P&VcLLUAiXJ@Kd_jn#F8#^;B}UWiAp0 z(brrroK-UtrbtNp+gg3w32Y{sxvI4dE_@#tCjQv>D^-K1(yOI^M~@osTs?X=a@J|H z%J5Sm|K4bQ_3Wab-*-3Rq}`)w;l|c)xku=+-e-U6@IPx_`UeuO_l#;Y>YeGH9RGIq z!TMsEe=q9q$M??bj@i+Rr{&F{>Gfsg#+|(6`UFMUoq$xRF>v()2a3oVn{NAb$AK*`w`_tD2ggzc1 zhE(2q&MDmpk6`uDbshSB)_v&NjX%v?Ka0bnX$ZY$65p|4(tf|ke^VigBS|{VNaHqk zPS3%rq|sedo}smkX4isTU(KPqxmRi9hm3f!!0g!Og}_HG1KBPjGGj20w-5gp#p>6Y3x6bc)I&EX`l4868k;!oy0i>Y|MWl z$+t5buOD^=#VGiQ#?c_9_1h{Tk#;RtuYDq*^9UWviQQw?$XACJ;!+`!LU^!lFwlYk z-XCe#-5UNO#bCJ5_Ks2a%NN-i|IY>!9j?4i>6&d~;*@;s$hRp$GX>14jyamb8bb&e z1R7$KKNH!SK=LXnzN`Vwuo03*3R{>{mj2s~l%$6p4p3EB2^w{bf zI)k66``+YvA>9n&Dgg;ZpofMlX*K~SDqSm5-ajeO*0(!94No9lZBI7$ARWy!sA0dKc0ln6|SH4|o+Ro1Gm zY*%?xtjB_m{4-8{v`3XvIwP?6Mq*m0tw%{MpxBo?#79r5qjxc_iy1KrR+^oBC$4ia z6|(q4%Y<1vt)%hN0p&W+HwX^?20>>jOBdE+`O}UvEP)jvlXT&1KH)RpD*2FZp!H5x zL}DqOu$ur$lHke&OqG~RI&Nf6WTAqqbe)kA1_d)hZGR{H{#AqFyGPVRqHqi2SeV|E zRA&axvbRnr+*PU1dB$yPrajw8(G1r{ajZcWc^r?`KgZZ0_=6ljmQ<6Ni4)R;bfuIO zbccPQP-03#eh~4k`&X{F>6Ta}^u=p5Jfz8WviZEW{J6hf2H2mAy@$0|5qS$SzKuu3 zQesJFR3G1Mjs4wyt)^&XQ$gyL=Mo3=(--hHkzO%v*s6VXECoEazRPFu6knILXh(wh z%;PDmBHU5IZnB^x0l*7d*6bgk6( z$t09j%EyF}5s#<3A7Uz4$ULUyGCB6q99vzs`=Omt5Me#FvL(`6kgA5zop!e$oAWLU zeyUDjAR18-+ay1KTz*30NMJe1@!YnmoWEAs9`l+2ivF($NgnS2efD?2+wscPNdgs= zadOaw$~j$2gLuEjGrC(trlXC~#+Cps{2 z4oN(i&Ic1i*{HIcZTZMFSZ#>%WFn5x>&ge_8K{}Urfbv+*fBbt;1uh--vI^^-|pTc zWDyUonO9N@F%h{`C`@mVCe?IToX+J5dv`qyB!nW`NzA96KUeHQeg}~FcEqOE^qIU2 z&A)j`(lAOJn-Mrarghq{FR>oCZu#NE>V>kLNqH->Y0b$Nk!uf1->X6tsiGdPCHEj7 zbkFM>J#T2AhtDk-G8gj?7hyRS1gpu@CPX{uoxs}N?C^eNKKrW%{_m2WS{;%RGH@;sTaTSj?b)z zw`J&T@h;GVg9a40>AJZyS2?^<&){HgZCLy}mFaWZW7XnMa=X-b5dCq}A?g+#v=8;C z)7OJlaLfqt{ZYf{a3a-jQ}?*u%H-_B)y&x`y6&&Px#pWMrA)&N$gN5RL)EhJ{O-*$<25yby>Un(>%J#hvu;k2r8U}9PZ#Np;P4@Bbr$RS zM_Fp2@KEm#K`xF44Gykx?HRKvS4iW%rORqV7+fC_<@nmOtW1CUc7_v0KBf}=5GoF z&J zd%4RXR4|RBUuJp*C5ARL@IJU>XrA>b;~FiNk{>I#^%jCC`!HI*IaQ)iXfj=M;nXb( zST9Jzu-m1tVk9}Lc5~PKRl9wJOJ~@$#HZ{kW_(g(nhoQYJ&{Rn&%>ql_lqAb)KT7M zgbS!szJAKKpTjQKUtA zGP|i8Ya9*QE~`D9O)B(rdWsIcj$7n)on(_LMYHyHyM%~LkwmjktNIcLFAOY?&VKz4 z2&@xqFUrw_Qc{uKJCk`FO@ooGK)um=MX+!v_uRaiWQTj{c2_o%+OzC{OE;Z*-KkM^ z%juPKWv6k+6%yJuusWoq((}nz7vePSPs3gGGgAlaG6^(whJ$kxbCyj<$(qM2HF0^p zUF`mW;}gHDJK1w5MhO*X8rzZ#Zg9%h@s|g~gdL+Tjl9hJjG}fHPH1+sWZPR zy=Eft)17Ga(UiTcep`wACWJ;W?y`rOh1>-Dg->>HkcY1MBB_QU>%uqu-qVw21{xkm zt*mJy{f;qO*Y?dAIg`_rHO$Ih{;;ffjJ1)PT{NcI+pZEWA5_WxQC%PCh{tJ9Iquj| zwt?#H1sctCWTY#FM^mAkZL}*onekoD(2E5|JjZ*Ukm*v0rKmA|sYK=>1m61L>*frT zHH0g<;!E|CVKvUmtZT>qsf!%)2#VZ#w|kGH`=h~=2?7a_WCBnIUOB;4mXDb@pqq*_ zY^zuhj{k;e5-2haaT}9g#~Z2EV3vmY;vMY$vw>xtB~VVbfp;CsSCa;>ZK0K$D;_**g`(VOHo^D`()kCF2v@au?>k zhKyT7Tu0};B9nK@rpeHw+c*G&f!o90F2F$3d3s}4x|Ws;66r*6(^gS0{Q>0H6`S#h zErQZyeA+8o{&ZTI1cNKgJ7R>|;gPp{i4Q3xH}s7LfOgtWp0|3rxP6i#mCL1m_qveY z+be?Nz9b$Y9!rx7+_aG0Nj>uot6Cn<{MLm5Vx-%L%{tFNpwvwe9hl zFGVx53tf~gywfI?k27M(oo9bDrQ|M}&kzY`wo;{}Yn3(wtPmePKV%TQQS5g!&yVSO zvY&aMJ+jcaf3En}SFzAz8PgLg zfZJyP0HpuV|NqIue*aPJSJTS}W+|LKcew{>bLih5H>~QsX8Z83=F7i5xkW?A#^*Ko zkX*xlrPR37j+=*3AZ4y*s3)ru)?e1hm(46oILyod1%Oyji?Y(=3h!^osPkq5?~%^A zp4hQSyRQiW>i_>k&%&RB2R4DdO0XWjPb3ZS)8SkZ?LqV(U?E2bt)*S)MJonXyb)AwZvr(D1}mjCG^rE z2W>}P{J4~s(z&;Jfh!C@|N4!+jx8DY3AccC9Qmx(ko3$Ss3T%Op^lJ`VhYNcuL~@M zp_G=oC1mURimELcVwes-J^$&WOuO}Oo;~_hwjw3 ztl}&Fh{r7G!5T|=L9jpKF|Ul6Dh_X&59U+iMBl3Kt?OIUv!N$?(P$Auc8I;%kj$ru zT>E-;kR1NL#>jM{aO~?zEvrb z3ViwH=|>=7S6*0Tqj;%r+uTN+xsH=yy4QhP)Dka4k>ypEtc)0QkP?Hqi49LwCAp8@ z!!;;&OMkh6_cc-GYmnjJ2@BhY|MTpx2GRd|yD+0`rPq*K&ox3@Vq&C=K1F3kJ+us* z)+#$|9-I;ASmV*NjU6aksNg5YK0YKZ`nT%wfBpIj+fSQBsT%)u#b`YHA0PcSH>B`+ zK$ zd-iBnPSMi2)Eka(?3LBAk;73MApf<7A@&_{)F^&5S!HNKH|hd4KPIVK4$6%F^wsumezaJh%&Gk0m81+%;LlqxaWT&=_`+L`mnRJ?p&sgpm`wG5#p=#hU2 zJoXCM{(PvT5c@keY?5`oR7g#CB37{7+U28W2bX;+@5bC1UEM5Cc04|s?TM|(@9UFR z@z1%6q*dVtP+)>eJ(S{YWp0^AN*L?pT20<&mT+gnSpl)jCg)^W+=+LCXR(bZwVrMn z=iz%CMe}l`IoP(+z)-Jid98Mqc2Q_H(uO?3oLeq5YSGbt!wl&pm`I!B|lH((XH${VHB`mJ9&#~(a~+Qr=)7VMj>Pn)jX z_kVb;oeT0_w)Ankla9y8yHPJF8D#o-q_pOWehB>OkXTS;?hwsMOApSRx#-)Djf*MO zudEaAV(XX{vJn|W)0qSZRC`eUNkm{Gv$$SRw>w#NCsCh5I~Z z*3XVzBd$t5k?<}$!V@1JX;?SH(Sk-s*k&tn=Hc?E3LyuZRI!2^Ep{z^4mQ*U^%od7 zft+(x$Yi6rhItwZj?nxWlUjn(mi5hPT=}Pwxn&i^oSqABnfhz}z89QT?-US4Bz5M(iNu7+C#W})F%pB~J4_+13oa@ALe_15WiR+l+}kw`~6HDXGpi-q@`n1woC zXnOs30AlHdb{B`ULv(HV8RV5nfu;1yjV#VK-tpuuRtvvZgYZuh>4vUq5d~BSvnGfg znu9E@I}o78RE6V`kmb12-cba7oi#NpPqE zx5Dtd?VfSJJ#nW6rbF=KF|Ce{W6!#T;Aj$OQJEsgQRU51sPSbQ=m1G_^v%8bQRosc z&_|hxiL?EPiKe(&WA8LBx5f__e|EpchQ89Bv8X)po=;n?=7|XN(K3s=>?zzLW?M;S z?a@l#_~l{)tnk8`LmR_9sy7(X;$G5tw6f0ijq9a*$zZQp238e35UVvt5aAQHFkDG&`_=x!}| z^R_-M<`9{Rp4h4g5zf91B1z)x9+@MiYpHyR8>J3xxmS}U$kUaCu&pd?5ww)Bo= z3lfIj51aB~C@QK?GsiL%kH)?OtV(bWsw}L+-q7y=n~i45VrtvA(PepN@;GTj zaxp=H`JIj?d%uKVdbOx4JorGEPOqfeXgWk8wytusv|3LUB{y|f1kl*oKyfy}tV7A@ z1LCm5ioH+ycf9<(lt4+97Ujz$PpLhpN6w0rYVE&OE;+npnWRoO^NM`S0_?QbEqL!d z^K!xtSD_y~WjbMDIaVEVGk>I9L1ecw_bBz-PPGDijr-xZnzUrf^ifSZLQ3V80y~m? z-;JRZ+uMGfzfU0*db_v|ulu!(@^k*xUBI`s8%bObkDu!8ShP;_(>~tAHTvDK@#PpN zz!N)|V_1PQ)KJ zHTj*EngXkdk3`5ZJx%u$BkUR&;jvWc{01+XssxY{{W zL>J682EV%j$POpcIp7ZmH%_->CbdATG2{$Fljt$URDKF*r#H$CR@2o~^nX$J)=_PB z{kkY`-6+M26k0q$pal1~1p*0$KyZSzxFr-X{ob4es^Voe&K>58!^EOwgirK{eIxR;I~N*2%4+Ei(b!jNKvz>kw`J_;GT7+7PlV^7v?+LU2Sw+K!i^Hsu^dIbA z`X>yRQn&Yn3fwHmTM`3h3(s$XWl%J3;N@k*h-i&c8)5pt%cVJ6_pBCWd>B48cd(dQ z>4uA)5DXQpRL{*fsNX$aX{K%UfzN(wWiXlejuc2s=<;N6o@AsiOi4U7e!U0eN|uCX zW0WK+s1h>IYkDZLc?8NMVjK4_?QY}8IUdjta`y?8g{ji6>#i~6n#OG^xE|}Wa(b+`X40nB z;yCFM1&88yBM zh+<2->X^vij^#RRzmZ39e)(-@hTqQe{2%!Zzwhk&+gS)e!v9TQDfP;$3rEefIPU00 zyZbOEtL&*KKS+K-#Byyjupyf+UNYB|b6Tz%qfi(cr1a$ccCKzyvrHA`f|$~Gf5*^o zW7bwllldN|Rd3q0RK?bCR`a2s!PZMGjC>hrGc>=dhhOZ?8;SH+RTZ&4IYTvYA6-}@1Vd*zy7_KTbHp36n4U@< z(xMwTS-FKb7_0`Y=Bm<8T1+KQnp9A`K?N~97n_BZ(qAdXlH&V^U#Dlz-Bg>?8kI+} zD0KI=z$YJ7qM>w9=!y{(E-PygNyJU`|4p|Z0g+a#`KEf)<8sBtzJn=IoN67Gv2=vc z_CkUg3tVo*%)I1YrFrw!NQ#EAL+oxx-sdqd89U}waz4y#%!{V+M_-#X*PT`CKNY+HG?|V@?lwiFG=it*8sv7)3nu@3Zxz^hFK_VME6``*LIwEb9 zxq}98dIM-uNO^&A9VIOSna#2LLCSKtP8H9LS>w-Naw>N&MrR-=^< zy%Uo37mJTM+DU~flIknvmd3+aS@colq2+U85PqTVzo%EwRbgEciXqG?&^?{y5Y}vC zTR_D-?+OKiEx{e}p!3{giG4Sza)CLXDQ1!7RMV$nx4nR&?;UbuVkr3%0v^y?j^)w5 zi)KOlva&khWo2cUe;)*h@&acF)YY{VjkuxHZMrz;l#U3?C|YMVP2pP*XG)`!Ekzb& zw_~HQiVO&qvPxbI@r8a&CxvlAAkEbNfm|oNu;n((AeZ9yH5a5Us><7%n_ypzv*&* zM>|=y&C{d_Mr(IVZ2QUyYwRXT(({y4Ny1e6OWt1s`X3HH;~BqM8wQI=*}k8uwp&@` zFIbeZB{91DlSutuY_f@n59^^N)LqH_0J(wE&yrbtT<6+uMe?JfxP_h(;Mk_TuLSR; zYv#+QwH!@Q+h_1>QsgcTtB$S5Nd|V;-aGFO(3(2~Q*c6I_odrMYg3Q0pv*+`;+Uos-i!Hl`LAmn$*Vo!&^`hjUc8LOE4#US6oO< zFqKG>*!5JI|+xT!<8Xae?uAV;e)Iw*tWrnY=~iS;|| zYM^;=mTG5N#$Q3P(cP0=HS?84jUZ33JAqw%D!e}9MXhdMmE0Fu%rTuEs2(n625bzO z7hvRKE4|9ExN?oy3w>tB?Con+B>f8goudp}{%Jmeovd_8Ee9kyXePt#oju-iHx%v8 zzNV4bV)lkf7UPws%#B7ncrUT^AunGT`{}LC)c)CIyGffQRm8wjt*U)6&vhZnoLQY1u-{eE@2SUQW6^no32 z)iZGQ3hCt`AA*--Xi#9UsE?t~j>K-!DWFEjzZ>ak4YhBOR4O7Z52K^jK^F^*Fr~l+ zlDyJSMOnFPkhK^FX5iOsh@@U?bR=ycZqobCLhwssuX)bLsv(k5=KcHHv#T`;!3ygbqcXdG?<3keX?UioGP)Hp0*gDgqU~=rnXJA6l5(onQ7IBPnUz;_ASNzBn3ntGweV1I? z>WWOsHkN!qo;Q_F&C%u(-j?DksorrU4g-=WyvfEmgiVX9GASXzLnN5jLmfKL2a`gB zu4M!;oMCq?r$R&5#3KBR&m;UN=gufJvov+U_S{*axM@zdK5SPPRh>|cWOBlf)8>;mBx~HS zR(cr6rjqPZFHM$f9=_ebz&hB^*>mN@Zfao19c=Z>4ChtOy|tp3$OuCT_{EE*_D`GH z>Jvd|%f)JzAnyX361y-0Y*JgR+t&*c6}FGf{XjZ}RwzRW+t5q{eVF z%gu%K`b*EJ`!A4hq6yKv-g5z0<5U`3_rsa zBWxCS*-Mp6=OZbHzx1$AmIj8_+cSEA{&f(+{H#QOb*aIM!$v|j@JUN z@eQBXV#vv2kzbd5HMJFknWj3}(t+K9?z%Fc-t$3{WJ(60O8gPALIF_b=)AW}Xks>H z`~Bn#`<=!DQSW1v$A-Ydct=X=p9?8txrdfUhTWT9++XjSUiaXV7?Llf*$;04ynhv3 z$zkJ_2kAqz=8M;V`SJd$-v0S`jELw~zCW+n)1O4XH0)gtG7k^stpa{r^PY{o`&Cj- z^*d*-klFR7zT9|uTm3)4|Nr&xADnY){gYXZJ}Ta_uk%>-INj(RM|Z7ARs;X|McurW z9Z0=RNqr|XrvsSNdGazyhet^-`QyPmy9_KEI@VQjpWx^>&59?O*~YlukX~QNYuFJ! z|Ga<8d$>)*bH?`QpUbrk8&b!T-5r{NFf+F~IS~G8Pd~ zq?;q_iw*6)D&;A@YQORIX0Ue8+uF?H<;((FbgfWo&4HaFzyf{#*$N`^Y1Kujd#I;! zxk$guSW9(Bxs0E#ap)`>TbrWC)5MnVW7HCst@J?F^<~OuaJV{q5*w1GZXmWf4aDb9 zxrYA`!h$MK=;Ejz^??XAXv5}WW0ez$=oeCJke)ei!oDjycdD!`b!G=%f5l9lSjc$t z7qUW^Am#2<%btkPX1jsESq=V-IImhSuI;(bkod@WWH)T+l5nMPBadkc_8yawsA^n z8Yixe_`gJ%WquO9%a?mUN?SP+n%5d)Ox0ts+&kHf}qwA$X;!Wls7PJo<*S<`W z`sO$iS!WCTdhTIg*iagxLtM3mt>aXE9zwtZRkzJN&CHCUzdG#2Z(sT+r3zW`Z#~BF z>ze-1_=EG;LCiCAt;Y)-{gP50AUf)m@d@M4tliP))rqc4r7=J&={Mcoe^b1F!VM#? z#n%<9nvGkvx~mTh>0POd#AtSy`p3OdD2gOgpNQ}>$IMM4Lr|&ZzdcR=hz|bk@&kT7 zP6UA;wC>m4{og&tek2dxHB{F});cz#q@1W#2y;_o;MqQ~`RdCEO$Jlqp{gwHL!*tV zv8{raX5)z=ytReqx=wuS>+1?51El27p|fZ|DP-Lm;0>!pAhXT!WK%WAd4~wAgEHuc zt@m*UKoMM5ET@(IsHI@#ClQ8Zz5$UGd_(bzb#0J&-qXSc4JWTw!T7X>2D!RVUW#_3 z5G|HTL9|*md8q+t{c88H%)-^ouxRt`a7{|oe2k3|t4#*ng$A(pYz&Dii+Z+Qq;|DN z{qE7Cjya(hNISjO^fi7G1t}fAcfGeH?N~$*1UF|9vOWLNNB{r)x5ena{U(>e+??7G zjI%S(#_s-cu-QRX=)`CISXiop$iVp3Mm{t1Z22ECBYmY;PmllpN%Z%YpE|UnY_kz8 z`Bi#X{N1ln=YJil{?E7nQ_YE0_x{l|^!V?J%hun9Luggrp@^06kHf}pKEj)Xv;Hw{ z*r_D%!6S`7|2RlEmcs$h_O#5-${u#UsEFvi#@i@wW0%jn4H+h)c*iPhqWS$Vol?>|8w0vx)g9QO?80Lf)T5 zh16?|1svM3fp&KjwD|L)dpp!)(lh*+B9QvJTV;XvV`tQqx0m}%RnfRjUc;Q@vEyO&>vGd`Ti3XbPVVIe4Kz)_TTFqv zN9X&l=;}uo^HT$j`yr!~#yvP|!1Xg%nzS8IRTbZ!xYjW@W!GOTR)>Y@j6aF&_(q0n zF!ILw3@tA=;qeq(`edp!%9~9I_Sudoa6{=-NLle9UpwK2Y!;IbJHS__L3>B|Sh{gc zQXdgd*PKiAolxWjf;nRwkIC7lyr95-zk^70XwBE(MgHlB$^88zo8%v2xmjJkPL zW(NS_5@jz!tg0zV3jO4L<1T|(wq}vb(WYJ1=hFykRRdYO=okz3Q75j+8>0tL35)$- z2rK6oVnr3l6r~DX76rmga@a)mhe)=u@H_e>MMcmU9xc@bTBk`ge%ki6^XZ2ME>)_c ztonvvZjp8tflgumaRATvscwRC^-3?Rh%bJcvu`7}#A57F!b%X%y|v9f*O5HQr5+xN z^(3VnlC>BFn?9egV@qe*)XRG+u&0%qUHqW`b#~jR#mJvaK2c;%ne=TIwqFbpY|E6c2|_`=4H$IS%O zJ(*^tzgf+uGuv&3JcBG9%Vr8?Kkh|=1)IY{h-3c_XAmn61efbJ@wA+^Z%d)n9nFc; zxC2zBCdq5W<#w7(_eJAB1utlX)3F5xDJHhtnRra*40lyt&^SHFDSz2J2do6v-aUkT zcoW0vLQHE3a>SS@xYK^ZJ##XvC<_>cY~}(!}9Oj1sBnFRq(V+Ma0$HGpk;|@TS+l0P>kC%t@YTPfbR+ z-fjzQ^r;DqIDg|qGnP(JK#!&MbMTeuoF6z*KAzN*s&dMAZ9w^hD9b`%8JWd#xWmr| z@e!%HB^-TBz)xb7+{ehChO9<}_e@HGX9Mwho4_u}c6>MHuVTv2lb#eZGKJ`B(JA(4 zuTOMPmgBvb$IP=BRLkSAP8%bQeyEp~u7h*5Z{-?k=J0-U2WWR^6c4Pf&a_t6$nOA? z>LBY_>gSV0)zQ9G2+=;ld10RB)7UUS-kYfsS}j)Ra#Nx&CleRr3%{aQ`>mLCGLAIW4?lYxC0*FV4!&m`!ST|Y^P#iX;k zM7DGYoe*sK9xe@Ep78^9tpFlf8202VZ;#%4S22>0LW1=A_ihK5OgXT0$R6p!oulTpNQ@l z-snkIo8r8!hW6d~3>*)#weW6nur-14nSb6FZ5ClF=8!j4EVNvw19%KDi;iIdEkUEr zal*X9stnC0rX^2~tOqUU(Q}-tIbE>4_U=pR3$R5ATkH-i0Q~-w25U0`(~vnLz+3-8 z!X^k!8n3Kjl3xMdl16!)CO1|4DiF7ZD4Gnc?Q?ERjJ!e8j8>mH&u&<1PG?RC&3zZc zHB%a-j#HZHXGLZ*VHLOJ1#~4k&WhCdmw1m991ZCDvkRxHs&LBE?tU$b9t-pc2YIgf zS<bEqCea?SJE|$r;$pStC%h@qE$2nY2)=9eSwn>Q(OL3g1g<#8SaFkv;GQy@2a z+xJZr*PfX?z)^vP*?!V^9YO+UNPGM8EvzssV=FU+Z4&j05GW|f`jCKMPv$p3ND!%6 zqv=qAVZa3^0q0!vw(i=P#CT-~Oj%W)P?~FMq{c%DK~My}gU9>B}N=r>nr(Mxs5$rY)Y$Y{{kJnA#wF)uHnA z0|kMd27*)h_-N$VfW)-AbYE=*n>k4!vL^yXB&Z(CP6y}K|z z6>EKBmU!`2?ON;3WS)Vuj>}j6Yo3zaf7^P)F*`s(V(op(w~5&hA)&dP-wW47pX^-Y zds3TM_q6+N~GsBHQAogg2A{%TdnPFAwh6}3k z2-cuy;j$RUZ-}Tev;Q4CZXE;QHAME6clQ;z%sxHc>~g!LGC^fQxAi4rQjASab$G}* zrLS36n+<9LJ?4sR29VFPNk=e)F)UY7sBc53UP*x0_UJCdkKG$boUQLe4ahH{4cRNz z%FH|r&u+NIH53Mp>(8WeaM8f^AR?8I;fk573Ck?@2R3F=syo%lq6M*oJdw!=p}IV$ z3XgI}_{Qd}oB>p+vg{d&Yc+QzuL99%knOx3`#wD+h69f=Wl~(1c5c(R0yZA z8M`}c#h<4T{$?=_4zaDtMd<>8URe1rKv-Mql7eYxG3A(*j)XT{z|mK}?>c+89@$)f zPi-HYB-kY>+(B;OB!OR0J!sSaigeYuJXfd~ml8I+YNd%J4{{D)GZzylNk?Is+Z`Np z2BEJ%&yjM)5D4WQ5vcJWJ3^K1b_E!Uukk#35}J;8@{;4uQ_ykzTui;l0DUb)p2ZR% zP3NRFnmNG>S8D*NI{f3*#Q$WNaCV}niLTk9{MDT`P$K4u*+CkMqE9o1qBt}fY zkfKxRjKDC-%D&X{1)CLNdte%?&H z;S_^z@-s>8lHv{1tMC8t>xj(`fN64DpO1ULceVQ9cx2StSco}!@DJ;@UweN0?F58! zQ_OFB-u>+aSgY1D-Fe-)C`$5uYI2H}FV&W$nY0+zm1H|)CUNEi)m#oO)!3FJ-(s7mgcA*nNoHR)?P9x?QrFHxNe0(6|JN7P!DG~1b0S4H$5Pd6gk z4oz0}X=fA*Tb`xU7>j4}(3?6RNA=|$waFM)Q?elx$(dU>v0n=kee4BdaROpt-PLIG z2?U{l0ItApprR~$Y8`1tykQWdO_Od}OZ)qe0e%1r#RTtL_=)z2A;`JR&F^igJ9m#? zHY$A0K2%$37(LzT6uxQU^V?1PPq!ld)Qpfc7fHnG^Dut{`0es+&#*ICJS|fzA&ge*GMd#|;LFuzw)zgpBi1W+ zH9>WG_D_)6&I@!$twuOa>}CGH!rtt+W5lusEmwvey_NF?CIbsPOIb6Mn$J$b(qbbs z1J_v7=oVNdG}%d3Hu@yzHQbjKm z3szN}@fb~bvMen&5U?C+EZ8(&srKWQZB6Wa?MQ!2As7Pri@Bz_6&02gQhXp|j_)GzL< zLF@~%syzCjp6)KaRfXMsUqehXf&dVzlT2D`E)u0I9SqEDQlxVVrF0Y`TNFg^Ytqfp zTvRUijuVc6S%r?w*Pc+B|M`y&*ZYqS57<4;o9hm782O(+!FD_9xYobRg#|lVQXg^* zlL$;uxwE3`^vNxy8*pTz57iGg1Is@l1(STo@su$dAo^1EGk{e)K7)3lycCYEAZ0JO zn67Sb4?(sjwQK@2n|P+L2*TGh@*1-MHMlQZW>cHgZJhAtX1!<5*1B%F3ql|r;gov$ zqikIVL^>*M9V1iq7;y&@>)zJ@wYcvP?x_Qkkb`p;$H|ENbp&;Rrjun z`AO8Hd-X5maygi%jRBQ5Ch z?I=>MiQd6O1quTDMwxi)Ub{nTQ^8?Sjm*$)L7^J>eFq7|gyoM`E64ewYx3)P0+xL!d-`t_)D8cVoy=ecskn?A1&iv|D= zJSM3Y`Nu-`G07XlR>O>0PDKR#qJd9~vBW!eLL%UyR$hNJGbTnOJjJ)~ z^2g_}X{@S&3$Og)))DaikwC{pv7CSZYN0?K9eIQL`UgZ`S$KfKU;0ccW)l(JHYVmL zLmT&Fs~eh=c}=RHEsA`q%Y%U^zB2d6x!Rb?5S^F1$S2+&uUx2P-#Dj#+8q} zPhR0H4L8lw$q9jPi3_UnRX!T5%Xm=V$?JCA%o(6c>7S8hjpV;y{(|gb$siLj$h7)ox}mCv=;qTA{&3I& zjQ^FM-`5K?7H<4JjD)wRDrzzpx|>te_g%uNDjWdga~6C$tOro03s&2k7n%$fjHm6! zqnV|QA+~Fqh~r09L^pm{uKvDgdP^cq;pMNdcX_MvOma@a=K?Byg_eGCzwzI-5=ks9 z;x@m$J<|-?qY2vM3Iro;dW7h=)4*G49;UYK^^LyaYGaoJWXGG54dr3%+T}j?MkQ|a zDf6EUD+-3kHkWSmsfW6iDOe z*Wy)mPM(a2)BX5GLf5O!-+^Cr$dZ5i<@6cGn%KvSdEhL5JDa*9G(nJbr#Dug=dk@4G;Ou<0%@(Q^)yBS@V>4fWA~z9 z-zyVe#Hrfpn`r-accOFiBE9r*Ql`8~_8`!Uf1RSmsa%k$Hq+BKOCox^0!>lIKi%5h zhs(igPG?E$Y1`3-zF*5Cw@-i+6ivuj8zq{@5t(9f!(>I+VyL5&cn-*xs%!7C@E$Ps6eyAI{?l3Oy{}|QGu_e2fo$3 zc8IGWB|tl<`{d=k7MJO8=CJq!dJH+vQPI_t#SfF+2}U2{3=53cRYuBJl=pyu@9SS5 zF=S%bt(?i4oe>1tZNW(T)jr;gQ1dS6CKw9aq!lhLrfGwNiVf_rA*bxNd&1yvzMg*l z?$p$W5Zdc{*H$auA4!eP({y+Kr9M^3P1|i*kzw5RVL3xthbI<^fHRExeDKA3v$oV(AaFnDWbC^VzICCn48gp9PJ?vASOmP z%VOZRK$PkcX)c>wW8sJtAN0!a8o+?wXzxDkN6+KaW_nQ3<={6NenYz-+%4kaACI>dZ@%ur_V z^pG-%x32)OJb^><*wv~ZgqIA|c693X3i;X2Bwy_;5IO$&-zRpxuk|3=e_HU8*5{mw z01yAFxBf|(-v2)zR^6S8^vs5_CsJJ88nXHNKZzV2ag#UhwwV4?MT=g)Q=JU(+PbYI zZa)=LBDK*=3s(fq#<1wul47(+JW4Ss)+*lf1+N6#bn@3L%9vYd+PGJgtlYF;Gm`?8 z3;L6S09*VUo8)WsGJ~?7?WH9NU;|Td0Nwk+m>04H*I7m#8pgleJpH56#dT2`#R^H&v z$7Bu2>8qpdC?h20SKlt%0LY95=-R#zUG0P zL!O)3e#+veabK2XTJ+LnkNZ7J&ebsra!>Kdf)kdLmD13tuT5)U2of2%rojVI0tqHd zCy(~K7&_#nDH`1p9e`&gZLo4Va^U4lw$s-qjp>?`D29(rB)Kg@nWCql!*nf7!uLWd zZj}MgVCUeTxPhM5jYBL}UtMgGFDFuch%ZU_p=mQV6F|Tp@r11BzGBZ4sglJ?azb9U zB|f;xYm_I1en!-sAqx=(cjDeqDQsegTj?O)T`2AAC2LMqp3TbU`|-+vG1m_?J@ju7 zcmV)6T7kx0c-j0adA5XxyvPPs`9_896G1V?w9}avl4~DoN<~QwB`)-G-b9%~Ah?r$ z6R<&w_Uc?4wl**BPQ>2Et7t1J*&bHJx!EDrV$DzpG(|rGq*_XrKGpGH7m4Qy?&1tD z`&tzw_hzZ(GRvrpCe2>P-@H9)ve@?i(GjV0iVA*r+UlD_f+<|B+p{`>7AxytEoQ_s zBQtffzA<(zS@$e`3cqOp{_>XJ(uyUOL{Y|89^T!-C6E&>>lMi`dq675)IYVIE$ZVQ zsTJc0#VHM`HuwRCNomO75dQUz4gSd-3#~!}%Jc_z-G=;OBNh5qLz=kC($qGv_Ixbe z^6m*j{-Nht5+l+2yfInaR1(IlRj%q5?8T`y+YuoeZ8PQi7+?q6VZRRT8vi#*~tkF@rBq`so?+&#Wp7*OpydorB+v z#X@_+T3L~vRLh*ScASAb_V)WZcr@fF)pREQ_;CxJyh7QB3&3e@jfYqUBeF%hM zGFQG-p^nW&W`S$Rx^FYddT4pEjjP11P4x44uKa^o+6bd1<*SPgmTmKiGUfvSgbWq> zA>R7K*!uLFtN3T2v@*9^#lw+VfN8ow^jfK!L09%#WwI8P z3u&)tijDgbS$o5N`lk1wOm?~TUk3E$v4#Fx*}L}Qn)kw-U65>u2wo#8lT<`%Lqi%% zMnrzog!>RyCOv+EM|H7AKA#N4y|arVC-SBm{bqX7t$u*EotS01|UC7p^FR9 zQCV5_OXX$Q?(Am-qur>U60Xm5unYi$YKe87u z%*=ena-zlUBx2fep?TCR8V?K+)Aqct-qh9|8|sPzdj4AQa<+wZSdH{KO-=)JB}7cqwU_>eH#wI%ao*p?DkBvP2!Q;QQ5yL2-Wcmz-@ zk(dEOUOC-@dO!*0udeSBnXB2-*869&O>)=0M~#zzL~KrTP^Tqc6?ZL>KO^moAy{qQ z;eXL#cd1;`m55z_Wsk#%a*9y)cB|UPPc0Ycs_}y_5AyQQ7{-Uab-noYV>gF+d(s>l;SZIG2U<}6+ z&(I7ZTp_USUD~PI)<{ZsaXzQe+JQSRAPm!pI$Ml?=vm;Ij2lP(SW&~t?Oa_d#~ISQ z@g!oJ^|yLSgkMZV!*XmJZF#QPd5b$53wX4b)xu4W!lvd=RJLA-;xXxBiptkylC_WO zSUgQcMrH$)2)XLdEo$bM9?$lyVitlpVc?i5KdeIB(vlkMKylnzkgVy17x7Ke!7Hmd z_&_2yg$3cX)7Z~v{Ks^H6M_cKU}`|l#6Q*nS>GbBkl;&Q_n>f`7|hmGH+_d3{(*ZRUX`YkcD$o~~A63nsO<;7a#?SC*v&ILrHLX;_r1$*a)Xr@cel-%(JTuRjtHSFYcZx7V+>AIk8}K*`qenCcZ-1zZY}| z`EMqtb7$h%STxF!+YpE7_8!PMK(eMLBo_=8AZE_){-I*^j7l&BZw02WmH(prS9L~r z^)s3jc|h50E+>!LY{3bz>ub09i}!-f(@5jPinDqOt26P#0iBv?f4x~;{H@-$({{J7 zA`j=4!(fm$`%C*uL>M5=4OkbeRe~`G=`fEeyN-;Z4~zqbJRJHwQ)+J~a<>_4`-^8! z$s=TZtI=uVA0e!URYl!hs zX33MS-3W5Sl8WZqmj?OPfM(Ul(Ef#iAtXnFo#ku{6!xkl9_3DRj51~_wv1udF*ROQ z>pJ3QEYUx{o8-<*eaI#r`npPPu2ufA$gNIs>)3)Klxg(%wmdT%oj`UBF|MK2M6Mbe z8sZ?;o9aa0nyyK?oefXu^iKU8W2dp|fR}!o;q~f&(uUjuHYp<7Inx#XYtqpl*=BCy znG->l4>m;pUPG;DMZO4FZk7pVA*&90Fjaf#;Iz->xI-wz8MZmfVYiSSPDSU-l8KX6 zfu~n`vRW^EM>Q+c?T`SIbm3?miGwQI8Nw=V^E&ND_1hHu`=3N<(R@5#)GhtRX@y>Y zPtz$4B;Hqe+uc15nl!R?;9mry!R}jCd(gR2nXJ4p2S?nq&jrY6aDiI?=dyPhj3Bxx z!c)ZR(j0@5^)wwF;rK%H7N0PP6taS{;rxbKk9X)h;B)f8&H>9My;6c5Vpejx7OIKT zv}rj=Pvh^5ior`~J=zZ2-oU1Qm2%KUr=Ua{Gw*EtcG{-uRy9L2$DcHB+lV(mVoDAX-)ur0)cr$}$|K#(EXV2{sQ$RzT7P-BQ+n*{JP(^F zPg4MWr~PvUy^79EQ96vm+?AWKp%IS9@!Y+*>Fc>%oRPrUFw^R``nfhd=)0baQbnd* zL#zC0_j^M|#*(=xoyF2BpScF+25!0lv6*nDFcRRtlyM9>YV^@Le%!{)({ifMIAPUr zGuI63)Zw#7>DOE7R^H1s@`n1A$@rJAF)?FJGdS8%U_|XC z6Y2j{;4`!Ps?>~YQMapFI$?xVPmPOxgR5Xx2U3h?D;PmF`S`W(X?m{n<3xTZdVNXs{KtOH=_Gy)HfDcBMC4&{(RLgH5xwEGDj!-9#p2;|Cev4zrEG z6IF9%hb)*CIdyWn&s<~XSf6~8QO2dJYGf+`ICitcRrSz^hx{51#hMA(@N_%dpn`*_ z<*Vx~<734me1(rnj)>FH(rH0W{;k9#*=dub;Ond@$4J}iFVXHtDIWDTVQf;#7Ho;a z8CcOE%L!2>#|oRa4_zfN`)xx0WSteg;RVBN$)0tVbL7#eerm>kCd+ho_WQHmD!jfu z14uILfEmPcgcj!K7esa(O4xL4Temp9g{HazwmpkCq*VXmxAkxU=CI|hvmZKO`JN#9 zF0@>!yv@5(Kv;193;Hb4AiCRo%_^{Ma5Il8MDYRVBnD%Azo&LOQOY!ZClhRn%fw|# z1rpmz3{9!QIYwW_YBH%i>?G(gaux9YUCvQ6=)Eu1#LSaAc#1H*e&xE{V@9Tp*1MuT zGR$p1?P`+VlMIMb%E9||BbJhL&!tcm?8y_;M`W zSV97C{D>G9G2k?RuQD6(CAfm?+Dul`OG==B>9Mr*T#)&$1gBxsPa;yV2cx;|Xt2oH z;!?>_9rx~uv8gpR+(G0nLj!Hl#8@%AX}e=h#}I_TBPR$YQVR5)B_-xyZ(c%($Gbwe zu0p_2nUP!IA*;i|0hikI^<~hm4R8r+M#bM#&9a}hy zVuPI}{2>X!sf?K2)IfNmR;kVDc1@o=dl#w;wUc^9^vBXl3HrZDo=$tG?j4nwU&c6< zpgeQ+Hs#YS4atUSiqkH|J&kIo*gk>rBR83)Wf#iI(qj;mb49199X;J+{Q%th$?*h1 zM{R`tkYv*JcUEZ41#I)lipPSllm3ze=n^G^pZ~~XHtCcXtxV0S;@VKqc#S$ z2~`E~q^G!$MHlqQGiS|SeM*ngQL?|hw*_t5!sFGNU_Xi21&8N{M{6qL)*tgl;cL+v zsSX*&I|^*Gh4l$DILbCn$UCTFcp(I;Cy1J5LPJ?e9c*GVz|k9IDp|9ZEv(J?IfJE= zp%J45Ls<88-HPlFhk9u!wU1+?^N+tf1>KJ5vU-iiBp{V3yf#I`8Z6+UGi;%_sgC>W zlR*b2z`D+}$5fq4(P*vNHFYr{?cTHA_a>_+-b(f8ThNl%3(YuX)V!#yxt{(a|@DKkR0 z<2O5POKj+0`YD6XJfa$-U>uFMt|-!^Qyl$olGrGU;60 zC4rBu?o_E;7*>~%t0;O1-m0(|M0Py0We0S`=LZQU$>7`+*L4ko)fib{%9?hX6(J+M zwRNiW@Q=3V_g9|iAD}xrai-1spYZ$IpJQGCq{@~BQlxcVHYWd;vN;2+%-X=bn`|$c z^Q4Uf1Uo@Mw~~(zHjA<3pO~g6Plv}MR?!`i zDPZ&lk8FNEGQ!gzM%~N}y7JD!*Ynv^GV=jujOGsfmH8wUoJuVpFbQnWrP^Ykh+Gyl z^HfdvaIA$CV?24-lya3CPn~Uo+{+%8GJby0RA^U0x5@4mN88s-IkD=Ia3)$MZh^ye zp?)yfz@(CyFb7Ss9G}h$>WmR6tBcNT@!fAMbHM=1!p^pP#;u1lbzSIfgH?W5KMbJf z6lt~djecKJrihFz-Yr>m|8^D1JID>VqBygyxE9|J`}_UBYfKTH&l5d~2zmIRi0okP z$RR@}dg#fy@Ip=26!_pN^Edca#GtA0kmf zKoO75vEv;Tug3%0n*$o%-K!|HvDhpBtc0gYPJjf;EcdR85_@Cc^@LY6tSFjz_IjS8 z-T}^Dk?5|C(zD@1(&rU78eT7;87)S#mF{+?t8ODuChnvkZX3(7Y>llQffexvkd77S|(U(2-w~u zo`Ra)r*-*SERrcVmzWa5eU#AkK^~mj#L8>!Ayj{zq@`wRt!6<`h`afqlv{&XeXEeE z5A0;i))#>xr?LcvKJ^SO!~LQWUB6t_9P5q9JBj12W*8wvZ!UnJnST@F)^f$hwQHHr zm8YE+LR#wc3?1&TuGg{JUO9HMwSL$<`=aGALEZ+FKN1^e9LYq6b-i1Ib!~HR78)XW zpe4aWgNQ4^R{SiPY-X?E)Wl8x2yT;_^C7)l%@K8L`A<9yMv9NM+sI+KGw0KN!Rwdh zW%PZH!6)q16?GqZi8IQ}itQ^0#w^#M(tLDv{(5W7mXh-0qibR00kufzsO0^>E%v&s zJ+w%}cptP11tu@9{6;b$?uaV8#t0xZ+Q6dqxYV83@G=kDnr%!s{WA9MzzS?&WAUeL61C@3Y9bz*i+ios;giRAJ6WKM|DI?dF~ zOcvTv4qB`XTWvLb(BiIiSwJ)Z3P%TLG#q{jaTrf+p zBFfm+l&?pUGSPb0FDwdPG|2zhE~hDEU$dEG%#t4?L@9@~fw6lq{doijw>y8}fG8+j zraAq6NJaa``kIOXLmJ#=16avlZfHDABWZki@|hX-5l|s;X-Ul5n)K=zjZOoB7+ICNved{$U;<;FOCS2!pEXf!pN{#sUQ$)L0q4Q zmYJq1V?UlFtiEuW`fy6YQkZHD|Y4x(`3+`scLH1D@^um1&EJEFhwF$DF z71g`namUjvE85eNZh`h@W=VG50QRmLfZ*R1cLHiSJ3twcttD%B`6!%1`r%y#XI=wFsy}$WYR!yar|w#oG=8f= z(9wLv(|m;gH`2|0+9!@{U=pkXzOE)|t9ko>u=dtbZEfwpFWptz0)^t*;z5f$ZSe#v zE~*w7eLt9C*6-u%PNXD1s0ucPPv{ zi4J~bdJ##;&iZ?}apNDHh`2|K65QzS#&~@FtV5D=_*8wNfqT`@V;bG3JY)N0>g)8J z^g5gY9raJSBNikR(c|(36}6!7R|itk**5qV?LMYa?lZW$B^e3tcpr}g(|ck=u;EeW zV|YR`M`I!C{kq|lpW*w>S4?v^*R%k|{!N_B=F;tYbn(dA&=p)wNyKDJeQXFImP3`U z)3AgB@~S*sT+wEFo$FOO&Xpdh=-y-AIC3iJHfg#9S13ZpSv7d%FaL_oBhN%#6i1-m z*QgjDbvrT)GxCHD2}p)l){!EpUN!%LoY zy$I1lxDs&U)6OHt><$<6jPX$juHO2b@>737)%xZWhr|{}uz9L$-kXYvN-H30GCd=~ z@V#P3t;O0mI?A}UVgz#?>f1CNsYngb1}KsPCN zxn)jb@L2TZ;7PR7XvTY!9}$hmoVLY<@qKUaXwEvF2cC>&sv?0YTQv+;jc{9@1-D;$ zqET!2M!wN;@K>e`KJhA`T8|lJd0qXs--iBAqT_PelTYZ2<4BtOp+2r1YmX!*HCHmG zX`{M7i1)1lca3*ScuT?dakZd(kzaHX4o*o~UU2tA?zoTF@&$e?5o-a~*XNCFBNoHP z(rSj7%#w37ntW6LU^>F&IlEH_0i6=7i-tcpPTq~uH?GZXx#J1VS525o^GklEt{9=? zlwZt+x3Ph$sN!viRzR25coMm8mOhV*CBa=;ae}NNkg=j5p+L1Xol28{b1d|&5Y?p| z=@oUyhM>QAq{Om6moSa2pi=MJb2r;vY;8*O--^Z*J;A9u|7L-!)!l-|q32|zo%zEq&aqk|mK3)F*zjwPfXsf+(& z)YS#9v5K%wRC-Qp)kL3_RdRlE>kq(EQIwPwjta5r-{hc(nDBy$)dhB_&ZT-KeJ2(F zBhg`u%E#)Rm6W&}Wa*=>$KCw?A_x;N=Y6`TK!@j1YSwfJ{F>T=VCImD!8e3@s`Bpi zmgS>UNu}-TSdHlT{w~i7aZ6S?4bya5jCf=+f8Lsx9B#79i@awnjG2vXgad7n1 zUn1`prMj^nbE4IlTg7Vb(6{0`HwzcfI<7X9VK0M}%XD z$&?C&?dZKpvy7@C1_jlFoCzv4m!O*uv^FP!vi%E%lr~! zn(+tr5ouhwx>T7SAdo8~KG}NO`8{Lg@7AtAKX*VNN5iU+PBL=GR~=sBePghV^URi* z1ay9Xb}~d*c;21J>Hn4{>-%p3mA^)Z(qW{EDNC34ot|R)HChjVnw=8a&d7wiR5*bD zao7SptGl=Qm`LK(6n26i8ARLbIKgyWR1`E*-oV@C0|0slnPeTD>Td?s5oukMes)(i z)9gim646Df*u6~aA9I%dQu;F?)zQ)7L`B||ORU?J^R0!ZVVX^Q1!`AuXq-#6#`5c} zD%xgKj^&5Y0%}di#mx3cDK1}JmBP*ofKMX3r5-7v5Qzf;>=DtyIVi%&@OX``sO_CM zfoJaNM5{Vsez)4~trEO)Ydiy*dqq5bq4}-KisgTS`Crfr{zKc8_~vij)2U=^OP^3C zWuNP_Q=4iCwFtDB{FQ^hD8!E#ac%?DImCR%*2u*}RIZ3_v)`q)r7M7|8UideJ6v9u zGa~(<(ap)-<>4OHa#TANeByh*u(nm`^dTqRF>`5urZX(X2#3jLoMquSoq$oXf2a{G z#{P@2^g*PX0Je{JOZC^QBiESpmGmB-uWpFjM=hl*rc;>AZ}Se?K0O2fT*pgiVLKH3Et za7a(A{*pcd!=|hLMKPpYc);~zASM!$;Gn7CEK{h1{;Cw!enc3!*4mNF9y=K^ zD)y+u6Q(kB>0c*l7A8tBJ8R(2HAN(291PVh&R_@k%G6>L29lP8T9+3YCVL zi0NsV>28*+3=Pn5_>&0i2FC6vHTNAz(cAHM`$T!~4H*RW4u%zz$C9R^xG3uR63K6c z)B#ln2^lCSAAY;$wQwDb@i#~0>z7ONshpqBqp!SD2q@Zr`y{?8UUwd`{9N=r_bDMH zL?uUpb^IxI_ekk)S@drP6@L<8rNKLY++3{bBxtASPgT`}s-6TI8vk`*vLxwW%$t_f zO_WaVIx2PE$EXh9ae|AXy=$UMFr4;83_`6{x+z`adBz7E_o`CwoQ&{$SpD=UO&9u3 z=LCMt+!g%W4;TMGiKs$q7eypEPgiAFr(I^x*dLB5ez}a}Qf4)q)#{?{ef>r1U_Dtd zF9_r3hXDgBEqcFSc*J_}fC*IC`NX8v%^|M$ zP+;4O)V-)-CX!JO+^uZuX#iK)!s{A{NYsRYN6sLh?l5}O>Ywx#Rs?z}mTM0W+APobA zx#LC4(k!P<0L!b;{f7%O`V0Nh2hdq69aSoN*Kd%GBun}>jJsLHW+xPlfwBs-NH8qB z)w9RUv97MJu*qR2hHEcfOu`DlgUzlWC$2A&6!(2Sbfw0M}DMnTuayUPLBe^Vh zXNTd2{b=rr5BTh3Iyb%pYUcd7m!xQl!=;8*YeOt8X0-ZvTlqWvRl!%OSh4(iftd-@ z@)m`NdiAV5wZpI?q{gp!Ye6zAa&p2P+KZH*&#MQm^=gyO;Crb5Us|`LVE8=c=x)suwp3T)G*`kCw!#MW8Ypp6b_-cC-HHBaq8_ zQ&?bxku2VEoC1^RPkZ zJ~w&audkCn?v@N4kFI#?!fiJ2R4LLj(HO@|mvTg{v1wxE0M+BC4=C=|2dd9LrK`&o z0eVrl>wFj!;Hanu1^9UFers^`?AsHyD@m0nZERNtf3GxuGC*H0~M}@uWKy0q_P%bA*DN8f{bo%mHnW4r0!jC#M` z*1vJMbz*hQYD=21iS0}dF8j+8{OZlvf^-a zJWgeq?Chu}G7g@JQ~qJN%#&s&)r~mU%hb(C^E>Iw>>$ZO83ExI0SG&H+p>y`hlc); z_Pd2&95!L+iR*kof$|e)XAb4w20JVAv#uOZ??^i-hWMzc5Sz|6HjrE-S+brM3wnH2 zd+fOeMntIBRHlQvbYM|4hDEBEhi_dNk(Ji7Pnd@+cmnkX=`*!fYsGP}6`f;5Lhcqv zekFDbF=}Xq+u*a244JHPZVgLP^Xi#DDu$`p)(pzPy^>vF-f=36q;&cvEoC=_pp$sh z@p(wBkFIHOefT3MDMswA!^f~y2*lC^4FwtY$SrJcp0s){(0{Yg1LX!uCf6ooC>FziMv#9A2@$&m#1iv) z$j6AJ*gn>6!lx`4e|FEhwQhc@Aa|h;R`eDhFK&`1+a}wJ4T;6Qh&nPoS7ocoQzxh# z9+VP-EjlMzonv6HZG)+oU`zMGzFNL6t7?&tkEzY4D^*rES5%cMPT`zjxc@3&mxVic zrGH>)$#(}MeP&k~96c@>L~|}P_9v0ko#(ZlA1tCgPTB-f8lslld*I6|+N(j_AO3*h zsf$(}Aw2*g?s50_{vndJUl&%LWWJ^;X9rp!{}pawlA1iftZ4VM$Mf#P(I0Ot=u69; z%*?3gqIsswLNMrJVqKKY8jsq*iBm$5@`NJtXGga%DAu(J^D!#FvvEDUG7$T93*gK> zK}aPmga|eVg(*~i-o+YCjWdUBQcS{`PVj>uG&!IFtivLz3_qrGZWFjfW8c10oH%wC z_X^~2C=V)94D;xgwQ7RQOb>tjy2!ViM*^)auS2JlT?iejo#yIV$i+W@Y1?tT-h7GX zp0}djR8V1VT|omEb>KOgp;&;vVLjpmNO&3QOJ;OKY%e4y<>(!p3@jb6BhuR@dJ{;JwGhW7E>DaVzDxQEfd{|zZ=6$y3ngo+Wi^tE^V!Cmkqkke* zGUcqaNT9C>qUgl7&#Ze7hIFeJ5R($|^UcKie-bIn(bQiy^bts8pu#i2dQ0U_tIqGT z7aMmlLCNdgn7dbZod^r`<=M7pLOTR(+aJ@{*WvzcF!q1E|K9;E|N9WX8FU)uwCl9p zMPFG(5mY7b`6n0!2)Tmv8;lUzj77bTRB`ANDbBhr0oJ0FK>lFpzEO2msWxMc18>vj zg<;LE(Ikl0mJg83z~+_(=W&za^RpqM)4#JaRe?kH|ni%ton>s<;*Vb|J-5daTnp zlw-gQ`f4e$_zlXWA(^5WmAYpq%g`*<$2CpA@BCnFVbQOb7SHRgX~Exp`fWH-oJy5f zjKWO|UNS1LlaHNhHi+a$*Bw^!&n}@!036lDcTDdn!Z*W|LqByKTx@ajeW=NxcPHJ& zCVq*~b@J1)A*KrG_UFOl&Zw8U3V`(k3jkhLA|IlA;wT3wx-;G@+H&cad~OpkWnyU! zp`s}&zZx;GfXU1VeNKtWM<23DmN9QQ1}o^md9-EB>kIFFa-ZIEs#sil3Rjs;RCnpf zg{v(xRyhcl0an`GxMpGtKo8+im}zSPnh%luJ5%n>*zcRqA0hKQM~WxsUdH#riwy9^ zbv0UoTu&S@%8&yKsJhr1=VL9z6o+WN@OxeA$uxblu1c3~ORuoB5upxflvNgUAq@1<&XS%$X3F>ZjO#4yXqC z`tV^+14pkq%v&KMBDNE$rf7p^F*$e&m^q7xF1jId4G#2AcOJ&W3W8-I#5AG(*bm(T z<6Ms0w7O$>LxzcRn04SvD;NZ6ZPA3UXy%Ui3>e-&dZt>6W1EQ+}j@lHb z+7oT{wY5#Q5ntm(iaEZaLJtsNM}*3jn{0s{u?^J5VYOu*)|$Cua@)`Z`Q3P>bA=+( z%iCjf0xs}dq}g=U0nX9>S44b^@D_h}@yh~~XM>da#iWP88k97z^DbX+B3cOiGN(vQ z(K(0x3q^xC0T&Ei9CR?r`c7(s&CXuF66O|eQNgPt{IW#Wv+S_d*6O2BZ85C)uFKaA;c5kq|gc?~#ptf(H6l94Zzd zY%$XTOUjdzu@MZxHQ|XiDyws<0u~urd%#|90Z)%Z51PQtbF~`- z4Ss8nd`rg$t5@yjmP2{9le|qs569Rp~i$NN?bxFg!KFJTK=r#j={?XLQ zUa&}sxbH}w2i$O+veX#xN?XFTjLdV?bK^s@bu|Y1Awn^ApXv}5XV6mfg_IceqH@Ye zKlYOK!9G~QD;srpQ-nI`)jRoG!(Oe+5Tf2inv*7eVSa%((Pg@z3{z6f?1YvYko=f$ zlvHthI|yAH7M%KMFrLyx$4(jQNyo1i|FjOA-i-l!qnMkMC<3lPWauMCH|WEcr$$*hXE(t}vp0hgy^GA55EixSNi4ag_9I3q_>k%c&pW9d-d z0mS1PMM=iN(dX4VpVMqT*WQ5vEvM^RXO>)Z^V#WF)?4U6Df{5anxvz4jrH|R5J@d+ zz*--je-3o5^fCIA$WP@-YC(>pfRLql%T7?Dx!|J_3OtRSR!NDDg(kSdL&cASi9JQr z6W|J^n4Vv`x9W>mvO6mrW%6k1RTo7Td+=^17aK^Xxmg##b4!0Oj1`GP%<3_XjEEnF z0`709ef$DKBy}7E%ZgA!jaz0x#d`3o~VIR2~BR++SFC;3f+f0*T_8_rhfumn~G>12mnd+Z%5=`O1|FizetE%ilGFnSFt4gyd|adft z!`386?>xs__C}{?O*ggKAdRih1Nb{Whj=wOrawKB+>YC1BOq%uJkhzftNI|{fw48; z7o<%$zDPprHpOqEP3o}Sq~*RDjA?sJWnl7Ihl`S?oPoWL0Y8feS)BO-uD_uRr6t$2h@;71`y zk(+fdd~<7-eapK2^=dL;bvfEtAP3e4OpjM%FZ9@v*N3|VDJkP+KM)(XdBcV=x1X=P zamJ$8Y?A|SK409TPx^0riF`fZ4{FqIQ5G+gN868vxr&)?U#Q9A)8CkppJhi~j~ z#e(?KKYG!_v&r|&*0)yoMuI>JSQ?De1=lyJ3nY=J8mWpQQ}%kKYPcc`DNYTWmx|Zn zyhE8}`zaSjZmCz3Dy2jFdZiDnS&Pk0Q-_{q7Y3P$iCRuka^(!FcC_A`X5fmp!ei6wg2|3Npln3MiPxZxTHq*lMky~yciPqt+Z2#6 zmIVQlZ-eCKDyAj74+j>rnepd+%XU+rNmIAHURLOqm>4inwDo@7c2V$}Q^_qXRL=*p zvj7?$bf-K@=_irPV%3(Tliok<9c$I4EVxF;J{;U0o#7M}H?(C6j4jR+t^6R$H_+3o z1d)4CGFFb&?b4vyDK^V5>6Vl>QmflBb&HnyE#SxU%+#R&)S{W8H0ONMM$$#Gh?x6R zV&{Ahx>9()3)Hr8wwvsA+I&ass^oTRD#JJCzN&SJugpDM*6>+t$RVxMH?0{MuUO5N zYkASy>#2zRry8M?0DemH2C%&^ae9mv(~L z5nsd3@%cT`*8FG9TvO5y{)bLeb$9K*a%XPB{=1BgkbtLu6&2VpMPTjyQu$8k4YI#! zC!Jd^wQBO`eK*`FgTgyOX0rs3kK5LG7cAy(fh(=_daBTNye|Q!CWBC2|R8q14mt6*M z>dJlrQd3v6hP!aaEK$}MlIEOWWQjZsljHFq8k9jh>3J;9zrkbDkWZKZ=@>J zBMlpr?jRGAE3fq@QBadNf5dQUUCZ`!{%&DD>;uoVklCrc(O$)Jt`z(k>VQO$51};W z2Ydk1h-g@~m<0+mOxK}?u?<-zVM}pz00%vQh)&X~iXDO5pM8{aAOtq2`r^!l~#r;SLpYaT2k54OTqw zR>W;kQ$Du}2GUK5og^_cHh7iRI&3KWNSoC*Ps8iHtYTQP@C9;se>Y6bL4et#lhY6U zd+nq!DscKSr){<1Kz4zgk61W}zQKpZL)Q&8S^aREDa<b9By!m`uY2ArIH zTkiZ)3jdSw)ue&_E=S~4U!w2I;55=gXrK~?!OD2`{b8)eL0i+)Zs6U{m*5X4l-Nxz{n(Mwo@pIbEvnMX( zRegHBoGAUi!=hw?Ld1x{#em8LESfe&ZR5ewx}YAWa$YK6Q(`?b)Phpugk$fDLS~2@ z1OU;C)DIyBkA=+~f;t@QC0wQ$+rqg{YIh_r?7%Ua6iJBJ)54Q3+%ZXuF{c{g@63i= zhN(FP&Hd!QE1Si?h4qo-H4HocC>h2{#97U%t3;W=fQ?3EFtxt zUsERWlim}2T%JOtjg3@;;KJQkMgfWD)^(D&(u|Mol}~i|53I%DhRR^wi8qKzbgk)_ zN+P|!YJ+jzn^Lr2aMCNN29&a1jLgQwX=|d&k^N{}CGHHo;*{7EFANhtbeVS2a`PPX3+6Q zU^%G&Bsye~e`_s5S?Yq6!B0~sEO)PQwg_-Xj1d?)UNFHGhDed4U+OrfkqV<~5z~wJ z3f!-y9AS{Sfy6fjD03!#<*G$Udf}DV8UlrxhoJ=pi{SHb?6%eI4D=6ccUW2yrbXav zozy8lrTGf#xo3qqeK>%@bxw?rLo=a_*nTwBm)yHVtiQJi(wnB)& zx2|S0$Y|Oi!j}+-OR4}sT8u2b4R6z>ibzo&qFLNm195R7DAZ10p^Og@AQx?uDn`3B zxRe0w&aJL9-k7em-UPZp5)KJg(6Xha$e4+BW;^fwNik=29)3Gv-YigqC1`j0Aa!pN z+hka?7x0ZND2U37fleWyvp)*(<6KZyR=u=aU|QZLw7xDAU{=V;nZ#f+@3gRs+XXlJ zkK#9}6BbXrydNlJc^9wnkqN2LM98YE3DpTxFoVlcz z`m#B#SR29Ugv;--YK1@G?`eui3P~1nu^{P^c-IWI5Gpvye!5Hzo^XV zcU(ml#Vp6=xrHKw7;GFw%QX&|XG3a5m{R5{HoO7`L2q^3=}3C2kWcdkFyQhstiZ24 z_8PlyPvTP=CK}kbxpX?+`p3i{(Bw8&Gwj%TO z7rn-DBH}PDUTevn520>j)gma{N44d4s4t$>|Dt$veO2=}gD`)#Zh5D~#0I6rpZldK-L_kxIb z6izEd-f?G~a&z%ib*^%j#6i zq4K=WQswToGGPG2VWHp`J}Xtyw)-uJmibzlu&A2oN4(17xk`YUe^fqt{f~|R7|Q*9 zl0UAW@XmkLK*bDYZpiqOtn6wE%J$Zjn*EWYli&AIGO))1(Co}{n_7l=Ct-CpS0~%Z z#7S;PVP^F@a%ZkKEM%tOix&guWNZECdVh#k-5r-gF`0)gKSYZwwMx zBi_;LpZ>9NSI`W+dL(TXy&_Wo+oYG2RzN~+;^eY)ytCpRS>J;~2}{~C6RuI?VPOVU z{41QfE`zhf-icAH|NDf_?z+`su`#1v=tqsvF{5$l7~W7Eu&?~Z+Q8jBq~C-+u}VYS z2?!&WS85tdHS5N=UaPo&RN^~kAK!8>Np8Fo>X^zj=@|UeZA!k;zP%5SD(_Wb(?`qM z#01=V=8!`&tcStd+1#^dve(Kt`X#AzwosR9wJvuYEq47;wyiu6o&l$A z+cXpPIW7)Q(7QLAh^amnm3`Te*3j(0gG`1t;uA^DAxvf$Q_-m(66e`f+ga?LOu?7b zneEN5OQ$<0BF@CY7wd+AamFesO$Sahwe@H}J1-P7x||ZsyLqilL}>rl(!8!;m~a0J z=l}*?(_7!KBh1OYy)-TK+ow%ECU-g!@xh>5cV;GHhKqTh+^z3q$w@YPenap|+gJC= z6)yfyBAfUg#m8Az$Nu5(myK^v<4h}hOVA?&?!vg_gpM$M++eK^ccfBcR+o)!>ooj? zgie|x8O@H`7b^)Nq)}1WV^~k0-7sV({%U3N1rD|)iFD(r!?3Fc)wngJ>(J|mqQMBn z|ErU;hFojW|7hJLAL((IqU~%iL&G=bM3kA!wJRPNB$6-Y@?^7e#pYw)u``6A4i9z) zt6f{$=L_4b8U5_t-%}TrfnQBmDCB&GAvN>?AjMnuK&L7F`c$?7c(ID|7)0S8ZTBA= zcSaQR{dJ-~dsotoFluEnoRCb*FyH30-x2VDs>~#E++&qMz<|gwv;Rcj{3itvi%p_a zg_&Hh6)KyxRC%yBHAI-FJ~I~d;|S<+MmNqWNDaxe22P z7?+9LozM>hrE2}2Mg8u=^3}#A70}!oCJkGDjW1S>JH=3yJc3Y)O)erjC>lqkDQSI} z6aVuiBCvrFesMs)Jd81As5dTrG-;shu&SOh!wK7Da!%|`SPlpB`18z&9>taQr#c9; zO$X;B8~{cuvG1Rq-icm)@mJRe*D4Rf(}g#RS_+e~W}2QCiIBaqZ?*YP_eQxnKKn8y z;JxzUlm81pyL(L@6-KijH%j*T!t$`JYrKH=0ljUgVmoAJ0K<*r1i3rai6>inYZTf@ zqB-i&x96M7BLM^)+R^LK6y~Z1gzl^=40_^z`@X)Gmqs~N%nHl=>9X2N@r5;?kuT` zrnWy`--tu^6xB#xjw(A-djvnW{i0L&OL+=;9Al$|maZzlt($?=Mr!k}+Uple>%K{Y zRm4Myh%Ah6UFR!B6(u^h?ZzdYzkczvtm?1OCJWckY}-gi^;Pl}bqzyvi~?g2Q0y^K ze45P!?v>R!UhQ@KU=~k{{K1g8C2#p|C1u(F{r=-8QMoRY?)Rc|ffPP7r#q}7BJ#66 zqxHPzzAW9xZ$;o4c&Ij{cAJ<>s{Z9}L6)g5kRuOFA`U1Dr3{tc3rjpo zq#xvJv(^o=?zTFo9Ucl>Rv5!K;GE}uXGOM!<%c$o!)ORH5fuW094oh-Jrt&mnP>uH zKT2d{&)0%l>9`k?6ud^{Ao5?$Wg6T$I6TMs`1~Et3L=wIS1bW^Vohm2{4tjzhF9cs zEY-i(^*h>jwp(R?gjAnXh9xJsdyQn~>d@n22%;wo3N|SfrQp^s8L+zNJTp%AexA0Q zyHCeim}VXS5}Vs-u?o7eJR&+3q>Bomo`tCDH)BejioPZVl^r;?z4h}ny8pR8((q&O zCd>$POE7ZauWsLUR+H!CQ|P|b`z#)UO5)#OMnndxMcA}%E~?zprBipXIFc(@8-!xn z0|vM#Z;?3>(aWd6s3p*eWBWX-lhf)we2lgA)fo6JMS*-i`u0#uM3Zg^nixn8T0x&;r;ja)9Q4vCAjMCW6f6~9CZdA zpjWt5;A6lK(5@~C||83k|RxzD&+dN(YZqRO@Z7^LACH^ zCBm!6NlA`#55R;CV02i#zmuop0{Qy*>0OS-EnP&o{@g`JDBuAr!Ry9ehy0lK^ml?W z)W30mh)5n@PLF0g5nFP-Ak_8O;n^0GlTV2Uo`l}Qy*@jsc zjCj^Xe3Au(I!mL*} zlICo>arGR$K(x|dnsLagD*f~7Ohgk3IMzz7^L5zmFjIorcK45t=S@X(VJ$ro17~M! z!V?$0C+wABQq(|KWNS@~;G?0uTyafp=FbmP4?I#43BgPRiH_g~IbDX}Iu)C6%>@k+ zEM0n%JNqdy@=2l?s_aZbv^;2^FLKU+#UD+5zB48X)+D_14Vla@yNp@H{{X#Kd5+usROrNPT-uj7hWakNZZ(Y8N}{&M#otASW`(9b(0s6OdPQ%OpTOdk3ykIRm}r+hq4O%F=OC$-CyNh zWA^jzY@*yvm>+~OQ0>g=?YNvE}SFi3l5PmZdJ_45GioNSBjn9i2u4_KKQDgl*Z-Qg7? z*{p?Lnb7eL5yG!H5W_(pU$ady_QrII)5U@;>L zEPW#Q3uJ|`jo!E#fIP6mOf;stDm|S!PL!HG4wIPjV;gKjMLLk>t>%FD{1ur!Pq%jc= zbV?JIPCTG68UPo|BrS`}>3v2PV?E%ov+bcKsoMcnq$VP`boQF*bY!aRv_CjuR2Jg) zVDl2V_moA3$Z15>M{WB}&y<@LIwd4Si=uY|FR0UL?(u+42LY%3_Kp2iH{M;_A$~*% zX+az!L$~f?Rp%JbSxs3fTC%E1I{pC#jL1LOF1VM}k|zJ7DZaFPS67ZG$pS|4EZ3 z*a?;Vdw69$><-detiP~Rw2d77`|?RS4K)@a3N;X`Wpe@M)KO^S({y1TF4m$+-FUHh z+8KqjHr;?8)uHw-iASxK_^bo+!>Zey*sRO*2u@HWHWDh6RCVzfdIwDkZ z?S7br8bgnR^G_4vGk+JK2~Zd9CNB#GMs5rVs+)sFw{towisI=~aD$xh6Q&qma*(F! z=cn~Vg6WdZX$Mrhi&()!J=QwowJ_+k#!$wL4X0AU)arV|R)|?YNNT(fB*MBXhneZv zx^_GJu^ob?$6U=Jf!jBV_et`x2H|hUi=XY22zPQ%AT4%~gNC@Sm~f5{4N9Sp?O7#s zgQDesHs6uHr6eLpJJx(kiD?&>^DFYMS>;Vw;b<1(wq)&xh!&xb>AaKYenk8JvtjxR zBy3`yyTLWScqL&%SuD1{`a3JiVTy;dni9b4PP<7e;l zCUV^a!wM?KSu+>Y^~Whnjl>EZ*|A|s+ja~d$b1E=2J!Cx>SMY%r_aZC4a&qwzeSsy zTE}y++eY?$7ej#OCSF9~%(-2&BvW|eEx*z!fwi74pMnhVg{a;3lEA-PFxlTv{uAS% zb`k7AIH(Z|cZyM_b9qj~+gEff9t;FCH{k^f^=Qa2k#7tOA2SKR0)dPb2a9=MHr6sD zIP98gz2u)Af~RSobPgvLp5ma*%cb{(EGxXpGmu6=09rD%Myp(PL{!N^3=s?3bp89B z*IV0N;T8YFEZYgWJ2hO~aJ}C*#b2NAWwzQvqQ3m0$4p#%yMCe@)?JFYNHW|=qj=}$ z=v*&oyIn>NNt&GA5VQ4eaAd0U4`32%_MuHT^0A_8jvB`@Iw#@lyJL3JJ0C3~7`%|` zmuzw928lI+hHH)C`aiTY)?^J55pdIT-;?A6sQJHF6v_YCJ6sbug!zC(PsX)*b|G^% zJC?>4W<6LWf63L7s@f*O(LwVl&UtL^{4n^u3PbBu2|8@TCd=qP;Xaf@y}Et<_G6UCKmgIVny zddHtw?V=)D`QM++oh3M|AOlLO*OIhxCE>j)yJ=Zu5UWR_)%0a$(rvIKTOoH@r7JeR zMLS<{#*itZ+(o+CG)LXLlX{o?dmXfCogGaP^UHq@_>^7CFPELr<0vZpTm7fp$u@)? zsjDoS8cz*1*ZR*5^>u18rn;N4=f|2qcE+G`FjLL|1q!94k*R>96FASm9O$~vA?I3; zdh$c=*?_&r7Qe!f7^#4|yqBy$^c!P0zxFdS+Q1i=U&VqC(th>a zbm{SI(-hu@a#AI3tcrNW8y%VV>RIV9Yj9uE`+?Ud-0p<9=MMrVqOIj3f_Ftnw1gQP zz~`6GySBIYYuO6Yg^R*Xi5*Gy|9aGL!t5uZYHX2c=Fv6<$=3H0U>P*X+HvyD*2SBv9YsNYF2J=v5fc;))bd`R+^RNNPc?b3O%ygD{p=WRjz`!#wx~e80MrtW+y4 zkYVV|{)R%YTcDjteqtpZmvBI0m zp+Q^{X+{N*vy(X3!whMG%pP2`+>GwyPF69B^~I8wa3DyBpFEa{-e3UDyo`{;+bsx{ zU%$J5p3qzzm+@R(=xmeGftcT*Dyr!tF~6t>V~kegrYX2c!AHSxa{yUQ?!jWX3JrEP zIxHUu`n~EWwyXGhT>Lkzg|MU|7O(^CaEm^vo<4sZ`t;{U!gQQ?5IGv8s}`%=+KnY^ zu-@LHKb7$0TUa&IRFLWdf9YTODDnzZ?j>-a+}(GGqW^Op(GSJU`(4tugiI0G>0zblpA#5$NowIsh7s}#icEk!3CSGvg^8fJx6{d$k@hgAW%M!Ug*bG z&YgfPxOMPK{pA<;VSTj1d`~e=?P}J2G2~ioLGwatSlJZRZ#S(LrfNq*)e||A?b!)q zaL0yAH+U4CZtqOQG)rGub-0j@UQsEBE>Uk=H`;EPmaX-06*O0Pd2q-S^#WLRF#^sp zCxJ}8-3hV>enk62~?7Sp`1*DJ?1O}uTh86J^Yva%G6eCk%%hXJ{NMt_T|H~h;9s1aS+rv|A#sYqLTQ9RB{&x z1JY*Via}9^yRU+ERDZ0_wJ#O$MbY_5GbiDi;N;!}M2ZVkNviwRF@3EZ6l+l_$lW2j z*pZ2RKpU=Z#k0o|(@T+wv>p)82&Qres;$D5kUISAX9=Kn$~%W5l6_(oV}>GmxXhwX zNU=`2$MRDii2;<&vco$adW$zPu{@|;aj;zPt<9cZto+^It^HxK)lpXU!1p&20i%bK zg%$}1!#*rQqp9U$ zN%sa-w1u_A?Rv~QaZd&w6cNu@Jn>9}It*otA%MyQ;c;v*|6E6*M81@bQ8H{&uj+1o z{d|c8aD+YL^rcgPLt$4qX=eXy(Li~o)tm9x{jt_byOb&AmwqRH*4Y} z#)nVT-^tC57b~@nCML?t-3H<|e(9Gp8WZS&P}7>E>4%L+W0USOJff0?uL#8QS#}?E zH6pZ#=(-`;Ke`7Z5}m`PZ`n}iD^-;6S#7cI58wJa+HzfiTCs)%%Ii`yFtLacQX>Q$y zA?(;_FX~n0rliUI6l!JDi%T{9N*6NACIV#35$YME_ZbwcF{Yw(f|*-&e1qA@6f5hA zhI8K(ETFdo7vOcRP~-d+6}CKmSDOmN!u)pS?CO3t1lTqQK+!qbf7)K*F&@Ff+1Q2C zRQjGAnbQ1XBae)Yp{dI3r)$oAJ-+7FhK1)1Ius2?02T-B((=0vlWui8OF;>UF8$Pv*HHdew|X2wvEjDx=S_Cj6^iNK;NbJUfbLkD9h z3EWs0=m$t>Pxnf@ce0_=W{v#W6JKP)$6?BfV{-%B>QJg^p}`*fDz+2l=QxmGyo=td zT(swQz{UJH*+ketkswXtkKPQ769@EMOuUA&Bc-2hmVE#PM_jV5v8OtLi_SsTCz-+h z%%b`D#-YHyr)bP9Z_xp^=X}n{-+<0LYZk%=GE0TJ4YFuE*FLmV=B+G0OkdZZ=y$33 zB3taPi^|b*DKr6T{K8iR+ft~-2P3VwSp}0aG`6l>yIZTjt?$O-wLF+z>{Ne~LIb6= zyagc3U<8ALkMR6JVajmXK=kVmmvI6TVrTo&Ek1ptYQsWL-7CxE`mE_iw${^}9kee; zOrJkGlW8Zro2L3@kYaJcU@Oy4s8#*JMh7UFy@73+O`u?UCfbI}dXr6VxJ-|S+p1^A zlS~az#|3noeU>lUI4i55xQFo5QVL}esYrcWR;#n~oj>{$_lui!35kw(v!G#D3`17~ zGx0u=+KO2v!MElDl@~Vt<%{okj{j!Ykg3F;AbVN|{_$>n8Th5- zy3l~Ie|^^NR%tQaS*Fq-W&3H&p(QIV?gaVnYqjKVcDuYP zE7M3sGMS3aPZ4o{@M+iHrlz02*3aY9`#-{ghpi{rzCtzlg@EP!nqXFHOTfz)gR zwbiAgNk!t|+QaM?A@R@mXH|jxPh&-uB{;|f>U*~pyDma| z<>yZ^{j2Uz6ZG?Bv7?R#mF+a!wiyw3?O~JtR76XEYc6jSHQONBV{6CSzV3z4LFOI~ z*(*)%FDUWZrzzZ19Mi_Yo=0Gx|LY;?iCZ8NaYI27H^kMd;6f1sF;|FRUe8vibYA25 zGk_g>$?0q`iHO=DYyRxCCp;mD8y8IyZk`f!%JrJ4Ng{fKt{JDjx!yE1)uRZXTlW^q zh@`Dytf5^ku69b!AT}}*5xzc(CP)*_M91etXhkURtn;&-+^!(mwrzY=n$vasadk;K zb^=MC!NQG7jEI$`}wYm!4S0_|W>a|NwwL(AkICiThx(F`= zlCBvfWmM(Rc1ra|+Rg)cch0b!Z4{yVdj`0RWT+{SvhUPeJ>+=@T! z>G!MWBgkSVIa(B&n>+gylIP#hd1oc<>E9%F&AR)ky&J!D_2wkAb~*}NsT%PVC~Q20 zmY<`c>d?+QR7AA9P=C1>`|U@-@PV^CgZ!v|j>~Z|M`Ka;w^~dbv1s!hb;R{Bb1KE)b#wr%ZTiJ8w{3Je*FOfUzVFRqtuV20t6_% z`6G&8JDR1+S2OUCtZr7-3JnCIh{8=uIxR{P2?w07>*+4h^S0gaZxTTY{`KBDEXD1O z&2^UtZT@yxo}CQ6m0xt~9|iBRRGmD?+AYq{Rp4=c&e-1Um%lPXlY@R`U^{r2I9n5$ z{*uh7DnZV@&B?f$7c*8D{99&C2FoiaQ!A(~mPA7uo5t!i|MKc2@94?lqDf#2(PDdl zG8nJOYyx{zC&d0`BESJOPRG@lnx2?431}oWihnCt&LMuyMX;HuS%Tz!aJ7JMpoGJx zJ;{YvAht$Nl~Oo~$^-B&$L|lMEhNt{eu-~yWFI)>i#1RhaW95H63JZsW;^WU?)dS@ zZGU30VeW)%sv88n9rq|(;*ZBaDDGDD;Hs;}@0JV}osoX};H@g2R6A;}P!wsE;)P_k zog9z+4r79;#l#r=LCI96G78-0s{SBB&%lcxtPddSZDIS-o_7a&5i zZH4@|7i3xf^!nH`^I*$obGc@+A$sT)QllWW!$L1^G`gG&Se0$T2pJpASAR8QJ(atq%-SoN11*w{>lEt zrRtl{mzxOZqvU7i1yVXM9~=Y^)&9p8|IcRsuhGvoD8#4Xj^cc*dhq>^w-J9bE+S6p z1HW5UjXrlLPcZcP5Xf_?7&+N(&r=9;OW#Vs#jz6lA-ghz+%wpWm-kn;Fp^nedb*2m zi*1`yw?mG-*T2{DL$vJ?B|8~vB@F;{ zNKqFk6mC%R&s{SXz#?LB<1EIj&7ND^PX#cF?OarO0}v2qmEVRDJ(uxK_6bo{km3ME z_GXFqZe#^A4AIWaaie`!CoT&zQYx9O@M#Rj4sq5qKnf(&f)p!EGq3i5yjgB!1%jyH zft)gEx(W7Om~f$1r%f=s4C|GGoyno1)}b#{0fJ4t1O9azJ;wXhv}>XzJ}J6F;T$w3 z<%pY$rmZ|31)$kI@c~)X*54$vY>GP%1(sWrcXZlZeen5wUaQfmG7Lkkr5xAZzN9be zV1^yp?n|L1oAU=L--Z%?p{^SCREoBe02Mxu%Pmk_V|r+_gE@s2rCcK|SOXjr>X(Rw z(i?sK*_915yPf+FU4Q$`Bf-Zoi;!(8b-a1Yk_elu7igspEA~{XT1X_K3cPPd$Cey_ zW2H&uDa;h#sD5W0zoptluFTEaGfx;O+UK`4lrU>d7!q!SGZiJL^uEdi0tprOkwUUo zr?KvDwp>`H842ky$E}a{8tvA{(+nj?bb<~#Ylmf~&DJs>ek=8bjjWiY?kg2b-UC8) zlF?k1$;kn?4y}->;#x_i+JGStcN)`UnStlD^oShe!+GC^6dC?e`B1hpOV<+>__%pM zFOUU~Bs%DgBrs{yDw&%j^*0B%8{7zU>M)#OFM}?s|A#@jJwGzTjwY-gyj-{DAs(l9 zsSPGl6(B%97O`90-IrMEH7P7aKsSwj+Wo6`!RI*q;!zQTvFS3M}mr5xcfs)=3C%; zmaQ#*(SoxOtSCr=xl+8mILQIan>i>dFhIqH#hIoNRem}mQ3i%Fro z(t)gT-A=;Z!J?o4W6ao`oe1$qOJqPbW}J5d#Js#_lp=eYQdZ`h5TMcLh$iO#wSCzt z-14k>Q}2%}HAF$@U}mo}o8|!->8y$&|4$Mf#<8Jlyr;9+_+_kdii-@%5qmblmIfBW)9*7qVVLkkq;XN?16U<$i@BBeb7pDl~WKFI1c*#Aj0|aZk zPJq!FR3oV0lh%8}YgS2z-HpG;jjEoGI@3H;_kJsu zYbOlt5pA|wXAhnay4*No#eCY@TtzZOTMsML9g{Z?5EaD93Mo!=5qeuf>`Ru@eSOv> zOqw6PpZn{9s>Fl)G6`EXE{}ahHP@2Q5hPf7T zGinp*595$al(d^baSHs(m6>tC=>^b;j8o)4r6}u5}xn-{!n04m}6D0+k0t%z! zIx#?GASxxXGfg=TnTEWj7592sDp9LuY+*q2e#z}tJFYv6XQ>I*N(nU=R%o2;7c~?X zR#1SvdOU<)(-Su&jQX+QrBY8j{G+sO;oDz$sbwwK|E zPARO6`2e-&y<-{^TjAJYls6dhOLL_Z|DHL-8A3#j<^K3UfBtyn9EOx6d# zRL{*H9^T>--%uBEd@%=t?g3tOWQ$IlxWn6&8K894^z<1l9qXMS^OS8*_#|qr7fwmh z#PD9kF|>le=J@_#(@>JlB632+ElVWPyU(KPmnZqKX`-XPUi3}QPH@8=)|uwl0*Vq> z=4k_54F7|6=wHnW6dKIkiXr_IBm5TqX$C9wnVkY?Cq<(KRj4V1<(rTkvH;*{okDr~ z%-EPPqSxQlS{G?-PFCxs(BzCxHGJiTanM4-%$m~IAL@D6XG3gAu{Bxd?;v;{_TfZ* ziRqdET~h^(WwkWMb(jUPE6Ejx?7^K>`EZi zP4!^cAn{&}LQk@_4S(&Hmppn%p%vF^w(($e1q|jOzIHg+wqLqx(GKx*W*Hz1h7eN) zUB+9g!})Dyi7K!1z>(75Ho!z3md2Hnd?>h_sC+If>1W?!DKc7Pu$tHaPxL4|XALCsu<7(UM>N`YJE1O34yq3VS(}$V>?o;Gljn8jYz>vqOBI5fTZ*m? zFqr?Tp5%^Ju-n=g@KY#yCA_bqj#env4E(Zx#Tym%Hm1zqzy)fRy4)infUeAx53gZR z7EA*Z0u_)uFMpwM3D}FYd&FH7Z4p>n&G*S3q13o6zD?ORT^ZGx?kdnh5g>||(M zWjNaVqpQtHp%F|r;?Mua=OX$4TUR8aa+w#>;w`|O=s^JfSkiuEZ%&AWa?G_Fo)x$M ziCvmxgz2Q9QbVbb#D=VRH!#EGS?ZZxGc~NUvs06z_B;M$*TGo0>{YK+c{$wMbod(y zSrYMa_x{V@o8seM&sYgDy7uraw+a$O6&zrUugd$SGH9sjVk)RyldipzF^ULC<~Z&-DmC*m^!_At3#wioqmVS={^5mP8T?Zu zo{LQND)~fU!Ng|k&EXqDdy^*YW}+u3l|~B9QkmrfZeXksGjN5Um8fKiwNv#6WTpp^U&eR=XuLFGRRNOkNvgw7be&(7kyP0bHn#CyjzoeeXh)d z^&sV@^Dsc)Wy7?&mDmr_qkne)*^24#Qqq0&&46FpUZv3SC*K$L=JUmvpzYO{suc9D zmYwfP64yH85;MLVx557=8R5Z8<5P_jnY$XtF@StKnSKZnvk*Tv&0x!w$F7K|%vfhO z!If#y*7HZ`9uV6LmYyD<-Gpb=RrUJog=8XPPT7T?Uc2pys>kcDC1iRwo{pqv4=}R> z(BvOek$OGwCaUPbm>$M|cU)Kh1PF-G&~dj%>AKZ}3h&*tx9qqIzq5xhs6WvTEj0GEH+0a-R_-4ys0x2b!HJG=hCvcJ}Bl8maFbqXTpNYW01Q9vFTe?bbd zCQSvbiFQZqvg0ri%We~!^jRn}$$Ss1H%VgbqsV{?Sbed^r)N0rSj9*i ze-S|nv~5f=fRa^8{ahMp|NurCAZB0@*y8Xb4yl;griv>Egv z%ti3u2g&)aR=^qq9EOx9hr6uWuZu}5Q)h-fb8{q)?3nqn;c! zBz!%klRv9|Ip2pomkObd`goWpqs&BrJ(fQaf|Q7T-PsrunXvt)H~QJc{C7#H9E;}^ zvvFLadr2&ih-&_WVk-6h8DXF0T%q{pjjydhpvJ*|2sC(-^g+tbAFc9rf0HcY1twyJ zczS(AJ3-nprdyL)r8hnOYp_4MIW+5xZLW?xVmgszFL$U!Prk6E{m)mUfRHYe$#A4H zNpaN(nI592ZP(66$KpvRx4%*uL44FZHI{sw8jDhXl;w=oCoW4mp!H8QGtf=-$@OCf zu;{u-#K-X_AJsry2gxLL*U2S8MJdN}8y5eTod9(gdU^iA{!n>}qNzi_t(lk(qv!VV zTs}D^;AUxxD@ALBF{C|g^v~n#Vqz<+D{KMs2IQ6{m#I@UOz|Nxe`$$nfBCty|&e@XmT!&n;P5Q zUDfUhA)u6Di#{p+OHGSu0Z33S`_58Oew8m^M}L0GZa=s7s()M$Lzk<@&cSVsq# zLHs7pL}vXr%ZYLN=dAaoL?95-tUhqiEB9jOr2)%NrdCzp5`Yd*1Y5umfR{sfZ$%{%&|Ya;DAAEd?c}ibJq()& zOH>QX+3OM-{n$jPK*9%-*tO{Vn^n%_L#L|g`{wQR_3GGM^~7V44ngrr9Q>Zqs<_BG ztyK8^@tGr&$w0EXegUJljTX&-le}^Y&Q|-Y%w3tI$)HcVe<)K~y}Pj=#vp7htR-13 zmB}v`MWozKT0`0RKOe>C3sESsHwCUm^xMpi0(nN!Fn4^f5KmWAu?nhLiH-kDK!r=hHOA-y{s& zJK;@=SCOXIqj^Lk0?CUu(A*7rF1RQ1^6P=u(k^K3R#dw+ezcx!gF zFHrxO{!bYJI>hbRZu_djjf>Ae*9%ipPYDnuRl|(Vz)j=$JD{5T^zo2+EFGK^3uZV3 zcm*eOSKYp$V2y4drnJ454hn)ArA@I{s>H)s>XXj7sy1{3EYZ+`7M3(=XE&ymw!*gm z=TA4bd>+hE6Nf{xbRv**5Rvjr+wf{iCmX_#Zc}U4b@Hxo0KaIiH6b8sL+H5gvVlkn z`Qt_+IVUzC!u2ix@l$Td6qQXgg(bUIX2Ujk=eUPZzTLxwV9;tW1YX!>nLvI^qsc%d zBFzvW&iJ|rTu}QK)y=;pioYg8uA=Y!tL`S}{LijqpN0Mp`N@A^tca~FLaqX*zK^C; z+tq$-CH^{*NeAAAmz0K6YL9gNwv&ki{hpc%y9%pWP*PAHDA)xbDToKJkhQ8-u)Rjr z0yQ26nCDNPgX;KC#PkX~VmO!jx=fVxfW^rYW?b_`g(V9(FNMKeNZYqxp~gt;2%`1- z0kCN6qArX}U*IHFKRt8hP~Phc&!sL-(P zbaZ1G+HyeaP|C^9kAuFiuR7<)jB!c_pF$1&R%c3$C(vgrz6hx(-JrGD`3FB@Vz6x2 zu6K9r?UbxkA*fTC_;L#&rj|}+s##vGk0)A)BbqPLZ^P8HHvtoPcuLn>xrD2O9AkyZ z2s`WK#*%H91bcS99xI-a^Q6(H>D^q7Ayo-Mdw9<~b|HcunWpg}gq!|xhw(iwWi=>= z?JUA-*~wOfO4CWa=a|<3>_oYpdJPr(x*`rZF?-Q1p^^u8xjs{gggw&+azX0Euu8Lw zTTd&UtSH@b$^@75bWTJSZeHQ?dcVTShVz3OQi<*Dkz}qrT0kzws?Ye|&wDp#-$qGzm* zO3$91vjjIE-xU@+_z6{2Ik1$o`d<3s>-El(EOt`HY=8N^NJNdJqIPdJ8%0I^b3Cz% z#DB~zxIFy4%emSluD|rRIDKyJL`w#l33TZ=SHEjBhZ^pl_;m{MnQY302Pc}>qfWv4 zg^xM8WNUc)yRNFF*vZQGHAu3Y8zof-%98?m1iREk$Y@8sYUCyYi}Fx~3(%vvipK2k z1mVsr#wDe-1=@S_Qk;3I$}?;o``>|^IZq3k)n!X+bKj&VgoqbFCp&V8DT$yl#-3dJ zp+}{VIzGuE?J*#$lS~YxzUCt&4$H{RC?W)Gm=~Q4rAk=l9I2TfE1d3Pz=aK(G=3be zwt5*eqPymCD)Rly2jnci>{Al^D{(>|^}28orvKrVZ)QX>Y$Z=$FoR8MEPKRyU*rzB zuO`|-iKi+_&4oICt-<3kq0v!#Jme@L8xDPSjIvXfMEW~fDJhUlTR1eNY2u13_|~Yj zWJ%GY-@~_ygiMM#xHIL|r^QDVJbRMx4hV9L?V5XfbfW*8Raf17uG8z zF1vw(>bQfR)JOCE1bPs zHBu4)>-nCibJn|j$=TxZ`KsI|$(=>3I7d9OK+-Rn^WY)Fp9VKEj3tfpkWH%hl|n<- z8Dtmz@%Q^PG%?U>tpW~v)tA~)fldR2Z}A2@02DTy;BTuzHc?N zpHjopn8P_F2h3h!C>jbyevjm|wiiAua|9k}fBa^Bsy)*&6C3|Wk^_(GgizL71@S!( zH%@s^H6*v_>?w5W*#c)~Qd63sb9mG8?c{jG`D{@%bnUHbSme=;mm$>aB8(-H1>)(( z2&YvIsTj`6DN>6@blKOwm);|1gMYvn9L`jAm%BErLNZe2-!_?!H1zX|QL^YS{2k%d#ImQQ z3GU=2{WuHfAq3kx1@g?Lh?B#VRN55h***UbQpQWqJY?Wu9RRb*#Xw2-uoHDo3_%Ygn`;n?#M1GuI3tQIAy+UgAmuhqqq)b#jd z;rNaMGJLHKIqnqrska;;$2g7~XhRx*WbW+QqDRGQtSVC9*ykg(Oc9LUOgM zrXSXsXplS>pMs5VGV@2P8l&&0Qsbc@*yP-DuOZWy!+EV@!Aw0H`S%NOPRE+rj-0K; zO?G9Cu=P)9?HXI>LNx=_kuBi%s!-z?PV#DTe#h5wcnT2u-87P zUc}5n9tYFrS6&j?D9nt(`ybB>S)ZhPiN%!;vvO}8_gp@bPT5@uvEQMaSR`)r4iX zB6@|Z6n+P-6QWumBfW-P6Rr62$+gj1E$le_6Q2V;3i1g>=eAbMVK9>=K!v?57d79C zh<4IvvEbQ}dz4KfnV7gO+G@L41J^3jo50mzEvY{y&or#5C~E_iCADoPVJOE?s>fJ( zft+M&v9iwpopa|vzlU0pboiA&Odo9T-*gm9#UE%=21J^00`0j9x)8nD>vB41hSyff zC_+U9mQg%ydy*n&7T#!$vg>@Rz2^!rc;V^oCGaJhN4f_VTGmVtKM}11HW19Uw1_t3 z&E6a&4kw?@?1al_gMhLls~xJzePxYrr7^EJXp)|rc*^cLX1$JdaLIhtwgTyzJk%1`r*dfHP24#5(v%!C{P zig^tRG8c==;2>_u@-wBPS|uSv&1jq3NR~wb%*^p)%FmMrG*byrwi=EQW%=o|53S-7 zPC<%vf@ykPfmZ$}C(h@fB1@w`!?o2gWc_jPjq$QmJPAtv&P`59JI6!>til_qd8Z4C z7Ai($8repo6e35V*g#A@_8Pe5OMQmBlp&+RkB7_}ww+2i+rsGO?bZDZM8FD#La@jw z$|k@54gGQn(>q-Z;YW<>FJp(OHK<{ys8TtJRKPG+3@|rdFzMkS@M(Uru>{Hwm6qau zD6Pz!78H4Qvi*@E?q%s^AQIg661d=#RdI#i)~Mj77+p?Mv(4x? zA7c1ElKdJ9f!#da^*3)ij3Vmy)4mlu%-#$qzvlV)Q2(h@L(VUQ3B<&#WakW5pv@A> zmDw70r28TZc;(iMka9b9M4p75b?s1se8T!lE9bMXxk|rgIg0TkKE}-PUq+k?zHoo| z<@BaMTfsDMeJ|K&^CWZf2w5m0yxNA79y?Jk^?9I4sMylDT}bxvawZ-?Z64@x@lB4V-VvuS{xHhMYtOM4iPRUczVhpQ<1UzBehdCTKiDokl`YiB zQukD}KFKV7Rmn*_qYOfSMDIz-s&7G|DcSXD7H_XJo4JLD%1uL=bT(-fpuP|FwermU ztmRUk&rOy+($zf>u-Q9V32G}+Rb9{+7-*~9{e5fDcPZGDMnfua$R{rF`*zT;HkCMo zdLG!q7MZSY=wQP_l);`L*N79VN2k(P(Ei=xBwEDr^M(1NBh!FMh^8PV6~PL*pcE)q zBgG*6Ia3Rr{R36Ir~GbPKM(KhVCM4U0-0PrCm?=KRd}qOR)29_@am_`4r@VnYt`^N z6X0)m|5v5~y$SyvYxEOcD1D!T{ zYO0~au`^d5rsxL<)um!o^3Ll3=>qxBFYC1^X>UTB9!wBK795ASle!QV?FsT9^ott_ zX?$x^Kz`Brxd#lQnMN^v5&h{!g&eZI3Bhe_=%%io=+7&K9mDKKZFBbrwDsm{Q<};= zSqW6FS8C1SQRlcGx>HFa4uC6WdkAO~9*O#qEBN%x?$XKA$SgytzNW$*@boBV_2@*H z*&sF>ZuE{@?O5qZwAC}}Y;8bcK1!`9d0cs^QN?v!Q%ofZ!PL(Ipae?yG!XJ+Ci3nY znWAXud(=bB)Gb(ANla>|d{1Um8`dcKIhQiP9GtmVY0ic*q6r$Ub(1DTO5FD@ z1{bH)8zO1`COOnEC$0)*PNJFckvquP5jA4B%~_5ox^K(cth#OJ%9ecB{}D3s$*@lSk!_(D?*h0^CErl3WB)=e#|js!EfDavjsgM0Dh-i+P;lS|r3`BXV41v?iO z+h(wFY#tFXJ|MBIBi=zYLo; zKTWM8b|3x6QAQD@G5iKyd^@ef`i#-6)SgoY)M33IKiO^vLEbN((X^q;mzf5h?iA zF*K6)XooW~Q`DNnRXLfeocZ(k_xqB=8JXSM{e1xR%hoNcynrE*baWE$5NN$RiA-%$sWVx5*bVgw~EdL!-|@s?nqP zqQ5ey?C0IR4juu?-ITq6dFfSw6ZvSNc3x29Y}UG5YVyYM9Vwh=T%K?(e&fwqdU+Pc z#gB7_@VfH;+4V*n6U5ElR#BsR!+XBVY`{DD3 z7(yp}(=cSYa zeS(t4zz{_&U$}pUQ?c`X94z|ak%`Q!9yAaI(oURUcbul|-@rH9u=A?~j5l0S0!jIY z5vSWfNJWu2J`C(>VYe2lVG}DBdgRZcv0^ziK(X9FcZ05=(V|(Q=B#KM@1xuq>@_yi z{h*GxHO+Fxg8dFb=Hxfa`%QFqLA)H$tpCgW3vKL784KrvLtsKtD>y!qn@jE&+AM_NkJ#QOlBxldu zv~6FNClpJl^kE@>!H3k7!XV+DNJ6sEa|=se`c$0E=w{pR?c)KO#jml&#$hyBnE_;N z493IZ&ep1oqAklp-LXG1^xwc;%OphNlpW844oT$_2A&3@lsDq{PXd=e8MtH>Qd_QfcjYH0EF)RKf=(L!bwzWb|gG`h6E`3?BSghFtX;rdihy`HS>PIZEz&Y3} z$io)+s9qVVjx7oy=XsPV-mr0aIb3uz5S+_B!phUG(a5b%_uiX8S@47fCayY0t+^+gO>~ z=PTuCCv+SWqjv5wF>k}uQAzoT;a#j)Y@W)Rc-cZ*sEP=6Rt9B82HMIxDADsIMt2V+ z!bmQmyr=5*DQRe~@)|38d?Tg)V>se-rmofHC<^NUPc-fb``T_IH0RG z0`+5xJDg|?`#&jU$!TsVp0QSw-MW2vbgXP2{`FSiV$#wC`LjXye+p-bl&^ogru|FI zq&+fM)c)ahu)-hYdQ*)4&>YXf`SRRrOOr`hTdcK0&7P#^e{l=QROysv)WU>gdMGsO*Z<>2FMX@k1@+8kqAY5 zGpJ52KgIWad;(YucnpO1K!lGXyD^+U4r{|>N5A|{A~sp)a5*775UV(dWk%DE8{ir2 zS|>$^uAZuzy2s~?YgzI{{`yE42Umqfr*t=(?rkkueQc1eD-LeQzQ$WOFBCl^)ye+A z8@T}CA7IknT6(Dx``c1lu(~l_r9{4ZV=|yyv_S4`T`LXNuseOt{vi0O#qxT0e^@YH z`3Fs9xT{gUdpr3(pS4t2V^+)1Dj^%?`{VH)mMgyZ+NK7EAbu)W*8z9q&zL>rvV%_mKqDNa?>DA|@ZTUXRze)6& zba;kFP+ft^skr&h`)nQOb>I_p49SO8j0(qI>s0B%T}|(n3>j zj}rtx`x}VJ-h-Q1ugFJrui7C}Un8MUkl*}&i-`EeiYcdpK_UrmxQMkj$mP1MnfO{y z(}?cxWcS2UwD?yv3Y4X#Oo*cL0~sTPHXLIi^D+8A-J0*OFSl1q+xEpS6CUu4ZaJv@ zb!Zk~Hj}M*b!qr`tZQWMdE)`ZS_tDgbx>^6Bx%XBX#v6%&1q_klc%YuH>0j*8tz`t zzx}he;!dBVJx=30ugi9(q{LyOdID2Dqd>zzY%dR!Yhg@7>KU5?RHwf=H>U5>{ihg& zCve*<+q#(;*=9zaHZS4AK_-2_E_SJ{90F8}I07m!yVFOb$!KtGtMlm>%PTSHy>G=Y9S$!PdT>RTaP1=3%FN2<=7yw%S)VEk(M2tlgyXo4 zw}SK~NaS>8)PPFE&DNzQeb%=X@bzCY8(6KH@37I#B`Td}#SYF^RicuS(xklS&7AZ4Wy&HKJ{>q09IPzv(+4}QQL#?um5Z^*D`%+nz%Y*#?K)|Iq z*vtgQ_`eDM>ecbznY{nGss8UA0gN7=EI?1c)L-`y6GCfACg4~1Y}FcVGdh45*a zM+_K{%|)eI6qc(KWm1nEL1h{vt?Up`{ysd?W^iI=K&12(Wo6{+l%|I@>qQGmpn*z- z-^|$Ux>9dKl)^OkDdTgvB^#2OV>ws#P@Ccq$FZV0ADoVlRQ&BV<7Kmed94Ql)@J*SGgMpCwbO$l+G#53kg$>i_XP05|0Ko zJ|eY^*l($33`Gxvk+WtmO?pTC)EP5p;jMnT<0;~z7we5hGb^*P{(jyk-~L)wa)bDz zM$LXHU%5`BB?adX=Zcjb5_Tce!`dFYyj|+19X^a_*5)xT3V0_jr6cdN zrZ`P-kDAxmTDUoM(n^t#Yq>N1`HnoSLL=n?JuVbyb*rqs%q+Wcq!sJ;^mDhWFCRL2 zTs0%nb=&-ynfpYkCojB34<>NwSBh2HHDBYl%vT6GV(H4cqTZsU(C6#@T|39_RbLg| zLXvUZK6J$|!GF(gu0v*JJRAPOWv1_tYp|PPYM=p^p}Z_xIXYZPs$)(Q+>Wyu-SbP* z-P>PY-`cs9STPK{cAYx`dr`o=8LzZP6OZku2RQuGUQhl|wtqxf1r$D^kmw7*`SCoh z-H)#uF7E;3o>e-4s`8bT14>{k%{!&qky{TT-`Rg4w)Vge#~t5FDRk1ys>~4+Ht3$d z=v#TFbD-AOl)&{!?(lv%qp<9#ckt%ecq$O6ja&&|44~5d+D<)1u(78gt9yP-_}(;H zoZ{Fmr4r*qFplZmw%c<~2wxo#E!dx4**hDy%6w-Rxwxf` zFE9t|5IY5p9c8ohUs>0*@jJR})l(+F_@K3Cos5dWo}99cZh0MIu_oFpE2l}vc5e>j z8SInmWz;Wpq>I(XA&9d=Abj`moMEr*Vsb?u{2*O#J-c{WAyh^?g<_N>4RnVYMXlTEs{n5|;6pZ)BBg)gHo63aTr?&c`(O^|^!I zef32&B&5TVvs0>_36jdMYi7Sw-0c%mwRuPh z|6$=gfCTU>DFk5T;=f2-Y5YFFbDFPZd|W^F_k=ZrA3K?WlhbazYb!`Xa&KIkO5|M!RrDZU zc_8N{>9+Un^V*}zf|bc@vUUfGXU-2-tuHJ+W^Iob*o|yLJcyYDup!0>RZ?0F8F(MV z0TNeSmk<-l)eHk`xjF;2ia+z)gUl_9j3~=|nYj@6&gkJ81ICHgeKu(A2-s7k2o+f< zL(FCKcr~vZo8_{*kvnZo3;+Fz*4aKxwl*1XswugilA$lbX0i@=7md2S@YSq>vjH#A zf9+~Fr*sEV`bKTKZEvF&K)N+c$!cmGug)~(>^Bw^*&Oq0*|jo`qcjca6D~P&C19H@ z$B{*%SD2>>loq3D0nTUUg3h2RJli z9Ez}W?R^R#s<_ZeW7vP9faJoJyqUFRo$9R~`2Nl=G9ETxFDM}TH;H?r6M%;uQK<;% zazdkGA#+Y`ZTW=L#v&n~O;z_-<|2XF!@bbqOCl(y{az7XsynPmPrVX}&$^6vm*qXyG zbrT?aE1|z~rWB{g4fNZ2Zmt8lQW#+2i<}r9L(b$RJ!&%Ccb6cta*^ix)cL-{C}74i z<9ZXQqo12g$jL{YjJkSS0MY=@T^IqyBj#t0b{8w92XHQSGD zt|1L;nI^&E#V=Yl`WIT_sZNpPh7`@EJNQ&*6>VF?G7rpiWkbi@Aj@q?Ok1I%&7(Z!Bqqix{ef#|(E5z(rgViTuN6K4knXT_6b9F7RGYJ7!yJn?+xr@!( z_1-BI<*Dn4XesJ)hG>l44s>MMQ+zJAyaA9f;c+(lOIiEi!BVvB%W^jHD(YeRD20gG z(C`+kD>xx{wu@|149w7k7P^_qv1A&UeR4}?^!ao@Gy z9O$Tw^_e9QQ^F9LFSHgsKP?u<%No36KFHr&Fc1E?<@dqR<5JPN%N1m@ll{7E;dFde ziDsQ^mlQ_w>o$c)m2j07YmsuSHYr!`w;CEYE!S7;eykP$uJv>i>#2W}>=^m(zEi!} zq0xf$=VR7Q3zo2wIu{{5kG>g!=PK@imARXS2SStcIm*1+ubp`}-1rN4r8q zBNJyWIgu|%j#dt7O5xqPbTrG=y?ynzi}YMQE56UyDw$2TDesv0Q{RB2o)hR4`-9A=P&f_taNM1sGYa~6d1?0RbGq6 z`BGujB$7Kv3vJ7vnoRHR2&GRy$cULWhTl~PIZQnFVm$cdk)7|7iS+rap#C@g7<=RT z=k>`~nQP~ghUJ$ZctGv?Gd%}NMgxpgD3Fk9TuS1ne#zNEu8>5|$<(Qnp$lWmxYF@K z@E4Dogm1z}&q7trRxaUKdhV98>F6ALA(7{&?EH9qui%Eqh(L8T!xc*`f7T;cPX^(rt%FJIBeaA z$K&5NYscvL4k9ObUbjR%ca`q{KS+DasJ6Dh-*~TpONRr2Y$N`&_V3veBwm{fvq-wgGZ*%%Cu|&Grkk;> z+uJz5(BpQl%;)2{p5d`(w+NM?=JP(-&TVF|k2QbO=oVt2$htnsv8evFZ6hrKyC5uA zBP=8UwUo;VLzy>HI#llfJ<`(?>li!hkeb-|(`e}PA?hx^(cocisPJN@kS2_`QSfvm zVjDPpP^~DyDymq&n^F zbCS(z;q z^3EFK+~+0vFPqV$wvT=u;MPjM0KtFMP&ZxwTu)RCGK>FaO*Z{+_Cvz@f$k;Xc+vja zV~y^^ed$OjR6Ux}Us)@mLA%lRUSc_KaCMznfkx_m6b(pd`BSDIPPPOlao5vor+q?`#vZ$Knw& z5Is>3x&|aVwHuPv*+}^bD~uuLrSt?Q1!cN{4Sf=*F|bLqOod{? z#A%tT@;Ec3Ywv3aVTS??H!oOhS{!fxK^u=6JI47UyTYHhfMSm4VzDPf0F@Pc5i~%- z0Gg(cTS!GPfp)1M|B#rkNrX#{i)tJ7DCVow*42Bf3vDmL>*;G2*?KQ~2TDVDWXDVK zbUmbhgmP!!D~dgCacJzXqXL`>3~?UOJZzR$8A{^cExt#r{EG-vay`S^pqjb!GFtkw>f<-f zQ+bl{OcSA~Z5d2sO=^SBGM$njA9a`WV7wj|&+dQae zKAmS-rEjKAt8bU|?@()!Rs8$JkK^&ft?jPp0I0w|#cLwowdnL)gCs@*FMAy~n6I+#(3~<$*9zt}Ft^2+BggRh+<8@^!Ky|gI z!NIe??oR!7HcerF;aWU5<|q;csgImw=1_J{(S{gD8%JNxhV)0mT%wwv4t%z+v#Fy} zD4WY3{2As2SJjFEpr5g|_XD++>-%5(p%yJaeJ;ctTum(i&s)jFbQ5Qv`p3RN1xK%l zKHn}bG17eZKBqb<)f|=7r|=v}=oma7-udfC&-3mhIfg3s*M=ekm^f*SZ-vP9)_pW- z3qEvFq8tn)O+95pB4^l?OtTb=JfEc=Nyll9RQGRFI=qy+pIdINJ`@XeIn9DFW>a#w6yU|cv*?8X(;M=d@p{~=m zgDb(Z?DB__%f1<@=1M{|8Ri3Fb2wJGc0w{8=bM~z);0HG1)U7@L zQS5f;3tG`)u{9L+evRJv%7B8&Kt)RWDDQH%wUu(R-&mWOF+v_yApjl+7s(qUiKX0Pq2AW zpXINZ$rg?@29<3IH268nEE5XwZD-L;<_?M$M9QK&JUuU?m9f0pe2vli`p?$Kn%Miy zc;NU6pn`|Ii8{~^&z$tz1@=EK#n1}#t{!6j_f|&QlMe8PBZ%&BAu28E6LRj1g;iKK zvNCM&`i~}7FN^rn*}~y8mG_yQ?}4Oc)m?18qhe!Lt@q2Ur(v(?Tp0x*EIKaERz%tF zdY(&hT%FUlX4_@n)hrO!wTZYO`;Nxy)eX%dR$<$OM2(YlRn|emF_HW5jCi!qxcYzHR(_R0spT^7Y3{>&2cv%ubH zObk&Le{qc{+4@wyb-XJ4Xg^L%aK&YwfhF=w79vOb(vIaYngGH5m*%HN?$0j!%)96( zxz`cZ2fB%WQ-!j$zqta5$jbEa3!_foo|wgP5(ZDZf~>Ph|L2hFaEUw3wlk3T4%~P_ zWAZe;@22Tqyme=X4{qdlbUi za-DnhOyrH&da<()F>-lx#tk3v$f29S#7ki&*}*8xTvYuIGpFLW@fQ68!@7*0>?xwW z&TQie^)UvzOC3hg=jT}*WlNFURL?`{Az22V(Eg>_H=g#9fTevz|NH5)w07D>;`GM^ zHG91+gJ$0=a&0obS_}$N2H2vT?u{Rh$Ca4xC>AAa6gJ8LhF;?G4|Mv!-e`t*xhC`9 z_&DV5(NC$STTSnF7fj5y;C5+>>hRe@I`F0h6?OjdvifN_MbiZ|Shc$MSbcz|LM9>Z zgrD8cxx>&dp@wxwct@`0Y9+4rmd0+Du}Wb%lWUmKp#Y$uK?)9h^8*Qnw#5MXTbraS zmgN#lw)6|f3zy`%UxE@m9EEgboZ+&``t)Z9-zO>RCP%6Mn7j+C%D_AH!uZ81+7e0Q zq8NfZ8H9oi1Q9Hz?8FQ}>x({jnmBi{uw$?9AAb?)BVS#rNInr?AqNZbBgF(6ImAg# zl;Bi4oK7ZP$$)_QS4`zB22+MqctdM182>kD7VJU?Fhz2EOo*D_lf5@-b{WNvOP2|0 zk7RzeJSui|Y*uo~^jhT4h&PvA+0$Dqk3wyi{dAN3`4ppe#WL2s@-JCpwv)7qevOKTg+j{$g*V-0G zJBwbsvb5>czHjb7`ef)!!0cJO>)MOQg^?WElFKWKt|IfRvqxH=Cd5rBtL1fwS0%@? zm6QV6c8v?#L8qyns^UF8c%wL)q^Pv;yH~LHNK|7JkbqLYVcoPP(>t5FAH42%qF?R6 z*;fXB6HSxnJf)`&JVpa{K)b5rCYJwLtTffpl9MLpHeM9vBWL!a`{k-x1b#e>HV6iC z4F`(?5IDJ&)&N|Bbc@UF8>Jv(#-e2GPZ z0{)z0jDeGYcZw*M%hT7XugJ3OI3pLYY+4oX6{1YH*Mre zX==5kZ$4rxDE#i;LY|`=BBL%{TWn9^*+$jvsmnjCs_wAzHo7Tam^z&d$!zY|K>!&4+tK-kWxw(2gU6Zf+c%LTW%&ma3q0M z!FzSoxH6l-SF|u0oIb=3;A%S>==q-b|4w{2j=h*p_k zeWOPcgm)yf8U#eSq053e zu#8ilwfche+t@xR=(b_vBpc)0)yMWXW4ac2B9WwBeTweSX?B$@L618 zd{tH#kN@JEw=p@|8S`A@AlN~lBdk?nYA_L?rw-ak4vefCED%h$j>U-wAf&lk5IyEv z6=BGD;?6E-ZB!i1Bgl-{tPsHg1H-v2BFLKJ_W76UV!J!)EJLm>X8PT~ukg|l?hdB} zz{Xq$n7p@5Ez&gJ9q|n|6I^Nbka$LjOo&&3CHK&^dYotXwIq0V~>+a z=gBmDchbF538St3?6+PT*!)?8w$)}e&CZCFqjjMxluwi6c`ppe!secB+Q}kexo3QF zO$OhfhMjqOEixEvz;${kDbLmE&hgj<3%zL08Z3@Sp&$i{`BQ9~<)8op$CcZ)HtE?Mxmp$+7k0R9ED71sLYkiu`$W z?-s`P-a)^P=l;w%cR4u5{jlG;6=*uL$O9a92Xh^c1-W)m?+x(vwIUt0T9K>BSKR+c zeLxse?ays8uHNe28s7b9IEF)J_wy~CdB7}WRG+N;_ZHD_X-TFb9Y5;)T9{1$Z{KtF z%yJUI7@oJhH%~39j_E@pOIbeoZA$`GP=M#Z`N~P3AdsCL6D(*o%=ZVRX0)t#KV7G? zwlE1d#M|_J$B~^-*EX4$!})_qSx6!+&NAib!2>m3=C6YbJ)5cMc-}Ca9k4sGzr0## zoo^&LrO~U=tEryshHP28LOEA5pRgH6LP>4&TBT7J+ttFqRUcR77EkZeulP(8(yWK) zA9&>sz-}}DjlITnC?o#l5A2*&rKQ-{B#0f?cw#^R{=XC>lG6B7#@|^ur^@Y=@{Tq( zo{~Yx8)i)!CNk}dL*tfy%8}|u1BQ1Be8fIpZ`DAjFC~>pYaDXft*lV44Fz8Mi#at1 zf0G&ua81DNmK7N$Wa&pG8npSxVljnz#wu1hD zF@u+?eG>Z;rySm-ZI#j3C!^FE5L~)su^V;VP8J1JayhS^`_kQ{oFLI zLli-2E((%jSstpcHg<>ZH);vADY<9Dr}8khIUUd<$oH(^n%9hz1?Ki+{*UR#ddxJ2 zEvZ{&rDF=Jx_Tt`00B|oZGRG&Q9}-~{9PiWZnwNH$g4xW!fK#~Xp!pR26xM7T(VT8 zr6_HyrMyN&yW*|c^@4migyIwZu}Xf8266%38Ug2$3x$6I{2ycyvY!(*Q{4*iKcCVLDYz8Aog1 z+1uGFoO+=vGS$K^wMZfVQY);tWi*SB;{RwQ zwV_(uERc*6u6j_+?b5I@@0yA58)3HRH#M~crBZfV*+3n9p0#;*jB^^iSe|th(s&{f zskKpZvhF#-bg!c$0d7Ax5oMJJ&cG$i85eU>Tk?=X_m7yu$-lq(gsb=mE^TIE`Lw%g z!zFq{(pwLOwXtmuXJL2uir=NHc%GDaI;R0!8=Q%%x-X5uGJL8d6$^>57@V{vXzivN zDug@4LW;QjG6aLsN*W6B1QjJeR!Gh{YoOLrtERE4R44;ZZlx5J5>>k3EK|ld*eAOk z`7Q4@E+oIoUbM5_{dopO%&=$=L%c_;QTz%qG#~LN%r^ z0Ea8*I@Ddxj*PP~6QCUf#{}S`_uo~lt5Qi%pDC7yBbR^9(_foE*+kG5T^b^ha`n*U z(bBM1VRh&)B0t3K*3a{0NF?pav@GSaemkX;n5J9)3u`{h0 zZ2auejdqFD5qxTQJHUl5)bx>dU9enT9-QAso3OV&EY!vL!5otH~y-;e&edcL^9 z^|D>bz0jY8u$7T%Bl0ZlUz6PbjDWBkb9>XdO&!{iY=-?;bV*0iG3}Q4)eV6r+$`OP z>+mdX>_d?a%RFg_{G`S=?m(|XwnbRS|8B<@G8MJ0|0Jy<&N}5JD<+d|WsJKFm z^s{b$1$GC&0Dak3R&qzyWzEvbIrJ5m3yY{FUovykl{%aZ40;1hR|kB>e$ z#g+!`dWU3MDqMCa;M@O*+`+gGwChC5G=tkKECURvanXHli_{yq_@At3(aGWpdTha= zdR8=i#p|wZhBN!5eL}d7Lx5L3tw5)o=i=@D^e-Z5AN-(Oe5$+Bjnb^7fn#s@+bba} z@?S)HkPH|{$i#5@PYf{4eG!g133DZIIQI8q@%8O8or%$?-7P8CB&gSjFFLzi+Xvbl zyr(uE^d8wQZ7Fg2_C)oR5iai=dgvpnk1;gR)EhJG&z4eXG>WE3l))2-LyuTN*$d3b zZBQ^xqYSV7m+0!CVq=AuMqb9P8*|R69YzoP{GTtP@?)~t(XkN}h$@SLgu>mjnVOYO zU|DC5ojTY>GOF*f+x@ySJCei+-NwaVBUziHmzQ^9u()a zbNTASGIl@(_uI$&8q#0K6DISljo}tr(B!GlKc}y+X5y|Zc|m;ccE*hE6kENIZPQm% zkBWxPA^m(J-zPc?Z$Oz2+n?W#8s1STW`_6`WdQ9|h!wL(x60E5&EgEJtSO4Td{0_J zGGFnrRcqNH)mh}K*=fAj`3Vr;UqttKIe;G7jkBt1wdG$u4bl{pPu9xG5?h z#+&7b_TykeVH0)OpRYqhJ^RZ2hl(4y>c)1Eq+Y5<; zTT!&xA#Xr8{mYBtS7$cAh}ObC7K=R$Ovf`gj}JcH>0Zz;^cJO@;UgdZ+ff!3PApa- zR6zG`JipJZRg~1#!H01DawdhoJXOS2I199Y0T{FY9k%e%;)3~QVC?{F32S2#?6P#` zc-*lCAF&78F9$DH0n{}tfTa4nyE`!ZRp{Ism4EKj*?B7!@uTxo;p|OGb%ni10t$-2 zlDjjo0HN=gAW?7aZ2Lt-qTFZr58E^P*M5`wcY%Y6IFe0lxYCp^hDeg<8;K>`zG{f*HGjP7n>m92{Ri|HY?SmrtrJpbpU(C4`` zK(J0>Z|`7KZ0#MsSI%k#{Cp~!TRqZ6$fC1%U<_}0+Set2RL1>_=pV~l!R4i3_6M5l zmYR;Qoii%fK9@NRj(q-yY(ZD>4c{*!?=b)z^^2%@R{7nXyiE)oQ3ydi0QBa4v*?;} z7i3amE8{(&wLj_uvKOiI^&#bIIX+_ai%%T&xQgynW7@>Md-jKX%3(ISQD^HGpPDk4mQTkH1HetW{V5Cc*^X# zuZV#M?7iAULfYh^V*rLC@FT7@RyM`~zTSbts5AN-M37aj>%m{WWr&lN>VAfxuubp` z%%+a{z8$WJM^aQS85f3XlzlmpQGw}w z#EW|l=o$?h)?$bCd^We_JFl*ug2s!SD{T1%2GW1b*goo7p}s0=G4I_m7T&dJza@yZ zB)Un&CZk2hmZ4r8`lMups^m!rCN0(gHJr+Nc3WBG6g{HYyQHwpgI|D7pfdIi2x!xZ zh&S%G2hjl3Siq5mO;LkEfwc%Jfe_Au>F>3TX^t7JR2_W{UHne-)2nqO)ZP1Mbv_VJ z-30WW+kg}D{9MXV*Rw4gS&eAuzH?{tdASYRR3v#aIN%X6m3J_eLC;`-r+dKzqk9XW zj(mVu9HhT0o7v#*YB+yU&kJD2CD^!sX9mEAA}sZXMHYtnCNUX!(x1FEU+k~GQ22Z5 zNEuCMZ|AS~9zRmSYX7wa zLtzl;ORwbuy>yonc(OQNGtR6t;szU9c6kG3o1M>ZMB0}^!SEPB^ZhE>{!26MvG_^r zAA5|M4y}sKF7~f^N}~0T4N3RCGTQZkyFQM7);qD%P1!NOh^XbyDQ-I6^wi8k>dU6s zS6Gr|XNb@9eb6d4rgw;nrZQ=qp?(V*WZUQ4-oE>8J3iZvF~vu^GENcMXFW5wbNt<= zHh`j$x$b5O3aee4B&_cIS{1U{m-P;R2PiYgz#Zq1pZlUFqE@U1Y`UkOu~`2p)?#st zhJ$)Q7+ceOBpHO^o^xb&1k{<7>;@Zomn#?_TdYGrS&UEfzmd?q{ z`>n0iSr9`*#tVP4u1|N~uPO8Un5G99D>6toe!m#;vgZX-3*Yg^a|Y9xyFe8Lc)kJVl~_>ex2f zGby@^r%sC8C1VWnBF$0Mb2T5MQQVJn8{4)xH5;xMJo}?#d50;J9beob|DdFeclySz zJ=4*0_g-k%q`Z{IhJJ`YiJ`Ai6^mz-KFxu80+wAne%C4}p$0Hhw`$ieb4& z(daiiq%#Xzar#zTSThi|ig>e5dr;g;#l=Vh&7Lc#eKd(-og0h{cvIP5$1Q5ffz4v1 z(~#JSO0hEm=dr7!4%fzH4qe%<$0X7f74JE}EAiDePHYR-ql2x&Qi^reHmw|ihHg^9 zOk(TNgw#V9`QM(ACEe7qF;>&HQCH*B;M!df}~Gk__=PFQ_hG;5OJx&jNGVbc;1v^=#fYjFQ!hB~II7=KW9rU(O@WZ@1(f z_xU32y5`vDUp9+#8aBtOXKZWj&R*+Ipjj{`)b+Ac)Fw&cb(&7L z#vT~udJ>pcw$joO?<<@@>#q~i7UbQXkzPSbkp7wc@pzR#1>2TlwAhDi!Vl}@Dp>ng z#j+_3?@_=)1^i|q4D4L#Gk(6|tH9HJ{uZ`(&vav_ffGY|@hpz2?-ClY`KaMnGK$#AZ(dB4|Yo5%G;s3>6AX762j=(Sdswh6qr!|e@9-VKn9?sfJ08BFKtht#}U z9W412M&f9;!!KFbDpJH@qM}IE^(=q&jeC_+VCkikk8@7wAL0sYR^4fV++7-m8p{>x z@8EE@#z#+OuC#bcFW7joN%#!SB^rMwD%O_H&l!W{^68M4wGbocsmO_s7F^c*an7QAL(caT}*gVPPFDg7*D;Y9IG@TNL)OMcft z*x?Z9N9<)lg%1(-HjVEGVE-r;wO}=emkRfpUzDnL+KkGRL6GY2cGlIEEHrR50NL*4 zd7&Kz0~Mu!D2o+C$66;1_8n2;M6D)-RAV7AR4SA=qm(ma-;g8i`N#cuRq$0O&2d~2 zTb^Lm3iVo6lu_>pNuV!dniLewruCJd+!{tHlwh-zVEC7^@GDZXgmFYeor6*kZ*Q1S zi^8^zxL5dF@X4&3aXX;0rLgZv)BjIgs~1B7vVdw($#3|pQ2h%RdKUO&He^)P7dl@w zrD7Mmg{1@LFpAN6NJtLV?j$APntU8iK^8UeMVsxKO;qV;6JZ^ z=08H5C+37kv1E-pDT7Jx)^P9)*~_plDpj|$#rwJ0mMIX`xI*oo>%C^elS_k z%db3bT)QGT2aM_@%qi96IN@cQ&*q1T#r2;DUD-tbW*(q)SpT#)xf+Oqq8p1jrkn-? z$1d}f`zLSw?1Wiat}VNAOlDSAjC^0m;K*7$4BYm_d~)h#9Kd*X&LtMv-rx`FwSgnz z#_hzP18j=^VZ$g_1_8>c*^)p1ravR}nP#_j1zFQC+Ow+k|M>BjvEe)SBs)0~FS)n4 zIL9AiN%l6C8$2OPv`HanJM+?b02FZ?ce)FGvKe)x;!qW&kSPY``(gvjg;1~)OTZhj zqr;1m$x?Cc;>;f1Sp@cH9NRG{K3JLUa1fDOpw+FxQ?<2n`Gg^p@pED5V_9vjI}fXL zx3v5H)zjB>T?|xg_V1W%=@CFW|2<|8dd`0!kNr6ZM-Hb^<_ zw2rfJ7S^OQ3S#M)*(sqZbEFo4(hC=$D`MFY76uhf?_*5KK{Q$GR^kB3VK9Py#NP(B z@=%34!yW1}J%OMS#q{O%b_o6~&!zpe;*K8zut3P5O&xwVNPe)9)KWJ0!vrOteH285 zRre+FUmbC=!!gUG%=Wc)weT7s-xwR(G2KQf4~D@GSk>RMN-t$OZyLI-0ddlN}AT?35WnYh`HKAN;s7t%9Qxv%6Svux>Z(AyPn6(CZi#T3pJ*^QQ%9`S;HB;h7# zRkrG>CbGl?v2xDhfwv71`NEVYFsFX79(8L@ z;^{47){wY3M05R(@$kV+&?d_dCaO_d|cI0-5 zX~S%e?%=SN`r+|Wpi3etncY%Tms?_De1zmf^LTIyyc3lv#In1==8$dFaY9(W)vzV& zrzvOUuLeyz@FjzKG2=-7lYs*orWM*?eo_9V88Rvd=hTR83*qmbR&!uF*j-yJfFoDV z(c%zeit61KM=#;?F4`{1=`pXz}0a6$heYW;co zCg&7_2lvMmo|9)^Yj&*6DSZY@YF z=1$(o+C~TzrMkmZ&f{xwF(|!TOM?Bh>^%R|V$@_tWI@8tcCotuXI|iu@?4pKZp1Kb zWxl!NJRgzsqhZ*R5hRTFWPD@o@ zNHB*iVznWfU45>PxC{oQ$#w!gFVVNVwY(SlV<089%0?36LRO13fPXUrB(MXw3GzLH z?PFDW>ybREc$w81-bIC#TZ+$-O^ZXX+|mgpDv&VJfw{>I(5Y#x%}6w|k-+&iZfqpo zKBDig@`8IfrGYx}ZMfr}fk(bjRw5#{VZHrdMAO|jIfds3irsHfUr+6nMCDw^O3F0UN zE32M;je7?qd#+qXJk~!}VCLXma#)q<$3ic06J~WgO%pm0e@{=D+^XdFgNz25QdgD} zX2DSSBn!+&_U-Md zif*{@Ohb$FTOCs=5{v=P9`KC;hdh4LB!|`+Qi(e8a>is_SZ2%Yx=nhaX*u&xR09%h zXe)8{2*F(C*kUgzcB9X1a;4jv@_v1m(HS$F?W~`Yigm&A9Lv-;#JCqxwf8Dqhi%rq z;z3+dJ%02d?tO-xUeA=IFaD8IJX>`xtPI17P{uy9={U^}do**3$z8CP@XI&6r(SBK zw^`0D>v~_w&hAfB>jWPEo1rE{F@6LM894233_v2+x~_4h{*I7>mWoMd>t*|MjNw_O zuTWvU5a_VG#+gJcu{OhF(J_{!!VO`YSfJfDeQLO5$$hCLQznHt>nU!3LSu+!9q8cC zTcxeb`8oO78W3TC3FZ@$POMQ>fopgng@CDhO;A>O<3YXqxap7V^dcFUljGqg{jSzD zJ3M`EweT6ng_kYi-8p#1ysr0CUDF2ZJB5dnb&P%dRe^mkr@do45$m#XtEm~@{TVDt z4r*?x(RDlkzl*bXhzXXvNx&`uuSn+9pp_a6Ux*K(U#lF9$NedE;s5@(2>PG@@vo)N z^yO~Fe?0mjZ@K>?7SSo$1TCz@q3csMPx9Xx$|g3`tclcdHfnY4HHq_E#qC-V*nCkN zN%oqNLtlq*xa)P&_t^u~Z?ClI8;(jV^i00;d&>L&r@vkJS&aYl43pmx%PDF@d9m}x!Zj(U- z|2WDm2qvI8c-idT-D;venb5$_HzmVybnwmdXQoQ_k1|)?`sj(r59u7#yUcqbiXAXXYAsip9^KstqOe@9ey#T<_uo0=UIkX~UxCoUIbumeAY~Tt(!$!R2}mve`tncc5Ktr z+LOvAwY2!u?BjIFVBkqDR1~2K%f!Sg7rhzu&h2tE5o>vNk)9B zPR~Ip5a@x%HI!^3g02`G+TC&VnLt@uk7y1(pl^P)=dNQy9rBY+B3dO6M8gy`Kv*lT znw>0@Y?#nOEHWI8){V(rCfiX?x{MW>LQv`PkwydkMow;7Ok_PWmRUw|WF7|Q3Z?rk6vsnOio0$|3jnbbeBvzZe4~rUXUfHHu|=HJi*E}3B(i&9FFXIKww?h%sDibvqU?l{ zBA!pXMa(i*I0wXUkDc=UOg0MoTG7EyJ7h9-$AJ9P$*m$E(y?iv52lP`N>uWZv63?T ztM}cJl;jM*7M!fSxGK0WRS1g0@roelHNdfj1Rlv?mf_R$@dBMTG8eP)2Z%QKhg`gSy1H|om<{5dxF09o`Hn$8r!a9^IM z(>niDG{)IAEq_LRRg=-zAw#ZRNYgWYYHDeEV&?-#+kbkSbV9DqxVEl`SE%qMf{NU# zF)LN|4oKiF#-yB|1_0M);TtdiFzaeD^HjpN61^fRCZGEKRlhSd3{xlOkPsHn(x3q! zX9|jH_3Is|CG1FBvJ$xtKSD#`mWjP%CP3^(!`YjzfQZqnK%u&HsO`fH4M$muQ;D&R zAwD>Iat`+RRntsd88`c5&cpy^|0zD%W25UIo_I2rWmnA?%8Q=k1G?>@mi{S&ZD*@y z-xaEff|gS#g$w9`U-CPtGs&LrGIr~QFjmI{co4!%>^zsvk<)$LLfg37?)lDwoDqHb zKb+)P4o?ca0b70*dvc(UvJ3xzW6g=ne-3MipFK0&9CS@eT|uNphnmA$Vf=;`9tNbl zjrA-9wVBI6%0NZJI4=AbQHy`d=3W3ke&{AB@lu#xK73n6HRSuM#JobvzD$y!aw?W> z2nZyLbfckhNk!YSF8cM}STF>H>}}6MC-qF(GTvWV1H})uR>oJZHJsHKmLtn+DA9?F z&-er)HRM8;IMv=R!1krnmizr0FNl|>=hy7wOjY$8IKQ7ftSinBuy_8S zL~zCbP6W#|cV=H@>Vy)uiDdJ>$zRC|+?w4ECjRSmS1R(4aBr=cyHNh4_^;sv!oH43 z^t&-?sgC@5NC1H_C{3xh(#Nv+`BO02tgF+rexTEiqxgFw-|Puu`AK@pz4!Qe=~j0T zshGQdWimJY0(d$@F^n&4Ff0n|L&Nl;p04}j;b;+Uv$feu0cB11OLxv1xxO7St#C1` zKD;zwCoV8<}29Lj0v#iE+Bt;Lo!_A>C+oVMM5;MiHAota^8M zF48fV{*?10v0lY{oIO*tjq>!0yCy332%si^L6Y;9#ZkoGK3wvE@?wc_D;n5*c$zsr zcOL1}Mitc_qm#MwqsL%gM7Hx9D(qj8A=@6;F9NepD(i;UOXIV5)6 z_-9vl{_*sla9HC!GRrA$0azu`=TDWGT*-D@YLG#+Nv)#h0PK{@owcmD6u$NQFVodq|n9~|PI++rsq3KM^C zJ=2d<=oE~Ms_rY857+oZIV$KSQa1vgG`<{uH;>@JVmo6M;=5)e`rZ&;+?*IVxvKZ# zxNLPs(K!{iyKUfEwo&*ca%-&s{XV{k~$QkYv`^=UbQwp*(e*@oJa=jVav$-7^0Q@ z+-ez3N|X9my%AEA#C;>&|GAJCsLJKSEkm; zpULwW*mZeEcUFlJ<^XmpkS}YRLIOV$-i&?vrg88W!43VC->Zu|*YJ%Mt?OrHb8xg& zYEqAjAHthHRx;d=;Ntpg{qv<*f`&%8LqeX=d>wDFm}%oyu>OF^WRv21oU=)B;3p$d zBhy_OZ@-VPopUur)T(~j45)_( zs=BVF=ecRlC%0mwLsOj~(iS~l7NEyQ^_FH2GO;H%MXv=>%%iCjLwLjw29vI>#6zp1 z4WFYhtKlw-*6Q$}oTNDsFjkQ`gp75Ue-=|zYL~j|e+v zn-PkuQuI`ey)~V!bn{OFAd8j=n+l!tLY<(?8)5zmMvgocYe%U;cO0~5a2ffL)#%d3 zde+kW8-7<9VM#wgETD3E9me$hUG~V{k}WtdnxAbwS+dKiBP+bc`jY;~aEdbz8rn5x z+|8(}8F-lh*j6`wu_Nt@}+{%wiHo!d*cs3hoSqO0(Y{tBpKCpd6Mfx8eiSLUx;bUfB3*~c}3HfdcS>h)9pP~;=l!(x? z`ug)r#f=9*S*@z4xw2KtDbRFGnF7Nw&qN|95cG*H@|W zb&ljhKsHktC`;%zNMh;on`p#)%Zk}}CvG3lSKw}dP#zJ(ZOlodJ>9J z@=v+U{R8fq4br==XIu2;z0Fqmqavubsg6RGDrUy>#$R()OZp~;Pc%<#-A+!+Hldew z9%Om&2XkCZ{Lyd5QF`*f_7T>A%uBXQUSs0T#Ko1?5~=i!(u{z7@M=5*Y~ z(&7%WGs1M+SU-RD#z@@W8g9+_#FMK+`Kp(YhHu$Uzvdw@k83HGi`k8}ye7nd8WLt; z?|8Z!YxPy5H>RUznweKcK5mQhDIss;8D9-$c*HxxVqSKvqJ_?&r1h^gMDVB;g7k}7 zWn9-O$4|1B;tJLkXhM546!RX*-vW*CTWTE=iPg42!PJA6Ey0!wkB47-RF`$^#PkBLhi$@7*JPFVd}y zzji8^GxEUuu}>V!%X3dZ2L5GIUcLo=oH<738e#2n8bJGZr(_^(^cT??N5#(Yv#=kQ zp?mE8RfeKcJCys8mrvV3hH82R?r-zbHEdhi$@E~LgT~}Vn%ZLQwC}ED~i2RmJ)snt|3fSXvTYi&V6R?W!qtl{E|QOO>Q}%C;Y9&V7^2^a5R8V zL|_3w(6(LQx&M2}@SdKEM0XFjkTxwIWjv*tF`*R@8C`k#NULmGn?s!}S1u2j&X!0O z%uV=FB!Zn&6BLR@VJSYEN_0`@0EqtifQRARpHocPR#r5+UiwXINECr<(N%TeBZC-Lf1b zNj^1R@Q627I?ji0)k9h})ubVC2FUX27g54qQvxap7nk;E*tB|kz{Hs*FEM+SGgGz3 z>k&L&8Dd=R%!WJ&8)M)R5|-C-{K`6>Y1JcufBdwmSai$*yD$!silp^=jofjN{cF6| zZ7(n7laq*Q{RNhh=JU^Nvk3u~wjpq48>7wmQFYSw8_>qL%YxohCX#m$0uV@HVW~UM znxzrsi^hP@g_N2ZPOog22XMTe{V~ z-}8hPYaFYVzVdjwEVu5=&Qter!n)zwW5ZwEvRJ}J8Kig7PgFJ<%LL~|+1bbAh3BnQ z6rXfoGXT5Y@XYnWA=nXAAPZ{`=?rL9Bb&i_Qrk!<393=Z*0lW`%{%VMOyDqKm8`jL zA|Wz=^n?kpX+S4xgACN{8UK;&LZ#LiWostToEL*cuA{?7{IU!>CRfbigiLZl!$;?2 zz>4pgQ#O_D)Z&Osd!%TYb%4a^KBsmW`;7*IbFGj)l-mvG>{j)QNGM$=Fze8N#N{xx z*n{>TWiM1yI!)IcIQ5vLELzDs$u++vwsFmXslL@Zm&zk@FbN z&pH6qWwh-iKnCDV<5qE~P_kSWkwyn^e>tmr9%;_|TQ*b8=zGckV(l$}+TPl5Uv|B; zl;XvUYoG-87EiDShad%l1PJa{!(D<~3j_~NaM;BO9^8u;FJ7eVn|frMY7aOEp)V3N>|}sLc_T0|}+KZs;5_h1YH%)dna= z<`Gi6MQIu(aDK#`+8|@L0Jrso znc5qX^6(ioEaJg2X^p*yXd}l?{$_9A>!-+)t5&O0dm|wWxuaI4JfrUtY5Uv~3m(Ca zXMh2&<+Roj3zM=)b#rBMAWGi z1YQPOA11KW?dqYYF%bA*Qi7>^n*+xt`A6^5_Mp{~4uYGX^XF_y*XGuYfB}m5XQNRi zH4HsK%wEFrTf=fEX~(a0T_JO=aY>Gf%hU%uo-?tP7xSH}X+>f;20s!K6OMJ6+r*En z;X;|cZ|B+luN{qtIRff|r%l0P$=+^_;nOIZh{S|d|75S-@$a{46aNphP6zuRdnkNt z&Pes|7w33z^q>2|cs5hbUb~WXrR+~hbKU=V-O>3z>tIx#F*Wsj zzDMYPns=l!;K6DXu@$ zOC+7W40<&{gs$`bErG0PZ_fw%B&S(WBMwZmjNdFaOH9)ivuA2ODzjt;N#WyL+q$1d z^n}wNTRjX zN7#cX!?aW?1E11?Y;^lJXoS9Qr@c&nFKwwxTTmK!*mG;0Gh%@2x@pW*G;90ws^-tF zub-dY>ZV{xA7ahVY(9?2-O}Hb@*`QF$>JTcrxSk>OkUEre`w#qJ0}WH6lMP_m6HLX zby7Xh`Z4FoBlcOG4{k;Fb6q>7gY&~;TIc`q3$F0-yGIIjy3vJdSM9((8wzwn80!w$ zhkAFds}n#H`Ba9r`6)(`mDip-%g9w2@4~zwB^hP%c#a2`f^8MOr#yDKmS(+30;mxpr)tCXD^|>&=N$3TUBjOn ziB+{O&dYQVM6c9QNYi0R`pXtZTa0$0P|D@-*H@{HN(in-%{QPEuX}o9*a1RW!gE1k zUlYYSC5aaVs*pU5rA%9#L6jEA6J*Z+Ner9BVdPp2+0;VRFSgDLoBUV!q^wcJ7Buzx z4|Du?GMsQZX`b_Wa+%Tr#w(2YXHu5@2a5I&w4DgUtxuR{civKev3TFQPS`e!pk^>3 z%RcCwnj}8W!wIt%EEq`W;aEMVR^(9UMWQN*=;LNKcZAIT^S?cz_F0oXkL%jY*#guZp$a%2zh zHX+z^H#zc-J-j`&F#Ow$ny;1liM2IvVQoR+pD6N^&4KMJI>ArQ!NoNjy^br%0u5?= z0o;qK<;jbgMQ_dzx6__Y_3mWn=LbWWht(tFsa3&AtbL1K7AIgJ^8)^cy1G_+eJ?2{ zL#b0n&-D_otF%oXclQh6m(hUw&%dubB_I&(*V6rB(iFe{(dm+g=;g`KG=HZp<7~;h zQNBf$^FQlvq94ThZ0@G4)DrJazPeMwA|dPsjor~GhSyE>m@l^@#pAz)9QQxTGUVoU z1gVkyc6sbkp9U!m)UAd2IcA+_4j8)lGmO71!hE#domt{MFz15IAwb6LQ>*0j{sSzc zUT{3siKDFf5UgEvHS|>+zluf;DUV9>VheJI)1MBgss&;?s>>BisKxBG%)FOmECU{C zrNga1vuw_?CviSYB&9W_5^D4@9=v|c6LpuPN|Se9O~d7zxYf{LfRH6yxBHNZHL4m# zeU=tBY@*q*ad)at&6yg+U_QO5(z`kPjvTUT+*b})^}x(S!{cVD*}&i&1hOHB`m43l zXT7hVhgRm~lQ9x$f8J(~jZdu@Y`zXP=qOt7)WxH=5d!J*PE9EH;Y3?=_5`3%Bd(a$ zR`70t>1bxQn=qnR_4tDLihJ0tp*7=KI z&(o4-PI!h5tPD|+%Me*ZPg9IF*s_4!2qay4X|3v7PQvAFL3rf$9*B8gQ1*{U=izg2 z2G2Nj&KT(u78YEw0UnBoNaex7vu{!GxLxi&m)e${^ev5T;p)vE7&PpZT}&k8Ovj#& zR~G`v#7)t(U3j6^tki5n{(-fQ#4wA-h>mlB^q)dk z9Srmcgo{#XeGXEkFnVgka)6P#v1cX6)6C*)=u%VV-lo49h5voRJt16hA@We(GFXcLrt4fT- za&Z>(3K|Rx`H6J_)|cQ3d`sn3paL~QsN>rEtU$PRa6?EYkeQjoi$ev&EI98rhOV`{ zrtajc(^#fSy3@hSDO|ZrhjcaNv<>L==~oH{aLbmG_AAtJNmB`wHBQB=qgFk2{2lM{ zMrxE-2zEoEW7x0Vq@AribrEwqm=wS!RKX2YTZ`)Txd9k=mmHiYl3IO?O2;M4j94TM1g&wg;_RgbW1_Fp z&(Jr0;8%(21&LcBSEwJZO8mt%fzdiWTs2%?;`d`TPVHdi^`=P@lEe*2QuW^Cf~)&H z7KUH?l|U>qmKqzUB5mau)Tc=OJ5oy8Ga*n`j;lwm1u0usR9emZ7LDUY0>?BKb*73= zn)i|@6L{eXhEcPqUUii~Iojpim?VImnFKBf{lHy3(_mCj&LzWyXJiG2UYNpB@|{pD zaW?FoPvLp2U4vpF<5^_kn+GvRDiGeps;H*m?k5o~dZXWC9oDDE0p$o=XA_;Z9DmD; z>%|kk*HREuR|P$oG{sE0#GGCMy-@m`AYh14h$gYolaV{Bo-Yr$%K*t$`9GJR5!{Wd zIp77}xQS0(u?yR%z+vyE09~lgeY<7fYnG*__ycS(dw(5mOw)0ivNFXGQgNy5f(hys zKB&QNx&*Kc+koUUPccZ#z7#9_m2ziOmD8i>8RsI`gPLs`WtC*|e!v9l0vmPwA39AT zH#^e?5w;vSxJUMTK^&6;zKG|j*pMz7hV}fW6fwX8)E9k?dHi_!7yEV&-%^v8bPK~D z1)B>7&|aKWsFpK;ejwYCoZW$o!>~7aHK4@`tIB?2=LqMjW`^+R`posw z24dgnjeCTrIZVjudw^_HgfbAx(R2k)XcQM1#Kf}+IDYG$-R=7D$5_z!%L1+LIvt)y zr>WQPVshyUlLu5221Z1#qLRnE@|6)AgPY}cBh0*=QhH>e(o;<`b(wn{{cuO;1p*Uh_$95 ze!D?F2H;tDa8yQ)0Up5o62fAu6arwmyDYmbOb-UVdAm5$*S{OG1>Y^4f><5O@Y|TX z6=j3ceyMkpc#}#9Js7In@Dq1=n-O_xT{o1~y6$cN4dk1*bzs@qQ@J8FJk*uqL?rn> zX{>0Iqhj1PK{I)Y?8l|*FZmn~$Yy3qn2I5FE(8VtiBd>hh-y~(ZOLfkUhWT5$}eTI)i)XWvPUw&YOSMSD)5^LD6 z^#3+IcGB=Rn+Cl70kia`+vHhVhZxLKx%3F}RKc|~Xp8?MsA0<~lL*ylw=~Ta5Ej*S ztKV$I?0!^<3D1QvnzwD!Bq#Ef7mNnR$ISo1=(Q@ji$*q3U3y-fi1PZg6&RXh>0A#1 zx0!7rUkk24g+|H-XBycSWAK@T{BpTCRKxC$#!bOmsW8Cr?<{8^KFX?|)|=oHGINviSoJh#{_d+w*LNk<@g!-#?p6HjrQ*g-ii@bX4c}#0&Tc;&tgmWU zw%9YdL~xPm?N+>z(I;IcMW*|xUF?DmShY@kT#Ssv#THA|MT`fGR?u7^Uu&BQ`Jvzq z$j*`2P`d*ppKCF0D@jbS~fT(T-Y(Juu~6BUU#)=7r^Y$#!~yeJ>Y z-tjBxaMz^^ugHP8@f1Z}gE&E?S|%W7riL|r_h09dW||N{5ybKpzMqqchst0!16r-| z7oHP|e^`=aS*feV>Lk>OO7PeY@8jZ+kBhFZ{qJfI=9!k{ZVNTK{b+P&ZyO3IGy>m> zR=HiztQcr$`aA88vB--n+l3F88$qjs0@4}aIXF6qx2DgL7U6Cb8 zi88#{x=Os*Dz#tmz+0=4Dc*-qXRMSIA;5A!PGOqwHf~~;d@0H=>Ged zn>=Sa(cdAk>>28mfs;=;W17j=W^3)73xxPyhQKUEX{|e@sG6Qywd+%T7&D#7<#Jp; z>x4QcXBhx>z%wHV#4j`tcXvE!ji_bf5#Fb^vxwR=_lUBOIER32r=0g@F3H1n5(qtU z2@_UpYGi$LGE2olt;p&GlBqi%a|pu6sFR$N#AtskxoR#zDCZ9feQWVz#m02L%8=x4 zuzte6n^5nZkldtuj48wgC0r86-=Baw7+kA6V$s{{(&oj!;03V<3-#&dno@HKp>eQa z6;T|LG^Ot|ywHbR5G{JZMsxVENPahs`Jzp2YJx{=^Q?(qy~Dh8m{CBc%ljP8ElM0 zrF#h@{~|E>ivT9Ce}uLR7tkAb$qW?lk)M3ljW~6}y-~}j>^?KiO|})3K_oRI8WG@? z9#fVqONu#3;CY8`mPh|At}9Yp;LDO;!$6FPrWjmrpG||d1jIUJtsc+O3L#IEt%~mo zet;T^NIuF8y=QeuUOMd2v;ch!yRhIlB3&s;K-M>sLh6I1KjYkgfP-u8=kapctN5Mu zwiA>59F5ZNo^1k+sN!AW+AK5jmCQLk)!Ar{R?e1y9bn9>DHCz4gNFD~qh&&wESq$A zmnktwkW$Y#nZoMrH3;6r4ybLKZTTb!)?ZGiXU(zDgI??i?$WDt9SAms@xF;Q+U3&J zKwzQKXufn$aNMc{4hDw!-gL%z@aWkbX=maYPdE!)$>yjUw4P*9OP$vcUkJ|?JWXC>EBGZY{X2#sRlJ#MXK4kqUM4h+SUMfBMX|HoR+luxgZdjUbNrDgJP1#$)0J| zs>WqYvzzl?$p3(|mEnS3Hcg<|*rqHU#*DcSLP~mthtuWU9OmQ@{G_203i8aFytYJ) zmkoQz^^+5YL|c-^0!+tQ=>Vc%V(CNPsvrvD&8?ANx%hIK@fTkQ z(@kU0RE522>QK6`zp5IRbvvH?y;fx(1G6vCMAIUkBqsV;t|_`-jUO=!inXp7gC_c! zj@_VaWt)hb%IYBar4+&c*5>p!$B&f82oDE&4ErO(l`Z9Y_1c!oU=E^3TeGt7V?E39I_NJ;kgMl?p#jIW|Z!mVdV<+TZ& z5SN2Pv^=F1sTa!u7o`5QEFF2ye!(kg9s%fyEahH?GK+|m_vGk>>$8KDJFx5O#jlp~GC1`m6N8L)ms-FJ@v zl>%aqV3D;ur}Op=#7fnk-7&>%I9eCjWSqiUN}s|6x8qGMFPq2>St~^(RptrRI*MQ} zpC{$}#eJ{OH=3ovRM9`-DuTImpv4iI%sV^l%Kd$=7a57g^J zuH>S>ck5Lo#agwT8(yY694bol*ZnTUzEW=fm#%KIs<(V`RVKfhW8Tx=+wpZYE}uH_ zz8lpSHdn9w^3dFcR_UJcf4#pLxm1ML;q&}O@b^CSZ|wT*s{UUD!uEf2*9ra&55+sF zbfqq8p+7%OuY>+18iBazyJeE%Az~JGOwBH)r$Q=F>skydzYhs#0rbUwYkbBy*x)rq z$C9<3ntouOhuHYP_l@?*9DXzFA+{T)(?|ERGfIuOT^&Cg_>UVOon6KICdVU6y1BPE zT;T^br&o-;b8($mD55D53KkNJ>1I-#fI~d<`)(di2`?&LlO^3?+NDA#p00s}mLd3_ z=VUgc*}F@Qc+yLvVniWMA!LZ}ODn7>RMsZ*t~LxLX3&G0)t#1E;o9VVnd>^5ptr6r zmLy~~TmODIARw;-a}-P%N%hJlU~2dHeRz+VH*l5fce0&o&FroHPZ=ko(t9|x^2Dqn z+1*ZnV{B#yv}#7?BZ}IoCYE8Se)5Lx`ITm&Ke6qzI|yuAj3jbI+05NcOpBy#5vInP z(4T@D45s$AIC(|~{)LwNNRc`=17a#Le8cnzDAr>e^c$4Sbi6( z;+boIbX##MF8Eo4LYP<)SbTZl14IYUjF&ey&5Y2F2%%cWLmYV{<1jxkvwz!ZaPt-A zuOG5_c<3FMRv2z-{zdT6%gRbw^DC|I6B089zgyOSiS*c1Pqpjz1Gli86p(TR%|RYa z+l5HF{}?-!>S+QHnt$;lfW2U1jTg|B(9f;}7X&#f!2G;bTs^86dF!d?VR zmo_LqgAxW11q9ic*GZ^G%RZXW4)1hf4LZicdq&Vo>iOruJt)>_Fd?~4ihk$uu5u_-c6D zIjT_)#VFvl)z)Ke^7@%mrw6T`dox47z&!oig6d@7a8bq*Ur*t2aG7WrG*#1bZ#j-Q%IAxdG!^NDvUA0@hj0 zgk;b2SeucgFEyztzijS)_iohsjVJ)NY+fJR9S>+MF`t^+kr2kcLNE~*C~PKY8$RBV z3Agt2+rNh^i`LG{icyJW_y2Wnmj<;5wrP{5#-t84(*GL9>{+sts#62=N#pF;ND`9T zM6unuD%RP&#!3pD6Y;bkCT#Tu*97<^=tZ?AHs^deD>YT>DXloO7B$3d8XMZ)aVx-J zN=iz~Q%dqz1O)#t!JGtthqK2p+c6Y=zYNJU(wr!%-`jUPvz$cBzKLJD;N?6U>R%64 zCWN+fpS#?vt6S*G%5>>&Y@*TN>kN}Rlb$p~zS%}OwS@ID7|}uxXQb>s5*^l1C>6uv zYI$q80s5_TZ@zb@_Nunh0PRQX@Sy>;muPcfD=rP^1{!^ebq}J{c4s8BX94FoSOHiOjmSBSV#AUjozY!>{yE?@OTG7>3Z2`fX?$ob4=BttxG?s zI@Y4uHH~}Kp?4v@A*-+PS;O^!b~#tf&xw_yks*ei!;snVRfAh1dBzvrrPmSF+>20N z_foecjiy39{{dmn3!{kuo5{BBDu>rk|NIBZiEoAf6FBnWAsK_`+xJA3?fU@RFIK60 zYVDMbU4<Ry1}s=5GS1H^rNgM^=F`Z_qsiEQ z#pJh9(e9UgfYl-Sd|mZFf8<2C8gV3N$D$CO5LYfGWM(Jn8*OFz5uEkzOlQ7du=bes`aU>l9#Pu0t+nXY zVCcb%0V8bV^1ZMKTcgIv(+f&*7>0Gi(&!CgFQE6U@r;!)KWu|Oj7YCdjW-W;VCAK? zXm~Kjh0%huY?F_ra9(i#`hq=3>pyr2M`&>#8C#d18_&+#J4b7328FBGc+IFjf>&!b z=`Z+56@$0{Wg~GPu)QmR=sABkhUR|!I?WrE)sJ8&R&X4c{M+s3f56_A3FX~1H%)1s~In}aZ^Q2CY+7M}?z4;Ny|;?!C&A};## zi{%ZQW|#fSneBl zOHW)j-79*@&zdsFv5Z(jZW|l19w_%GK|K%`Fed;cpAUvAnBZ1D<-(VgMo*xmITMCaLCkof(FQ%%|d|WCAMY^T7<3LG}jJ~nLCkR)4Kc^u^q4eh+ z-LBp&Bx9!o|Fxxv&E!pdf5W+ZOP=xPXVyzcTRhD^r;ZpR z=%5;5BoX!g`M?R`wiw+kzt-5uC*1R6n@VIq)D6`G8%(gqf12tn6oFa$qC_&tPva$I z^EL(A_J*Mf>$&MZ>{U6nW1{V!xe(eknz$)+;(=(JkGq=y|Am~GQ?p2pXrd@{_{`bw z2I7r;I6@!c>XKJQKa<{i6y7IUmzsC* z&JK+yOR6o4uYt!MA?gE0ni`|R`W~Ai?PKapH-B}@_-C^1l1c0Q3{3|NE1Ya1k%SZPO z@r<6!+MYop#R_XmoDfq9KS>T}EGb0q^~Hb@R2fsnzlO@<0tU-F_W|wC^LISSN-Kpe zCE}s^X&y+)r=N`ba9<~+PBd!kyh^}0ydRoh#je^V+TNw^OD(_DVS?55XO^40nGIik z2#@tn^E$_EkENZ!6Yi4H5*ZVRc0Mx$#vURGKBgHCV})-gtQv`U?SnRxjv~P7CS>tm zTAq*;!+76LMyCkVwSB{N@CXn2HZZ9L*&}0>@Ti|v@%wV6!>PAS17xfR?Iw59oeATN zR(!+ZBxG|#Y;5;j=y?9s7bg~b77M!Fejp1tT5O0*NMywUnZ3AOm{NKBbF!r&CQV$Y z6;cQq2$s2bGHfs_T}63(^}Wmq!H?#Y>pk zEoN%mdP=|buIM8$JHX+D`48T{`OP=pPcaL9O|h;&BcFY=3qjj1=?1?e_ZgDfv*#ZC zS|h=1pMa`pT0+$8X;8aS`6^<1CoIPb`cwPS2!W>`ksvfiJ6h=To}4F;H3f}Ttorq| zo(2Lt{|ZFiV=8L|sm#CtiaAQ>|zN@BH&=Iq&>adAhIKtK3)J%Zkxzn!q-JeJQSpT%;2A!%~9EqeGXZHCti z-Rqfop5$4B3pXCru3oMEcw?ci668E_n8x1yx*%J6@CV@eRF*xCuos@cof#Dq4r1Y_ zNHcNoVq@zI83#FIx`d7rD}UB_w|nV|I&uc+xx zm>bDSn)0EI!TU_9`H_Qt0|9-GKV@P1>OTYsn<9qzM;x{~KXh4Yx^iKY>-z!x=P0%jZtI^-nnt3PJwf7y+M$Cq2AeD&a@ziI%c~YEXn#Ue^XTD5%cxe`e z;0gT(XmHKx6dRV|K&bvgIU#(W{Fx8XSP7-^yCNK(rix-1|tc6LBi$6TxabE)yJ~vQ}$C{ezPw;Vg zc!+W*BKq49t@H2xmNNsl&AtcgcSHa7ef&etG_`;B!hh@Kwcz{Xu5b9M_^$zhTVT%0 zx#7hhLNftO`Dosstis0jCv2}$H{Xp+ZEHpUHcuL;@kN75SFR-s*x1?5Z7A(%&9r8< zipz!&ys?(x(OfO^L}s9tj*&n%KzVzU=6eLXtmx)ktZKOs|fSyxU6>~ink2@AH)FJ#|iP*_>dy`V%Gw!|f5Wy| zn*9m519ZSMn>A}Bi*FR|C?)XKEb*ryU*7iC6gQ7p)(@EuJ}$P+v8Y-*w9?p$>PXo2 z->bpq85ToD0v?C2PKYT9>V{gJ{rC(~B`JE9_hqmj0|l|MHJ+vInf%?}YD`N@y~B|g zFWBpHeJN%Z-F0l!Sn61g6D$X?mo{1_$i>wj=MQmh^0l7xtGcw(v)6+aRL;G`RQIck zN?bb1-lK$B(9qs{m&8S|6H>F z=hJ^+IK%ZY0VzLvF%NGaI{a;4{Qv8^qx%o94qL)5gJ%HM%bPR0Q$6&;mx8O7pk zdTi>1bLP}4IShBz`@N$sfY5Ldmq}n+)aYW}qn=V{eD@6Hyri=`r2ECu= z2zkZ=`7?f{w-x)$S}pxK@~f#gR7GmrIp^Ela-@jV9BRud#qX}{>MjHQ%M(<``-k>{ zyfafGLk;r6^-z+LK&G7M50yEy!4F#~~N#mqoF)-5T$I?kn z@l|fdJ;7`E$m)f1)+EubP(e8ky4HQlTbc-FFX~={k)sGojvlUpcC(tHG4r!V%$TIp} zqa{B-eE!+4TS;ZZwX{Yhxn3A&Zz;A)SBXaCIRcH>g;|@t)G%OUIkgGoIA4QP7kZ))n?w<9H(5Uhz%()^#yH`L1;uAgwKSv(<=RGi590a5)pay-ui7e8ju!9!o zP4YorgFE_SSB^EqorpIq1rBi)zddsc1_= z)e{9InS8Fg#Oms~^E1G!iR+z4^u9>XvK9UZp#~cs1?DM>XaR1!?*mmy z6q?ie`e22kpR*!sU)g7y=G5(-laB`w3o<^ymoi}ET{Rvl40PwgIRTP_%^Ly=t{ zjn>D7rFOYv=2(jrP+|rBTMP1F!wk4m|Hj?fQFV)qvI)UM*qbiWF8vI6u>r<(=?#&c zHmt6?9+XTu7;?c3RkgQZdx=9i!qPvCoo=bV7{BzK7IfqN3}|Umv$mRFA{Xk1lHhX9 zv%dD4m+QF4WdCLq&j=kvIV1qS|538@UpbdolkX)KdS{*xN0tS;rwo@qyZ2rUtI#FhJ37t?28WDcvPb0^o+>{g-|s|iKUt>bvW?tY=*QD7lI2cOsY0D zmY|gfA&m;>_-f=5xW`+5qLDwn#s;L3qX~Rd){vIPOlq|_<%bf0DlH+HsM@Yr0G^eWgvv6b6 z=dT)e)Vu_57OxtDJtMG%Y;v4+Xd}!O8)lkS%Vp^L%S4h)z20Xzl_ab^_|NI0lfiMZ z&`hJn-Kf30G~HCX(%0|xraCnE-9!LLS;<7+sQ1^0Rhe>i zuDS0Bm}Xr;2^PJ(rD~T16&7A6&n`OP0xriSBOz*WI30U7u5!~R_2tK6-5F!+Iy-t! za_fGal=E`B_WP3Tbdt7nC253v`MWK}4-wk7ROqChMBpU0x<#6y5_ zZ)UecVfDWKGb7!G<3*3q(FJD2gEm)96)cSl7s!>1P?+nrytI)ieP=!q)b@J8); z?%2k7S>b51m&ubEVe(F0MeGYMn;F|=!;VeZ*rZ{dq6Dy>vbuNDfSdpDr|ezOn%3H- z&dsOlg0YsM4UkSmVW!;Bk3#BdM7`E{gj~YTNKrTl(AV3J=x`)9cLO3k&606Cnpv7~ z7DjYD$#W`TWnKYGbGbym15(lI!Ls@oHAkR^<1fUEgJ27>!6-eoC$wG^VFt#AZ#c4T z`+FUbJ2@Pl4)tL5vtv>pH4I?L#P6dL0l~e}*UcU*^LLhyg=pSvWt5wRjLO#NeEY8o zzBTHL7`%Xn>OOYWlO;$hx)f%d#i@#r{3#9g;YQ} z)PxFjbi>^d>p=*+?C0w-fV?F7gE?{vwp24xn7%a0cMPpPltksFdBoWo8~o^9Vzm@>+4VxBAkC|aUE`$G(RE#wmPcckYc|O5(0%6 zQm(k3hO9K4R1^&kvGrwzi_IFdE_d|K7IzAp3QIM5|1Jmk2;4ZMF09=9WAG*A&v7vy z&!aE2l8P4JB#flh%u2Pl%C9zUfsad!wMDy~UkDb6YjySAFDm<0aJ&U#C-SJ&rQlbC z=Rs(aj}(PnE8@9XPZ$J+R<)%~tzw3IkIuPk4;TU@Y3dq|-V~GZLI|IBgOpt|I7aKn ztE%bbdv>C;Ynixr?+%H6atPSlq%`eX037Rw4I8#QedwsG6Sbd(=Nwa4Q|5-u7n$c8 zkq`7FZfe^hz?;0?PK2>F@j6|tL)_)=SD&UfvF+qZ(M(FKyz_BsBpWJFto%MoOMfgL z7>$ScoQ7797h3oSzTNQ9*M4W2I=C%RwOMWV<8(HUQei@|AFt`0nTI7Atg&8ev@W%U z%ya0d8e(8xi;NT0=~=;b$*SQo7)_8*vRSXI$RQ6KCfGq!IW=Tnl+>n4EqUAyJX*a0 zWY+pHvYHym_DM@1>ie%cC27qUQw2ObU+PE&l~6QDI6NQ4wWwt6M`f6nI_mxpdK2&M z`4@=u1JVC3ko_$I=mZ~aCW+85o6HiQ;Pnh~=MA_C_)+iOc|IgDoLh<3Egw_ra=@}5!lEJn=xT?30L!m)&5_Hv|)CV!(@kS)@%HERvbx>gwC!W zcFQ27uUc#v$BJS%4psVI&P@;X>oQRIr)LLi>~oROX%9Bd|Il_M;}R4W0n3R(^2n#D z8+p8uQ6&Qk$gzRmVxaE}l4@3IW_L;I{;=ew#h_ftZ7p1`oX!rpl7ju4!%Aw{Pk3xH zz$u)AN5tIf`N7L|c&tGXdp~eXT12qtvr&SklFM0saLlzfx~FXhS;Ds6<4ev5&n`j?u(gtQhi~sg@-BwzEZbb8mq|-2`Ws zJJHLZsJ8gVienX2Tl7$}Y52XXd;TXYZcu)1`jr;zJ{I=9N3@5v^zn;)?ghg1d-LmJ z3#mTrMw9ZxBi61fDix)|)dgiR%&rC_Q^PkJy>BN}s!JbnU&NdEX;P7B2PZHzHkwY~ z)yw&`s2U?>qW&3?mN8Hy(r@*20i4beJ`O2GUI9TT&*BOG)$sZMoG{NqFmCo@R>?2n zSKVTp3_oqt55J7O0~r;_n!E7=c3boy&=HZiiJ32T8$~zR*H#bP7zh?^P!VFVE1Of~ zj|w$C#qFtyTuC{|@{vl~@iQLk8H9$#gv{;<9>Obf7d z#WGFoHbQf_qrI zmoI(UAg}rC?)n zbdOgL!Od&bJ(J5Yl*rqB!v@0h*krZ5sHl@3h{||s=OW}=T$A&da?z0qUaES}3y18O zm}c)&NZ$)dKC#B&LLt@TeXCc4AI_^ao|QP^&pLOyvunB$dp}9j7xb&k-ZYmqs)GeZ zL48jG9;mXg4?SaB6-p-#gcXArR82`ua_&CKwdd&u*OP_PNYIC|tY~ zLi8}JmeXS8CL2jfm;L1}zIkJ+C$_zH_3nOpJ2%+3$M?lZ#U8+6|AoRbD)CSm*=0j$ z>Bw|ioVRYDk#?^X2!y|GbL zLh`5*inA|4$)+-V8&j+ezoqxm3v+b>`enTyj8~1BPS+Lr25(6jgn@yoYI&}rjLx`u zSb*IEPPutS0_tPqMW*dht@9+aO%%BEU13w#R3wQcK9^Zf!Lbc4qdQ;(>h?%@oX@C4 zu&TlA?%KGQLDYXBgl#77I%FL@kkV{~{1rSWt96KWM3nMH){UtVcY|mk0&7pb~?2v=aGD<7p8C^Nr^@ zZzD_3WsY?{T?nl3{^O=Vcjme$s?F&UI^51>UjE0|^zFfCi&WscEC6_VC^1=kC9{aHf!Sw0)xIZ}4p=51Zkc7AzXhr)4Y*i#{Cd+LtLl;uEdJ%7$aQv%B0^jH zdFupRm^(^1|3zS#e9^3Hk@X%Jho>f+MO&P(`t4uakCW1?jf&Hdl<1OQ2C771o+&B{ zzsi?1f;=xAwHoZ@S81KZ!lf@*4*Qht$PdbF!N>Uvc^cv_k?1NRnIOZS95=fT3~LHl(^LviFd%IKmVtLiO)&a#uJ{-71+$d$|3QZ|~fhAHLF zB(?R3OUs;SHR1(cTBauMKXW7;)6Y$Z_F1a{w5B65iJJelmV9s=YKl46&oO>52PR}S>@mNr;eEFe-tk0Ez$fNd6`Mwuxzl?Fs zOMGyg6}N_!i9(iZvAFj|rd~zXI(1Gg3;sFHtlRm1#u~K$G0neSjO#b~rBmIl++sRU*XQ%Ihit{n+vUWTDqt@F;p>dBpGtE2O)hoP&ziiVTF z?QwHw3!*x^XDO94$Odcx>yejW*Jn9nhmo{`btg|tK@;Lso5i}% zBLw4(;h6q;@U5k$KtPm>DN;nf#qy-;cxw$NO)p+xv2R4qlXl;mI^=@`eD1Q^@F?IAt#2s(y#BZK&2x zA2%s1UN-Pp%F1SWK$fgD@5ZEU><71=7hqfy&k?igOlf~eXGZ+q3jJH-*O(0b&uEgM z+&qU30|_M!RTrt2d{{Q@t7LYUb%LOvFy}~VpcYtLhsHF)j>*oGnu=Z5IEKE{E`#K=diE(R29q*U8g;lj>J7~n?HW_%;IMr*C*F2{ zxV+zqSbS=augJ5vyZm$%Z}kRnTtXxC>4z#xa0{z7*HuR4ZHch1Yt_?;HzYmid4m z$4OsK=PGT$b+sGY=|{*!z{O+ z{k%2r5{(4ztMc~s01+H77}gtw zWY*I=@`zKI$dUT@>AJPVFDGJE;KZ-|NT?fJF5a+tE3y1c1G-d6g3mmnlHd#bj2*{k z#_5ed>dWL%bBz;^-_BY4KR*CPZ-gz40G&&ir7jGnzlN^xVV<arZ{kOD z2IxgdLnsCxYVAj6A0gF~-Kh!UvuvnR(SCm7kX1n6$EM5mc(!($B`r50Q51R*F4df$ zVU&jkL!Kz5Y==Z&V|YhAnpQ{9j$BICC`Nb=s)|6!1XNVs zzDlc6jL0Jo({`b2OqqkEk&ZfPA3#$KM(R7KV!zVGm_rx@MaXMh>}A|wQ5k}Kj;835 zqDaS@ofm_>W5NZDpBkOEx4U7$M_GJau`B*6Z^tZ!i$33PA)M{14(3t->mtb@2YG_K zvc?XXU|+g3?Vs!?tNg@ZuiWgEx!duL7c7gb+M`<~IUhxHNWA}Oh5Vxn?i|be-Bs~F z;OG}0{@|X}l-{Sjd0BT!>WnYamG~Um*00>J=u7-S@%DdhPVfo^sV&CIh{bo|MOQu% zmMKRq2)+abKjV*c-6AVkj&Qh;Li{k40}+)tzrygIK2zN{>^tM5gtl;M|7Am$8(MZt zlEjz|QA*dBzw-Yt>fSP{t?lg>rLMGvB1H;Cf=dYw1vXBCyF+mT1lJ-piff2KumTAX z+_gYk90C*wE-hZ%p=eL`eeZd9_ZjCu#`$pXhqJz9PRLp-nX)qH^ZWz};hf2U*kDBZ zz--4ti5wBNz^P`w=JJTWullD5r_xW|nR6sBd_9EMSl$FNgHKuiRW3t>U`-0Qfeydq zd+!*o=@&Hbv%L-_*_~(`%a6OV6UqHE;g53Sx?o$gFtgme@^HGE&(ZmmW1Af(Cf^~XyGB(h-E;M%vS~@aEnf{{&9-n`Ll;N$>P`gGRnFLQ2Dmq zPa#|arDQDS`U#Sbwe(xr{-Zf&D(4?+mdd?Cn2=-lbp?7L0xM-Er`<(Kb@< z6TvkUIXa|^LaQGKJjYLkA4*de{W@}kONJ|VdKLsKedHR*YRvV$QX*ldYL7WcrEOeF z^r4zj0-_^vLM9I8<~9L$Cm~Zt%q8?rb*d<))w|HnJDkv`yT`>mr%lgp7XJAy{w)88 zZ*(iJpRGy3{b4A`QX%}$@}KSWNBg~DkQ757l6{sY0|b-*tNc$hG5v8bl0W<5&+;GF z{8yh``Qt;g+)C7UzRWV67pPDdZRK$0*fSFK#LDAsHT|bvjx;>#DV$&tT;3GDSNT;i z+_D=~4*U5+QQimE(reJrrQ;+AysgX1+?=J0AClfMgTHf?Vaxj=u-o zHB&;2YDAy*m(4PsaEf979q0tx=sA5wJMKO&H<)O3lOB-BdrywaG%?Q`xoB5UA2;M_$>QjNW$O{)u1l(1p3J#gr9!Bs8-g@~S%r?>u?7BBvp zY=6<8CGOO>!G5Akzs5hvs||TtB1$Ph7pwN=<2b`KhV5^eG zE4$}f%;>*tyQk=j3FI)nS0z{L@FYf9B@r${1cz~e0Vk(69cj_foLG{!i!Ee^x%-c9 z|8vsZ?(z4Sr=Oc@WSb1rkahF9#k||GWwPSeRuT2pNPYt#v_x|~S9cJXV>>B?BcfP3 zTX1w?515=@RvC538_W9*nb3cF_rP&=ywB;&WrivrZqla;BwFKf7g{AYh$4)>6J)77 z`42Pvstv!AKRg{~Fr{Ap5v6X*cK^V}%L|h9OdLq7qo$%;!8Inp4PdH9Ycp|}4C1Re zM(0Y>=TQ_y8*id%EwXd@%76G$_a8V!dpyk_8L1nUSI!+l#M)B$?k#?8$~aqfx{(Gc zP=%Jzl4Ch?JgL^0w`-@(+7Mf;<&K(i>K%9T5j+}Y;YQPq_YH{RoFRH)3uTD9Y}SwP z_2N9QwHXEOziu0lM(+ahC^Y8b-V)9>R~l8t%NKiFGJ1Oza0A`UCXercKq&QILJnWa zAd#upE;H$h2wW;Zc~kJ_s{X$|{ht*gGx3gLl$q{D?y6z4DP!`jKgxIWNdOj{9-2p~ zSc?;vke3X9l!^Ii#Gg0$vrI%Ff(F&NrZl|so_yKPj5z!tbX_T7Q4!~Yv$c2V!UDK} z>pPg{ozH(F;D}U~dk4x+;Xf|SALjDFYn%zUq?BD$Vju^+Y6E&@~VM$ysy9#n&-9_ zf*GAA1=m4&!8OcMjha8jNSzD8qE+VwyFLBEeLj{g8cLTb1?E4;w3{k2NmcfOE>`m@ z)lQV(tTHs&Q*X4k2{o@Zfbzc?_-UUZS$TVjs-wkyW*B>07>nRk+1ah3r;movGnB*N zSm_cZF8szlPrYiYo+Lm!?TmZxn0Cf&O>5wlxM7W&a!J^ zD$-f0IY&3L-HH_k^7(3h+Dt^mr0f^R|FVpD?O6DCqx@3~TfI(f*$@2kN~p`b20`XT z(z+SvD_WtJ9i7VgpCtN9@dap5+}en|zTZ%uvYs8M$4tx#CZUqIR*2!J;R5fOFL2t8 zL|_Da_nUiuMM_jPt=}W>f}-|)$~Os(rHUhBWD4y`#*a(}lb@mYVWac>uPw z@|hG)f2Xf-!eSbFYyXrH&YBRKCAk3`ua)ZjNuu`n$A1P3k<5kndp@ib{Y}E7_BV{^ zpW2fdqtUdaD=mHN&e?heB7(U?UQhbL&{knJ=vab^dpCr|**>YBs%KsLZ0MTl5UJ^x zDw%6VgH2Wq8ccrS0Pjt4r=js^XG#Q(0FY(boUY3w2dV@z6m%A5f`IZ$efCCn=GF$I z0zbYLsF{Ckn%q^w%RO%eh_dk;$G)hGAL|j{*L8^q2BL$3pc+zy>awOFA9+_ddk;jI z`$mEXKW%RG6>;nqwVii*4WQ zyqN@k%6t>kzl29_vwha~U)|bl3i?g*c!T~@FTV%66e66_I%>WC=2B18D<2*psGg4u z1E$sZ>~m@dB(ZHU23)uMA=U7S?#`BEvB^ZPKI$Yx9i`Yi%&1Xj_gAr^!eNS$vGj&F zNar!{VMDeyI)g2B)pDXLFJbt*Yc;*>?wv&AZ!Zt4st`vg8Z)%Pp5zAARyKXz?Ltoo z*uKPhqYFH=VE;8~xR?#H3?QRneN)ge9~~B z_|{V{^@A_GqQGhI45)yBTAEf6TD@Z`po-rHxB{+`s-ej0+H__sSd{pXClTxCz;N@1 zBy-QpYI#LVqHE;Dds-VuaTTcQ))KEae9gpFf?~2>M`1Nnz~=!ceAHeq#+H%{y3n5B z45q8jLm9Hx>p`R)_a>o>J}7P6jd~ZmdYUKKWd9h?{~q0cZUO#&$dVVkobeCFyF5I9 zFiw0{m`e8^*h~?DIM-_a*LVJhNAmyCpRaIz(=1stthrIT{G5mx{Rffs-za91o42Hj z(tX}7dXL0-53>{Su}_<=H6;t}Kwv-ZM5<+5qFw17`+NDX3Zv(q90^K(h*k1cSJYGC z=Ph(`{D!US(aO;{!UWP_j;14ys8pj1Twc|$N1r+BC$Q`t4CP9P8M~z@!1sCWLA(T8 zMIs<9(O;>0aWJR3@QGVv`Rfjnu@}k0{9C$&79WpH?ECKbI+sgQs>g;jr$#Oz>a>z; ztc9u0$fA7H zM>MmC&+TC&aqpnPFE}bpmcjK;p`ifC44Z8r4UMak-Rgb6B&E31BCF;tB3Av$^qWU6 z8Vhzz;Ua-jwum7$?1R40smSz4!(9+A{-tRv2@^ zBa+fkixsY9EGZ{UYw*;S;KIj4)`0YowiH+b27L^U=<4b^?dtLmLJRqg*pMFk^8flw zyOMMhd(ra>wN)Z`P!{mq$#Oam7qYe>qe>dzoueFV@cg@Dl0WQj*ThJy82}Ha=lAzocPwr6*XSlJzXM*BThD8)YWC^2n=%O32US`Wh$zVn9BY7y%aeeHZ(^@^O5i# z2q5ERuXXLPNFLjlf(-VFRXQbU9Xi}^->`g%6((Ohw<$J-gH!(bs3Z||I z>NlThw_(zC!Tsb-heWozf4oD3etyGS&paB%=%Td?f{ zw-1*lGdZSa{!taC9%gSE&5kVm@SCJTUN!iaVMyJJYBTMwlRIS-(`ZHiy=RFT*W0N zX0B=|5`Xl6`p@W*6Yh2oe2rxA@|=>hrB_*91eFcj_4mf%UUbx=D(*a$S}K@(y_GQZ zJ%sXm$wOYld%sD%!;oh?B^T~j12mSc3v#$paT@Qd06(`2y{dsX*LHm5TaoyXT2dzSzT;bW(3E)U|~Nykbb} zCN#{$Cq6j>ioswVdwZT)lM?F7RZ`yLIrGyWdn4{G$0`uFmb=?yBrF6IzheK37Y!=@ zqs3gnmjcFM<@{=1#C_kV?6hjORXvaPl6pdEm)XFhlM=!>6`i5t0gd!gUWvkV()4>x zjhSvzy{f9tFA6?lHQ-fQPgx>krquH6r=Zu>Yu-&a5A^%b?fZ^6pRk)g> zUM|yAQ{f7r>PBjmseMqP2}Ss$D&BiKdI(m0SPF}}Fjq(JE7yZc9hbd;QFrJtvL!_; zdx$4F@R(mNELA~d$^|+9iaB<$6ze^Tz&Q!7Yms>7a^?k;0Qf5UMcyqZ75&Iv)yeC_ zb0RO&QWb@8p0=KQd6*eEIjE{;@^(Fl9s}dml^Em&H-5IBf6^bmBw+a=UdKA73xOgW z8h*|olqC5c0TZ&J3aY$G^{7|oIn{5jba4#@tLVL^h*$IBsN|o!fbyrQO>N69h=if>*Cx6YO?7iqeAToZXGRPBFrHTHFMj; z(P!+b_p~oC*`z@|))Y{oY)NtrRp?=EnA=Z{)FqB=!x2fR&GqCewb>Ljisz{;wiBts z48!1*Tj6HZSqu`*`n%CpJ1yFx= z+AOEl%Vj9zKb6)=sFcnYT$^$&cdfANrW{JPd(kiU^&9Lv6hCCEAeBJkjHp3rt!KA- zkyZ zE+Wd>e;qH~=D=X81W9L*gJp|9aD`}-A!p3x@t3e#E2&RWhec~s>{0o5-zTUfYDJa> zCf6*zM6&`zKRNl&YARNSo(=^*OMn}{xq_FlYL%}N&?*MKhucD|L*)4=X$DI5)vi?~ zvS593_~K+6^0#p}H6*H@P5b4rZYco~L4sNeZ?RWtxX0PUFG%!G!d2EKnOgTE_SRI}rf#dJs^MdY z$OqCUbvPDku9jY|LES+2B8%Pf)21So}VaG`abJM?qyB(xDkb7yYI1X9% zELo8$P6&qGll7JU4-%^&^V&02qE=_@MNFvLp3`1J0DxTW!cH}BC4WYyTd!*(YA{`g^Pin3pQeP%JllQ2lGeo=Y zzd2>E?{`IeNkzP292Dq3)cLuM%59L+e$0f2sfcf@m_$`FK!PE!0wdOi(S9QHA5RS> z;@2E!2y@t#0E-%9aC_A&n~^8ccSU%;+5lXu1SN>4u!Nox%8Z2tjLnZl4&bh@b)8Cx z+RWtZ3XwB6+Nv;-fO_DVD6kuOB+Kb6RZH|Ky$-JPID6E6Q6~5h#rF4> zUzq1NiT?9+0j^;@yQZB%e;q+jEiHPeE_$CBIr6h%B&JTsXksSkuoX`4P(NTc)S2c|wxm=XA2GtbcXr zvO&`$vAvQ31%U44ij8I98d&vn=pl7Uu#In9MZ^6S+LGQ~$iM71wB z!WO~4O+yw_*QzlaOO4jjK4xvX=DV%a)DmOkXW~N1|BR0ZbeF9_O_%$kQE~VSkgkF-dtfwN{=&)K?dyLDrcBFy^0;tcw zkTHrb8n9*-6aaqa*s5@Or_tgR8eq0+XEiN`F{}~OJ5}Gg0izn| z&xej;UfJE;tcxatSEZWmLRQr)e7SoS{BQMuT!WN%KrI=vGP}??rs>3 zB0_j6nnmhFTbPdepvIo7j?W|BNm}5ZK)b$mL*eys=BTEelnrZ z25P*kNA&oj6|U-)jPw}6Ql0(CMBPM72W#>jE;2e%3(zqhh{)T2oGVn?o#0iAjLeqD zr*Pgy?#(g-H>C9$`Om`}uI_nieMcdh4PC2q>Nd(7WIYBN8iZ(vwWF#`WO%w;sV@H`BUx-`Q zf8?PK{b6{-8@-n&dicaOTCtRBYd053teTSjwa9?GTY0y;IbTleD&)AIhzf20AhE4} ze5IcfJ?c~gAJ-L4lr8bi_*(IE+Lg48k{=7LmL4)#^fU2}Rq^4iQ$U%6Qw@RY(k*e) zoEJ(5g>!tJKbZ!^s{3kc?4B%nHKe2p$4yMHvBs`dh>vWk##1?ShAQko$odMYFy?I5 zC-dCMe2!&ZHV&&_a{l50a$OmVT^dQ27H}HgufA(8Uoq{`s=Jr1*A|1B_A4%IFy!rz zy#qRY7U`t*)OWVPxwn$cV)Rb7Dtu#w>)Tf!d#gHJagA#|ebPL`@|r1&aZVq(3clC1 zJbAaXT_%4P5d;{&xGwHV$#6}-IDu8Aw`e@`o;j3!om^0SRbHbD>(K=<1;ap^8f!YC zWQpE5L6`c39MGyhI;F_#c~P@7xjpU7`7%-O^`Ia+Ys(J%n|L zUF|oGkH;XX!TmRqHl2(VmpQNWcThG5j}DwFFIo7t0h8*2gHzY#VH=!xBMZD{*=$9E zN`RH>WP8Qz1WcweBjmQP72CQ7)Ju(bM!V1Yhx;B8?RjQ=qBe%r8^zlVAu*ahPKlH# z1}AY|6_4vfX6{2!48F%Htw2L6Mm{=r1UFMRko~UsxKw(>tid#c347u3N3DIoW zk5OVVt{KunYQZ#?v0QaZMDm_3(ahCW+H_lgwy*|HojYW$V{=b)l`v25s@ekhk6)wx{^itK_s=w2V! zt`>1FdoG!BKLyq=qo8DQ)g|`1190yBTaP%Ld!qu%u>x}Ey$0(y8HBoToz2*L$WlEArcwkNg;OJAp@2k zBQPNCc=eX1DEtIi66t95Vtw^qA z=yUX5(5@WzZ=fLqr%sM+%*I3oowej`-MEJNNDjH%wZt`3enfPsN8f2-$I-1wx)CFK zo9?0n`}aX`$FK=hcxH8f%a23Gols;d#$xU8MWKYNW~tqF5UOpYp()FbL1IsJ_ZJKH zub{=GL=XK^z9ys|;;d{P<|c&hcT7xOBFdPOp}-XfwK^Shc`uxuZa#co-eih-HIdw- z%J&I+{NhMtP1-hv+`!i28f!|XQ@Fn6XXz3Qe~V(1BN>RXY+;MT8bFo z7~kq1i1K1Iayz+ka=kOERPM4YQ{6e5*|C|7wetH@4mGi>Qs9`9?&u+Zu00dgLThx5Nl((Q>s z+z+QL)$%*9sn6G+{|S5j_gPoC=5)VJ<+i-ndaWQw%sz3wqVpcxaeDYO;vdnA>xGe} z61l%g?(WKL-tZ@?T>O*2+xh#-^keyxE5%~7S@xt0gF6GXVu~I7mTWJ^$x&7>qm^mo zXXt(=Ajfsh`GIN^?x=d!?iaZ^XzS6_;cF3?nJK3OW#^~;o+c+dtdu$Kly^z38KBpP zk$g%qaBRC@mkrKVgC`Bh8dp|3WG>zGYWK|Sb)E%?uh}Q-*mQL({0Ewn(tNEqDPhtL zCrMr(IB&4hk|iVOUDNZW5#&FW2WU(&Jl~v9bxBJBz^rBK;1UW8u0jeQfY~B&^L%1} z!ML5F$ks^O+@i0~rs5t=QFj54lSeP!?tWdN<3@o5V4Pt;r}zOT%9OV%NmFDqkq2hl zY*&mXstP_YcUhaPKI0J;e7AA(q|uXm!FWsslg=qHL-Z`r=H#|Ag{A3G_6!|?GP#@t z#FW21L3rX&Vd|;mP-{*G#W;BfVP&&$bUH+Y*ysa(VZxP09(rtP}jan(_4>1Sx4Vf$3E)k6U57& z(ZAcu82b7&dMDkt85Ybn1X>cxRrKE1OLimUsD(OPtO|)K_so%5zjUw6LX`8&DYY)q z8F-kyZyZBD)p_ zX|8JWwcJb6Lc&oDH)CPfOK?etCl9oy!PIegblB5QViYgU#C^E8ByE3U*ah^{ zOy5dd5~-bho4*J2>fI~2FM@v0mP&eJ@N{xl3HgVV{tn_)Ih(pWBjC2d=4&buk*o^W^*43LW<+}qsgAap zIySj>kOGvpTJ{tuL(T~SV^fRk#+Lw}l9%2wo{Q?nST@H!L@C8Drv&DCUJGvcCr6!8$v|5z9`n$+}q_w;J~_N~56sBWBB(0v{yoK zO3R7$%kDLUw-Aj|b=OYmj_>JAlmi5@{G-Ze@ML}(x}1{^`S+aTx|Cb=62@#Nc$WS|@ZCVP7*T_sF5A#QfWP zwRPR!_lMbHw|ze`r=#n-IMXHhIx-C~%( zk-NN--)~!-qvKZA@jQ2JE~{E02A_wPMvzj(t;zyFczLJORM~=+MYf($Cw~%lB&a;p zM+!?TfS#O*HR5}l%U~$y6r$SXha}=IpaWh_=f<#Aqg+7+V`kd6p1g(i_wF))*PT}z zeW`pkMQlw4t|aIFID#ow)UlQ3>Xw%8H4ADV7t*hDl$E(63?Gy6|y(_wlKl zF0wK>Y%%(|Ae-tE&mKUq%O5v_dS#~66FaRN2>?2{^G*1Y16)ve#fDAm*> zTD7;>l|)%o{jfmH5d6AlyEuiWGqI7q19*` zuUBN7Je~mu6UZcTbfaXm4m@k(u#EB7M=x331UhZ;U9%BK`r)$8Z;oUoDdN^2GbXp% zNBJ&*jEhmG!BAz%n*>Fs`+%{B=@1g{CCi5mAocV-9cK^JWRsIiDixJ)B{eNi3WpAB zLz|+6$GC1=HC;L#WR9w#1wu#Vv9bne+?5`=r}iukPwqIVXO7_0kt?cZyOJAW!qp|Dzhhk$udEd+O@g{u5#x;*Y%b$NzcyRqgg`&?XE&a35mo+*J<8 zaq)I5_$BzU@ZTXF?wZnQ{^l{@nM?%t4g06LaeX;S1U zOUMMAeLW0NJ~a20{6@A6U=_u*5=!D~7QiqC`I?gPkD@o6b}if(D?FWxK;VV(tI#MO#oL62!qMSZX&s3HNjYPPe7iN@9R zeh%GGT+dhz8I^_UEeOz|oYpZYv!7@vl4`$%+lB~cd?(Cpi&YAw)+Wn*kAUyb>m*F**ZymU_b~??uLv3O$MNUuFDOtCc=CLD&$hAI_Rh#*)shaGF2^> zct67}7wxIdh_SUXs_R(%*5$|XHTmZva;vY%&9>4y^P!7 z<=fVD=5jHvS!2;(Zg9-dV@AH(Qn~frXS>&Yr}jnCbE)U0G4)>0W9)JhOwlM~`si(+ zyehT1mze%)qJj7+5Hx1L` zlQh*m3qgA!U&UMHdqhrS@9Mg;;$!b=8k4yyPmKq90_;KQGpg!#ie8Ux>uldyOVK+} zIn;7ea|*XuZ61eXf7yH;J?(qnj8OTsLU%D!HiBO~i5L(hmOYrLP%Hk-Gb)viI$+-^1HmCZ+G zhUErc8`;*5k84WV%?B|(!SuCMF!zLMZ_Wx?fQp+fXHer-po{5-xn11`Q`efo(NXP# z*lG=-`sS4Nxb+tq6PqK)wCW=xn+2tQs=e?Ef>+B!4Zx7ma>efV>Vs9SSeT-f zTcoZAeEBt+{Cm=sJTq-7#g~c=@FcK<9A|3!@if9{w8s`KX#`4 zk}K!0q(5f|3teE$>I2aySTn2fVb;ne$PJyIX&=ika^&xIM%Kw_V&AiO+1OBQO{zdT zN0pE{osPAh^6SzDld`Xzv=d(`P6jL3JdLsLZ%ZgjVsX#?-V5?BN!b@AW4QT*ukG0< zHghK_JpQz1xY)uqFHxS}Y$_Fs@+#+oG`y$G)MLknp{Ry5< zL?76wC;+YtHS6|W7V@1IB2Mo~NcA3a_6A4%Ff#+!w9buG=S1E2kl;pWA;OL(lpTJ- zXAMq89aU7_w$PoP{3z5!9wp*U8aJR~r||9vsugs}Xi znDl))UDyoN45O)#En95P5?UpcGnHz)N3G*GJrEofHROL((B1Ox6cC>QZp?oT<-qQ~ zHd{Pi|FMel&CX#T>TwDAGQ4C*zP7;mckE^|Q%?P^bPLcP@wz}H^PeXW%aCGDrKJ}s z!9*+-zs&-Y3-~ckZM=sPSsupLEPn_-;523AlX6I0P(i)xD0A-#V(+D^2o7eR4Cau^ zX>j_UJV?OgA1{Mw7?v}t#Ybv!v_4D8-56{y>E3+D)G^5ILtHinVvxrLXNgo4Ss38- zn(O~fa`Sr-dKQ}C81}5*r~U07_gZ*r7 zl&YvWqW;3UwAfjyw>J4g;N`aqrhXr7kHs}Q{?EkjuXm}KHkjknLp)1tkPyO}x`1Ya z!+VJOT1}Q(J5Xe%Z3*`%h<7@v7dgdIoYcFTVXi%YY8hWms;lK&bF`%s$Wi^_>9H5m z)X3PlQ#wA;ckW2Y(V39%zEIWXE7*H;lE`JzntaT_3E(6WCjUMd8-xHsx(?T?V9^~n zxe0bHM9_*`cyxG#cA={FdRA>W1D~H166PfAnI({&NVQU*NqpoV#!EfS&J;UpX%EqE zW^ma}k2j6;XaVMY6S%Zv+)D7i|2jqa4D;d*hu-eNf0c#nQ#yotOB9RZ+16CSLcHj@ za2AB(B!Z_oH;EqvW?CyI_c|G}N!{w~u#%|jWkdB8D(ey|gsF|6C(TGHDOHml?jd{5 zjn+gm=kNFCL`u+UjsSBfO0AyKngwvOa1_%}GiPik9URY?X;sy!4Hffc08DjHFJ@m+V#rT z@wNN>MjR!M+Z8-1PIA&c3Sf0Z3319kH<$eYJQe~-FB)Tmt^=Z zR*m4cRZK9T7VUen0=;}{bIw@eBr(GXY+|5=1h3kGHF-Dc#TMu`!+WLp{vr_kpE6;{}&RRAk3&I5c|A1nrmmNx2)=Q-5Te5 z%IXF$Yl^E{r)^AqylXWFJ|Q#_=LA+E{N(_2No8zxbg-k*Z!;-CkH((p0>o6H80t{` zIh(zL;-ozhGnn!y5y7Y17Ojr&{V`?z${tHT-Z{G*>i}a3?)K`cF*Ax<14a@SJ{&H{ zsZG2n5y%x6v4XV`np}g!SL94=wdNDkR-FY7k>{nHrqn+D%+j?4v)IEVPR*bN#K&7< z^kP2W#!E{h@J8jPsyxqoZHak1K!p|@rK6*uprA<1$l-}9?(PdmOi5=i?HT$0AJ}r| zhCKVxXS}poGS|o31CRahnIswK{hB_9toJ1Kud|ves@X{ow#vI5q<@34@Vz+(8}`kn z@WW3LWh*H`Vuk}Bux0`U{kO@#X3^$Qy$wfMO@L*NgI!cnoHfOTwf>FC40?)P-vP`nk?=8ZJo6&Q+b`pDgjc?6}y{* zg?7qXYh}bCM+{K5YzVRv+pyU(O$KojG@r_+6B7}wxjQTvO>huF8)r{%`SjYHY=SI3t%hI$0aakTFiqxTfowi=vHAPf;6&%lhZ+}klk`b zcP|hT8ckf0KYV^|dDJOpBFog~mo(p@Lg?xy7Bi3hkh&ijWuqxd1(VkR zfZby&gAW-~Jj@~~e|<=XP@UtrseZ%33pbb4M9vN=ax-h^h#|i4~@T9|{ic#Z8<)75uug1p6Uld-fu6eVv6PN-=FkPrW0e|H7Q51b3VF zG&nMc3&!8f+9O=I7_$^a8PcrktTW(=^ZD@IOg&sO8diBq!S7#=6*A1W1Cvs#2 zGbwFN=DPy(%ybMKoz#+ql)<+nhWo+KB%`@|ILcz|rv$oJ{3xa9*^Ah_e6RHGBE$3~u$ z*Y-U^HYWmRX@|d)tDLjf-*=^`g$iBfnz*LDrDFAAT2R*Be}=F9UTgKK`X)D-WF%52 zEI|DQ#^Tyz(ic(5HPmPiDf`gYWL+9f%aJGFi)8{sG+Xf2IwR z1a^(Bw3QZmvp}AU#g@k&u@R#hR`qePAzWf#Mz-S;QLJF!GPYZ=(2BL z2CuF@X)jB8`ctyrbXT(dJ@$}l7X{^V-^?N<8D-1Fj+dyrbEzByREyKGNDbEB!lE-j zewDV)@X7Nq2HAuKT7>uJvZ^w^f}Teck1vU~5;;uxK+}g^P51ve4rabF@ue zYoa;K6w$g2;#-K7YARCr4V-D)A6Czr3-7;wS; zg}HHX^1$I8v_9V60v2&0)nudjp(Eu-0gCEGH-8_|#|NOg1fB1Bi~;lfN;=Zj+}mwJ zN@>oG)5g>W?)SJXzl>4q+9k3bVw*UJOTs<~?SXECV7mAWU1gQYgqB;DT2r2Q-5c|w z3XDBj^BslOr3v~l+Zq*Q!8s>$@^`UPJ6G2JxOOVfXs~nYXIHE{b7^bFLaDMANx<;^TwcfUy@;199#i!S#O4ZMHF zqrQpMn7(yQy&d6I%_%?q6I^o`5z#qXr<0mW8X1$Z**s(pI*@AS*B8wo*azw!hQiEFF`%LFz5f&>2bTR*5|_q^uQI!Ea)WkdeDmEew|Z@?xr zW#(u&mD(v6l!Oi~w_6R%F$5FC32UJij*&Mf5*Zdvleb!dAljHC=5;|vcHty83#)<@ z4W(LA2+ICg>GcJUYtf~JoE&y8KlnPVA;`5_d|J;~Z=v=y_3Nqa(z&7M&q*b?1%2jV z$ly|D4sGmByX$P_V|j%fR^(h`*Sn7v$)mkMyiy7n6q*IN#8L4IdB{rIx}Zox@E*+6C%+-$ayPET>rq>sPHo*t(HLJy z&*{8gEhK;4(o|gKWg|^194KQbhJB_$>j;SZ>W{vNfd!^RR zx+D#WD2^*u3^spn2HY{Hv-s3lm*=vW2M#KzbKey!>bYabc5>#gYF{>y7o7Vo2du9% zmlp6vRZM+ORR$$By0rc7scK8VyQ-5KdR`IUa|fE0hpBUwoZiCpUB@z-)aV!})@K^D zk1I$h1fBj+<}w#4>FG@Kb37i26YXx%{xp~rA#)7+`kUmF^t*W8-OWJH++WNVa=a$Q}#k~diC4F-;F@qd1A$u-De1BDS_TP30e^$k>y8L?+3ox?GmeiBE zwfnlik~j&zUXV>@{gR2k^hy4QuKe#ah&6;e?k9BE@=Lxz2Of(QJ8(U4+&4~wBm zFyb+LCg4E$W{*%ifV80Ljt*S=MAZk=xOq&i9a`KcP#BcEez&Az)wO&%yTy(!%R}la zE37YRMF>WTS1-k9yi?)5llPBFfzZ8fd+nE8cnV76(de()l2C_qc8IXfZ#$Jd=tj&0XS-&j1ZnvsQbl6nfRw(ab4I&>75){gqa5#K?CpJ@IXvI@3Lt@3C z(Y;ScjX*St6sfAogDWTz!)M*B#PtKvkng-;oK*CWd;K5xx1LVq9pU^VR^+lUa0DtN zC8klr%>wxZa*z5V!UtTtqn4?omZ}44)rslmlx0r`13_ddi6p|W|7aZ2_lnO`)kTKx z^J|tYDkfURY0DMDH}pBxibsvX6vUtaf>v!P&=n^2={oQUL-xE0!jO52JQJ`y2R5Tg zTpsIs%SRuYNK?ojQ+ zL{&;W?)Zs9oQ|O!@$tr6nA{K@;yU<^lEzgg*ef8OFz&s-+fAxi>5y&m>Xy0PL#7u! z%-~ugInp~N(XD*L)>e?@fx@u#<3nc+9@ov;L~OlK;{gDt43Q()2Y}{-m8VB`bDme@ z7Hj6yJ*w;Mr-CoLnR&O?RjM^vyLz8@RUL<)na*1YfQMYA04Je6`gr82-Bz=lp)q@K z#A$o~+HxL!erkfHv2tl~aol1(Y*9?Ts+9wTb2f?3hy4xeUM1C~7;O^7@Ak%&+)yD^4Z}MiD^kY;H_29mF z`u&`Y5{12-07f%uy+i6?g1Lf}iUe=|VPeH?{RW3tyvm7#X!NE)Z1W`VNvu-vC~O?# z>TH||>RU#vCfCl>xJqSM9~%D;_TDq7jeKqMW@a1)Z~_B10)q`ABQQC`kda76U3_HMgqnH<>S53CY;{df%Ij2_10AUI z2F<8^17`=UjE%+l?fo!L#_ZZD95RKy12&r?BHxhZT;wyoqq_L}_4w0v0}6l|()t15 zRl!Sl^Rt8%6A^(H^PN_X`$@$|i9WQMem+ZR5C9p%@@-?}}*|wI!mlc}a+4GKE769bS zPHi7hU%pnVRk@y%N*nTfC|*Fe@@S+6tvg1h5&-(|hf%{x^Z$Tw5K2yfD@b?92&9GDCE1DwVtPLhhtt* zR?7i<6`E<5yEf^w%*wNx>OU=g9&DMEB93?!c;asy#Z^&=8Uec?Nwq)@V88=oy}QP| z-gTxoK(-uk6_3mTLj-TV{4&qhj7xquKUf|UXvu;V9S2wfHNyzy<6cxAf zHX$n8#mUz2oS2oHL+sS5M8ufxK0y?un5U#d6GdiDHiZ&eT)50_yp6pNwN!% z6Z^|4w=7kg^OO&Mz9nncfS4UcTO{N+=5z;iXz23Nk{Ocsrl`|kr_`S0&fvho@14N{ z^cuZb%D$uKI#MVJ{w*N?U z2{d)0OBcF1%h+;14mLO`lLXE4-107VlBdALp#VH3yMjhIQB7w~VmPm1YZ#J&$sP!;|HeP@QKVI$%#5ktmh zgLYpeEcGe}zXS1qQmnIlw@v;0B`MY%CRkdyE3fz2QC%ptkJoB7Tm6&>>LtZ9Jy+`} zwZyl5pUEzB&pqs_U7_vS^NReAX6=J~HFIFjlB=$_dcYRy@i}J(nJy;WmBI?=R4(Bg zTbchT>S9Gpkm&0-J(Z_F1gF&&hYi18&SfoH3^5wmo<{!Gz)J7=x=s3O42UMfw2eWx~sh^gFLRnoDm@PC?4Wm`@F4wlt)mH=9?qTwsX841v=bMHIk7{=$P@ zL}XLWwS6=2jaFV?&`73Yoa9p5#{F*1l-u@!Gx!M|TIrsTI*i`&>d$Oo=qh{OjVvs| z=pAhXE+vy_USfVH1f$`H7Ut4FvZuD4Pd-*_Q?KhC>Win15U=qDOU6!`$knr~kiyZL ze^RVM+S-@djpkmawZJdM*S@hKxOlx6xOaxF;svAXjJsmtKZ6oAz&ZNdemCqcMuEuY zW!uTEt%okWG8IqHCCgEXvBv63krx_W)jJ|e=l7E!dYJm^tk0chGzCU_@xV#m&u-JH zS=)cup8xtu`D;PHT=||A#_f$_v#V1G@p}AM_UnIjDjBux3|@#d-rRII?Qiqe1_!2v zw?=I%m)BtvaxS`G#_!!a9VIKc`MpzA%<~_Wy5Oj;BPD^kR*{Jq_p^!$RG*?TLZ_{#UKdkojib|Q*R)4_FPY*@ z#dYu;qYaq6BQ8(Tc}S^%ARF$uEFGuibLubOp2TCga8MNDx!HF#5OSG2hQitz=ylIO z?ciG&M!9jEVj&63z>wR^Jb5&4n*;L-&-@2$*+c}*#eu^s$;U>Q56ntR4 zzp)yvKEJEW-UWyOo4zn~u#Pj!z6WfF+-;~$fFm-YB5ZnqBvRfHqbF_cB&YCRXZ)Ko zk&CP29osLso2)uk&GW&XY4TnR#$&7Z&`I^WVi8EPx`Td{qo8Nk%USH|czFGGRkh=! zy|R^UfzNsjK;_kKRV{az1Zflc$PA!#tKm{0TLorM&K_2S+4?Ga;un4t<`S5;QQ`AmVkQbJp} z=zo6erTj66gtqkB`3^qdh1qvovTpYWHZwV#t|&xR-h4YG?lSi!c`Wto)p4$!e;S;N z@-ukQ%!V#ZrK!)-F)PBPI!yaoZ4(!E_G{LjIxo)z_c7^1`@(NuE?QLmsU|6FfL$M!7F!M~(jy3#o(BjCwv z1bAQ|=JP)3tmL z5{3hJKoDUiTJys5h=cCo0xK8);%^m6L2UnkclnulZEnXK1~Ukk=PCc!XSzyGgG$%Z zAxuiz5NNy&_yIiS^jBrx)0UyM_d}K-m(kOy^7iHBeGe)36_pp0_L?p@&+OIvvs(52 z_7RiN&sDm-QoSFUZYCAzG)){CFWB;)tH_p0dmnceHB&Ph53zG0op+M#29%<7Q4m+y zh2dZ=RZETwB|=xr4*ZqXMibQdNUcS??U0}dk^yL&W4}AcT6LNa@kbc%K@C?BkAl)W zKEpkDAQl2i0^$&NCKMC06j%vC+s$(&Bat6l|Lt}Qj{=qod~jmPpJqUfF&q{2{5i}K z>}<{`W4?NslC-bVu*#`1L~0i-Q&|+J5r?>|usCr4Z5k_6%eZ9-3Z@Z%pZ@n+*t`1U zyP7C^&Rtm#L}8?b9YHs-NCcQdHZVEkf0?YYXZf{P2XII;`LdE4)?J(BAm9}v!TkiB zu!QE%ljCuf+`?s=x3w^v9yIpmo~P;DDsiRv^1m-uSQ?8pY&JI`V~q;>1e~%k-7MZa zaNY=>vajB{8bR%nYr-S7M)pBAe(Hq2^=gL=uc;_NR@$U*jbEyTR`QAxtkHj2pGEy6y|yv zi0eLyjP3T}LuWwQQ^Xz#K3z08?*nmt&?`h&1Aafg{NXrx^5ainlFxK%qAYTmlnb5e z!g$lt0Gy$lc8Y#@P<6vp0}qH;BTgJk%5Gs-B0qttDL+eTH;S(Cwnlc4_*cw-3+}k9 zG$v=C|2%`TmKk-MaGiO|L+RPjh*mbl9Xtt!M3Q>%+WvTkuoz`XU)YXXg&~XAX-b#U z9UMn4Wf)2O^<#BM;fnFv5T@4TSq5 zy&2~2_yR*=ha^3Vah~2P@tMp#z8uKs@S#dk!bvh1l{ZQ}Q*ZG>EqT*$JGyuaG&NDH z^!g5Zt8-fCCp^DKoY_~>90Sw%w<<2IS$cJf_iT%}pwD4i<6Q$Kz9TC6=qYlIcBNn_1`;51>-nDB2Xg@PVbTXfJk0M|9z@G$ zMctbeEyd5{G%4^d!dyhuH4m@y?q3fT#;v<*--0CSsz^dDB$(-RNBkX&p7)vk>nl%N zGR(C(JeOq=*}Oq3E^$y1)07<{LuL)fl~u1;$ngH|;?x`EgbNft~Ta2>b|u-1>Yc`%lAj@5cU+JhPe++tt}z07~*tpX2PxlhGz zm#g=-RzF&8I}!W%T5)%CPO~#M^Nj!dOF6G^*>Bg=8$}lmAhxj_VI;l_fh6s`-k~?f zUaoLxYDX6t7eMR(d@aVsF{vd%}%EN>|#Lr37E#`*!$La zQiy8sI7n{a^zw`0Z$I(wmwzpvS}ADKR7k)1U!Ij~?az}x73A|io-Q{L(C*Is+N~Kb zpqEH(?ripJmN#5y170P<#=fgr;?MjSn3(Ffv>*DM6mx~-S`^=(6sa|5p>hjf2mgW- zf22rqD#$#J3BG4`86`<}*8J7rB-?KOy0ugO)3tiz${PS-iFc!{@}3BX5qoM7S?~vC zqV(rHQ^(DoD|A$aP4{17HF*^c;;H3KjD+|ft}jWeSv9e5Ky`sb4r4F zKhBkOU(J@YuUpLp3!X~|c4TQh2?Pf#8LeFG-dqw|ub}bdH7!$q znQtWXh+h)?e63cXdlN+J*e*5sj7!GOqy}Y)ozsk0J9ysZ)TK4gZ_I!9Ck6Cwaf2bW zZA054wYaw%E$dz7-#TniV0c~4^~nhBZ6F+>mMe;=K<$3HM>XcvKqrly+ZiQ@l`ju1 zYqiksCoKkf=I1?u%}pOhlEcDx$5i54=Up2j%%X8XI47(Y2exl=nxr%>$Ws^Mo`8N} zpSBgW=y^wi+AT?LeJyXrsbBAaRpzrml68a0qg3F4Yb(3(qoC#}d_FXmYDQl-5m^@$ zdj-&)a^}1J5|8GU_8(y)Fso_qa#lqlGN)Zq`}O-ZjN;cJ?#bBmEV=1kZ3fyj6cypV zHpKN8^&?Izjsx0Qa)x2n+`*Rm0-YHTny|H6xHMs1uZ!>u|EkUPUJH(%m z*%x`trqE_{_t^)6w_(F{x5;!-Ja<{SZ01?eSsER8C$j+&DH1W*bCIPQ*04T);}`MT z%vqG8-AeVaBcyS7I(dNHhWV`EAJSj%$*h;M^Lkc&ynaWdf6&mf#d@vpL<&vzVG3@f z@s*cPJjeJ(Hw}1%+;VYMA^4LDcY&~L8G>Z zJo@=-5XVf+0p8iqKDNsoMVs}KG+c3nGu@J{8@O$uLEr9aq)}8BJu;$UF}JgB(9x|( zu!u4q)jAhF5)A5X)btb@o(gF_cWD|_GQi|wn+ZI?i^4s*s~)-9iRjYH?sY$Jx~TvK zJHfKsWDYRPic^Q#3KmQ==H9>+nU9Vf@~{%9jI#`Xo{DUwE-vhi7|bVI6+ZW90H0K& zp=eNKWaF>lthZagK9%)g0mUk+nA}5khcc`>>1A$^aWP~GV{dPVi(hTjrK)k8M5gmp zx=-|0W3%!2mxf1biTTP}*&k~YSO264x<_03Z=$rAC%J=9|Ht;FqR`)%k0}7(^Jcm_ zy$(2=!nOj8(qMI6PI@}8VdpKZG*@M}v&@Q}?CyG|db@ay!$V6|cQxkm=CWBb z(Aj2Jt;E;OzN49{x_|TV+^LIX#2LBIw0>)ZK!vE`;hgK)m=De?KIIg_Od4UG@7^`? z6xl*Zve47^-Rj)A=_3Nw=F|i~sha6?5>4^QykIB7?gt@u`&zOvb zh&=5D{`aJ(5&Pl)oy60XUYXNk7m?12eUla#Bf!!F~d$lWd+NF z2cdcA0lN88C5J~MQ&$8Ndm7uAFB1N84@7e_j0U2FwHNh^*B(20?C!mT zYR8FFJ)fR8!|13)wYr*!$KR36ggx#}g(Qv=F9~2;zZMHxwhoP1Sn4%Cx};~`gG}sHj&+t-%E1710s8HL*R3V(J^+^_s1K=DQqslXE&zD zLcns)v$nB0@R0Mpn1j*SXm{C+8;_6G&VTZY|EI4n9mqkBKfY*71P31#vA#KNUNem@ zO!|@k{FfR0#|8es=^r7_|1eBuhR=#!0^Xdn{fi#zhsAX3UKjLK-lpkWe<}vyJHwz; zUniF{>6W%C?u26@;OusWbx3`T9V5%KAJeGfi{-PqRQd*jd*#W zS04{pT6+Qo%4;g@_6zkO^czZbuXD!^WIv`@xZ$;Cxc3OuQTa$JhlKCXvP0PjW#`iQ zq_s7qg`w1g=m)?FmnK4amD2>}9;Gxphek&>V8$!c!$t$A>OZy~+^)?_j5Vr{``B5; z=MLtrc%3|UkLbO2QQ?>n{&_kEs{g3$uvUx)*n6%)!EBhgcouwJQQtu~RwK3$y;~xB zyuSb!pJ|eTy-jV@ES_$V^8Yn1mDY*#UW6%_gCE6pkPhF;hR11RHW(7W7<<~=ygE9< ze9rj|+TTLdQDFI?Hn(iauGOXGU?G~>#oZ$!HzWgam5Mi=9)~d)hz)J?oLk+`Z>GPa z5iwMdG#Az?V1G8G0$CBBX^3}6QMfY%f!%u|?ATuR1 z%z;1;CRYWnRlPW~{%aJK-u@A*I4bE|t4dlRo~F9NWn^?!QqGVrr`&7CDJh?CsZX*W zSf4PI!eyS2-;2(BJhYI)WwZT_!gDq1i!>@?%+fYl6C)YSWtsMz$pHJX1gAYU+Qm_w zdc2Q>LTV&JDWHXC?3eeS%^<03+tyXAJ+ zUhD`F9lk2Ak|&@a3Z4x5nMvS+;^y@k>oO~Y88evVb5n1vW7zVk(U}i+pou@Ml>kpt zK*U$f4Bc~t8jQS}ifaXn*JENwbYu`8hPPjId#Td93WQ_nT$wmw8Lck@v zgMgT@Y!wJ3@*IhbBf%+Sa493}Z?dFH%6VbWJ^PR^P4tN1t8l1gM04eaf-cg-;m*Pj&gQ(|R~-6i_r zLowYa-($tIa>YT#yilhQAI-b7=lO}x3-@M5erqmH)V2R41As~~WKsHp!3sY|l90#- z5{dkF*0zIwThw+9+!;jMM~>&s4bJJB;sv*xm3G>RYn2S8^;)qiudmcS`CBo`P@68& z`m@)X!l`<^pI!@;89xiS-=o|L3mhQZxb-OKjoSL@3?KW!%JA5o53WIW$uw#Gj>?8J8EsHP6V z@&KQM5W;FIfiVJhnKNx@c8+b&wbtU$tJqMCdMsm&^g*#4I+VuM-qu1Ve^KASWoc-x z*|(vd*VF(#KklxeuR9NojEGH@nJLpZVvIqwmLvD%7&37FN@j_x%;-uGmJFYodZoxn zlTt`R68OFvT8PK$=o0sy9}`bKgJ?`9A!&;Z#}CSef|pND_bpA=K4o|LF)$+D2-FBZ z_7lVx=vO93hwi_d#QlEu$`p0X(|&J?;zr*GdN*x-UAcLm6Su|vKL4W(|2Q`{oh}#L zCl^Rv(V^4^>pQ5zWAe@OhdyF*3#1NlalQHYV_!(M&(GxJL;ULXJlR;%JS9WE8#_rg zMkq^{OLC4C9ywV!-&fLBOLp@>r%yEWCRArTtOGH&6C=Enek?cLOm#xLJ-n2ao`s>9 z`uJSEh`Dl6PU=D&Y5}ydTwj>jW3$IbhRIY!a&8rQ*n&Dn#qto{ytc42+)&qw98&`E zAy~l9>23|T&c*vdR%?b$FiU%{ii+NWYkx^mO|s^z_-)^gpgxXt4`;L^S$+6Titbp|8mHT`&ApjE8a?iTl=j&Da7fI7;bX%;m` zo}HSnQwjjDI36EEb;pF+85!@hskqE0@nD}>7P-UF-xHaHlBnuR88W5hvPQ-+&d@$a z&Z<7wrtlmji`}f<7BbbkvzGKl%A(*&ox`G+9ft}wMGxf)a}rA>3fLh=E1|08EF6nk z*Wiiz*-hWoCD$g|t_dv11AeBguES1pl;>)OPO_J(_ZBc4=c`t04lq@Ow7mzg#w6+z zJnq>i3&ou3DEuS4XhdB&-nC_$@s=&)-fdwA-K5#EV?Hjza_Efn zhTanq5jp8m+u)23j~0(H4YozP#eu|?rspp+M|oY_i;jrsi{dhW@dl28-~d~fnshcG ziUX*kVovkm_mJPNr7%OPnT}TrE?$^?fBp2?InP17^QG|$)0e;P5&llEw_!e})=-So zdm8^XxqHGBb1eLiqUwj>itXQtdipU)tiAv;ogAZ@%H<+DTIy2ky7|BXXG_ypn=8UW z!rSDN##&-2^*9i9b`4-y9v)(fsDJqVg%1Ox8uVy+)1E)Iq(sXes8-^CAMOJgs-1*d zLSr@6f9nj5m0eAGAoOsm@|ImA&a^U2YHHdM4z<;W)rz7UpDo@cbo7#tpMz=H+1c5I zJ5N`;)=h!Sb(j>33X(W z%lMYZTM!Th#r;Xauor*0<{}^ET5s#}-t_^>$i#tB<`%D#PCzUvyuem+h(okhyK;XD zidLz{_o3~rTENHL$SVf3VC|TxAQwbWiAvL&DU=@PZL71!8tkbZXbh^7kR-YwR&)^?iHLiGT=jSvD7I0cA zg=zYBOVH>caVLm~L45f9C+}6HcMyl>c!f~v!)WP1A4oyJ-`d!DR%Xs@HBToUzOMR! zDH@9GMW%u-uQ$a*GBb(c^{GY4h4GB9CwX+?DMzW8pd!7@RVVo>@?qE8*&tC$fTVg7 zPV)9Ie8B!32eaFWki`-wF{%(BKI#Lv(PnH<;7_~(gSvO8zUy}LlLrcNUkf6(L%3EL z)Vj+4$_x10`{uvR8TiSN=5TuSnLAh7?3`(PS^1j+lZ$-UY1>IPHPHvLwzY-rVj^2ykI32(YJ2Exfa_^;L2QyxQ2};+gF4 zOrz5B6TX!ScZV)0K^Vd<%%()do{Xm8ILdo$TRLY!WPN6FvjvMe3xoVRg7;*Fj9b5k z4-|BgnexMsiugTQMtEM;)J|MRNm=fYkx=&%u%A8FCW;F@GpK?-q*~`_Izs{u1gx8u znML%G3G=>&H`D7)OM_E-v`AMI$H}gU$52S?HySl=a`!G`^Uz98Jk%OSEvG+~O>bat_*b`Lf(y^3ffM6#(hj^o@ z7GVws_U6p1o{Gfu@XB=wNH6NY*q``TaiR$~ZssKu=|vgSWu4SGG^0qvJigVvukWzi zMb8N=YDM>lVk}k*5=xOI;_Bv1Wc=ihtGkKq42viGBR`yxqXB*j9qnh~n6vgN zz?LfVoj$Fu{T$b@52V@Wd6r9!_URnTf6&mB z;choM0O8l$YSDW%=5imT%W~Q#p@-qk*Q@G+z1kIR;j~jyLeF=EcOuZ^e9@6Pj>uUs zQy!Ruk1zSFlgRt?G>GW_ST{m|8XiCEaMx;?sGqIjA=4+vQX1(dxn*yVPwBy|tW87< ztSD|p+;zHW}Beas}lD4T_F!+=#F5WB{2_LHQ z{WZQ7Z?@2aOSN(jwl?RnU9|K^u4Q&9`vn!h0v|VypePiA zf0Nqu`CRe^M)z$ls*v%H$xJArlcDGSTZoMUFWo$EhH^X+|F}1?(y%iA-Kw`Na5I$X z(9>N`n5oK$Rm@8`d_T8yx~yr_53J=tuU4xv-ofKSx+cj{KT(gIIb3I#{_Polqp5u1VFF#`heV)f|6o^Jc39q{}`x+9A%7;Y7m zqo1RRHMt^+2uWpv9mGb2#1N7x8rU;P(6C*He{SJW*!^&or2y~k=Rcg@Uw%A%DdcQF zpLx@z3dSs9^=8V4*7tBvChhZNI7P%ftWj^#5CKnpl2HfD+|zqUMg2K#`M*8<=%4)` zn5if6Lx!mTk6XF$*8O_h$!%jZYJ%wDr7}GI>|l>NdC;b#=Y{mauE2eQG9p_b6+@0F zj{=f2CRBdA6aH7|XhiN`c1DVy4T~}Zra-5P&ilXxvY6K3U~bT@h1v?mMM2h{{PV@3 z`5&f5vTpG&cD@>qqfE4Jw&eb}j zU*g5ZQP6g~nRg(c_#OV!(x$KYn8g6(I&G|%t+nbCue^Myo zmhStUR2MjHb5(Upkk$mM&kuJEk7T>-T27%qLxIM=2cGL_6U3kP;t53}YN8AOjaMm3&Wp&NN96-tD2R}?h8 zS?1GDJ3haE9_7_U{n+fvu2p99*k8>Yu~9 zsCByVgAJLZdhamh<36t{KuBv&#WByEjlY8mLbD0%C6OYVPLDUvXjv*6$~w=+#`2LO&P|X%39M>OTkv1*mC^D3la#MXoBW>)d3_g-@`EJZ0Y;xbz!)9o6>U7ie2vuSO; z9;c6<2{#kXX`vQQch}i(JWAYA|23A=Np5%!y9&DwyD7bX^6+%FEJLwJjOji}s6O7t zUD!u^0)&t0n9)ZFwk>m1Wh z$&PvB9hNRpgdpnZixPfJctVbug}aPr9tooc{`uQ4sUpF`(Jbk6u!-l%cHFf#sp6`? z^^G`2+N=^LK~=LQ`&ythU5&{!9YO&q!=ljEccUZ<(!}(W9JQ_Dx28Dobv4)xE>^>`1S3W6+SqL7D?T54L#^ zAuldo5B)c-=J`-PsE+V*|DDkcmj3Er^wNT3MMmjy-F6(sAV34UbVv$te8X7RvlGRSaJXuAwzRza+!j?-!{o5+cpsV3yAA-1b_P(zVrOlz8_< zY-SWW(H=)Ml+%&d)FYf=GM0!7;%N4l=tPd<5s*UEXyI^lxod$Qzm&VJr=?w^M^C-|nZ#Xl~| zMHj1W3P)8W^QKAgMX3wjBHSSy0w@cRv8!g9q1}B|rZkM3e#Ueu{7zfXgF)H#RgTT1 z_2SRPjtS*c1y!{ z--3kq>ahbYBikDt-cIg?yGUz?)&6iY3jvL0V*^FTd{oF)8PwXDhdyQ4Pa}Pvz&2`{ zs6|FX&6i{4PPa3=q4A!|V3AF7Pu+%X1GME=F-nfll-+v!oyj_6%53l-VVXaD`{$MX zzfb(HwRbd%PmPD1eEAKBwMWdp3O&ins;)#L&^3XcbP3I$3jYBIQzc*o*v~ zEciX$Hc>A+tZg8Vi`qKczMmz;R~ZK zjb!9Nz~*H>PMddTJ1qW*_*gfXjC=OV@0Q`Jb<$&;MP7{i*UFA@ygj#zoX+J|y^r(b zrM4jnQ|g$R76cEeMBS*VOx)N7EGxR0ll{^!*jU8eFWb%^J^WNtd6jg;xlg8sS2h61 zc4iaI7Cxs`uM=7!aYmUmSDtZrE^UX&&oTu5g$rq|NX160;ii?DL7mtcov+Q|i zUB(DiF!^)RXB7xX^_!U!H$-HkiL+Un?oy2Q{`-)`w03E!&u2mMsIXkOv)|>Pe{peM zO?R?a%$Lq3q;$ZAlT<;PNvX?QX-7_A9>NxelH^(6C&SZD?8R5(d3YVsVUm`*aZ-3) zy%tiHznpVXe&(P86If5ahr0s({h$*HWggWER;ob&=hos3?ESX52m zjhq?49Hm$6P<~|OmF*^D`H%nS;fLjeS89Ft!Gv=!^0v2@rcNi`@J!m@qO}YHQagqZ z_Pe|vBs%n?6^bff%f%yPWvt$zS6jTrtHfVVzN+ynfyQ(9e8fzCQuILixGt+>g4D=j z_SIkd$U4q=;%(@uQFm~{zZ_ZL&R))M&}NqqP0QhgEn5)NR z<>o&xALJ4@S(f+zW?t)0i?9^MlZu3~bA2ujgJ6ShaxK%dXIkxHkXBt+ot9?ul3H2p z8dS|ugw1sOUH*T%=>Knh{ddCsAI#DJ(za45jvA0QR-hD$$GwOy{FyJoUG7HQnphZ< zhRC#khFpT)KGOsj^w}bUzFyN*{P1{15+l4}5QyYauRw#GOib;m1=;ewPV`W=` zES83DD!v@ivaf$IKu!F}X(!nl34^Ia85p%UPfF($Mqqr9Z3ynr;II2oJ&D(||Ug@f%MYaN^y#jnCUDoX^m!19jbOWkmrCB0+9=o+= z<98a$#`3hItSysGjf9ft?LNCujr|dAaN^=e>4u3D-cC<|C+Lk0jfMN@3dwb29s>r1 zNHwN=%CDtDG-K8c`L7Id-T<%sq%hNAQv4$tx|Zjf<>1s-Sfv!`RTMO-vUVaO>^tbN zlIm$|ZES$as%-+P-C(4yl#DhvqIO^(IM456Rp5gW``Wl?l+d|KQ4ViyPZ{#pwe!Pg zjU88Z)S2!MM@ja*2WV2|$x%6nJ%=UkbRnO#?J^FDk)2Q||A4SpcT=#oA;zx=CTWg; zU|~{X9m*yty`_ft){HorO*Y-BCOe~UOZ4Vz!!^SLi=a@QhxABXWS|0*|MB~E!7T*5 zlH0e$e?m*xZORlJJ%UX|I(vgqUOGGY_e6B2>JGWqyCyns$S1})-B8u(y4QH=r0I_M zx|8rpGrWL_i_x@5ru^w5vr8A)T&JWFY7c>+Ee_(omX)`+*8H4kEIO73eOS@6D7i$1 z?dE(wqFxeDU;L{pXmyzOBX)@Syg1gST832ZI@SIvqBlSxXK!Q`Y>F9LO5}RFDx;YM z3l=a}Rx$;W^oJUAbbXibz2O)5IVii_U>_+#u8jA?9sh_ex_A=VE!u9JJ@D-6HR_BU z`|>YNz*`+f8_U}K&&8-a>{T(QE7<75lJY!Bu%BDLOnKo50sRop!#QbXS{`%^YUp77 z5zQ(zqXd^DlEaEkdVPt}gq&{6ih7i(&yhiLMO=e9*o-yqKo`4HH>H(oEQF5tSXrg8 zUl$|u&HcmA59Hj<+?UKg6-_6fd3_ZMh*~p8bok9XDOX^0o~-t9;*!P!3o0W?#KaMV z9Jh`s%d5B(c77Gi(sy2=!R!?E9{N^e@wSL~LX8jqd177Mn*ZZ;s^FVg`13526~_)? zKM9;zxg}k(GY9GSEtM`FpYolHK2M^Gu7*w@a42#2*&iZB3(op_$}zU_dY|6hWDj#h zmWk-6c}E-M!y2gyx8Dvp#NzV30&3?_we_zWU2lRN7=1zwlyGi^XF8NWa|Diz_29ha znYd#?+KExtuF^R`X#{}}$cT>RR3~u|+gOqZHK)P+4Psepyb|LF~PWF~{Q5@rTPkVQK!_V~| zHSOsVGZUulZZ;e1F=F3uZEtACc`eQd@~6=>)`j}Ai{o4>Cw1GzWc{w|;^02kuSx!? zhO=4$UPg6k8hdH$KsM ztgl$4x67*(Lo+GqJ%LVgNpneyDLl$6#>51Tyf#F7bg<^9MuD?z_l2}s>xMV4Sut-l zbysmCBoQUSv5x4%B+BFkGK&PRf^W5JD^G!V_11b4KGK%nxT+_7pI}gUi=>l}4qPHP z1?kV!PDTH=1A1eLz&NXu{6gwR&b(?0XCqTtaKHZ3gfRIf?Z+c|L`^8vNmw993|PA@ z49MpwL(aq8g^=ai9=!~PNw66IHQ}31W4#kwOhHokm-b*FfO2&Nw#&I(+7pyiTh->n z9+KtA`PN#p`p(JiJT_&a^P{gYf;!=`b@!GleAR;w`hD zUe^i-0z0^?vY5}q5sM*^`s$_DuQL`HgyQ?7fDksF31G7NDADsXgH&8M@imks80aUI z*A+zSZ=~lD=K@tfkSZKxlx@pAV($!T>Cf%{ba1ItN@*Rvy7|JoR4rJsuf!tYCjxd?(=UC+i{ngAl#9~VAHKC*T#)y-t^^UN4T`rBn zWy}FBj+8N?|3Tt&pCSm->HUDMy)w@&t*5!-6?b*6$0wdWN|JWBdn(opIfbcGhJ}xv zBhg6&GOeRv{Et62U1ovZb^daX8jFqelPnrm4F&q~hI$*TW{n)WXaKg}`Q=hMtafJo zJO>Sd(yHbB+|)^DhG6e9&8v8s;;%3)un(Ak3xe&4+Hpm7eB-bmB&&2dtQ-_!ub1NcS1v<^T0%HqDrYv1%rjt7EH}e|hGHx3V z^LN{ghGjgDoa^g;gtxyTlWZ+z?sd0Q{trq{0Rzuu3+yC14h7VPxaAtPkwZ8we#ze` z<=feOGHcM|YQVT9!7H+zx$ce6!-U~V;KB+WobmoV3l~;hXR0Wb&WDY$@rE5;_Cf-) zg)VF@%D=84)`73Nj9yO=!R5&$qCoD}6PbT@f`9+9c>H(IovXbPMz+@CQae2Hdf;wP zb0nD@oO~%kNi815&jHPAfWc$vxmGhxy;D501^ByeHrW9R0x-)}hqWqGHg?O`?@Of6 zVYR19yasBhCwdz45o5`PdLBCvZ|%Gx&G9;w^*pz6nA6BMxK2$ogY;rTB`;g!jaEy;C_{Z1;~^+Z z4>UYGPGmPD0<-Df{@un<(D1-^X-xl6vR-_SS*$|lr!Z`<81)KnUjJh8u%D~>o9wxt z^yi_jfmhG=skL=_IKGPCmbc)1XkF`Rei|(*P|1#Oc&z@ik&~nz8t-GOS3iQU`k>6( zxh@3Zy>tK+$C~RKGSQmeJl9lQ0@CcK`ZeB)NBds1WaiZD#?OJ7PB zdmo_Qe##?DFRfo~TsE__6IhwrsD`PmyzXj+&~?*79z1LPnZYKM$p$bB%l0Y+#SKAc_YUD}<4NpwWkUj0UfQLtu zkCw#fKZp>N%ZLly!;gn+{S$#l58yjuw|&PR?0RkLI~FFVnM&Nrvb^n)7J`{ye-1kH z^AW{%3Cmpxz3u&jS1q&PCspxcCIg)I^b+*ZC;QTu=r~s+%bCVQoX|G0b;Qu_Lm5|= z(XtmH`l`cIfUXnRIebR4OX@T&?qxOIZO)fA*Ii~f%6*w%#aJTfhD*7T2_WO!7=ru+ zR4mzuh0dLskY{`FiTCIJq87kB*@$QhB~blm_|;wt ztMO&$ruJ!aasPh9mW`|Mk>b3%MMH$4SV7rK7J}k7pzTzY#VN5lzBV3SOW69P8Jih{=0Hamz zRS1D}w9e%^I4jW7-l0APDQ3N}u3t3r;XS`?Jmu0W=ADxcgQiD43m`Crnx)@=Npip{ zfYUfXio~-Q-Kg3DB8|fV^-LUNS z&bf#`94=kJTC>NX{YE$yw8EJ31o-9~_od9K+5z6b?t@ar`%c83sqfLM{1O~Tc>>+_ zU-V1JBgm=OGqNr*AGy(_NzZir?0#EEaYag*k&4cjf9Wgj)LDbb#-_+&$3e8i%Zd-0 zJ)Uc#7Y5JWI9%CinBPU^<@+S3V7V_f>)&!#RGf}p~Z*zgY)1!Z5Ce}iO6 zl}duab!Z53xPD8$*+0lqnWv3rLRBYoUa4~jF`3)DG@)gm|6wvdJM>d>qLtbpfVgUQ zzuA5R)LYA({nY3;$oqFm!FaRcU15h)s9&LeS_f6(a0f8+vFieT!U!Wb$OttIe??{uNtam`0b#=Mz9aXs7pjkH%OS2 z1nwjzq!`fvg)dyeI~nP40f>7CDHVcNgG19dps#fKIjjgqMHjs(-|y|W7@j9NmA~)G zTApS!cig!tr06hrMf606UZhCtsxfgHozxztbA1mRpxcE@k!k-$+`QbFEH$2td^?=o@wAF7dQ&>b8@+@(p zHtXN49a1rO{fljK95{O1>dR63S{ouPP-eS*pY`9YlWh33 z`d(9zIYHN)`R<2Z0l@kd-rcao-qlslp9-US=?N(2xjSjIzw~tac3t3xezY#HMwCiG zW_tyz$uBSe#zu9G46oeK3`~nCeby;-zP2`Hwt#zStzymm-?)44uqKywT^ze8sDPrO z3M6!pUImtvKteO26A*z=0tBRlDxe}rFG(n&N(mjLcTnja3B9`L9Rxw7>B;)e`Ob2E zWncT+*E#2R{q{e}BzZG4&olGR%=?u4?(dA=yc<1b``{X$NJHaoEgZ3XNk51bKq}Ik z;bA|aA`i(W6Whdc;vJdln@oibF1&9Ck-|<-!Z>M>l|lrikX7AS?hx6e*UzW;EFlq#`laN+=29qW z9ywh&?L1r+p9+9sWd?FXcxJ%X%F5PH zslHHh;RI2HGj&z5(D`neW1JVBVUC5EZTlLzlk>gD+)HEL)ojmaLx@ zj&E$}(R0Rr8goh8q2F-iwVyFnZFtRQ>QklcbBpn^P0_K{E2B6$XKeP9-{!p%)AJ&? zA_|DVi-Z99Jh49UekfqvnYGHO_+Gcv%K`6FrW@tj_Ds{EJ%VmIhKc^KXWS%Z#I{Y5 zj@{5Omu34(P@}oG&#SdIi(tp}Mn#U=e=7Q3^r7Av)bpyuk$hUi9cC z8G=6Hk;D-H+vp&YsWP5Sd_g|AE&rj+bEhI88lo~-br|VKb4E6`2kMADTgcH{7ZumD z+~w7K@3>1dz4HE)O?q9@iancrus<%8{)yJ4r8R<4UARR*pk*dosJPe)&<6G%Mh4NLSr^FPKig)eK($7 z-Dj^LR%JMgyY5p(YB#i}h!?6$rhtA*IV+A1bG{TdiJE=)`=$+%GdJgSE%QGzEi1i#bMw*`&yZI1>k@t#vzFl{)Bc3 ztMYqvCPSl&1R`47gE`i1n%a)E98%XaVY_6*Lv;I*wV1`x*AX+AT{zphZWdi(-A#!AUNA(Di0zef^g(&bgl%UM+WQm#Pf*>hK8p#Br(4+j|`4YHub9oI3a`tpI?{5LYluQXVtdv5E! z>q9lqx+6$yy!6Z8cPm@vX+B#5wm9F8RZm>t3)dTEBL1%VnzJu+eSK$+K-j7~(Rf&L zaPRXl<_%?6#V%^yWP_V1n0fSsTUqiRN}g7-FV_8#SW-lB;ZtT)Mppr#u6_G0!T=&@ zZS@iRX2PvetmrZd=DWc1J@Lu2En=0s6H-@q@7c-PwH24ocM_H~;tfu@LITuX{JyR_ z%cYpAR6Sg)iT-%Jy4Tz)S4#3pauSAJzFtVQqB=s8?3afxkMpbDRsmy1tzBjhCDfAe=PmJoA%LK$Us zly&4r`;L1kM)tCR!-?*rcRKwd@F#v^mP!t^iSjo3YETbt;dl{^)tJfw4NmKV50*$; z1M4^Oj5)i!<_5fq_twUkB`%M-@GMr=^<}t?LO_6=+;7WN{#vViVkhivo8mo?&*jxa zm*zA&?b#F=c)D@YL(e)phl8ky;uF0^q>S-z9CDFW)a>Fcx=Z$#6F)8BLKPi|aJ$=B zy>h|kRmz;a6wy~bi!1CS($z9n`;>ypxKQBBI)!$}v~jDOqZD(UsZkd5sWxbK<1NJ_0=P->xJNl5xsU^is+BzQqE|JN9m?L?dlore5NOIi;nBkO2}iMq)(Z5&2L7 zIoPUx?U1U;AiG`~bW(r!^eMG#=sTs<^pi^*d)IPb>vKY$l%8H&6 z&NNZQkTI|<9>)@L&n(#dDE^wcbia-|FVQK|qLvw~lq)r2^3C=1({z}`1Q~0ek3BVO zJFpN>PCJTQ8b|W5{Mzmn&M|5oC)t70hgZ~{Wo>1AZ``i^TI?#hKJ8z}!K=!LX0KDc z9?LB<00J9azqVV}ORrH_|LUT;Qz(;T(55zoGXuox*}J^4hSC;?(T(iz)S zMIwSsvY+QvSSk!|GgR73jPR$yMA4jy+otq+g^m-hZy{yb?)x?|3PxjWBxGeUEGv2aPeld9rY|9MwLWss11@ zfXp|emX-VMLSFIrS0ocxU|Q((B8j87P^lY#7$Qo}G6saZm_*H>Y!~vOhS20~muIs} z0!LRifMZ*r)&e5JYzZ1c&#ZC11D|-Lm1wT%IT1bwsv0J9J8@{U(d5?aDw|r|@97)k zkRHlMTMv$wgirdmg^kgcDfx|HOTx4AMa;M3!eW+O=~h69s?;a1!;iu=!NTUawz$Ft zgMBDtPLze`sprUqbGMa>9%@Frp|YmO+LX^`wz|7m?=DYn&wDb{ov`zqOp{pgJBll*2gskwMgzCg8jZ9pzyj&i}UK52vYFX%R@XkEK zu_&*0MhzD8=lhPFSI-v#;)je)m5>u4AR5?jYMBk`6!P?T#T3tbhQ-LS9baYf?8#c-+#3N-9<6>68TUU7HYMU7GH} z2!pC-z$cC-odP|UWUPjEU6jTKXJkbW+Kb;juoJ7Tw`p1zc4T?DIGEW~aL=i})W4l# z>|gp9<~F`;S(-VfsFmlZusBFdF9j5;MXsBmhM7F4czDTp(@{el3}>TxYmo$J^*BDb zIP2ZEYaJBrP{6E->MOWrJ!8LLRJO6#k=J0;)K+iGiQ2h3`=GK+a2{XbL_2Vi*1FpO zazl28Vd7Pbowq~z1g|(9KN}QC<5g{bi_Y@wpWUm}m)CPE$vt?yZpD;$lOacz z?b%`(kxk8!mo~r|C9g-wiZW-bD9f|CS<$-YnK##un*QCz?ZA~^oU%fimQe)A{2U9c zYD%$-xSxcnWRRwRWo+V67=9x(w*3ho?RtOXDR}Eve!08QAt=Aei)XR^NuFACi)jxz z#8QBhWLe%{NtRCB7IptBp@ z92Ps$FiA@a53$CHunp)PX+@Q$#AY>t+(2%dvwbiH)RVRh!sb zB@m3yns?q75Zi7Sm>L_IVAeSxs04}A(n&29PQ-E1xgs{(?YJ~5u-6Iw$^rt8SYtA* z{|f{0w+Y*+R^RU^+^Ks2EJ~k$%t!3(H5VgF!iSMEIiy%twt{q{bRO~e=LiBO>atRt zMU;^tm^hyXzR41wF#TEjGE4dUs7CRSPDsT9iI1cWavmjPk8*KQ=Y$}M0+;bI=e(=t z4=>vQRaB@9xb(W)-dYL0GmEeo@#*bONLWQ{Ra285ZDtVw+s{`9^SDJ|*+D4|qyte? zHX{U@yiE2t$&drVQ0gO#YkgdrYJ!0RbT_^V^y?lHOVdO==Cc`wf(;$zg3H_JUvx=% z%2^A@>mgpgvK{1r-nX^=7tu(m{+)taCTW> zR7X_YBi+O<_dc;C)nrJW8jQ!8U@WcepZ^eSRZAgLt%b?d!kBgqeo4yH?kYxy+-y(L z6RcBpZ2~)}DZwYvjzV)Flc@U1P7dD`@hdBET5JCPi--j^VbAwMO(1&A4I;W=tQVWD9X5@~93gli|Uw**CgG zn%JXZZj-u_E-Wt?Gpb(2=Nkk>DS1O_4`l7IU?cH3KT!MPs$< zukL?3u)eW9BleYJ=D{=>-#z0iuLh7%l~V0Ct>5X`OU}BaL}h`lKB9%=<64zXUn^6z zTZ|V=zy74uRw`pVg3;UBcb@N1<-LX2w)VTj-P;F+ZU2o~u(wxxpYHFRe}74H|Cit& z=OjlO4%rG^Zls_RExHC=bh&>&RHSa_HP7mLVAKuq9~AFZ#yf&H@|BQCa3#lse3^Je zwl39x`}NUk`mz`!6?K3zT)?IVj4qiyg9u=WMJ+oB^mXI<;e>s+G)>T)#w4=VD#-&- zrMn0EJnt+j|ceL^6hY!BY}lY0mkRo;~=ZiU8-f7_Ydg zN0_3v+^(ySFnLg@dSR!XH{Y8l!=n=`wF_6l_DM})d_kmQfaFX+F)08QsTQdrRXFmtvMQdkv1PXFC_*1G8K_&$tm zcQWlXnV^=uM0-Cb8N{6_rNRrd@!e50b{2Gap?VahykzW^V2+ITB6honYULIWQz!2r7xZdRzxZO&^9th)?cyc zh+!teL`?|Pz38SCEwRc*c2U{=P<8_~t5MVKf}CVEyNlnYim%U$Ly!hJA@B7_xAU&L zCt|!h6Hdb16;qwt>mxs2oS&8(`SjJ5kUM-u@5Q1fpt~GnZET8dOf=I<%HMT~cY13y zE+@#OY9T#vdpy*BH3P?L2sh;HYL=T8e_%zwk_DK3^deJNufWJ1mZ(Qd0z4b84GTdUB9Hp^B5`d zMAE2GW7LY#dQPBPH;=|p-mlmX*C0@1mHnUB(s4`tCz=F@)4xuc!Atao`DaZ%i4Z!tr< zbNF32z^0r#Rx(z5()hP1 zmub(FV(`B(d)|ceQ_79VjUNOY}JZR8QJ6!&bJGY2E^SXUsk( zhJO6)wgFl|<~VqSUPONZC3<%98h_U)F*vxl8$Pg_fL07kUaT)nmNF zatc-Xcc^uuM%?m&?CpHXjbn!E4b+{Aw91+5N=0QWW}F>`hGQIXHn=n2+hRH+sJYwC zM}!9C6Ge0zU8N4m-`Fdycm{TUp5_M$t=>gX-_%CiWWXm25_* z`U>(Oo0}q{5Ta^KmvEuKP)1U?m0L;CI=`_5s5!CuiPb*qj&2}L%s~umArj14M+mk` zh*WE|C&?_NIcipoYDc6aUoS=@1VS_koA?1M*?m5_kk)v`a$q9;$d&88yM2$^?_1wX zd8tuY>XZ^Mt$7_1lc+xx45LkQz6N5mh0$WO@;H@|NQy+y=@B_P1I<^mvI@<&il#fb zdO#+_WhxV9fB04S9(j^ufcV3D-Lq`o$xeEG-uN2Y}y;}^%jcib8&$z$?DcLc_N0NuHiR3NXL4lajpe1>fuaP@w& zMrt<99o%_-?#P&So-7j&FBvXFptFZW$0*O_*4MQ&Yd+}kjE``Ajk%=Nnzu;%!FMO2 z&qrdo&Epd-_glFX=hdg5L(G|<6_uuF7OS2y2l%le$WaheBJu3TIYChg(hk0IQ1@^tTpe-^da07U9JN7OtzF4Ujp9 zbKE~Ewo8HU{Fn2_&m2qmo`Rm$#E>f^--J9aWHn-TucsJUGY-}{BMwrJ-MAd%@k)Z{^1V%KlSlfKqwgRC+*^OgQ`pK zmWBQdp}H_yT2x#ew1la+I%FYRt=1ZZU9cbT>~YHtkFsP}Xi^qx0#9PT1w{JbJHCV4 zDX3jLr?i?rIS;rb{NWB{M2$_}klxl|onyR5AwIx?mN|LUA=hnr%C?BkF|(Cgsnzg* z?eLUh>|sR3#?}?4L!PKFZ(^!aeBUmlE(!mjDSdIlWKUw~T?LctbT-+m`X974{(<5i zrHuc}KI~>!g64&trb?NO;?XiyIl0AcmvN63R9}urke3poy<$2;S%KSx< z!EuN-eYu-@!nVf#1h}=EksQ^iU52h|(YfXXCC@7zdi7Yw9srRV-^UB3Llq-YQ$+E{tpUL9VC1 z>^zG_qGxfj>tlQK^zKzG4NWbrjJSM;B$@NLi`NK?S3}E6q?z|~E!11rU2A~kjTRxx z*QTxNwe!BGvDCL+oM3CV?Lrs5;c&nTggC{xrncIhpZg^I!-{n~+KtMepn8%et@qH% z&O&&AS)|6V*!pI8XX2}jhn>f|I#PCAx3Ugt{Nre17yuj+_*6@sEds3`tiL91Xxgs~ zX~O=Kg1Oga_1j~VPDJzj@DQs0cs72qkmuQz?T-Y&_OL1_q+v5F38RP^q?FbotOA!p!}@x32114BE9jwC8cdIzGrHP;JH}Khbn!BH-^Ja~Ps4@{I{f z>sG+r9uQ4tLU0^1mO=Wa=|`!|UKe%f_X(DWQa##{@RzxfN?nuquVgi^E{S(<@Jj^g zXBdg?%|OxwwLpdG4e?EMVS?S+245dKUotgp;Az zw<=XS*hQ8*GLSBL)ktQJLA?nG*!;~+;kS+>ynmh2KKbc-JBWlk2s7_FE-wafYKpQ| zerhx<)?}f3QJ*9(NUU)edPltd=2LKSQO?GuOOoh!#dF)ih`}1v0|NY&XQ6 zy(I2V9Y3g*oZx^>OX1m9G2iwWtpM?Z$~|Ja9Y*ao;BlsE_XVH+>lOaIdCEGG^e%bG zlsPXXdYNZY_R6Awib0fEQ<=9<@P>GzhmP}OU%nKuF9X%geNpeQeBJSLO8JgVNxc~> zgxfV+URlfI0#*_y$&~G0qPunl){(?&Q7p#Z>DYY=b(cn>lrM|Q~ z%wn3MuIdiEdJl&j)-(jFUStm=fVd$Hcp`|5E}<+E)zoWkf&(pz4MD_f=7%9r^7)%U zAiF3%mCfiQcWwbNj``Y%z#Px7GlOqF7&#>6g{LK98R;v_Q6Uk zbDXd{T&3xVmrbZyO3myVwDnzO$6A)gN;fQvybZC_IHF^*?%ijZjRNPkf@WfFd*`1$ z{a2;G;_VL@lv4jz-}JGpPbMr%BQ32ol;fvM zLS&}UNS-sT{esUaQG@359b~3ZZ@r!Vj@6P&y8pd@yF8LBV-{%ln)_Bc!)q=a*C}0JyDyk6W++LQ zp5A>>OX6jEWxnX4YiVZo+fNF$&qjy!fSu!A%TRxvM&82}%Y8%7(l&*>*;t>irN{i| zsveO}&zH;l>+5azC+@+OQ) z=QxGTL@LXg@quMlHUon(`TSm25Bk+j$hAMGg(5{Ln_xLA83Jly;a%!WBUSEnyf@j#!Uw=fv@NiW=S%YimLFDkb zKVS+)D0KJuWtqBv|4{V4csq9lH*eIYsxdDkEu5?#{=khp{74_4+EL3g1pr{Ex!C4% zz-88Py{C51Eu7c3i}XB3#S7rpx$y!4CI(Zm4h#xZEPr+_zAl2P-P-S04gO`e0HlsD zWPRBS_QLpy?DIU<5}9~IOG4ZUT67P|-7c=ZfmdZlQz|}QpA^qZaqV&*)kBowe6J z$arp>eqj_o*zazGwG~vBw9kIntyXZiTUP0dkgDvX*IATopQV6^C`|Tfe2DV8E>^_o zCamdR1u8+ryj0b#=PN%$rFU0h#t40A;?(74q=y%TM|rNydJ?Y{Q^dS}6qf7%?^`9+ zcn+==sYdb9NZyN5To(Vt9A1W6KX{j-+3?CEc43riw*Df+nu2xC7UcX z8b$Sbo7m%#m*kt5-HwU}lrgGG?;zN{S)bV0yo&U;JW7srh=UUIzr8Ko`@U$H!EE&+ zmPY!aubsqsDn)r#%Q%`yUFe3MO`aQN^Sa8&1$$`NJIf8>aCSvG%t-9w$Zr>oJpe@Q*u4|wib0w5wQdKpol}6Ds&d%s}z}S2Y5e% zd<;?<6?0)P`0WD^CeR(9>mjTfHz6 z{PE@r>Nb?!!Mx?g>M(uXs@z~WY4|O?uLJr_(eIf*3 z-8j-d>?_Frms$BG@eA z0;$RntRj0S^*@{oXccl0)n3<839yJ2yR#N z_({>L_u^b+XX*OGx>p_aUHJIfLw^vu%IL@QJ=LeK}g9BCG#RObhTvjaVX)$K0ZgmFej|Q zsrMj6XBLqSsl8ivD3V|^jKBWdC#%>YjUV+oLf^eK?m3M$RSJp+B8%#?%Uq#iYQejA zVNz4Cvr=bNOS!9|!M#*X(lLWp`{GAnVKhA{dsGJ0OaL?^w9Cq7_@H4G;o->FS|s8& zvs0mHxC=-BT2b#C&czYoDe;tx#5B>kQiNdBiV-1SokwuL_cO$agx&nKtXvY@`kj`5 zqgO|H#S@GKsu3{9SP(fXmH;4c5rBIazREXUDg@k#i_YwQ!&518>P1a#PeH4cMOWm8 zllL4E5s~rM;QbZ(!S{Q8)LxQ?&p*ZBax;tDa%ifu>p~Ygt8YG zw1)Z&TEzwO97qbhcN#5@WudZaE41CUe&@YqPUaz-&x^STmGQ>(85@kjq{{0MVNGRs zP{j}#6L};ZQqZ~1!aa&vEUpAqSIJusBTag1)KUKL6@%Uy6A5eQLodGvN3p+T+&9|N zb#=U8E10pX8PWGx-|sHgF5K7J&c@}p^PLyk=yg$pgrsXqaE?y2VA)r7PEo^LmtKR(*22qEg$)w|)wI5OaP8clQDH%!pi_3@Qa@=5F(aN> z$(VMguEBXf&)R3ZZUw#wBBY^`m^x|?+iD74oL8SoCfhf4?1cYj-xP37{hNJrydj5d z-_$s^UEADI^U+IIMd5JcnY~uyPd!BL4py4QE9n`hntcKI4(yR}qYmDfYzjYSDM~T5 zn!d7LY@aa@$ivLIOB9JW#wdJ*-v&b;7RXOJ1oJHeeHrf>hgH2j}= z|BD^;a_hFZlE#i`=nmhqO^ix)_wux2X?}Tz`b||Y0a~9432GVK&P^BiRfkj!hWJCC zb+fvf0TP*`jM4yinRwRi9lu>Hx?kcYWM?*=ljpa-prB5E$OS$5<>HTvAM^ZOQi&%8 z;b;8hY{b}KFTV0?Eq`G2{(3RXFSY#ttjP#2xLfg!Oj(GDM4c2nYXPH1Vs7D1=JCKW;BAV^7J8NpmoSxtjv2+5u=k=sp~Xt%Agz05+|P7mk^^4{Z2`!}Go|nZ`-prG4iWV&|?K+{K|AQl_4P zj?1dcL|=~kl!di?dlVkq8Rgm)0ROQhr+#PvI5vEkApT%mXZStFIgR*&wbv(TM!vnA z|ABNM=UfjHBLFOL?g8XcIlBx^=g>|%H#=fgF%_zBlBL2%TG|P7;=I|?&iZnhyXWmJ zlK$#DjeVHjKy>#UjMH^StSnRwC77mG_TXL3S~{qEBApYZ(DCcM`-`?EnRG7ZwrrJ! zC3cB2`v_F=5%PRdaD->3C~IsPRIQ6C=93Ti@bmWK#wzx)EL$)gmu~R^Mr$H_`#7L| zKMuzx*Bw;7lcr>ynlp?=UoID&p_V{kFbk)@$QSUd;O91a=AzCMBI?8Ho%~==J{k=z z35WpJuGN-{s%QDq&nOse7u6~ZGseAL>yyZ|xYjDbHU2@}2^@c;xp7!hkScc@Gzt_W z64h3ef}vIL+X3TU5V%I?ff*;Y`U(Ev!HkK`+S9$K!|!Xg;b$Z5esL6@Uz!+q9V9uz z;!_d$ndx$KE8G1Zi1270+y)%kvhgg@oRWPhJOIiF1aaE2vupF}tlho-eZ%uW@GdLN zHK>#vd0UC&jxb_A;U0*UB_nA5Ih=nLx7KPL1h!FN zD5<~+=Lp-so@wFUfWjBn%$Fg8uE0Z8z74rB{2}mQtCl6eym>Ym0jrFh&}{I#Zrg>> zu>n;i1veOv@#9erQH^B2ysgr#s^yg}mX&`yph5@9yq3a6jE#-MCZE~M(7JDC^tC@i z5_yS&%HXb=U1KyQNGhu!hEklXa3BqnIuLBD&k-mWq@ZW%xL)FY!Z0}>{T0e(oVZ}` zHoN3diwBduG#_Ru+tjiKeEL$?e>-4$WDd<=rq5r*{J+&C zYl{fGD4B7*qScafo|UhK+r|oDKy4ggpkqAP$ZL|6Y))PAYJIwQt6rlwIJmC2H@I4q zoet5^V=l<)t%HVR^449EUo;;^JPzAMe%ti0ojh!?dQ$j+Q=CV z$hKQ=ZoRQKtOw@44eLDAX$@1S5(UI9fUT&-ND%6(*I4-L7zbr#Q*s>1xv0}P zajUcU^6w)fB?-F;j|iJ&APKy$y>WOS)Hr;Y$O9D>6%~&Ev%BXC*7bc6*`CPLx^})H z1E%O+-tWt%a^Yk8n(e_|toD(0SrTcN*QdX+i&EIuRcs{Y#4FByD^JnWE(vp3SF$!K z8vaTUH_qGw^%>LS9?WlcZi?UUZyM4RA_1%_s-{rDbV>m%J|0Fx<9=(<&GlSavvbb! zlFMXT0+JN#iq%pjxY&n4=mgT7errKF%BuW8;|YiDnR5RaOY&!z|C6OF5r-4uJy>Kz zP$G)6n#nkX9Q{%)Dk`7B{@`lLvdoOSy8HIc*E*X0t`bMyP$-7OmK;^$;ucE~rM@&( z9=diLv5&6tRl3z5j${a7EAV4`u<)d8vTIc6xY&L7`?_F%a%_1VbaNwGd2|sRcgy$b zh2ug0ToKcpxgFLBzae`a?WIxcs?zWIg0q2;iJm*|2dc+$i^!ZQ`SiG!eZ|C#-Q*RS zIzsX?+SScKVpSVRD?j`wG%dG9JHU;L2=jIBxLF7@G!HJ6q~{YT>)|Hb2FT=-Gf?B=_&jimQI3RgVbZ8s#RdeSYIzHfZ?X=gq3eXRLL8J=cwAC~A!6J;x2pQw zU<*Jl+Dcg&>z@>75M&N(I2mPAFK0+XMEyfT-UfwFO>z02naa?XaVEd$1AJ4^HD-Te zVS^FE1PP` zTdPqReRwJqet2ux8@QODx#^>Jd4Ak@3dH8{Fkr%=VX`x>Cr_RzQ9(q>XR-sn{3qwl zKV4?A_dJcv<8VUtj=wfUM_adYXdhR{Cw8*ds$IXstIeL901A>Og&(DeZ>gOwxO3ZwiEE~{TyT{d{x?%(XY&4j+x_uknAL@3XvWZ zx{5@Oj6=|>)n5(!p!6Rv0r+MA#pkN1z<3*s<&nyxv}{M-D#+cR6a)a-K~g}e_0B(L z-8$4b9>!uOQ`@p1eL$TUc5Gsmaf;;qKpx}s4^q-)SW{~Yzrf?3ZALh>4FD8nGMbd* zGNxlZDKDy7JR(=Mnk=8Y()iYsv-yn`_3_5N@a_;EqR`1r33c@7Fc_+c^@T!W2mn@C z%!`NZ5My@{5J=^)vr{pe@LYJ2DJb(vq$y-a@+ZZnh<(B4K>@RIT?0+ryRUr5kqF3g z|IovfSymSaoHc}ABxg>-C3#u*I4d{g89q~P_*4{r%jcjdP^hVrE=Vu0Bz?Tauc?_s zB%>Rp(bUq1C9|i|V576r;8>*fA6d~)Z%W!;jn!<8WZq-gyv~XLI_ZP~-Ey`MxxvsM z3Ll8ABWUrxONS9S`MTvZCj!$XmF=ruT-aMc*G(p3D2?gCWE&0{!~+HJR9&T@IWktk zt|jN}e1D!sOJ!iHOQ_Mrg=&h8uo_3QcjEIqvbq0QjU{Jl%E zZx(fhV+Gf-XKE4bbd((8ouIFb+U@Kd@~bF&`ym*B0UE^CVD~g3$fiY*sMVFrJ`f*e zeprQp>*LhFWMwoifGXxS@DZK0y2?HRoG2I%C-SLdllJk=^@*20i*JrU?D>E4*YCal z8K^Ky`4!SQXg$cN>wMLyn1uupSUSK*@OIN)uhfs80CzvS>yXejmD}e~rED+L$gH2Z zct9gU)oMdo{a22Ufab%kEcmwDv%GMBh zQ~NSh?U;u@cY4R<5n=0h5pj?*3LgC9s=XslV-T%e{t<|*sJ-nO>2zZ@72#r`73ph> zxu%GRhzbq^wsF%@CH_P+K+T)UB83C`_syV&-@f>#KZnfk3P=3bhPz#`bi2m=_Tn@o zW@Nkq)UU*$*z-poxg2@YLp5Ifq>#Szjc(nhy)r-XRJvqFX?Ice*%T%ojzk&XPKn_C z!?z^Y+3DN*yV5tMFAOa&Hi3_y(lXk7%S)bbyRs}FVWY|=J=N47=-9;9-+j0>Z&E|olC6h zRm_QOvHD4YxynvqahkTzI#PcAualZJZScKD5w~zb1ufNP` z8tIk|KD(Oq;j0Ij-SmpWD>OzKvJf=qyW1|bpOG>2Cp4JjR*HB3v@iaD^MyFI+6a@S z2A@TD{dR2}ebgbdikz#QTwozipetcBCSEuOlLtn=21bz45y2TPD|J;E$))T%AHz}2 zw5~`3Wzm`@jXg(UFHW#+G3HQ~5nHQMTDO)(X45H)kVi|B(imJ>dtDhvmb^xArngTf zsBp+3#8(d>r-w+`9o`L2lC_-(NGj*R#7Ab{w5riR0{hB|tl{al7K?M|@|Yw&l%#OX}B*d?vH;NDZA%^Gp@ z$Ki)cs2RumQM05o@uDH#D{sZ6HxOY)>gA2KSS$~H`7}EhtE*#HTo?4#ghx@;Yc{!c zH48D^`A)krSr|qbhFqy-r`3s+>H8zosZV261@@DIoa$sv+$5(uA%c{_uQUFV+;epX z5LdB2Rr@Mst)xgY?#!26-AdHPPdS^|cQAA-qO&N?23o6n(t59F!y4h<>Rlx8VN*6< zq(5#`4Gt?U&cA?6-6|hHZh9M-6|Fj)Gh@y*oH^y*>I{9zc(0&kHvtl2pna#t*_dOx z>#9KTFq!`CTb}A@rl{z2?+3uMf2-I3#1H4fy2`?xs50YmR@Egu`A;*ma1yR-R&lsB za*7-KesBZVu%d-mRl)jvR|H?a>-Dy2j^!Sgt5;^qbVf?YMr%v=a_d=RJ5`2}Jza7i z7_E28n}~PVKpJ>3PuHPRMSAsep2A?8iQwYj+KH?!y)bm&P#@i^tM1Fq{KjS zJ!Fkz8oL>Y!6B`!<6^o=3ZAdyAJ6=D&qV2Z>z8X1&V>(H0yGV~@f97xT@tYZrgqL? zQ+wm6B6V0I-iJU)Gwl1DZYVkPeo`FV%$K4s&{S*?4qsS8m}3g3;}l8=I*Yt)>%eurN@S585yu#qC< zdZQrNX;o$WOw=>S`J6I=LYq4*_Mi=RC9SNwFc)^YFz31#Tt-ddW1pWqkZX2aH23NN z2Sx5RX4McPIC{%vM8cC2#$MEZbG~#?%_v_Q@pjbb+VxydiQ2)A)}0(FhcRQJ^^}ZS z{S#nj7wqnD$L~YmcQ2pdtaoV&_1YEgcjUTsLuzJW>enW-+cGUo0EM7sR)-UK1$PAR zA3l%ha}2vhd3D@299qdq$#a@%qBV`L`|a&UgB$vg)fyrDH11$*<8hTz7dz*G--k-B zo5T5Ih0f|)giftP@z-}Jb-gM{64T?c%*|Z)+}^*ch}kM7Kh{}a?*9+w+xZJQZpXEG z2L@i24T?**gZb;Z^CHa7C&p@kBhGI-aNdfQqjcmx=I-0JGa{s})V!xOpqBU0|1l2u z{4M_z#UAH~Qyos~@J7JumtV`B2deNe9YL`Tt^MxElUClu4G4~Z&x6n3QJRN3{i?F$ zQPs9MfsorUh`AEE4Qf;>@qc~yM;OJ!kV?dMR=-@!+vA6SDSJ2ztTP9k-hWSyC)%Dz z49i~m{>Xo|n9lmr3}Bz8d9q|9!3R-Y&ma!!I4H%uWS(qYBd(HS<4XIGwkduME!pQeIFWmIqeKs$05E zWGAleOX6`lFq&LAGj_*d$5_*-z{#W&w??4$IJY4CU>HR-B8SH*19}YjU}({?`I?Gc!Y(T$=vwEDF0bd*F(9=s7(Yo)qs8>%@-MKgkn~dbTPb zb@P`p%eSO;EgPIQLE=iv?<0l>adM^x)~X2adWkeUd)zIoxS;6eK;RtrH+C3+zplrU zZO3l*?abPi9$(F}Fzs>w@wPb7uxvB-9M*ZUCc`*I{Q-c+%?I7-+nB`>k$L48QGXSC zZlONJ>G3A(+@+rs87&A9AGgeo z`8{X*JfkB6oVRE{Mq|IErYr0lf>IwfxC%{l+#oEc&r8&RRogf-m`#VRloJwS_e)I? zykFJ0j9W_t3DNFo?(4l zx!Wx2uPW3&@UbVkOaCXuj~=$~PLDlK@ zJCRS`o4o6xm>ai!VZ$a)?G_Nn?pVc>p5!JoArit1PvnKA8CS!A!T*D~_YP}vY5PTS z=~59vK>_K~Yd}J;F1iU#LX*&z^iZXDa7phFAfY3K&;!y!2c?(Ldl95}klu0U{mysx z;=R82{jRgm+55TQ$3;DO9rMR2ZhN`eC>W6D zG)46!^F{w=!e?}M<;2c~v(UPc{%ke10K}$3;O5_qr*NZozh*AADPmK0i=CnlpuWYC3^2M0st>qLWtaPgrw>uPaOJzKvn^pD-`4gY1!FNqT zaC^nxE?<@MFRE6iOk}?RLhvw}`Rd!oH@)=tg`OCXH|bW|Jd*VfjNAqPBKTR(cOHQv zREGl+mYy^WSl&`8|D;}uSF;@n)Q;?|#>uj!vmuAw99LD|{y1-XiL*rM^1=U{?JXJ! zo>^2KHvE>S|L#G-7Vd4@K9+0)Ly?aJ-5@rOYgMGnjD&oI`I{$9q^TKF4xIMk$xu9` z!jyavE-0nPOTe(sEA#ed^sk(L+a1HFRuKMI_|1W|nolk{4ytlR_R!JHEc=@lq^^&Tik9eDv z>x@N>4|f}zUlb9lKWl~zQ&IS4uoy2PE-w_wHlGK)Ubkw0_kUHVR>W)!S5Z>K3X^xV zmyet@?V|Jxn*5&?r-H+(iKPndK#*xyn$sQeMX%awKHh{)8n2iLx`dQt?KvHgQ{hd4 z^{Sz3s)P$}?{e9_Ti<3|Uro4tQ-iom$yH6Tk*k-q^oTUm>&v8dy?AMK)P?mZ$AyG^ zPTlB{v^h0)c7jd~sfQhUO8z*WCJV>G!*83NE0nHU?Ao480w%PR#v9mK<^6~Q2Z)+# zhgCk^kKH6MPJNV0p8CRG8PMR15(gl(6XT)ib#;!jP3Sk5 zaOul4(eu^22NFWp4HB^W=v+_=Mf|+WcrLcDMb^aaOO(=nb|>~K?d-Rl`6Tr@#*QRD zVs|kkR_A=Ed10*uXPjD}Q;>48^@**Q^7ArJVezL+q-nBA#`3)|_7thE-sCs#xaeL7 z9Q)o=#D~7M_k2GGfH%YMKC+7{N`)F5G2iX0AU0|_j8>@8aud7$G{Rr$nfJL{IdHb4 zfxWvT6i}y#H%%)Z)DK>uH%puA`NpGWM81BxR?0RKNqyT{^)c`1#nUyQPH≫Gx>f zZaeY#E#*+WM|z6BNpJaAM8dNi8A#p->wXQtvl3*q+BU;q;H?Ab>t4GXUMGJ~D&!4RwIRkjSA# zWiNY;a9oN$>*hIMgiz7yF2YM6dHM0?M`@-Z@a5g<-SB&#wA5B z3srI)#o~3V!4?hOON`(6xNl^joP1D zoEeB{w%*P^?TA}=MLH0W%0RXZ;2t+DmOHknVC|SEOjBg z7r!O`-p(HA;PHc!yc_ zN*$N<-;E9h<6I($zLnXiG#zSIy?eu(Yci@b0W+I3)7 zn?_r!iaej2*>x5+EQ41lg7^s-vny8MjZB7Mz!aD`@_HWU9MF>`6THadm5M9wWG6VS)dEi*(_ zPtr&|lC!AExilfnh_0><%fAU9s+`%Zs!W=!vra)0tDYCX$Bu8TaRUx4SxQSV3q%u+ zZOh}P)kZMhC@&VbOkyVt%SOPqzTuR(c!v2~MQv3yEN(RA_;fAjjeMdLR3b*L1?^a>saTgu`D1Hdk^hw1FPA z-~St6m0Rb8|D#0@bWhZM?vdQ48PX+eo}p_y8DyGFzd+G)5)XoFA&H7_Hrs+;g^0fG zLj3`^GqBiH<9~p}$cGH0;1#@cMr(2ft3Ns0yv!6I04*{re90ucV?RjU)xtwoTg8YE z9}NwYQpItqFh-3u+ka8iqx2KHE$}=(VXDd~Y;24K>_x-%y09rb zb}Lj@aSC8Lhs4KecJ`GW<(*JeDz|@^?>SzaW*0OtV${?I*d5bOvDWu98n?(13Q~DN zl&il!7)yJgR^}_5XQ(Db+V81OTSRz}F0wiW)^I;yX(~C#!wW(qFG9mOS#rWyEB+gq zb}ozk&c?3rK7JV+S7dFC5(Cn(-i0{WX+Yrq=HE8$CdIdul{N-kBx;9`K5rE4yCUHZQSf=CN>qel*9`y@a^r z>xI3Ct8UPg@teO_sFBC0F2%T5}ejRYZ^Rg(blF6gC2X@<;ZWJEbx$2X7Yv>7AzIV zO>U2%tjte+7{WrhyL{&u>l*m4I@7Zi_UN_>7;F{ zT@DKt3`vM1dlQk54_Ub*+EFP^8S$YaO1q1Gz-f}#<>!jppDCqiiQ!~5Xm}b55 z11V$3k*E%I)ak^U}gI>w35m7wgQ?^cRK3r3p%EL zZXrL@&)}uKzcs1*6&t`*KK|Gbg8l zmpYN5x)BgK3T^vv7FH8vmGe$RV0PV@D-4O71>r$9fc}GWu+c(ub7C5JLCFsD*P4iT z8nD42>BKG;YP49tnfwS$&!O5lz`s$q|D5dFzx{qWj**}mnDNTSpB1#rYc?3`X&Yb@A1oNbzgdfZw%htv}@Fh1F) zti0H$@LOSO+tx##-V&4VNp6H-^VSVSi5mk;G7_kzG;XLgvGFKFe3-4w<`Gofs$blW z#-3tbkW=cw?e(2q@7S#k(CmyNMmvnh(X^R8CWg7cgrlYB1l{3Wxnm%$_+Jr$4h!w^s|W; zQ}Ullzmrd0kH)Jr2iwd}%jDqcS*tau=&ua}xQnUD)7Jg+%G}Yr234wNHeQcwh(!-$ zd-EsgT4d;#^^u(11)#|~T!K*E&uhDJ$&`4KblzQOwK_8->v$vCbC%-*`}`HPiukHcCGt&RTaDvB-P)0tEo`ex>= z8qux@_O9Kv)L?Yy*L@D6*;AnC!S2-7m1^7#zxqUT=|&#*cjNVW>i!_uHGPteuxrp# zx3SaL)_tI6iDz}1Rw_zA{CE^4a1@arkssVw>Tf)vZu_Wts7X>lvq-UV#~S;KzzGts zw>@KZMD#{2{h@5$9Eg4In>N9nY+HtQP7V-8Q9c2&YWah)U>eGZov?g$ffayN(YFOs z?%@Mn@+LNaKF%;$!a&4xbtv~`~t3^w!} zS#>s@aRRG1;%93EtSSHN0Hatvmx+oglb?7Z4#vC?2F#=WDc`rU6S z(j(I;fl0+Y%PhnEfPOX)AIOly`J(AD)HB}bx%dpWC;7vBDRJjFD#}{jAOJWVCUujG zfoE&DMf1HGbsbpM3|dl4b8N%Ta9h$kR4)uTk2J`AKGU;uDTEaij;M|xtCB? zy}4IdaSFKgyq#l)F>q>fxb#u1Z?ONM`B?~qUze~B662`Cnn=I@&aYp_Vbo$F-tGp- zHv5afBSd3Nbkm+|IEW|A$|a3y8@RGLzaOScF)NjkKS*I2-agNfYt}WbZhMBVO*L$? zlSqO4(e+7rBj)NC^dnSX8=#Cf79|#rRP)F))xYkigM~^3r&{2>Gm8lNw*Ds%- zsO+n|X>~P@Eyh9N#GJgcI=EA@yeim~WM{3zJZYQ*)nM(x#<5ofiM>oAO|qSHFEgNa zHhL>6%cxqj_a<&{!oX%!MXxZstGug^i3V3iTgU=98T5^epH1rqM`63_7gzZ1P-^T^ z8-B)m(AtTQ;;O2b4CXAV;+ABcT?#_Om5YQ#mBy9zvL00Ly{Wsvb=4a}(fY(}yBS4J zh383;WW6Wxc2egq4m3P=eHPUHuWA}l+~R7q65S0>Ei(==QgdqQi_L?LMa>^iGf7?W zL?8HwFWHllo4a#93PalTg6;$aUMG(npPB(sKs`Ye2x))$2#x#{wP4n&-=|z6ny2O4 zM|%$W^tyyczGBDGE88XM`K#oF4+dC>0e>lzv4V2enB*< zu32eKCI!Vz&-L2kAsPd?nKr|EhjFDXBB95J?9ZN#TbmE#{idT-Zh3odzX<+V^-)&S zRuInE6r^#_6;o!q!jMf%s#u~nca_MS`9*V*lc^}$ztqYiw#FRI%Z7#X=*_KW3KVd# z+2+q310h>RMoIojRY?j;XzM*jdYf%19Nj6pgep4muC(++$7uIZl1t{q#E4 zHjZ>(MVCx2WI)_|oCw5VqUR7>eYtwRa}`gmM&7c^;25^#%&wHmWu$5_I@-f+{}EN7 z%4)-8i^|6`>FTUv2C9*jE)Sm75i#hMF(Dy=)$t>Y_PU~$J?eQ?8smO&?4J5pOkG!$ zTr~d-oyX_T_8EW@Jt)o$gJnvW+ZCf@pG(o#``p)*z0C}0xI1+vrK9UbE@3CUpjkjD zExBST2D_A4LZVt#4(-$)MQ4duYn`E3Y8<1J1_boHt1E?1?Co}>%;NWH6QwJ5P+%W6%S9d0>zLS~{2hVO~B_#jzF^J}XGX5*Sm zN`E9>@QC@-eb@hP9np<^jv}X$j#d`y{BaF(c%o6DIC2p|h#fvMD+ zg(pgFRZkyl#@=_oF03TiXpjH=_tD~BefYcG=2rW>5^=H2h_GqZ_tL4wiu(C{r?GLW zQH%wS(+MrLDV~ImkB)}TYZ;D+{UNX`N7%S#%z?8P< z@x+ZU`ZeD?OjBZwt41v?sWb96j_6d{%uJnl7>bjSG^x5aR4h*1?BykHtU}GYKnjIg z1_<0*wi=wEv<@T5Qt!7y%k*+mA^zr4kMFi`;d?8-(nGkp(9lSsy0>hx!jgg7ZKB* zze@)naJ^X`!!ZHbHJTxV*#dG=+<4jx&PSWlpG8Qy7pn(ri;X{0J?S2ZEJ?Oj!KJ7M zlcxR=qn^H0ATy&|juK`mM**#Ugt(iWxEu1yGJU4QR7;y=_QG$~{K%zx9(cV-)=$;2 z&3Z$%YCNq>s`+2-u3RYMWb=d?Hg?ApGp7;ilIUk6D|IDpmD9xF*Ue?Fl(_=TiOpv5 zEOE-M70+=sIRfzIsd=GVKwFCw zTy!%!-)(k&UXT*=03swjqgnoLOo#%xdldH>iI5^;Y&R#< zF3E2m{(Y|yd#-X2ey*DG5-~}8A)t7JcF>Dh`4V%E^LNT2^G;+SU*Gd&GDunsaUFAk zhdS|y#p3v2GTuOpGf-l_fG+^XA@Y@Vi?l4oscey*rvCg6AhCi=K)SC1(H~G15!Qtg$k~KOy+{R5ppt zdmfbn?HX0+G3W*ixFjP+q`A&iqEZ*Nk}V?J)Ly4=Z0pQ)elG#OZ*PAuwXBt27dotP zENy=j*~dPIk)8i!xo0+!EY08w{qB3h4nUY!jx;i>clc&IN#^3ZB4f+fKsgt~*fid9 zmI8fx8T*dca_0Wr_Q6=15!%@kUY$W3>E;Hx2(*rtMIOD)X>*?Q=QQ#+H5HknN{f#u zpF@q!qpZnYw3kQM_a$Bi=Bg6oU}i9tPj-e@tlK#Sboo%N%sUTPm0Reu7pAULzSM|l zu3rc^m7AN5>%rmBVetF@IM5agO`wG#cu&0rMpZM3&V}#y1zKy<0z;y0f>d&OvPDJ_ zfUr;S=F{5e%`4OcRdU$2o8(1_C^C$a2@)yPV2)^}Pc1$+=$gR*)32CHq>sEx{Hq7% zyB07!3(xqwj=9?#wF=6^WGGRH^LM?l4Pl5dGvv8lf$u_bg0+Cuxf|eAsuxvbBug`t zaxw#A<*aUE$%!yw+BdS)cvO@4p><8{?o`BH;wrJPgK_;tp`yDen46GSd3A2D2sjBF zby=?&UY*nTnOrFCzu20&D|Rz7^^Yso#G0?`&R=Q22w>YmTCz0D6=7?$iebhw;PK#H z{QdcjAbk(Vp)GT}x9Lv?#fyth9I;$QyhECi3fw|p%@vWljkkoM)3K zkS~#a|60nl8CL(yO*tq2xT{lXp}^TM(~vvP!@lV3&AI_sUH zL@y;=e%hkj)rRdUSR+oNtK}^W><$z`j@5=XgdQ+YaU9iXnE7Y-nqz{#ZY@p90k~SEExMa@c?-v;de+syq z)qA%Q)I1hHtxY>CR$?IPxz#i;Z++765K~mIv|m3RqyvsczUMdT?J=;pT++0#0dpt8K~!$+PCt{@35ZH5 ztxpjLSPY&&ymiXF)W1YzZz7pdS+P7zLpxAJzjS_K@}F+_cj=Eb*KQ`xLVCm=-oE+Y z{(Ln|w(##w{eNR=@OXx|?yHMGppSn7YTtt>n~F==GOKh(nKD7tD`URg{2~abeBWT^ z_-yku`m&ubBZS;2L`v@DkS+UtM4Dc5<^bUpC4@x1f;&7CFY z&`jM1_c>0VBgtFcjJfu`%*gUSjJb&2|3y&R>^#cn=ZJ^VB)HYjCsefZ7mZ6z`^sxs zOTP$={nql0u9j|cB>lJcW{-*H)BHz2(gQ`qj=ej57m)*Uw>$oeU}C;@ld@U#7eN7i z)LikFj+iFb!J5oV#Q?$z*Hi7}S7w2fuw(ujk*KM6?cMq9<`r|dd-L~W6)Eg%Hq(BK z`7SQ>2As&6ADJaKstxE&(_2K+bwPhY%)__scRqV6N7?s&&QLPspBk_q<3i% zr8F5xQZjjA16g?RNRNecDo|QmnDO@T5d3R7-kud6w}*$|U%x%xL*-if?u#UJ1lTS3h+8OOUzZm$ zge+eSt3<4ogQ9TlHFvmfHN|+P^x+9&UqgUCt_XS)_Slq_xhCsdJ6Pa;UKAY@LV;)0 z8ff=>EeDqAxZRj!ywPNU-@2ifW{{&)$3Q{8rpU;s*IIZ~AF&}U!c3LFi`$9S?lL73fGfudfUj!?Zv+T02uT=|t>|wj;KRw3u>hk*O)KaTR z6UDQcG{cphA4XY#K-4kCCxC%`%d5X9@Ba^ETv}fW&0}DR3+*1_8n-i5w1=Wffqy3C zA}r){uH~AT1dn&7Y8|HKx}&#pi_EPMJNHA!mF;QQxD6bsQt!pX1L25imC3y*7R#oY zZJ36~WBpEw{dj@uq8Iz34Yr5TF-Tnhzh2QO*l@!J6#19-YEL28NI83TI7HmUcE;20 zyh-cOp}RSmcc{qFy5D~ZuOjb%tIUcF={S5lo5+d#tHv0s4;hpXsx1A%Qbs}6#@b||gC_n{bB&-!Ay;^SK+=l)g?x3x~INC`CMFr5gh8j0!e zm*0HM{Ca&o*pND?)Sd+~|Ky7n9*M&|xf2NdMevCuCzH(>5(PFsWSVIF^ZH*4>EEfn z@TAV$%luzzVMR?A0p z->n6nV4h$gV|@a0%&rta*D3^`gr#+?lCaONQK^yXgkurO7HG*W%ld|Jnabgjd9qo> znF-R1E!V$PIx90(IG4X~D!LskX}3qrt`?qknXeh8G_5;gi9yzq0kCRX8F6fap;^$* z;#c6~YE^!#q-eetHDiR!L8 zRr(XvE+fm#y0PBoydHlK+h?v@9NF=jOU)q-o1dD-7n>4_%_cP(dY|CnvlgmWF;bnX zQq1|Y!$DM(My)e=F5IeHzRua|L$z{ z1iZPMN>iBV9Xr!fgbAE#WHXz3_&)flVWEBm5Ue~Qz(nAU(jBN0AROTux2>S5loyMp zdHTL`dRg_0zum=)vQ$|` zehHrD`%Pqvz=r(^R4A}(n?4oo;hpZ=M>Rg%ZA&_8-hbekTp}BhKREy9rt`Stx&9*( z(!4W^)De$>K+_@Xtb%sQ4MD{`7Riz-@xwv^$F=9aC8B7KD>l>j|5aEX>@p#i_Z92{ zEtVA!!;`+qXLSa4_^dFM1{QpxAe(`>TJjS@WUf2Vz-vOaIKACSzwmo!HZY;2@tEp3 zCGFF;LjJ|&p`N`rRrqJPAwE6eZkrUnY-YijwV`#{ROe*ijEr*mpGCvWPU3l4N~0FG zuQHl2A2A>Q^GyVO<%emF-_A$4ZB@j_VFit#b96?;a9~I#y(b-OhppE7@g5?NbEAo#bv_w4eJSs-_ThcY)n9HPhx>r zrbyEvrG15NjlxNlwc&)C11Lze^4JNUh+Q=_pO$QH*QFItJ3x1fE-Y}GW*T>A9R8qD z0+1l@Wu4~aC9Tw$FN)2)=ojfx&KkS;Lr3HVP9=Ki)M7?2<$TW7p!Wm3id7=>FHXKT zL%*al+3+OCI65gG^tiWMW?s-z`m@G?7ZV&E)QxyAo&bWso2P+w_uadV$d?3nt)f}q{VnGEjo1FF zQeU`!5h$MBk~j6~@wMQ|*P?5hACK}02ww9FhrG?5#WN8AB4b))-Sf!@n1Z1X$CE!$ z>+c)OMse>cyA-e)k-a|O`vH9ZzI09daC<*&pF5G91QT?+mxF^F=f!#%8({li6VSo^aL->BddH>sf;95P1=-WD2Bs+6#*fzgG%%Z_toEz-*y zaok7V&?P{Ge7Q_nzWt|G2fHcj>2sKDm^?_Qa{^DU*R1z2D*d_M{g&b)RQGxs`#a4( zR$rQ+$(&t7@Nt*n*?Sar->=8%*^3nO9MWr(jz|Wy&qC* zZHE65d_;{^fb{!Nb1K+h2G%VYJ>+#(U{uYe6(yjD)LriD(glciYzOST_LnmBR^ zqPbjs7q!diJE}>%jQ%QXcwbQfr zj0J?627Nr;=Cub!ewa~1RP;XD2ZCzLB!MF6f!LYX+d~`vtu*#rr_u)5d4UUU6|Fpt z`_(>@f_*5Ela0hy9Zs?S6?ddH7=cm&vDG-_z)^eJqhKX|4~dbV_HxCJ7t1NJ=ggar zN#iZdSH~8B#}WAG;$<-jS^i5ZsvT<^>c}2bY!&*+%L`^1me7%MZzA)jJNLVWry{=z5zciPmQsr*kFwaGH5rL%J5xnlA+ogbIiL=4O6j=<-S zs)sU{2(&-`=cDd0k4-B}a^3JfePQklx71YN&@=S0h;lG^iv~l(2>C?VxDu+9dB;eb zhFlvIwZ9U0X;lm9kxSBk3ilQ$vRx7a(&m!mX0}D)c#_gH2p%_(A;S3YYj>eg)EVM3UeD=8RPH+JPdPu2(hGY%wHd<0gq22#=xka{0}x~p1;$S zkj?(ZvSln-z%^N?L#ysL(xwl1@B^ZgaP-HTy{O=9X(i>`!)>?G4Io&Bem}%QcwXF= zE0K5%^cSO)!8*h9eg&>><6)# zt1Oec#ASl0ko@*|#AiXwBiTV~Fx(RJ^H#Vv7b^J|f!XVaiAg^PY@}(pJ!f?~=q_TX z+&k&2Xdqg~-O-o5zXgmlPq&jlxN=LK15DixLn9h4=sN~=k9LGDV_DXu<|LvmI~SH{98C{j;K0Dxv*kfidZ{`Yq2 zLdlA=LoYAq`U8G1B($1h{~#r;f^6R=nweaXSDCRYT>b536D$akU$ zrri)#l4Me0FxXw%oTV%D;<>Z>cA(k00wwWDq6annMBQEbp7^BQb^(y``$HpK^>h_! zmc-7a{w`zR;p{|Y1rd4zK$hKAlBFf0FKw6S(rYZ=s_2+V9z42mny(q*F$~whlOMwM zlj9f^9?r#XRPBsP^vO@q`c>%(yV7CVG&n|ptg2AWW3HWXgHi?`bX^GqoCXbzNMw1< z`Bmr%K2*HN1-1sXRc$gC3xxJht+!eJB3P^)pgNK_dRUrVHJKnr$NJ?r9IL^r^Zq|h zOfFYE11v{&G+U2(1uHsprTd~x1N+eOC;teQTH?cWMK>Y>cBTxi^xV53@nun_!3<(u z^f+Um(pLoko$3BRczm8uM>uIvG0ZUt2z4s*6_yty0RXo3L@IcIr_%SiQEGiz@Pmx- zB@RFzEOM!&&1mL;HGkEctk)qIr8#hfQmXpGX)=VrYyrz zmmqHj=0(j0_n}9(Hw(Y4+Zax_9K@pq0`|l2b1%PtV(}s`!jZqSOK_Qdd>b>d0z9Y_ z&;L1$q)i=?2FuP$hdtE5+^b@3syV4J0e(qWs6?lVYgMPQSz@}aSehFUvFGSvX5gAS zs0S0-g^TPQ;x>A6M6Vnpr56Q#tK@i3ZQ`x*K;fs|?wO`2@@1jgIM-yBD8szkm<;j8 z-_IxodET%(=RMDc8FbbjRvWb{Gtaju+sXUYzE~HunVK~K3vADiIqmetQnx1n))n9G zB1cO7-sG* znAdNf0gDl?Stc(|-lV0fSy|CU(YF^Wer^jBs>04_FgDFZvq3@GF0*<7vqaW%*5m?t zOdL}2Vf>vwtd{pEHw#Q&ZH+P^dO{0^lA*fq@o5r zH*xuh8Az4}@8w~_y8bMmWXY2Io_hVhQd!zWk?5qrYwk8jIda zLHegJ?r7iIi~jc&!8L_PVw((KAg^B*hUwlij{nal$ch7o)c?9PUTNl7S}bJMdyt)Z z_oTVkPowkeKTah!h`O-AA)KLat`cb&;2e7@M6Et74Uvi&r_Y4XrCnFy&z-LR3$#(D zaoSy(Z1NE`5w4vGbOD6S0`DKgU38Y><6z-%Ox2^1ExAMCi(b z+S1%w`@0w5i05{;eCy+dXG^rogw8NWjt2CE#m{S?qATmwDRIX(F#qkU*n@jzh3Q(~ z$mk3dry+#LO+kY3Ft!YrI7aZE%H^|BomtSu#`Ni5`lBE>c^VaV!Az<(I>?1$dQA?L z0>21JbGlA8cebCwN5iHTZGR>k4$ujhHd0ux)POAGK!VB6qzux_zWS6$#Cz(miY4xi zHwvP^r9iof)PS05yFA@CoTG%0ZZ?ZILe%a+5Gi%!K;-M$Rokw5)nd2v;O;*CyNa7W; z{XC|NE8AuDD_muP%^+PABlg zWGjgyLz_)Ba2gT$DQ6hX5;=0C=o`$11m>wy#knSt!XsRgsk~YQ+O9j4b;G_|BzGnS z@XDs99V(i6JDr9K@U|5-&5x`wQM(gS>IqbzJYT&EDTseM2i38#g6*2YRoQ%l&8#5g-_R`kn>(B0FY8Iuurj2Khh4XaE zx28A&xQlwPQ0I<@Rp>Y9VXTk3p#pW^88 z@~RQ{)YoulvsWKjzF3(d5}fU~V9a|7@W~jzG9B7(*`!(D{>1W))0*MuxFNV&hMaSn3OjC$iT zVMAot4>iX`P!I`HNvs_G;H5wQ+1ngOl?y9lZYNuM?aBE1#Pffyk zrrBp+gH+=VDVG={I%}F20yq(~j|^Q}(_=Toh$~l6s+?fy7A8H!s$cB+{ztzy?X;AH zW$MG0QhEJ(*rx<@Xxh}bt4u*uWpsm; zD{%u~LfUz3G)0@PqgBRPg>}M&lYBxThF`A|-xR0xsF&6n0;T`zi}@<=o7SyC`t;&k z_H=J>nCDa*p9L?F?wrU4y_lU zL~cLX)}2q23Lr_1Dx@iX<5=Y|&ohpwpR1zu^Gn({<7Eb?r$1BQG|$a7PfHFlm{p>2 z0?z4S4A4EG}+n19vUIaHw|{OY&6%HJiS)ly+^uj5_e*MZG!h>D4su~V0#G+K`>VCgr)BJA zE2sLc94@~bP))V)eY}t3l+#s@YDi?sNXQr^i*fCp#S(Y^7GPBq)AR~XpNZNIII%0+V z@*-p7{UdQeTV>3n=?;vww^q^XddjKZRR5J|vhAPyBHn@5ZqeVmBo(S`^$)70g7_{7 zy(3kP^f4*VtU|vJIV;cGf5>G8N1l9dT&!=s+}JwqFcP7FF42SD=s-rgndh^eo*86% z7qIvrQbb8EQW8#x&M8i}Mt?KWT4Gz0!pBw~hKw5I`W~t|Oq%)nRli@%BZ9))344GW znPX()L2IGg`C?l-3HJEl=332On5&P#<>b+MiN$^vEqG|NPE*FI*VU7W%yN*d3C$5& zH#(GQbd#c9+;HEI=-v4k2CD9zMb!oq5?~?sE_q((xvtYI8*Ap1Yd%>?KktKm{jOeJ z_E-p`Gcu|7X!O$;vwqeH*yc*?C%}LMNFJu)d)@GxNz1Nte0AyR#OOgOwTDsv@LWc1 zcEj}8#tp?y&FYs^RnszA+C2#kjl7HILMseLA}wRT=h2m0Vzn4;S;~iW4bq}glsO@@ z!%}oL)kH@uR~O*8Wuwnpnr)|6w>g@vY+E_)t{GiZ#rn{W#Tt^3 z5J#01_;Wvc*3f1*e-nWkR183ZLsZ({$!EK)|B#|n<_K(Rb(NoCyBHbGBQ5uCdkLoh z;F+_5OCx$Uq*u#Y&L{8~Z&Fk5+69%w)GeQlH?UxbRd6$r!+yEF`k7or&fl$}i9?Ip z#YUdglxLnImwX=oV3Hhj<A#B6)UX+jQJgU~`jGZ>Ax9=+&WW3RH%abA@7;FWozi zidDQ--2UbJ%D`t%Y>RgOYGWf`)8kO z|E{UvLiuL)rr}I*Z_soI8RS&9wTME+_OA&zXMB?U%NO%Rwa441Qa0b_fK`+IZ#KB5? zu^}N>QtM?rfxAA-3CJ~hTV62j@@aGFLcI1drF0~sLUJ{0>ckdl99H%=fJ3`Lx(`)} zVx@BBTxnYHZ2U;asji_XqxmQpLG-F<%e0z|#X_@Zh6f7=KZXCqAO4y6-h|Zr&ja-T z)52ZDQOREf$*ZN7Ap?OS zv(UE*XfOoNzYNjNO$jTKhX`T!1OvFpUfu#Hfs-_4~h(-UBheE?$e1v=626*5oF!5e?S9LTK(nKwrU*o}%!m z!U7Yoz1a!p{mNu2s<JUdnU;92s1Gpw<8`mpeL3%NgVwJ7 z)UZUIsy#M&(3d$)zE_*-E*Lz^a86fOWMs(2-Rl@t+tEJ1gMn3;mpkKFE3dmG{- z%RgIb3phz$){oZMY><^eSTfm`6`I-}fIt3cSMRcY4J)kjRREhbvDhl|&!rB^kPl{s*r}olX!7E+L+`9G^Gl{hN$A3VC*K zLrm$3@GCqCu{|g?R88nVQqh12xUAMcQqiup15=(`SS;}}=-n~Cb9mBuV(Jp{ygoC0 z^M2G?0i{Ve_B#eeTnAgdh#Y@{&&m;}lyCC1jm$hCW$%R=Yf%H477{?)77K=0> z6iUcGCug8Rs+)UrbyI*A73N5eX)wr>uY5%R8QhxL!wuMW+7A9421HlgIh_RS>0UFu zaqLsVez)Omj4+-02@o7O`#83}C%-KkHsCmGs(6`_(U_!Tt$>a%Va^eQ8!@xi=ogvH zo=n1JnGWSEn~K)7)uj)!M|?E$VOr7y_7hL)n`=w`edFfN%%4X(FhrcSs&5A!z2Vo+EtMl83)ksj1%yJ(rk&fJXObRp85)V5 z-@_>LcV-rz(u06NO2P`xuKSvd2d(5dN=*o3Nk**Plu`M2Ibs{$SqnGp+jkPVT%hdo z&Z>k(BQ6P_?;Z(YXrZBD*xA`gc>2Y;ic-1SOV@yaqCWFMlhH8G3oCrsnnx9;E^I1s zK-o7}oN{d3W<{ji9B1K8rhYo}2+Rd)N6M;^K@3TXGF$t`!t;P54`Gix^xE`yU)Ihu zD{)dXC62USSAY*ERhkxfDnjia)xDt$x%pvhz3N?IT~y-h+uLM z7?U%Y9F4Em`A+Skc8@XM=VfZgM01qTSg@$NmZY-+ zR_3;@#ynf&hS2@t6L_l}ttW5%wm=3Ay$$va2V{1lbm2IeA6mxmnhl%uoz>;KgwCEl z@J?Y)a?a^Q)0e_t;lqW%Y^u_cO;RfIGwZtUXtXzQ-)E3e0_h!{ZMS1vz4%LZepKdK z`P-k2LO<1|CyYH8PUa&){5+M#0i2vwyG5T~V}`YLv&1ChsaHLgWw3VHVCsZxvYA&b zHsiYuKNmi1rfU)lmXvOdxj<0PIgY{y(^_EyH+Ag~vmKnKk_M@e7K-C@*=F8c#$>3 z(GzCe6iaWosEy^~G{{tfl81(#$Z8hL9qEK;UuC zU1L8uZ}!@=a&yD9uS#qoP83=lEjme``M=+WUPLs^z2eb@xz#%nOyIwFC?QtxU;NAa z%w1^`yBW$huW)IeedQ0;#d;aL5S$g$R+QGF+SRAp(ON8~64`z+&N~A4j3-2et1tX@ z=$6K+w8tGpyubSmiZ|HBWWJCH_|s2+@R;;A&dK<73vVz^v(kWSQ2@wl!UdQn%WTKz zk0}t=-wRA*x86nlPh``GQ0rpn!gFtOw)e%}@Oppd--vnUcy(D8(8b-Rm6NgT-C9DK zmNx3A^^Op!w*@_v`Asx>pFpI&q5GdtNy4uiC7TR)!`iAN)B<`_WfTWVlL@hd|J~OYs9PM{djf zYjNaI32sjv&Y5V-E)eig$Dwj#$7R&HSTXO(FPI;)=mL%5R`kMbD=j$37gJ|=A3Tsk z8o9jVX4dO;%yiLjB?2(UXV9K-p@!j8a}LIl`eKrWGXS;@Kl%uJ#RdoE3G{OU5%Mp; zD;5@}Py5hyqX~g8k3*K%zAzZS{_40TKv7JiN1bEoWWg+*14(61>V3=N!a2x!5ywQE zztrMysbp{-SHIe6j9(=rGe0jp=MEWjD>1wPcINmj{FPT#KMFo@)pxZ zozug@p%?YFFWElf{e^RpOAf484^g38+aLQCMnSitxA1$}r5_v(UiN1%>^qmhjMe)OYey_6ayMdoalz@9Q z?@o1l_uS`Qm|qHW=`%hNRX-IjeZjpoBa-LB#6)cbc5d>xk!qU$}6kO@7}JQ^)qn(DOdiR2p=_(I}P?`J66!j9hMlX<494B zNK8p7@~b5jDb0josk$;-Y4#llvigc>pgIO3QeozOH?@6|$*TxZo5-FhHA!@J+5C%( zNcno_@sucm(fgE*y;`$V2fO^xuoQV{!90zLTTqRfqAB9+%pUq1h=l1n1;A{E&)(6>NEl)>2_PKFth06nl=4@D*YycW-eP~8AszA#tX5H`0 zrBLw76DHkOzVp7as_vvJ@xkWBG@phv!x8&T2R;W^2evWtiEJQi3`)tSL@+gY6e#e$ zw>a@(nHKx&vec+I8Gaykc~oghZsts*U6Wvq3`!W`#|?0UP-zOmt)*#j;N8ivRvyMl zx^b`S0ny%7_?rl}q)mkL-4%IFZhgr4i^jfGultsjcF1Wqg*5bFQMSbERe{H~Zz3mH zE2ED`?O%QxrD=F+!>X3X?=v?n+2tHtK&}g9{S*_&CHEwVjZ@xQ^-WM5IYdEp|7+ul zQ^v*#wjpSAQ>&VHLK{+a*P8%Uccey3+E(g1Ylqr*CN;meamhm1y|NWefjr=PEs*Ny z>0tFPnrV-ltBSn8Qjg7u!mVJ)j)j@#&AgCc38zV9ZISt>UgA0#N!>b>y#N~Fr{JDQ z?{JGOTonh02(pM{^9$<1WqDyb);p1~=Yj{xrtYuYcwD!wnt)UNID%-OpXgtf;(u3w z{5xgH&BA}q=l_GPe;2p@^p9iwJ(1O^ty)Q{D06QoAmJ)I=Fh)kDQCxdWEBy7D(a$8 z5ceQu%3!;kMG0()zr=V8tFomhV5$f2ZZ*L_*2rGi`XVI7`(~RqDM^EjX_+xuE)Ky&v@ctIb>l4#vD2XUzjKJCsAuqWvxV2g#8nBO)75f7km z`kK{TloxH~`hA>FLo$0uxCH8;+;YuOb=;lDok z#%spntC`jp6Lqp`t_hmOjbY4TMJK{3jLsExPtgPF4+nxW^uWb2s8%duYqI%kJ@HIK z9#x^)t3`~%>rraqI&uXYAWw<~VKxWsY%w9}h#i^M=6(~MB>tM;R`!rp^XnW19t{g; zXqw~ed%4??wY=~-O)=FyryO4_)cqjS=CW7lCux*nT!QI}*4xhk5qcxyv*u9F2%^QK z0f~7wt5(BMT=}JxJEJiIji6N)?wUw>;K7E0LZM8#hUrO#X38e^DM2=yCL2yFD>9|O ziCpmZ-6D%>@3h+caH1Q1kZ>1$zp9LaKOjGohM!v}Y!WBnotE5k@ur^hDPZR~%)!oN z`LKg})ndeLEd`^HylG&b`6j-ThHT^2i5qo%amm6eHw&FIX2Y9ZZigLW@SVC2nG3@fc6WrKYtS$ z@Lo8tY(+PmF--n5Qwrw(M*;AMLT<~O6to}3bs8tFN`wvTQpY}fSTPI^BA-s+OOtco z06`9);`*zp$>QRQ{Lebam4GbZvqw&YXkR=6~DM$?b1IOWBH_vx&YDC73%=E?8X0P~M!v-ODG!{Xj{#Pw2HI%=-0n zKxCLvM>UN^<4NA#^RH3Efyw!c^$F8mXQydYSMF?p`Vj;967hJ|Z`DX-mJH$iMi?r& z%@y+{4Lee)Hr`HIHC&FuB5PTcbL#$dQIMT}I3l5~XK-`BIVypt@Rdo>G)kw*@;0`P zZXzgi#TCTX7`Q&Stj84>$7lviTk@fP?_{RsgFPPrLyRUzXJwh{RTaGkS9X=3_cAGE znF>-PA1EPN=D#SL+)Mq@gflYooKH}XP_Bo*$6mx(7HYX^iS+OB7OJ8(VOq4Y_FWvn z5mjv!wr71TQ+4iw{F~@S;h!?L*Zp^EW?mO`36nCQHYvT!o|e!el$!?FjEbva##q}q zs5e3r%kN9^Zd|!N9n~Qr!nzA`z(IEN*lyd3J&wG1dc4>3{nAcx!Y94Us>0cWYS^&p zSG*BP>CWwC{&Wndd>R7ctzln#6lIF?<1a|DoZBdKrlAQ>kcfpT!7VG@^+Ye-F!>Gc z^Ph$0%glUDSoQ=DtzyKgvdX^f?eZJ@bR^X{V?jpRE{$qAIWz+gn5D-n7&~1%^l_SjS0NV%{lQ_QkC_F%)^5f0nq42+5Btv- zye`Hj0bY_thSdQi6UH)?Uk)}=eSs3CQS3n+*yxsy#_0?UgtRzj0$*0{i~qs%0w->? zB!>@4P4|v7@ZUm5XPQFYj#y{Im}KG#*b$e5ZYR&?!71)D=wOY_=^|=!BY7KE;iPq7 za+s{vYZo4evpP23ODW}kjhC^5QkP807Jj;caHH-5Ru!QAz@XOCd6Vx93US1!gK~2p z2R{>C^=Niw7nKULL=8wLlfW-ctS3@cI6K9`FBDfImGH~>v-~kBOD0BA+Le0X)lvN* z=)Zt3LG^tl*W;S(c$^ZG)r6Q8(2{q*puqRR;|N>oHAsH|w+RtDO9p z>y0Se5MqX}*@Vi{JRO?oUoZ>Z7H{U#E3~#0hm7ko_n1r z<#VP|2aG#8#(0X!>OEfw)N^nS=HeCfqI4QLP*vNYbyXK@_00mvT%F9D^Uv$Qsh`Ge ztV~->QNljNF~`+0BxOloi0~p&FNV&bto^u2m9K_6Ja|Nl$jRI%{Q?uckEw(TLQg}Stvg;}tIS%SPHPaNY02Q~C z3SNDreL+ALRv9FR6?$ z00slL+GII(f?ePR!Dz96Xo8$xw76n|u2QslrNSfzL`K4LyTBujo=)!(S{F$Jem26W zIT4C;Ptu(OIkgGwQSiyf(Q2A4hkMOxIM^FMyr6kztx)|+gPEBguw&b#!Blc@EQ?>q zK?%lN%Ec#~Lyd%>FqjiEvM0Baj%9`A&w*AA#=9(;EMkRD` zjyKSazx*TT&?k8kaRoo-P}eA9lBX)W9CnF556zy6#bf5!j7S&`WGPxr-z6fE_$;30ZukY zhK@a3UZ?4bjeTm!5Ay=^1XH`pV>1k7dry2Q;c{Fn8)L<83-!k%AHYUASP2`UypoyRxSe$$Z4#_$1?#xzDN^3DwR6ca8YJDP4j8TcGC@~8WtLTaJHlq0r#?i zX)g5nxw+3j`@=Qg-3wH4nSH-8dX%DNWL*_$kF9SYuC}l8FtO?zkGL~k85u?LqNR3I z+XVK_CO>qwwc~@=GqlzucW{5p6BddsZFdkNNr`^`adL`(B0;XGQ!jJq&94t}=Xa~}&nRUu z)~jT}BPHD_AsOcUDha31(VV7O1!sl4nA5@LgIPDL1<24BQHOujUHwOx{U1B0e`(y5 zMjLHTye`p|^!fllN}6-i5HN6ETwU6%bUMZ2Qu{(9u|hpaH3e@!xW(*#Vuwdj3(wvI zQIR%eAA5BAE%0m*{Xa7#<9^+5`n1!^_SVOKnJvqcTnw~I-8|m_d4lP0j2>T6KzOjQiz6YQsvSBi$ z!YtG7X1xO3R_^&|2T!~=l1ZC6^2?)heXF84z~JW@rJJB(;6onqhheoW)gR>TvCVHb zS#wwwx1O9{S?<$s?uB2r>5UNmWw##L!t&X8-_%p};*VGV*AIDC@1AO9Zm!DbQC}Nt z#a5X{>l$~)-$ZRiamRDpa?2qdr3We$fN{u(0m9ap>Spy#w^EFTUbuOUrda~`g~7}+ z`e|r9H;0?>2ppu~#;5MWI@zb;LPj3nfQ@kG>yqsw(_+g{^wFQUt}eIsNE(aUb?tVE3q8-M;V1!2X^Nr=h{G|k>J`}qE+M~t8Yn|22tV9?y@f=}=i{gS$L1NG38L~z1#7Qw;$q~8%FvPaQvvu|VU z+-X>r8`SBmG;|A`Ol?^y_vlpq3o7>J;7y%>bILah|96KNCPJ5|OAftqWIS9)oVBUxhq!LmRuZ`WhG;` zy%IX|w~^#XuWXGK78fD#`G?IdAqL04UBmz8gl?@WZ+HEiUy=gb)Q5KcaMoV+t(i0m zo93OVj^4NW!H+>X5a{v+A=*}rA%lX~A#U-(X^_b@>B>=hl?gR-H~P%#yf+ghOB$K> z^=QJ6E^Vd)g1>Ty1t#n$sOm`YA@Zl#nO0swq1x{b^!3v5ly@6w%eAjz!hb+BUkYj$ktQ?%IC=~1mQXH zFRAzsg=|K`=X21@w^ji&MSt8PKT@;N`;ox0ACaj;Ui^1V?2Rh`3tyyju-hfAH%ror z2Q|H}X+BjDZ`?7kIlJ2-o~HI|C&LzGM$1O{kUD)io_R|;G^W_?Pa=tS#WT|3orgH5 z$K6lrdY9GOHj8cEGW*sV*>~ltIIR@4fq+5~^-1!y$OsF*p8h(z;m+ivyRzhywv$wi z=lto@(Y_0vCvh6I~+ zq8nt3_k#QYiwtdLtSuEiPR+S-+zzeG-5gIPwrl<1)5Rm$0@^cTsl-2ffIO|{qp#m) z{hFpO&79Wg{UP#j(C=dvY0E_%R|D&Q{?s8nH#Yv)9+$g=Z+qn*H+p9MC*Iab%7;!^ z&4B$-3+NNI?hG&Gmoqh8wDPco+;X5?!;tf|f)7VgapVB2gtC%w9Y{nfVnD2E;qv8J z39zhFcO_Q`4Od#I#68gHm$y!}%$~j6IRzeL?5rm1CiD#LSI2MzIb9R+s>rNal=6&{ z2{}WFv9uzqOBhIpOk;GdM`8I7rN}&>n^1a-%a&FVdza_b}=X3)oF7P z5A49JI%1=~RmW_R9Ckk}ILy$h>)7np)`>3()gMTMf2 zT2pZOl?RpRbvcwAvKU!AbzVE~yh)p$hmeuTYJNV2kP*p^uaS(QFW5DGvVvnLFtO*> z+y>*S{hU~H>XC9Pr$93M8OcA07%3`uM845mhXilTlX$sT!Ku^G#o8i@$oj>ieQ{XH zGEM)~YeptFG9(JhI#g$W9kDq{a}JGFTZUtP@PJr{A4CuI{{7YbZ=~UWsgVEqViRvYe@@~3@lgfE z&nuI!42^v{?fe09P^$|?{lAO>nHSTa2X>~(qJI+{xQq3#(&h;a$UFaO*7KhqL+075 z5oqJ|nl&>@dd!DKyjMnFROpnESfZysgK#{u&zq8@(@Uq`QK z7Ws7Zi6nP*(#9gbC4S!EUL`cSwy~;Q1feW!8(Z8sg3VEY!IUKCA(dMP3n9jY8ljbv zt5(v{%Z}7Fl~|9Oh|*Ya@i*k=oNuB1aw3G$zKxl+;O<-3OMf$hNukGUXtjr;01eiS zZ>o%QV3f>;uU8;l-m=H4WiA}w#{2)nDn7aQ1V;0wQ$tMMMK9X`k3L}NoSpD|CO+0? zZd4ynYgEvm)As#qJNvxEBLpd6$-y;fpHCGuK^5v-8C=23qbabgHD$9xqN8J`rF5{4 zqvsSPpUs5}2SyEJ@yqKYm4=`eVeW9bWcO*j2iAKYO&5} z6=EDq2TsngYs7$4diS1gu-+%huvRkuXfcKUp8Qsq>cqq8J>1D|N9v;!mcO&xz}TBz zGE37J?FUN(tf;zc^s-RvH$rnUD79Pk?VjF!8{8nSJRd>DU?J|>$7{4Dsfkf%Lr8Cz zRS0by=Zxq)$D2T}omx%A%S-Yk2Q{nMLxC5m|6dx^vVk+QF*368l;MwikFqr?jR3hJ z6y5vhHJn3$$BAla;z8@p5V@7?gQXUnEkNdDlDZmu*liflkM8q&#nv@tAw~J4hnGMd z1Ag*>0nmtGu@6hgV20w=A3+Id#V$=*@(r{E;_)j2*8P$k z+9wik^I|WB8d%FOE8GKIl>joU93u_HELn01s*LhPHwJvEmPDs2kGX}WinN7C9T(Me z;UttiPfNYfdfjrfQBbzY=Zqe-2E3>&aB-BXs#gR7qW(`Y<6i>l|5DjVocBh!m1L|w zj<)x$B&H^s_Sn5VL)-RYcYp1Mh01FrUJt%ZnDF>@a)3fC0$CiuZeAsLC~#a2b;<)mHB^m8-i%Z5Hv){xoD3_hbuwnA*3CO{xP#ilUd0 z$*7A{H=GLRe743Vbx)-61Gi*MG;(&=P4rmoIIc9mgjs)bz%D(CpJl@(q2(?-qh4-NS2Ult5~o?VB8v14ocRE1fbWfXQgAec{>Ld+cp zuS}N;9Bosx^CWx6Y_3i*envcY0K;uIL0(lKJv$nHSn#@jF*Z;u%EjeH?cAf$$5!G! z4H-Z4yeze1Km4qU5`$I|AZye@n9tBF6 z6OU3`Dw#5@@AFto6xHu0gF?7xw2)94q;XILN%;A9b2s}_9*{_RT?&i!th`mDLYu`i zf$$=>Zes&J7{0%Q~tW_DB*pt+eZn84&Vc>>KuiPEgTZarPXT-A@vV%Kn(B=%DW^`ywB+NXjIVw35u!5Sne_}p?G6&s(K6zjRzPMZ zsKubrXZ5xlF6FcBAYPrrRtJdeA9DHWdEd{eZCx+IY)rpBCLWhx9C1S<&JHA+tV$?6 zzG@0hvw5S9(1NHJ9|(lEeZ`O$?J3HT?gXHHv*ieQY`^uqufNI;%23wIl1AeHMz4Es zAIOFs@!7Vl14nyDw3Wy_kAr#VJ?y&_@1e(*my{OOB+_SjHPG*OdxM2FJ~zZM@%Vw3 zffu)JFiB^dj7jEdcKCbqbcZyZ--n}gGcs9bFFuL=ZYoKS^igkT;QpDpHV@8N}$;tY;D9cnct?8e7 zVd&oe@!9)7M5at$=k*Q(^sIMZP{Nd+g~A%wSC~lcLdd`Jbvn#IRNsw%KXyNk%HUcM zdf2zRN|6f_Q!5jy&Z$XI=PJQCmm}43K7aGuYyhSB4UGVvzj(T6!Ajl~#H(8bW?Fkv zRh;?6*4c~Nj?Q=P?bgyz?8n^K*hZOnG`tG@T-MuXXU6=5hiogTBWsyL*EG6gHJax4>2>XvLh#6MBK{4vq|*43y)*Q}4t_8C z{M#?BPZNA1*+Ug|-?n+gqZ-Ca#_%b2OEv;GW3z-azB6dBd-`{IqDFkwMSHZ9_GHr2 zYXg)A>j4CJ#YRGzpfOxkW2I4DvB9yy7c(*kn=G4}8wXw>3dH-vJeTtZx_|J&)%qM= zfNDXzc(*uz=>}~e*bNrEbyuva_vldnC>!kZh`Ii2W#5^muzhp8P>LxFgm&uN=izy3 z2c!@)Kc;P5)Z^$z>Q70SpXTF)cg9Ej)Kyuw__ZL)83Kzg!Q8yY36<*J zUF63;JAKxhd8ou0rS#RyFQWoioVH+5zHIFLac`TZtsxSxUoH2pgETrhMd zFJgY0z4SAdt@X9CG$~-?IIsT4X~$YI=v|$_O6;|h`sE9+0J5N{C*K~@x)(X5a*|4_ z9qP~0#3W|PtITK1HM2qs6nq#u8yIc;yYucAEo9vBVIMHG?BC-+JWK^nE1EJ6uygAy z=&m*P$5?>Lo-HGVQjl%T6Wd#rn|vWhL>2(@^k-L#P8ru?OEEFKH`XqT7zdo@BYGGI z|I4?Dbd;a%7v+xF0z#AHZlqg_4&(~A1O04NAHgseeM)%mby>9##A6v~I0Sxn)NjEY z3VAW;7}s$^qxl7!@m|3XW}$m9Z47q3I66%e2x@*UKx`BHxy!5%)NCpnK3%5m(h|K) zHAE&Uvm3iIf*KzOJ&@PfR%(f&S8Iv7RF?)q`~+GgPU&lU&%DMD)Xetvy^SIV6;+?gv}En9 z(ZgCCb&d=BOxW92a{Hh!KgA=qd`E!x?26YF35yRmv_I0gar0_xK59}q2_Vs_Y#w(k zF1B3N*AAhp{G2psw3yNbsGQk|k#7{SeUtL#sBKd8Piwa^Mc~)@{(?z&5ZoU_mXEUB zAd6-irhi#EsV?WaoA>J7w4Mi4RcNmJ{`jiO&?%0`6m3-2f%NVX%5I3ty9zxt7&%bLee83@&k`F!Sf;sjG0fg-D z8z%OopLeqH-3>DN%?kUbk( zyM-^r+t)%td`z5jf2p{j=hPS&sjfD*FUJut20Ym~nW3k@rJO-$!T~YH z&y!9{wM>B;F33w>9iEN1E)y`aPu~%i@S3l#MI6rw?A}f~^6n&J^TVERt?j+7(>`By z$V>j-BT_$$>Q3!-1@VPZMkl*+-m^E!Aa!qtSSrhQZ1E+1v3*vQX~=eqyS?PCVoZ|W zDd<^Mn&{L=qkR5;f7K|~lE`e~g%>9Pj;DbD;kejJnGr_IF8bGeB&;J?jDwPrG0Y<2 zXj0+FCdsW^^ZnF_k$TEm@^ySd>Mi0DA0(f+-+#cQJw3wZw$L@)sLd~epx{**0EiFQn8KKFWKTL zStzulP7dJ8B@y<};d|t!K3=;x1~Ig zHgDflG4Qa~koSaXEpa)kbFTq>VAQmwaZC^NIAe|^GyU)(D9cxot2%5jJ{YvY~mPEvGX>l4MPdReW4%bjN3 zZ?gAfa%ch^%@~$Auw?UNvsoTb62WN-68n=nK}vp7bT%5!kkvTP=MvWP-!U&|3BZul zXdxXw$zLTjfe}k1E8N-4n4A0{-q>0+BlVwO$=}lGD%8%Vh-_?g-BrL=ca)rK1L=d? zA9q>S4`bxjg^}|1f5q!qp=4yw!DP?>yurUHyDdw7@}>RSIEd~a%UVtlNxGM*V& zy@d@Dq^_wiE2!Lz?3E&8J*CM}&dT6DY3*(S*Ad%a@(pL$kzSFH5gqiH$s&@Aep<#} z^}nj5(wu=8UQxqjh5iFN{!1rl4QBHf3KEKyyyRNC_%8eY#F1 z!EZmW)i%Gsr*;$XGLId*;zFqQc!~os*Ge!Mk)pWaGJ4D9%5M#O)*zVFyzZAA0z$zev|+=#6uK zp8^bD0u19?ujDmNI?&DSPq5xnHWcOS@5hzbGEJ_V&}8~qAJfaVqCpWK&BWOE(-PM+ zI4W1=Hfc&g-hDGO8Bh1qJ%Rqe=195|J9U#L$7EwQv&NFfoh(W%4%0_dmX#4ftYdlF z3mq$}4_IwPsJ9iAe8RU4i2Eb^YdzNI?fE&Jr%nK~t(@mBPVt-kk-BT%S^=>tibko1 zt4|w80ACZ9=U%+Dm-d)Fq+tH<51P`Psj83b}xC>L4&{L~;L+In&0(oYrh+H#cAAAPA(T z!7a4z8e1tH#f}h~!nMh*Pzx_7^yET3*{}ch`TugPY?CqGOe&2>0SWnG%3xz=L-K%D z!zb{dYY{usNMlu0(O49xOFYnL8aSX8k=nrQ80RFMs&r$O)_6~|{PdHv_e!{F-J|n|}$-~xn zpL_do;w;H9jtz`K-n`8Z?C_O&?r9_QA*3M*?=pNH=V^cDH1wA}8Sl>E<^%7g{W{yZ z>^&k?cOz-is>p%WRG**~#?EVyOw+Y9tQG9MAIlG(sh3!9I@LT|&Ym|b)b{2&7_za#h+=9c5{$#;N^>xbM^uM@`?J*@;h%$I5CoUh$jg zN#D=owL7^P?~mrmt=|xM2qs*=iG~n*S5l1o_XM8)CR(d5x~7jg`$%|J{M#`lg<$5F z%NR{U={>N-flmRI!!`rAnv&y4bkYeO>2-c4p~t*opWd}Eu2$)v-UkqpUB^$-x+jP| zA6cjiOx$Z_(b&D7X?vwd0lxA#>YxAHaRU>>0}f|&eiM;&U&$Y5Cy$*J4pfHj%7pL! zK#-8fznEKF72<2|wV!%-&F6DpbVqNkUOLXJrREQ{RY(&}L8@{0 z-rnYl3mepB6~B^a*Us%#)fD9Fx;Pc$Yf`pw`!Oe@T{u$F=u)N#?Bf^L3`sUFKUw3u zBzs!Zgces_j3Jh&jvw42a2SuImeiavUV|y-Ue#y)-RM~GmujyBk9EA$*}4-@W7Vop zsfu~_bjpT?{zS3p`xL1!+6d4r?e!IrM{vpONTwOeBIkp2xPQG+rYrQ2p&>r7w2;n~c3Op?TTf5>f2b5kdy_QwFqWL=B7O`41M`DxPZlp~AP zpw-t$B#xqTk8Ahl1YRm%J+;SI6v#tXPtdg^UVhOo(0z@JOb(in#e!?frn8f?D}ZSg zg9P`_M~Q-0b-*$vePL*QyB;NSZ2C9R9lybg-iOENil{2$MKOUf8W@bqnvObs?x8%yL)=xds! zXt^qSy^GG908`(ux20G*S=#=kadYwv^R5(1fXU>I$a?vj3@x|Z8+Bw;H@Qr5F7thw zAw~MPHo5w}*V(Bd#nRd+X^WmRo>FJVF3aU92|;n=9w+=btUE03>>I(9sNS5<@TZ#rtj4Si*Z zkniyJ8&55>Un3NU1UL^)Ar7vjXpMH+%eDZ|oTTU}Dx;iUMB;;X4dfCvCsriVl>BeX zRBhq?g3V1D;3$`Zlzw3fwygIqPIoav-|Gk}MibP5q1{+8D<9kl$9DpZmM>XQ=C8@( zp>DWkH%~Z~%t;T5A!d22K3^OXx%~RHvlT&xaj>kv+6c~qmwX>XFc^4o!wk1^^xC?n zJ~^C&6^`^ZqBAkY@s%;KxPwFv@Ux||F<&->#$e81n%in4NJw2|KgR74Dt$qV(l}8&)>VY3qG!jUtcngZ6JC3Trz|#+2V)1+rBkvt*q# zRU_5^f!39JW*hy3mOlvz`@fZ%{Kb%?@!c)?RW8)Jqx0#;-v9%Jp(}Iz6&8}c$h9PP z(rB1Y12Mg{89G{J#iCg1!88tx1d|;YYHLBD7%Tw>O;}x>HhVbnZPEu`y=XnszgftU z99aDAry7!-?a?h90H?f_Rv*vEXf9Or@kZT~nG8cyzZ|J~0dxBgZlhBtua6z0_UAh4 z^4&>)e)vr^Y%X0!W7{cO-B+v}=Z{o;Pn<_9425zJ8a>y>X1I^zIQgV*nnRR;9v%>- zgfaEq_|==A1;QT7@wd7L=4 zf=YTSJgq3tluX8b&&3n8q9=^n>oRmKoRc`sU38j1k6E*0>#M09s+gTPXOo?bgOu`Z z&TJ>)$8p|ij}%=Ez$+$#aUf$VY@kU^U*GWRPqiEW#aEcF0CU|Q0>Kc05FabfR|H4L8&pE@i@Xn)NHZ# zHNt0TY2&1ke;ZkM!Pl&=C&nQwAf|iiSm912`Q&y{w+H$6%qiKnN56>_L!x)tKFgN} z1U_=S;Y2{ktvx)XHDE%g6OK zB~DW-^G#0_6ygs#CZu;9J6(7a%BT`QOz2KcTTBZ}RfU;JznSr>eY3$O4KQ>au^NPW z1QTKJv)4HZO5IG6qWk(X0$TLY*5=`5gcVb!n@FCSVDQCr%{=>KNjphf7DP>LAk>d3 z;VQ4nb9WIsCUx)Zb-;SX!!c>P#ZkUKfnvdasAj&kGoBloGBdvH2#UR$S)+zL>rY>N zEgV7{-S!MEx^SA3sUjr(rE+p#J_0{iSeSRKe^oK5NR*S0CgRB=3{Z65lq)PGaeL8- zKkBisp>tkEg}uXd1mD1b`pToYzRl#(=oE*Cb>R6;MA#Ae=Q-1btypBRw=(d7Juh$1 zw?w*k$Sjj%^{k5=@f9HOHI@&vIdOW{`R;HuyBb#VmwALo%a z2^i2BT(jvyxnNOb@TsOyV~8!!mi^KM?juEG@zz=o=RUS;eYxOsR3{l%oss>Rn+uav z!T}=rL5KaxClgBvr33`1=JaK;Z9-uLT4$~|j9a1{%%NX(D*@&Xl`VL&^r>gYOcgRV zoqRkC`smMG(MT)lx}gy=*~D9bfhz&h#Tg<%mlaVfpQ}rm)IJ9TdZX_o zTao8ee>O%L3aH0KIjFZRs-=~eb04}}gvxn6%HB0MSjkI0DFm@76zABK}aEc!GU(-7;ff2DeJx!C&9% zk3Bphdv8jAu2xEmbmZG|I_oDo=P2Oj()VlojDVSZ+>cn{e(aZriB@KR3Z?$NVr%#q z_qcA%{@IZ5^?RpbE98>9&XaLAcrfxP6o}(Mckp zXPc@h!+KtlJ zj`&HSykv~JEXYJ9q~guGkT~$SVAf9OrUWR#NN6x#3y!UaDSag4wb8kt=+dQ-eTd1E zbjsHMRm1ji1rm%r)RJnG11$jr1S@0VT$1Ua?S=^$nYv z`KJ`T`!Ob0$gY0*fE=aJN2|3f+~*Z~y6V)y8X8mP7kbWbN_?fQ3s%nh!u76Cd&)e# z{lH7h*~3buDzt&5WjXlS8ye0^b?2Pz9EyRsSEdjdx%qd!!cd(n#8A$tKb5NxU1bgD zfT3D>`dqdccm_;e0UI8#UdHk`*k8bS69~Mf{N6uwoJrWY_t!mn<^dYQa!of z5BGMD@$7S+G0vNBYpgL=)|&HLbIx_m|MmM%>Nz8D?{pss@?B@yQtZhy2M-BYe$Gs6 zW6D_{PXbwRlQ_jVwDAVWwzJxaJ-E_?Y1~fBc6ct))HZ8-i_oi%S9ktsM$v zW-T;-cFTGz+|jyu+C)+@Xf;K2S=@C!XI!V|QNd?dR_g`SA&);u&0RGf4YghxDvx(( za1qrR+jtmXfV`5)4uDu~qT(A1yk}Mcp~*U^%-;zawdN@-iBd+8M*JK3pvu zjaSEB2*a~-0;u>-XQ@b`iV$7wBUj&WF#~u+IZxTjfUwcTe1!xbk`6K>5zMqC)>rSd zl7iU7X&1~YZ9rEbo~inUcrC^!fzfof^->N7qLs|@TX7*dV@xPy4M2-r#W7sE;gGYh z?+?A-$v?_+_M__TqH-W%5^<%tw_`m$MTOc=S_c-~bJIg8Cji|`=3ez)r>nEr8EBXL z-T%G*PqN~SkrZcYH8rOrDIm83HJJB{eYzH5a_x0`)1}VA`Y= z7TAClMDD-m{`!v;@I&|I3iYITm$US>Bl6UeZkXfipVO%YXWi$W*}R3{Tq66K#u2!H zkB6!Pr)i9e;ikW70spA~i@NDy?&6qNfyiM=MU_nkv0oK*%?KF%P-yc}*~8i;z3Cx8 zJHsc+lOi5<4y`#a1mTjIIl97P?hQ|wC#=brl|culkUcbs*do)-LSvXUfSGU9VyJ#? zs9%MbAUJT5zIG7Y8yQ8}@uL9H$VUL)ZdoM;*_L;oTrOvdDc|2L>DiOtOe$`^-u_}J z_sC^Ay2}c-VlRf48bOQj-5+pFNM!ww|Ia%M76GDCq8rG@kHsQ??y||mWN)haab`NU zlptsYGh01NQ51_%lN$7e{8u8oiXh=nsS-z)u${D)8I$kY2>taT2q zMtxJ4N*ovy)&cHY^^4nd4qDAe4YGnuo=X zQ@_2LUI%T>?X5&;C)-ni^gIZllW<6~Ml`jMRhO$mFjJlc;1$<*Ba=3WQ!Yad_5qdg zm1C;I>;ky7WK9gJ5-uR}*()i|4{b=$&nRwD-@i-5#@1T%2Pvt&UNM5Oe_^9%TE@7* z)AXp=r1;_jb7i{#J(%?mS&LBHVeYd)2-p~uFl(0SHptmVRsMnqC z3$rGAY;^H)j&V%tb*CuvjAZu~cu{)R!Li)2V8%VHEB%#36>DiYkXg&ohx*+79b@Rl z03)-go)>$O6^)I_usB7Z4@YKufgHUI0P4b0iVzG++RJ5nm>203JWvx;kd$OGBvd@h ztsBZV)(FsE>{v(n@sN(+p@-hp}g`N69rbi3heGxU7M z%Rw1orRJo08G3DsBeew!0Me%_cKq^J=BYzjPtE_LsZ?C%d7e-nLaQN%A2;TWbd#D2 z0dNdDRax1|Z}9catnypjpw?}(nXYQ2CsL z)r6$Lmf)_J@wy-QSbt$IX-iRuh-NM8tqzS%q;S}>vZQ8eqL^!X246Rr9>K4T$&*+v zr!KRH4A$ie%Po+I|7M6=9Ihv`UO0GFvHvK+_3{Wg5f*Jfd_x#77)wOCt_mgp)NS6~4|CL0blMSO{x)EBQG39Q=IH zncehP%`JJ}&*jTea|ZzFk`;imc-Tn&iEHYE zCTOUEQap{N$7*Zb%(fH~;v|LvQ^s!#32h3IH$UCKrRJSzDwP_v(Hp$DDn4fe-(8qj z@C;N6i3MjR%5sjzlJ(4adtaPLemZZC3 z6(efuEJxCt=Ark>l-bdGQZ?e82S~NKC80)Q#BO$$8K{%*n9B_KF#KL(jpM0zD`NRH zHBebCNYCP@2crhc=w)g+nN^?o95P(XqB%58UI7qRWw%<55f(ur#;r4up%Hw_-J)=v z(K;ivXR1*Bo2udImR;15b;@g`heJJ3*9dz0T9Sg%91PA8ewQ5m>|xFyT|bjZ(*XvW z_&L>%=MD9endA;gtuY<_UTX!wOK?M6g*5*FtF(Xv}CVofn%cVHGDPr3MK0yz&HqX#BTnU)60I5 zj-x92E}!P|sbsOk9ru$H?Z+0Jvuxe5q$HnrvfXMEprq}t@p&65*)nepzPj?8wZ{~; zTBqjT`JmqJJ_yD;~@)DXHJTfLx6|=zy?j8spM5h{waLK=LZsV_P zPt3G_0A3#2rz4rZ1u9O_=4iKwTeKcG*0v5Q&o@D+RF)lE=k`Q$FA~OYmjDFivZ@h zwGa#fpyNPrjeeA)EWcu;LfcdYo*Fgcz^>oTweIgYeSn}k*A*+Mr!$vA=2v~;kWzb5 zl<=N!_P<-t|0IFjI9NIt8~x6l*b}eM4RVudylImBT^bY#QjMpt>oxiYYb`5CGz#Ay zUxTVzQsuRtk`h;N zYqehW-qVquX!X9zpOeQzXto#H%z_0|p^p=qT@6uvA^i?uHDhjY64JqxCkUu_&BO5Y zb3G-wBl^HMHMp}8;L%u;8Cj!HyykuPz=F1vPpLW30~M+^jtb_CZX&EQbG2a6u=KIz z?h&X&PL~t^(>OuSv_3MpRt8$zm^&@K&BohJ%qL6Ed;5$Xyc9}c&!pt_E%CcL5eQ(5Xb>~1xabYkRlzbUNBT_I8|MHl2UFO zXE>sWjh;KDBxydXc%n0%1@1}%(y|_Lvd>uYiF}+5r+x7Hr{M@za7_^FSTVuC&UBw7 zW)CisloCt2%HdFzk*N{obV^07|j z&!&4w++;br2t()e0$HE#Ikr#>VsVMDe9F0QmSY!#{5HZRNs(f8#sIQQRI~QW4_>Yu z-Kr34p#tO!PFWR<3|D_#eNFrVwW3%bz5Vag23a|U-$QS&?I!^Q$Bo~4HAFP(CF`}x z4*p_mT*Xwr_b2afy^@X2urh76Yum0J+sf;@qz|;{#?Uk>)7JFt&Wn|7WXqZH+41%B zRtFmPMYi~&WwQtCW9qkBb*PM2`1k`=8`IeH&1-6fC<}yb?m2)dW)Dzx-LAA@A|i!4 zGtO*Wa_G7ZB$DWR)aeP8`!v3P3I{8BntWvQ#Gcb_iP;-+9EZ`iUllm6kDZ_bKAO}i zP*|Ht-0BZ1vMigmza>QlQ`{gMU+U)AI>?%*cTjBWutCh2Q?>iYPt?47XBA-VK3kdy z2-jUw2ohx*&s0z>2I_(4nysgVWpzs8-N5j(OS@U^rH9|gaZ-81v&*$9>&7 zMkHH)B&k?o?p|`eVvWUbGC4l>mSw@LSnippe#j@7b9`$qF3whF-ARDg+5y-=Kx9plX3<8uZJ9#L)}hWA-QDqy!yjqlIC&37ASUK4i`!$vko84x z<-y@j{Z3tF;~_Unl2(G~53n}D)IeSM7g5J0Z2#&j0W%J_I4gg#?{(wsUrrF}zKKTQ z@f$JE}fDxZdS1lkXB`fOn;L)*wiw%b!#N>e2@D$3>>P{Mv6 zb*$0P4|o9v#B)}wIljE_DPgT;FB4Y1^BM4T(H7J3t8hZj{fn zYxv3H8NXK4N<_8m$B2&oko;FE#tiMxPeA?32^TjvYMw- z^~oR5h*1C)LQ5QH=TOLld{HV?0O-aS^2ul@$%l&| z4Q$7H7Rzzp$!R2_?AbL9NRX*ncFZX0KRdT$hP9J{2^aS&cKx?rrvcR*)@;M?PT3O@ z->Eu_V(BOszP<7?CJD%Bg3bw2t+c|(jr-X%i7zzXFXV1^VlD^TFTK@PdAx3XP7W07 zuX|2;5tUGwCrCFmbF&~e<-6qL=#c@tH9&^EhN$VyF)_!?7N}*9RQTO!Q8XO$iD23~ zZ45Pjf|@Z*gE#<(7D==1WbnC6Ud7NB-NMWO8ti3yz)}psmeuZiR!7+{A`Zr%x$kdR zdac-+F0L$WH~mFe2mgNb{!eI%tr7>)xI(DYX4{@wS`bufRPr9wax*sN zW+EGFUeVV!Yflr9zDvWL$Jd?1Wa5>#7-@#_9@?Gf#u15{qaU~U22)_sBeL@f+oE-; zO4sjPuR*PI*Y_Qw+q^Juw=t!NsmcW)*ue>8n+$l}ZRxj!R8p+u#LhYss!h&OF)ezZ z>_~MWO|Kwv%QZioheaEd3V{krRPbXVyoGGiycs`hcpDo(SsYeOh>X?%>t#~0B4QYv zts_<+-C;N&V@h*dbJbmCU;A}0YSL!fMyieIrF>JW45@>b4%zb;ps}RUv8G-j_S%{8oi6noyS;?*ZdFw%D z2!+2g1((QIc!A~TQxDx-Cc({x&VCD$2!Cyq*_+IA@YoL5gmlrr^LTay2>w~p-u8Hmc zLqoao6tVL2nn`DMUIRvkxv!*9xKgL0{(VxxX4>X2<}JF)Vk6J77IFKd;-rSzz4)bs zqf}~^A2c+Fz@v*@(?*N_i)Sf9EXxwj%%LyNs^~M9R4&Ny#Ka4GX@%H%!H%CD!Zs+w zoPwfM4ifg7x`S?#>W@3%Q9po&jlsFaxG()8z3f_xRCzAWtHqfVAZ>N*Q~vWvV#nFA zKHp_~$7A)2Q58qhX3QrWkM)Kgp%P+bs=hD>K9%en0qs~_XqmfDdT$rCUx=0fh(b`% zgmG4U#!3YWVkhud!^Pgk3PE}O0LA#t=j@i?l=^6DIUI51&z_5$W+5;T2Q2rt5KouM zb`*#2@5rg583e#{N?{m|L}Si$7*cpLdi+A`=Q&meOCO2*F^>I3w4d2m=K%`tWZdw4 z^HbW(x$gxiYs0+%zl6; zj%hbsaC=IgpsCtXXH@!5sQMk1E$N9QYhn3Z&|$A&$A>O7gx}1Q2&U{vBt0g03Unw* zU+7i;B6<&x(AP6al;o(|$+DL`H7gu!_CBhGe_7(8##dCwuQkW+cYiH|36|c8N*s)i z$VDaJ{$@zig&1=FBKNBQxF7H5Z*!#;vA6|trAZ$F9otV~V(-m7H`ckG{tCGO7<+@m z_TmAwtVr3WQ&a0Uo0-n+X(2zHZg^JUDO2o^Xy-RfZRK6n>NoF}DMiytgH$ni;=54d z+#1$=F8&;5=E<;-knE)fWh=cwRjf|q#E#s-$=by^YgKT4B{X+jchPXSkns-N)&lbC zSSTIfO%K=j!F{+SK(Z8gdavOuS1wszc?mSMRUGg^Ka14U`3Ym4?m|EHWeXkG5W~;? z<_p0TSJfoV5jEEF=+$$9DU+|xTI11qdHo?^U=alHMl=p z%GHu!jgOsdE5cS+96`3Jh2#ZU5e4k7r%SC3+iWA=abrN$;b=PE8lIvX;n`2?ABNB1Eco ztTYB%&59M}95iPZ(13Z3G?ViQQ=s+g=jfOnv92QG5jqKsdDWx{mi?5hQkk^{B?7ZE zaHIIRvi+LN2mF(@_NPGjcery6pOcBPtTC#0>HN~5bi?z+ z3@)WEELCml#pD*P<8?L1T)T>io$_got$dGW$nyd%FiVG(z+H-@RHtJ(o4 z*vKSuy=BEck)SNeQ?g1YT zV=kx$;bTpzqYWXsnE4m4EbOe$X@uS;(a`i4b@83|8-gZyYP~rD%pmC(ZpAQ39nkCAuH)90{J6<< z>AQM$vnq~ChVS@NTU%Wr%D3$KBExJs&Z?4{;Q|Rzg1`~?9XAkLiz-=scxYHZ*94_s zI1uC}x6X9H$ldUct-B1v(be56Spm{wd_QYY;(Qjf_jR5YJFzvIF>l1RY`Kp*tn%H* zs?uG5Db^h!a6Mt|yq9F0skv?A=uPBYq?s!m&JU-6d!?yS2b7ncC2b)x=POAbk@p|W zQud2eC0_P)+wDLeQj_)K!9Gt+DiLux8($vnSix9ktf|u-&7b74bzO~6;I+H;&GMbd zXk>az>-BPv!<^5uh$rcdEPn+KaqYS-;qCm?r_g-jQQRBm{ph zz9?|yR6eo9rJX?1IfFK!wfm@%Ybg(L= zL-iLCb?T!%R(CxMeZ`7tIWtJ4WjH7G6K&4;DZY`u;9Z3r*{1s8p1fm*+4fP3H3p4n zLvwwN;hE31d4iRv{d~=qDNc!GMnD|}t8qwP>^Ob85EGXJ6}RRi_&=!m`A7~C|cZ{~%wt1$KOn>v;p zQ9o$X9)>g)s>V{A8x*1D(x0Y-Ku{$GyfJj{WU_y}50{`6&%%dYV=zKoX)cB8mB92j zm%e!wbgKys^xEGPC+6pxFj|18u&FGRV)eS2S!6;3R%o0Hrz{tqV0_tQrcD)8j}D)S z9A*%#XfmxxGu!-p9`TEQFr#vaZ3s6PIqFSF$X|UKG;@2A@`5b-CIsQ+m&0!&QLW47 zr#{9*NVB;w*|DEp8+7!iIlL@gDqGdX8LV!kFDHGEsbjz7&=!xe3(k}p4P_PAO|kp| zK1_3~Q-k!p;)1}Pd>gXLEm*YH3wvcM_V*H?t)T*yyty+s1kRk^{Jn;OeJ4*Z1`HU@ zf7hZa%BSdl$lTlsd*t{4vZ{Cc7ZJ)YV)lZO<;b4q4yma{U1;rXzJrn*0ll*APJXe7 zbJ6?2)QU$YE{1kL8P)dLgNZbLdLMoq(fE4q94^91SV0ZL-)Ya_r#Wk{**rh3pcUzP zkLDQKd-7?plNVyl+drbJId$rb&|ri36|=eu_3`*J-6ftBwxuk&bT{*jInXA^{M8^!<$+p1><0u?q({;8qLSZe?j?+Xh??k!5%~Pz-)h6WwXXJ;qf~1Y5E`AZ+s2Q;vZW?JsYxG6-IMd1acr%I|9U9a?Zsw`8 zP*S+AqS(>AqKnm(R1LRpyB^Q$LjIBjul3JA{XlO*8CR{*JnzG2=7M@7Xb+l ztzlV}moH{+JUvr;e@jPIB5~k=M0_|Zkhgt7o)U)d6`ThX`;p={X+;qP1eZcC!6*|u z<0`1}cvqz9VZFdroz-Bg)6SE3HAD#%KIFAb~r^_O zQQLDBM>T(e$k-99dzEp+2}tnWY4M3Jr9G`I&Jj606t!YCG0HAN zZ-Nbl8;Xy2Te(3N3#%Y|xUJz7>3j#YW}%`B%uE_);U$WtysX?v=w*;>%PebY%?9ij z8t|>_##Y_ycV;7AC&voSTE;eOJyE_}D}ue*>xA260aGi?j&=lA{|NPRksIMvy6G?K`~S zZmCS`v-C*%Hqun@leJk3-zsnI%LmJUo&O?Qd-Z$T=1<+#Gh;+;<* zj6f1UWxt%o6~~&mSHF%a9L==Y27+n`Ho6o5Y>-wB1xmHC$`I^ll+yX_>K9R8XvzS~ z(YIQhE;iNme3E`6>*$G0hbc>!nYMy!$B8+aT49Pp?i2~)gmONsY?@=}c;R-6~{!ze-}L?_)>XM6%H!4_(OvdyIKcuS&cn6`j|9W}^ZX~n%FZvOT(_F3W#R){IZ zdE8hY;o29dBat||HEY6dbXfh_vNw@T2&ewtp4QowNnzx!s1yc>s60R`f3a;_c#Dhu z#M?dylU}rqI!b8eazQW)qFaH9J$X_=`E8ED0e1&YhM(>>&5@@N~2YzL)0<7#eL0JALa74=3cRJ-~l5$Y9pIZ(XR86^)yV$w}F)P zye%}?s9Dbkv6kX^M(l5S-siZAOF#l#NlDwJd??!>W!#(0lOY=={@$r9KOq)ZnbmZ+ z+KCCc>w8(=e1&@&4>q`TqHVbmEBFAx-#g=?sLkO5oK@i2G&Irq~~uBNIGWv#RL}LzC+8cOIWn{s@Z8# zBXY%OzieI;B3s@RJHg9d{LMw}xW1<>p_b~qV{Ge!^TbaqZKiOdzHys9KE%Nuy70Vq zu#o`XzXkZgST-#)SqQ#;;q_9p+|w9w)Ic;R7h6Y*5a?fDh@u zjHZ`ezX#y!BvVo0-1x@E62L*3+&9f-bpg1zrX$>(J!Y|9I{CSkQYgjG%2{@tfph5z z2OYreAeC}_V5kuVE!ju^s9S8dYYm)fI8De7MM`iYR(e!GhF@#@G0yl&{ z%qaZ;Cv5I@T!~n_q_sDWcUB%g%b|&%*oYfgzI?S2qJ|h-f*)YSc*~7lrEeOTdyMTg zZ#hbw$7ukfW-QCYlk_W#qPp+YE{B#$xD7l%pYl@F(;JM?;gys!Wa&(!?&^lJ=Ykou z0emMcLbD@%#)KV@Y5`qWKVSns>@0d2g>s)-IT<=c10-h$EcE=SIq`~pzFqH{W%@2T zM%m$6_cg1k60d?=O4RwdtVBlq{02|sft~tj6I^Y5;WrKxw#W0509&JvPOu#HG!b@A zUO61Oof&a6@&z&QHA+>%?XS(XAzz$iqiN;sIAml>gtS1o!J2hf+`vb>thnEj4V?^25d{ zJg_q}*c427Uj~*RPZ}d6`a&F0bet*|WO=}>oJRIS+d|nTb%V7Fu8<(H_-?i_WGcnE z7jxbP`0mo5X7R(cuCzNvw_Tnmjr#@6T3KS_Kkd!Rg#l!F`xfE=5Js-d)`pQrMrS>I zM*CGyA$Q4hBfgzs!WEpb>uwWLV{h~ldAyB)kI1|_zxiL^u`qxc~?#(6i zAbKQb$KetUZqTtT829a&z1W@4o()VKtDeRwu7bGxC0`w_9AKKGlB;mRJ9j4vyOF<_ zP!xyjlgPf)yPl+8I4K^|Re)iB%dFlk3==r8m7tig3CDeSHL>wdHD>7-Q5JmXXZstV zXXZI74p{YzNWo+oOG}U(*7KXGEbP0#y!ZLHOArzL`Ma$e#VejA>`;BF>3ix&-GlEr z#eeQF7{?5@W9;irbSd}gf~Dw!+{Bqe9}^UHCS)QhaT)8^ui()}>O<+f-BVc4ZU60D zOhDN?9qE-26Yv*5ra+O;zlegyhH*aR8_azyrbo}>kTMQm8whHCj7mT$4Z~;q+tJn{ zKb!?gJVquZGr3rIU{f)caozWPk#?>u9qLZ7m1q5hcN>TmF#H}vmbbQVM*g`}@me@a z3Cr%LBgkz)PVMhp|>tvNe2=5I+Uv&)pV2`pRflR^7_# z{5YCiOT_JYBXpL%gEHlHxGuZf&oSfPvPmrjjXpNwWdXyFx~e_u;0h83kD8Q~zi-jW$C4I3;9H9nJDmn*TpwTEQf zBBCQlzNI=5Zk+~cx|{4jcQ^{}qFR!+?J*OPq;+ccP_MI|zDHhOw9K0?*_9MG9nLS{ zuRH2SLe^!y-EnDGY z6ZX6qG`^Kv#7(SDdC2EJO{$>_HMOzgFIKJdjr^{xa2Vp?oandjn&RkZH7-`cadqd| z@oUq8{MFkV2(L46u0l^Aq={q-r3_38wPb9}nzfTF z%oM|vrZsE(JuZ`ImS{}gYXnEiX(>4^az@^H68Wb#Rx|&U8|+vxHFa5{(3A7tyOL$a4YTxL-tXh*lf7)c3b@>4LRe2R>SP_B(WXkMzk!cjtv& zVk^;(Y|z#?wRFE(Z8fej44&Sl*GkH#C_o@rb#y`q;zJ@n%1O1qBw=}rKIWDfm{lcG z3KCnzp5J1xuwI5%0c}^|P{D32DeOSm{NIB9PW*M?dF@-1Gp6g$e{>(X*It9(SkfFu6#&vte!*v~7K3P}p`lzj>K#O}5@So;D!`V3}e_7AS7CsyByTA^1^VmnA=K zCJY&me(wXxglz>d({eN5>z2|5qaW zuF^5TN6g$5hV~}+dcerCc$U1bO$h&pwS2@cqG>hKfMJ}~voKt`=gG^Qzs{~1(NFBU zK9`L1F1kmU&Fi4C7LA$tm_raVED7ufgtq0|{Xjfm{H;CJt4d<%gAQJD3ZxSs;?S3#=rt%K~-+!hCb%qJi{iGuT=fre{U$h;3oXpZkqFTxNJ(EXyjKn#M znuEsghjqHDS&rw6gaTWiX?+@>jtW-*0(P1&IAdF0-hca#`Qrc5!JoSSwMzJpJ=5Q; zwfC&46~%9&qFgVY6eIWtyx6*8(yN<|B) zXFPohj{Mxa7ghVBv|f#seG_$V6cjqbnyRe=ySYf3B*zkDw_qWgGuiOyD@4Jw_b0Sy z>q+8HlyAF~)*CPo<_q*uQWr$}W?E)hLOo4?h8AwX^KEgU z8h8wXAwqo5C$@8FW7PsFMUJGurP6C#16YK$Tq`{Kn@$!=pchIl9X$FFCO24nZ|AB+ zIl@`HOGh0M&;qNb7TYJp7n{`<3AYorbCk=ok60zpq+LD=)hnx;+Ax}unmDS60X1nX z3vbRGr^6`nsW?>HE)fmH{kz7UhKfx6y{841zF~3(K&F8A?hcW_q-t)hR43TQ518{L zpi$P#>!e=RDpPE{tYoC7F4$Himv32=wW%;TvDXpW@5-HcHeWRCm^gs$VJR$%f4kt) zBWJW=#%+6Y6d~pRbE*VBNTm}tnYwuE zj1<=G)l*`1F>mr@O>dJGE*a{BqpPPN>>ift3*-64sm$xs?~KPx1bURI|Mw!3%jN65 zKM;wnYjJ8hB^~+ZH*uRluP3@Y@7$3RKQbX8Lo$q8R#xTm9r| zAh#*sdEI<9sM&PZd8Kkg$s7FXvItxS=Jq%@{x$uPEE z6<#PEG^cjlQ{PupDT&ohY)h?vosd$=`Vy09%+Ip{M5+sO^F%k}>-DNrvaN7>d6_G@ zEF+fzTYIy|_ZQLwMnhw-{4O%HeGX&K>bT zgK%eM)RsVYceDiNJB;kfl3o=!0SHd8!Bpkf-SkZ1^P%dqROp?Se=3Nti3c01TDAj; z>1NCFl3#0Kh}kNgXU0V}{;h%cCV!mf)k-*tf1s4)zoo=Tm!tJF5hjH*y6w#$u7>3o z?(bUF_S@{56*6fb?6Z_tDITGFq#=QBiM`jcJj&Mpys1QN8ErYG7;Xkk-pRjhoq!~s zkm?E>Olub2q*ea=2@&fSy3-}`TYmh668IHq^YZv7^@aSPj_+k>GdmRF^K2_W?5FGfJnJOIP*qpr!K%a80%c#qMZyV=4Xr^pwzMy1Vp?zK-d>FR4%>V$!&;)~m;fIsXP5m=U=z24)B6RYD?>K1g%fKGnsda$@MFgg`*i+CEY_=snun!-S9`V^bru)1kW0I zbTxs-c4$3SmgG&SqFKkXFr*%NPwA4{O)t7yI<3X?8w`e*Xj@Emd*}E?oh4SLl zqYv}H>m|BF5lNmIO*0w7b#ws|1S`^~`5SN^kY%mz9#VVU@!fm>IK1KCfCUJXQzImIX zSne^OJGf{N$`45%L*&&^w|(<)P)mb?TGISPD(S2RH`JBO30uUaRp`%W2RpQIPu#YLT`6EW7|G$^~F8@rR9Bq`>-LbXD?> z*4z#Z7PFYE-JZy;D^r1wGjkh8yGBUc5UVPKN`wvZc(OzuD{5*4Rn9+S?l)L!jQ?0@ z-TTpgv92GtkHl_y@0H92r2u>1xTlIf1xL$}I-g>hhMp1Y-)jz)kv_R6w?d&cIIVvA zn8v1Ha*b#$Wx&9`lA=Y7 zinfpYs4u0NpU;i~9DWMx+8U$Knf{y>h8}(Qs+^2LksYL*PwA`W+u^pyxk0c zkNPhuG|4LdZrp!PKL6%5h#GPPU);re^IEWnB-gq`XsGuXgM#9XlJqhX;)P_70dgIp z1~5_QhhvQ+JnbSqvH%EDSZ_wX-nWn3aapLkqzSBNQ;)M62OP@Mf2BmQjrP%MUn04V z^?@`U98+!C88Kafaf9&>Ul7__fEi5LDnK(D{8^#EOAF6tYWyk>d+?6{eDwDNJR`RE zH0aCSY@JdJ9Q8;*8R)2XwD?S!ydn`?sUESeoz68|`nZI%eq6gEwVz5@RnBxw(JV{ij^Dyk{Yw z90uwj>LWCKR59a%AVI+@Z&ymzm1le=r&A^Gam1!!`S2?6M~sBBnu}%D%q5c!93{XYdJgDkdZ`dvi0g|LHriLtK#9;e+pogaP8ew4fx9j+Lp3|AoF^+6TQd9 zx>R`yHk><5@!?z#tEaY)YE^pEV=aW4WkR>Qv3wUP$NJ}7vPi<*DPtEv3?CJITn6lR z#E4YNF(us#Td6HhzGKI%4BS#u6@NCT^KLYdgWmA5(~Du`I~Ll|cqhoI@Mgsk*pHP# zt=@Tdu=vX`;3)3Kef<^_5=zuk!G&NSMtK{ZWAS6V%;vcp*I$Zm`B8*bd#fEV%`lpsnb+8+VIC_st*WVMqD){nly<`D`-m!>6*B_I1;3<9s2mT*HSEj zlr!v-U3vRVZ1szqEJ1yz$bpw1satxu`LO_cyzmg0bq`nj0=e4lrDF#TfdJ4>oCCdR zE&z4PxdKtDgIM6=4_GNkNsw!NM2P3yhwgPzUbnMtq6Q$AyJdJ+X{4{Ht=E{EH2)sF z1ER$UsCSwU_;!+Ix5U#B%GbL+TmBi1k*_5)r>;A8)2Qwg6s0F-7E#d>NI*J(0oJ~o zFo!Xb3azRJ+N~y=?w`=nGfFQojd@CKL>|KUWuR!gC35?S?;*}Xe1QePsDg1kW!E%M zS(!my^_`boJ;?$PiSyFlEc*J)Kz{^~eCUxxzB@0;158L-Z7xg)dVw?IfCfmFQz1UA zuxw>zxc^4@( z@3Y(wkmi4i6B%FpT<9V7DO16NW-ap9K9PD)v*z;cuP1cyO{Z{ofKA|yDe0Fw0nl2tYk&js1?r;5%<*iUwmK0=B2obK&}*8^qQ7z4D=vQWbc>m4fVqUn-kp{s)ZkBPB~tow zy<|I1fS*Bg3xD>&*rlnZkU5^xRG~j=`o+T?C(wO%pHB@LEto^fbp0 zjax2C%~{N4!svLfZWnAVA+U_*vbjPF@XXceT-kx_9=qoIV`Hlg^+?UU5$8y*CACrk z56NZ5*XCQs7#pDFa5S1AOvPwFXq zwUeII+42WmLp%G7+3?$e`of&a8RWisRU2>25i5q)EaN*BN1r?3VJIVo$?$-X_;L zF}DQU*w5^$#$9L8zU$Oy<;oQrU zo~BQ%gGwO&z3w(MH+~V_tfA22{!QGh97m7dgR!l{$K<}242Cs|M?9M4-dl^hHX~vD zA7Pe%?8RskMoLZvX&(BvG=rmBz5B@+mS04VQwNc8z z5N^x`X+N1)>*rv3e!?Py1)N)9%~F!&7eQ$bYUaTX*f5U4s#d@k)n!(vN?@4-cU(>t z`^#bM z6jl!(c`_32AyPCzqZ7{poH5iWZ4wd^qU3dmP~CjUVHdm#-1m5Je)f3UZ*_+)5LN|X zlrxp2yo%U5zPvGU30b`8H*9KJO-MRAD_yLf_K`Kc5iwlDP3gX=Ro;Bcu@zJ3vh2BY ziw~l%GtwG{O$KH_RP(uA&U|!o`1-Eg7@wER!M_JczB`Q4KW2){nmqkucZYUo`Y|f;RgQbLqu|X>9v{d|@3=`==ZPu}-lGT?W0`W{i7q)D| zQisKjIZV`e1?5fqU3_u#>dcDpbeLgHDeK`<4HD1@Ys8eaU}dFLhg!CQ({D zACfMyyt*&R8Q3sEONLB|lZTGmVak7$H#fiQOWV9?%av=BHGWiXaB}|@nkw&7o;4cZ zn!dolI$Db|v1()d0FcF8FCHA~iu69iJ9b#J#EIjkWIYeaAk3iKHa$yz7Bi)dcj`Uw zV15xj5P<65tMzKv``NVL0`bX`^J@Kx3AO=Ke5s;3l{I3^9b*oa3dyq5B^|0R z3J1vk2=1$!RX0nm(^Xpx)I+r>2;33Ina`0O~8oK?(|re=*Zh7t-`**|}rh zQP=6aav2SLLo^`fj!u=Xlt+#2gyf8%C+Vv8GWjBZ1)9~yLC;?cb;*}ku6L3h|2 zFKuKfF_XIJ4lN_NTySexELgB>*OTnM_lHCPS(~%6%(=8ol>9{` z*f%J{4B7OTFPAnuz z5&iMkom^!3-y&PH|1VLZ%Z;##%31lD8cvH4D`XAs;3KaIrqsdg^T~FEXxUqVfpS=)hp?V|~$ncVpQ#72JbT zSzA9lnT@RQ>u{F!>oR&J4tSK9dRX;w!L=3%GAdp_i|;XpFnq7~Uj7E54~B^p6M1t%dw{z$X*gw`h=(P z#me)8ai{->yYr4}YTe&F9*=quQ9%LeO7BQ0(osqvp-G3(4xIo2DWMk|y@vqO1rmC1 z0i+zIhbAF}4$>tw=^ZEcH*4XGw~He z3i3UZVf;Y`quHhW&D4lxTA2Z6U2&uaEl-{<`sRL6QP;4-Z(zk4Vpr@o*{yn-iago5Fh;Bzs}F zJNi4kFJ$XUAhg<@%2kAa&E(ZSQq+=a@~(tV4#X5xgqvc8sT+2EBXzTf|5CPpY97*? z({%Maur0H$6xn|6`IGF>f$~-A_lORKEQMVMTfZ%eU4i+=$1*!qS@l%(U1N;e^VAZjBVn zMol1r*-ESI?9qNwP|VC|D9J68d?gasPH6C$)&3$Xb!$e$Q7of1F;h9TTgBtebOOck+-879ZIq(Le9h3epj`WJmN*{uxXq!C~Dwq z4tSWCwHXP;u}*bCQ5j-=G(8T*g8lvT#}GZK%bTV`5fU*(Di z{8n8z!NzBv^*Bukgf-!Nc_EitYvA8WdPUz!Dn>-eWF>$2DH}@Ys!g|v! z6mnW|VOJfGUXd&<+Oo46=YBg|4y+gcw1Yf|b1|A^5Bqu%%}(ga-o&d+doxuve1CcA zai7?x%5kWCvNmK?tHN}{CQ+*sMrclXzx59<+SsyxN0 zd3KRW7#Pg(B3QU@{dTKn0DOeJuF$U0eyMQ1>|Dd2GZR-`K-i!NZw=hF;s7c9EnbVUBau8mU8^e!H+TxLEy9BY`(e?<0%fx{=3`bxz^v>S(V>;y zrReeLOrhX4DNX9wilC-Q?kVK}+LeWguxBhILA+gp6Ky?D860Uvnwseadf43CY}2)o z7dLI~Eqw?44HOtB^pV1@<&72AZO5t{>DoD!Cl-L+ugi8H%~Zgl42`IHp+;Zq$|>S5 zRozvG`X19Uc>{8K|4$LMrrT}Eayfi`5n=!HEZ%y|HsVntOV>DWM2rBx?6? z0?wGOk@9Z7T4lo8xyWNKzrs@_nmIM6B4z`?)~hP2UDu}Tj!s1d7Av&nsF}NSlogIT zWS?juyw#ACJ&pk zn#$3j5jgIqT=|_hoI|j9gh99&m>$g*~>=5DruRM>p4Y~Kxc~}!ghlJGuUH!P^ z(I2F#I&ic>Wbs_+UH>uW>9o?7V3+*~^kf03pN^?cJPZmN})k5xeAjUrC*_vQpIE z!3e5B9Tr%^$?c(_)*I96!7`e+k<(jwamd0W-XT6K?|Zni_j!M8D062^wn-Kw+jZn{ z-F`-W4I>%b$^EKGd@Z3%15|V7=`KhAaoR{Z4xff-;VN%m6_u5PN+`Wwfv99GQ+SB1 zNNMCp-vCWuWqc2ta#wZ;zzR>X)E^r0$J2C%rxs#LIVicOxw@Fuoje3a!7_Lxb_|J@ zM(2@(sHp5xIF!xbTRbcOJ*9jxKsr6JZc8XUmA-B*yV!=@O=$KEHu$0Jpk%kn=owrx z({P@}4WZCtd`2stL|O}Yaw@e;x^)W#Q84svg(O^Lo|MEr&L+D~sIILj3|onYDl1m7@4F)Gf}8^PGUS)!#)k+%6deA!HYk!V)3#n&wizl#NEXNe`um>DL2<7S<< zWSZjM=O%Zs8I`bEOYhfyMuzJ`s(!0+; z)1TyTvnV9%5V8Py)cmhLe^09JLqyu_l zJq=c!$&usm=OG0vov{`!lv#IvAWJZB{KW8SQ-$$Ha*gk*U+7S@=j}00XT4DE^q}Km z)l<>LSA!hA)hzewJ6=|1`Lp|RWt%^{`&+cD{ev5aoQH`i=h#9^!(FDvY^DQ9=aB%b3=8m&~l$Sa6r0`p!hVhhQ_j^Yr#AVHY zemvhUijny1m({3LcM$!gtOW5*x3*ZsNpe{O#VGtkKfL|QmO~%-sR(~1S$E9SbL!Wk zSCDZpb#(m^M1u6dzAi(nF3K({B;AxARM+_K0GBrte|EX6Zj_v%{*x@8NcTlcb^qI5 zEi`2JQt<@Tdlg7>e*aJZ^+L8EVB#Sgmaw6P`dTN*fhy-RrKe}rNlbmM9#}SIc@grm zjoL#Y=hnaM;pX|$v-{@;g;%6=tJLlKpqx9OaD}Cq9Ddp#|2f)En~;gI}j6J)Z5vkUB`W^ zW50NcKMg{>9`QZ1wxcXCp)x-YZo(7UYZj{sCjV}adfdk=WUv3_Yz#+#4JR+^ey<)9 zLKF;nFKfTZ>O}HW;~_uE{`lJRp9e1!8OQ8c-=pZs%#SY4FRyKTt@cK+w-0&;3+t4| zBI_RGkq5Dbo*??IcAcYpk_jmG!! zjaP;+;VXqAOL8gJ;dlRX5U;O{Z;H-8kFAg@NMAM(VRkxZ;V<{c?Fx!Ar_}D=W zK|&m|$&n&f-2QcMLAx0dK_&nFus`|xBm+ZN>`B>yOJ|`!k`gaYWPdq0WY6a58^fo{ z6%J|Jzp(s$I2|qi^O*jB+KX4sXt{jT>q~<+ig>M1-ka0AD8kbXt&iurC|)kGuyL>Y z;(7(_W1NCb-j5`twG+FCA*=X7!RNQ^Gf@qm1*T{YhdL;qnD6}!ULn1qU$2>ez04^~ zwGS2U;(K+MZD{W@HTQtU(Y6f+3_-T<1kdP22+9qq7!y}ho=?l^2wR8x2rh%qhViz1 z{&O|sFL`R>mh~n5IApiir~iPZ?R(^EW8L{)q``ARVmX#NEZq=}z*~<-$z4X=Z!9ee z(3xxaN_E-i+4dD7?9I(*-esc=B^|~-Md{rP@Mr<+NIZvEk<(F6VB#pM!H`b8!f(*zY3o7$p?ymn=KK^G46w@vCM5~o*{00$hmwbz81E5yBTcyoRJ_Nul$^Ry$>yVLdsZ=Nu(xD3rIF| zt5Nm*#;wcGE5!@bV*$)pRUtF~l`i!6mjCh%C9g@gufI2C`THBbl#r1d{kk*kBB?~o zr?1~Mvw48`cUCuPxg4gJnHiGm4HYz{o%?~cgq;eTuqTjNNgVTJ9#$t`>z|8>{@Z^tQh zo3`2ZYpup4F)3lot7UQ~n8VtaP+$o~Heh1<&<`BNpAno%@k_4d$EzKNb&gANAPPZw zpX$sdP8ufHIocg^ht;ba`Tcqwn35xz%RhgTHR@FEI92=e3#1>JsFW8)9IVHuKWvK( zOK^4%EN0i)M5b*j+Xuj@;-04!Ni>Dr_Cp6WaB>>x02t1VSaf7J(_mnz?Yf{0N5shE z7?MR1Z>y}VEUgs5DrpY7xZik^lt(l$FfL|izC<3J?d9sMlwAo1xhH=gP)!K|{v;cv zn>*OLa$zyKBzY?|ECWU{r&aSLuR}Fy`8Yo~lKo!k>Eb~SmJ^m(JCd z?QjSbtYlw#jh94R`8MyKFe;uSa25NLtU$PRefnZTw)X7V)rYp@LbrXZ*A)vLe4oMw z8_>HH#fUwSCff7DZLTD*y3l*WRm_lDIV@=cSWAMv!AZpD0C@xKj**=6@gdK(l)d5a z^JmuQb6M?!@A?(;L)N2r{7GPD35Ko0yB}IPY%<`Tz{>F+p>aE>J7Ecy$4FbHKFbbQ z85oVI)5%)`Z{ql>MSM=5`|WcqDDBa8xs{xe_JgkDR+*5DTfYuohH5HlF?5b#XYIgs8D}R|2o>mq%L5j zV$5b=+KtgWPeY|QDi#TSN{%2`C!I`KL`1~EK-cx#eT()du)EM}$@R2XHG=tqWyiXV zL8wNAf?1@pc-!N^1vvK)#id29*Uut6mWCrbzsGsSfMCL6tuajrq>964Ln!}8`k6hAtY^0xcY`nBy(4fv@0im{KgW} zTzxUleA4pzdf)D_4zs~=TMi+TfZCM{33#%_Jt`-L_oa84*iw+U8j-*_I-Bbzc#>Bn z^l9@ac2*^CCJXZEY^UIpDv1OX_%C9vk&XBtEdw6UhHlDexq3WIV|2x2>%cMe$V;6y zi5*>Km1e^G(#cUusrW)9PRs6X`JN2sLZ{a?>jmdDFBU|dS{(#KaUiBO>GWW^y0h+GvQF+@Z+}`PG>AZ)vF+I=*W0)}%_#L&&CntkoNTx}k0~UNh)0 zMqNw+L(!qs9HT?p0&*(YUB$s-cAr_HXDp$)q)?DUbBnj1D#jSJz19XR*1eDGzk91D zEoJ9Pm+k~9l;7j-kyC~n&7FlnBwLMh?!%$GFT70f*4jb13_ud5vT@>7HqYTZvh)u= z5<;`eE=L~BC7N2O_OVyz2RZYi!p2r{)xYl=-sLC{SnC$c53_XgLtu@WFg#rh|0fzuIO1nNqu^xm8TvfV=piF%VUxLSWhadS)t4n zlnb(4b>f|TYjZ4@>Gm@#zR_WYSko&lg_%i?gg2vsT`R z!`wCpV&c9G?yn~7QXQh1rk~UW@1i8$5=YKC7wjR)e)LB&co|t~SYalDZo>#OAYOh@ zN;gn-3aGS}dOuUx&RED6^MlEWu=@5Z;X?mK)N*pC-1(|eFVI${-QQu#;sHQpPC7PG zvs3JtyPqFoHR)A1>SB|7ke;CzQ-z^c=OEQjgPcuNiCYU#A1E&Np#{p$?osflydET z)>G8s!*<6pS z=0?|S<{ugdk_RTvVt}S1_hq@kW+w66usJ>3DP#@E#Q`^Z^@M=tl$( zzxVxHrO<}uc=BLpEs0ume#T65`zfZNSkG9E-0*MW97%`v%L$LQ;r-v#ZIF0%YvB*Z zJ`l8R;6=t;x*J>H=BDw+ctzNH1=hN;A6+K~AZ#`$L%AQe{XiDkrMU_q* zn_-*_f@`y2V&M~2%1+eiTyNZZ+5vP01`4_yAF#DCty;iDFx4Q&q?l$E%4iPAUQDYH}%)Y?gBIAENtGeta&G zYIwd{VbKJPY4!U}Aeyyw09KOA#^C(veY(nk1jC0^@7X0CRnjEM2c?ePP*wH1jk%WB zjWX@6jStf5$NCEbEdy5+G|nrUw|CJR5WCW}!|j9jyv_hl7m~W(1|R4g6y(6q)1?SF zA9N6I?ss#*RC@3AZ`Cmd_!Ac}Tuly-EIEgd-?orlkK^j=p|%J&*SomgauVI)`|iv-u#DO$1=bOP=rv+oz{{UsZe(*oxV3AP|JrM&|LSBuHZ%)&}mkUc)ids4{ z;0=|Bbk(Fc5anRXPz^QFSfAa{(!w{!gv^t@>fU|gN2A(dsDu3`2BKjIa^=hy0>%QJ zm%-%xkQp#_zSdas3QT^HPGYZfaW7}5(38gh;Wo6{z)(+egXU|iXZP*DW^koV6bbJe zG;?9-LTX@OpJ&`cu)mISoUw}oadWYAA6LEv)0Z|UHle#`UvLJQ?>lk_ zbizIMQcX^z7bV)PYoZu#XRn7Btl(auBsMg*XWvmuFXC&}3(RQ;NbWmPo$T4|Sv#pw zc~M6}uQLq)n3=`KBPrvH(mIop+Yd~kGf`l>XXNBTeN4T&IFNepi$>Lf$;Rvx@A{Ak zI`LJaKIWa*Wc9^)36ko8v9t8w@}6G( zBD?uj-AA^_zv*-T=&!CegFoF)|JmFB=uUGa6G7tY%=1+}yQtkXT$?y$&3}2_U}0m3 zLQ~=TdK<^rkK{keeuY4h9#yvlS0723T6MaZ)bPa?)o_bSHSvn-nGf{v76Z$hVj$QFUadKlv zSSTu{<)&p))%iUS5t)%#DmM+giK*fAnaMp(ji-x$^d_?d&j>L`Fo{JKM%)g9`tDUgjgz)@=TD@-+mD@q&&*}_oM7`^qHis z4ER%S&*0Us`Ks1+GMmvxtyL_ie2rvP2YO!vET=E>Etr%q;}_;89<^g#{=L}YngMGE z8%cLI6JHm8K*qFFE=va`pqZjubOaYM+pe`9qL#}D8q6g-XEn#L^{m>&*}wqOCKRr! zQctJ48Fdq;xa@6a$>BF}smt+hI(YYsAZ7xyB8Rk~esb9BZ}hO9p3?c?c+B19ai2E( z2&yiX(ZnB^OqCe1ktLBF;v^#)IUY!9Rcc>;Z{1)!Wq7V#Jba$Jo9axFmWZ2n)FsrC zD3YXv=JP)yd}ym)u|_6g`<~tjv*Tcg*Y#FNpOXAjyvo`3x_!J$69X|g+dQ_JK@f5e98`TzK|U&nQ0cU z{zG_sNbgw4ZRuT-m+6~}9a#yX!yDSxbV^&;&E zmcE^1ty%nbo8{-(rFp(K+F$e2sRqvawy&5|^G=p8$&IL38;u!HRdCvy^H&{H+DG$iVuKg-UAOVkGjgo+pTW_*{k~x)=QOfS0jI}S5M3N6* zk!b(gvRC46rzG=J7ZWMAM&>yg(^40cK|O8xhh$t5Gc^e_&2AqFOxn30)Ydi|TD8hB zEMqB}Eqw^90Xa<>?hX9|Y3sD@O`ES|nnrt0_s)8vIoxHVOW>SnoH!lVry8-_ ztJm+FIPZ}TlG`Pb73=VpF^X1D{P!d)h(?@a_@8;E;8&4#rTK_S9t3(bYp_N)BBuYt zr)NYKyG8YYCZaees6~_GQuoVz+lgHNXP@REIhGjbZdv^mZl>)~SWCq)J*khNn9oqf z7dlXh=r5~26ovn;S*e}b`YX7;e`bl_iPlzFnha--k;LYn#YfQtX! zZU3*@`TBE$Zx0DW+gp#bl|P`|Vo zq8t;VK3%QpD|Eh?Prm%}Nu_sYIT0wF2{~hIcFET|LN3=J^NxL&&vRt9s_Q3)oOC?| zqUsqrP+b)b!2*80?5ki736iBBg_()8NISXXl}h1`ByLRxx9R4!G$f6RrTH5BgAN z7|st9Y04{z=E_0apA6|?WbSS_THy}Jx;(v*ZOOdM zW)4FiUy5CJ9*6EO+BWyt4yy4IerhMdOtG20q!zOM*a4JyQw?gVG5$+)V7Nv8EbLRtTMOB5AuG0$f( zHof!2{LI*L1;%L`{?J*c)Y^o)Ic8AK z*8DAslZj8tcQT0f*ZHKG5;j%WFe`j7CXLT%2;3fkZ5zh20%UKf4Ou0!|M*+Z^j(` zHT09L-tcY7uWzRJ782=QY|cn)!neC&Kh_KD3#WBdSu*=^+lt$;b~>f1l1Obz)|aEu zLvB1=D$c}0WnE(SVA1&}S(BFoiTOgxBWL+Z<|$g~awmK#>K}rxonukyqrZBCB|qL& zc)Ir-dpJ0Ak7X=+M!tlWn_*_e;J5lixhH+`b@`A272n<_Q($Kj2+r!d^kiAJ#1bwa zvMnKV;HYw-H+gRP`4srFv zU=s=QSGGKV2In~^=WI$lq@s_SQ%%rcL`u*L9(1Zyl*KI<3k#ejO#Lx%b$SS=gJyS1 znO^%M?AzKmY*cR|-1FDtwuap@xDYQ70x8ft=VPVb-t=u5W z0jVagb)}a&)#Bm7eH1ZXJtaRNa+vR#@mj7yTUa`tP4F4<>;ufm;B)+4esT`64$350 zF6RV@grB=>KYY>!r0)!*6x1*lTGD79pnzuC@9Sm>;Y%}+h{@tMYk(-xG8~55Ts!K+ zrsO!^%*zNgN&0e#H3>oh8KV2a2KL8W)uPoyzMn@y&lY>$VjdcgY&EHwpTwU4Q7oz)f!QMHdz~Yvx$1zN0(;625{!B#godW z8+zW5jJ-@6hWI4SAI~NWQ<;vnnMVTld3Lfn4@nc~TDgCQTfS#jkNKjTZiNT!*YLa7 zA2x2N!T1GnuCgT^Y%|U0IGw|kWkvBQcZ1T>`tSR((7}ufNCaZb!0wg?&PTqUb83nE z9_$k(^E*b9oTcXaPJNfPmucbDDT`K&gX$)X0%9rB61ug3m5ErvZF^IlLyamD~Q%dhm8SoKe z%+RT|Zj`DNEd8^4(-{u@f{I65_@;aV;8QmW3a?LV%_|!d=g{ULh*0|u`@X7nn28YdYA8p$$tR_%;w}jZN*R4vTJq*>&ahN0OtlWz8u{?tAQG!p%7f$BfKp zV*Zdq21DdZ(fHY;;Z{Qzar3O_Rx$_mMWWxgs1X}_Ur&+F)1GE)C6Q>(DSHP~ zyi#_}mg8Wm|0-kN)Ov}3yni?)nmI^9_Jd{`ePYoZU%e+s{1;_4z{VO$M(c;%)hpgV zu({djT}#%@4E6|c#LD|sB&IQW(Zd;hK#6o#>H7IIksLwvZ=iF`1;!VF4!85;&B@;< zvaR@y>koUqE{v&Vg-#{EVLV7^V%0;ufKwWQ9bJ zSbO1f4hexIEFNX#_LEFiE=r}*G9)jws>i(P{PBbpUq5G`hk6NtB5l7X|7$T$y8v0z z)Ri;G!MaF$S5Pvk`YYs&$F~!5n(Dp7J0>m=3v%TT0_&i;fIu`o6>C|gdP(2wRk(k6 znBHn#fgSZCyGKGOJwt{#U0^6|0ZekUPHbST8Q(?vnraH zhtjEbz84JmREX*)V(PgY4Nbx5D1X0VE1oc zWyPE6p$W(q)L{{3(pz%STp*eaP0pWOR8(OSvZpv?? zljc)6U~dlOypYL-Hjj0d3JD8Qc_ho8o0uVjtdBRxg__vwP0xeC-nY8 z{BY#9Moo~-05%s4(2hJjV8-Dz%?n%&)0qH5+}b#rB|2x(QJJj5iOomoM^_wzFS zR{SoLdYWh_fNn%I@@PfqJh+xRo3Vy`M>J+}sHQfYPS?qyYVFBhQrwHoaB8Q`dHW22 zaGOMZmat|!&dDj|Av3R@yQbYjVcbSKc1X@M$*_ByIJGB{N+XF+3dCqSU^Lr*_-GZI zP1>Z}rP_+&07o%li z(|-tnAyk_29%wCzWO~}e*7x?$zorIFzPGaixmJlyeV1M%pdfDsj55r}-t*a{^V*@u;ze z)x>%SsP0iszV_VoGGcW;PbHa;&wbH8vD80N6uc?xg6Wb#+cqio+pm}Kii~G*=A@}d z@r`l~41Xq+$HXI#1rO65b80w|iP|Oou8s?`$_+Y!gZDI$ISv3Fi%_bw?)N!m()`N4 z{$CC(O0yX`p^55j=CL!VeYK#DeY1jqbgK3pwX<`LfwOKKGjVD81ZXV5i)iAZED_nL z(Hy|J&M$8`f`O*2H6_9~lc?*6Q+lP0&J2904D~3#*|rf)j@DEATMThRaL&-l;6lLE z(tM4=%XzKx7an8e8+!1Vk=zbpwPs_bzQU=VL`#cjp+uwmQ~8BW(y1dp%&lCq8iE0v z%BgYHGH%~i!Rk0s+96u_!mQ6<%ng`$7V#}Jv`UrTTY$^)PKNvM_V&t9x#r}M;_d6oL5hf=-%+R}HoglA=pgChoeiI`wH0nERm}2(5Fb8d@Eri8A9lC` zEQS5lfLeTB=p4WD6a?{Y1TvdXbcua~ozKOm@+aA3{`s$GG3`6SF3r&uRo@X-Y9d2I zDsr{RZ;j5(xqUc_tKFLa>mO+wk@9w+=^|x=Lu6SA&svnAJ-{qID1@t7F6My97cHBk zuUJoUV{Aa_TAxR+?8`N65V|nUy5DuwW+vKHpu7`pYDBeZk6@qZJ)(&*I9xWClg+5Z zh)R48< zMcLp0N>$EJ>qe?k)bvgH#zWqBzW3=Pw6CQc{I1ou!~i_ z0?Qrx1++L$v1JTxXdRmBL8MqQceBPhunY(V=xX%#m&JsSZb&!x7YQ58jH~3_RrF(t z=R`J-MjjwTsS;D?pFA2kQN+ze%qGVc*b9mTVuik0%IfJHxiJsokf}c)5?3c%2g9_A zp*$}e3+r@EETWlmHhxG3X@AkHG=y)JxN*&~mJW-b1!~EJaJ43b%YqG}<6oF9)#$mp zQK~6Q%jg`1LA}8GsGl`xT7sncVExmY< z_r~6;hmi%#n3F-QFfV3aCUE~<#?AfQ1G=W0Ws4eLN42WWoO`KRHPkk|rl8b}q<~mm zd3{v#pekNvN@htb#AZXKn%c?2Vk^u_>UUtphDmqifNB$iiR1BMOiF#?nNq&{g)?*K zMxsvi*Kzy{mw{1+JGM_p=#O&v{)qNG=#eY(Ey)6Vs?2RBagvY@Ij_&U zn2-;U+0+1CwDci67%_nQk?MWQlo+E_+3+#e24>^GiHYrScdT*eu-D>=E)7wO@HZ)A zm}+tII{QSix*~?ma5B$`0@0U691C8ui=2grttKao+!Rt#*2J_6i$=|t4Gdq|KLwO{ zY(~KgcrM4JZ}TzeRWKkyCj4bh+95Y*ZL$n1I6a7b8*gOmQ;$9T2g<~-5HnZ_bnjd_ z_e;)ibA{LErM5GMb8EU$AN?QPZGFZjUXJ1g8dfB_+Kn$T5FGBdRbxHMYT8}U#u6PD zN3Nx5wd^D_UeUR9w^Db7|0u|gUPuA^9-$5|t!jTXW;L=(|LGR55psaW{A~tE63u~M zvNhj@9~QPfDl%*~knJAn{K_Fdt`P$qloi++Js#=-ocSivrGSC!G1K9^B$D25w?SW5V1V^7M%%o2BJh3Y1bxM}R3habDj~P-&)9n$eCkJQ_o`IY<+=5 zaB!wH!^=(|G;EO)scR38MEdn=OpIpCM+ml&)`L;&vL z33lZ@@K{(FR^Ed(R?u~FeX`jib}N+~oD3<*)kqfm;Ro5+bP~N{kIN)l&*G7Y^0QbD zTV+|8y_w>xc?K3|JLF%(UT0n1S^SRFbX)*acg~S?T)+X34lh@dv+cGmNg4RTNP1VQ z#JKDadX}7Zf*o}Oi}8gs_XdcEuUMBpp}*Jvw`o6o-9n|UTyXb`=E7(R|51^RNBn`SQu<+tak(jtQ1(MD3uxu6IzW%g2!4#H3@09 zE_k(Cx5Ni5ak@13f06~8Wp;uM=WLHxOIMr8fw z@}#pnkT_#`$#>_hg>+2hev(ZbWdO!CYXrOlF)ZQq-3S5}AeT}&Ez0Sg=u!7pSUt7K zq=tp*l}6SPD<;F^v|DbHQ$yUtzpKd=pgE4`)onzBsdeLsurd#4iZJ!`wd$^ohP@xN zTdQwY<^M3~)-_4JMQ!4zoirrHwg(`d_U=vtT17Rm08q9cKI{8u)SW~LAf_}7u%FqD`EM-h*%x1{5 z9&v&;z1&7Pv>U4gPoVf3;rinFJdqb2SDnRjaj|C{k;k+wVdd%<3|VLFjP`GgsowU9 zn)}vd+|mY+KWfN%?lI7m?kuPo4S;cB*IK_CV)@41({QX? z>h7Ct3?_)S(eLDIcY5Q~YC(rzMJ|nSGa-h?3!aRn!3}fyj4CaTiOy$yM~~4^m|!l5 z2ufL>w%zlUYKp+gL8l^7koF=I3`Hs)2XnxU^(4b-ZP|I^0DBO3W=2%Nej(aUId27E z1bOHL3w-T=m=@-YYLc_3DLGmTiL>ZcW?<^-Hnm#TFw%SF@^wlVXa4FeJz?tQbQA!l zrWE$hJLyAEr1?2B_W_uClRBekl_KjEiCee7GAk9U?#b-`dE7fyqUrlq?>m7Rwiy&> zVZuAF2GL;AINF|uNjWL(b}ciRd6?E2OMB%z2URa3HAua|V7vXcX(Y&-Q(M(t*#Z&m z`thcAc!<(fTJSC13sCOz;;kV%-H_jf5E_Uua=*ml{eQcaDlhj zA|32X{L>3aZ6yiZNH^?@dlbW>ynQKqQ8N-Gf4N4nQIS?Uz=_J&TI?}FuWySDamRtb zyH=VSiT24~iMe)>*ha_zRQ%_8dU!%xd{*FdV-x%4bDwKnyy}`HK$A|}^83eqHEid^ zS<4_GJ6t{TWp0FLN>9iI>4xac(8G+=%6hb0cPfz%QqX8=_m)nZW04FnES5a7Ol>cHV2ibl2Ox@z&w3M=n39yUx$hr%xMb*^3ji?Cwq zQN%U(bF3|HXKWMQY(>Lr&Sw9f5bY)M# z6EBz8>Jq9ujgtrndXU9j`zG?xIj#; ziMpGItLe?))b}wMFd~?_A15;J?~qM!vY;_d9ZTaBWt?1X5opOSWK?L$lWPS`T(DiQ z(Ci=tGx8o<%kXF>Ll}d$qASaX!jwXMQ|IZ*a?Jc&$mjdLC3Ip0f$mGik>!awX}YI~ z@-|W$(47XiO^k(xWwkg`<)k3zLURFAGSdazCIp*nz&muDSMjMZob+Gdy8YoL!=GeH z@fSLu4XDe1Y0ql2@JYs>-|G&ldP=HatVqqVUz0>>UjAMSDJPW`#zJW}&-RM$iDMGF zlFI(nz2heC$ai|4Jb8M_9>KF-Nr`PObdN424kIr5`2p9pMu%9%Fb1NgK^pLwm>*bf^P(>5mWHKt^{w>jEXPzWBM}L- zr>b+Zau8U#`z=7FDjAapQxW2hQ>AM%=mGV^>W~mm|kxRr~C!JS*Q4 z0at?D<73u!)k_%D!s<2NN3#!YsZC=U6!kDs2(>1iLoNGQdl0mui~m(FK0IF^L#N@Z zF*qJCF)8sS@pg7>A%oBtCyqWBdBija~LLP{gaPbi;zRyDjx?l{%Yg@bqvu z-XsOJl$lZOi*8eF7fPWE&>lPRFY%lb^|R=!CekUgo5pEwJV-G z=~7<=+boOcI*KaxBku?j1hQ^mtNLT8f08}kZBMinusKG0r&53abeqpzCxjhF)4TFmq~K#pD)#S*{?cwb6oBytW3Q4 zCor0f)a3sUf8Y|iho=tpS8{u?jm~b9uB61;kZ&ouzaUe7!8DN>JinP$YO(yXJ$LOcGt*3j#q;0h8V0OT)K&pI&WkE6_Qu z5RO$!w))Jf7ZCq z`FvF0x>Qt>MK!#vV=&WJ({e>qE$qe#dj#&rcwn>-h8cP*g|{o#{nhA;Wz<5ABt{FL zeEMBUH`}Uv4n!UKR!7)2T?1p{%jq7xjzPOSGp~CtrFRK)_BZp$RcU z(^WOfABUd(HlKT)1} zX3ot7KAj9|e+q?hC5Z>5tug$lg2-A;jy+<0CUrx0~ zc^2668P+b6{=C6@%ArtFE*U*U_u9rw;#u5-h9o{>erIq%Ce}!114{nPV4yymD7v8= z|Ha0RX)=2^)hHa~aob76I4TukGNLzOJL%8sRPfBA-$C%0vqC0|I!bYjxd9PQ>GYyB zjd!MB3f-bHvB9DjP55^5P(^3fI&rU*5tQ0e`ZnB>#Dszt7{jTVxQzkxXc!kMmhg~@ zhoUk0@7b1D!U>r^GR>EtU_Ie1x<2=BQ(zes{;jz1y4e^^Su5Ro%dFNgLx!L6k=NKu zBkraVF0VpFKaXik>G$bXBLG3o1Wm4kptS`_&8b#GDpiE;vUP`zg9i;v90IH$e*RSC zG+$?wY&W4Q^jfkQB$2#e)+(;+Aj%EdR6G@1IL43`Q_0YfWkoi^Cwt<#F$3mQOk>73 zcZS76A(U$FGRHt%h))M4Y}q(ojlc|cx=ayxqS0$w7v)*lk?tr(WfIo%-p%|`@F96JdWQH8)0t{dcfc! z?4l6RL6iq(jt{K2<+tTzG6)CqOT@qsZy-*!m3`Ll&L(2ZWtVHF=mimaKd}S)!lLWx zCAJ-8s1A)gv+g_(H}M^fD-{lbGPu#^l2YVraZ>c@lzSc@aJr8zpgC(c`!`5fhnmGF z324M-D`y5A{#(cXFXAjwek;M`IUERY(~Vsl36? zL7r>JHUfzFfq6LRV#I0^#z}#Jwe?89=*l~7Zpc)JuTDK z1p9>*H_D4YHKqX8WUSvs2GENvpN-$=>zaz*E=8@=>d{1aEBX8N3cBo8kU?dIKi*mX zSIC{suYV(+y?Ho9Y+|OTfVpRKG+TiOCH&33GAls2|yM}=+612N~Aaf3Ibkx#)c9y=&`#O$Lc z{?dYyNC$yjK~B`USLbh$tYsbdA9I1Wq2i`&5mulK-?7UN+>+}GrFXCQ@*QGx#< z@0Gx=@gEemKP3Mt_a$I9)LYjRO5glrMI=McT7j?c3Ubb-t&IhltLIL>>btq)N#&RJ zen!8CgEhf7*&$9M)UMcCROOBzg*$7$9Y~FmX&@DyGH)F&k4kbLG2s~lj&PNH&W4Q7 zDB!5oN@&Qs>q7Nv7*x@MpkSfbA2{8-hGF)5PYUd%DV$^wv%v_f>Vi5V7z@(C(UyO* z`>L;_px!iU%lFx#i#2Q9Gt8q3+uFf6i=#2BjV+mATmBURMU!NKA{X%fsKq0!H-RkXG0-lZvb9fyc11j-sIf4j_G|%= z5NCU6eBJ&y!HhiHe^wr_?dgBgh5u`{Jue}?W*XafxZeyZr81^({8>G607_j_d8{4c z54StV++G0a5d3?@>%Ypc3H~xY5wkf-@7wP$Zc#9Q>Mt3}w+l9CIx3o#4Ytn=vq#;Yi?)eL&se3{(prD#rnPcNffJvM)1&9 z*+W-XkswOn-b7&?UaC@noBRTGeVx(i=d98GC=Jk^V#gkIUw}T;d0O^9GcxhYqBx3< zMhTFxmfjunPGr97ah^uyVF?H)9v#Etq_PP|$oK>+>uHq0eIKlJYuNMJD)Ga{IQ79c zZgF*Di$Z=#?Gx3!#1~)Cp41A~z(G~CWkeHljPNKA+?5_-A=?@oNE6-Wxh0=~5gK34 zwPl80ZBN6{vj9_4J9C@g5_+8-NXxsj7hff-fI_D=MmhvV63KF)aBB;1pe z5v{Aiz*CdS@Nu~HePIAb%NAq2Yi(kj;5_huq{_XaS+hQ4@ZGT}!#9C^Zm&PhXZWm% zk2|w*_*c~2*Lzp^Q`!GX?)dTEKS6T;WPU#?xIJD~5ut9tJMD7GEN$9D!gawetpbtU zV5a3G2@enyRHCk%ka&tqlNu02yFeCOtNe$a?JjlkZ_+y8vRSAQYG$hvzi6V@s!AiA z40!WgM3+@eyZ71r>td@@G);b3iP*6{GIZSZ;CIfNrYTOM(YLm%V-Mn8d%fzUPIU}| z=YsfkpOd-5aW+0I_2pt&$OC^Pond<}QIzJ5R@1u6z|f+nma!X;0KDP%v3+ zCX6Q%%d)@7xTWR%v@@V|WujI-)NJy;T7K}HvAVmBlPAlzixkH=(+ea7Lii0ub(XMv z+{$)aKkKXhm(P}U9tu&)QIU%y1put^@wR?$6G&!5z_l77-~vkTKa=S0Gv|r4&tSB( z;%f($DEw?NICyYmJ&A1WqUfKDqupjh-+?4j$>Qp@&vt?PN@mP!lOJgwwOGh7tHyDP zZe|nek;Z2{Zgi?AsSEGNUX_7o@HswQhYSl;#Rg%#Y}Ii(ucE}4MxJz#s-s=SA-VOP zub!ct`t2ZKd}zEco|E7zOxOstqJ3kgU**!7-=*y&g?><*HNafyD3xl} zYs5B=m}$0@Z^AMib22jlx9Eh!54zgV3hm~f7R(yk-J=1PsaSdC%P52koGWm)V^-oB z9WhaLDje!8p;z6FJ&yACE&ier{yW-D;P2Mbw|}Ut|M!b&<>uWIzp>LPt}i5jqJlO6 zHqU1~5Ut=EE0P^Xk_YCATY!H9&cy?*s&Xnj_`$CE8` z6~n_cd%dSba^x`XbAc=)nsCqvlhkhWiZI=~#Rijt)83)bXmb8YW6Uwz$BqE7Qe5?B zYwC|MV+qCTP$^47q?*rNVg@u!Dm#Y_jUEi8VuJ|3+rm?sr)F*&z9ByWfmn0cSb zoDbvJAavAhMmR(axMckL`bZE<)@W_!dbrEl{O!Qor>KCJ*OK;msfao!SBmOBuUVAB zV74GjD8h0wE2F)(aSX;fRC-bt`PebMxs#XYH7~lZE6SR}Pcf>bYkFhc%JzNibbtNT zrCL?dhkfc3@{Xbuo%o;AbsC?xt{)}SP;1RvYw6jwhDiwM%t=2>=pRZ<^zT0hG94to z7R&SOLNrGGJz!IZT>Tgt|1_k3X$Wwg^Lvvs!j=iKHw*B86${zJn) zd{4w=q;ko-iKQ(|_rz;> zv5aMAog4-ASHf>0JU0Oq?E?p4U4&wOhCty`U8zkDwpz&SlEl)XwyV?ZuXF~50j%~7 zn{|leiN|=R>9czKFF$@hU$&F8k}&RYlPx$0Mdgxdw3Lk!Ox`Kd{&gy#aDeH$maxIk zXa8YsAP}iI;kIY1`7Lwgx`dz4{uhaj;9h!RiqaQ*AzrU&f2ix%xE{m=b0MtLm-lW*GoBro?;c*! zewK7Gfxf9UchQjp0_o*fCw;ji1C9Jy;}tqcEYk;*m#?p7(Q^POs6ldMGgD)^GjYSQ zcxyJ0Kkq^|dI{P?tPkc5$0x%T4~)6f&*dquN$Ps=#szfl0iX^u+r;v}W%$jYMT;ED za^Ne7>vl9{sbQvHk^ZF()&=#V+{%!hfn)3_BE)t>}xi47{g zG26d|EYGc9US{Z};aAVXtXub{qqudU?Fr8&4l$qNo1eB?x-DK+@7JA}r8hg84$e{Jn>#ANhF>L1x4Qzid=6#pN8vDBFHI?BYci#Yy!npOH1j7|XUyNGZPReF( zk+iSfF_DwVtog-&w7l04u(@f1xx*0FPkUFts!Uirr$4pNDb*n(kXeK!#SwQ2FSScR5M@w_n6*l^27QUaod`maO-zM)zGb1zCLo!stsZKta5Jn2 zMFggdXG5R{$#{y6ancVr>$j+Nk&z!RVrzDl{rKmNtdhEOto}Iy2}iAAw?+0bHr^<& zw~M6bJ?a!?9T~abM{bxZLyH1+^en=(H18(_aj-*2PUX1bnweN!DfviuP;3QcMMcKT z*M&-lA7amJG)@#R_uDZA`8tB1_t`>t)W#~;-)klBV_mAP!0M!DWRasyEfaKd*L3xH zyFomIh^Za`Z}H$@Inv*vbyW6o-U2G~3CtuLybJrtLX$C`F`2|M2mUlM7$1k4={6V_sm zjf7?KRIa>ezgD7`vvP>}RJt`Z?Ti`nyKYn1my| z32U84Sg+3a#X$3wppl*H>p2${fv%HOhT$DyIwy~u^@B7xBY3Jut&q0aQ)fG)qr&S! zXhcD%+il+y+XWmW_k`1&1lQTOFNdO^ioJ5)j&I5b^(Q{^ZXMij=<}=h?bp^y1Mh&_+Le(qB!Nj=4?{Y1k5o30WK%AKim$TEEbfAT&8nA4 z+Er_8r2e8@GrUg_(CvZ7y2g*$Y8kc}JX7QtR|KCojV}e{#hncB;B~3jb4`46R2~}Y zfy)%$u;X64<~-o4B2>xUB^Nsx(P}*@x0y@=7Yk4Qm3K9vo~vXvEzv$<(EwyjLEw-% zK$%d`O%Bs!Xo6fFrFyb^*uq`i&YGEebT7@zQ^{fL4SPF5L)!!1mQSib6E$Z?1}sCA zc%_)~xmm`+kQfWpvc#mx!aB&LaWN);d5KW9zOBGNM0+NxAR#DA9s&tHXJ+PYV?13C z*;O{zu1*PgwTWAqc+Nh~!8@wt)bu{GktUfeVqE?C+~IiYcPQn7fuxo3Y0odr1v7oJ z0S7MN7_$8OuDnW44zs>zfF;T$_=Vo>xVwP>mgt92oHF6{rWGI+DohCy@CFUp#W zoG%>tneUztl^?Xc`SjR<+JxjoUGfCxp3Gs#U$)=#>*RFbcNUVgc=y>Y8S@-rU6xBK z1rm?git`nbmE_4>oVxj0bctb~EBucA=c^dk%_Lq8etzeCwc?_01erhUd%*ECMTFg) zYfGXzL^NgQm|tlB@sZK|C6PFxHHC%W@i`J$COx6jlY-m&LvHKDqrGOi{k9`Kn8Xp; z*qI13L(0DX7HS!*MDu#%`!rBZ;C6U^bJtCQ|g%LMRz?US?37JJze2_CG=zE!=uIxHoj77sJRJofVnG(<88$W<`DS#? zY(`}g_LAPF40^UJ#v6m$7nA0}IxGB1fRm7r>V>~1tq9d_;;0RzWK&dV35cUj(|Y7d zhSAKRS#**RN%+-7;*92zUsuX6QauuX8fawk_Jf3X zN}ExFzB4nNNG|^hRSd%|&2fGZd6>Xi-|E8S6YF(hGV1c2icU5`o{PLZJ=-t(Vfm!< zXu0OqwTSPFbR*wmNH0_dg+n$dL#Lk6rc}nu*YpPlFEtE1+OL?17F@*?xh0xL>kig) zXEN|8cZ|N@uNWMYZ@%Hvw0-nXgxb=1D49kBm7h!ge7VJ=&t;eaQwX!m8H{ zrMw4u6>4wuL)DK~6ABeX7t^!@IEn?Xei55@PP=dCLw!(POrJ9frJ zO^>W`6`W%XAPK57tA!PBY5b5gXT2*2)IakphTTIUF`Bc9*e7J?Sxh(n`1PMrJwEG- zwy#4z$}U08+PqjKpg;j7PZu)DT3Xfa*6R+v)I5%U8ezhuG8h(ozAeUl0@*T=9Vbk@+%S&6!G%ia0Smi9f_G-T7l zZqCU27496SP7Y$-WM)1V5BB#xBYJe@k9zbd2=&MW7ZbB~(%mmZ}rnsgBq}QH*Ri&m{VdkT23i+z5P;LW^#_x1Y973*Z*&NombpVD)U+1Dl3&m4;n;X@B9XQ>7=daIM#8G6QLaTLva%|5zqZ4xNwvXN=KJ>2niA zoFm~~=PaX5&dn6wAp0NNZbRf3_HWS8rPldkl=_DrG&>|(d$Z@@P(@nTc^V&7Z_s!x z&awG)S`IaAUu^zV$m3oz8PxYU>$N9ZdqrNM4sDg*F!Fw+Znxj#-5-1qq|JAY&#g*? zKfPCPPW@H4P`jhGg_?25OpkekOGGKBKk?L`1m!~kP^y5xX@QXn$~n>m$~3x!)DJUO+JH+mbJRxjWWSRz;*c z1FA1oV#ico$j_2nkMGA6L|_XXr!zmbj_y2Kzn?0&0pci^qqk=;3gW0ibsrfl6s70K z&Y%~HlJC|=*s?l*C}@;HrD1|J>x?sh?vGkN>5oj-oT^GPP?LpXHgiNm3EjC~0u$fH z9~C1Jx3zFYb|cL^sfVt7<9E$>A%Mbr_w}5ZqBR^CjU5ehQ-Q3-^>uM{mQ=KzU)YrE zWxBRhF+XWJR!9Lq#pb`jLm0H&WO@9yH&UW)z-WbW6cxo9J|vExf0sZ`Ao}`o9`3QUVD3&# zy&8EJ%+L|j^xJ>3BoYDR&3Y{o$1Ah4P%xTvJ>OYsB@!TosNa|R=m$Sb6e^Wg zyxd+`n_Gt(mLzn_MmG(`Ip&6k5O1o*-b-fSa9S2iEW;nsnQWA5(fyA6e$478F>02D zuicW0FQ?*hr2R?Uv82|CtXmJWnlEyu9LyV2hJI@<@?{NQo=;pZgEduQllL?Cia!W;1-yLW=;NxP zCzC%pz#~9m`sRx|vAE67S3G$Vg+xFRysb=(dGG!M$NZ$hp~djpRnI}^P!i;p!(;_A zOf=-*Sye{x|49HR$(H$Y@%@{{Qc7AehUwW`7Xem?Hexar@tLJI{f2*v>raBlfY{J+ z=9irOMpRppttlrTlEKmgcCVbwS2AI|nQtl3(#z4nMqv0wyr#Y6Cc~)|pF#$Et8g(`d$nW#jPH8=Y z%G>YC2C|u{U#MW8P6yont!79fTSLe=%%iSinT^-9;(F_ssE5!J=PyMm4`Tf-0?1|? znN@R_2}87QdW)!bGkBg)521NP`5 zzHJH%EKikt*K-5gXs|kULJbuq2gS^9DZ6FFR?~LBJ)P~zYq2{z^ze$)uL-s+@GFC( z1kxwrWUZ*+`+8_a`p{2hI>cYuz{hMkxd|zhmRQUi9AkoB8ZEh?9zY&*}@#iA}l?D z!Yo|->;v+~n65=CG%we*+hToQ`EQdw*)2gMk_W~MM!ZzUW6Oa)i#>uT5dk}Nj{y4r zQvea$&=XpPn~-JDDjkth+z#C|Qnlm2-W$hlAtsv#m}hE&>PBWNFCm`$2M~KE^Nw-{ zNtfA0a~#R%o;QoV=k(0NKe>wTRXb0)ob&*;gm{?uZbt3xvFy^Q!jvhv#rXiTF#T29 z7`^1fL5zl7ZIoi7neC27;4H>m$jSga+%0h9)^Ah zYt0C#Xo@APy}&U(o0voJYy4mut5Eb^_gh(_j-^|3LiTWx9+iL*$?8L(gPD$>QUuYl zZr3PVx-e_Q$8yWX))LAPsX(Fv<)3c7iXCchC${ zKfof;bbIL$`X)g8v+cNP{1z|ms=@e!%G!^YO)=CDqA-KL?TKviUQx0$r2q(kB{ah; zrty3jpc2rvCu2m%Vb~DP)#y`)qF7n!!L3M#j?dFuXWHH|ZvOTt^T|Su!1>Ihkdrm8 zTQX(pal}O`ON9_o#0&T+FgAGk=up8=hqKZy?c6|Ddt{9VdJ1zYs3}Ibz{2 z9%?CMXL6slbTzAE83ueJ;H>g#E462gFa(8Q66>IwSf#}Z(!8kLJe}n@>g$<{jI3q9 zQO@<>TGh_YR6AnQyiItEU=M(P2$y|JUYanlILZoCm{(%Aq?7)I#*Y3Xjjei^&+UO_*}zH{oYK_xtGlCrcVzsxJ+r} zcSN@$dkyuM(1aV>cGAJ{3B0G!PkcLl)lFQINFSPGe; zxCpkD+L>*47voLvipX?b=;cFM2p7YD{-I2tR$EMwJlBo?iwAud;VGqMs)G5n^5(+u z=jAc{j0N284TM7LAQwQ~%5sq@D|QG40FFRlCi+4+tGKBg&ZeZgw1?v2_L>)UV}3q; z+UvZf(ow;t=Zp?Z>onoe)NSZ2bkuHp_N{o0p~zLWS<3{DUcZ#qU!Tupdy_zsd6{Q) z(aVD?d{f~Gl0xLQT8#lh=J1bgou@Bi>Kn44Chj3orw%nK$)Fn!sJC)x=TPu;Ly!g0 z%CNv|qv9RXn6@t3fT^pVXi&eWk^4)LrM1-m7Qw~*+f63<=g&5-5NCOnn7WyxY=d!^ zp=9X&rJE_Xn8aa<5m!#9ZLZ)LONr{?2{?yg@#j>Bt`14!z|Zeb6Dd~sC*$XOCWrQ8 zKF}|*$yCnNdd>3}>Yk>Td>*JRU+QC{^OlWMM?j6NE1^~aaMH|=T6uMmE9dTm;WO;R zJW`!DjJ%fV&0Mfs&)lfUGW;i_v#Lpx;iM@@xp504bG_nmzZ7x@MaP5nLMzO37>e3l zYsU%+r(al|OP7vIuo&|)=5kG%=V{j-*6FTF${QZ6Gz}hI4n|(6;o;d{vZu|A+w?FJ zeiU^c27eOQOp^yALa!gkv`T-x@fKMzaZM=vlR&%h@?uT5(cIa{6Ifj+fM^zX2-^9S za^y-cO01yb5X6=%Q8L59n#%_7{GByiaEZf)Nl@3@_uaic8mHyI0j9R}kU|M6Xckc4 zEi9p9DxScn@S^+fy0Mv684iwR3M-+Fg^MU`NFS&Du5JLJeo+ zxNWa3#9YZwRc$NQ80#@ncdYtiFh^W$vlk+^xzfq5d{y};9XDw&I%)2ga!h9h1-+H|83s_u@7RQyDT)sO8{rgkt+!W1uM zx-sYa2dB)qq1gqBie5T*wmiAeiMYrx%6Xc%Qar6OJ_bg2(7M6rVB*I`9yLY68QvDb zv>Vg5M*uP+CFiC~jhed9jdUZ4KnIzS8&xyklaYc&&U3nk+AqYk*=kDUe6$G&WetHB zJ;4b$sAawAiEFj~Dk&XmtR+!P)8yHD6%9CV$(I1|IU z(+vWr6ATOeVl9gHH3X*O*v8c5P-w<0Lmp=PQZaH_ zQ82|S839(}=?@)(T}2w%(l{5|5Qzmb+JxgY<0(4hSSVI3fARt1JA@bs>EQ`IBfE-n z+`17Nry)_EgJR5#_iDr(DSf-a%<4t{7)H}DKwSk@(lC4MwXHi#DGorf+EO;oS3T19 zQtfp% zC&YmdW~?g`x-c603O6k4Z_i4+5`R!DfvXenO4;^IBfzA~a)T%f#u#Q5LZj~WES?3g z@wG4?KN@?#yfuuc!I>z2We&&9$yS9qlK^r4@_mmw(VFGPwF9=~OxcXhAw7HxmY6wb zi*04@bVUB_9MUmo&Tq=WmwaqGEjs^I^9Y?n?>;AO8fMMN3KRb!cRV@PA4G<7(kz*H{ku@8;M$n$;2N_FL$}LmuGhj+T}iY#EvdT|05; ztuBRih|H+f=8eMeQrgBcg$-jhNV8VLDi-UUC-%iDDFd4RVpQa9T76j$%iFF2bab;^ zG0>I=;+hM|<$%cWplmk7YG8vln?mn(e*IfjkYe1RH=)dnJVR_L*RPBio1exX@#_Ql zG;WQ7H4}1@1ys3^xC}XQtR@2AJXCu-Rd`^ek=2{h@)frWDJ2N;g5m?ugk|&_*=IQ^y%rGGCx75Q!RVE zji4Fo9Cmug)SAdl{g?{CSo!2H#A(@{L*@Cf-qklXa#~RiS>(15rW zh$|$DbKF5QGRB-aBfY!h{UJOfr0%QNo<`K7HqV+s0P~do$^=${u-+inp$6D-$&)+l zFu)0vK{HQYd(y}My?vpXXG~tIJH@A*QTdatp;t>VYqGBCDD)$NVnk`%l&poXmtx;H z0m$D%TK4;-Cg!yvn0q`&MYkeiI|AJArm>eCH!;x+2&H$|A# z^Q1%q-tKY#`c$q|}n0n6L-#t=$qnYzGL#%eA(!8soXXDwm?6zEg z;SvNZ1wYU8^`P$><;g)FDL>`aA-xo`^$gcFd1o1GzRHx@-eqVflYf^7YlUC}CaAMK zHNb!cu=Vqxo4f%6^-2lN2|p!wPQhWpHrmvu{+LcfFzfV-LsY-bU~HO|$oRxeX8ZZiaC}pYPwT`h z^I#;%u7;QzX68*NM=Y?WCS+z;Du8nbKO^VJ7Ai8WgN^9CvR4lJnkkjBx2KG{BikJR z-**FaiyZS=2^|N8Y0TY@U03cDy^g}X(3L4i1d&xjY#csB2A&dAWX8nPf5t@M zl1Mr^-@GlIbVw6o9~$aJ-I%LyW%2Bqqi3$KyYvivj+)(CJ2>yCV9*^q4VP~)yL8yK zi)qs~;+e$Op2llAaB%CU_Jxoc>P-9BpEe)cXt*TUy7P!2IXDClxehr}jL?f?_E_kY+eRFi{at{ zFgn)>pYWRqSHyAD?r+%!&CVil^)OjO`b#R&;o1d8Aw?Z2$Px}l@1F2>#?}gKsYARJ zo=EM2dLrh_LBU6~hAU06dnn#1Z;PihLX_*yB+jNMm+YT;@;i}!An9F{^Z9v*TKw71Pp5iM`6$B(xO9J(d4n8z*ff=pcU|)ZKBB2al95%WRXlDa@W#OuzN4$ylFl zeMin@Uhb?6@X#MI`E_6i0;_7z7yutU+?cU>%h8%}A z5R#N<9-3I;${u-k+L@U*Yc!)j#@Z#^MU}`2Qx#fOF_vJk^$_x~OMpZ#xHYSgDdv!c z&N@GYKo`;esZQj-)XhC9o}te}e)T#2>zKgX?`>kkyWyFwEqa1CD*Pn4zlIAAM-@$S%V6+UWv)q1N0 z6o+*sSq>9K)5<~)tJ_3yn<)7vWd53p>jXkQ|M9YYv+HNPWcxG?>%Z%C|7iY5Kmafl zxSTV%erNq*x=0G|sG;`TE4eA>Z`sxQ`p4gjOZ?MjyPnxug4fM3T;$-nq>n**3CkCP zk0UcV%J(?Ci)=|Ghj|9I#J2RMT)rZ6=Ip`ll-k!B9d*$H9c~OPox@S9Ui5cCiQ={J z0{9MZLs0jTaxSO-_6Wx=!eT-(Y0ElShr=OG!Eqf8!BKCQi1p-{Uj2d4UWOm+xKrJg z$lw6fOs&9o44f~CWZZLH9FX#CJyR-x!K5?@*fH7tj~Q>F^2O&7u{m>IiyT7QB;zts zPoGyMGoB}_@rTPOE9eg(c$?GWhN-9=s%F&$Bfjv`ibP>U((LX%!19dt3a7NreF2=+ z`HnBBL1WA$Fi^1Eq%W-e^C~s#>d|bSy?k!BbHsqOPeqq=eBAJ|g#O~UjUE`;G$egx zBf@O|j3p7D#$c#V6p$tRLCejFyZcChFY=R?piku0)DV^?e& z;!VhMB+;+ifqD!%QeucbU4iy4>X8^x{3o#@;#zL~aQTBK?q4oqa|<`6w^P_miBl_GtJusBjVOVBElxC#TUlj)HjL9ENw2y(cQo)s-u8CwN53mI5@9_LDw~ow zxS}F9&XbJA=V`A+R3UKvt(~>kdUW?IQrP&PEdw5cPX^#AidX$mQ!_ICCEf^tr&@98 zOJle;`l;i=R8PEdt37U}thIaEvu-Lp<4=N&rW3bl@%(cpHnMkwpnnL%sj=(mY{?*u z}0 z8L~*YPKLY3q}K`w8m~o`;wL^M4fPQZl2{$}27VRRktSC~Z#yC>AO@kV>xp7-F}Uf8 z*$rDoP>d@C>!9>UfNVXX1Ut?lm7$aDH{sGU)D|G?;yywlyMiv1DM3M1Fpul?dH_Ou zEB;KE!iscy=oFdUG^L;YI6Haz2D?N}r%vUKnASw9);aM_r7)QiE^Kv#%K_E%j*ZO6 zDO7EO?r~R^p*7k&otHb@^v*5-@#)ulS|TMwNX$a~Yl_uLE71|k?=vOnHs@R#8z5KQX6L?-aA=)Y$kb1mt8qkJ;ZOrufXW~X-2oyJ!LEmMk9P63G$-fuIr z6zDgHW;F;VjUQ1uQ`V^vm7EqtIf~$*HK3r3p7-f$LSvyDS{}|R=5L+c0y@N?X^GsK zQZaK-5&V-y`-PMUFsUYF)IEY2;aJmkXBWuiL?Dw%pU|}e^#5K(QtOM+d0QbNv$x_H zznDI1Z4MXES=ME2@3#1n0hR6<{1u6ZdFz)I=jf_4U`^9-WK>d93?$tXiY$}2JLc}aW@@N$*SaL8ZWPnJ zm$IS<#HQ)bE6vU+ROKPm*whoQGvCFTHIj|JU8*An?KVHXr4{A(z&)jX|`s*Su{Ij|8)Fro6Af7xjXVN1D#|HiMRMsZnt=D+VpF*9lV)5dCsUR^A5E zGveRL%9E|mo+eO&@a6;qXmfJ}^M>=LBe>pXf#Zc$D;woHA12aRT^8ieao0y%h>cV* z_{S&OQv0a7B~t=5`r|a~??3iVO*X&$EmQ2!1c%fHth(4c=Pd)kPDJyY||Mt0wjtu zX8#2T<@|;>n>d?p7>tvAd;KRtsQ6#HgMTQGKmH#IA3hWQzdp!ih806qyT_n*UDL_N z6Q4a+qc+|T(r>#?@LJ<;{NQaVl2anNJzxVU~V9ib~_H{Niov>Fn*bm6=t__6&%VWRag(-E z*La3nZx=#yaAIBO5O?nYvN1Da}` z^W`qz2ER&FcIjLD9q|LjCHB5AVK)H;|gphVb0r{JAtnPPu9#)3OH_!h`pyw~KU6OgE4SCsA5mnJ46g-O6 zL}syA<*4Jut#n;nc6lXUJ2lB|=Z{~ROFFw9hxj_(WqDgPqwnEuQGMRHCRd3xrt8M) zomv(7J1^Q%FNO;xz?CvSKOpXMlxo@ULGDN-Yv)`WCfFTYIR&-gD(TYNbo3AU z$;5O()Gf1>__n_6hN13R4uhLE|Ka+f5c~I5(1dUUK;8e@S-`|WfI5~a z?G@7%$IeaJ&tEz0f`9X-qk-}2f=jReFh<#wYJ_*floD1zTfyL6;YoEdJi>Nfz~yH3 zIf`Jw$yj?VN1t|S#N<9=sza6cCAvr7IbNk|L|h|`8w6Z4UUDy4PF{8J80eumCB+I- zy{I4Kl;rENXwXyz4ZGLNLkF2zt;F^0?{J$aWT&6KmV4N|p3&M@8|4Jx6}iedW|5DB zu^8<6rOVara8aGotGAZs4~;u8rO!x6_RK>neF}Q`4cVgPtr_na$!1tm!Ouw1V2Mzi zWyX)$pv zuD35G%&kI3dK3!o-gnvn^4N#rr$JPL*5oQIM3zobO#356+PZw27D6219;K z{h|OV@#WMLBZ<|ja!AeJtEezc`yYz-ih2j?xpltG0K#cJ><2kARQ}j{(#z!Qn~rVI zv`+tvm-dGW_cYW%-}o|37Xv;KJl@_B1cWeyJ{vfG#rqC|@Ja0--mIyTSd|fU^Y77> zWa_vrYY$FpyX7x5JRF41MpQZGO^hwNb*cTuLRPG-OC%TD#JBADBh}f4Xc5*+Y0?14 z@s2g5EQ*xU4w1ui&JyO&ixPvQE%g>PJ84#Oo3{gEctBGT3^BsGMqFaCA8!JDYRql5z z*fF{XB22D*6}ea+Kn61^&dfEkJ#au!58cIx21nY#27~QXxa))FSym_FHm7QOZ5sBX z0xWF}{KLV?j#HGj(aY5L%B`o3@&!~Zt`NV-#LhLCn&MGh30RzOe%;7gT@yb~XoUX| ztb^Si>zRNXaeP{cs>DnA{e`z%J|xB0h`DOz>@2U?G+M2*ce;5Pa}gkK=B>6k?3V<` zmmAlN7~zy(5}U5K!CrE&A>~UWyCPk$1|l-@>XP<$eBt$A=J)3Z=bc%Ph8tf4CwRct zp}U$T9+=WwD$o6yQ5BU7e7lU6GcAFUea-v;N+0k-!M%*^Wm{=#KVyAI4g18WGYr3U zB(?jIRZ!I;{NlY%(f(I?IiJtJuD)O)qL+U=eg2XK{KEwF=6_fFKX`hojW%>}$GbGm z@-#>lx0T7NA8uomMKiE`IcBDHQ1)K13JIn5mcCN#uSv&hLEsVS5A+FVtE-O2>2sjT z<~#jlZxRfO&%Uvc4Mt82Wh~}KE0<9-lB)5tW`-UjkfM$k)t22`ITvvj=ZAs?|9?_NBc{ zIRJkZ@(P-LY@(W_GuvGjJLgsz|6(AFbt+D2N|lPfZ&e~PghY1@Thq@*mh!)7d(Wt* z*0$dlmt6q`6{HI!Kqx_a5pYRQAV5N|F1iUM7^;Y11L-Y<5~`HYdr2S^3%v;>^eR>9 zQl+SCXYDiIXRYTQ&pv0odyF%`BxAq_$efw;zOU$_Ey0s(m@T%RtV($^%x^S({%<(5r+@^na_HhO%b+_y< zmQT+D>s@xFEe=fEF3jCD-$Cy-mBAipIY=2Q+Euu}vypuKf27j}7xgj!eJcN3Fn6ef znW=<>_{@31WZ52WLmeB`deVQ;lruh>AM0Qa@?i&m8LiOwu4i&DhPDt zI$;i;f*h*J=?(2V=*5GjELix|qcTwXnmB3@PZw=c)%j73c;d}Bk5;KCCVJ2WCJ|}4 zF9!$PQc(RV5S*FgzpY%%{aSLb6!;t;T5ORiYMat;ejr4r;Xi0*oxkrurv3bcKEiBC zp7`Ci`*MRhw_Wn-Hppw|BrTowz1Uppk4$lu=>hd$@O=KhzrY5Yw`7bG$h-u zrGxW+U9$O$8#(YVZY1Z$TU}TiS=7@sB!f9V->2 zC1fIL2k72p!eWfsxO$=#nY-$b@pz_J0&%MxC5dQxDA>n`c<+0M^$VE|wYGe J$~ z&Pz9<>nFn@R{CTh3!Q$LY_|v*F5_;OlNx8+@r{?TGC39HXfK+ojgxM5 zWKYH7<}HGJ%jLY3!#JiMnR1yCnD6tf8j4V%QLna)p>yiPy4H^n(PG;H+E3Q*e(Zx6 zxOU8%SX!5Z^59Pvvv(foL6wGa(bIwa1i=>RWjfKi@(i372x^lh-5jmz0Cr_zcAzA3 zHNL@D-Xq@KKsRnaHMz2op84ZJg8#@D5b2;mh-p)@o0USeru51 z{JmxVP@JSB=rwg7PS)2x)VN${QXHB40r3vg z6knh8w3lWry%7IPOmx_~Nxdk4NTSBr1Zy491F-1T`Nk=;tl?Tk*&$X-gM9=YhPjy& z3=|&@bGyVAJV^+jg%IQsClE8%>9DoTME*}Bl!d-w;?q+WR^70wY0*iCW0-+0;rFft zyi<*b0azm4(V*mU~oVB zPY(5$@9h6%a4^a2)c(n;{rZLfueHuS8^48JhFkDLRA%bXTDhPw8^w^nVy((4ukmP` zonRTHA$gf2y6JpPFiNXK4@B6+lvtWYw>PD`vZcD^>PS59&$bH5PYw0)OW0K}4d>~C zz?HSbJ6sZhZOPws>8l>c>BIfDYgQ8cE|gV&ncD(BMWZmCC^XyB8Wk^#GMH)Vg=8)A zX@OB<+iOI`WTl5jDwPmeZ57}5n$CED#3wIEiGHlNqUp2CYCBtmS93>Ga+^c~Z&Q)bOqs!hcGCMZJx*Wm*Ceg98A)@mE%*py3;gH=3V znuBrJ0}(uA|8P3ievIwbx6MCvORHkSS)6P0?U2qCvke=LW z-2x&mX&$p((d~Zj-xQAUf2h+hbPxQ40jVKXO4!W272WwVyba@PpU?x7SGXLAwCQAZ z@u;_LKIcna3N`#OB`UBT4R~Sz@dSQ1nnHgWe>GZH7!HEiwbJw28v^`mtAYk= zF_sEpVkY%IxZAb{Ogz+WtHLjWzU{zCz0_KMr|0dH(c>t~+qV_&a`wx7+84WC8n;oW zo$+kHdtj3`4)bmJ0_c6xTQ_EFH4Q(+)J!=D@He`tal~88=oH>Q=kl=cvA`LQ(s4B++8w%LLXd8Y2i89nDZV zHUt9gk5ucGc7;4X!#a;S6oQAYSbofHw2OKz+mOEL{mVqZ9Lkn-xd_dY_4{gea6P*4 z7?*sbr9;T`t1KsV$5IWqnpq0VO{r@THDDl@6uKx9*=64tc~mBr4pdO=g?$cw!nJM9 z(AM+4=SD~pJPGn&I7tnm3xOeJ=c=Rjj~dZ~P&CAvb!vG=rGnIqLjiVivCr+^F)kQ{ zlSi2W{Nk+C>4eeFV#0_houKtbE)r>? z3on*9;$057LZm`*$ie6C-;7md#I2Wr(gAA#_5ET(hh?w%eWz? zFnSVY9^FtF#yxaNk&e-Z2|?jJIBrFs!SRZUus(|_Yd!J1y-sf?(ZFgWd@=%|si~~CUF~m{)E7y$1P8u(ZnpGjDeyEbD%q(e2Rv&c+cWI?dAwQr*86iM zVf2}jAFfkpuO0hd|JNe=_l5f#_c;#VxBjvX=Khxx;Ed_NR@49O&AH;gd1G(rM)F5v zq%+ULQUA0I%aJ!~w3{ohF6kN3=c*WZFV|$7wfP1{ksLbgFOcp0or3v+lPLHB3-jX< zHHAuj%WI>bSqy;WNS8;N^SpUVr^LS=|0yx@?nk>H^vT!mB9jrbLi1bG;5__M9<0Y> z4DqZtqQi-O8#Wu;-*ZZ@ zJ~P#9M{aLc9Wi>*#ZZ(l84eswYJ}C968hkc1D+7u0r69(XcduC)d$Kh&KCC3swuRp zWV;_P?YRVLHa%!JHpvHMV$zaV{H=ER9K#DZoHA*5_b#Im7Zdr!%8Puq!-yLR5LUCY-1%_>E9PUGJD80RRd^y>7V8{u?DIK|I>nfMRaEF_=Q+BOJyYpW)%-_yY#)CQ&!a>w8t-qz9IM3c_lt^f;a&8(S0RsPrqIW_171^}bC~`P zVw>dkl-O(aPq#6{#u7xLZgDZ%$)MMpw0{3HDM4CJ>^=RaM_~E!bYxSjuP#(3BmD~- zlwg1NP+gaVxd(80idKu=aY&Rixsb1C46@l-eP!P}o7%YQu@Sh;>2?Ho!MMxHhH(YWJNTNAx_Xl8bU zwHrum=H={9p{r0FWxfvTtlo*DlauCF`!8mhVwaS;k#|wcj^T7=rM8@}LPbpva6G!6;O!Xkmsw!+&^LmxDi2D0DX+>jx8d{)E# z0p4I$+ovBBAA$yg*1cPV(Xoip4pl9iUL*=ob>$w8n?C0m7n~YJuh_h4eu>IITNHQW zK4Z7QfFK0q&f37|HfoKUfc%OMt)hSZHwMmhNs0EJ`;h2i^Fw|Pp-+8n#Y9)@25|6p zl3#SHlo7R;jVK0OMDcw38NtvkVFi%koFmc{k71T{bq01JVnq{ld;>k&VX3^XhlRV{ z!8Jsy{K$L$0S*}J%N;-YC~sJEA^L84HA3G2c3ubu%HMjvQCizQ*KtJL!2OdzX?P4^ZKr1d+(n=ROZrd*rr( z9d~fIY;&<++eDQ`G+)4vAQIEew zW*w0}DS2cTWMEsn_I`8+7AUT#f4O}e=zC8lq*3I%vcDgeMKfR6<=7-CDmHMikpPuE zzD@sT{|it4@v)EQp=2&*k=1M}mgdaCA3wP!JEQWvc!adHUH8`z1O`8$Hir#7v9 zy+nlOAK`J0@~Lk>0)u$vW$|Phd+YFCSim0+bE1{>256i4_!j@>%gATN?~9|fKGPQo z8U5{Ms>bpshaIw4)>gO^!6wNFn!a>!YEoU9HUz30*4Nh;78d+mufCpIW>lOUC%bsG zEURp`dr<;YDrS7?ZMjA%u>C%-ap9wGcX50u(-j?uaM2l{bL!;mn^RcQx-}H4N0Sj8 z$9h@uR48r4Y!iK1m2{0!s=MLh2|8L*pP6XX;o&2lg_APzh7CZT=bKS z#aOd%lnORZ`;)EBmWWPY+3yPKB>!n}yx20mm*{B@+HC1i`l2fW-`P=6lYy32= zK7Ot)g5T6~r0H2L#P6pUfls9N2)KLl=1&98j9yy2P*wCWso5<$&Yxg~)sQB+@_NpZ~{L zrKx6d>yY7t&F3Dw(NBtBoV6ILSg+}e}tHQIk@dl25(Osw|cj=H$7Eo*aGKm{{iMK zQ+dX{4RA`jp5E+Fm0B{!IUkkg4>X%B1UPF6N6iXRetRh2hDp`K+cKQ##XOdQ3*JP% z8jvWe4`Q^s@Hu~xLvwO5sD_fzFUmPPsbP@g7%qQ2m`7m6eUV~G+9Cds*P%t)7%Zoy zvQ2kdH?7VOIaDG4P-(o?X+G@OY1WsW*8#nnr;u*RyZ*Q@r1G!DzJ1O8%F{VVU{JV* z^&p>OhT;#_f}=DIr@mjU+ksJuCqO2T-=8gbFMfk&Eua|`1{oO6{Tm-G$F$WjW8@v_ zg5S^LS_U^J6!?Dr)72tL=SpdpiF!=p_0lS+HITmGga#8)#7)fylKbLyD!6_-&@(&EviW}*?v-2EeW@RJHw)C&hPu`xGG z3i+MQI0;}0V7!FUMrH>(o(;mUnaG7nx6|6l6;O>jlo8+!&YHM7@4&44WNCxCAaxWs zGNBj1S*;-&wa{SXl;B7l@1o{B)EP=O$w+buU<9Af;h4^_EFPXtGqlRDNK0_$xIBCx zEcS_Zv*#$DV--?hM$HV=Z&~P0RK%xsQlh>~5xeK-=nRiqI)|{N`tqh?QO7c|*Sf1=uU<`;4pNedl1)X=p~TOUC9`>T823a!3)YRPwy@MP)&lW4p})>{G^7D?n=6*Z!5K=ajX{ z`grsKVT~i1F||D*S2B{BV3goAYP95PtOnwa$>I-JyLY}10~Go}=PWC586#x`eC}Zq zeydtOn%AwuyA%}Ret0OKXI-;}Flz8O}7mH}tANdlg zZ>%CF5+dx+;T2CKg{VYNpFGOfGq;DVj|f3UYj14fzb&VhoF!t!Moo6t@jG=KZ4Eus z`BRqhVkJSgp$T?dw>!L;0KMXOCf`}Z68hs+ed;{jx$O%;?zf@+DgE{H1w{Wm3`APc z(xbBK#c!s|Y1FLGu6!5A{$!BmCDNY|Vp`ThD_cR<4~)ce*NpV-Dl(r!BGZPW;Bo|XXKbD?o_|HJIsqKuxr&gABG#&o#9?nXF?iE zQ>_VS6#b&guNGHcl6Z%!x^}5iFYz0qNxGj>)csIO;!W7X4KS{8S5`RibhEeCc^UiR zEyhJJjMKvppvW3%3i23(Nx)qv~z)?fjQPZ_Z_f2VI zF`i19AoZIN0Uhlg$}q~H%UmqOnZoL#DV^|SYrg8uuJ*cTz-a)tfmrn>>hpqcaq`VH z2!S|Uu8io;0wrw~T^8Jgv#s16x5KTSLt|gY+1g7BnoyUI1AEP4^utK$F5O8`nP~oN zpqZ0&^>B1vSJz1t2|fUCJ*?_)oB!ORwK)p;h_(4tSnw1IGM&Ng$w-BTuC)$D} z%9%2s>Sgt+nRUqDf|4Hpy z#V;p1Rx{DxWxwEvqw@oOe6a8J|NlQ*iQzw>o$vR)h^X9fAS-2H1Hz_8$J!0fKYbmf zH#mbPb?d!>fSo}=`sUeV)JfTf;f&~f!Kbyksk8TfjadCf{i1#G@z{Ks@h1bS?5|SS zKaX<-bo86xf}~z)NA4`GCh#DeH3B=^?Cgx0U?VRr-apj;&|>u$Y0Tn z?}(!lk{$HG;J@L-!p;9CjWMwND^o>ZMY9hXx^6zdxXhtW&%tY(hCBKU;0uc0%yo%9roBc(-ySBnP z2KQeZ)jZ@LAdIQd1}csW6a#l-w-4A~goUy!9sk0n=+x$XDwSOBYOB~yE$ocTd0WPb zwD20>LeN2tocKgaGhL01bAoP%by&0a%7}9YVN(}Qq6#nN5njqR*4L{&7+1MIp7_4ZGLV8zvW(10}eD!Z{J~HSwZ}L z#vhc=QJ$J_zPz~L^_yf)=D_5yYdzBcpnU#s?DP+nUTIEiR!)sF#RTYJEj?+Uh2-Ev zGTV>Lp8Xazm~Vk>f!se=joSt8s?Wf$Xkc!XDZc53$R~v&Lf%pX_#uLTgX_~iqucPY z!f_X-*K2@j?OS!=2ab+HjF%9AA~*|&zPGDHa$Ld}?{4e2U4z7AM1x5ReCKRMeR+nY z5Fzbe!i3XgV2o2Kzp2koJPiD?U5eKPF;UBTeJZaSgeg zu4FZ);tu~OwG0DNy3kW)Xh zNZ03LbsC&)Mo{mlXMkF~F<^rMh0|5fR(#|vo#ums?>nL7NEJoIk6=>{kg93xFAtw0 zPRYrhn-{$sF{f?%VvaE)$69 z@H)_{9<_GIl_whu+S`7RPp!(W3K1xi?(b&SiJGK1DXu|kTyqRXFC~RC_O(418ku=A z+<&VZ;5^1&SI1F)CgAb9^i0R~X>&SbNY4~@cP}A5x~H!5*>W`*@hr5jC#nkyAK60E zObWu=J&mCj-xVlFGK^)P=U69B+#gPNKH2Q*%IWK`Oh*%Wd!BOfh;}sz*>ssd+-F?L z`t~|($W9@3%|*+(&{CP5`rVciHI5F@-Nr3Q0$NDGlez zCoEfC)^xGyDZiAUMEoCJCbBKOe=>NjAFm6 z!}_2#a)4HWWHur% z!NvNy-(K?Wsp}-2N`r(y?NB#+l3(zsNYo&$QAVlNYCFB%J>Sd9ob<4{G-WL;;{m%9 z68gV{Pjx$eLDd;Y>6bAR9bI<-#YS(t#qr!a$1mx6q6=Bj!@SD=$4;G7*#usq6t}2 zbdzmG-VdZ>12J%V=0UsA!bQE`a(p*Fl2fMN-Spe?y}eqJTfet9lcNVC5fzCgxj-C~ z&d;~=WZA;@ZxM16MhW$^!U;pY^0R*N-SSYhe%ZSsmefmwxt0W$_$;`H{nEFc@D)Csp)l3@jMH+E)rKSv^VD7UOAMS36i_4CjN&;esr1*O%f1rLKsQrvpYgc&&9 zu0|-_kH?_PWcU+qkFnE544qc4Oq9hzuS2oW$8owV;06Pp)*uRUvyRPH{fTo%w3<$w zZAKu;5P2uVrH9+asC&FC=0~C;HPy>6DTI?6{Jn6MN#exUhRr2*@!KCs#+LGEQ!Sb3 zBKaGr)ACV?(uQ3YTDw4y;MJ`f4G&qO@@oNefd*eAwy~qMp(N~)zo7s5+I*MpWTw0G zj%K)0g0JKz{@t0vwM4$08C8A?^)mO@73nVq`^8ft>~cfsHDaCU%@r0QnN2YQb8Rgy zt~M(;Dk>^=jJwuGW=)?FUctJPZd5^>wzTXvwu;AhWSuvxrNI;<7Zsd))U>%)3D%6& zs|mJi$~@DneHf-PJ5_V*0MC*Dk+=y5=T`(h9f|$7;hhaPW^)OesAX`@+#eTop>;X~ zvD$$I@-eRwJ!D;Yyz_OS=C9Rl55wPpAv!|;Uph?sl)EPSC_DS@NK*krb6(JSUP0Rn zn(LuC6UCZ@1RnXt_E3)NCgIvO6QHki3T(Nuq{(A8B>56^@gq`+69=yw?z0l$wrJN- zv~1XFBLT5rILH^*fK8ScgFfX@4y8hTGMx`ZqHsF(XF>5;NN`*GOiz`XwafU+=fKC} z92ur6c_ViXnmOQe;e9v-7m zyy3DbLKl5MQQ)+c7|D{xK`a5$wyX*pUIspsY9;1Q4f#^99>N!wh8cZ^muoC+Weq|k z-U08bz>Ga$UTeV^(FZK@PLoX4#>L)@pKv?&#K|mZUxS%e?8GhaUM2WS9X|_~gJ3$& zWcZ6EMkOZH+dGenM{|-a0bQM>7;#yV)i1MV!VI!}Zn-5M|$Jk*bc^FY@_2neT2FPDa zyafF&32Qx@FZ&&F_a`F9OYmc<6ZB16=lYU>$>r-#+W4LZTj#I4MpOL~!t@)ga8>*v z$L)zX;lvbR3-d43W^D>436cbBj+|acGzd0LfuJ@k5cg{Nkp{NqQCru~v+wCC-~SO1 z^LMVl9qZUBPPq!N9jgsyv&4Iso6OJmV{6C33%^a&5)`MlfZBj&DzJd{_4KR;6dLQy z!s5l}@OS7-r^esMGMYN>WR3{PY$+G3ac=G+?z`8%wi@Zd$?`Wt@+^&=wdMY6HM?X>A6T7wm798y$efdQwva>f=a8C#&Fh!+p@{Shk zJ=JT9yw;ex-ayiGlsYEe{32JMWcmn6KtM$aF(|!Yqz}uW3si7PuV|v(n^~t~QY+lN zyRK{R!spgd6GRI^e_Zm_0``+)}!Nlj3N6b<^HW_ znmhM9X0jq?W`?|Hu7x)b%%sm;8wsi*>&$KUjxsDyVR#NmL3}YC32$6hK_|A?49gy^ zNmM2ECod|_E6sQqYUbq#wk?<$w0;Rx$REzRAKMw`879 zo3iK&Vps8QGxrGIn1bX)F}3D6&9V^fitwM;8=uCfMt#(5Te?+Y^U*&Qxn?i7sk~?a z4P0=|jp{L@QZXud01D+0;rD9zp(-o1nKZA1 z#NX=*CaCgvM2#Yyb}aCpYeXf|Aczt^6_!&Xd(Z0dfej zT}ZY-yr0ptUQ68AtfI)Xzax!Y-v*z&+zT1b`fxQiT$$k?fLOr??^XU}@NqmYzqjLm zHmLPiTaju^^a&vPBE#O#k=T{`?e-=5?(r<&^Ee|1Jatz*XSXFY|E$Y?!`@Pk%9G7x z)HK!wq8{iaedkU1y7>w1GEi%2i)IwRRp}fA$EyPLc%GE7}cgol4@XVni$g3G4NUyKap(}OTO-sNUw`_b@fHP;QjjV5QaOw1E5+O z+^12tN!Z5Wtm3L12X1B+XA_k_9z}irY`wgUG-!8A0>ChG)ZY|JI2s<*{YF!hAi<;b zdWVylR9lS>`g}P&JlBPt8vF3i4@m$%IL>c%d}pyWW>_~$zLk+*qLzjPWM2{($Kk*^ z0(6~0sDiViM29eOpG?S^crM#3Cw8r&YZhtq6$9P+Ol09SM^^FFX21Crk*-AM;gJFNEC%qo$`tRPEJnRLSplJR}jN_ zYna-%QGMOOV#0;?b++B_Y;g=;;(>xgV?L~%`T*2Qod)GapRhH^s>*v(s2B>6VCtOp zxEBLtu|p*ESOdrsU9lca`B~pOwb8f6ZZ(woH=X2=5Otr1%KdO_6Y{ivMY5&xRCKCd zMaC6Flz!wuDFsq2Pe}4Ay3H#eKIRkFUXB%-&g}CZH>mJ*^=_8~JwyPjfG{sb&8*@h z-B`5m_8V>zSSA4WFj@vH_me$2f-Kd|$eM2ljoaIW&lQpsY%Rq{a{!nix5D=v5Q<0c zZsF22vLk;zi1?1Jw=MJ!`^k5%a-+m}F9~wGZ6tOvl~o(HI^%)KOIkx9N|RC_kqD?5 znMGWdk6l(tvSQ04aB!M9IXSkXquqQ{CRRu% z#>DagKf%~2laHP)S`MaX!Ukti`bmr3xK@LrtfFitiAT_AUA5!Oa2`L6LP1APf96bi zmiUD=^!J%~K7qt5Fnj~EB1TnOqjJtav3@TS(bpZY@JSb>VFSyUAU3xMaBnNCk!1JQMkB2bQE4TkK=cxD(ChOlece-%> zzjjmq?e&ak;lA;5=Gf8q9{KsQch0GDn=c*;ScUwZe_%qNiVsz||8~qee8!abGIiqR z70qKXD`ymS7OOLk&x`7#hg3q-VNc>3lOJRsKReR3%CLQ!v-N5nY6q7kKAi%(1VopJ zx%zt<%y^~agFG&9MHGjCOrKAt9Sg2x!Z5!eILle3KFox^uXg7YWz?1YqjOm0x8e(z z^M-vqm&jM-Ol5%l2PKIT1X=Am!jW=cUuRE}lVWRs*Q2f^YBzG4ep!C!-_O!GuuBMI zl8JvPW!wE|*tmim)e|miC=F8;d%jjkmR?&^?fuYj@+ZR%?_^0W`SHV{*N0U!`pCuD zyICwRTgf%$oP@(A(!usIOS%lqRWCYavm6q$n26(qwDguzYH!R4xF|!%M_+4*3c$TE zAsit1@~;vtsW}adclyb8*z?^z_%h@SL=b_8t}m;SRCrzPTgEvbM=Ska(5@^5 zfM9zLI*ohvE}MJvkGLne#vKCU`2za_ZDyYNRsG#i*@=TiO(dZRnf##MDT3%w(lsi(|$|MKQ!NEt*tTTHqh*^x4QeHHM^#N0hm$;RO zcQ@*!p)y}A54UnAch{!Bkz-iO@E$k9ChEy zofi@P)o%rVJ+YN;WpheAQ0l$1pIIj<`2^M-uy^eG)jM(;{Kz}(XV))&P=~T?-H_^4!QPdW+rA~awY89oH8a+uchfriGnU1k%36EBO$q=+#j?zXmKptEY&?o= z_3BjXq@ytjQpdrvp9Gt)S!Ew_`0cR2`4STtYfA5MI__OUaYTg?)>|4KDD2_oYx8Z; zI$UCYbs3oD9*7F2eIr)OfSor-8hi=yJa?Z(FVK`)YDY_}8YjSw^1#T!#o8J*i=inv zv6iSBY?G%mGUGK|T7_{L+x`rShfhsoG1l^Z{8hBtCeq>l+0SEmLNYvOEf zReit5Z0)385eVYL;+uusa&ZZW33~+Ng~5f*4_>*8f^17D8MR!v zuTQ+s7Vvkv|6NkU%7?UV ziOKDJZ4;rQ9&(X4;uUDO^UVhz76Myafr+)3n1=-=%$J7o*cd$p_LpZyj(r0Z8%5gO zUG4v+-Ah=1&fKtdFEDKOE0Y~Si^Da1!YE6;1CZC1rb*<8R}5kM(cu(Sg>lN;yQv4N zl^MIWCnuY@LFzhrhtGP54vo(@UT60Z8dICgKUTYCQl&+P~D zNr^qbSW$U0f8Rj%aMY0`|AhCRv`L5;<@CT^aWP_lm@&hf+d|T$II0d-k~^jJofA3SwH9AMr~VhHsYff7ZZ2I8T-iKxZWI{MR45k z!*1U8&r{a6!s4uo1|F}TNgTFL{Air#)0SbnNfY1Q;Q$*(b4O~AZy}P}CRl9bDW@Y` zV8OK7Q@^#f4Zgnnn){vSn(bgwj@s=dQGQarLGIxOH*9U!U|-mK$8FPme0-UfF1~p# z-Mrfrt88<-^V*G$dya~o*$~;b`r908K{Nho)P9T*Y!)&hbK(6Gd zac7tlTX?Lwd;iT8gT*AYmC%Q!Y_vAaa}nQOU#l3BhwI)0^lLS+5ZsjMOQH$0QYSUg z(5HNq)M7+|wO0mKsK8+KTyr08GHht5%}2Fy4+JE2xLA=Ykz1z0OQgvGyI{+H52ezs zA~!*EYeSGkPHx-x30&$|Pdi8NqUG%2>NQp;I`PO+;J0MGcII#=FA=e?o`geIY2y^r z&CbpZvu9O&LO_Ylls_4S&;|N&WZorp{gVMq)z8v}*BYCjttZs`9twdRY&5e9|P0H1=MoqYD(3`_xY@V^CLzxnAA_B-0SQPWI=fKC0b!_%bRY};t~^GTVxI7*TWJd zSZx%z45f{E&Xtjko_G_I{PXG zAKX#W(+zl+3m^Wc*M>uEBoBuosOLsO&Z+0vds;sPn5W9 z#rmu*PFas_;VM*y*@U)qBlYp-4|QyssO7AtpnZnu07F99pW0wNbmnh~9H26RJYAo1xBrRTQ+pWF|w zyqZNzOEKwCUW5CQ@CK!NsgiNG95k6jK76F*gWpQ-l82XJkaPFL5B5t3^+X>RhvH5N zd%5XPjn)l!PpoD1=xk8X*ZxOk}Oh{z{?GZrWE!SU5PU+*NAXNC!l4kzbsF8#ipF`J;UM_K{=;GiAEDC zFOB19fDON*gqOV zI&_o+LmYNQ`ZO?;fG|EX>vtHizFUaw(IVV0wrc&g|C1+!#S5>Nq8)2NzA$XzV{AR)Ui1%HTiZT8pR3&M24`D3WF#BbKsZ62>wx6GIY?$-+r||c?|Ce+uy-)IQ z2W#e?KN-5+zTGPyxZ!h_Z+*WpAFfW%v-oTtwOc@+WS%6&>eu|qplQ4Ko$F7Ai}hRf z-E%wM_aZ9k^vu7ZUi4(p-@LEi|MtDo155wFeZ4q)O^~_Go8gr3?UrVtf>shQNW<2(@g zI?}kHVXFr0IDOJtn0`@fuS@G`l;oAJ>~WK$FykvE0BOk#81P*f(vxH3Y328oEX$fO z(ZGz%cLfC)-C3p`@G01&!JO*b`6|SdkmflB^~C469MHYNg2Xnj?BTqO2OAJeR^3Rw z`CW;e;yYTjX_`ouFbhpjPw{4{v)Q#ym2i2)6x2zERs=3mDbn$xBntYleVqpU60TI?d_znm2IGq7+oM8MCN!Z}n*s4<9Ah0-}1C9=V*j`#Ctt+X4OD(zuo%pJ2Pk$kl=e6bH8ZZBYX(jz) zCF-6VH~MPRPLMrkst6pwliU9`MfN>bNKg1y4Td92gb(uKcUb{>oxqaRNZg7gY@_=C zsAt#yJR%{jG@=0I&h1|96VtMt32FaGlS-ZqbmPxD7W0pS60I|e-+f|HD z?{c%$hn{H?4UsY^E$j~-t%hYFJ!;kLY$?n&C&?-6YT2KZcx_C7nC6#lK1f4Kt?R}w z4E^4h|31r_$Eb0?gb!Q3RQbvU<=?$j9)F<*YDjp+&)g=bW5iDUR<`eGTEjS?^89>b zVoC?WOMuoEI%TbOo)%H_IJ>zAv#T?%BqYT0h-2PzkmtL%faOgk~W$ zOFH*dv8*#hNyr63K#KtW7kh6V)z-GJ4X3+GTS}1%P@rhBKyil_Ptc&nU4j;Os8AdN zL4y`ZfZ*=Z;$9@U6?Z7^^v&Mi9lPvv_c?c*G4A({`;Kw**P1J9&6zbNbFSZfq3MEu@rk824O9 zy(wtQuYMt9UHR>XF8ZzurCsUTeH`5EX}Q{gOjA!T$G3DcP*xCJmcS$Ws4tR(J8^wX z;Qh4AsQ}VVTmAVWzea$zq}wu*x98I{jXPQezCvPYaT6I%B< zh-2m@O>jA}pz3m8xRP&#mAJT$I2IwY=R=OkQ#VtbGgNl+W88o)8{IeHSYF05>EMbr z9hWLW&ITPev-S~FIN^K293g9}!=0MoZ~43m1&K>3VO_hDW4JQ`Vm^6eT&V0Je1^e5<{!yDDcY)em6pY$|%xq1`fvSqoqM0E}7vYCeo^ zw@Q$WRA*V*;THek(1ZOm@v8P?L<+;2Mh?!OTNu)`!u~^LOE~^P(yXeA?q32t8%3Ab6x` z_*eYO@vq9s!t=|@=ENH_R9tiCLIVP>ygsBx6X-o=H4J7Oj$0tjEZ`s;^Fx z`C!Dt-o>rPW~m!N%K=)o^qr$dwN(3!i{wax;m}EVSS5{^!96pyw_>)REk{^mc9NqHn!B%>)$$0<0FMilr+%?3dXe-<{zd;SD#=8>)^ zVAkmgqdx-aN`5RLc@0}1jxauzfy0#vDL+(h)EWFV5QHHBedKO3^kqhusC^?rzl{$FeI-%0(~xT!n&b&GGd2(vWBA{U)^*49#W z$Bx9S?k-yAy9b)fFR$l86=v8Uf5sXLlnDyB7Z^1R>O%B6oT?1AYVMS$1CE>1DdHoGbLv?LRL)Y819je_^u zDJ)uGv+97nWp;y7ZzN#Abj3MM%%7}n#)qf^ni2mRZ39%Cq5?}-|3Urq+Xvifo%({s#FhzyMC(f zNOz0o`PMbr(o?~GW}~$^E;p;+#Z{P!PWc-Ja#uK zq9kKFm_EnVK9m+Xt$~nRHdOLnJzeuXT&TPLeTZ45fSf*=sUOerM+Z0{EPVWP3o^ z()oo$^JcvT7n$MQJz4fp>Ykl=hLPReyqzxIm!r&@Lu5=_Eq1u+2uL7pb=2>22EQ{h z9s-_*h-`o(M^|Rjq(ev6yyI7o9=a#DdStowa&C;ep3YNEj|*}MMirjW_sQo8HcOh+ zPbGxc!62tW2zm4gR|L78mIJU=2}Rygp@DFJg^Slk+ff%oCniJ&=4{0b3Cd$ZCTbE`nAa>MxAIdo-(}rr##?K@ z{J!&B@Ws9Br^O8BE+@1LBD?PXJ`9dt1jkndsVtJNSPec; zd_m*Fz5rx052&_5!6vXu4h8KwxlVdA1vGM3=sXm2h>b7Y%$0J%71Yvn`jk`=;sOBkaG1eJI@ z0*XP>lcCMDyBkwNo|82(ryl)32nOS=ylWtw=-746hG$t3x^5^AtL~!r=7Dg_DC6D8 z193{|>iy7k9{!;s1T5A2Im9Pb-$zaA=ym{+-pU(_p@@qw4@g>zr?}dk8Y|w|?r!q6 zF)l9kPUk1<+JZOY4<|m`|7KDTS*+}+UT;l4h^{pLV1+UEfLkT#43Ec?OA(LgnOvl|oLtzmU8jEJ;=U&dIIj z@HFrNol8IimDm=cb@8|@C0a%^x`>uW+|<-dT%23)1sTzSexuh9@eBP4D@!Kp`DaWP z$Ad;$9g^LC@VWb4g(oVKVviPl-d`a5JmS9{zk2F(mpY~xm%Ck+i&fyc=D%y#ub_7S#mo(b;oFg6LGFbH!pBtJg{FeAA0nmkcn%sr z0e9RezWYEq$(KqlAKs$qXp<0n^D@N~U*rwBJU_$QSKqVmfu~>Nc16Bi4wwt|n4MEz zc>)5U!w`_YV};Ga(-LAA4Bc8j{*VxSYg%BNInwPu#@Lq`w?gstqZH!b$YnsuuywW$QjoIERgu)U;~e%jc5MieQW{v)PsbrS`(Ni%VW zAjCV_;F?I9DzYHYN%*J;=XgMk^dU9%4`TdS{nJk|hK^&QhL-u1>?bex?B^MpxBJ?y zwRbR-ppz^+~ZTon5|K1Zu9(E~& zP!IKlC&!%L@}Wa<&464lV#b}l+nD>4kGQrDZyS(*Jo1m*2& znP>*~jfv9W0g~J#$%;ru0TT)P$;TSb{2lD7gO$;e&<~Cy9YxjRBRt$w+3aiN8tyPB zq4Jzr#ol+&uNKlPviR8GH33X6u8MoZ@2w>-5 zq0u4;f#or25GPL|!9u6qZK7d#t@Jw+J$>A5)2%v-txa?0!EXcByys_)QAq4d5zH?ebjKtu1y!>r4yoEd!Sseix zD$aZ;d%6Lg6vm^f3*)65cg(>`-Tox}jdT}M&bw7S^NElHU+8YQg|LGjj~@5gmZV7E ztED`*?-Y_;^FZdgMu~iZw>z;eHHucLgyo}EliHam-RVKeyULFnqw|4{jioy zf!_HOQ3n()uTU@5Yy(FVtDV5bZ$r1q1A|PIG*bu`KaQ^Dh9|2{>AjcBF@{%c&>Y|C z?(~;xTw+2F(3r;0#wbZQuT?k`F(Nv=CDv2+%|&JM=!M!b-Z2-SW}b*z`2QB~>F#hh zQ)(?ft1?Z$Bhs!(gs3YQqmX;1136^P!oEF6RT?${PsoXLuw=IEj9Oko8a8{c#Tc^{5lgHMq-gMSmF-FGSd;# zJ8qKKeAaM6D?h@;bE5C<@q<{$_R#@!Hubtmt?o~Bj0`NlFgRM+MsNVyl;ki-n4j`I55B- zbKoqBnS-pvC4K@1$IXU~XaKx16KM8iHwnP+_sxv*r=Zz#H1iJn@ z%I9}$u^@~y_i{OJT(Y$;0#0y<pXN7UfDZ>_O{*4$?Q5K`;p^_N`T6Cf^6?MQsE!R7+FQ&ZXF-zab$^+fx*xE}z zSI3UJm5gCu=j_?`Dg09{b6xGD%W4!pNpPOnNuarC#}!f>zj0$wnr+HSnmNgDM@);N z*J6jBY>{Wq#a&E`p`N`~J&x6g;2~)anuw>;3LlH_v*1|dBpAR-I~s0F*HR4@oRoin z7#+DWzt}PtGoBIPo8SOdslW`4#@IZ z;zMPqi)uu(a1!k__ODL0)YK!EjeN>vJsI|y-y}`dAvc$+fu$)U((7&xu_YzA4@|8G z8lWvNSf+MRo!6d_S7$LUCA1sv#G2NJobUi)vBtzH z`pYYDolgvi5T@wiXEIqLAdpbkr7@GI^tx}4Zr5EQXg)V9q=w55BmIy$SQlZLCrSyhReuOT^U1#=0h<^ zA>S4?xCz%+>hOH5>}h$UIl&`L7P)qGN;|mZ#ox3Q-@(SH{pphfkC_gMp@R2-U1`ow z0Meu_T|!1LOzBnIn#M}1nxqAd^U+Ln`2Yyy^ZMbDe~(il8HnGwexza z)>xN9hB8`l<1}iP`T-KDXcw{i!3B>pk%RAdvvAaZC1)3P`nF3?$Tt-(Tz|{PzP0{J zx~V$~Yzj-&DE|cLVtt#UucpaWryiUsL~LPx0!H33ex}vElJ@_V`@bxVR+H>dB4>IO z&of&4YJQ+_Cv?S0kwS(H77I{y~{d!C@RZzC=gV4${|PUf=94<4&WR{AM#qS+;_gD4*z!qkJxx`n&rZ0N|^C za4xoryq9R2DO1>0iD$w`hT;2W3Tv_(X11a2wTkIbuas7TFfg#wW>tU?PiwGIhxwX7 zTg45E*_%HBX-#b|1kj5&Dl_41+KDYKx99dM28y9~QvQcleoF9}7FVd9#US0xh0dG9@tGt07$__$(_R5344XC6chVN+tXDG@dFv z9mFw{P}^!$2DsKd#^Sf*@4)}{rGfsYy0Lv$9=j64(^j^qC|8S4p?pt~1nOHG(2Z*C zh_>#i#wA5ih`MggX<-CzAHVilDf&HRcC|_U!?tMa#0q_UpIiq25f{7Cr2m8OQ*fjv z=zLoztfLEkTn}vC@TaPaAiq%tHuz9fh2SfPuO(Pba;9OG*B9iMq%icaejf@~KD6hM z7I$^r>NJRQ4`qntu!{Zuv;|Wb&rd+FZ;%Q|wl}DIbZyB(4C+*}Kae&FJH2n<^dP0} z@wG^!^TcU}!5;sv)%_44sZY0Ispx#$|Ra(Ly<}P)lx=5rjaGx{>r<|jlWnyw&N;wu(WzpmFk>;C-s!s-*lV;@BhZA-;r`w^!7)kjYdrpdXHu_j; zl7I0mj00qfnsRsN5=7V`Rz7E>WT%{lb}Zx^f}|w*&1^Pw9LK7UnCUoqFKPSu`ni*v z_gJdH>N6Z1M2THWj@$C-6|9O5lMYV}Fbu6zRb_?*kE75yN&!ykV;FUzm^3EQ z8&x*#KmlGiXQx&?WM`q`bPvh|7Jf`tGUj+2kl$I8nO+*q(n_VJM>Q~iW0ll`_9#PU zar6|HdyQ*|oa`V7Ol`r9-z=E?G)@%IsEw&{Q$Ei&b>0NgbX9PiW%hF^LA8-BP_| z#$0g$RN0}B^D0`^AaP3~1bK6F1G;!M79!Bc_Y)w!_Kw*0YOP6q;wO%juW#G3 zzi{m?esjE-?!1$;G%{G&xIlSNRL&w4C-Z(FOF>qQL{-e$29rLZ#UyS+yWw$F^RnPN zTYk=hy5PK)Lni7`xok0wW12%Z(Bn9&&``}<1 zhkUGrWpM5{J00xb-qkki+oc|2txgd+`n_9Ww-^YrW+&KEt7_XBU1PtErbM(`s3uI) z_AzBTWhiz&>df8)J6o6j{(iGrg+)7a{P&GJ0hd&bODP!xnD&lPN_#QHDgNPh*Q_xy+FAlr)p*mLscX=2%cheX#2^};^4p`Tt>S(E`I_RH zvhi)FN2lRF8=VwIa3AoOqm7L@6^X5mj9H#uzpiwsJUs?Q@Vlx30!s~adg6O+#l>0c zutsMqtwD)wD&``8#3QQ!;~&;JGsmMl-*xfEbtCVR+G$I$Vd&kJ?_Eq9EX$_Xm<}lC ziz|*pM=E!J0@TO_n0x}JJYcK``nP{wFg0d7zUfjObRqpKt1J0m`}O^=U-By_gDd$1 zX2V`K7%}<~krdWxrFJs@7~A_?LNXvCiVlcB6Nie28Lpf>>W?&MA3dTQ@RF)OKjSzg zDASnbcvdg(iev=PJOY?9y<>P8khaIi>AKg@*B8d5zdW7-qxhGG9C zq(NEgkkt;CL_H6v;GkM(Q-55Q7MR%{_BJ|$WImOIK^a97Y63GMU|ZIKX$jMeB#bwp zt=XgsS21A zO^1~~i1acxrdPQ*`XAjIMkBGwMn4Fm<>V4>q>omE(V&@Atw*4aSt4uT*v7B+`_)rm zoem_?IC*B+DGE)z&fE*wwOSMzZ&P?dM_5N z?jg^3>OlHyOdZa^rmh!)?~?!gh{X58qE`r6DM3Zr8fnk@A!OZzGMYrmi?DWu8rU9i z`sJagLlCZVS?`>Y<5Oe~)^WN0Y3Z=c{hGM5#GQDayhm^QpWO?)!lua1YEACF#fp_VOt($8R?k^2SX3AG)#J z3z3O_EG)quJ-&*Nb6lEL=a|!wwx_mx#;q;h*71OtJ>9CmeLjpJlmR-Ui#7eM9p6*f zcrs_A?94l)P0-m-yc*FF9Lo}MC(fi*Pb}|q5NAugoT+K_OG(p62;+$vvf9he$jsUR zwjXJ|JTeXrN7$w|#omBJbVT9B+)*DuPu#k?wcu5OQuP(V<_~!8eq_z*sR=t(bMbb& zxn4NOQWl%?x@2-y^x;|z+?p+JvS)|{BLhk9T6|7h#Y0FEk6}(A%S7hL%LEj~bym~O z<>@>FFM(8h*`xW5W68HFnS>*g=-?j4v1-$DKr`W-o-NJ_f*~2Vo3@#y2oC45d)qTC zxRKkn-Tvb*rl%O(aN*${%yFUg-U0m_Bb!T}mmVqdkqzaz~n87j#on)~=3LQMni*mEj z$i*0EQc))$8fo8VxScU+_SHIt+ zf7?Ti$rqZ}zcvZd9yO@CA$=Ng*PpIJLcDde7>C=ABw}i^jn>@2YCn%tj(`k2VHN(t zfF3O2Lp36hm_7fbao;PD=dI-)VVlw@Gz;y`ndCK2 zd-4k=kmIRIRE-<&Pk>-mMG?FDGNRd)oAAiub*dLpRv70lj-2o9 z$D7=c@%3wgk8ijECn&AbKt%%8xO-M1Q603hk>Va+5SGUaV``|kZK(sOA&?+3+jyqo zeN+ABqF9pan@xIxqS5%7O3l52I_7+L-VS(uB>wcaEb~pzL943$WI~svR*j`Ea11^X zNUR*Q%$7zWpS4KITxoTrq!=qlrriPBefPp0H$Of?Od?p#k}AUGR-3#(G zTr+0y0T=E4#8}fj$#omj&GPBCZ{49av!}h4LBr0)_tR{WN9IE3T@PYduLX?Z0z*7- zGT&N#?r2ob%cnvpcWA)p(OA(2&d&oD0$TzZyuu9p*{vTUtBjQ(JfW}j9Bb?S%I=E7 zd$F|ra_&CQwJ9%M%iK1<32bBSsy27Y`eeGFI$>d)HF^8{1NsbQ;<_Cg1a7z)-;6iF zi`#)($=^kDc>{+?#wGg3W(@l6+pN_Zl%>_oh##` zFsFn-kR|TU>ui^oMV^twsLzH+z}6p&2@cWv3-sG#;|-4vqI6e8rNiON3huEAhN4)? zFx;Ks$Ul^}9p#!TLXq74?U9LgV%C$$@AdY^<$en`3ohX$&}PmtV5D%M_NQt*gOj}3 zK}ieZY?ziGoq&p!x@3Vh;i7$;#r^1x0N+?p1(Pi=3ZMKe0%enW;Bl zb~sH>`}%Ix@c^BnYiMcE>W$8LtXxpKY}D5&*3Z#{4PDi0X?hG4%x#kPxlDSSM&*0fAu8%9=x4h>&ZjmJHl?3kGU@T!-maQP(a@G{hd0uTT z83u;DY*d>&(OQCRc%Usc&=zI)g&tGGjFh)FR+-M?(o~7k4*(B$233O?4UP3f z$X#*EXH|alijCo5@Y>D-{RnXxw~v!uT?~hoH)G6No<1DRP7T4n(s5ADG>YNsq1~O{I@wKktfp&diGO0}G9JsNf>LR! zWGz_j#aHM_&c3id2`$@2?8fa{pn%Ds3}SBq8PaNIAiWi(xLFeYD!DU%pYI-h$1fZS zUwMtB(?BZTRP{E6?tZ$&p0)g@#GOi&q9B z?Qb>!N4%bX-O91p4apCyrVX-k%cuDk)Z@rwz}uz3MtM*vK2b-#@|xO6*bqYARz%(e z&5Bo*Fq4vVN-~T-B<5l0Z;m!2&dlRkoTv&%5v0r@1nluo()QaO$jIZ@g+<_Vnh_44 zw`PRYy^=JgGhvo*&=3fe_BO5@`h?y@p42o=Z-^W0u3I9kk|XcoJ7u1cYx^jHkgn1n zK2M}lLfmR?ZltbWg@2@0juJ3?v?^CTA}a%Jr`HUbfH*>hCCKbM4ak06*KDzq+3;@d zbt*?KAegxC(YAduZ?PxNXEC9mz8j1mOOzBPQPX9oMN@sW#4#pu_x(TH*;KqG6|gNf zoaKE>=Uig8YCgqi$fr9FyHjQM_jF-E`@3N-5y6kBQ8=;xO?e%i}^4IL9_djL>wC=phl>!9uI{sIkgH ztK6uloHWkd)0a%?QeFEpV2%mVnyx~NF5(4oDazI!CXFWs^aCb6MNUpzFM{St?*xX9 zFFc9&N*WZ=)6sEyobUKFFafH=4>oFxCZ>lY?Gti93>9h0dwM-R=S^PRND7#D1EL%^ zyt(dI4(rl271?8Pm+s5F1Ib|gLHlQhw7c0z3`7)uQw!^btsN!YHa!CQzxP<#|LAh0GAveXsag*WD4OMd2o! z2HduXbLo}H2y}_k{eg54B4(9?dcvNA@|C$Z$eqkd;Roa194qeJ$D_M7C+Q+_Vp4y* zi3#|Zd|k!cv%?8qsNy}SmJQ87X%^N)@_?AwRoZiXuEc+tGlgcSE3B~0@Q4LbDz2kA zBh)>{afx#fuP`uKOPbPe_o;i$PNr6~^OhYsAx4T!zIUsIKtoJ=yT<~8u!p<3RaF4X zXY5BEy@_{l_3(5V`==AjqdfB0ha69wsJV35Ns`EKm&U%BxIpYFKd2bY4vOa+m=jfv zas%cY!SV*}?lB0PCxCI8Y(I~dFR|2pvu+Q#FyAt`kwr_{?bxRy;^ZYSzszLDPwVt# z)9V!2UVS)YKdHm+L4J2_r*(TLNu;XYr6t~??fWCuNvL&Ok!LstQ&_pQ9>O3*m0(BD zJ*~vg$vkW<=I#Rco-M5P;%=-OB$vvu!|eq3O_{F0hFPXt*tQawp?*T3vK%xW!2k{! z5RaVbqkuX3GblX5S|$&!ca4uRZ#Y;sRaDB1PRyJ>3$&DDQrtU!dWcV)fTR305FaTj zIxr#~qa?$=OvNrL8)a&S5tsD(xH23Fy-6N2Yh@IT7Ar{}J7Y+28K7Wa7tx>{h5vY> z2Sp@i`fFWWD;Y}YBqRMY9TLDhdCzxR*3e4bm$X6Q7dFLu{HqORVBfmocIUF}9oX zvf8gM`9y5ULk6F?#1KHWMy zB#}fXE=6jSmvzHm8CSgXL>1WNSS6Fhz`?~-|K(bH&_JF_a~VsfVwa?D*BoX6feI80 zHPA-T48a_zn7X47xE0+<)BuD5%2_dBJ42$BqZdl|N>tc@` zyo|JM@@F>VO7$Vt!D!l|Cu&0gfTUxAF!KvK2Y+kX&Nzn`x#lUY8M1El9+W69k~eQd zr4B%{y9uljF0JM=HTVKW8vdQ%#+t%5K>S=T_?FPY9lLa=TTmsr+c?srUAeG^H_N(Y zKLI8p0T+Z@7TU#MNrFR5iao+M7hQ~`fv1Q#aU1+Yd`I6kC5a-McN8wK6nMRcgIFj_ zJxGTIZHi4C?}x_51QhqstusN7p4!ntIjE`ZP#fL^qgZ?;lD^{O*1{t=}QVTfy$8{d&WnNYb-qJtc!HX^2a?%XXh9CPi1p zbD^HhYw0@|nP@dai-7YD`{ORSO1e_t@7ysb+wYUzHA0k$q2U;rI7K5_nXs&o_5hgC zL_tNNQ(n3GERPfTGk};Ml;~g_`Iwdv{ z7^A~=vy6yNn>$`f%Wvr3)a(DcOc93W&Fm0Hw4a@t*obsGYH0)op zvFY^mqYp!jG8>L|I2nGR+d99Y-$b9OZl7^^zlOC4x1cXzuv5+u--7W1pRt_X``!$P zK!puYpMIo6Ga?#5(Zo(Qc@Dr^!S%N8rxN2ZqCaJEdRcec-X6-h#Cle}tlPonJm+j#v{GepM_YTl$z@{M-8O>>*QJ9wm1_4u$C}Mnyxf!44 z7mD<`>^G7USJ!EnPjH54<HRuL(QD|qyYx(C&iej4ook zeyX8QG&m?`w2sf`}(U95c<7zQ|1)Kobg$%P+ z#Zn!$DeQ$`J>HpWuE=u6`|;r?px@vsWZ?@QEt%mN!k*RB@h5=quL-hA8FzmyALS0~ z#bfgSE#*JZA^%%r|1b2hXSdH@l2jnZS0!;XPfTOR3_&Fg?qmM6vc{q_;neX=$d(b^9sNVLQ1Anfrt@@_;{rvMM0rT1HF&d$8-AxKP-mC%vsOM$>n*n zJ4Sar3yBZkeMYqyl7wAir;TE_IoYaL3hvl(K8=g^d+U+02OM1#dCXFF?F^@O6&Toz z9#5BHJQxQH3h9`#*8lGy{J%R0Nrpe$;by-f7nwuWlN6lg8^>5$%;!AM(dbG(4a6U# zDL;)dwq)lbra4iR(b$N}>gpe`#5EnvRcKykA!om*bq123Sa|%&M{y?TvF(N}KWHm* z!Kz%wI^AIbTHasZK{Cx0xpOn8+HW|oBK_E^+lN49+|!1A&n&!i8II|m;GSZfUxh=d zLk6mpJEJ<3qTj|q6P`-F0Zm}QG z9X!I)ck|0XTMH0m!z6??Hho~8={6)2hZ^a+qc?YHvsBy}cE4Gkdn}ULh0O_2r8Va| zCeU=`r46g9F9+JIbjTB0vqxr>f=HsgB&wstbrA?GCczX-79Dy!zt$i06QC#UW>IN( zVBX?WfV?K3z|Q5!@R;z~%6tpdmcK6KL=nyb+0Ze=NR84A)oQ){39t^+SS;KNya`d& zA)i`h?H?_S{anAwJ{i|MkE4=NtxQ8QN()!9X$$3IL4OpAW~erWztIKItV?`s!r9Cn@fPf`l@l~J$7 zj2rn4mz26EvC69t1|ys6Ltj_selBj`(3dY0=R#G*U4+oGrTL=O1wxgA zxuZ%ZqG0wjGo>SS45)Vpp)s=Sa*`4Wa7ESP;SFPT1W`-vfF@UI%t^!ykOsU;y2#~_ z>8(E`SfOA)nZudidN3ms8L(zl3e)LIu~~gHbcB=2lEHLiU_4@=e9$;jIb>gk3maew zF#Wuy8!%*A#hqzF(w51goX{Mp6EocGIkmD*Yz_5|3$hN2mqCUZSARlQi+P?n(9YP{!pDRlr zc%nwA>WAys$#hC0f~z_OvJ3Q_N&}k9+oP*Hjb4E`Obh)mzO$ICD z1~3B;_9`>RUsKYRIoagFwUVbyUwHq`bK-gYtwN$GSFAdDPw7X#Ci+r;6?GG@(6M1L znYhF#N`;0;trN8LXZH{iRmV4%A}UBS-VJ6cJr2mD1wpW4rmt-zb*}^Dj{m|US=xL) z;zjz!(!Sf41CxE%Qq7?|uZ^-RE{fkbe@!#oLIG+MNew)|B{fUB{3jUw)gwsmnlnKw z3fc?Fgq!A*Y5)bRqdUNSJ#a4+mYZE=`ybS7F~uvR=ht|-_7pvV>k;}4@auH0CMl4Pzsa9A*|9^(vzj~zj_varxt8Xrb zS>10~tTOn;J#5Qq+(dazr|3*!WNftWJ)2=f5Qs@tlbduQWUQN0J~3hyg3f7-g|5s= ze;cR!XOr2#eV+CtCS#2VS6Ya7aFZX^PQxMDGa2~UjXK)bmydE7gaf7$={B~uF*Qx$ z)X{l$_Z^P<6~s2))z{MB`4v|n+l5!(bM=2`Z2b4%I6pI{|NToD^&^)+GCuTjr(Gp7 zF^GdQoU@Z zzV48n8f&xYvc`p`ou%-c>^z1$m2qx;((e*&A3)|PQn0fN53ujB<~oc#@MK(*!X-(` z(u93n@w;mhUp=7zT5xKq6HZAXP^77$mLg#35-m}!+!-^Wpn=4E7Ld%yE)U8kqZOn} z#cumfz9|}4U?esvg)92Tz6+!gmsow+mtSc$dqh)#@Ci51e`I2&zl)TKWrPb92(Q7M zfR;+K7*lUT^4Nb`e{L$3CI{EP2yM6g1OWb$_^0i0J6gt1Px0CH>2tjwe>whtppc^E z0ijnF7;X2))-#e&2@_QZ{umYB;TKqU38swkDF4umP;paTqKDV7FDlK(Vr~PD8lIeA zyK;QpE5+7)s3K6+39`t*Hb`mVu2E7%5-NaC@TdWSh0dS7S_4=eUHOs3z8|2iLZ}S&y$@IlguDcYx9V{|h*oIAahbQ*S_3wn{bi zei9YWw&WSIPc%&`6`2e+FV_ly(v+n#N@+w8zi{9ftzg@I)S770!ntQ5I^e;;2*kP& zQC_AC)Bw+P@{b^T=x09x%`a|Li!>+L(=DAUsOp6aN}7Z#jl0lX8eQySAU${#kS9Y* z_4z&T@MlJQ`^j)HVfbvplQq&m&bpjUM_VHKy#(;;S2L6_a3xG6#~2gn@iKPd%Aazz zt|Gr4JwUkNoT{_Rkd}UoY|&Y$c>|AGO9RH}${5R{X`6}`YB zoF2~JY(mYmX!6`*|?6|tW8xJPmR4( z@;UbVMy^#oJds6+b#l90UW*`~3FvOuvu;e;KM_ts1f6w5-6lHhEwM7{`mUST4hKa= zE*gC*-QB3~x8}WTb`GB~Fa7`$y=O?ZJ2)CitqvYl;w36)k4O4Rt z?6zBbTiwkqnR0FRQ51V5)?M*t!}$dEf9|5&_*^yeS#Y*8nC4$h19tl8Nq7@@u=lJWvA-_t>RLe%f?-XO;P8qn>CzRN{uP7{$lRVVf}=pqEm$9#$1_<*^a zZA$$FYz&>;PXBc_h@GG$YvhrwiV%zxJ+(t-W>OaV9{);6~w4LgT14cw2 z>HS(2>o-;Rz}c4(WYl z_FppmLyqZJ+F&uf(R+|f{d*VXNnBRmp_Wjh8;*!HMqDIm=*e-H-gbDwy$u|nD>?k- zj?Bb%=$;aSwZ535cl+bH9qibb=_|{ZxD(@-DWyHC$L#Iirh>LRZ0{vZ>`e^a)4Jr4 zn2KkEvhNu{Pq2IXLII!T2<9sDB^OG|DBd$sv(e6tFf()bpXXx&)13}U-t||PfM{*2 z{Q|voJTg-fY!AFBgG$fi_`1?M%8Z}_>)FnQ%Y5_&!C#kM0zGkk31M@Z$ZvC#NM@1_)Kk(qhq0pJR_bR)$LTSwiZ6%*$;mxiLzd$ z3HkO#l2d`%kMIzY-Ed0-ue<4rALBR`Nd2F+Qg(=aF|!xpxs1-_jczUify9O9iA%zb zi!)vq`Zu<_D19$7EDFBHi0!@HZ8s2s#^?Mn2|w@tLtpGlTCn)3!nkSnIkB+_$0NwO z65Ka_I1Q|%g+LtO18BYfS%(YO3x{Y4W*xY^H0Af*W4JFZ6NDwgWBFCDu2B}xMarQ+ z*Fl|Lqq+KwULd`-d-&@O{2;SRliH$S0$oB##KVHCa6rWyeicD-+*KcXP{3Qr(Xa62 zh`_h|YbS@~Qtzeh@NtgI9H*Z*{p4@)Php`yH+BKl`2ka$r=SF(WbS z=+{r6S%;J-rrH_|OEAg`>2rDru}}N8zf{{_s!0(bJu&B@Ko+&}xF}R!J8l&`Wx{Xk zZNnXH+i9U-Zvz)r9__9^6so!J^JdOP0mXX;De_WqvrAk_k#V>7PKSCT^HuT1wpBZk z$!#M=5y#@BkUh(;9&1boZz8v~u~De<;H$8hao%lyV^qBj?`ovy%Bq^Ab_ayOdB6S8 zhOF2PiqX!INs2p{%4X+g(S%lJ2iV6&;`Byg29CHmV@c&ZXJTFO%croCU`}@(au(@I z5*;*_1}2ivSr;6K1o`M8N%A5V4?`whbvwa$e2W)5dK6;F!o=Q>ibem2xwnpLYu(p{ z>8cB*P+W@ymlC|#DxP3Xu;K-R6KHS?bgcr#B?Px3!MzY5SX&^tyB9BB-07En&Ue=C zK4z0dCvyUT8>=z}A78?BhJOKa9zSX?qmQq6symnf8F zWpGqcxm}%16}(L->a`Cpn@h3mgkFPc5FrFLIk2oX4HaH z9|z4(q9s4^)9Y`H{x<~3aFRB_IgyhjuT;`_9hhJ=0pM7BV(UQ0_lqiXlg&e>lrAmLnM3=p<3M{CM#Rv{s3)?#QMw_=uE z^N;LTt}|PXT%-0`p8m;aRc?;br7uiFUyWN(ucq0#A$8PrGhYVd6Jht^L3AKy;+*=Z za+HE;FznYmmZpSf%t%OglR|(#9^PZd=KN8%LZ0<#KzS3*0=DV=*+|-M~KuXXWVF+blsl3vLx_X8p7a>U1 zmK6x(YedwB=%#yJ+Rg7HeiDU>3y4J2OOG`0sJ;1I(OXJ!BL$Ss(Zaqc4QO9>)sP;{ z#J;LdI&{D_^#(^plRKMBBbp&f z^2=WTW*qoG{E_Ly5F~Ae#hsGW_%C&oTCATVX2~genVp&3_=Mjh@MHnW1g|zi*Kbxq z%1FnX{)l9Piz)j5OAORv;XkmQ|4Ve#t^N@D#d-BZs|(TW8bzbR_Gd-)l+*UAeEjzJ zTzgVkHD+nY43pfP>KtH7M7czfi>beNbyd*w>o5Kv8 z0I zsuDVRC_5OYy4%qOi9?tcNbsZ9CK=N$Y6Ia|35E{_><4#pU+Zvb-Nz_b|Cw)93p~58 zq)uz1w2ok3ROb@8G4@#^U6c0o$i4IvW-MAzRJ%`}gsdDc5hlYcW_4jBgOWC%lt(?o zj2qf4yJTAVZm@f4)tx^PZyJ>hotg%xGZmtHk0|gj^=2h9tE?F-MzSM-w=rv1wifvfetTMQ%nxle|q>>BoOlK=mK&pv!C<*(wSv{b22 zO%nxgaw-SRk-z7wnMv8vu;9a;OlXSFjb0Yrj*41Lv;tpghw0`tzd?kf_R5VyoGiC{ zBKmVSK`|$}%*1cYGC*unJF3KDyW7m9I*jJ%l4BVc-(=wM_rXtW;Y^yVxD#-odUi|T@&~!o(yxndyAvOKu^+Q8n$Y8&{ zfx0o-zOGv`+-$|!wzzEG8I0ejI;8OAwaz{iIX=x8(o0b-@jN!5RLCh1zkP-ZzIYT> zi|g=f_~fm1`Dp3e`A?!%d5_P2Uj+NjnXdy`rC1`q>a3&;Wqh+{x;st??jqrxLlZ0n z#ZP6L&!YeBN&SEJVMzazy31MNA)d?9T#z7aSS9MVZvg~zqKgJ7fLU2r0JK;ja961f zQ>{83YzVy=w&R(bd!$o{50uc!;LN>NdOREkf1C{`F`l-h=&dc)=C>mC?9wh%iFn%) zer2{A)20#8`sYe&fkfEzNn6c2=AOrAe9T$=7W(-MTOby`o}S|g1e`K%gT4BTv|`tR zNI^jvUpz+5PP?5R!99%*$>EGncRb>nsgVxh+F}eGQ!Mm;GWRl;}T`+LhJjAV;?4a0o5vp0|lY=k)!{Zwg zcpaPC;aHH=ZZrG1^+o65)T0UPtL%xd9yw85IWk>mYIV_Bte`EVWgU%sNEAU6@70gJ zqqx^bymsf}e*0Bu$T@ig9f7;sur_^@<#h2wIs;c@_EzVv1>F@lUI~u}Xe+9xE=G5e z2P9#td3(VS02_!vWl2UWj+l@}Do@7F;l<8%f{ZUB=PRGchz{IXYDyTYIN{gZXlX|Z zU@Ufw%0|Nnh@Lk|t|NJvoLBscr96htb!Aq%u3q;N-F)~@cfY1Vsf-Z%irYd&W(|Ms z?zxLOEJk+6omcD@j#Y4U73`e|Tu;cW^gHiF8hM9KYhyLUdKRz?r1=CZN2e*{4_B;! z28v!yexO`o9Os_+Co>JN@Ip|FT7lKMs*6q0@&VQ2_Y+3v?(e;DY#w{fP;C$@k7t=# zs*7-tcF=oaEx{i;8_m2@}6R_@^i6zj;27(kjX-Wzb=X=Z0+?7+tbQrHOo6bWT~Ynl+YzSiv1<(a|tFvFzn6? zZLv?*eae+l`B6?y=5CLrinD$0i`~=bvYOG{*iI(yK3@;Yzlr522+UXFJ4(jVB_9f$N7u}RjUP5s4;LIHED9$c zs}XE39W>aEb?2IMrPn16$%T@B4RZi zs4w^6aV>WSW5k1kM=Yn5>$XqvdynOvv#OaB?%NosbSf@9ox<6kskK{y+*DpBCC>@( z*8L>9750;;*{n%Nw_5A|lVpTFSd0L8AgyaLMX77tiO2fJiduO}X^(mPq^>z?pV#Sa zbD9uP*{^qO%$&=nUNsU}*#X4+^j%$7g(p|Z&Cl8wGt5V>+uN^bmE`oc^_mID+8tT) z3(CA>8QJecL|yNQZZeoL*d@`b!jtPXE#cqz2oT@L5oy3@$ny&UsVTC!gZPb^4qSI} z*cgz8M=9BzDlv~k0q>PnP+nDih_hxdFEmHX_QS1UUC z*Xht3BDefzsv{_{AyzfyIb^{@>GP(=p5QV2_G@*6#zql$5@tbZ2T}D{$VgfzA%8;g z+jNz`6v%C^PRPi#SZ=cKIJ-@FuSNmq;pHzE))gf?-_a4Xqu`f#9o3?ai60tL>p>Y( zUS%J%Tcq+Hh%jX?BwY|dhrbc3zb`ghkQ2%m*6Rq?xqr5m<>QZ~`5LFjSlO^jA^C@Y z=Mewz*J;1PB)_O82^G|T{QagA?alQ=*8Z|)h2EDCa`Eg?>zm*BnNyee>EFu3$9x@* zyaJAZNqrT=eyI(#RrXA9&6a=)A<&UtqUCN?M!YruQW9mB(MXM;rU>bw3N&_>y(9&E zB9oK!ljx9grD-LgJ8wgmBDx3f1e8=-`D)6IjsFBjA#I_Wew9EV@M39-Yr{43_Pv(- z)NwX1N+XfQ*56$3ATJC!uCkh$iS6PFJ&K>q9@dd&ChPPp5u?VGEB23=%F0(~>P34f zTb)fbZA#)xCshxdPRFFYEHfP9O~>@E7NLyHxh2L;0Loz_h&_+Au9m(@0V@6kk$s!8 z(hY+QpGqouJ*MU@98algJBGG}sznieV;FRbCvJ~@99uumd~MR1L7S!aP_JT94lKE< z#s&6>4ohl_Ep#{*T4BQ|V%KWVUOFdsn9u=@W zHm#J?d>OU`8Qy>NnVWL3s|+W!Xi zn7GeqLk)jZLiqBKh8MXG*y?2_m!WSVh*lFF93GX}w3krI>t(|FGI^vhh2>AE1#L)c zf*?jk-<^xy7>2aIVr2?gF9qcFHl;fLmg20@y4hDewisOh&}B>Dbx=V5xW|L6gijMo zj;;i9Q!q19V~Mhpw?zQE`60G@Ucl{#LbG1&I~?A+1CQtuTL3$p>4>@*I+}j9y*p)s ziYgi-zmi36MQPa1*CU`a6{X5Tw6}4OOnmq>zzV8XX zYMY>|C8okIVT;pgZE}s|2lS4Avdr(EsfEFkvD3&XGgR7(isCg1OV>lOV%IB;pd#JX zjpigUq*aff3cVL;)Lfsk;T##cZj!Nnmr6GBALEgJ%b2-vy>ELj*mGZ^nCF}(!ymKXu z^UKY-^Q{ zOkGF%#h4F|G7gK1J(Y&1cPn~}0@$Ly^kuVU6oUos9r{}gzu&S43*Ixx%NVUXwsro> zCNj&nqZ2d3H!vl}7t%)Rn7z%{DQ)aCf2*z%Kle8BP06>isK>06ydSiklgcMu&y@zz zh7Fjbqn*U>fJ1-JPFYVc*mXM-HBS4>innQsd;(WhY{=ekE8kJ{e9higD&Xe1O(p|i z;(#g{*2*%)ZBR1gz}>KKzlMQ6$ZB!K$`BxJ<&!>5l_QeII>LMN)q-Kq=l!nfpzOY7 zWUU>-K2~u%`7l%0D7;u0G_;6&5t28T z#FU8*h@H0FfhjUGG}$*vp8(QZm5;ci*xKCuiL8DS-R~M@iNEGbwSUnb9Iv7WNv5dS z=f!oL@D0I`L2`gL(+8&+uAGj@^@ASx)&(vn6-BvMsO;4)2j_ zetfmPmye{MdZ^mz&ZlM=K#*UinF68f1>m@Z@<;~L`T6QWY*F{Rq)pD+0keil~Jz(aAKsza&>Ncn6HD-9Dd!F>U+2ty5GV% z{?JoNRe!vou%jfw6hg|_b}~YU_9i_~Yc2WiLqFH$%|3ftJ&ow!SAdM)}prQJ6*09OYjFWqi#DG#tWzQ#HxAw)zI%ihBo15 zGV>uHCMa@ZgHT3=)#OCOFyb)3-&h5VK5QD7>U^A{k-G$_PKbj@JuwO7USq=KQN^@9`gsNH{H$e*3q@N}+P&lD((g zq7e$E3Syk$VZ8v$xdzl>RGHI_N1`-&Gpuu8N{4Muwx{Mrzp@mL%ovjNqZBJsL03*m z;F-?*{Lq=;FnEBhuJAPL0P)N4LbHvUlO`A8RI7z$Y| z9#wJMe9sV{mT8y3WIa?cTG5~yN^b;NG+CWO?O;83gFN}y53cEs_?jZY*?j?7-n?ki zLm}3r?a2i&7ATxycD3E^XPfI~Sn%4|(Nw=uORzEB9@(1^J5t3oCwu1LNBY}XR#=IY zh>jhKHM{Kv8gN1k7&AT-VFqlvkn&uA$G_!>=@E1G1=&NhFnq7EN=Oy`45h}VGiQIC zJYP;zr`vMd>QjBw=1hjgWYay_4}ij%mr6Th8fj{7EugYO)Hcqjua>Mt>fm&=d6^(> zB!5e&@-(HcMV!tEhCFTbPuoKx%nv#Snp--XCw;!?kd^%Uj_8gMpp#4R!NW({Y!z0w zjg8#85&%n+#KM2hf@NEc1IK_$FqDwcM6leqyly~>7=pPeR`vPW^lo&H+D?}sz*)5HSeP&Tzq1v6TB9YDdw1##y6IRFgaV56m+}DYtrWG;SX8Zym z9RH1f$eT{J?u_Uej&k6@8xK7%=>lLmY)vFWu8(( z6Tccq!`7WxGjS}$cgarF!l5C8QLIBy@%|)=4gYeza6U|b!4VPLKSZp9j9YQ*Erh!f zqSYS3C>mN70Xd`@tP#nm>E47S2u5+PHYR%owR337;{zDp7VczTd`tC{s3y@$O=nb= zm^gVhmR3N`5s#=!4o3$KC8$?3gM_pk*)s~gUGcd~11r#}I1P~6y8e;}9IL8L14}>b zY4+>tIAd_Cuz`l<9|Ldt-pE{M&t?2L(jDkwpgrj*^^+*%j2M^-D5OX6b%KBg4z+2i zwta2PiW4xH;kVy(TKy;dgtq_qa9Mv({IA*!!F0?Ne(}caClUYG$A6Iw{xxm$AMs-) zXIDE>KxzEsoESzo39f_X(1IpB(;vr+!jzNVY=%H#O;Zg$@!{dY9VaqPnKAp?qq}t< zxKF--4$5z9-zw_V(ra3!FPgv2(bw|J`19X*sQ`78i$v!#U-Aq|l3&I|I=_P(;zWFQ z%(@zXKz+BQei`4;AxId0nc~;+|8hD=sU72eNWp7#5AawG&#dk&87V<(tD57`G~GEd z5=Ui_0%C$3(Ht|q9`^lZzJHi|WA5!>*rY+$PMAn{MM$`@1}+pAA_x*p5J5S*+>_s% zRhBys!|2n{qSlkAwR{pkd#ROEAL&%NNzA$E|3=A;r{GE)&PvkP5?u<@_Ilt9L@TX< zVR;6kvn(vj29HMUrvByB=YOMak)056Wg64{L0uziTOE*@8 zGn=fS=lc5CSVKD@JyCzi;grV5nkSidGR7ei3^hwQ9LHiZpnP8?ez>RG>{w@2WvJ32 zRaqZk3*d|^^WwHUnQ4jh`Id7w@$2~JFlHb)ZmL&3wMO62R6cM~1uwX2p^lssAj7gE z4hy*Ct-4{@WS~|UM8&gLWgdOyHN$T)?xq))q>HiE|EV=f>&VFB?2Ih1mvkT*dxOHTWei zr%F2`dkSpLSYtAa7#W-+x+6HuWtRJg|GzxjFWV3kuY&|NL&k6y6Hm$d#jib}U$5ni_86MGre{3NTC{??DGcy3$s zYEe9S0;9K7-L81njonCWxUXJD@%GRN}4L-PG$_+y}H9i8=Wv~8_0Gh zG<9RW&gIph<94wyssH`M1Og4<=%GMspFH9rXTI1hgc)03UFw#9aW5>zMfNp=3P1cY z8!k1i-6VQmGnPtkW7ZwU8Dm&l9tqkE{?j1har|t)h&ZfFrH2p?bmoe?=04*5o`}_W zYO?ixv|my2j|ST}14^-C#AzoYR0=*ZoWVU85A&lMb6Y|zh|kaVQetRT?JQS~KwOWR z6)RC$1eUiDEAvOD$5V_j1#dG2m|}&0toxJQs$KGl`Uma?)g(e)PJv}VnrwHOdPRCI zVQV|CVNq4!#xxB^8T;{Ob_D+)wsYVyi+39<*$lVgk+5DPjhH)NRJAf{DKh&@N33;% z|NW$dT{RD-IDZ49(c(=j{ynxXpSugeKGrK+PRSNEk~;9nqd*;MHzCrGuvo5%MfeMm_T zxo8&t_@xuXtp4rhAht0l^9{yi=1Zxia)kuH91SP~g9{J#COw#;HPu$@3)#Jpq|`Yh z7wjq#Z=wNl?D9E>dOGyIJ50vqdDd7>(FORCH@&|Ml8V$H`*gHF5B5ER^&MgZOdfQ zjv1xNj~AEmcUz6NMK)Mv8BPCYze&p4YTNeIcRB-zwh@lm@gZ=m*rJ>=6TG={&KS@| zK0SBRVV!+XD@_o8uDZbt$>P@2r;pCp)+2nNKa6B=4M>CEf3S$Qqb5WwN$s;#sc=xu zXi%=LA3ZswZ4xQZ*_fS}eru#{>a`Q=x#&CP+x+zt);o1em?!B6q_!v-;@e0C=sxiL z?&Qe@53p!!y3kR$dY}|RNclE#+5RKO7a{NUrRghyvSFU(7s#r#uzMmPas0WXNj!74 z9qMFr0rZ)`|0DvJcQ+%ZkLB*-r*0vWq_-^mF|RG>Yqu|$Z!W=!2r#EvZ2P{1?l z)p@Ieg|J|a@YYmC4b%kWLBO8B%f5b7tK%u8xMN-8TKkiz7%Rx#tLk@r_mBWiNAHUz zKes-5tqSrl%n~f>h&1AA9{>c5H|?hQZzjxf-n@-HTJLv0yt#p5#iQ z51kY9_uvPj)9wy;rj+I!>MLSJklWowdl8p=zFx|>LRKc-SsTVjCHEcUatS8hS~3m6 z!MNc1lG4n{z6~@dPIM3NmHHt;V&s6kAt^!XYtvr12Hi2U@|J_sAe&|C!GjCDpt#dS zAX7y}vqH>A2S$5UEH@z#@^MijE`sn~VI^-EWome5eKKC&-y6_+x)H@phcW)Jz5G6i@Ev>a`Eb|wV3LkB}F1W2=x>1JMRqW!< zNdjna#W9_IooLRnS!x0FDLBU*<=bkFI0^;rJ2mnLs%Mou=+!+Prq{NKOlFPQ#%WrZ zUd!K+rp(Z?p2i`WcQ6WB04lQx`;fkz)7*W>uXCb2Ldiz;VIM`=9< zJ0OdYu=|!F)n&kSppG1wPIlrN&)n~u5^!!OvdtZK{Aj$rw~e8V%}}}?F#u=a5Kc&+ zA#|~6LLXBa)w+>7HI2ro`dO5$_o5VA zJO~%S;TQwZ%5yG`$~C1X(c!DO!F&?KH6g+9e)aN4s+v|J>inDHp$FTO`n4^ZuC@kN z3XZIx^+~53Xu3#=-Q;~XDj9qFMf1v?7N#tvyGRQ&+YrHo36=KwK)9(XDUwAEbs%ui zEfbS12j+1s@a+_iNf6_U4X{%VG73i*X#|X{HvmKD9)jcV=Mk@zRn4qT{3OaQH;0!i zPXUeP)41I?z$S?oS2xk1G2q&iZt-59F7$MQ?=oZoH&r{2swpm4B?X!MCe+ zq`{w4_Uzp%bF}&KY3rfha8h|9i-uTfq^nmXtF$Uj74G(8(bu~WmmHL0RCmC@DvX^6 zFTvSDI1zS+k<9nOzsD#fAO|#vEQ5{Bt*_w zG@{R%e%_L+5vAdpGf3MeuP(Ial2@6VqvXd^do?-A&+}uTJ0@Stj{U;l5w*0;Q^{a)>|96RWm*4X~UzP38qY-;LWX10XHUGFUU1{cAB7`at5y^;~>ARVbq{^c7EjntA zbfgfph7BQ(%3_`iM@*sw``o6h9C<-deywr9reUMb*Jaok7I=TTQ*EVOJsVzkpKD{H zff3vGjarSNN4-R|*yF{^(mzB~`Zc-HO5+l{bsWXr$QqW-X@uXR42jz}vK`yE;g7o+ z)K(*FnDIR+-VfP*00sA0HbopkGf@dH{8`f2LxTiHW0m1{ndautqeXCV&P=-V7%)Zi zA(nBjc2%*m=iBet6+4`RenLli$@ZAvJ@Nk&TzWuT-#kUX$4UTPU$6gcn`1FGuoycfi1mkDroz|PwHlX`nMj&qFjTp{` zyW?XfiRI3DL(Dvlhgxs0$ItY-gjwStkk`T4a%l~oT)YBPmmerhK1j^WR)J~S~gOgR!%)C;Dp!yoo9ipyAnj;VNGI0V*ju`t^U@uRQh-9%Z zCHPr?n>TX?9dL&cXuG61fpGrG`qWic4QSVgI|fgNOY?KO9A+bj?%x+e5Gr5@fF7@) zWQ}bxvJWd^PRl=aOdp!6gXuR~j79TK$koSj!j(|qo^EGI!DA}ZBw@l=K#n4Zo^3VW zm+zI1NexYLSKnT0d}l)l84dE*Fb5+KZ1aKYo(Vjl3YH}V6hd%=4j89rWgmFQ{ic!B ziyiT#0##M;j;mb#xPf-r2wN??oT72J)n2(de1H*#irAcXYK{h{acGvHMV8wGxx3e zVnMQ6rP(-y?YqyTJ*LVP4>`qZ+>^+@m(t3IfyQZHBicBl65`qbDqwPyp10lR#ChO^ zb2Zh27g3=6!?F84i1xSVkB-|#gFC-^7LU2SS`hD!JaDFA)^KCu-{2qS3yvyOEMs^8 z)cF@3*iiC+=(Z^o1)9pIr~BMy+JBILb2*QGfOf=mlIqJ_!|mB3)`HO7xCuDduwlq0 z5+;*4Jf&N(YymH~g;KAw@v)`DNIBfdG|OU}Syrdv9UZ_PZ4cT5hnLXK=@VHL-*(<%4@dY~hs#y-h7_$2r06qHjCBAi2r7{L^Y9 z$p`B4#R{CDqIbAug^EA7;`rin!LRZjO^Fm}5a1qyOYBM3Zpn|MKg7y+%caby7+Ldk zzpyVeKXwgB*Q1$KQan;fMp;?G6iP1X?qNkD?Z(_nJ-6q4as>CDhS+V7aF%wM?E~eW zXb9lwKqVY~O@0bVF0@f8uE#D#(A2`d;_VHN`#<=a_C1e>G#^VCis6haJA)@`?hWgh zg(ycQPtzP5u4d%v{djQ}rkX<*hty;g(!j+h?bsR%#&905x+HP39VJnAt}+Rnriad@ z`E@={U#SZHPI#UtTg;>>Sry#*`jZHAk4dX|;?GUEtjGh1GJ>BKJz~h?SJF|hij1<@ z*kJwPDD!GfH+WI=SPiieZab7>8ade-tWh)1iXw|x8*L5Y7e!3Hi21M%roMl=nF1IGIq25Gw3RJ7cli#pMA5NC9^jDy z0R^9Q351DoBr!cJUg<6m{YYh3@|#P|jwuf40u@B%C7IF7^9$#q>yu)0j@RK0aUz51 znU|bpigriv!iE=BD-^q3aGxJ3r*s~SPcU(%tT3201!AQ<1H@03B6N*{`2Rj$wWI;$ zQyP@qDkKk3EzkS2!H1zRGE2|pxuY113*H#R0*>GW{v;A%$Py^!jgpY%$Y?#zSTwMR z7_YikzFo6sJOKs(3XiizI_A1qCN)5Acoe}6Frewv!7XK>LAYYmK%@GL>95|xcLC&d z`C(TJWOd%^jlwiL$_sqmUxhdNp4T2^%;Z<3PhLGP)2u4<`dGppPq7lHA#?ZY66kE` zj`EQ?T}e%5XAN1=r_?85XfLuXoX3%YpiWT}*4c6`=~r!#nl7sD#G=8aEGNi>f^a%z4! z)qZ>A{6TzCOlyV%;~HySMxf5ako3CuI%-%BQHEq%3mXDP`X;mbTJ8hB&~zD<=|Q*7 zQ`|Z2)eOZ$9}zx6mIYXHH?Z=xXS-!JHlW3w;DW7Q;v^i;*ci0lot zV9!u(<4Y`D&yigU2;3B<6*cD=1y)5{bB4RoS_S%#upf5S0OFN%*8yN#{YRcdBzbfP&b;?tJ6>_XtW}t4?g9 z?fpqkIn{iE;4e5>{q!S7CpXm8Kp7lq#h*W^CiK$dO4=c46~J{gIzTJ4-vg_5f%@9p zR+jB0Mj2_=TYtnjvZy1uXDl6KXV+;`Y-}G(l|n^m4S`_oY_Qs6$RfpScu<6GP^o1? zDFds%_Dl?pLgoU(+vmH|Of$*wP@@3;sV{B7W_Mt*BOGlzuc%3?`-5e1By2qF17Nsv z)Ld)0^tTa2nktW0r-8aOS34Wn5QWnn!4#mWR02s4bE&f9Pm)Q(b&7QPwDgn}dQ=4a zX(9tEA<68~3(An%>S7!VRA-3yWKu;>pE}tV6ZJ?nGwq=+f6jtfanok}qdFJS_=!P9iF z{`iiSjP0q6iL;@2oQ7{(kU4n1x#gI?GjZz^AeLW@qB@s#io1y7#9u9=_+9~31#8TDyJI>IXY1&0BT zR@j;+J7#gnCkjx}^ggu9l8ZldvHFBqQ+UrkIT21GGjsv9G4SmUW&Lz7u(y%1$lfnO zBEm!-o0(ON?XJ(ITle~40#u;JgF#75+95&8>)0|C!_Q=;tk*4j84izRS0-Nm^{al9 z040@QT2J33IdgyVmq7UU+uDDvTmJt%0B4Me%?buf7*1$<77cov1d<<4Fm{0r#&0|x8Kq@yX z@8+CuLr!iqO=Z}bBqsOlRROV`g))UcT>xi2x#cPTEJr(GcjYiiQY2PS)6kx&p5v*V zC~FKKyH)iWI))POlK~-?(N@Y3tP zFbj{p1${k~KqbKWY5v=ep)A`GN2Q#S77(eU@sjf9V-m$-OE3L?NqKr)x1>N@vx5B8 zfE#SysXeo$AGgr3a2P6cdMQ)eY0le~6gR9CjB(xRj|}RGDodQnF+BW+6 zEIu+QP98H)f_-CR6?zhvPmot|m}P=k^m*VHhdWm6GlGj6mfl}f>%rRIn6%gp{?=He z&HQc|x|zB%H{k`<;kGzBHTCVd^*nYO?Y={ittrtblQ&RK#MtM?R%9&e?wT?E8%Hb0 zqvO9f45%4guO^559qwg3Nfnw}S>wo;{c~)d-1SD%FM$7Zagqski7f@$fgJ01^x1h6 z^pDwue9J^eBo1Joi^{dBMLImE!E}5*!9BQ+VC;dUqfb(#b+2t~#4435FGj_&$!Bkx z5Fvyj`^0vXQLOO7&b6m3h*-V8p4U&YlmgY{OrF1T6i6F>JYT`BDHz{g!HL~G{CGYa zYhIU|snIR?6b0dXGTn#0V4F(uNr2zqe5i~MV2Pm(Wex2^S z5^mImp8iO&3{x$g?CcI_{XF9+o!$y`{K)zz3XFK=OZOt!(e{|>ki2xECg*+?RwF}5 z$1S`z-LXnMSPf$<3sT4e0=HRNS*doI_H@i>jXBu4LITm&r4+_w;T@^)JEc$ro8NCj zS_Er8ovKrJIxGFW39bc?BiaztJLctGW1y7p5hqd~=(X&Gv7cs6Jp2@CXp(p^pe@7D z!2xdVO6X#1PHnmuFZ<9=N~9_OY}eP`u6URF`I8?rix$wRY9;@0B*VhFRN|CSNHy<> zqsI+_vYI$BH1;P^7fi-OO9$Lo7pQ77lXs%bm(o{U`D>GF1j^eXhFukmW#uNKPklu?Y>?Ep5$#9Ge;G>y1Fg8)p26?X0= z##TB!YMA`G@6*%ETzPlh2U@oj)I9<$FLsR-?6hr*wU_5dQikj`p!=8;y@7GHo_-gZ zPeeeVbU5y_O&V8hnQdngJSfbqxRWL3H@dehVic7dFWoY7{hrc}5o_C6>N@51X7CuE zn>?knL6>8-WAo3NKd*=wM!sm$_7Z4)#Q&EFhTsAH*EohHyyZX1I)Hs%fygE5RIx3& zsELXBER~zjr41h(^Ja5Pu5WLGPN4*P+dC*k%Luq^Od~GBdB8#Wim3>x*1?~(32t~G zpk`*IU;7Di&5X0EobpH2u_@)8Z0H3vvd|g~YS!IJURnP*$7q(X&uEUk-qb7g`|UPp%=ckI`f83X)FnY4j^BLHL@K`MSA5;2 zS8Vbd&D$FTL%9Vn<)mWTbPBjXxg?1C8U3e@LcB{4&n|WALbEx!A0B^2rX)}E&(ZFW zgx@i0z3ZOL3mT5Y;yZd5N=$$A7nzX#%h-MBZ4tFw?QVlwfAIcLHyGg?f_wl$L6xj4 zNHZWrLcbGaME?cu+_HlrsaJo|r`|7@L zm*Gp&Y-gFq(6V2`Gyfi``R1`}OYO6$FqT0z*hHYgc7vnq-kvW5&c=6?QhF@m1$iez z6|sC0W-yk`x*L`sQn_FDXVC1(i3r113xg4QnNqJrLrVHngV$5m4oe6?zwl+rDlON2 zb|_jDq^bfA@gdF2Y;Y&6lSpwVjHU!dm8H`jT^VBKy7 z#lUVx+bZ8-&-WS*j0IgP*Io|RF(uYTFAfh;F4-=e{BH3bVyR5&DA5`BS`bz%z5|?P zaOHr|JmTV2k}q}6G^W*?=K`;aIAR{f{2Px7WWr_repiBhVn4Bm_nfff|e|kU=qrhS+aCSt|BZ_ zj?pv9{JuwH+j>e^O+#NPSk{SE97W%>y%D%KX?Ur$IpgJDM8Xi)-0Ilao^W1%=b^#j z?5xR9LzH@AgQ8@@pk&h1@h8iRu9;0Qe$CV%4jf@(m-4QHKd<^Lrrn(;p@V{~r#sQqx$->Vx zcge!>fkIfa)DH`-3FQ|JdB^r;|{Zjw#niLg`j%8)t zWM#ghTTLW9V}7;73C)j#5mLfPrhXFfohdUBm}W#b_Lk>64)t_RV{GLa++Bs{RHL`3 z*DQO_V#k!HV!?z2)nQiVYHOq4wM`a;emKyn+3iv5X;!mLLNdfOz$p;ETc{NfGg}tx zblINU?vW^*m?5@NIzpI6gB0F(=*nm4ZJ0!IH-cVk+dS_))_;M4>7Yvs5eL>s9c_Qt zy1(O#{j`{cO@8#S_FOVDTPTEjp}oOUX$Yz?&&)dkb{BCz^2)kY9ATw;Q32cp6}r}) z=ML$__fOI9pnEk^0!n`j*68A^8842G+^9ZmJC|=M`Z-bN>CUB6M*Sq3Wy+v=?KBl9 zc66ut>yxqX@}5IKiS~aIIYCo7Ps{S_R+_Ld&!xA5ZPlU-+Apa0EDALF!2@s}q=B_44 zCaIn}*;9j1m!h8DcrLc72cNr8ltD<&K5E0n?=}AVZbVprxdy zg#wrgJl0KvqZ#CU^p5u%K*%$D@SbqhNnuxBht+AG$1P7+N?>knttwl$EriAlO6L}< zH%ez{YjB@O2t-D1d6l~uD<@FsSho48)idSg>(QP96c47|a)O^r#Zkc$Hv~4cGa#Sj zmZ()~j9Cp2{#^Jj>HALY$R-~ieg_rr%9$8g?ArH&vvt8%hYt<%GI?p z2I&)mP9SU-_d2ePFoqM4@n3RmG0TQyO z!jWkDv)1`rFF4vBnWw~$O6s7>C$mJ3%rJEzzWNcIl2Ssnat$=hnXi*Qt;duyz6YyX zC>CxF*)zHzb7A{jIVBmS#{jldv$b^#km#;+NhU-&GET?DP#^C0R+;}0$X$N&tzKmx zkcEs5hSP_zss`-iPy`C3f!cYUy5aU{myG@Vb!$8M6jGuSr&{P5A3?hHfi{Ju6dLx0 zkY5G(N%X{<)Zc0p@f$h5*EhnCswsbGH|qgR}wDY$Fp zxw>AP=^yItvqoJ43*s2JEf_lK$+k9ziv>(TWAlRp0f6vlv3>eiL^sU5xc-H2&gDPf z{_eK6s%Lyji`Dn-!=6!%ENLIMLy>m-oS4}{prfQi_Q{U;#=sDy&V?=@tsB{CP=djeQ%TQrl@MWInc09p`B@ z-5rFm&BY0WJ&gvDdS67i)v>D36-8gqP;(I1NC}y47AyFbt#mv{rpbI`Ccr=BA$Rwz zV~1(hirc5?8RXO^pdkS8aN2Qrm6b`sp=hGIEXI&a1Cyj)fJxCPs79$_Wpvm&hWzRn z7kNV7M-y5cQqzkanBq!`Bk!8=riJ!4$gFAk1SFwRjjuBS-~_KA35qHP1YsOxsh z+`v&qm5gCb4Mwp=EBQ*#BZu%84Gp5>#;8p!NjsT{?n;YuRsoO16PkAg0mjyq5>SHI z-7d|2>))`|kbU~(%p+_VP0VX&F)_Ooxws)x|AzOM^5wimAE(DV3oFBCf>BdiBvlKJ zahU|_p55??Ky69!EJBO6_cLE<#UV)&o^8${2L#+Hmg6WMVn$>cR z(nFKW!Go8oc|VC-Jd#BY-lA99s3=k!(_dJ4mO8~AvZ}wW&!3E}oT7w%NX#`_>4~+k zSl6=Lj&}kJRDXnL?USU;nb?ub8hvgOR z{||fb8P#U8E^6Yo+X-w87% zHW?92&d}r>OiuQ`>N9h?z0aIIv**WM_pVvPFG*B=s^Tk_RByfS^EjtVdLHEiIUv3< zF*y-SJsc|eqxK6eVkto%+?fV%H(Z1*bLpep6eD!>dXx&?hF4Oz*+u8>dXCTBRX{6R zs~gp6=2_j{rueUs)hEL!L`SO+W1W9%7SGHlnIb1!kX;;m#>oPd{) zs?E%zNc}azCSM`P*vnI;UX*K3C(KywV_yA&acq^FgKG-5@YJQa$ZqRl!ZOI3OV5)+ z!f^y9Nim&uKi`vJ7in`M#`b&A1-WE>M(xHae@tJuf6++OCw=IOF%xHp=O-G}w8`E! zy_$z0hAwdjqr9r;o3CV7nWanMKNTAe*ttE1=^QsKmC7n~;}B-U^EkLcYUy-;I395<|YsrJ<%aRd?uzTSPjwYig&}BY(VS-6hF`sFQg}(nbY6&}SGr z;nLpHq2cqy3NL?lN%{cQ_H03FTlkVA@E~>~il622l0lCUACK_mNVY)*ge*GkR@!NV zeWM%>Pnh}KvJlwiivt>Kl7jz)>BiKuv%Z%hy{(gx9Hv7@JZzc}{y{;Q^Yt#6HtmQt z=T|3EVip?DHdOU0Q`6QVuLeZ||3NaYscNO;;<)rxl)r&TP18`n{2wF}ew0XdDT)Y;1j_8X0D?T^B#*y*F|VoIF;(apDcTzKdrfjj%LQ5b-$xr? zdySmgfxnlt1uD1>I{t;R`Fh*##?`GZ*@*DV$1w-P+n|!*JHz*98+ogo8*=l*L~uwG z0G-(ME3Nfjq$v0GEmUG*Uw1@IUj%%(u3$ubYXTnIpDeNn%My*D8$B(z>q?px(BRae zcsY8wAch7|IVjxiF>^#Glm60v#Mh0`Xc=Zi*i@U1$`x*$r_b9xatxn><`Cx{tj~)#iUU*Av9TwT{P2BT5rF@7N z%6M73%1;qpzl7~@N7W)nc-ht<_5Ph>>=8^{vFM5dLJvpTxYAnD@R2B$=_ieK<4tr_ z<1LUILy%@VcZM#e3c%I8pVU&in#`~T$}_SN{bshzWUNz4OUE92z~tRmy`({pE~=Y& z2{+T}3bh^_vk)vv{#s|#H+7PZ7&j|FJ5e+$Jd_cVh@+3r So?rCV!aBlwXA&_u zt_48vIk<3)WfJa-qEHVKiYpFm-+K8BN-hYrh zSSS*hGvT7ef14A06TlY`v0px}3N0*h%7WcI8j&#eFxi3^B zVJDXX{wmVX6x{Z>g+4JRRS;&qV*HD+v=|(gZ%*(#+IIAo*vwsfR83O>(jLK3j83jb z_A6PrctixT+wnz*v?li1PQzllAg0*tFb32%leFtxLOwXf23LyGF)=ou9GQ2{W#913 z0%a#T70Rz3xipHGmM$Y6-qPue{>1Dy9eECP`6jNSNk3 zohCgCN6+;=#TrFiNRkqJq*^?nPKw>*$bW!%XS>$6COg)2mRufW&m@{6rSV7cQfs z-o>gYT}R$OBy}jiOlz#?w@dP|@~KAU2^-(-XS$ySpqa_gv;GaiBv)dctnqp#yW&^P zLOWSfQodRy)U#eNH-ZC|=zBMOM@8@)`}-eTVnX@8%h0`&y+cr!o%AenxwFitE*n*S zrZBm|9CT}%vaZK9Qx)9MBa^RcMHa(lQGE(iW2Ti_sxpotn2jR1Y5zqbkZ+Duaj z26q?XC|)b4S+8v`xSC2gV7UK>wyNGoW}}P8x5~HXH9Vj86Li8iF~!dL&2>1o z^_ldx${EdM#)kmkBH}q%(pUN5r-XZFACy!&&H%34h_k| zR^_E@rxz4%-QVR_OkFc2@z+a{-{|kQT~m_g*;XRN5Y)~4e__gh%lJFyO+H{YZCVod<)WUc zJZ!p$M)1AwG;&GLIPy?z9qzNmW{?Y!oNccu;-Jk>Zem zL$ws)I_@~tTIYG@p<3fFrBB>eWjwkR$pkDUT@QIkWT3&0($}GHXX?Gxa@yQr^y*wpiE1rW1Ev zC928xqoWQE@*87c-Jy`NjfKk=P^28NS37+0*jB?Jo_uCfj`h(+9yn=%ls(WN&Lc0_hqhmG1b z)I+P-*^CaIO|!r{`=bI`=A&OIk9oGPbHLO=mq$6oANUaQ|j_DcUdC_;Zr(nd-(?zXzqU;>KB?3?W) z(knXm&7aG3MI^=9c`({YAGSBSba1M_86lEMdxVc`1G}49hk_rLI`il>y)06lRjsOdCco6r?|!39!qHnq@&)QnB_i&AW>CM!u1gHHO?H6D*l!7o~?H zp(rIOGLM#;B|p4o`#`#EfnTY&pqFWw&G3EGP~h~lZB@?nB!mX`^s$P{H+~*2QX4TP zYfO6LGKhI5({3}bSW?fo%*IQTCZm?Mx*_yN2ys`PQS*_!n=4y!ZYje9gTRk3-McTR z$WchJa*ULbyxx5BUSdsc)v?xjncsRN?n{wL9Wj*Y8mV;VN!g98J`U>vIf6fAiaIGM z!@fL(KV0V+xhz?oo|CR^-*6)UL5plA+hLRL#;fRutfyD8tDc<@H>bMT?EOb7u>|Mh zKlYh0V`rkw6@C1VGMfX~bz0wjNeZ45_;8WV8?J}Vmy{|?094}65yExv+#3K+ ze*XN0h?Vhi5O1y(sY3--_J$QIoJDaf<7K8j8YE{8);V&Htslk|+++yjrJuEXgu#s( zq@_kI(Y&g1H~;9M4jM3C=AQMIE(6|owC@b949NJp6_GNP$Zc_r6P_9wd;QJ1dP)at z(um-RvPIW&J(dTCREKon^agyR<@2!XO4%0^=1^qdirUR-{8D#C%;6rMSZY*hC=@mA zVHS0nJbc0u6+ig_A~XK-tGTEuZGsqoS#;U0NT2G2X{yvVc?3 zj1$+kIjhrP%9FJzMQC1~sezr?9?dhB7Z<79`v*sCj!Q~E%^aOsF8};->T?SR&T*wY zPNjFnXImUv=|`#_32?UQOTMwa%BXF1Ucwy@8F4z*Bc3msb(cBhO>_dQMN1_Rb=TFB zthaIj*e?((;7Oe(P7@2CQavwUD!BhX(L^uraW6pct6D*eSfJCYfdqn>DJ9!+BTT7m{ zRO0SR6W!>7g#bm??ob@$n3M7Mjr{aQfSCO(LTCvx`jA-6QLGWtY7g+4ZRynPxJ?&rmSr-l{mi?C)XTBCLD>V*_Cfkr z3T37CrY#Q2`1ISA@B%3|W6c4DZ4w8mfHr6S7-K7+q?xY8=6jjgnY%lt#>P01(|{x> zH~n=13o=*n&Tvy%xEHTywUVtO>53rhMYzX&k{rJ$$2n;>*MSec^Pta}T{SM{qiXz6w_8&5T#(xZ-mOIwWz!4G zKGV6?<(rPqbU0;*SgKR5Hc{lTJyC0^2@4Uoo4q{^U13*Ts}^$<7vBp@z!oH{v1@J7 zmjCN79gw=8L<*6H_glhcWlrxuU!i_^C-!VAhJdtg3d?|V)-oDL0u|J1g@xsE*#z%K ztjL&enmX|i=v7PjCR2UP4Os=ow8Ji~`V`mNyGt4wFqtD!7Ham(Sh$yJ{vVAWq{-DzJ197yRnfH2b6KD$`2(+54$dF4~KRe;9gJ z897%v^=S1uGYE?9gi35bz}5(6B`LWpMBYwLZz=7LcrYMH*&r@kV$-`5)$5oZh;uEn z?C9DtL)9)dXhIMh8?WbL@(oHexrP^5DPv)j8iY|*>Wtg@E?8cfjojq~8zTbh#AJNA zl~TC*arlx{K9~v(??={jii3%fYa&TQIHG18L31#T^Xg{Y$ zmL%`)dSuwR`Zj+|H`0M!m$v;7>%@)cD3Qy{jU+C2k;MiLw# zCKffN54j^rS3wX|kfL|zp@U3A`JUTU^8{&wwGvk(_5*5}oIh2qzWdM2Gi!*z3Cvl= z+S)2dv{mECxO+M@&2qzC`G>*}(PdH5a`UufM|+u-&>qMmu&rdqDXhroDH?i#%Ic0g z`pxoXIUi^A{W4-<8nQV8=w=2Vh`p6$+$_r7J!-d^{#N*R5)#xw?K%~)aQ0g(V_>i= z`SZC~KOEz(&0hR){rh$Q^W>QOv50YAN28eb(EBa#l+wxhkTd*jBBA^aIwzEB5q*8v zw@3)v25>*HAuQzeCss*3g4GKZtsA%zg47m4-yyx8_4YA0hh~bwc3s13Xv~lYyT5(4 zqLqvl;8lHuF8+<}a;|WT=zT4`$o2zo=D1$W>g+if$2!PW3B4VHTuhZ>;~yDus4n;R z=H+sVKU8!;^v?S6tXuFROzqzXXpZ?oz07jJV2O}EC|emzk@>u^_hd{-*g;&+Vg z#@IU1JSf0QGqpFYdrQpNF~Kb~rQo6^5kpn#0*JTR=ECU!79lIGg@JEthxIyFxG2E% zGlPc}mGKx2D?>GmQ!`#Pq7>8V&N%i4ssa#xaT+NhDV1xF&!RiyGBLU9C=R@?X~c2e3WM5FIB3z zm?eR5j%Bsgb^eqDY33y3<2YjBb5$R2jUcV5CIxLYw8e5)Jg0aQXVuDuqo8SsPSi+zs*38G#;7u0`0g;jeOtlk z7N=tVnO|VT&ID_aFl<3PC~_J6)8*8 zCpg!+QAI7FD?6V=G+}iojMqU{(`MY~;baoaoGOlphxAC~8fbO<@lcns&j(+cObZi>L9ihWiT9;V3uu|7^p3$TjD4tYI|>AT_hzWvQx+q7&| z=QRTY%5$uAphmMssV-#K^BvSU2ya~(3W+=8LC(Yi>^-kWGh$8|_l?k-dI7M@EaA~0 zg`rD(+KA4@5j|*MX0e^gC+7fMtTrcU{Dd5e{|ko*(b`9Up)m?`-gg}-F^biwPw&rW zFbdF)8nsH>_M*h9MFY1k`ul;xG|T)F!%W`N++vTkJnhBFF|K|10n2IXV#%hc_?CU-r{Jki{v_D=PBL9mq0o2n~b6XSWHNT%W_zI+YO!- zE>4Y)wbbRnJFD1#Xru$_Ib-7UMDTE@hnW^^Y} zmzq@hnlV@E2_7^CX<@MXElC&7gB_kTqzNPg0o{d=K~|0S({(Wf2KhVKU7 zT%}Ve0_X%iKFyvukkdhtIM(jvCkMP%IM4i(k@r*i!Uy6w+4tRqV)A5SLn=a6_uJ43 zjZs}a^wD(s>ecYjrX!iIr#Vx%Mj}Mf9Pf?wP&gG;{BQ5SMY4IKXJlF*m-CqwQ{^>< z!|9vDn99>%U-jjJ*nK><0a8ma1cpV2|KU*`SZuT;fL^)SapL|~hB2>HvsmE(mu&%C zFTdrZf`yn%W_9uk*-b&#t`*!UYjS0TjX zW0TY4kh-0?t-V{Ie7#U?TXJun&eNFL{oA|wQ{UwZ|2Q#PeGDG5m=VF|i>x7MBeoSr zXJVyLI56O&y|H#OL~C;vWmA#!T;(RL>Y9x&lVHPdBS96ELjlz>tWL{Mm$MoVLZ4pAgLyF9rdfUxs%dJ418_yQsVy6G5M?W;To>`Gw&)42v zF&5XEkes9jjl7-5CL2<#U45nR6*oTvtz>*7AQ0(y4eMOiune>jV0a99TNYWLn1;;T zOdWMmjqd~NApQLGTC#ttb0Ar!yJp^sY4Tx!Z=ClL#L6YonA)KOhxhC5I`hnOVuN>9 zo;BW{MXVmR2WGIzB2)3A+^4*8bSF_W(CyN-mGXS6V?TY7Lxtto7>XPPt*AeP)H$qloYKCvzs&GYZ+ulg!K!1n;)}sV zqmTvu9908BED-fAX2=`%Z#7FufwH2KtD<}ZSwriz67iuTn_{=eLzNI84>*@lizF3MFdX|L%nr*KHrg_;b z^jDV*TMHka=X4g88Rge}J{+Hk+SOxx*OSjCP0pP28pUXj?5EUQO0nJMz^W?l=3(Va z;q1asxj=Qwee1U5wp@w2Z55@7iPOu&89^tR(sU_1{b9?o?f_DGvEdm{Vmd^o4p-1c zcyczau)YH!-TJ&53Ew>|Oiz9vXIuXZ1E&m7@slQNOB~Mvu ztX^F1_3qcwegT$*G5zr=NU^0?ktJ*69V@wIa$HE|RU9SdG7tZpV!)mX60`s>d(ckf z6_8~mXxi2lPd2zOSjcT0($*nIRg-_lKFp$9ggBOqKvMUH8E@3edq|GICO22AMu>w) z8Te3#X^#!gNXt6u6;Gd>#2DLhNOK^QLCc_Y2(||W-d2_7uWHcbgbjPW$>*mfr|aOO zwUuV3VX|*iM~iO8c^Iun(yHjI zlG(H&8g}O|r52UOM*bGKwUqqvt;ePejC<)~RUC=5&u$(SU9u*v`xwWkKrRzq1Z0UlNaj)tlbj z7J{ZT!EydLX}o{WYuz(y4xH zi(X#h0^)YtR&5h);e;GS&Cc)HNvzbfhlBnDRL+Ersw2srmrHLwH%~o zt#iS!LPPeEm`ab7!_OnGhJY9hg+q?&@Gn*qNcoL_MKpN?~sJni>WSRY{ z#-{EdVAX8-B-VgJBZ?mG1GQr9sMCVY_2Uy8;yu_Cg(l2E$4JM?rdtX=KJ6_+dKu`5 zCvr9(k<c`I~w?y?`OPW|dzy z=gL-F@o?L-2Zr7oZg97V5S%p}LOGqOTPZ~oc`NA03MPT(W9VN@GI~4mhMa`0aay}1 z>rrJ*0Zw&~mk}zTtGD^u)0X+EaN;zkf^4Lj!+G+>9@_ra;xd0N=i3&8&ptI-QT=5h zp|krFwiS6QUwCY+nwxk+1&Fp_tIRF?CCB+D$4)3!7L{`Md#GQ0`WM;S1xwjl*@)ji z#**qiW6)SyxRGVH!yz2C%5T=Ek<1s$$#bl^MB1P8DbB0b^M_M5!Cwp6d2 zdcNPuV|x_-?10ngMN}^$cRV8??}J^#Lq+u|dngq!UlJLR@QW_;Ai6LrYdItFGC*3~ zyl1(LvP!+rE2N{c%4Bk{NZArR(a+eP%FfRbx<6l+Bu`&ynEA}X6Ci8;zCJX+In)C5 z2V;HJOR#_BusAzf9dVMR^|Z0;@l`Z<2LeD0c=Gu~(Z?V~8!X|Rc{Prv_sa&Dq_)}W z1;&})jYoVcM}T3PANsLJnW=Oe5w$)E5q&Y=R26wzc%E)%d+-7hT`V;AcnFWE?WiZY z0li)wKIZOdHHB$8Pq{KHziJFBZ}llxZKj|@ivH4`Dgqv(+}xX(EGxx8#p2CD>*TQf zB7&gJ=*hprDg-TH)J0@(%jq$${6x2H7aXc2y?(d?Vj5WktnB}J!$ zBnWtR{CIh&H{8H~>eLgYl0@iUCcVLDo5x$!Camu3QBiGkiue-BP>@?--2W?&m9yM? zxoW8(DkkB4jXLZ1Go^@*HNc&xsmg}=^(WgpF6fRC3)n--yyp%(N|1OuCJv0`iNUNq zRoFZD?O=Tvoc-l5k#FJ2T4W9tmYqM8W4cSKgs4C;;8$dIqRZ?zj11nYAn246?NV$x z8C~dX$+%DB8;uf8L1hG?=ZyNJ?W9b}?j{U;DH9ERA1^d@YXt?$MXVfKrj`J$CBPl*t0h#B;Q5KtwW1uUHzzhGf z_Fr-mVp)_#)w#y*P8FvMFtLSv>nrMwVy$yRut}4yLgI51&fb`}2(PdU3qWVwnk@da z4D1C<=HHyN(7*9##4pn~LW6gDSt^jhkl$^Bt1Yg$?kqoePt;1k{2r5ZX>gPGdmj0e z#PcUkH!?^_?tFtlD2b(sM1m_Zv`8O1k1;ST)!ELFEGsA+RqdT(SvdG1xcP)gO6GGn zNgg(AfXDS5Heqrm9-HE>IxbX@aHu~jNw7uHJGRm>$~FrYmP7WSW=^x4rgX-E*JhKF z>>nh+cv~8rkytM9fXV3>sD(X)m{PK?9GnV2{o~+JYG#&T~XBib;Usun?Kw zs)6B`Eh-em_4ltyyvp`29DPq$9OHjG_+VH+dXS$L5nMoUqz z{lzt+Xm3U4$UgTaR3VbV3ulm^w;TqeADeq{a=GAZm(|hC-cg~fHz9;v;O-c*_o(In7}6y z$ZR)}Pv)}8lED|{#jt`XnP41jwH_?|?tUBtW2jd#5!Lb16rg79a^brab{*B)l6v@R z7pIBt5szuQM@$?UU$FSC0|B2Z;{K$j;iu*q3lU`q>=sSkkFG5otahnb2uIuye2U!h zx}k%YQdkB`q{z@sbj~&l;xLwQS3J&; zr&G7TThDw&TkywKn_yH>wC>fPcZbH@us}B~OLo){gg;(o>S}df z2;dB+wYCkT{X3U|{&x4jy;=V!ON`;)g+4Fu43gzMYxpp#agwG5%Fkc%?(gQJ1LNBB zt#Dxa)3trIh=|(BhzLA`sdqDVm@GLpVQZ%1{k`L+&tO<)|3_|-B~JrZj!AhZqbd% zk)0$tL_KMXp}9euc;aeZCp*~=C}2Z0#+Mp!oQECz=jySDAUy>Yk{Qg(nz2>-V!xj$72X_>4Tb^OI4q&9yHH?e<(Kds;Q|tw?IZfVh3+BF}M_zPhqOlD#LF6%xSud zuD1j}-3~G?!01?2l{U}`_UF5yB+`ifdJi_?HI-a8xtPl{nh(s-01KX<#oa%9iK$o#-|CRBuETz&WW>W;o zV96n|9dwpT7)6P_6XjR^gCj9L9`@4^{_Bv09`i1|$ zniMvf;&WGw$$qo3~(j&o6S zIj#6j%t+n6w11hodov>@&$U)~L#D@rd0x^t4pm<&xP{Sp{&df8qTf16x-~pN@(c@n zfaUB9Fw8BSjKkumFTkNvN$VSP^4#?SP9%(u1uYzZOr;3g?sn!6bR1aLS}|c*s|+ypR3U`z3l)r*SstwnD#c#Y8)16yz$x z`z2c7yk5%liKTA$fD0o!iL@czo)P42W%xEnzxDq^MpQ_Y5qYJj=U9+Pb}5KPp>GWJ zDU$UZ$m+x+H1+zxvEl`^1K5X{#w9>5D;DMt7iK@8i#_`Jeky(=#08ZTt7KpkoKQ5wn+;20UR}|sJu#Dw zo->-z`u++AzPk8Jv$E{bU8V2>U!@pap#whUFe6gal*wk;SUX55Vrb_1$v9@OtUWK? zZXVO8?MAksavo4@04Szkc>iKxH%odaeVa7xz!YuqG&*agdaDO+9SMZzJ_n8P7o2?{ zTTfBEccn3A{+=&<&0;m-%bO8V!#@bD7ioTu=Vn*A$0G}REaTxRt)cr3f|{}?^55-m z{8KCIXF1jV`sbkTH@3{iKWJMvnnljW?wovF{j?ac7d@gK^fK6(#P8=;Mr2&O!uoH> zDp}J1>AF9^;alc^YW4FFf4c6^Z}{QPPZP2FIuu|B%F-U~>lKql8jMXd3A;}CD1vZZ z{b>aC%vb`vrVweXTu(C>l(%p=anO9Gyjjpv_`HeC$ zO%i_8I|{?{>Oyol`XUCcNVMz1yEk30^HkiMQv6@*8Q6hL()rs9XDoQT1dJ6@tW_%* z;>5DPizX6nMg;A)^`flj{~+=F2g%(60{Y=iQ<+VtE|)iEJ|-Mo!Rj8&IdLW)yYFf* zXM*QRvi;!afhW4es~Ue&0u~*}|7o8LwWK{=hGsh5zr};qBIG{ieVN z{iV7Ax=h0vW7%v==UN&`zHyAW&jUvt3QPkMl@UMA{+wj~{4WPfZcV~hxg|Q=!{#nV z9l%`;6kXw9VMIiHN&EKyXAVqG>Y_9CcHnzT*QAm!aYyzZwpm_IkptDAl~a;DKE{RC zS*u_YcanBlcP?zJi?8R2n(u_b?*I7s?S~s)G%f#e_4Fda?|=U928~*ZmZnov;K?ei z<|%U5WW%B%$r|naA3%McZ7J`Kvy8#K1>82>Htqfv8 z1U1ppjw0R=6c#Z4Ct6Z@+}6sSc62zaFPyIsAZ~R z@dlCdaKDJ85u^|MXJdVfL(VdQR>_)c#pZ|*TAiD8X!f@$a*cvLPs~h$CI)S@qHK?v zMjIn@*SN&y?##X*S*%A%xj8poTm_CVru$_vB?BjQ?Y&m5>s5i)nBH1leot@hN-*SQ zuCpWs|6Z=RxOUt&MC}_|Sh(G5u#2-x_QBJYA#7rnPE%=p$AEBy7leZ~qEGlTC;2N7^yu9i1!IVj z{cx%`G*e_x`qrP{^~RHf(L@P+C3*S-ZG#$O@})b1r|(;Xgk(FK!RbvWnONZK1$J!E zd8lBi^Waz$bics3?1@^85T@i5Tj zzXuW>QFE!KWO?MK-x~wqM{C^k)ggaDX?$<6*lGtnS=clXenBP}cWDmknyoi4rUDy4JtmjmmYqtwl#K&QaKKmxM7Y zkawsUy5vArAM3GixFR}52LH45jmWb7hF`W95KJeLs&NsnOL8*~^zdPM zBSRg?p)xJ>mm)cteycMH((zP%EEM61P%1Yb`TFckxv}(Pu1;y!V|8t@FOko|ug|A6 zr1-`)WWpLH(U~L0U?M)(k}s0H3Hxlv9r|GHlI~%(Z7NLX$b;fTcZBB?5`eL|I*WP* zygHRmIZRQmcdK(xZ)LfX6|2>kP%s`+t<<828HWp;4_fjQc~7!MmzTema9YSa_|Kbc zK-lyHLnr_s7&K-SLqS0awHtqPqvq|+!~ckXarSL&d)-k@AHjKxiIO+dS7!yc8wnn( z$88H__^BaP>uU(D;s#eIyA|WV-?&{f+zXS5n!f5nB$@HpiAokIz1qnWYYgKh^AQ&h z&-t*nDJEcssMp7@^M3r}Ff2nK)z-gFCE#^iK3>v>REs&*Mz#?oc!&lD@noU_H5~Cd zTW}rv#`g3hTHCib(`$s~dAx3|NzL0Yb8!|hl}LC?1meaHA!WLQ8MdnHE)A~&3RZPx zx@QvN(@o#Yr{+yu(i-WwEjVPDQ2Z(M4I371nCigk-5h zKjP7^pyv@N5W`b`{GRzYz(eI;yN@YVll4^yE+PvWRq-pueOAhQK>nT;Qn$v|4xf6`9T38$ZP?e^NI5nGEoELC=2&v1*-u_MPa#4*Q+%V_Y{^ zmW@a~P8KzzO1RG3Vojt!^-bobO(p!XDtt8)y;;)32@{XN$I@r*Gw9oQuZ(kQM8;)U z0o&%d*>(-{RqJMfCB;>j1yGcyW`|@_IwhVr_cg_eOdjWNjO=`s` z^2eG@jcTYrV&NPDjt_6r--D%G`36X9sOjakqfPqnd-#xp!xVGP4)5o;)zv9;x^s`5Dgw+stV+!9dxD&X zY1Jpsr94cEJ4A|eApN7qSwFelBTQ@G9W-+_BN#oWdBicU?#_sDFTI0b9ft_sNIX~T z4A9!qCuehzEVf<6%;@-EIh!ZBbPDOZ*bJ6L8(i^GxyiIe${&ZBC1!tr-xG;d@8OMP zYW|vZtvnul$l#%+H=S5agBpoMJTduCUwZ|yzUHsTln^?j=QUYB6o|%g%V5ju`TsDE zt7z}q1t)y!7MjeNEETW#_74)3gxjwiGD0QYwv9rjV;Zq`{o7bM@=XxKtKk|zO$P5A z+dkA8GdLk<+R7S3%U`5@doPQcHx2maRK%UgC2V4AGd1aZlK2Wj)z4HGlYDl%_9KZ^ zq|0G@k3--w&RNwDJeN$+;r+wWS`&c;5{u~ zICZ#w&+=E8knWy&jTsRjWw`R>T6f1dXY%|{jl-k}IgRX<_tli}c_X{Xv%0h0nSJZQ zrJb0s|8}U5m|vv7;W7IBHRg@H{?GiH4-X%9A-1;8-x6}o2b`HS`{$K)W!K3fx#4Fk zPf^5xu~MG=$)y4=Y~}dOIH{0wxnZU{!nTS!%3cT9vg)qxCJs*3!JI+6ucXcxiM(-0 z4VMTMnP5KcJ~W7_~QQ7Hqi@l;Oh zs%c9PQ`6yiASq_{NEdqbH~sjN@Y`zN%l8k*E>sN{9ArFqIW6V z4THxVruu`Y?tzFb1gir?E%*P~K`Azw9)GOI+eF}BpFi}N9&-?$79?sTr30>B)a&jWl83m1 zku9qCS5aN(ioFGG+J#!=d%P@*j7iF+)7wEW`x`SRIO#F;eN#LssXdkba*pl`Rl^7I zy4({?{#_fZCPHPDHUc21^TySN!yVQ21b~rJt|)EALi> z9!qLlS7z7VvSb&Hp9_KO^~K*qWL?!=EEwgwb4DG15T|7Is%A^cz}ioa=s`g6ikwFc z?bf^CuiNe}8$ zWit4qZQi1(9k|xV5XJbk9NlLw9@?v!MfcN`V&&FVJqt8NYt;%iPqVBhcW^0qBF_Wg zoX_Z1S%|Vuf~v)gw3^MK6a5uGDi!Mmo*&yyp@S1wAGGB>&olt=E_UfWszxG<=s2ux z>gn9$_mj25a$aV#%o;rZ!l>`hctSo2WFe}&DL?&-8R}DJxs7WiflHoE>e2g`V2u!Y zV@e@Lq7R&!A_nB%v3u4(c2pOjphRU?vMrPlMSYnjD+h^sXkXQ{pOyvrPgl20TcQ<^ zcb__#DomUem=C>79XgMt5+~}v+E%a4#}+B*laO#44}(a?m6;Kvh?%=01s=Ll>RTco z8Y23Td2?V07y^a*_x>0+DNAZJrs}m;TN}Ueo^~`}1H7w{?Qd>D~bIuefOI&Y>t~-{# zdQ~4VD6-7OSBB%9&?D;W|6V%-zbdxv@D&TbjeYd{iouJXxVW2pmZeP&2^zKiOh5&s zE!Z`azdPPTZg^{OGM5`Te z;|E=AHXY0-rw&Ian@qS6t#Y4&Aluhd^5jDA3l>U*q;nAOl$;C9saBr{$33Lk64Xe% zOwMnl1-ke=xbfEdgEb+Yz%znN!p)?7Nh?mVw#!{Z@!^ETlU;|MXFwfO zG>!U*#{7FW7##M)sn$DmQnL4bpEP;6(=@h;i-JycySCp7jDe(;? z*X%2QdN08P2cL}?r-b&f*3cbdrhCMID%ZWmeeL@maK9!m<5&ILUnz5E(QoX$RMg87 z=_u>zA$PlbWZF%-cKkGt%#SC?b8e6YaZ1&xyK8Fog7`Apw5p+%EkVtYNOa?sg6o$3 z92APF#Ne&#k@b4XKGKfz08W+V(j!*hUsPAc`-4YJfKMy+T0MphBd zJf%Zc;w|vn$`#8Va~D6lsFN-)@Rn?S%GPCkt86&>aY3gC&zY_3LI)rw{14_qvE3s- zYdM!+0OCMrFxbDprI*NgA%UCe22OkzZCn3ckp&#%tlTzki1n=UAjnF8HH8%C$E^_P zpBS5TJYLTeGa2CF3k4^H%BTV8VMOp9XmwrXy2GnY6tYVPGd3?4(J6GFA}dq2j?gNd zZajtY&zguEC}E`DZMzHS=*j!^h`%&_I(tN3!O&`j`4Rcz0e!rpuS55y;~{+z#Yp`l zezqDh-j3)mY;LKK)D>E479kOxrDan8gT1#5YjfZCKIv{36>LEZ6pAb)xDd=h_o3IIEV(5qk-G5Q1_snZ7`q!?=Cis0)pTG=pEV1omQ}q8dLT~CtM$qwWVn>W z^s67O3Z^EKvjkfh?Y@}I3d`?&X6QHNWjUcBJ0g1*Oq9XGz6I8F)?n@G|C=CBxR4j0 zAU>CFaeniJFiTHQt38@ZN~x08jyM;Iyy{SZe8qbfJYg4QQU^W+c>GlS0a?l52I(J= z7i_a%sziiLr!RZyO^%BAAF{h`?xT{*1jdSKpL??RKAUzvO}%MuPw`h% zQt%;tG2XE|kd5zaABD~cI+cG(j~y5IjXN^6X4TaPKimxznp(FtW!xWBnS^KPP1N^C z7-*iYO+}oooOr7RS9Dr8ecq7#GMcAxbtv%-Llw->6K|KJ2BaQdo^!TLr%Ro<44uVnxW(vH;#3it1rpn2TpQQ5_RQWS8`{f<*o5=3LK`TYV%HynA$Ku z3AFMOWm}fA_OEf&!*;mlj-9DY@}aRmPN9_7l)0Cfa{aD1{y*9)x35BFlsxe@u~FML z4^z3$$Tr;!=BvNl9~)0dS{7otq>i#oFbI&l3&=$#E$Dwvnl@m3ccpTJPq9aRAp`<= zTy!w5$c`jopYkYw7Jd?Ju!GM<;)z&LOT9Nvd{(5&>@f$x&}Z$SIIy?-mg7fJxNe5e zwf+1dp0*hwE;ht*Qva!}ynb|3GSZuT?PYq}BA!Q%#F*HfCi#$XJK1XDt6V`STD7RC zsGcsDzK!;^0*ws6i4T`q(Tj51ax|x3+iy*RxIR5xOBf9uew8kLR(}8F<%-9`5tbby zv-R!f)$Qh-dmPMp>1n`2+GZbFJKM%dL7rDN9q&dpXA#UsrCA`Y+>j|@bfqDQv-lJ( z(zuTY>QSX1&FbPR6X%|3*vR9Rz%hRV)z+b*o)?lc{z?Pk&L_*rlJwa#CENV)>r09{ z?3>@8PBdw|;vK&&Kp2H2(6r7m7LWkJszi^k3M$245gWs*@#NCThHCnMEX zBWPQrFj=eIfjCP7_n}(b@sAcy>d~hFw74fAmFAW?F>gXsDeB6yxW`Tt(Dfb6i?LR& zI66i z2wa1gjt#U7onn@;`#bh)YadYwq%cm;q>pb_Jvkq-u;5o8dkEstUzUutJ6DBh)5+gk z*q{F&tr_v^{C~0d`HPB8uU7*;5R~xC zcJbG}SVREeEx{cxc4scdO<7^p}N@SOc~GN_nzYj_6%9N90*Yf*Z#TGhT{Aj+7Rf+CSml`XUdF zfQt@YT^@?K6b%K}fa5Q65B9{J+exa%C0roigzqzymzvx3jZukXo+)1z`;QLPI87Vl z7+pBYyy(mBgJLY}*>d-9f-CGBRS6fSx&BPnS^)1VlLT|JPEkb7u#(eIs70O4bn+{T zWP%HhH=?*D!_?HuGoZA{W0sG&lG5YC4g{JlHa`~L?8Pi% zu-NWtrR(#?bV`lQ^tW6{2Z15?Sy-Ngzn5$ho&YHRlb}LVP9Bl-=Ikmd?dr9q8QrV7 zHzwDXFx=^R!sEbmPFgXtzy=@u|0|_~PBLPdzv&CG&cx1W5fK5a&$xjm%V}L)H~^s3 z(}EFL`OC}?I@xrw#9en2kkNQ2P0zkP!GGqz@$Ts1UeQup(T@5rr z4>m+viMRVmQv)e7Mhs*a|LrNE$%lp(GEL<_3F5mE#hXd7mP3xQH!$2`B&9FJ3UDMS ztwqqlvx3o(nE>5T)C zJ3IEq(uxD;f4|hKWaZ9vlH`vShWV`0A56Dm(mxt)E7#8Y;k}T`LEfZ8oyrZvA8mdT z*uvxoR*l4bvE6e%>TWqXdJ-ASaWnmUyEZqhe4{QK#>N~PQsyVCmQABYP;>|SScpMv z_45LbpUx%zav*_3IyI2RDXbYD(y6w>v&Icj{Pcm)h)S)trrR-YAVGBD(g@+4F*y7= z;FBfRQQo*Ss~aFaLL-`YwOn#GU;eqVcIND9i9vV<=ZpAwMz=FR^+MCTX3PU&&9bFG z3GyfCf78D>#S}s_@9K9${v@Ja(R~$Ek1(N)5sHMl7d}lAj362o&nI!_4N8fJGdDrZ z>xlX2PbH}Lnl6OwCskvF01)%=s_3-JyZK zECMk)<|Js=C3MHlsQ7Zm*@EOM{d2|x8@Tx9TXGwFz6Pqk3pCFkUFm0?01lH-}<^OL^b zBr^<);^RZ&itQcMg&+}t5z5)b1fCiW=i3#r^NHU$P!-<`o+nH{i7)7XoIxdPZN|Wr zxUHYp)X5#6ubUX|5D_mPC!0M}yR{$aJ^#EK{S+(A#2TNU%goFh7MZK}>O0S>cPrw# z2LcN;j;>4(mr79^4%BbGeBg5Kd@H)>f@^B}Nzn0X3d;$kqfia5X%sHaTZx~8ZU(vr zmP}r;a~}=h-I>&vgRzxvtFNhMG)AH&G9$`c{8yr;fn$QX>^NA8d##FNX z!m`_oHPoWzgK9L-_iVX4h**FfLSIQ}UpjV(NqOka*z}&0?t2Lkf03x!ajq%FN&l^d zWwjLjs6x1w^BP@bSKITm=k6hi8hrz8;D#BDZ6yFza7Uixxg0we;HYIA- zW1SbCU$Er3^05vQZQ|VI@XO?%1j!Tb29r6TQ(|At1SHR`xvGm=VHM#~2+ioQCeWVAyY4`49hj)c3#dhb_M7>%A%2 zJEXiIlzMzcnRhBHw~i4M{GWwpF&(#^cFnP|m%{G^+bNOS-Zk3G+B=y1R@>oorJEZ| z!B3nVg*<|n?g2;|gxkOHdeG*x1*vVBXnMw2Jp9 z!5odzHJD^7bwlqZw^O5H;&S;4b?9D{h*f}DRH0*M#K2^qoO}c4>PSy$boS+Fndh3gRf4hg<(TwGD3enQE-fTl z1$g@p1GH(KZN!fhreeub)`@pNyb=*ae`i^~F&-FF*@yJ)l5~9Wx ziqXmH(!t)Ez$v8aIOX%--x?;&?p+CgLVc;$YSrwy0Kig-zN>bHh`+-Or1TE4m-#>qNw zIrnTHmceCVb3*AjK}F9Crxr7ioHyMRI=*oYYfMPCbevo~IPj6dVxEbOV8og%t$}fJ zt)Hjph70=PyEH!uVia`B2e@D>Z>dNPL=$sG+g??@wb0{axCtQdAC1qKm`G@?ZbqLq ztoU9opE{&?tiQ_18^u6!!8oFC>!7_97zfX6+ZF*B%l}iNkA8pA8PGM`KIJqoHY)( z^I@1ZdbSRP^pZ3C48!-->EOSAMQrng#HN#Jy-qQ>%{RkNUAlF{sl9Efl}zuP1~e}D zfm8^yyzuzD}kV^Y&*^|I4ACoz%7*e6FJcfm16 z8`;n}Jibrr{TVy$0FKm0b9Oy(lpM7@yimtL$zUK~<@!tVZ$pI}gIzJN&q+)jAl$6M z;EeTRd#DbeOhMM!(xt(v!I|~gPd}flD(4%Za;>*q*Ns7H+N$kl4GF+}M~`;E zl6uxo<(Uc90B2sinBXixUp%Tucat~BwC=QgrDiN%e6zlWvT`7$Z57k?*6&c1SGrY} z!J)&g^5&7p!17fVaa+W+)+`q|eqnEpHPU^u7FYd~;FFtI*0O+zQ8=v{w^X^8IzXXg zaiMx4=`HGcD2+L*wPFln%~wbU55ji#14uXO#kJVUD)3Hik%+ig5?OZSbXb86)j@{% z0^vYe+X5~Z@dB_~rIsYX04{dCp#T}zD%_`IauLp#EdaNgSK@m}H3 z2XO;74JmkXK$MSj_=3xmNfTAggL@0h=rb0c8Wi5p0x}2i>|SK#FVHJPGSH`RIe~I6 zPZ${DsN=C(xKLN+W~X$VNRnzO5-K`Ua+eKL%G1v(L68~E)xzTSh+7T*5IH?QA%NhV z9I6F_DJwkjL5_T7>v5qk;r$C zyfT=Om>NDLF}94oyQYq5=XkBo|Wy|HQZ`s9WPRWB1e5XWj!SW z7ef=G*}Hd)`j?`PPa-#Pv;C%BLsy-82Un6Fp7v1nwaFuK(<7hm-}H|%-sHvkL8QGj z?zlOmeE>ThprDcf?M9H*GJ>Wyp9IU$yS*t20tU7~u{I5;vq+?@@SPg7-{*Bl4G*n!oyAp2TxBM5R+~wE z#{H?R$=kiMluUB#6E(=S7Pm_&n*v zb`ssRTvkYyl4#;EpP`mF=$AV#D7grX%28%*wA9qcQeEW)w6En?JC(Iwy`{N^o02c~ zuqwxPvhni42CD~nC41?#VmOeAAB$<-4Wot&BCRnt*B|dU=O^EW+SQt|Kq?|>t=2Hb zqfWMk?&K_gRKSuyx~)i7iOsSYkh?SbnkXVcl6^H{R zJx%!DZ+j_9kq-mZJ>(S`=)+9${^9cb4?~A8eDuN~E$qbbPkgaxbH9o@E%>(?OQv;Q zS3Hh9Ub25=*~8lAM1sf)n7ul0)9Ie%$)Z4xQhk^Fcnu0tiefEJ&KkDkwl{_k*X6+L zjAnikyc0+!Po-0^?-0FA@oJ?_%RZhnf=)wQXJSSIXP>4s%EDQ(?8$P6Vs6{BnqJ$u zPP^QVr2MAkgWKnXFcm>xY5w3Z)V#eV&;Hbcyw_1j0owNr?dnN5l{Zk^CWbXx(WLY(|u-G1c>R}eMv&RMfByb&fHc`yO)YR|J0c-*H!-gmm0BoJZ=C__=M#IgtNT-MMe2X9<)f-@8D(pqaA z_#_e})yq?U5_ID$1v6g6&>l;s5_b5o%ud%j@qtxa!O>DJ_{~S@05WdhGw@!R!ZCMf zf3&r)&Pi!%0-m`n+{`mNv>ocF9q%%RRc8(O>Egu2Bx`bnOxh`8JqCXW?A7;B7YYff>U@Fjjrzq0BlJDlh2B%##EvjY&;!?xMcR(XB}J&jlCqbtJ2 zqr#GwnO)^7mg3L)b2Ym8-}I7l+Lpj6mJp{*q`P3|lZLpKxrR&FX!}Fk9|4owb?fTk z&BKEmZ#55h@EMvJ^K-JB+5XlP#p^S|Wjx}k6s_sFM%RkyHHE6S875}R*^Absy}km7 zFD=%mod4K<`CkKXWWC@0s+nZ#bOcTY2<`kCdfoH@Kh%b+&-XR~TQg^`6W4Q=B}f?9 zmCWOoYb%Pm>~kap9eepGXwCnbY%NrtR8+KPr%heM<(Lic-l}={`ljD0eKk%8QOW-! zquVx{!3og?^+E7DwW#X=-^3Q+v^L`Y=(*ClQ@O>WN$~u;PN}qfx6+XTNiEWD=_i49 zP={@44qJU}?FM|!6p&qmKA|;a8~bB)99?N`%gbOT_Ydb@EnS*>*F%ngR5xDow>}?B z^CJgSkyEbN+DbW*dG`3rTE1_P9tZ#Q8n(5&HE{dUZ5qv`IlWI8nsDbMj*ptGG>mZa zu-z_KC!eGwCQdW&Y2@lw-equ}M9q`Vjf54;#wai7rkNVsC6$FZhN3JAX$PW^z}HKG z_>=%3s9I0YSBj`W2-wrj-Sn|{Xre31pw?sjbZ9xAtfUd!9&{9uK;pO4Dt{hPsA2K>|L?*2C&v2|0Wq6Hyi(hNlyQ-TB(Rvd>}3wT0jo5ZA4s@X5g^cC zInp8Ont$p$$PWc*zOWanGS~TPh+DH_gPSZQc2+QSmBHj5M7Cm=toZq!yC>3puBbG| zIZl+mDU=2z4gc_5CrdrR`}z$moJKYQZTM`QWJ5(X$=}Uirg*(&~hmlmxn@M zga#NHvHs8i#yCaxAHy#31C5E8{!+d_t{;K6Ed%OIR~jA&8I!_@UvPDKKH4F_6sfk< zWO1j}X%*cRcDY*GKUY?JckDp#@@mwsQMbm}V$QY7V6V}-vop8`Tfe2ipVa>2MP;*O zw{T@KaR1sujMcW`SiyCL+@sP&{BcA2o1R9j&CNYUr3&)jbN(jUjQlwPnN4Ru{ThDo zuwCYFrAHBNKgP!euF*q*R_ey8tkYP)T)*q9BK|81cL?+TU6g5$$Op43qrQRr{L*?< zpOCJkT7=o2czx5|IXyl{rVfW_0%L3qK_E@Xe_Gba(xBcS#(fkmSF;TB1CN{^2c{@Wr7Ak_9LjKXm6hi< zF#8wy4@)oX<`XAo18C0Gdcs^bWSO#x#}l|T?a=85^Yk<+bEnjTt`U|k!|w-Zwjx!z z=px!OWYU6qc13fZA34%c)G5H3A(p686Vt@bDXg^awalWST+VcrAE9HhL#n^&kGV_% z4nWp@@-fZ_tmG6bW8;2aCwPPiF!~opcFf{Zhh+K~wToeus~vm4M@7^Zt3%@{CmB&p zv=a1pQ29I`(2wxyVfRf$_~n!6XQ8b#U)FGUna>wPj{a>Kll;>;v1&Ln8$|(oA3ABgJSI6o zMph^N5WH%~#02+3f5)g{7ZBvWi{W~AD8HvhA$fc1G%xMW$`5k!wX;liCn~HR13_jk2r1m z6oo2|rz-_@HLWCj#Vu<993TXv=@lOKU@a2`EUz70zO-`)yhxtDw~L@n{O)P7zj993 zQmiYoTIdnGXl`4fFAS04tfRs&lN?aJ*Wy0_|({ZL7f_tV-;deSQE16Ll z296_qGLQ;OMQ(N_7kR*~Hq_KuflGnMhS<-5>2d#*HvXz7ByX`ItU zop~DWEY9RF_kR))KX0r~_cYg#0z|PbaeU z1c3F{$076TJ-)8ITmTodAPcjIOWu@i2YAMGf~^Sy8h`HO`5qqPKpq9})hazW1|v1Y zHE|GiQD%DWx0g@Q*h1+|R*tBz^hI~qu4V3~C+R_e%DG7{Fo8E;R%S#~rb{QJ)$KM0 z_zK^f+s%ezf(q51XR{lEkRT4>!~B^(VJ*R|Zb5Jw(fv#VO&iF2153ovdz}xuTMCCU zlgo+<(M^_@h!MKP@S*f&YOZMOZ1B4s$54sR3RSMY$SaMNq&Fzlp!pYzm(Zx*F9*9p zDE5Tvl%^%#)5$v7tlcFPiL6oVxRvZD&$NNZy8Ws7^f8Re7KY8K-nJWwKNbX$Xp+4yT(gTp7#y2j-2jQ zw00_fEp@54qu07Uc0nlj5ng6!1MF24V+l8Lw)LnTQin5lK0i- zFmdzU$b=|0khVg$;TwJ`>p5!|OS}janq(*nq_NhjcOh3MO%Vv|SG5)_IP@fwbFDey ze3bqKU$=BUBQL|()Od6~TVEA@VIwZXAS*bki@0vx&X`a7*13JOu&}r{>>fXv{*o4* zG@p|vTtm-om_S}76E20yeDyuwa*QUoXvXrOo{}@&y3GU%1CVktA$Ss%D`+SpVVnEj zzTH+fnH2{iZQu4R7aQhW1*b(UL;p~W6O}~4musy<#zC*6FgeT+%_Q5E3$e-L=?K+( zOW#*iV)c{leC(D3=n{LrS2KosoE~Q80Zp=rbl%bmMpbadpzTH_{26bh8$&^_+BIv8D9S_mSlLEN`-mzqxkZ9rAYM+{ z&OgHCB3-&$-o$b>+EAWjBYNH>TMc-9vzjRdR2M``AyCvMfH#%@$nUJQWX%qpEh}#zxHN0?=`mW zj1%48IIQdWG{HVLlOgI#$mLKv3tx<^d9*Z=Y3+2Y951!h6Z&_(lP1?+#>e+X1jM2? zgd!P?K1Ko^q8*J>Jd$V>1&GKFgy%z))(W8L8oI_clRB~@m9%uMBVv?PPy)F$m4~NO zBsBS-BTEJnDi~I9pU1v5=*FAqR>g!QW_g$Ju9%c8Wl4`@+&>Q0JZhRx5-FgM_l-oKMK65^rgj_x>U7^S!^AN3;>jD=vD{Gz5CiCQL<5B7SZm`h% z{z_Pr^I&oOfZI2IsoBy(E``UYJH4TKWFs> z1iO6${9%~-sB>2+Wf15k$TAgl9o7R<` zsu6t>X+vwi8dWPgjx!FbF2K+9@Hd$=rU`%6O`s>O!&4flMr}8RBF;rL=Cp1?q}XB^ z?|+8>BzUhp>AgO)5wppaz&mg37O*$4UKB{>84VP`*qh?#s64{UXC{y5dHqh0zfBZ^ zp~(LMB>!^vl0ee^A=hI5_npiu;0te6pAuz(PBt8+b#Zh&MO?Bv8;r-;!wDkVgy zHmmw$Nkcf>p)oYKG4(!Jle43SjW+?Ca{dT^(O4T%(0uF*i#9Ihby4Q)_?&?musb7^ zl*lkv7)w{`huK%>83Vq$ib96V9WjCDk%xx0TO2#joW+mQ!<^8W&K-VKuFP_z*OK4978oD6u*8`y zc_HeqCU{Fttn9rMf=t3U5xh%$9ZaMAcSuGbVQK|%Q<8t8Op7@N0o~$dGd(ehw4u~) znw>%4Xd}4kI>4Ilyqzf48P|5Oj|Y#ZDR_5<_9wyX+@kj~(wF{}k7T|V?P^JgHZfYD zdGD#nEpAs^)u~ky_?#PJNTjnD<~2UfaT{?dZX4d~t+eb^i0KPZCHZnWBSL=U&Z~@t z2Z2DItYJ2u?Zh2i!cwnR#w<>r&&P(DJl0SS!r40}JlyGJL$dIm$($Z{8HK(VUMEDM z6)mkowa5`a2?T8e&i@wY2&VS`z2tB=;4j53`aZ$Y%~bRpff;^)Yr*sc=@p1Mi=W7T06*qrGhyVr0hUHx$@vC)tDJ0zlx}sY z=+Cn&>e>o>z|-ZpBu(&Bx}7hJ3^gE*(Pkr6@ql_6El@>WvFTZxkUhGN45gtOK+2X9 zEMnidPV4ttQ2ISIPsEsngS;~HY^H4%goLOKMiV;w>yaI>N;3tsPQBA< zve1RBS4Bm-CD(nG5b5c}0A8NJ1gj&UBDnf!cuDssL0s&$=0AxA(nsfGt;=|!;K>{H z3|aBmE3z*5=jZsh!2D6c|BmB8`RZPdmj9K9%f-!nZ%pu=C#IZ7??1v%LVk^?& z)X(&S0Aw>cTSoBV;ZyA14-&lOQTH#&BYFK`%U{YLI{$3K(W}-Zvfd6H3O6GuLtIo- zGzuk*{LwhRMJhlGh8h)utj00Ge3d&{BBf72kws##p`ONmHkkDg6m91rt`E5ybb(a1xh^I#qgm zr;cs-rf%G}0CB$uODH|_AUiA}P0iw|zeJdb{;PQvqd1uRHVB#v%p|wx2kAbHw>CQK zLQcLbw++d8W#@%v3EB$Yz<*jrSm-1uMv3GxF&(}Z`E5_D3P#&m$Im6mN+DK1&i0=K+~y&1w-uSdpvzVH$WPMZ>#}ieHr%7MeOm^n z#%jFM}jjwW8;8EwFciolc89W()Z}%2{N)F-xgVL)ji@a$Oc* zSg+-8v7_^jT#Td1CHRfSzk_)Ee>2JQYb-^v*re4{xES{j>W?I2Y0;sxc9GLB)AXw#PJ}`ys`mEbNY5$&YpsYUMI<~b zw!GLC)8?76PL;gLgVvvab*we9itaF|+-yy#gSOH<4Q;KePq6ZI2;~v4?~l(uTWt__ z&_#=hKr@7*gfDZ}oZ|00@St_2b2)p;OM_{jfI)aRwKdQLXkwC6@_Ck9T1@T0cm3Rt z3S|uvpn|6DkqZ(FyOr8o+2as)%0T26Z{m8w)=*@z;-P)NJ==V`(jVWK_*6kW$V)O$ z;Z+1>qrZb0k#EsH=@%Fy_wQe^U~nQVo~enjV}7aE;=24L-JNL`hQI@_Fy ztbXIGQ$sJiS^8|ET~;-Ty~(b*a-3piAha&X78`Gm&$*#XL4V z&WUQo-P^u`xEFHE>nsQtaHXxOcHEBQu#DdvTp}c&OKx0M<=#$`%QA`E)btNQUIqSE+QPAZ zSLof%dss$?!p$R~_v<%|pViza!veEZh6yB$z*V$6_s59qG>+;>8(YR*2g_47;A%Ys z7wXCz_>W6?ke#5w?~Al$wXHh4R+ynkzLqh&ikR)U$VK8bUcBIm8$@1)dfQ0a1#Joo zxAzyIQb+biq{fpB=g+zMDz9cgB-fk;7x}Y4F*SKdAGsc~CcHk(lfL}=CqY1ZSZuRQ z-OeU{2Nm^3auwmD(L3@Unoqc#c?M|Fl@MtldF!MDT`=l&Zpxu=kIB%h2wCz*3d1NEVw&NdEaQvGc|H_yM`=Td2QbdCwV{z0Xq>FSy?$>}Vozfh1fE(%h0;tr^$*;$30Yxu&TLDj=6y{Z(NFv-iTa}V#suyD_l zZM>~Jr2131@{Lps!@^tjTpL3K#gH0IN9WO~D0rZ0OkBCi=~jg5%2yHA8Wj4z1g(*v z+Q8pjdBzuL_H_^qwdc#(B#bO)aGef6=X5y`10D;Tcpt@JA>UL3!yBcL#>21wt00Zb z=d{4dg3K(Hk$S(I{vr5hLH-zyJIy)Uy?d}{H(c$kmnUMCPPedke-Sa_wy<-(br&&s zk~aatEe-x}GI1H6?S!nO7v+nmxI{u={P)E|UG$x&enaVg(_?Na+4FsW+$?mhpdj0P zwl$+*@41*;SZ14s;q0R+x^NSCCw=%-m{C%-`TE0|f$2`#cviKEgKX7tWE)I_VNP5l z7#k6px*VNXh8s0>Fj`DN_jet#ob-{ zK|QUN-MhcYC-{b)|9IuZUH|Oc`8R68Cqi3-0Nv`^VDTDq0H6VN{@_m8YINtWB1caI zG}d~cnV|{7Iny_WA|!_x}s$l$1}G2Tm0q5(jXe@aC3Vcv|Z)#F-}B0o(gw{Z&HHsomRaj z=ijzln*)ZDmeWNis5Bt}A)9^8XY}%PyB|z(a3!z^4TXd{8(8MD5Fd&GSy7J`N($+4 z_I9bpK}h^k0FBCDcjGsLXB>;h+i?7iL6vUL#`_^JDXp$fr(RO{G)ZFZ1#!jZBMRWp zw&4on`+ckc&Hn`+;_$hvAzYH{g9mBu4bMBL9DVk?yM=Dx51u|6W>Bk5PTv6noCtxNUGm&;d{q?Tt z?L|g)J-o{^x>bawM7q6BhsMZ{366F`dI}@Ci7{4)Qr6d&rQZG{#YqXw&UXnCb7qDl zXJUYXK4{hu@p{wm**^)kDP`CDZ*0%_&i@<*&lu1&^Ip?shfm{Ff%&hdzs2JQzq;hY zdEq8(hnLZEPykZfOk0?$DvdiUj>w zW$dQq-plWWe&phomNrG(PL_uo-OH^CU_+<)3@ac$j)V>fZ6ykIqAJ(qlf82XXttK- zxi@SOy_%Pj9rD<-Isx&i(_uh}KHKTxwW9DK-vpe0Y!c*7-nW%x9oCHFLrjef4G~Fq zA&tX!>e0e+n}R}{f>7Vf?vz$jVaYjUfT~u>B+qn2ermLAo2(K^&j`JH0C3imkJboU zD}&5ok!cJu^x)LQ?_QrY_p*p^8$J<3|HkO1x-a(WX_VIUj;cnWpd%w^L66;X3Z^qy zdllW~fyn`f^Hrk(MjTPGuuVZh8rS$CaDCyil+A6s%!P{8F9V(b%56>Hcpf;Jz+N%Z zs)$(W6_|ExqOa~aI*enb#wJ8__q9hSkg_9>#k5O8sraeW zi7_FjLjuJn!P&1QoRJ%!l$?xnDT%ZYdssVY9 zsvuLx>S4R)o&zp$5z<6{K^1Ht-l!qxL6g4L7QMkV4%3P!Dm z;s;QqQ(uy1i^DcV-+L@k_z+pxrV0V5O2c~pOrLtaYkiU4&>e|deL_jvjpg=HPlf0J zCQAe?7Lx<)cxHsGI`h-Ju!k1TUa#XBVw>*h*>$1)<(nVIv z``E>Y#8FAt7=3BOv1LM)aAYn^u6||*KfYyhB=JD;+SMK4D1$MMc3QW|vQQdbu zcXgG-e$*MG0r@0&G~TE9UU5~Zj}KYFoiFw$`Q$WST1M@1NZDlkxJI`p)6tbHUn!0@ zp=!nbBgaBMso{t6U0HVfY?>{03ZeujMCg|DoVw)}V5H;r-UOs)s)ih98p6C)6D-lwq;lm*4fBj{{Xb3ZyhC#>L&I$yVY z11tTXwCdJLbUt*;@r)`h?r#k1|L=@EKM@cd@BEOn(&KC4jXc={*{SDg-OE7a2;xxE z9aas#%M$$$evFj_zMAe6R4b+SM9}Zn8fdYFW(20XZM+p?0WlhE!w=3Mgq(D&D)7^{ z6*2^z>X3?w0m_5pXMkzTloME9@P_ej-XM2GoPqFk2H?~8q$ifunf}I2CDWmNSRCA2^*I^DiV{&UMh%B`C6RMhi`yDO_}w*@b7{5Tv#dZNCDF`A2z!zv zUsNLS^H>RrHh~aF2IP+DXiQ*W?QEu{C;>H&J+lJj;Boi8p5+BBo2i0mPUWPLum)!) zr+2d!G?dLj*Ohy+;cSV0x2nRJhv9B>Q87WtBUg29$2xc(Njrc)H51>|T*EaQ4Jw^r z%0Ca)#O!cQ;*ek9Am1K&`Ft%ZOkzlu$*@e%UvooIOyvK*U{%)zc^Q$vju{i7} z!RKom++DH@uiuN_u}*)=tt(C8LuYbI*mz*nu1IXOFT>>m6NqG*Su=CFS+ucu76=~e z%(;^{Iid2uvGv|0-5$%O_ zg`;Y#4QJw+f{VDI90}+=EL4*sxayV%gVPkH8ixpEkCyYUP*(>G&}s@6Cx zO5*##ICDp#cq2fH>Q2#uPYwk~I{H@h%Fuk&;$Xk{;z}+33ectzS<7m#i3bAZf}j52 z58fx|8qfha@;a|MJjV>#%+e&kN$N|`V?M*93(s^g7Y|Rxqw3#Y6mhkZ za>`mcivhrp6BX)i}rV#H(k!=G?9Ay+=#jfgMFK4HOEM8nxnPxb{X< zD$$0{deQ4x+(PEr``XV7a#2G?a>#^C4@1q&5li`oV^lne#7*{gNT64!nvtA}TYx@Y zxjOQp^v)`u<~5yK!7h>J9QI}l}c>e0@Xxt*7nDUfDpRA`VU zxTf@ACgo|Rv81f?0o0W#vEozIbe9pU18~FTj<^SQ8G}e0*@&ls8ofm(aU>+NGIUG6 z(1zz!mGKO3l^}psSpM(AA=g=ww0Wm5RnxmhIXPtRZ#36*xGU7u4df!)=G{svoYBLX z(AVw1_eEIUNS_qMLlA?E2SXMU}qpJ>{3z)YSFkrTCHyfK!N zpjn{`Enn}@3>K{bM_7+Kf1Z2203olYi|!55(dhK}?2?HrxSvcTUDiQkq$nDekSLLe z=lwSNcu>m1Qjv7)26FoSI)JTmH9cyHGiCuaUE~lBS6dls9@@?9ZJqY-?yl!;x;e;G zcA#8*Nt>hyn!nM%wKGxvapzs1N#IOmEDfTxZdR<0swWq5^eBDaMfwygt?^<|UMi4;g*S%hgtL?;d2*iDkJwRIiz1lGSCrKjb5 z&o!7r9mv56viUeY267x(Ab``l;9ed_nnJharC-r}lGtuue7Cz}I^e^C@n&Thm|b!Q zV$c^z$fb>{#cJJ2r_O;UAeZ99mstUpb`S>>YmssKPy6B(%viWv7tFf7ZMf)LqoJbn znmL#ORB1!&iGH(rd$9)Hm>?iJZPgUqsGL!Ey@B5^IT75sd9ZEgzWvl=9Ul(Sl3rlvyK$ts(j;FcT#xEhW+R??IBl%UZ5^l0WD0DSkFX~s<) zCQC4_qqs0Ald}qwsg=ldoH3qLGZGfSs%8|@7M}65pD%6{hXz=;Y&~kPo+f@&w5P5@ z*>TM4s-nrK^TtrQ%BPaw0FKS#qeIKvF(Vgojo&vkSUzZe*r0zTN;V!OL09uW;M3#M z1-DH|I;qt`O`znQrT{A5XF67^$0ql~=a!$%+28Idn^wj=THh)JZ*J&J#u)dGJ*@N^ z?|g=LgY8(L^TZE%dy(iI@y=ZF+Qe{}5i6>o1uP<20XOMqbAJ}OaIRn{&Z+NaNb6=s znL;~n)js70d#m^@aD z6%VP$Aoi~gIlGzon4nv4&tv@j_ zkz!1tRmpE);{~Ngr#RDN`^*6k<))rlO%OwH31hiz#+o=A7PSmcd6~O}E=q$B3rl$w zJ?~us+lOU^n)`%YW@+ig7>sC3po7Y!I<|o&Gqn+gE056P3sob@l)1uP#$Dr@a2L^2 z7UqdU@T$LR1*0TH5 z`q>$eWWhU7SriubPWePmK6bYXzia*r0;cP}{|kfCpVAT3?Bhi(iB5-f1lF$zuDz=3 z$~Wv4xsw|7HZqBDMKb51ud#QUAvQ(OBf6USIx#G6O%ClMfamflOKiw$SMVjJj&U6+ zBi9+owPVO&i%KOEs^@KoKKrjkE&>0LB zfjV9qG~7KuTFj-YI#M(=AJfl5@K61)VRN+K9{X75Oy7OzE0>m33{Ectn4B9K9GvCt z%#%9GI+Pv@-AGQ6^C;JX7~V?C zee_aopKJRL)Et}x(TJ-mV!O!8HRCLIuZt!YVVaAI7E1wz`<0ZMpNmMbj7>pNb6Fom z8!Na65K}%q@6=@FLh0YUSY}j;QTvXottl@XnFo=$9h<-gqN$yw9W~L%KJQ;7PG+h~ z33S?nHZ#Z&DT?0SWX9{HK2#+6=KMA4B^im`Sz7+(XpX3}#;_BK>c9{;C)FyuS^3Y; zI%93#M}-}6q%caL7&-!#;k#w3w$*8&=p-QD*vvlggh61noqCi@v*is3PCHw6sQWe=85)eBx zGCU|Qv3>#+nY{$qD&#eAK21)IaYG0m#U#cxkXVt$8NTerA3xfTt=A4|@m^y&kE19b zR)^xXwHDTsl^#dYJ3P0t_mB#fjeAcagNLz11wMG~iSSS(?sNwBr$^eJj`PQC06xd2?hgoM;G+#}qu}mYmkz(WRaOfmj zhJx}@)Pr5S8H+yePm>dlW-)fe+}zG+>^h@QpL8xMn2Lbu6Gr=>gwmvm!w&?eC6J1ZzUlr^kr^keV)Z@G z|LuSV!9NtwxM^$l>;e?JZJCXG|F^Kz|9xFo9x*W=zU1;K=e386gzNbaExIW|$ayS# z1<8_{RjWx0=rquGSgFZ8S6I0#xj^H#_4!{M5~`+lD>{#_x3F z87F{Y=XEpP@^cG95-G1W7q`0CEd~mP!%{ypz~-HEYojH_F(Z~rGD+017^uds@}%kW zj}PRX<#P~A9SJRX&p=n??XCgZ)SWb*cyo;E>JnG;60)X#$r2__D?b2J=Mw^Xj=Hw; z!~0re z$4aRZr3EKP)!!qJE$7lBNzi<1++M95+yh@x7p;TB58X&~fiBn=tV->vZF|)|El;YD zD4c0^I2RX7k^45@rY3{G)(tfPV$o*XwdY+x=~vLH3TE4PpK?*bzqSFJ&mvsGDXO zX+?`Tbh%F%_pi$U&!%SVd$My{WwY;rPaAXolb!1AuRH!u=*(^s99p}f^VcjU6F$6M195E4S>#7M?_?qaIbaFGk+W>w?>)@PH{D=F$AQB z+$xt+HM^Op2Iz^qRJ&Qe71Ib+f8RJl?y7N*d{&TLBzLki!~5o-k9E>vf|AD*0^tG@ zoCKoXCCdIOh@QEzkG`l66uCB$WFx0rZ2g%?H@D?jh~@KcjJY!}D_xj6cXRPGuLAzV zdV?{HvrlT}f^c84sJM%Ct+F5?P?Kp^C1b@;ZJV`npx3EJm3HS;6ghRfpLHy2mEab2 z`%szYyRKgL(vQbNT|o58@*%Qg7jWEX*=Hwa$LUNLHL5NRSYmZV2a6uu;}j_K=gy0% zX?t#5dQ zns|)${`bbj91)jFKj3Y=&{x~N(!9FBZ!IZ4`39m7da0)2Ho z;)Ori*o2p(P&9w8_K2Xqq*O9meHt3b)%w#4#n-TS0NNbOA3?KXe?Na3JcIz%O_3D1NWmDG5jDX|qp>o=@wfZPbN`dYxr{L7+(`d8N= zL&m&ocRiopnL^j!GqoNQdQ5m1A$MexZeimgoy}PUH9&D&IW?f%k8!UE@DWab;z_)Z zZ!kcU`U;JIl;Q))P=`MVCTu=%5`FmPe||zM`6r;;s;OWV^-NbUJ#x3-+am zg9Vxh$0O7wb03!JW*Wt9cvwiQB23u)Gj9Y5mm*YH5>_lu~kq$ z7e=OANOX5s2d-Z3azfcUciVpZWYl$p{;?^(A&^4jE80Vm+MzJa)9iJq z#?QJ+3S^&SWgTkh*{H4Zj^t=IzZW1;z}1-ZzSr^jFjJbX2=86s*p$Pzv3rPFZ=}R2 ze~}VG_UD;4;McF( z-Cg;jI}+!sMM`laZbkNmLSzobVin9HkEiaje?bhzvPrk?bV9*Q-H_|*1*TS3NnhjD zhU;gY+oDoOcMKb-mjO{I15X(Muo_TwTcDyy>^^Pu-UmbekTW}{9? zfqVYbo(Da-0tMF7G9FM;hUu(TYm3Li2_>P0l#_l$qIhnUSLuPUaOzE{fiErgoi%J#{I~F`wT=xH|{hifcy9G~lEALZDSGU8qSU z2~R(_k6jL3$eC_A64xrT2~xWLf#AiMM2l+n)qlI?v{;yD%Y>AYP7Cwg+qk32S7WJ zCJmfzk68(+T0GeHAVB1}vZ_m0@?a;tiV%V_r{34W-w*1B)sL`HXA?0J`kDX+#d2iEZUAKRQ2|blv3U$-U9NpJvbS z^*yF2o*%oRmo= ziM#^B2XSi(8p$n-f(4q0!}=7Jxo0D!m8jQWYzp-WrDLtVJ0+j4d<+;9kENJg&kDi< z<`RNk9rEJ`Vr*`oY4zc`fMr!P+vh?RvV&zSMxs0xN`Fpn+QE}j?k_92D64YXvAoEf zxLA}mVo5z$OjGOVlg-=`us7JY<Hahp#A*CeL0uaBW9^>uZ8!%X^&iH{f^n7v*wa@-$3L7e?r~kRs zQd^4Vpi+Wp*bIJN@MMD#43pG(G?oAc#+q+Z$f2)Lqsp-xa)(k><-1OVGFUSjD1gk1 z>g((4ZtOc{;JLL;PIto0xULEQc#n^3Oaju*YOG~ot-ZTUQFFj&X|b)}rBnQ_3YVc3 z7J*Lai{_L-T0)O|YkX@(lLDtTA$|rBO9hHlz@bZi)pWc`a>yusXk;q3PFGz3DxI|n zDM<0}^#ZnLZQAog*wtg@r?Kj+bst(vdRYy|bHrUxrkGS^s9_9LS&?6!Suou;4J?@v z*(_n#3xjmFPzt*{rbtM#NjnFc@Gek((_o<0L0@Yq6%KAriC*@kNzRf3)}l=vkaCH? z?WgT?=IBdGq|Wz`_<4NlBNNSTDJ!oJ+g^`gbs<-_o#l=05UCG@KwME88@^e zVKi*V+?4xzoMGWdNo%gOjSjhGYm&ZF>@ZNp?DxXoXO4y_ARr%rE4J?_}aQ^`>R<) z%Z;OAy$FePNU}sHKq)gGik)=6A&M*nPU8QV(tB7u`-E1{-oJcxQ2mo zSHy^sYh-0(a$NY`I9!8}GiO{cTOO-|oUa3flA zVr8=l(MpepHWCx#dG8GXfWv7b6Jtbgd|>R{pHVAo6gLcMOlv^bFTL1W%n`e-Ic9Gd zew!IelZ@sVbgb4u9jA`gE)9rjNZkPbWLuvLxdL~7LcLA9&CYnj#lEg7;K+dIT|LBq zxg(b%Xb0|{kjGv;AV2y$kpO~!lxPOe3sL|ZGkFwryzQM<68e6ZHzr}9cupQxJTy3T z2xBqbrjqh)JoDWxAF7Xe+9yD(nYU1<$x*VyGzBiffsu*@NhY%=_Zy;tB6O>Xao9x` z*>Jf8!0uRAcP{IFs+VjI*QWg(8!-nEBu{bq=fxX+)I1V~&Spm@+!1~$m}&7uR(6!c zW*um{VydI|CA2!31^c;HmaLmPg0JY_K8sgpQFiDR?|^L*T3ST}XekufnN=C-QOL!};- zJNv7DuIc{E6C93 zI%W%Dx64v&B9AoaV_LH)niymqVI50G)K8|VbR&b&Pz{fS1U%H4#MbWIEYzEEW9KGA z-9?VP1KV`UqYF!zp5H~+R@ta<_3?;>Ex}Eyf5n>z3jFdQ6I>;@xx#yMEscQSW&@&# z##1&)?|B_+SHvX27?5J3&N~!hqoTHIRP`CDCTxV3pUeA!J(tA?_~1G^;&(IJBs%x4 z%UD&y35BSRcRXQBqWQCIW1%BcebHiRnz@>u%mz$ya8As-=To69M)A%e3%VUQr*v2_ zt{I8yV8)CQMOB#bIxaz%2x=z2`sp)Ry5S4Z+K4AI!(EM{jH2^El#=I?^DYoG>dQU8>(@ekL7)zrSNsEs<# zCF*j@9I$O)0J7I{;_cj7=uEFOQRdspvLK=XyT_P}OwYux$&ZtlhOk}Cy7|rX&-_}x zAZT4MFpS2wU!Gq_D~esdKJvo{h>;n_L9W6=Fe(heM;ERXJgI;TE7ucxz?lkn8<|&W zh#@;yBvc5TwSPj7mUg9L$tml8j@e|HlC!qpbPG#H3coRg$|+bXR^fAsdSBi??YwoZ zG*kJ_5^~JJ4g5&EEt09#T#u#Dic`}Qiel(gFp5VJeIxh!nfVfDYrv0wdJ$5^#L&LvZs_xw9q*Wy>d{ev<-EWn6$;;^sd@dpk< zFlQel+q^1s2bxZlca@>)9cDwNs5)2_UJ~xZtLu#Z(#ptT<*q8O?h{Djw4jw-+#4fx zLH|NS^&+SgA)`k4_?6fB_oxN^!>tM{Af=O&%F}MR7r+!evwWti%PqtvARjjUzC_<4 zIoUMT&Kq4++Zarx&?T0yT8ah8_Yw47sr{;EQIs|@M`eoRbKHjr%LI!CQF@}85ISq( ze8^1Ly8C?{d~%2zS!^DHo=LzVVOEA>gWCld`P+Dun8w)YMEpH0^D_4Pht zUb7XC5qZDQuc|+=P=fOc94bT6wuTf6Fj#`Mf`Sn>b$mEu;^tSoF@t<^j=8$bXQ0{$ z*px?tYaVD@PJ&Ce^RN)kQ)SNrLA`DK@@CE17S`ey7~W^{P@66}1Xw~mF|5!mxn3$4 z_^LN?B1{!(nO9rg<2-&}E`=y;!riDOF5$gk_Frkbl`hliJa8{S zsH@1eErp1q!pB4U?Ud<8eKRthGm9QqrTsDj{DN`q#MGm$Upl8 zyJg1j1SjoUkuQVL5<2q&#qoT5eO7bHow>jZpQgLn?&%Q{A|rN&4n6`#MP3%j%0s%1 z)FC4unB9OOOZC$l^niBr5gL%?fVBAnI#5nWLthEDkS)wBRLf6p0e3^q_@6Ih5gDea z8FOx>*9vp1Z6%h|6M0Gy&SO*x$VlrR<5;Xu#T79=Sq=1Jc}Rff0Fw=x=Cw2v)&73? z-h})s=Pd^SNL?N=S_vF*alZpiNM(oK%uCFlMBTg4a2I9B=E`r0GT&owZt)%~fx}@! z?pU^TA%+)8oT~;h_oJiw9ofsEFmGfI%XP-9dVk&~!hXku!-GEGUTQ;{BsstJ^a|#P zgjkmZ(nI8Ztrjg1;Fu0;Z@>n1n3s{}#!e|duVsi(#$A>(#9*UUJ2>uReF z7EZ%Dk0WldB39|$rC(Y_Jn6Z=oLVMyvj^M`bzZj)oplDHhnbiC(mk!-o~gt-{}`+< z>Ja#YfTyX$>MM0irG-oJ!nD55r>Je)@`(c^Xi}5xFn@7OX)=Edu4fp|3DS6NW0h=C z6}CSmt16Hnb3Z6S6B+LyCubrjXL{}Jis4;!L%u9KSGTQo6P*7Z=3;->Mt*~A%3Gt6 z+M95bxBOG!>vm<&hxp`gHy@$GWIdvp{@l#iuJG%PTg&oL&fx$VG?IcPNlAbjDw&vv z*Y3*EU^mF@yh(pA;zx{xq`ZxeCsfwV#DMr+PFBGVThoJ(k)?!$7{_=*Sez}C#X=8O zC6RD*cIDa7%i4=rzp-o)60V<-mlZRr>$ z6RYC1FVhA7q8C5x(m7-x)c2 z@Xq1L^@5s{53diR-rn3pebqP38OaG1?n- zR})X|PMtCbW@pkSB`6!3`-Cr|`KhRvQn~>`w33|BUNN zyrV{yY`LeaDHT7>!Wd0GTv}$^FCjK7w&T>7R~i>`HlwFdy)wyWp^RCyyDT&4dJ*MH zp5$cUlu)T5vAYyYud_dk-aX1zT3+1HR>(0#s*;i;8sEsI3>AG8lDZ<7F8-@Yq)}a7 zMQtEOUFR32v-PfA)^iracZ$d~651jbpKg8?q8?{}IAWqX{4u&U^+~L3Sr))*Rftuz zd}TL>)dDpet7o(bHF$FmM%}F1ZJ%c~Qcf2-i5F4GnaEgWkqL+LmVIpd3)|>_(Q~|V z-+#jH{MH`HK&1P;9S-EDuc^V2PapvpX1-=Q8MC(eT~pVc*YSSNe+xE9{9IX+oS>%a zqPU`E$Rdep9eopRbq@t33%3k?3R7EInD}`XsgF|$_=!3qXgj=)%;cBl{3@+4|bAO}7b5Ynhpm6rLf^`?LvzpM6k^5pKAHydSt zL7qc@f%fpS8pe9uApRO|iKtYF!Z6yt%YFpSuxkBTrSDSm)58woyZ{CFICJl;>}Pr( zU#BQ`Og319={rn+q{h$2(%4;~m9=`@mmJ1EQ}(DL$dd6~n1|*WdP~Wwy7HB8yV+>= zQ>v!z3y=46o|Kg#Htunbrx|xKu&l;d4b=`8o+Vfsxw>3?zMm5AUpD?yPyO`PFWo=o znsn1D3H8y)C^g-z>BSLeXIS%_-*^`>vq8bIcviYqhi>;A+i9z603&yyMqvgZ3(Kv4 z{q7PU*@aR0&+_cut16WJ1pnC*YNdD<>6oy%30WSD5mOB%7V6V3{*mD7Ir{&RBK}X^ zjR~*lBxyWe^r4t$V04{$@IFr^i8<+HGL{}Kx>W+2NC*N%!!)urNJ&w#B+2%$5B+P5 zw1FzWBuNzs>em01{U`fHgK8{*aj%wnZgGitM0g^1QjO4N{#>yZ4^wN5L~f5pR}8vlIwPnjQ~L18i6ync z!;d@IkAyKh+iNe@C{4>614nj1`epe#%EHt|06AoIYsy8OE`Vm325E{CGTt-DCiyR) z9%3K79gr@9%3ctB@O?JIX840<7{xlG@cujbT|Mr84nt`7ZdJkUIOCuxWH2f9+q$uR zQ#v4DB|^pVDBpZ=4aK6xozo}C)}&`dV{XNi$VMl4;vthS4poj=;e@h)1rCxgR?=`4 zc$KD4C(?(HuD;0ihh0Reo5xfdU}d8XvMtxm0(>z-~6t$^eAZfZk087V0Y`83s6?vP*fWy&7Qmt)W=L$=@+F63jXLtT)> zE#m=lsQYdy_2t%`nI{|N5^bibn(9vcyQyAi3w2LP5>KXbmzd}?dOPO0MbB+bZMY;3 z{OAVrd?;q;;BI7H6*AG|tV7MRaI<0!faEAu6wdc&_fvDDo4KHznRY2b40d?8If^Os zF}8jY77j==v8b|^9CS607BgW5O)9G=?pribD;p#_r0J^Vbx$*cG~9_ouk=`8F9iK; z^)NPYJ8<<0;jZkbD3wT28xahaU#y9Gqr~JmU%p@zlRWr=C?QGYrffR+_beH*q(@85 zNPK2Ryn-DAoq9-%Y-6Tl)ahfp4>V39tv$sXG!?KF+P!jF=PctIB>}pC=q2BVbBYEW zqu&CR7bk;38P^{KLK%LHmW&{hE4vl}KXQiO9J*h3S6EfSOkF;(qwQHqEgHT)tQv}P z2O+164V7ChqvGJYotA#Hvimk|5V1lmlf~G#^%CBl%Jhdx--@4xaHka*yR(Ve%HXo} z?uY;|fCNI5h-r)7t1D8x+EC}Glkj)RZb?gmq3YKA8mI|g*GUDj=WPwD`3gI_%HjEo zl~#gcJloDXOf?xH&_uyJj=n@3PjvN60RI4SVoY26+qy!3uopT&#CY<1RPwo-_Cymu z7f89eP>AreLwBTQns-=KY+T*ol@|WpzRcJtNnf)OSz;Ut>e%nA>QU3+W-CsyQE00e z5kAo0d+0pi&MH^9t|zK`(;B+TtI1!e^`Zm0bnxX^txTZTtM6`MD#Q14-4$|-G6cB6 z=5(MYsB9^KeD?<6sJuaR7U^(xAzp3$wbd{EkNe&7(-frQSG>?8iVtQ1$7&F+Mq^YY zSZGBhKt8BCVJo!9Iv0?&GG$fyKpfV5rNjPi{P2jy|DP0I;b6Wxj3KWp8W)0WMEO$} zAGSC;fu`n)*55B>5qb>?Z$_G{i^Y=#T^>_Yl@n|{`KMY8|C=hi_Ur8SPUn7KlR(jM zIZK|Uh(v(wqQf>D9UEY52}5ZsG$aWdnTlcIb)ja3N?thT5*UB{Z#EB9>+^?Abi4N) zvWH4NMmHw29{ptT6v)*T`8~I+>s~MrOFj`#kDwjo7@L8^1!q8P$SSpIZa?s3SMOG} zzQKrsm0b68lP2oT;8xtEb$WYUZbHI^9V_r=0ok58iMimI{CL&XRrPm!N`mG$a#d+% z{}|0>uOx9O5?olqKJxtWyO{(4PgF+bd)D+}RStE99Q%gwks^O~P!uvvk7P!y@?EmG zPN{clu`>7WgBFvh#po~N@*W^MMKBN3nz|Jl4sk7mt+6ulqoFb&$-mr3x!$sx{+Ac# z==?gFNnf!Cm=+eQWC|9~R6jqTkdK9@nW{&izL|y`EH!bAP4%bXLhr+%@$sAh--o}w z`B&mB>UZU8@6AiNwTq%*>lqcYa3c*9uZHjrRQv(pWK-()iJvF#Tvu|X=TiT=0N(U( zO~F;3^6G82b@}t5Eq0A7Mqh!SJZ=@+@aJZ9SqUf=|Bv4OoADn6_a3iFzc#Q)Dq62} zRW7YPVxwYeoek8Y(bm+1&e7a~U+Pr^sDq4-Z6EIa_Km+!5zt{@@y%}3;HgmTm^ykm zRR@<4B%Y$h+;K81R3Pq84yZzO_j4z~*0C^F_Pk%O=JjWA?RP{B4XA-yd*ke8aR(~K zc;#EQFIU*e-I#-IW-vWaurCqW8o}T6piVnjur_NZZ&BG*%7SP?w}2tPs*A5GX=ZGC z!4$Mo6DBc$u5z(ztP3|`J^^!vB&c=Ov0Y?cJaGN9pF(5KpTW9j8lII9s0*YkfK?dz zlhW2i(@8i}cg3#Ln2~basl+U`JCD8_rBd4{8$Ie8u!O5EDF-Mm*m52dM_@r2Fp`_Ks7d=Ij1Z&=Fh?{~r~H>H#O7$|>4-y3FA0 zu_3sr?4rk#FcR#)LYh+ge~3}|Pv1)aITikXRTU-4S!dmKMCy57fb_43$u+=86GHL* z=(eKjH;36MYe>G3uQv#`X_Qe%MXX~4d=%b63czG+;OVZ55azzhF& z1|bc5<|?3e12(D}q0R({QRHk&np`N4-}1&3o61&NP}1>)Ic?jk4hh5epZT^=iy$2jDx1B3z1~Bf&1~auQIhk#@fF<(qjHL@^+VbnO@c3*^v0;8}h z&9P#czX`bI4ZgD$X-?7J>SdmYvxS?Ooa?v?6>a{vUwtdmf(T5uRvL3P*f0?#IETFa+goklM^<}Zd_ zH-QQX{ocFWL>sSUtkVLQ+Yrbr3_AtXXSHBJTfDhUga~)8S~@`Go~jGN{nTbuV63x$ zH`9q;QfO?_KD=W$i-989d1&o!@_xXI?s#d{-tR-rANV_$-$lZF>a04P5$JYw`*HGy z1~s)$8_AW?{gpRR9KDDSp8guKD--HXvB-Hvc*Zo#xX~Q+6 z^O=jgOupjFf0&eh~~3>Y58?eKc6@meu*}3(r!7pUBL|-9m+`I#*+a zl_IzBUW}K3)W1DnHMe)T;qOE&5F%mmC|;|^11urb|B&H!9sdr;u& zb+l2bZhL;xfw8Pn%5=C zX=2&7?K6~%jnP6_PQfxfU`=Zo=fO5y>1bU+vgdo_oADS?sN`lJ!hcu-f(5U-&qm(j zD49)5E$(2(sHG_vv6Z_{e7L{PbTvhjgV-NuJ9SZ%W*@yaXy5c;*L1uVqM;Qb{~`@S zWe7E1X$WA#oc$Uh;s^f3KHl3DFT1(k66*cME|GgJ-KO3&%@#8K=!`LybB5i@cE0Q zoyUu&^K_{$JnL1i0p6}rR7T~mWX^e+62JapTzmn+`S7H(rD<;Gd#bDL z3xr_(5=>-#NATYZn5K#RSDKmz(Q1_4Dm-HG{OugXAi7$2NhOoQJHI-iXQcehI*GD# zGTR_K?VAJ04|vwTB=y6oi;;2W`rxUqRNB%9syJ4)$A7i%C1`saOC57ec4o#FpS;0k z`LB_f%P1dY=gE)RjL1aiRrS6j)J_PZG@4}XuX0-UuedShCs(^C$-edbA7HJ2yGDi+gVHy|WhZ$DXBUP1jqE z`F_7|^31QRF7TUEk%74GHs7***F(2(xo|m0rHMFpzeNag+7faBP3dxA9ksD|oqzH^CuO)(t<` z+rQV8WSmifa+BE~ki`4=(`2wBwszhR&3zTe#vYhxAe?qal12{l2KN#>tuBAlD)bYz z%Sy;QAhU0J)UGEL0g2Q|r}f~JAIbCo`T3}${NQJ3tznw|@MXFn=Xaw|KD`%`DgGRz ze)VTUyGXO_K+&x$%j-&?leRJlm!>vUzR!G`mGbmFVT9X;#EMCAM9J%dDC%S~fP_TP zz*3&iFOSnUy=PXAY^FKQm@qpPt$ZBoCqo`SCW-At z6Ckn+5{!R@%opn%0oC_X!<4jK}TVHZ}2X56ED9bI3FT6l^Zd zOvGub1e4s%zIF^2{S;QBb}TYqYn{VmV_f3E*% z5BwvH*N=|0z6Ok+IrRvCFAmq0UN87~S#dCrbpG}?%4gw7OJm&(Gp_kfB>3=FxWk*l~UcNcT|io{}`JNvGX;QDI*!vN5vavoDqD1!GAn zysZvZw&<1+@p&$St~{K#%XTbC1ha|Pp@4Gx$Ks~zYAyprGaXzM^2!(P>_(kHZA7NC z9$)x)ey8-iai>5H9H=U=gdAQ?8=yH7 zg4>O(=jCdO`BaRQFw{N|ofcF-wj#+nb=z4vR}T^+r%$oM-n@r|^F!$c^zLx7azi;T zREas+r$=l~dzZ>(!!0M$`?|2U`MUMzstAgZXu4$+1*;E^Z99V5mQhbPl9NCAh|Zd< zAl!WwV9abIIz3(^Wk2XjIl}NFdN|q0{f=3L<`@NQgl}DHUY04X?~2uVuAO0~Q7BDS z3MD1wUNV1-UnNHJcbNk6(Oz!$Es&q-281oC4)+)b#S%*9u&heN8F`#U7;~(Ugh@cc zbZ+Qs98I&CJw9bw*9<@6#9O$)urLe-^9W5BJmp1)|LaFNJ;~5`dX*IJo0d76NppF9 zy@hq#TQtEHe6)x^ze}$<*9{EtW%9v@9Jr%(Zp!< zu~?%rwu?lfdOYAVyZdtg*QxIBrrnboVy%TkUywtzqB04#s?@G!+dCAU-*Vi*%mT183d-A72Bf43Y+F^jpRPi9slOSw<~~Y~HyrON ze^nR}quMQ#uC)aLbYr=;CK}W$#y7vkL|-f57KSyJ&#kdLFNoPk+lh`8@Uq6*h@ACO{+p|kWwUv{|iKka+< zkv;E}Zq9`!s!<;o~=FL+q=T|fG!E(eiI0E{y@YCr~<4_Bg+8+ zfT|@$@~a6iy-aIwJ&ulr&*{apT_?-RD?mYBurV^zuTL5_P>uL6Hh4ftsSzJ+6JF$& zQ-|amTBT-rhA)kH)LKci;*x>x5buq_{xb(;n!w0id79P*By~CELr+=QfF*oR9}O7 zC6w>~V(&epn%erdU-sT^6%-UyFjVOsCG@_Ln$UZPO$#+3UAkM5UQ>Wjr3467AS85^ zUPVGD6zRP;X?k*>5BK&tW8d!>@AHl`#u;Zk`L+_)AZyOKR_1@s>-t^yhP7|MY$;i+ z(l+69yZdo~2ZR&)`tGumr@tk6{5q6=068}90tCuk#BZC4{qCU!0>+Y@2+6B8MI6sA zq={OZA?Cs6M$nmEmuGkWDcpy;4JLI(s@YxsfLGQZ%+S>Fmenmdj6D-vF4` zyKqjSo6PC1AzM=7B+3ahBT7GwO;JL)b@k=gbfr~vuiF0|h9*DUus(MWX*bg6p{R@i zg*{c|vnPC6%2pdtp4PY8)Vw4iMuU_BwH+38EZOtZ4_+2E9$M;efNC^cOw@NTeM#~F zs}>99>tMRw4?^Cd$Mp6^DF6|-++31XBWR0@Sb^_Z6rYlv<=T+hZd!?{?+OoHvi@-vukg=rb80#ok|2Tf7w;~|pB>{W zmNclppl}fQkq7^lR&Kezmi56@VL_xr=HfSvE8Lt{2*vzscXV_!>oh>R#go!Q0d zSAQq^J{moe9O<2xl?RGCfKD zEMtgAZ(-sFYo{NI(L@RszJEF2WpDl!w5B20JIR@=TDqF*vQHl~OG0X|h7-g~>QoPD zim|Q&Usq3pe8yyX{hnVRm{gZ6qQ?peT9=ClTM=_>kQn2fz$@4JL(+(gl_Wuli*v&1 z@mE>li;3h%?UB`i%g#0n%k$eUUrAH3pO0Ss>Q_#WRJfO56SMHbyzX-ix>E3w_qZ|w ziq{bPK}N1>%g6bzvJg$amkN{pUf@c3Gkwwfa3*H#Sb!do!~|Onb4a@j8-VCd<1Nk5 z)bTAuM|Ch30ch`HNDgR9$J zHPL!P2z~H7JL&|5;sl41`}h<0++Xg|WT?3%j9aw#Zo5AwtpNKR(qrHpi+QW}54G)< zutfy|M04Z9@)6R*K1PO2ZomZCQL#(x@UD>axz{t#O-I`}E^5zPfm3#~behtiei@zQ z1L7|P`C-TfBda`M3;1WjeDPMaX^sXU6M>Wzv4p8c2Nkj3aXrx&4f-2&1|B6@+ZK@q zcWV{U<8n$Z6&>80^d=g@SX~?Vz_(W`rED!+50~1TMiv~q?734a=O&hb*W&#N8q8eP^3mq>)IJuF5>wgN8{JV7e z3HGA+@30%vPUnBOnE0RbNS=n+Dy5vf%iq}#N%)n2+{fVSk$d=!rS7}MVWK?g22T#+ z-B)nC!mluf{L3G5tMdW^3_N$;sQ!K606cc~1UF-%RVS;>Z|^=3-!!tnH#RoTb8eix zRT*U;*UJA^rPLytHx`2x;bN9Q;q~JM%6qin*?=dPH!3^cBh`MWlIX_Hd8=m;1BA@&E#ODuCt#%DV;wcBp6nR^y7Cw|uIN*C zHvNfK;#pB}&KmyRcs-Ku%WJoL%-7%fH*yUgE&*gg+%Pv6w58#kt!~XXfLM|mYXOp( zVs|vg^Sui@H_aPkB6Ok}#X^ecfET+Z`2TKGa#(8-F=D3U-|+TPLF5|v^~{;}wKC}o z{U95Y|6FmguziPpV4cVL#EqiVzwr?upDGaKt|i3bTiZw;>fkm>S~6ML5}E87=zx{+ zv_Jd)NH`GSLCzo?*_>!E&>dvAL_^n9q@7auuPG<)q!Uq9S{HHjL7RAS;rA)37ybSB zLuGa&=aUC4)tID`)V(3NbVVi)WV=&+Iq`H=rQsYt%cW|KdKnZS8r)gxy%qZKqj|gc zs4pa>L?zDx>de;>qxc~z}}`P#zIv;G{_Wtm0BC=Ajh;C2~cUd}ha@!uH_q~b{_OD5WC z(Q6gFbF?TQXdD={%4$lTwF+i=)pJm5ie!j^$|Z=K`1ZJId;7}%AYN98TksT~V=CVXZ!V zm74D2Oc%U@LS7e9{L9TVu*f|a_QSbBpm+fP-e|#)I zVb`jjep85ojSmyxUq+7!PW6p$x8RKP?yHi-A_OOHkh@yo)Py(5yf|9UxYth&R1+x@ zD4oa zC?*}G!W3c1qQx_gu2ke`ZcA`8OXJ;D4)zdNcAi5@EV)mOY|=J6(YUrF2Bi3-sB=x5cpMqM%)06B-`j{(#Lzs;P-A_{$iIo zBl0P-nSwVh+#PXYd$HQ=)py_U#{`w%^c7&|d{_Bi*}OqZN?a`ONv|NU4obWzMr|Iz zpMJV27@ve*dU25VKC=R-C~k0!don-YE!6W3zBU*t&{gA z(PXowNa5EaJ}WJFXgA<=uoo^ELzet)c(PGDc~VgUJ+LL9|n}UF7id$y3feap9S9)jeaf>-`#`H z{K+a7UgJ|dvg6NF!$HUdn>bAbs{bIP!Lfi#^Uc{hftG0mB?G1n9{@FTFPkEJZAmY9 zb!RWS>Glh{?Y0eQEiMSqVcf})A2vb9i3l~?8g-* z_s2Sq5jd4SY8FXMdXP^FNqWwry9s$~Yo4(*vRiCE(PJS;zdX^uZVY3aB;kxhO4+vc z+#RQ_>?~qlv=;~2r0cFeIu}>;w6T4PJQFOJ$qOAVOnFu(?EogCd1-X)3w^u#%4!((@hN(mmO7EAC0K#snF|#gflDP{&1+YgD$S!5UR22 zwc0yYF%qf);=ymwE?`KPlN5Tz)S5e>Et0D=UqgxB9?vkbW%7OdWLmHlGuy8h6dX`w z6CDa1b-!dBu@oN>>#IOjmSJr5Ipp`uXdZlJ6RP96q){1%I4G-4%3JOy&|b#v%C5S} zp?%OAsuvY$jRDI3nL>#ST%lRrH98(6D`si7I|_*pr)bV5FERroHkryBs7zc3rb|A9 z?Ue4;ngJk$`>l>51BJVVB{3Wjh!bvQtp3caTn&h+S4sGe)^3T9wDfFX`im*z2&3%K zG7S!xjI(2(A7OZP$J>EZ_J5~vz+vZ^d5v7 z5VojTYVc$9CaRlx(r`8jdNH4rg7A4eZ5X zkV>$Lncuju+$0+9BmEbwXV0{wx?nTMdB7M1&qWK8f>T-v>MytNwP+p0Tq{JJoQL%0+08)fVV>Fe?6o z%%`eCsI^u;DZQCjNQHUs0o(qa-I6vMWB-1}VEpBIhBf1uhbNEGflV}bM@8*z6^@o7 z7@U+Q$j5)3qMZu}()(0eCJ>ib-SX$ia2dw(Fl(mY)2ymT?DLI0bz=>L=>w-PYTw2Z>`Ydc` z>a4@gr2fQ^|1avbj+;MMX#bCTjolLbv_o<_yreWf=I)|doqdfi_J~t>mA))>wR^#{ z3DlLxDm9a?zq&rdDWS5t%-Fd+J9 zCdLn<=_)liP%K5t?2VbFZ%eM^7A25zHBhMvibKHIi32?SN|is2ce3KhFJKRTS0HJS zvy7%y!LB1VwWn)t~+$&p+;4S-`+!%6gaeXHH;(hZd*XH7;JXK9GtQ8-2b^n zvazg5LJLQ?Z*_*$%a-F}zAcAZDY3B>lC4$?y~2rwa}ae3r=7<&Yzv%+Ns$Q1!_5r6 z^6CC)TjHO-$Gb-Jl{aFi2NJ;+{*9Vbo#dMBJX#N^x|CvFI;nkKz=#9t!=3je2G*T# ziKWJy8>SADt^69d=c@xRe2rMW`K`STBJ0E#jbT%Q5Qoq^WLCOVnTz#9|(^wVx>9jpYQ&BL@fyDN`)PWc7#23}j{ z-mY2f`=Lf9>k4M=PjA1!?axp0-0&^3i3G-*ckMp2iw77BKtE#P83 za)TVfvUVgr%0I&_8UF@*zWH~-LPioq{m<*a+XDZ^_WAQ7IvLrxn7C!h<3}@-`iyo; z)LPKS=>)##(f#)9LhUr6ykl~@J)8=r(J%H4C=;_kXFD=2fdJH;{A?>CBuQCF?k%(A zwYqyW7A_fY<)pC=D|(KSl|ohSf)~D;nKfT3pKccigZ1>@v}-NlP4Lzgbo=zof)$S; zTEdOU=4;2yL|;xCdk9=Yf`~v^6b^+|#P?j=wvt;2KA+GpUY#~HNGe!azbIZmW3Sw< z6mVLZ`P6w))!umW2ieVq(i>&}%gsMV>fG<$VS(HN?{i-{N^ThRCgYdzc1Jt1ZH5Iv z_j7tP{Ec*xcE!jtn`(>VGu53LEIV^SdcRx9eU@Nr%WEZyaL5Z ze}pX7Unf~}LPm-rne*(R6G!xE_jlGF@XcR8PpCe*Xty!hhIrA}J6Bpm-<0xe7?k|E z!&>Pc<=b1|F)WKvhA?thaP>(JpDHAk(+X4PLODWccFM& zPz+^Wmu^n}CYu=b{R=r2ojXj0Roz?qg&pOwqms)7GrhPk>L9?kAehqJFU0}j=4TXT z%Va-SSVlBudn)qxcEXV%1RMT5t zp_G2YD&Bg=#_6nP*Ui<|aWnn|%F$RxfrHQ#HR$kt@XM00Kgz=nu)$BzusA0&rl8;8 zz)-`n?Ogiu!D`0UIWfw`y{C4y@eQ9#cstWDPe4ip5Q z$&Shz$b7Dmz4x?N$m(;AfOvV@uauer1;Tt)MG|>D^Lfo|#oA zJ<|SpACaWsqG*khlRc$SSSE2R7EHdZ73X|XyLw$pHc@x$m(Dt+ySR@&=D2NMkAhOs z`YjP5hg{o~G;Az@yDs#emtxYgHrA@aL7>#q@&P;gdV`CV6 zGY%tHX!+e?poidMq8D1qEHP+c zPCS+lH5*~zsZIU#o|Kye_E0wI>9?Py;^k8W_@{1Ou8II`w%@3Z)Rl0lTo;V+ zXhg}i54(cppVc2G3127Z-@6WGb9w}qm!WP~S0gz|;Va`V9`v-b855+SwB3TO6&r!@<(LqDBK=xKo{bQKDnUDsw_t1cCU;2GDgKP~b4a<`fq}r*|OvALAndia|Y! z)O5#p-{JH>_mn0|{7LpZx}*5*2gxj_A7lyNmXn-n8ozz1LB)lGFHYDNTCSgoHcuMOdPb3UAGxy$ZmC8p`H1X0PeU{z zjAqii>t5uGBS#+z&`H6sT{_(F8f)Jsv9nb^HVj8 z7OB^|&rp%n(XPLHjk=pL>Po!q#N4o} zk?Kj&=_m_<9V4eA6j$H_ruXqhMt+!@K8?aeJD@+4{(WMM+2OVZ40p<|fDwqtSJ*b* zidw=Q)Ldm)CAy`lt?C2sz9qm};U*b8J1Gx@4Zg0}V*UL0rpem&iHnKqUAARuzBHu} zCpu7aN1&E8G5Re%zirJ3ZggdCpY9xRrEO=Zl2 zqwzup<_|txY#v80m1O{p$lH-K z8xl1sjFRWqOZoF<$E@u0)ejF7Wxr_(dPwWjP6@iLk3t-Raji9i@eTf)tSdQkHI2oX z=bNzag*+G)dGCSgzBrv24q|r`YTcT$8Hcgu5By+fWa%)$8NEhXRBz$(6czD4usqlV z(3Bcw8NE^1Ve>F@p~WTr?#uJ;mP zm!b$UcIXb2trR^ZcQy-BCB@z|(e3YnUzohlvHLdCrO^3EAVeho)Le-sh=L)H&PPj$_$7>NlQheu*fXVBHYugiofL8N6LF z{#L2OMrf1s63Xkg*R<8HM^M*yk7dXuC_^AyR#q|l_x{Mq^m;gBLSvOEB%R&b=e^+R zm{YznJTUV|j?&YZS+0WaI(g$?cOu!-(fy{?dGbdkN=O}F9?h<7=cZNN#iRl;Z}A#- z?bZB^l)GaBcW#b)a6DrS*L~k8kW(QkWWxHa(hZf#n635p7tS{5C`Pt}#2?vd@CZx) z!f~52fJS-(vDiRWP-ax1pTqiUY0AP-*JV*iZU%F&Pbs1{5Z$V`jPNH!U>A*%vT*Pa z6j@LD!D*avd+N*JpIlutgkIP)9tdW(dzXi8YtSn2e=eA2JAnAm+fy_;mCLVcAz)+j zF35ymFMEt3M73soJN;G1@1`bQp<-(H3fHqDT|Kkk=7NJUeAkQOM30tN$3*QUQ8{(l zTa2>Usa^Y4=^|OZ^@c!c`Hhv0z`)=+Ybb7Wo6K8YxU^YWIM(j0wyuaX{^|$WFSvTg zvUIUz+i@K`L#`!08H{5~Di$ny*kh1@SyDqO9wy{notbfd5lJwBT)bMD4O0@5>+~5G zmYjm?4gZ2Cy5yv&=?G#mtJz*qcPw_xS^k<|WP{FkO~bsf=6vKd*5m0$#LAuN&mX{kS#-4txVp9F&9PdXx z*qXpE@3)(;eSL6plKvZFr#4j4V@-0roX&90y>!2vc?v>$5Q`-XO zH($h{?q+)bmGIG9`IM^(ppMf*L@pJH-29Yx^3lu#o$&?t1)8!wZk}8DR07k8qLU7j z3%g-@Ji0_}H=#hOXF|nD1R5;2CrO6V%yW$ruUZb{8=Bg6lxH`n;LCLgEQ&d8(YS7M zp4UJ*69hPQ3k31%_^>*Q)>dlfwNB=$#_5^9w zAJ^3)bOMFAdzu|2k57Bid7gl$q#&Qg@i+tf^I^ z;?55_6^ALe8kif62Q-=#0aOL=-0a0J(c!zcK>1NR@;S26!ZFxG{P24$gYya~!=OgP zPA=Nn!0Un{jQ@Ruk*ME(POvsmvQmm3$e=$3X^Tg>4|1qFEAlEMa`i!KIAZ#5tUqn- z{TCeZZ_mS(eNUNXVD{fQ@7^UJcpqO;?q%Nd0-`PkIKpVG8zKdIHH7>)MlCl*GmJ>Y zYDNQ$G2q(Dx_a&5dF6Ao+NkqGnnY_e`(GP#nb-dmGGWWuF!)8LzSgoUUBX-`PLG$v zvg4M4`T8z`6mP`L3)^TF3p7X&AMv9WES<`jp@H6rU{F3Z>d6PIH^fzyVS^>4ZHiD2 zPHSo?WxCwwTBFB8%iw(M&6ooV6A^cLH^s~fw3W+qJcz~Y{-Tplzw!p!FA`LV_-tR& z<7rXsUZ;OiBe1^il9N#6UAgGef6Knn8&rfK?fsO0FR6_WhLFHShqN`AJ%tjpS!VAJ zS;aw#E>6=1z*dC%vQ+l4^$qqo@f`Qm>!xe@I zWv4IVs+EO1d+Pls;JJx{e)xq$F6c%29 zCvI81y1kLp$0B)a6*W2Q`ups7K6cJ}+)+<_c0+3fyg{SxkYBd>;tsM_!x<_FuPDfM z5?^EL`0v!%AJ?WHHY@$!b6EfAdY&(}$m)%70I}FY0OO*zB$^T?+}Dtas=KC572%GK zu(n)o5Eu3zQL{2fAz~06wO-$P9c#b^B@M7o>MkRk*pOXWi^8TSu7>m~=*RiS@iv;m ze7+5TW;!A$Oow|7V5%S(Nm@6@rXQVkqzsmCeSb@CA#fM#2uP*=Yj7<1p#<%gNSvp< zppiG{OgAQ@-%Ec(NO~Fy)`&=>M2HQj7U-}wXpuq~sHIm(Lc!XM9g`$SmmFIF)$>^k zq;8O`xh1zbS8#5=XEyZ7oH&yvvbn&E9H@WKH`iUMy_$YwaN1;XjJl|1xi~Xr0JDOX)Hu*$eo!LCRm{ET86R{qP?rult&n~Vx(-0js^)`;GM=nn-wsJ#}6`d zM7ZJVmdNo(#%p#1F%7V1O}B`a87g_{@uMyUTQ6W&>2FUTX+@Y=z}_-K%t7M)*9;qG z9I5JH7+T=%k-C6)Q;TF_kBEt}|AYYF@VGI7K{BDoJR2emQ;+k{uz&(kK7e~lhLnOzL1fDUs@c+bcKJLPn1`vzm>aN9xm1$_Vh`(V#q5%r$DMK}PNs_Jo_Nluxkj5VUUR}>w^1VziIovp5k;tILb4-6!+Llwsa5AD;; zx~RGoyK|;UZpdt(fDLb5d4;MzJ0I}=w4u61MHz~qZ!zVfSOW7)XH+mWaO~|__j@2y zUT%2`Em|6`Am|Eki}wQcIi!m|+YN%0AWNZNw4@7ZvYroWi0K?pya~Dpp^}%v0P1!I ziZC9$`JE60iZ_~>V*HIWublu?8RJMg%QwC$jj-2XO~RjnZuPkXo7G!2pM6(hMRTbz z*a7On(d}V=tG9NG(;6da*?vcIXazd60vB~U6I1YVAo}Hjyx>k9MN#U_-{05=G#HKT zw8%jJ7|=gqt+ggF1=)*(V%-AkILB#T^K?M!GK~5V8C_eb7ekS&1|i1Q8ZaZXS{j(B z)EA~$4<#$ZD4W4et9`0JP?Izt=`}+ngN51Glo#@=eN16T%^f0~8!l zMgtd;Hcd?`RWZ2Pk5S|yisML;QS++m?ywv1`-_)`rP!L9xixJ-zd-2=UkFO<&6%Ky zK>BX4fMma*2mo5C_<$i#b`aN+);L^Ezn1|jHKPr7LE57tA2852bS`%&#dqKjRMJe5 z02+V|*d6QgB1RQifFK~bTg-dT=yw9hr+v(#rxv^_y$$|yi{Ym9^B8dHhTq6dK9JNf zP=%a{7T?LX>~H|h%IrERcO8Gvr0qS_tZCJp;9Q}Iz(fZ+ixYPtFK@&N?bmDNmA7OeDscNaUk6KBr>(8 zR+r0Fc$KfY?lWIM?ST-3-lBv)s#4AGj$@$$fn!m0Bx{%cq5gwvPGzu(OTuqjqWqe^ zc^k&2MS|9u4ZHo`j!W1a9D_tJ-9zJ%P=_`Rk5RvqlTIqchQFYRCn(+pC#YwY z%2tM=gt56{mb!R$ z86d+ItqH&P6hOhME7ganG}~>mvf_?z8kyFwP@GZjyxY_Y)thr8yC^^sgZn4JbSh<^p z5M`VS4KXWdr5E{SKT}% zrl0+0zA(bxU&F{em__99c~Vo*ySv^uI9c8uWI*jCJ;LvImy_~ARt$*eO9aONenqfT zJ;)Dn@~}d-Q_N73vL|^Pp8|-$rm^^`7BlH_#Q9-VNz0Mt0|P@o%wPZim_hg7UB38# z`MjUqEI$$8C`x`?t;{=LhJ;6)u`s_3LY{MWy29Kw^B`u*PF*tx14e;d6xTpH=lcA&Sa5!34k9mC@VobFUt zRlaODZ+**W;%)Z2Erjpsy|5U;qpYQ;4b4vUYo+vm5kx`}J<1Xi>~9}zQlIOb6(LT_ zKcu=op5;0kYx_ZVyDSViIi@;RI2TlJv+&5X%i=+R?~*p5@Xz=4j^9Mmt1I+dt^uQP z&qUel^-E1|=_vG+kU^&X`6)|@M(2)mX*uRhx~Q1-+Yxi*W)ER84$-S?KH2}#^`UM4 zCZrfVa$dip1)+99Of4U=yrp>L8$HnQdDO49Rt)5Y>*XM7$k(OpDl4ni9~{l!<^E^S zKeGlsi9xoSv-{=hN;Xx@e%ESHZZ_}y+b{o2Ww-_FA|>fG6gOcN6z*{*kfL{dbOM~i z!pMFyDE|b5_-nbkjKzD`Wq0S^P<_$aF1XB2|(h~CJ13BRE}2yPY%j>E|5Wk z^4>^bGJ?ZjwK$ZX?%4{_pgAj(r#byg;0+$(@vdQiGZ1brV5Br>eL6^H8D-T!oB!#HQ|);#RocR6wmy6W zK5X2>065T!-M+<->tGQKu@Krk#ZZUWKz2PeC2FT3&8G5?yYv6y#{c^oRYkbRnOr-B z%iL?WqSgl|2%o~b%!kw7*Kwv=7?1!AA`Q8GI%RES^S-selZN`{KD_QgeJjZGu<}jb zhO}DhTKcLn(Pw8hsW#ly6(6LLof8_GwLt$q>%}2$9-fb{#2j^LR{Q*3cK4lcZu0p; z^Hgnc9oxk^Wd`l2{N0{G_4V_H1}OrV7#bIf-M8A*SfyV20zH|6RNiS6-xip z&9U*a_&Y1wW_&x`@LAx^(8~HMV~|(=Ngpu`L<|2?`&0)(od5nj5zH@$;?=`gTRzNR zzT`|h7RmYhLGbfk{l#?RS}A!0I1bI{s+GgZ@YDPtL)E>XDc!42ZjLu_$r?UC7^^`MLpr;110eO4yx==m!)^y^4gcW*tkJ1(K*{$VZ-4Rbr*HjKwEORF z{)8CO68q5p^w2VwdvFA1=77GP6DSt_ws&UT{J~tFD`*#);zu2rOSMEtIMBIL0)MEO z{9Y0qWRc~BpMuy#Zr-4{$!*WfonfMhM~uAXtZNwe*mkPsRA>=uxeR*69BTdX=x&?w zqrlg*BgVvqhTqblOjrqru23Q4!PiBjsaa6vklF+Xhssepy>tk40EMh-MCiLitlC_;i17y&lrNK3BU| z|7C{J;2P&*(z3;p6ZOJN=X45feO4Y8#QgUVR{HNu*K<99J?;^!)gE4*1Y*rH*RInnO%~Cat;cA(zA-2A+-5yHs zfn`WvApndCjBb7V?sT8tF#pQlrClta(Y=hne~+@~$aA~Q0XwZe^Zc=^kB8(`8G#Gl zr-rv~Z!f#JRfd=fQ-iB?Fg2Id;xZjZj&}nzDsWeC8xfWA9UJ8_!7QrCG!y4U_)b=o z9nT;Qd&!q0DvmE(U?GC}qZ(LPb;>=xk=9Qo(<858KDzPNmzR<+yWK0hQ(YAXM7K)e zUanN$Frud$ztmpTOsgAoMO>*k;VHe}9duD2ot{NcaAAR%4HGX=ft(&z=eaQRf-#9m z^@B{%2I0%Kh8J3^KG~MqRojUQPp#_XgjPI4a)O`o`(%vm&h8kQYur6ZC<8U0y!g<@ zHy@7^i!=+;80?Dgn++VJVSr*Y5OplJ)O2RK>i=0V|s8h^%B1wAu2TA!g= z{sv2ZK;RvH{ZA>)u0Zw`5k-z4WD!;c28K;}o=|-;2;A$X*?gMaHEq}G<}PA=1j?&| zPe`TT>bZ#EG%sHJkpKNNF(mGpk#d>g)!DJl6wxyUa*so9v^1%GNQ?>HdKm-75!}p2 zgK6|t8c?}~3igkX*KwA?EbPawWX^XM)1t;lovks3)P<)Cl_WAoqpVY>(>?N?G4t0~ z+CRu%y-1`3-g$}TX!^CGGfks0+m=u7TFj{uQl{q{#j3f@k%F}3;njfc8l$Y~+P=)>x0;1vxyCAOl3;!R-lqev z_Ml)t*Ypn$K73^qqX=~|>EbjtM8SDx#sD{+=8{K`&XbLI?y3CR&}w0vVD*4pN7y|S zOvJX>ItqFt&09@=+nT_CoNoTkXk~6LgSQrh;#iE+!VT5~4}#mx{5N-a!??pgicBip zHy6f8yiNFe@z%r>0_8o7{ZyXntdjxc?h#b^8b4<-_TY`}69Y@t?F3l%9`(js$U+?7Jn*@JHzwG5orE%Fkn7MeyXw|Qxvwvl5m*LRiSBu0dZ zK^~c+3EC{g(AQ{2X;Yat#srzJ$lanpN>85_L6 z36VVzP3;qLY~YyDqZYtvcTQ%<$9*!1Gfw?wC1HV1wzUq8HgKygtkyfzWLvjL#$sD= ztIwI#q%~07^VAtV2zWmwxEaGArFIc=n(B}iVqa{S>11Z}N!mze!+CgA*gu!Tpl|`K z9|9{`p5wf(L9o*y4&lAWT5d|}28jZ&2x<&iWHLIg%|6nZl>Q*v>)nh8Os#qxVV+Sa zzMp2V#6-Y3aFpuu*`W*Wh!VVBt_y1KOGY@#K16-JIAHmy?0{Ozuz3+9vU_crP48^5 zj5JvS(8Iu+@(zHUE~m$(eeCNw5}@LN`hogK37LL}X3J)>4h29nnC3ZcrHB1|o71@9 zsHd~a$Wp~)l17$$C{42xHLtKYWX`)G>cP`Ta|zCPV`|+O7h={I7y=ToUv%?pU_X-; z-&E!0Z(QvCv}9w%$XQd;HDmOFX>!vqcdn#Y101j~9@cto-*GQXsPOx3%Mj4;AYk>E zq`{FE^RYmJR(VES3_~@o*Wod_`xnTjZl#)3eE%SIh87kD@SGrA{c+y5sq^)1cSklu z2GrC9Z^YXRmRTr95QvAOCl|*ap0d-tg#@TP%nfK=7Sk;I)T?&k2brB=PPghcjVh)? z$RzNMvvFveJq?_Gv5YyJ>&DwB2+bZYqv3|WQ1FUz-{htLB=lwYB$B&&_=9qa{NhLa zLYaPl=!c7p>`GTF$g43tS9NbAK8`{bsoe_sH#!-f zNfXlOTY;upfG}=)-)Imiq-W;yhZ&o*YK8F15S7MG$nQ6$rU`cAS0!(LrBF|eyQ4Zb z*CGgFGdH(hPXvQOTpPTQTd3xtNDb3XWW+{92tkU4&(U5IxXs!azNx9iH1OfFGH2G} zG--I%QfMOc_wS6CTO{nP;NBpH# z3hTd%#8r?R-m%CYz!qJRzKIT&vSD2a6h(bjEuZTIMi&BY3g-a_JRv-qX@3I5{ zu-K*?Qkoe0ifHca#|5}n(`Vc%xu2V65THk10^j0dt>Z1848+2c3rpg>=aDLnhG0^v zaUGDun#Hbbv_&j+G@CVbn$v2y)7&yf>rop!ziT`DRQ(1!XA9G<;p33cSdhM9T6v&r z@+zx0RsexC?gi>GFFQc_%U>}^raC?l2^H=T(YX0#rtE_LQtiv@DPFH{>t4#%xJ}`h z#ao~0^uuom$#bk9?C-6Ik39XjX%izVoAvj&By<1v@6q$_D|2{b_0>@R-4U#u4JAV#m6bkANhDYqg-NLp8UrD(1F`+M zWn*G-=(O_>vVyGsb9U>^MR9C4=s_#Pm$H{hdd0S&B^mrQf9AEExoSg2h}Hbu=aeLu z_$b#+qKNah!5Ej$t3j64kqziPi^s~O!M0A6mE)-Qfn%u&z*X-!N_=d|t#H07vvt;W zeq^%KAj*oN^B^7+v`{+uEIppRu`C^Ck%#NKoIt>j!1~Q?VF#xuN_+kKPosA;I@e$F zM=2U>hysfU8i>sh3jO$am=g(D*CMjRc%oc{beobpSMk3}@_mny0oM{_Sv+rGcJ#4F zi9%)kfgr#2CeAmP+^+>KZQuBnx!XPO!LMhgAMjk;i2+r9kO{w=w9goPXF@sEIEenO zt5O-9xVkO(9fRR=HVZEe|00KW&7~H-k%>ZS+cLp{qD>-2;yU4GZK98{8!QhWUHsLW zxn&eWH&q8x^>D!|_xFixD)nrGP&+mK?RY0=+%qhO^Rd)(E0G>zL*s#b?sKC(cJOZ0 zSr<9RzVgA;5^kILEp#!GIbV95Jp+Cp_}iYnY~l&3wVL`oP0pizKS(L>){y)Y-yq}I zRlPOcp5Ttat=)`?v%N_#E>&noi)c=l+5-Dis-^e!VWUT5TGCNI&j`lJ0}GQJNp+*A zPxl06_{T+n`{ZtSN)tV%Kg`(}^f$XLG|~HGn-%lJM~qfKv~zzGD9TtrT^i-3(_yTj_h|a&vVHiWSxvO#Th^075)`(_qXNdt>G_Ap{H!`moYlx{Q~c1 zyt*HPz%(iiB?A}H(T!&`XOa~QUT945OE{rJ@TQBtQThaRN}3D6w|#g*dJ^UDgEsdI z>vLR6GpXgWFsZkw{Zsd=?9tukoKCFHv3ABi-;yas0Kh}dhLo9#jbz70X1d4lJf{JH z)thdUthK)g9!~C8pON@FANckrZl!j=O=`3Nx15`V)k9Hp#b3>x=mp}597)zqw}Ng{ z>%aW~^l9>dcE=M8kG6PY&dvdF4rFy}BHEq>;taX%s4{Sx(>POlbHcM)nBi)l#@r z#|BPUM=(duY%q)I)D2IIQvMPjE%DLmXsAk$9K~je^M9zZ=L&}y-}2Iz!CR5y7q{Wp$8SXWl&ymu0x~0`el%Wh7*H= z6(2hT4@J>P9}mIp?rKQ)>mXhxjtaT{)iHr{M7pudZqIc#h?LtrO8bMXRXn_Kj z@VFEjgHRYr{Y@>O9f^sz6E%AXO0p!*(Jz`x_scQ#0yzrf5EnnlLdQej$Vb!XaYinS zc5<_qa25wfs#T}1EYNq9ZvP*#WxXvGP>7~a)jfV95Va4zTC41mTMiB6E3075{%{L# zrj$iEyKkFbZF+uMuk!AUYE2ux$k3Q%O zxXH$FA?RnE%TNY5;8+}&FrB}}u*6b3)Ab0u`G|KU(%v9Ome=t`ag$jW>F2}$3(_?y zmpT4Y#Pd)#&xoc%?`UZ_7XtmRhT!^q_di*l$kuZBDw$9)7Y}k1UY_*ts)09ZX7C<& zX&FUcoNWuO`vb!+TI`wbK9SYf?=LpT=pi;Kmn}>VO~1wWO|R6sv8Do6pcC{a&!-7U zlytsHh^nfKj)`uK#s~^eOJ~zSy_2L>-m&eaI}EpYA3mn(Dc4y?`Aw>gn+dWGD}TSx-%_@vEW59N<)&E7L(-pUy?w2iI)# z6bJsH>@4ZU+zw-pZgBF$mxXJp>3TeA9^X#@ZcWt5XlOEWF!-xR5=WNHa#y-CLvvv2 z0>Gwmh(b}IlOObH{otGQ(7UZ{)?;<%CUiqf6ix#tpR{;>B$$vyZ1eNhGJ3y_QX0ly z)_%yn@4P8Xex;U^QMLvWF~pW;nAGp@a$cZnu+kxtON8P~dQz#J4whEex|iilbr!#~q!D zEpyhJ=uph{aPPQD6hZ=w^}>UMI)G^OLn@wzj2+{hE9+}_KP_vzdT&$$0^vp8WCxnK znbu%Xptu5odn8Am;7~;tbH+Ju)LEqW)ECyGok?_5Ja_%R>C^!ldVJgZgQd`8szJ%E z3G*WFB2vH~Z*CaXL5beKh56X``lKF>$wg;!b3SGw8V!=0sMZrw=gcNhDu~bf!g3F` zJT1bqtM+ zJT{AOm6k`73l{o$+7{%8)P9L@{iUO4j1vr|nEOdmJr)9G3c2_6lMmm~qtz9?*jkdg zqn{)-g8KIPA(33qdYf%W^BQSC!X>R-W)jZS7I+RJ@^aS=!iXj-F)er}{S!nSt3z zM=HlQFZL>5miy@_mCi?xvzAymOchPWs*vFg-Kw$p2k(3+AZXi90Tn(kXYQPB*@KZ6 zeKrzDfO@lxXqDgZ*0HlD8X9(ADYtISds;}Ya!TLbiRCxU<~R04$F%mx^f%qVc_KQ! zo259_gNKs?*`*3KbyDYsfg-ap`sNug)v3rU)ZmbUsamaA>w_OrTg?;lcB%a&B}ge<$N!G<`6MF5P~D6p6? z+uvMc1;OkNy)z(kRB z=5a7AJwuxGYJE+7Azv-~;1SIRC=dAuAuD`U!$C`v(nPksXfa?|%5N6UiqgQfus0f| zC8pFV*Fp1Z2ZzV1d^p@)z8>|lI7f7t25eG?O{hkffFXMzu47FviKDx{E~Tat4@A8F zcs(A2H&IX4SZp1oJ@(BfP0vIEfiZEZejqR}B#q;`XQ*@2;=>Ch~5Y;&6z z#(Sc(1Iw3)a-fj^E~7MFsO!P8I8fjCGM(_Wt;~x!pY+%1xqq@{2d=_)$||>9-nQX5 z1Az9t-6wclWdG(}y3hVU0$W1?V-C4fxMXHo#87Js1@nvyr_S#ZS2yJ?Kp{Md3@aQO zH%DVZndN?wLP0QoNm}8|LM9H=Kz)G2vzSIP^77ReOzW6wm6wa)v;E2MSB8BfA^yUw zt`20lqMrH>6&l0TF6*-Mff4u*{Vws-BH#K_!`o%Z@JsxDHg##p{-j#V@$(EoMc6IBVUC?+E2c2PI}xIT2nu+2^EM;?!KX@CF;xg zUj^vJnVh%tqy}nOExga}R1dUv{>1rb`SO^Mxc1!FPfyYdzbP^}zvE+;C~ZI2JmhZ~ z&{hiK+l~uQrCHU>5$Ku;GgY@WO2;14t z)O`$ymYphQ!~Of1L;F_DAvzwUn9SCi7WOw6>|U#P(uJBED@l? zI+#eu7_v#Jaru~XjPc@?c9Ij_w~9MSAbU0#Qp@LNYoHI4+Y1#+0iK8-UgAf0=+-TK zYm?{CFjjJAA#Z-S*UZPw`J-Qn-Wij`k;)H>d%ge#kvA?k0<2oCNL_6r0QkNt3Jk~kgi;0*t$?2XAvna&7bTqBqcuv2(R5u4C)HSsYGlMD}| zWCxb+FBxUZQB2kKgpAh zJr$<2w_R7(FNx6^%7y1&U1m@Vh9o7w^yF&G zutR)sVHU`lEQrq+BtKdsAH?2Kg8NCb-J}u!lVs@NO2_+|J=&9lEs%&6!&QuY)}j;B(D% z!(LSBTKGwaf*+{O+XX{)`aSAHj>>L9g=u9`hl%Daj2WJ~&q`Ym84QJ@Yt=K$yE`yd zy_~N_@QCAcG{}aicN;C5 zgz}a&B|u(7WWTKSmac=UFHi4#l5sM9$uaVuUm^u$Al+Qh)BZlWO?G5GqO`XjifZj z2KuTc#xQYGJ0~Dh6f{B29zwbmonlB!j!V1_Uc}Mvwg(fMo}K1 zJ{1tNwgi%7I)E(`y~~%)f?>m`G^R>`Pxw65SHL1E-QoVcmQUS7Y~cDx3uUT&MHHMp z(M%!=P6v!u=B-(T09WrfanAODax`i!Zk?I*sukpzBWJ4roc11S3xvU7QX&AwO1`j0 z1S5jw^V9i3m+XnBn%dn>)lJ8L_-IgRzp8Qq7G@X@A-q!#8GA=0P7{ahA@x`N8=v#O zav*)h9C#vT4(JywD#*lr4J%+pGZ|@K4a3xK9 zxV#qo?Um>V5cnE1Ty+|c9Gj6~Z0F7;;FBMVi`-vv%Y1xxtd2tBfd?rIn=4mbh-u?P zxWzUd?Y0qQ72)5az9EZnn&F)`x!;P+`V~hKdF!RhPXi_PM&9&)4u=Q$|HZ5za^0=| zo=iUYO=Y?Q+WY0r-4Nss9bj(1ja^uppjMRJA9VP}?sjpkCHq1usU5|fBIMY-bZx9|7$0yuS@!@gVw7srMdZBs(KoHY0Zqz=PDZcg9JPwPIgcP~#SPamC)tcB>*tPjbvF@MVk$oDvKCmJR>g?WSKL>8 zQAHKkp23@8DhRYh9fK5jwPOWV~5(%qNoz{dkDoUf(OhluBW_ zaqWaG)r$Hgfgb8W0$37zlHKuQRT<)k+bet%ftl;f*k%371A+Z6WNFH}%`kcx9 zS=k=FRu&4tD7}7QDkdK)D!wyT+1eK^EpDJ_pXn2=NtrPrxK-NI zJuD6ON2Oe0 z^zSj>_>HmfACb@?HkL0Snk%6n_i6_A z9>k6eEm4yvdn2j7k%PJPuE^iAWUI$dIwsMZHLBYXF3KX}A7s(tmnf@u$SF8&YH%8l zW4!d}Y!hG_9maUX2d%EVh~tKpW(^3?s=~qHvOuwMz1=~#Mv1&PYFWd{db~2Rcc^?k zqmZuL!ns&>PbY_Ixb#D$082@eLvGP(v$eM4S&~Cz)}sh~9=T7{|-~3}3IFv0X2_QwYC@ zuTjFeu0oa%0z_rMYqpvcrmcY^wPfV*M8mwvn9dv6p%VOXl?LofLz{XDZQq0MP#0eC zI&_AuX~FT8%)RkY2w;O{`&N9yGz>zoT&G&!bvJI2O>jE1isbnKw$55VNlNhc4Y(AC zI(?70xl62ulglIOtl_cL^1cRGzJ+dDx7!<&2Kfbut>mt|ANh~nTQ624%z{+NiE=QO+gCi3Uy0XXTDB?%$jT8qKfr!#y}b!!_h*4~GdUc-Ipx7xZ!VD0AJXg3lQh;lR>%TURsNG@uyz7Cj z8G-x;dD1ENz463R9jrcO0DKq21=eaMhJkRF?B1w+;_sVdHJqCGHd)$ACU@GTJ0ZN# ze8lHQm|dUa4Fqb6h~TNUzWXUf#Pn0zhd)!j!iL<0UV?Jhewoh=Y)ebnzS_273Agn0 z^PyLRMaX$~J3dnWR~*m%@Ga5i*2n(5QsFq@T1eMb zcZpJ5>;+HkO_GxzQ}G+khdpZ~g88xj)02F!m(>Y7{kDlSC@whdd!1YvM{V@oyb8q}+kYQ+&E7+lTU^WV@$| zQYG&%gv8bXA4GHdFg7Ku3%N`oN>zdOd>Rtn-YHTw5ovxQKU}%(kZU=A_6`s5ZKr&| z#s!x>;~ZCV;U#-mXiWE~=ChpQ?k;CFqy^{45sKfGs1pZ@PkNTD6T z3{A0|Q2V=nkP^LQQHd+KzxDC>*)wvhIh!5%7qtPCMHB)kVRb$2d2Pj13d{XhlQ$8& zXRq5rVSiMDjJ69M8Z)B*2o6hbcd%Lx=9l8{@Q%~@6t0=SQ)$b!zy(d!*MfzB74)=Qh70E&j^SlJM$BWh{ztC790n^*!mcr39Yf?-Mg=&wkz3aqH z+Rf3$(LJqmY>!yruk^&G>SYZjTKalXopKbaIvoov8^*e~#fLpR3C%hx*s=7Nzi1?e zDMNbN9tUX7Ed}Lw&s3sX#WIZ%caRSU7`sr(%q9G+hA^nMLqBFi7bN`WG9$S4RI~vQAd~JEWvDxK--%>Ts=3^V8-+kAFUL zJ50;o;Ar}Zy2l0DOJH5gfBwp1t^ws>L)$})7YLgAPFPl6V!nFj_t`$*VJcR^B!6Z9 zZDor!@P|%s#qoFF1wJ}!y8-?T@9|(gPLO4+?A-q7WM#hR#^Uo(8xsWGX!@=&8+l5K zr;HEq#5>_wf^$m%&fwj^HfcfHlrqN*?M%FpHH@$4N9T2K`_axj=6}nK;oVdReDo{< zL3w9P!EpsFQH#?jeNreK03j~Lg0}!$oq&AsOZKpdipPDDd1WH`D-`qWEIA4YSkl6~ zgk%|N1leQ%edzG;My*b6l56aTO>RKrD<&S->6l&KB9SIRgu3L;b*-W$y2Lu?%#fu# zNFq8V#mv$p1-1`1*@-U8uwUZ2J`~o1J+rN#+>y@MCaYftxp9Gf=OwXi4L)*Kh28xV z)M#XC)5bPi9KvypLk7GPsfeX75V*QAb|>NxnBwns)Vh}Vb(3qf=Ue8sD5XZYRe%ke z$%2@U((^Em=U5n)0p3R)Ho}&XPNX6zj?WesB>04tkvshCdc=F~aL= zZA|)m;4=rl?s{3PNAotOGGXBU^h&@NPF5zo0|8w*O4o6o!_w>r-c4@^3o^QD$?f&h zH}<=)>DD|h(y4v%h=o9Q9S4|I(`TY0o5dX8{%)urTwVN3&#wC4iQ``o<^S}Hf1Wu0 z-=F-uacM}`_;;Xz!NYKr;E3#(}IH~{rQcFyky`EAwtS+=&tK#g95OOpj3(s+-w zO2AhR)%^@$NlL6$Ji3KEf4Qg>*Pmlf;oVH}FhrZYb%(aizB;a+Bd@r%uSzI7eGH&-?XLZ{akOjx3jz@RSri z3tD_EnT+mdn4WA{WZowD0UPzTw0f0DAgI2##-6ZvH%BptdKxHA^U9&gV8gz~o`_&?o8F}_gCSyGs)#j5 zZdp6JY@kSy@7Kj8i!Yk4mA!S5mn&hA$AG-gw4*fp+-er)lIZW}&9S`OvEW6PeNRLXYuRD{}-^p+5h!h^B%bPsgc7?icR*G0kemi&Nv;5QJbvWBB^#L ztMz_0C(W5ww1DhipkWNSMeoU zk`oOLf@-!t=cwPjU@G}sdEnj*ZLS;0dstdyN0-8BEAR%IA^*vhNDvWvXhT7ByeAn(BEIogL3w-6S4ht9eb;wjPYKHxh0u`Eya9d(>41O4O7 zui>7PI+lV%-!uzDHrxOlq679&JIRA4kVW14!6tQ4EZEU0)nq|eV4IBvzElfgB9Bwn zeIL`lb+pwk{J{5jajkC|ST2u?c_)aVv2OM`_8Nut*@k1s+%a0p{cYcXmL76UHdSh`~49 zjv&?BV~7)z1;K8fgoyI{18VD!@Mr*S@HsvS9ni>oCQ{8UG}7#Y$sW&*W2zC1RYwnqRAl+^hN@Q97mo0{VPJ>hbqp^_^^>gZxd`=o?_j&4+i(GU zNTFomy?GqSf<47uINMS{64wAI976O-2~) zYb4wJB+(%d3GF-CX-)KMdPPOBI=vsnNmKe;+NB#)R;k8jBMuI;b!jKf2Zp?8rKe$$ z)aj0mj2=;%+?9<*GCsrzcWHuEAx2!;eh_tS^LB~K3kD8qZ-lHUxqpNA(4Babdn>J> zL@uh;fW5^~&#cQXPet06WS4eSfNMcA6B!5-))C1%2*r#B$=p@;XvKWvL>==zU{U^W z%xa$hS8^t!;+RD55i>)rVyRc+>&8`ADhawdeZ}1<9_dM8@#NN%XlSGWvi|>~A9v>r zNzToyXP7VMB2yz3MnAjJ>8a@W_ zA|df3U0Ib1!}^@z3GbsFIcJY~OVAdyU6u9Wv=agpRgM@p&tmk`FmC4juI$;i zHnXI*@2-Iwa?YkS;{7hWud6++P@&sTnAz$y^**f0MFu=XpMLhpX_C6DArVK0| z!-G#5qhzwq@qA<79TsEagqS?XdWE|Y(md8^j1Ac$ndV@R@@PJfPxLtuHOIOoebmWi z-UTCS4i;`N;b*Vb1AgDBxpd-{N}bbbcFj-rj*ENjF=Q!E-A6-vqr%irx+pd3KWDJ4iS|LJ(HK=6C~f{!@4yy6;TbT;wCZK zq&W5ML`;WWm>8m`CY-*AwNH?MV@gl*SdfrVAw4DG#a8BfB$v<@#cj?<o2#TtMFh*Y?TE5dMvF1gmWVemQWn!{k;-*X z3v7OC7$q!fb4;Jl+oNrLZj}cNYSDRd&q%fMj>3a7YiV(boYouV6Qz6(Q1(!Ls{$!QYWo_SjMgdAY4-Jy1RFz2o&jFy+WC`2-am| zK9RraPGji(lcbMAJJMcLTB;%zGEz~&`+6=6;-qu&~Rt)Bp59B$RdI_xMIe?1|@J+Xig7c-vcPlf1x%tXI)PznOBLVdw z_FEpdrV@)&N3${08alMR~fmD6zyl{>3-1qKZl%EH`%-a5Ll>RF# z>fh~uw*tRPu!{BeS0NIf>jySZamt$tgTH z4kV{nA3En&irZDU7{W3#{3v*0!34{W>!hHRzI*yjfM0swV)53@e<<#~DDjz+no6$C({WvXvB#u0XorBK8oWT;IVf!z zQe>4EK-vM$J@~7L|CjUlNXc69dluKL^a8|aiHzcM+TO0C`J>?7>!8_8$Nn*OE8YbV z;Q9+Y1&ulC7IMV{FTB`1S-HuJCdRxdNEw_<;sy&(zNyBL77wRFj`?0vqFbpFCG9f+_gRm22zH4`}>lH_j=02BG0HdbZhEM13FC+1@~X@^d_x_Iju&B z5S^^C*p#<-mjAvMAj&H@89GP24JEpd15dJ$2!l%(R3t&#tu=2)Um^-j^QJJL>$I2H z@cr%JAed*KeRLe z=$C6KH@4KUO^K60pv#znZ+wr{{LFk|h{D9`>jZ*c^598Q#J0ZlNbZ-O7wYVi4 zwTO;DE#~hFC737L7M9dUJ`3?qX$4O?T+(9mN}+3Nt{L%kh2v<$C~(VN3^Z`~{HyuK zuSN>L+FRUM5Br$RsDQoJAnqg|03bxqS&!G3p;h~lg4$0@fC*~zzTAr!W964DjLE;Q z`}M-RNv9m{`jceV`HjGxH-C3%YOAJ)rx@s$KAyK_-&}`mLG91iGzzrZ@})DNjk8lj zvQtf_Hr>v<98b!3rWKr1w@sWQ@r~iaA~n0rTM-rmq=sV}sCug6i-?va>kyI~rhhTZ z6a#v-S0%{$B`8)7#_pD`&-tlc1h`(3Fm)mCX50fUG%I{4N6-xpY2V7#B zz%fnSi_aOKE=R!_V;xE+B-eMHXM4piBa6%D0Zkm%1*;JdG~C?|dM8pXUmU=+=MXQc z$k$!zX}XRp!qKjml(xvP6de<)sN=*Q3KWU9eUC3#=N(QQSZrV7Obo~=y|uJSela0R z(}atB<=~q_6ry`;+WTdh0#UmNXWEnuL`$x?+9#exkgNk-Lb607pIc(Ya+|%QH)d&6 z0rwSJhiN^A?Y*}lCeGDaW(}eO$oWe=IU5$gOHI%^6xnSq7aR_gN&nG9;aF@^Pj@P> z!1i*qcYUq##{?QD@(vj})+I}1{bIi8x8rIxtPW~F^j1u(WljCrC;RbFq-mO3F>(e;YiX>l8J^^UYMx5@;O$3{CS2rHFW7M-+ zF+$Xsh&kEJrLg%B;Yj@fAJB%Q9{RkXf~P^2m~G``d0=}@)#qXBu8TQEmSX_R8R72n z=w9`h;CvvDzq`PendAg zPBtUt)EU(hPc@tJIjhm=k;gcWc|`Geq(^qe00h=fYh><}oE=#GBwpjH&%8dw^`$!_ zb6UyIXFzAF+m}u?i+Zju;ZoFE-Voyxe>aDKry1VXMS>ME7#;EFEdCH4?n5esOn0Wh|{I^nTxwuHx4*uN3=9#o(FyKk3;VHA(FgIJ}il!EBLvHLjCyi_TQEF4-AW1C$m4$ zV>Zm$d>^uBi2A(RLGetNej8XLES}%T)xwXV4qi+k#%Mj zmF1P%@MK%Db=L)Q?=n?~{Mli`%J@s1AT$ZhEmnLk_c(ZTzU+ry(`LTrRCyI2ArM}; zBWY;3?Jl;E)8r$Ldue+82>oL&~Bcn7l`IWhHnvv)CI>sxeC% zFz>0#QU#-}u$P)r{(07%&1sIOy3wgQ!)0#O0td&)I2yXd6_{JF_|>59u$29t*yE*| z$7N75OSk5dSB#C?FY8N01<1H&lSg3>f077%>zW(_vk0S2xYLc_N2}lFE7#8bgXQMZy$z~U z*cW|Ub`*ba#JKK&!Le=01~6SWHaXz)qeY>^5{dtOmi^s*sW2)X#Oo>x5s5es3B+DnL2#Gm49PRfuf7vdJ6_Ae74wjGk)NB48msowKHe> zx!`MnjecBU#7VCB=rnij+h%cG>Gx&*-3QDc0=nYt6WGD!s>ZexDW)sJ zLDG%}Z2~3tU*F$#Q!}p4r?C5+#3ghsC?v_Ag-W2W_QeLcAk9MVX#UCC10PCnvdy+i)R)jrO%TC zl;w7~OFO?#UX1^JX0Lxm;rIR`!h}KynFoi4oU3LdBJn${e2G|l6On1ADISU*+cSsS#k4Wb=`0Yi>24m>1Ox2vA1dx2daoGz zXGtAW=b7a$Kkw#vNrfSL>S1Y7kYt0CPCLrLLWX);g`K8m8RjAb^cI^guMc?B^awqmuFDPcr>pc4?& zPf-|+g2+FeFE*)O)2)!6l$OxPx%JA>jJ`l!56Z_X9eYu^5!J)=Gjz0fSsOYU!mUX$ zkE}4jFSU4bI1f)OT%2nO4A!nHAC9i?<7z`-dsk=#pUHS{iOHp!4Z9{BFO-m?qWKU8 z5b73(1qwe>Wvxd^Xrvx+Iugd)swTH(<~X0bdRsD9RCtiUN}~F^o*7P=+iS&p5CrRJiu_o{W$rD$4IICO zvauSXxKZysi>`8V$$qRdy*tV9NFA0UN95gD&DcvC&ILaD{%0R|g`oC`c%>qK*#il7Xz(y_1>5I3--ngkl$#Pi7l*%&@KrV^b zb(3wNhQ3U6b8-q+Q?sFZ+ftaf`2m#3iQnmtC`K|i#mIbCteh`=zrm8l;jOSj3!lnc z(l1{^PRYNlKy#T4CsL2iM`rb7v5VcsQ!%BRvY%B4;G3(WkCiW7nrm57hd<4f1T)(= z*1DrjIR!+p;@az6uD>n$G#by)9aog{^=92b@Fz0sI74^!>uUi37Ym&MkT`Kuiirv0 zj{WBAY*20gzNA{n9IN`ZRo&3{R8K!i+o`F|;DkJ*yev0)QGG(bb}P++NXU}`F?msH z8&MkUduCo;EEtHlyWuhS-XZKv?dOcfXm;ZQSDNI2MahM0xbAibjT1HvtL;a$`S)+a z<8>M6C@ke3M4Q3uo#X*6w{k$8Ve~ivMMlsGHMy2KbxflKIQp%9g!tn6o<>KY9}>H! zT^UWwz*DoTXs4lCMANd{7EDk|qO-3_j=?r!I$~@p@TEg@wkW%_DM&rr!dS%DJZ(gQ z@$T)G#YfB*D+8YHqB@5HiYLys2HC-_lWh3N=C-f%?(sTNBd=0O4Ks=ih32ZPit-vb ze-IX%i@}S^+fQ3f7NF$%0Nw)Xi05qaVQ`8+icjN~U>oialT7cQ_xf4`F%ssg-D*zr zDT7I92sPRXqjVmCLJ9RQgS@fjG1Vs_2%O zuzk5{OWPGciMdg`kdwcmFa04^Ecm$0e{98YYV7tmm7wkWe;8da>wQL@UFrY$-S=fs zc+3?*$?E7$=+{mRiSYw)yYsQY&gQF2j*c&B|1SGKQ<5jum)y*6cR5OX@3nS`7b+=h zqX8WP=hW7w5^=33LzZ#;7tucaXJ9CLPJj!@@&DzwWqX{d&C!)N{3_1$E4MT~b%g^T z&NB0JfxKHgG0H%E!y<;rX}8={QzuA@GF^fLTRuIzc^J&gF7Ykt)a(5f<%bKM-;93~ zJkIGZD$8a#3i*n+T~&$HH&qn<_~WqPEu8^%)xXRB*GocODcC^~7`{gv-~VfgZ6%N# zGZhcIE2=Z2tx(+Mtx?UMZ8_HhngXR#dSRwf8fsNq!!aH9dn8u>^SjBvd;D90e=G2B Q1^%tT{~s&B@pJBf0JU{Z4*&oF literal 0 HcmV?d00001 diff --git a/documentation/issues/issue-0.md b/documentation/issues/issue-0.md new file mode 100644 index 0000000..90b8aec --- /dev/null +++ b/documentation/issues/issue-0.md @@ -0,0 +1,88 @@ +# Bug Report: cloud-init расширение root-диска ломается из-за «рандомного» имени диска (/dev/sda не всегда root) + +## TL;DR +Скрипт в `terraform cloud-init` жёстко использует `/dev/sda`, но система **не всегда** назначает root-диск как `sda`. Иногда root оказывается на `sdc` (или другом), из‑за чего `runcmd` частично/полностью не выполняет расширение LVM и файловой системы. + +--- + +## Контекст +В `cloud-init` используется `runcmd`, который расширяет разделы и LVM на диске `/dev/sda`: + +```yaml +runcmd: + - | + set -euxo pipefail + + # растянуть extended + LVM partition до конца диска + growpart /dev/sda 2 || true + growpart /dev/sda 5 || true + parted -s /dev/sda "resizepart 2 100%" "resizepart 5 100%" || true + partprobe /dev/sda || true + + # растянуть PV -> LV(root) -> FS + pvresize /dev/sda5 + lvextend -l +100%FREE -r /dev/vg0/root +``` + +--- + +## Симптомы +- После первого бута root‑раздел **не расширен** (LVM/FS остаются маленькими). +- В `cloud-init status --long` возможны ошибки в `scripts-user / runcmd` (если команды без `|| true` падают). +- Скрипт «работает в большинстве случаев», но **иногда ломается** без изменений в конфиге. + +--- + +## Наблюдение (доказательство) +Одинаковая VM‑логика, но root‑диск получает разные имена. + +### Случай A (работает): root на `sda` +``` +sda 30G disk +├─sda1 /boot +└─sda5 + └─vg0-root / +sdb 150G disk +sdc 150G disk +``` + +### Случай B (ломается): root на `sdc` +``` +sda 150G disk +sdb 150G disk +sdc 30G disk +├─sdc1 /boot +└─sdc5 + └─vg0-root / +``` + +--- + +## Причина (root cause) +Имена `/dev/sdX` **не гарантированы**: порядок обнаружения дисков может меняться (особенно в VM/Proxmox при разных контроллерах/порядке подключения). +Скрипт предполагает, что root всегда на `/dev/sda`, но когда root на `/dev/sdc`, команды `growpart/pvresize` применяются к **не тому** диску. + +--- + +## Ожидаемое поведение +Скрипт должен определять **реальный диск**, на котором смонтирован `/`, и работать с ним (а не с фиксированным `/dev/sda`). + +--- + +## Фактическое поведение +Скрипт работает только когда root-диск случайно оказывается `sda`. При других раскладах расширение не происходит. + +--- + +## Влияние +- Интермиттентный (рандомный) фейл на bootstrap VM. +- На части VM root остаётся маленьким → проблемы при установке пакетов/логах/кэше и т.д. +- Сложно диагностировать, т.к. «иногда всё ок». + +--- + +## Почему сейчас не фикшу +Баг проявляется редко и не хочу тратить время на стабильное авто‑определение диска прямо сейчас. +В большинстве случаев root всё же назначается на `sda`. + +--- \ No newline at end of file diff --git a/documentation/issues/issue-1.md b/documentation/issues/issue-1.md new file mode 100644 index 0000000..8481aa4 --- /dev/null +++ b/documentation/issues/issue-1.md @@ -0,0 +1,85 @@ +## Заголовок +**[cephadm/bootstrap] Bootstrap падает на `orch host add`, если SSH на ноде не на 22 (custom port 10225)** + +## TL;DR +`cephadm bootstrap` во время установки пытается добавить bootstrap-хост в orchestrator через SSH на **порт 22**. Если SSH слушает **10225**, bootstrap ломается с ошибкой `Can't communicate with remote host ... Connect call failed (ip, 22)`. + +## Контекст +- Компонент: **Cephadm / ceph orch (orchestrator backend: cephadm)** +- ОС: Debian 13 (trixie), VM (Proxmox) +- SSH: **sshd слушает 10225**, порт 22 закрыт/не слушает +- Ceph: `cephadm 18.2.7` (reef), `ceph-common 18.2.7` +- Сеть: `192.168.0.0/24`, bootstrap mon-ip: `192.168.0.102` + +## Шаги воспроизведения +1. На ноде включить SSH только на кастомном порту: + - `Port 10225` + - порт 22 не слушает/закрыт +2. Запустить bootstrap: + ```bash + cephadm bootstrap \ + --mon-ip 192.168.0.102 \ + --initial-dashboard-user admin \ + --initial-dashboard-password password \ + --allow-fqdn-hostname + ``` +3. Дождаться шага добавления хоста в orchestrator. + +## Ожидаемое +- Bootstrap завершён успешно. +- Bootstrap-нода добавлена в `ceph orch host ls`. +- `ceph -s` и `ceph orch ps` работают. + +## Фактическое +- Bootstrap прерывается на добавлении bootstrap-хоста в orchestrator: + - `Error EINVAL: Can't communicate with remote host ...` + - `Connect call failed ('192.168.0.102', 22)` +- Кластер остаётся в “полуразвернутом” состоянии и требует cleanup через `cephadm rm-cluster`. + +## Логи / доказательства +Команда: +```bash +cephadm bootstrap \ + --mon-ip 192.168.0.102 \ + --initial-dashboard-user admin \ + --initial-dashboard-password password \ + --allow-fqdn-hostname +``` + +Фрагмент вывода: +```text +Generating ssh key... +Wrote public SSH key to /etc/ceph/ceph.pub +Adding key to root@localhost authorized_keys... +Adding host dev-kyiv01-vm-ceph-main-01... +... +Error EINVAL: Can't communicate with remote host `192.168.0.102` +[Errno 111] Connect call failed ('192.168.0.102', 22) +``` + +Проверки, подтверждающие причину: +```bash +ss -lntp | grep sshd # показывает слушает 10225, нет :22 +nc -vz 192.168.0.102 22 # refused/failed +nc -vz 192.168.0.102 10225 # ok +``` + +## Root cause (гипотеза/факт) +- Факт: `cephadm bootstrap` внутри запускает `ceph orch host add ` для bootstrap-ноды и пытается достучаться до неё по SSH на **22/tcp**. +- При SSH на 10225 соединение на 22 не устанавливается → bootstrap падает. + +## Влияние +- Частота: **always**, если sshd не слушает 22. +- Impact: + - невозможно быстро поднять кластер “из коробки” при custom ssh port + - остаются артефакты “битого” кластера (нужен ручной purge) + +## Workaround +1. Временно открыть/включить SSH на 22 в mgmt-сети + +## План фикса / идеи +- Попробовать bootstrap/оркестратор с явной настройкой SSH порта через ssh_config для cephadm (custom port 10225): + - подготовить отдельный ключ и `ssh_config` с `Port 10225` + - прокинуть его в bootstrap (например через параметры вида `--ssh-config`, `--ssh-private-key/--ssh-public-key`, `--ssh-user` — зависит от версии/пакета) + - после поднятия закрепить ssh_config для cephadm module (чтобы `ceph orch host add` всегда использовал 10225) +- Если “быстро и надёжно” не выходит — принять стандарт: **внутри mgmt/VPN оставить 22**, с firewall allowlist (а наружу не публиковать вообще), а 10225 использовать только там, где реально нужно. diff --git a/documentation/issues/template.md b/documentation/issues/template.md new file mode 100644 index 0000000..442d922 --- /dev/null +++ b/documentation/issues/template.md @@ -0,0 +1,39 @@ +# Мини‑шаблон для будущих баг‑репортов (копипаст) +## Заголовок +**[Компонент] Короткое описание проблемы (симптом + причина/условие)** + +## TL;DR +1–2 предложения: что ломается и почему важно. + +## Контекст +- где (сервис/скрипт/модуль) +- версия/окружение (OS/VM/провайдер/конфиг) + +## Шаги воспроизведения +1. +2. +3. + +## Ожидаемое +- + +## Фактическое +- + +## Логи / доказательства +- команды +- вывод +- скрин/фрагменты конфигов + +## Root cause (гипотеза/факт) +- + +## Влияние +- частота (always/sometimes) +- риск/impact + +## Workaround +- + +## План фикса / идеи +- \ No newline at end of file diff --git a/makefiles/00_create_and_setup_lxc_container_with_packer.mk b/makefiles/00_create_and_setup_lxc_container_with_packer.mk new file mode 100644 index 0000000..a05f84c --- /dev/null +++ b/makefiles/00_create_and_setup_lxc_container_with_packer.mk @@ -0,0 +1,28 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) +TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/proxmox/lxc) + +.PHONY: all \ + download_lxc_template create_lxc_container install_packer + +all: install_packer + +download_lxc_template: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/proxmox/lxc/download_template.yml -i inventory.ini + +create_lxc_container: download_lxc_template + cd "$(TERRAFORM_DIR)" + terraform init + terraform plan -var-file="terraform.tfvars" + terraform apply -auto-approve -var-file="terraform.tfvars" + +install_packer: create_lxc_container + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/packer/install.yml -i inventory.ini + +# make -f 00_create_and_setup_lxc_container_with_packer.mk \ No newline at end of file diff --git a/makefiles/01_create_vm_golden_template.mk b/makefiles/01_create_vm_golden_template.mk new file mode 100644 index 0000000..b48d2a0 --- /dev/null +++ b/makefiles/01_create_vm_golden_template.mk @@ -0,0 +1,34 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: all \ + download_vm_iso push_packer_dir run_packer shutdown_lxc_container + +all: shutdown_lxc_container + +download_vm_iso: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/proxmox/vm/download_iso.yml -i inventory.ini + +push_packer_dir: download_vm_iso + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/node/push_dir.yml -i inventory.ini \ + -l "dev-kyiv01-lxc-packer-main-01" \ + -e "resource_dir=/workspaces/infrastructure/packer/proxmox/debian13 target_dir=/opt/packer/proxmox/" + + +run_packer: push_packer_dir + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/packer/run.yml -i inventory.ini + +shutdown_lxc_container: run_packer + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/node/execute_command.yml -i inventory.ini \ + -l "dev-kyiv01-psy-proxmox-main-01" \ + -e '{"command":"pct shutdown 200"}' + +# make -f 01_create_vm_golden_template.mk \ No newline at end of file diff --git a/makefiles/02_create_vms.mk b/makefiles/02_create_vms.mk new file mode 100644 index 0000000..1014e80 --- /dev/null +++ b/makefiles/02_create_vms.mk @@ -0,0 +1,24 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) +TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/proxmox/vm) + +.PHONY: all \ + enable_snippets create_vms + +all: create_vms + +enable_snippets: + cd "$(ANSIBLE_DIR)" + ansible-playbook "playbooks/proxmox/enable_snippets.yml" -i "inventory.ini" + +create_vms: enable_snippets + cd "$(TERRAFORM_DIR)" + terraform init + terraform plan -var-file="terraform.tfvars" + terraform apply -auto-approve -var-file="terraform.tfvars" + +# make -f 02_create_vms.mk \ No newline at end of file diff --git a/makefiles/03_harden_nodes.mk b/makefiles/03_harden_nodes.mk new file mode 100644 index 0000000..a029ae2 --- /dev/null +++ b/makefiles/03_harden_nodes.mk @@ -0,0 +1,31 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: all \ + remove_node_user harden_nodes harden_ceph_nodes + +all: harden_ceph_nodes + +remove_node_user: + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/node/remove_user.yml -i inventory.p22.ini \ + -l "p22_nodes" \ + -e '{"remove_user":"packer"}' + +harden_nodes: remove_node_user + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/harden/harden_node.yml -i inventory.before_p25105.ini \ + -l "before_p25105_nodes" \ + -e '{"ssh_port":25105}' + +harden_ceph_nodes: harden_nodes + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/harden/harden_node.yml -i inventory.ceph.ini \ + -l "ceph_nodes" \ + -e '{"ssh_port":22}' + +# make -f 03_harden_vms.mk \ No newline at end of file diff --git a/makefiles/04_setup_dns.mk b/makefiles/04_setup_dns.mk new file mode 100644 index 0000000..3796c63 --- /dev/null +++ b/makefiles/04_setup_dns.mk @@ -0,0 +1,29 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) +TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/powerdns) + +.PHONY: all \ + install_powerdns setup_dns_zone_and_records setup_systemd_resolved_config + +all: setup_systemd_resolved_config + +install_powerdns: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/dns/install_powerdns.yml -i inventory.ini + +setup_dns_zone_and_records: install_powerdns + cd "$(TERRAFORM_DIR)" + terraform init + terraform plan -var-file="terraform.tfvars" + terraform apply -auto-approve -var-file="terraform.tfvars" + +setup_systemd_resolved_config: setup_dns_zone_and_records + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/dns/setup_systemd_resolved_config.yml -i inventory.ini + +# make -f 04_setup_dns.mk + diff --git a/makefiles/05_setup_ntp.mk b/makefiles/05_setup_ntp.mk new file mode 100644 index 0000000..13563ed --- /dev/null +++ b/makefiles/05_setup_ntp.mk @@ -0,0 +1,26 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: all \ + setup_edge_ntp_node setup_core_ntp_node setup_client_ntp_node + +all: setup_client_ntp_node + +setup_edge_ntp_node: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ntp/chrony/00_setup_edge_ntp_node.yml -i inventory.ini + +setup_core_ntp_node: setup_edge_ntp_node + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ntp/chrony/01_setup_core_ntp_node.yml -i inventory.ini + +setup_client_ntp_node: setup_core_ntp_node + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ntp/chrony/02_setup_client_ntp_node.yml -i inventory.ini + +# make -f 05_setup_ntp.mk + diff --git a/makefiles/06_setup_ceph.mk b/makefiles/06_setup_ceph.mk new file mode 100644 index 0000000..2eb4e16 --- /dev/null +++ b/makefiles/06_setup_ceph.mk @@ -0,0 +1,31 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: all \ + install_ceph bootstrap_ceph share_ceph_pubkey setup_cluster + +all: setup_cluster + +install_ceph: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ceph/00_install.yml -i inventory.ini + +bootstrap_ceph: install_ceph + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ceph/01_bootstrap.yml -i inventory.ini + +share_ceph_pubkey: bootstrap_ceph + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ceph/02_share_pubkey.yml -i inventory.ini + +setup_cluster: share_ceph_pubkey + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/ceph/03_setup_cluster.yml -i inventory.ini + + +# make -f 06_setup_ceph.mk + diff --git a/makefiles/07_setup_k8s.mk b/makefiles/07_setup_k8s.mk new file mode 100644 index 0000000..4f8c3e7 --- /dev/null +++ b/makefiles/07_setup_k8s.mk @@ -0,0 +1,40 @@ +SHELL := /bin/bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: all \ + install_k8s_worker + +all: install_k8s_worker + +# install_k8s_master: +# cd "$(ANSIBLE_DIR)" +# ansible-playbook playbooks/k8s/install/k8s_master.yml -i inventory.ini + +install_k8s_worker: + cd "$(ANSIBLE_DIR)" + ansible-playbook playbooks/k8s/install/k8s_worker.yml -i inventory.ini + +# 1) ssh adminuser@localhost -p 10525 -i ./dev-kyiv01-vm-default-main-01 +# 2) cat /root/.kube/config # copy config to dev containers and change cluster block +# - cluster: +# insecure-skip-tls-verify: true +# server: https://localhost:10563 +# 3) terraform apply -target=module.metallb_helm --auto-approve +# 4) terraform apply -target=module.crunchy_operator --auto-approve +# 5) terraform apply --auto-approve +# 6) get gitlab credentials +# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.user}' | base64 -d; echo +# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.password}' | base64 -d; echo +# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.dbname}' | base64 -d; echo +# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.host}' | base64 -d; echo +# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.port}' | base64 -d; echo +# 7) get valkey password +# kubectl -n valkey get secret valkey-users -o jsonpath='{.data.default}' | base64 -d; echo + + +# make -f 07_setup_k8s.mk + diff --git a/makefiles/bootstrap.mk b/makefiles/bootstrap.mk new file mode 100644 index 0000000..e96ba83 --- /dev/null +++ b/makefiles/bootstrap.mk @@ -0,0 +1,24 @@ +SHELL := /bin/bash +.DEFAULT_GOAL := all + +MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +ANSIBLE_DIR := $(abspath $(MAKEFILE_DIR)/../ansible) + +.PHONY: refresh_known_hosts all + +refresh_known_hosts: + cd "$(ANSIBLE_DIR)" && \ + ansible-playbook playbooks/node/remove_file.yml \ + -i "localhost," -c local \ + -e "file_path=/root/.ssh/known_hosts" + +all: refresh_known_hosts +# $(MAKE) -f 00_create_and_setup_lxc_container_with_packer.mk +# $(MAKE) -f 01_create_vm_golden_template.mk + $(MAKE) -f 02_create_vms.mk + $(MAKE) -f 03_harden_nodes.mk + $(MAKE) -f 04_setup_dns.mk + $(MAKE) -f 05_setup_ntp.mk + $(MAKE) -f 06_setup_ceph.mk + +# make -f bootstrap.mk \ No newline at end of file diff --git a/packer/proxmox/debian13/debian13.pkr.hcl b/packer/proxmox/debian13/debian13.pkr.hcl new file mode 100644 index 0000000..aef3f72 --- /dev/null +++ b/packer/proxmox/debian13/debian13.pkr.hcl @@ -0,0 +1,91 @@ +packer { + required_plugins { + proxmox = { + source = "github.com/hashicorp/proxmox" + version = ">= 1.2.3" + } + } +} + +source "proxmox-iso" "debian13" { + proxmox_url = "https://192.168.0.126:8006/api2/json" + username = "root@pam!packer" + token = "7f3cd12a-c98e-4aec-abca-8d7fd1005fd7" + insecure_skip_tls_verify = true + + node = "proxmox-main-kyiv-01" + vm_id = 300 + vm_name = "dev-kyiv01-template-packer-main-01" + template_name = "dev-kyiv01-template-packer-main-01" + tags = "debian-13" + + os = "l26" + bios = "seabios" + machine = "q35" + cpu_type = "qemu64" + cores = 1 + sockets = 1 + memory = 1024 + + qemu_agent = true + + scsi_controller = "virtio-scsi-single" + + network_adapters { + model = "virtio" + bridge = "vmbr0" + firewall = false + mac_address = "repeatable" + } + + disks { + type = "scsi" + storage_pool = "local-lvm" + disk_size = "4G" + io_thread = true + discard = true + ssd = true + } + + boot_iso { + type = "scsi" + iso_file = "local:iso/debian-13.2.0-amd64-netinst.iso" + unmount = true + } + + # ===== HTTP preseed ===== + http_directory = "${path.root}/http" + http_bind_address = "192.168.0.200" + http_port_min = 8870 + http_port_max = 8870 + boot_wait = "10s" + boot_key_interval = "25ms" + + boot_command = [ + "", + "auto auto=true priority=critical ", + "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", + "debian-installer=en_US ", + "fb=false ", + "" + ] + + # ===== SSH ===== + ssh_username = "packer" + ssh_password = "14881488" + ssh_timeout = "35m" + + cloud_init = false +} + +build { + sources = ["source.proxmox-iso.debian13"] + + provisioner "shell" { + execute_command = "sudo -S -E bash '{{ .Path }}'" + scripts = [ + "scripts/10-base.sh", + "scripts/90-cleanup.sh" + ] + } +} diff --git a/packer/proxmox/debian13/http/preseed.cfg b/packer/proxmox/debian13/http/preseed.cfg new file mode 100644 index 0000000..72ac204 --- /dev/null +++ b/packer/proxmox/debian13/http/preseed.cfg @@ -0,0 +1,100 @@ +### Locale / Keyboard +d-i debian-installer/locale string en_US.UTF-8 +d-i keyboard-configuration/xkb-keymap select us + +### Network (DHCP) +d-i netcfg/choose_interface select auto +d-i netcfg/get_hostname string debian +d-i netcfg/get_domain string local + +### Mirror +d-i mirror/country string manual +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +### User +d-i passwd/root-login boolean false +# d-i passwd/root-password password 14881488 +# d-i passwd/root-password-again password 14881488 +d-i passwd/user-fullname string Packer User +d-i passwd/username string packer +d-i passwd/user-password password 14881488 +d-i passwd/user-password-again password 14881488 +d-i user-setup/allow-password-weak boolean true + +### Time +d-i clock-setup/utc boolean true +d-i time/zone string UTC + +### Partitioning (LVM expert: /boot + VG vg0 + LV swap + LV root=rest) +d-i partman-auto/disk string /dev/sda +d-i partman-auto/method string lvm + +# если на диске были старые LVM/RAID — снести без вопросов +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-md/confirm boolean true +d-i partman-md/confirm_nooverwrite boolean true + +# имя VG фиксируем +d-i partman-auto-lvm/new_vg_name string vg0 +d-i partman-auto-lvm/guided_size string max + +# рецепт разметки +d-i partman-auto/choose_recipe select boot-root-lvm-swap +d-i partman-auto/expert_recipe string \ + boot-root-lvm-swap :: \ + 512 512 1024 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /boot } \ + . \ + 1024 1024 -1 lvm \ + $primary{ } \ + method{ lvm } device{ /dev/sda } \ + vg_name{ vg0 } \ + . \ + 2048 2048 2048 linux-swap \ + $lvmok{ } \ + in_vg{ vg0 } lv_name{ swap } \ + method{ swap } format{ } \ + . \ + 4096 4096 -1 ext4 \ + $lvmok{ } \ + in_vg{ vg0 } lv_name{ root } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . + +# подтверждения без интерактива +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman/choose_partition select finish +d-i partman/confirm_write_new_label boolean true +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +### Packages +tasksel tasksel/first multiselect standard, ssh-server +d-i pkgsel/include string sudo openssh-server cloud-init qemu-guest-agent ca-certificates curl +popularity-contest popularity-contest/participate boolean false + +### Bootloader +d-i grub-installer/only_debian boolean true +d-i grub-installer/bootdev string /dev/sda + +# debconf for grub-pc package (this is the screen you see) +d-i grub-pc/install_devices multiselect /dev/sda +d-i grub-pc/install_devices_empty boolean false + +### Late command (самое важное) +d-i preseed/late_command string \ + in-target usermod -aG sudo packer; \ + echo 'packer ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/packer; \ + chmod 440 /target/etc/sudoers.d/packer; + +### Finish +d-i finish-install/reboot_in_progress note diff --git a/packer/proxmox/debian13/readme.md b/packer/proxmox/debian13/readme.md new file mode 100644 index 0000000..1966f1e --- /dev/null +++ b/packer/proxmox/debian13/readme.md @@ -0,0 +1,16 @@ +```bash +set -a +source ./.env +set +a + +packer init . +packer fmt -recursive . +packer validate . +PACKER_LOG=1 packer build -on-error=ask -timestamp-ui . +``` + +```bash +lsblk -o NAME,SIZE,TYPE,MOUNTPOINT +sudo fdisk -l /dev/sda | sed -n '1,120p' +cloud-init status --long +``` \ No newline at end of file diff --git a/packer/proxmox/debian13/scripts/10-base.sh b/packer/proxmox/debian13/scripts/10-base.sh new file mode 100644 index 0000000..89b2fc6 --- /dev/null +++ b/packer/proxmox/debian13/scripts/10-base.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail +export DEBIAN_FRONTEND=noninteractive + +apt-get update +apt-get -y dist-upgrade + +apt-get -y install qemu-guest-agent sudo + +systemctl enable --now qemu-guest-agent || true diff --git a/packer/proxmox/debian13/scripts/90-cleanup.sh b/packer/proxmox/debian13/scripts/90-cleanup.sh new file mode 100644 index 0000000..c3e9b2c --- /dev/null +++ b/packer/proxmox/debian13/scripts/90-cleanup.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +set -euo pipefail +export DEBIAN_FRONTEND=noninteractive + +# cloud-init: очистить состояние +cloud-init clean --logs || true + +# machine-id: должен быть уникальный на каждом клоне +truncate -s 0 /etc/machine-id || true +rm -f /var/lib/dbus/machine-id || true +ln -sf /etc/machine-id /var/lib/dbus/machine-id || true + +# ssh host keys: перегенерятся на клоне +rm -f /etc/ssh/ssh_host_* || true + +# чистка кешей/листов +apt-get -y autoremove --purge +apt-get -y clean +rm -rf /var/lib/apt/lists/* +find /var/log -type f -exec truncate -s 0 {} \; || true + +sync diff --git a/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/helm.tf b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/helm.tf new file mode 100644 index 0000000..ce9a961 --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/helm.tf @@ -0,0 +1,19 @@ +resource "helm_release" "ceph_csi_rbd" { + name = "ceph-csi-rbd" + namespace = kubernetes_namespace_v1.this.metadata[0].name + repository = "https://ceph.github.io/csi-charts" + chart = "ceph-csi-rbd" + version = var.chart_version + + create_namespace = false + + values = [yamlencode({ + csiConfig = [{ + clusterID = var.ceph_cluster_id + monitors = var.ceph_monitors + }] + provisioner = { + replicaCount = 1 + } + })] +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/namespace.tf b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/namespace.tf new file mode 100644 index 0000000..3d6587a --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/namespace.tf @@ -0,0 +1,3 @@ +resource "kubernetes_namespace_v1" "this" { + metadata { name = var.namespace } +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/variables.tf b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/variables.tf new file mode 100644 index 0000000..5a9ec02 --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/variables.tf @@ -0,0 +1,15 @@ +variable "namespace" { + type = string +} + +variable "chart_version" { + type = string +} + +variable "ceph_cluster_id" { + type = string +} + +variable "ceph_monitors" { + type = list(string) +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/versions.tf b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/versions.tf new file mode 100644 index 0000000..b824839 --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-csi-rbd/versions.tf @@ -0,0 +1,6 @@ +terraform { + required_providers { + helm = { source = "hashicorp/helm" } + kubernetes = { source = "hashicorp/kubernetes" } + } +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/secret.tf b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/secret.tf new file mode 100644 index 0000000..6372819 --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/secret.tf @@ -0,0 +1,13 @@ +resource "kubernetes_secret_v1" "csi_rbd_secret" { + metadata { + name = "csi-rbd-secret" + namespace = var.namespace + } + + data = { + userID = var.ceph_user_id + userKey = var.ceph_user_key + } + + type = "Opaque" +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/storage_class.tf b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/storage_class.tf new file mode 100644 index 0000000..56297e4 --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/storage_class.tf @@ -0,0 +1,27 @@ +resource "kubernetes_storage_class_v1" "ceph_rbd" { + metadata { + name = "ceph-rbd" + # если хочешь сделать default: + # annotations = { + # "storageclass.kubernetes.io/is-default-class" = "true" + # } + } + + storage_provisioner = "rbd.csi.ceph.com" + reclaim_policy = "Delete" + volume_binding_mode = "Immediate" + allow_volume_expansion = true + + parameters = { + clusterID = var.ceph_cluster_id + pool = var.ceph_rbd_pool + + # ВАЖНО: это строки-ключи, строго без пробелов и без "/" + "csi.storage.k8s.io/provisioner-secret-name" = kubernetes_secret_v1.csi_rbd_secret.metadata[0].name + "csi.storage.k8s.io/provisioner-secret-namespace" = kubernetes_secret_v1.csi_rbd_secret.metadata[0].namespace + "csi.storage.k8s.io/node-stage-secret-name" = kubernetes_secret_v1.csi_rbd_secret.metadata[0].name + "csi.storage.k8s.io/node-stage-secret-namespace" = kubernetes_secret_v1.csi_rbd_secret.metadata[0].namespace + + imageFeatures = "layering" + } +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/variables.tf b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/variables.tf new file mode 100644 index 0000000..4e28c4b --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/variables.tf @@ -0,0 +1,20 @@ +variable "namespace" { + type = string +} + +variable "ceph_cluster_id" { + type = string +} + +variable "ceph_rbd_pool" { + type = string +} + +variable "ceph_user_id" { + type = string +} + +variable "ceph_user_key" { + type = string + sensitive = true +} diff --git a/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/versions.tf b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/versions.tf new file mode 100644 index 0000000..f6e834d --- /dev/null +++ b/terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/versions.tf @@ -0,0 +1,5 @@ +terraform { + required_providers { + kubernetes = { source = "hashicorp/kubernetes" } + } +} diff --git a/terraform/modules/k8s/crunchy-data/operator/helm.tf b/terraform/modules/k8s/crunchy-data/operator/helm.tf new file mode 100644 index 0000000..3ef6d47 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/operator/helm.tf @@ -0,0 +1,26 @@ +resource "helm_release" "pgo" { + name = var.release_name + namespace = kubernetes_namespace_v1.this.metadata[0].name + + # Crunchy публикует Helm chart в OCI registry + # helm install pgo oci://registry.developers.crunchydata.com/crunchydata/pgo :contentReference[oaicite:2]{index=2} + repository = "oci://registry.developers.crunchydata.com/crunchydata" + chart = "pgo" + version = var.chart_version + + create_namespace = false + + values = [ + yamlencode({ + # безопасные дефолты, без лишней магии + debug = var.debug + replicas = var.replicas + + # Если хочешь ограничить оператор только этим namespace: + # singleNamespace = true + singleNamespace = var.single_namespace + + installCRDs = true + }) + ] +} diff --git a/terraform/modules/k8s/crunchy-data/operator/namespace.tf b/terraform/modules/k8s/crunchy-data/operator/namespace.tf new file mode 100644 index 0000000..5ef28b7 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/operator/namespace.tf @@ -0,0 +1,5 @@ +resource "kubernetes_namespace_v1" "this" { + metadata { + name = var.namespace + } +} diff --git a/terraform/modules/k8s/crunchy-data/operator/outputs.tf b/terraform/modules/k8s/crunchy-data/operator/outputs.tf new file mode 100644 index 0000000..e53d2d3 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/operator/outputs.tf @@ -0,0 +1,7 @@ +output "namespace" { + value = kubernetes_namespace_v1.this.metadata[0].name +} + +output "release_name" { + value = helm_release.pgo.name +} diff --git a/terraform/modules/k8s/crunchy-data/operator/variables.tf b/terraform/modules/k8s/crunchy-data/operator/variables.tf new file mode 100644 index 0000000..162f144 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/operator/variables.tf @@ -0,0 +1,33 @@ +variable "namespace" { + type = string + description = "Namespace, куда ставим Crunchy operator" + default = "postgres-operator" +} + +variable "release_name" { + type = string + description = "Helm release name" + default = "pgo" +} + +variable "chart_version" { + type = string + description = "Версия чарта pgo (пинить обязательно для воспроизводимости)" + default = "6.0.0" +} + +variable "debug" { + type = bool + default = false +} + +variable "replicas" { + type = number + default = 1 +} + +variable "single_namespace" { + type = bool + description = "Если true — оператор управляет кластерами только в этом namespace" + default = true +} diff --git a/terraform/modules/k8s/crunchy-data/operator/versions.tf b/terraform/modules/k8s/crunchy-data/operator/versions.tf new file mode 100644 index 0000000..b824839 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/operator/versions.tf @@ -0,0 +1,6 @@ +terraform { + required_providers { + helm = { source = "hashicorp/helm" } + kubernetes = { source = "hashicorp/kubernetes" } + } +} diff --git a/terraform/modules/k8s/crunchy-data/postgres-cluster/manifest.tf b/terraform/modules/k8s/crunchy-data/postgres-cluster/manifest.tf new file mode 100644 index 0000000..f6223a6 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/postgres-cluster/manifest.tf @@ -0,0 +1,60 @@ +resource "kubernetes_manifest" "postgres_cluster" { + manifest = { + apiVersion = "postgres-operator.crunchydata.com/v1beta1" + kind = "PostgresCluster" + + metadata = { + name = var.name + namespace = var.namespace + } + + spec = { + postgresVersion = var.postgres_version + + instances = [ + { + name = "instance1" + dataVolumeClaimSpec = { + storageClassName = var.storage_class_name + accessModes = ["ReadWriteOnce"] + resources = { + requests = { + storage = var.instance_storage + } + } + } + } + ] + + backups = { + pgbackrest = { + repos = [ + { + name = "repo1" + volume = { + volumeClaimSpec = { + storageClassName = var.storage_class_name + accessModes = ["ReadWriteOnce"] + resources = { + requests = { + storage = var.backup_storage + } + } + } + } + } + ] + } + } + + users = [ + { + name = var.gitlab_db_user + databases = [ + var.gitlab_db_name + ] + } + ] + } + } +} diff --git a/terraform/modules/k8s/crunchy-data/postgres-cluster/outputs.tf b/terraform/modules/k8s/crunchy-data/postgres-cluster/outputs.tf new file mode 100644 index 0000000..949488c --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/postgres-cluster/outputs.tf @@ -0,0 +1,7 @@ +output "cluster_name" { + value = kubernetes_manifest.postgres_cluster.manifest["metadata"]["name"] +} + +output "namespace" { + value = kubernetes_manifest.postgres_cluster.manifest["metadata"]["namespace"] +} diff --git a/terraform/modules/k8s/crunchy-data/postgres-cluster/variables.tf b/terraform/modules/k8s/crunchy-data/postgres-cluster/variables.tf new file mode 100644 index 0000000..053e4be --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/postgres-cluster/variables.tf @@ -0,0 +1,46 @@ +variable "namespace" { + type = string + description = "Namespace, где будет PostgresCluster" + default = "postgres-operator" +} + +variable "name" { + type = string + description = "Имя PostgresCluster" + default = "hippo" +} + +variable "storage_class_name" { + type = string + description = "StorageClass для PVC (твой Ceph CSI RBD), например: ceph-rbd" + default = "ceph-rbd" +} + +variable "postgres_version" { + type = number + description = "Major версия PostgreSQL (ставь ту, которую поддерживает твой CPK)" + default = 16 +} + +variable "instance_storage" { + type = string + description = "Размер диска под data" + default = "10Gi" +} + +variable "backup_storage" { + type = string + description = "Размер диска под pgBackRest repo" + default = "10Gi" +} + +variable "gitlab_db_user" { + type = string + default = "gitlab" +} + +variable "gitlab_db_name" { + type = string + default = "gitlabhq_production" +} + diff --git a/terraform/modules/k8s/crunchy-data/postgres-cluster/versions.tf b/terraform/modules/k8s/crunchy-data/postgres-cluster/versions.tf new file mode 100644 index 0000000..1817373 --- /dev/null +++ b/terraform/modules/k8s/crunchy-data/postgres-cluster/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} diff --git a/terraform/modules/k8s/metallb/helm/main.tf b/terraform/modules/k8s/metallb/helm/main.tf new file mode 100644 index 0000000..0da352b --- /dev/null +++ b/terraform/modules/k8s/metallb/helm/main.tf @@ -0,0 +1,7 @@ +resource "helm_release" "metallb" { + name = "metallb" + repository = "https://metallb.github.io/metallb" + chart = "metallb" + namespace = "metallb-system" + create_namespace = true +} diff --git a/terraform/modules/k8s/metallb/helm/versions.tf b/terraform/modules/k8s/metallb/helm/versions.tf new file mode 100644 index 0000000..665c434 --- /dev/null +++ b/terraform/modules/k8s/metallb/helm/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + } + } +} diff --git a/terraform/modules/k8s/metallb/resources/manifest.tf b/terraform/modules/k8s/metallb/resources/manifest.tf new file mode 100644 index 0000000..4d2c5ed --- /dev/null +++ b/terraform/modules/k8s/metallb/resources/manifest.tf @@ -0,0 +1,31 @@ +# Это пул IP-адресов, из которого MetalLB будет брать “external IP” и назначать их сервисам типа LoadBalancer +resource "kubernetes_manifest" "metallb_ip_pool" { + manifest = { + apiVersion = "metallb.io/v1beta1" + kind = "IPAddressPool" + metadata = { + name = var.pool_name + namespace = var.namespace + } + spec = { + addresses = var.addresses + } + } +} + +# Это говорит MetalLB: рекламируй (announce) адреса из этого пула в L2 режиме. +resource "kubernetes_manifest" "metallb_l2" { + manifest = { + apiVersion = "metallb.io/v1beta1" + kind = "L2Advertisement" + metadata = { + name = var.l2_name + namespace = var.namespace + } + spec = { + ipAddressPools = [var.pool_name] + } + } + + depends_on = [kubernetes_manifest.metallb_ip_pool] +} diff --git a/terraform/modules/k8s/metallb/resources/outputs.tf b/terraform/modules/k8s/metallb/resources/outputs.tf new file mode 100644 index 0000000..d3c410f --- /dev/null +++ b/terraform/modules/k8s/metallb/resources/outputs.tf @@ -0,0 +1,3 @@ +output "pool_name" { + value = var.pool_name +} diff --git a/terraform/modules/k8s/metallb/resources/variables.tf b/terraform/modules/k8s/metallb/resources/variables.tf new file mode 100644 index 0000000..999de81 --- /dev/null +++ b/terraform/modules/k8s/metallb/resources/variables.tf @@ -0,0 +1,22 @@ +variable "addresses" { + type = list(string) + description = "MetalLB address pool ranges" +} + +variable "namespace" { + type = string + description = "Namespace where MetalLB is installed" + default = "metallb-system" +} + +variable "pool_name" { + type = string + description = "IPAddressPool name" + default = "default-pool" +} + +variable "l2_name" { + type = string + description = "L2Advertisement name" + default = "default-l2" +} diff --git a/terraform/modules/k8s/metallb/resources/versions.tf b/terraform/modules/k8s/metallb/resources/versions.tf new file mode 100644 index 0000000..1817373 --- /dev/null +++ b/terraform/modules/k8s/metallb/resources/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} diff --git a/terraform/modules/k8s/nginx_ingress/helm/locals.tf b/terraform/modules/k8s/nginx_ingress/helm/locals.tf new file mode 100644 index 0000000..334a021 --- /dev/null +++ b/terraform/modules/k8s/nginx_ingress/helm/locals.tf @@ -0,0 +1,18 @@ +locals { + ingress_nginx_values = merge( + { + controller = { + service = { + type = "LoadBalancer" + } + } + }, + var.ingress_lb_ip == null ? {} : { + controller = { + service = { + loadBalancerIP = var.ingress_lb_ip + } + } + } + ) +} diff --git a/terraform/modules/k8s/nginx_ingress/helm/main.tf b/terraform/modules/k8s/nginx_ingress/helm/main.tf new file mode 100644 index 0000000..87cf48a --- /dev/null +++ b/terraform/modules/k8s/nginx_ingress/helm/main.tf @@ -0,0 +1,9 @@ +resource "helm_release" "ingress_nginx" { + name = "ingress-nginx" + repository = "https://kubernetes.github.io/ingress-nginx" + chart = "ingress-nginx" + namespace = "ingress-nginx" + create_namespace = true + + values = [yamlencode(local.ingress_nginx_values)] +} diff --git a/terraform/modules/k8s/nginx_ingress/helm/variables.tf b/terraform/modules/k8s/nginx_ingress/helm/variables.tf new file mode 100644 index 0000000..a3cfa77 --- /dev/null +++ b/terraform/modules/k8s/nginx_ingress/helm/variables.tf @@ -0,0 +1,10 @@ +variable "ingress_lb_ip" { + type = string + description = "Static LB IP for ingress-nginx controller Service (must be from MetalLB pool). Leave null for dynamic." + default = null +} + +variable "pool_name" { + type = string + description = "MetalLB address pool name for ingress-nginx Service annotation" +} diff --git a/terraform/modules/k8s/openebs/helm.tf b/terraform/modules/k8s/openebs/helm.tf new file mode 100644 index 0000000..02c910d --- /dev/null +++ b/terraform/modules/k8s/openebs/helm.tf @@ -0,0 +1,8 @@ +resource "helm_release" "openebs" { + name = var.release_name + repository = "https://openebs.github.io/openebs" + chart = "openebs" + version = var.chart_version + namespace = var.namespace + create_namespace = true +} diff --git a/terraform/modules/k8s/openebs/storage_class.tf b/terraform/modules/k8s/openebs/storage_class.tf new file mode 100644 index 0000000..6d004d6 --- /dev/null +++ b/terraform/modules/k8s/openebs/storage_class.tf @@ -0,0 +1,25 @@ +resource "kubernetes_storage_class_v1" "openebs_hostpath" { + metadata { + name = var.storageclass_name + annotations = { + "storageclass.kubernetes.io/is-default-class" = "true" + "openebs.io/cas-type" = "local" + } + } + + storage_provisioner = "openebs.io/local" + reclaim_policy = "Delete" + volume_binding_mode = "WaitForFirstConsumer" + allow_volume_expansion = false + + parameters = { + "cas.openebs.io/config" = <<-EOT + - name: StorageType + value: "hostpath" + - name: BasePath + value: "${var.base_path}" + EOT + } + + depends_on = [helm_release.openebs] +} diff --git a/terraform/modules/k8s/openebs/variables.tf b/terraform/modules/k8s/openebs/variables.tf new file mode 100644 index 0000000..358e267 --- /dev/null +++ b/terraform/modules/k8s/openebs/variables.tf @@ -0,0 +1,26 @@ +variable "namespace" { + type = string + default = "openebs" +} + +variable "release_name" { + type = string + default = "openebs" +} + +variable "chart_version" { + type = string + default = null + description = "Версия helm chart openebs (null = последняя доступная)." +} + +variable "storageclass_name" { + type = string + default = "openebs-local-hostpath" +} + +variable "base_path" { + type = string + default = "/var/openebs/local/" + description = "Путь на нодах для hostpath LocalPV (можно кастомизировать)." +} diff --git a/terraform/modules/k8s/openebs/versions.tf b/terraform/modules/k8s/openebs/versions.tf new file mode 100644 index 0000000..b824839 --- /dev/null +++ b/terraform/modules/k8s/openebs/versions.tf @@ -0,0 +1,6 @@ +terraform { + required_providers { + helm = { source = "hashicorp/helm" } + kubernetes = { source = "hashicorp/kubernetes" } + } +} diff --git a/terraform/modules/k8s/valkey/helm.tf b/terraform/modules/k8s/valkey/helm.tf new file mode 100644 index 0000000..8842d29 --- /dev/null +++ b/terraform/modules/k8s/valkey/helm.tf @@ -0,0 +1,39 @@ +resource "helm_release" "valkey" { + name = var.release_name + namespace = var.namespace + + repository = var.repository + chart = "valkey" + version = var.chart_version + create_namespace = false + + values = [ + yamlencode({ + auth = { + enabled = true + usersExistingSecret = kubernetes_secret_v1.valkey_users.metadata[0].name + + # ВАЖНО: 'default' обязан быть определён тут (или в aclConfig), + # иначе чарт ругнётся / будет небезопасная конфигурация + aclUsers = { + default = { + permissions = "~* &* +@all" + # password НЕ нужен, потому что берётся из usersExistingSecret + } + } + } + + # (опционально) персистентность на Ceph RBD: + # dataStorage = { + # enabled = true + # requestedSize = "5Gi" + # className = "ceph-rbd" + # } + }) + ] + + depends_on = [ + kubernetes_namespace_v1.this, + kubernetes_secret_v1.valkey_users, + ] +} diff --git a/terraform/modules/k8s/valkey/namespace.tf b/terraform/modules/k8s/valkey/namespace.tf new file mode 100644 index 0000000..66e1ec1 --- /dev/null +++ b/terraform/modules/k8s/valkey/namespace.tf @@ -0,0 +1,7 @@ +resource "kubernetes_namespace_v1" "this" { + count = var.create_namespace ? 1 : 0 + + metadata { + name = var.namespace + } +} diff --git a/terraform/modules/k8s/valkey/secret.tf b/terraform/modules/k8s/valkey/secret.tf new file mode 100644 index 0000000..9667a82 --- /dev/null +++ b/terraform/modules/k8s/valkey/secret.tf @@ -0,0 +1,13 @@ +resource "kubernetes_secret_v1" "valkey_users" { + metadata { + name = "valkey-users" + namespace = var.namespace # "valkey" + } + + type = "Opaque" + + data = { + # ВАЖНО: ключ = username, по умолчанию чарт ожидает так + default = base64encode(var.valkey_password) + } +} diff --git a/terraform/modules/k8s/valkey/variables.tf b/terraform/modules/k8s/valkey/variables.tf new file mode 100644 index 0000000..0094dbf --- /dev/null +++ b/terraform/modules/k8s/valkey/variables.tf @@ -0,0 +1,35 @@ +variable "namespace" { + type = string + default = "valkey" +} + +variable "create_namespace" { + type = bool + default = true +} + +variable "release_name" { + type = string + default = "valkey" +} + +variable "chart_version" { + type = string + default = "0.9.2" +} + +variable "repository" { + type = string + default = "https://valkey.io/valkey-helm/" +} + +# Если хочешь кастомизировать chart values — просто передай сюда yamlencode({...}) +variable "values" { + type = list(string) + default = [] +} + +variable "valkey_password" { + type = string + sensitive = true +} diff --git a/terraform/modules/k8s/valkey/versions.tf b/terraform/modules/k8s/valkey/versions.tf new file mode 100644 index 0000000..27dd139 --- /dev/null +++ b/terraform/modules/k8s/valkey/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.5.0" + + required_providers { + helm = { + source = "hashicorp/helm" + version = ">= 3.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.0.0" + } + } +} diff --git a/terraform/modules/powerdns/record/main.tf b/terraform/modules/powerdns/record/main.tf new file mode 100644 index 0000000..96fa3cd --- /dev/null +++ b/terraform/modules/powerdns/record/main.tf @@ -0,0 +1,7 @@ +resource "powerdns_record" "this" { + zone = var.zone_name + name = var.name + type = var.type + ttl = var.ttl + records = var.records +} diff --git a/terraform/modules/powerdns/record/variables.tf b/terraform/modules/powerdns/record/variables.tf new file mode 100644 index 0000000..896760c --- /dev/null +++ b/terraform/modules/powerdns/record/variables.tf @@ -0,0 +1,19 @@ +variable "zone_name" { + type = string +} + +variable "name" { + type = string +} + +variable "type" { + type = string +} + +variable "ttl" { + type = number +} + +variable "records" { + type = list(string) +} diff --git a/terraform/modules/powerdns/record/versions.tf b/terraform/modules/powerdns/record/versions.tf new file mode 100644 index 0000000..01eccbd --- /dev/null +++ b/terraform/modules/powerdns/record/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + powerdns = { + source = "pan-net/powerdns" + # version = "1.5.0" # опционально: можно зафиксировать + } + } +} diff --git a/terraform/modules/powerdns/zone/main.tf b/terraform/modules/powerdns/zone/main.tf new file mode 100644 index 0000000..ddbb5c0 --- /dev/null +++ b/terraform/modules/powerdns/zone/main.tf @@ -0,0 +1,6 @@ +resource "powerdns_zone" "zone" { + name = var.zone_name + kind = var.zone_kind + soa_edit_api = var.soa_edit_api + nameservers = var.zone_nameservers +} diff --git a/terraform/modules/powerdns/zone/outputs.tf b/terraform/modules/powerdns/zone/outputs.tf new file mode 100644 index 0000000..025d526 --- /dev/null +++ b/terraform/modules/powerdns/zone/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = powerdns_zone.zone.name +} diff --git a/terraform/modules/powerdns/zone/variables.tf b/terraform/modules/powerdns/zone/variables.tf new file mode 100644 index 0000000..3b99d96 --- /dev/null +++ b/terraform/modules/powerdns/zone/variables.tf @@ -0,0 +1,15 @@ +variable "zone_name" { + type = string +} + +variable "zone_kind" { + type = string +} + +variable "soa_edit_api" { + type = string +} + +variable "zone_nameservers" { + type = list(string) +} diff --git a/terraform/modules/powerdns/zone/versions.tf b/terraform/modules/powerdns/zone/versions.tf new file mode 100644 index 0000000..01eccbd --- /dev/null +++ b/terraform/modules/powerdns/zone/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + powerdns = { + source = "pan-net/powerdns" + # version = "1.5.0" # опционально: можно зафиксировать + } + } +} diff --git a/terraform/modules/proxmox/lxc/main.tf b/terraform/modules/proxmox/lxc/main.tf new file mode 100644 index 0000000..41d612f --- /dev/null +++ b/terraform/modules/proxmox/lxc/main.tf @@ -0,0 +1,72 @@ +resource "proxmox_virtual_environment_container" "this" { + node_name = var.target_node + vm_id = var.vm_id + unprivileged = var.unprivileged + + started = var.started + start_on_boot = var.start_on_boot + + cpu { + cores = var.cores + units = var.cpu_units + } + + memory { + dedicated = var.memory + swap = var.swap + } + + disk { + datastore_id = var.rootfs_storage + size = var.rootfs_size_gib + } + + features { + nesting = var.nesting + } + + network_interface { + name = var.netif_name + bridge = var.bridge + enabled = true + firewall = var.firewall + } + + operating_system { + template_file_id = var.template_file_id + type = var.os_type + } + + initialization { + hostname = var.hostname + + ip_config { + ipv4 { + address = var.ipv4_address + gateway = var.ipv4_gateway + } + } + + # user_account делаем опциональным: + # - если задан пароль (не null) или есть ssh keys + dynamic "user_account" { + for_each = (var.password != null || length(var.ssh_public_keys) > 0) ? [1] : [] + content { + # provider норм принимает keys list(string) + keys = var.ssh_public_keys + + # password задаём только если не null + password = var.password + } + } + + # DNS опционально + dynamic "dns" { + for_each = (var.dns_domain != null || length(var.dns_servers) > 0) ? [1] : [] + content { + domain = var.dns_domain + servers = var.dns_servers + } + } + } +} diff --git a/terraform/modules/proxmox/lxc/variables.tf b/terraform/modules/proxmox/lxc/variables.tf new file mode 100644 index 0000000..76f454f --- /dev/null +++ b/terraform/modules/proxmox/lxc/variables.tf @@ -0,0 +1,126 @@ +variable "vm_id" { + type = number +} + +variable "hostname" { + type = string +} + +variable "target_node" { + type = string +} + +variable "template_file_id" { + type = string +} + +variable "os_type" { + type = string + default = "debian" +} + +variable "unprivileged" { + type = bool + default = true +} + +variable "nesting" { + type = bool + default = true +} + +variable "cores" { + type = number + default = 1 +} + +# Proxmox cpuunits +variable "cpu_units" { + type = number + default = 1024 +} + +variable "memory" { + type = number + default = 512 +} + +variable "swap" { + type = number + default = 512 +} + +variable "rootfs_storage" { + type = string + default = "local-lvm" +} + +variable "rootfs_size_gib" { + type = number + default = 8 +} + +variable "bridge" { + type = string + default = "vmbr0" +} + +variable "netif_name" { + type = string + default = "eth0" +} + +variable "firewall" { + type = bool + default = true +} + +# DHCP: "dhcp" +# Static: "192.168.1.50/24" +variable "ipv4_address" { + type = string + default = "dhcp" + + validation { + condition = var.ipv4_address == "dhcp" || can(cidrnetmask(var.ipv4_address)) + error_message = "ipv4_address must be \"dhcp\" or a valid CIDR like 192.168.1.50/24." + } +} + +# gateway допустим только если не dhcp +variable "ipv4_gateway" { + type = string + default = null +} + +# Пароль опциональный (можешь управлять через ssh keys) +variable "password" { + type = string + default = null + sensitive = true +} + +variable "ssh_public_keys" { + type = list(string) + default = [] +} + +variable "dns_domain" { + type = string + default = null +} + +variable "dns_servers" { + type = list(string) + default = [] +} + +variable "started" { + type = bool + default = false +} + +variable "start_on_boot" { + type = bool + default = false +} diff --git a/terraform/modules/proxmox/lxc/versions.tf b/terraform/modules/proxmox/lxc/versions.tf new file mode 100644 index 0000000..bb496bf --- /dev/null +++ b/terraform/modules/proxmox/lxc/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6" + + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.86.0" + } + } +} diff --git a/terraform/modules/proxmox/vm/main.tf b/terraform/modules/proxmox/vm/main.tf new file mode 100644 index 0000000..48a3b85 --- /dev/null +++ b/terraform/modules/proxmox/vm/main.tf @@ -0,0 +1,63 @@ +resource "proxmox_virtual_environment_vm" "this" { + name = var.name + node_name = var.target_node + + clone { + vm_id = var.template_id + full = true + } + + cpu { + cores = var.cpu + type = var.cpu_type + } + + memory { + dedicated = var.memory + } + + # Предсказуемая SCSI нумерация + scsi_hardware = "virtio-scsi-single" + boot_order = ["scsi0"] + + # OS disk (scsi0) + disk { + datastore_id = var.storage + size = var.disk_size + interface = "scsi0" + } + + # OSD disks (scsi1, scsi2, ...) + dynamic "disk" { + for_each = (var.osd_storage != null && length(var.osd_disks) > 0) ? { for idx, size in var.osd_disks : idx => size } : {} + + content { + datastore_id = var.osd_storage + size = disk.value + interface = "scsi${disk.key + 1}" + + file_format = "raw" + cache = "none" + iothread = true + discard = "on" + } + } + + network_device { + bridge = var.bridge + model = "virtio" + mac_address = var.mac_address + } + + agent { + enabled = true + } + + initialization { + user_data_file_id = var.user_data_file_id + + ip_config { + ipv4 { address = "dhcp" } + } + } +} diff --git a/terraform/modules/proxmox/vm/variables.tf b/terraform/modules/proxmox/vm/variables.tf new file mode 100644 index 0000000..ac37ae6 --- /dev/null +++ b/terraform/modules/proxmox/vm/variables.tf @@ -0,0 +1,55 @@ +variable "name" { + type = string +} + +variable "target_node" { + type = string +} + +variable "template_id" { + type = number +} + +variable "cpu" { + type = number +} + +variable "cpu_type" { + type = string +} + +variable "memory" { + type = number +} + +variable "disk_size" { + type = number +} + +variable "storage" { + type = string +} + +variable "bridge" { + type = string +} + +variable "osd_storage" { + type = string + default = null +} + +variable "osd_disks" { + type = list(number) + default = [] +} + +variable "user_data_file_id" { + type = string + default = null +} + +variable "mac_address" { + description = "Static MAC for VM NIC (for DHCP reservation)." + type = string +} diff --git a/terraform/modules/proxmox/vm/versions.tf b/terraform/modules/proxmox/vm/versions.tf new file mode 100644 index 0000000..85ef525 --- /dev/null +++ b/terraform/modules/proxmox/vm/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = ">= 0.86.0" + } + } +} diff --git a/terraform/readme.md b/terraform/readme.md new file mode 100644 index 0000000..be891cc --- /dev/null +++ b/terraform/readme.md @@ -0,0 +1,5 @@ +```bash +terraform init +terraform plan -var-file="terraform.tfvars" +terraform apply -var-file="terraform.tfvars" +``` \ No newline at end of file diff --git a/terraform/stacks/k8s/configs/config b/terraform/stacks/k8s/configs/config new file mode 100644 index 0000000..b76944d --- /dev/null +++ b/terraform/stacks/k8s/configs/config @@ -0,0 +1,18 @@ +apiVersion: v1 +clusters: + - cluster: + insecure-skip-tls-verify: true + server: https://localhost:10563 + name: kubernetes +contexts: + - context: + cluster: kubernetes + user: kubernetes-admin + name: kubernetes-admin@kubernetes +current-context: kubernetes-admin@kubernetes +kind: Config +users: + - name: kubernetes-admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJYVI1WXRlRHdabjR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBeE1EUXhOak0xTXpSYUZ3MHlOekF4TURReE5qUXdNelJhTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFESEN4TmgKS3JBQXdPd2ZjK3U3NW1jaUU4RVRwaGM4blNkRWxtVXNJWFdINE5YWkxCK2dzWGtOdzc2NXBxcWkvVjU4cTI0egpVNHJrOE9xRHFoVmFYT2psZmNFSTh1blZaM3BsVEhGRS9uU00rZWkwOUpEVGpzUlNBR2JTWU9iMnFHWWtpTC9sCnlKOCtNNTR0Q0FMZWRtWWk1SGJOdHpoOFFsWHdvK2ozMHRiU1QvSmtGbXNKaTFubk50Q29KYlRSR3ZNVmFEaWkKZS91cDJzcU8rc3ZHS2RxL2E5NStROE9ST1prL3JuWHVqTzZxcjNUMWNnTmJPQlVLdDNGQ1pXK3gyamRwRzRPRgpqUVc4cUs2eHNKMFgrZmh0MHNMZC9NU1pKajdNL1VBalhYb3N6Zm9qS29IMUd4dHZxU2RCTXFLUjQ2T1ZmVjFhCldhSENvLzIzUnJJdUJPTmxBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkE1SkFIdkhVZEhURFNPRwpmdmdYR1k1VHkzU3BNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJBTHRKMXJHaUZMaU83NmtZZDBDaVNvM0FICmYxbHdWRjJLREExMENTS2FqdmR2QmZlajI5cm9vYm9mMGM5UHVCVWtNYzR2ZitoeEY1a0lhK21BM3FDRmRFK2cKbW1VUVlFdFJXWWZRTmREYStWbTFVSVBJOGpUOXgvSWRYanpvY0UzL1FQZ0JBVEFTMVRmYVBJRktLZU9qMy9sNApDS0UwMks2RklzUklTVVhsMVdnS093SGxrOEwyMThsUTg0WVFZNG4yd1FSNzM3eTdUTnRLZ3BjeU5VN1ZLdFhnCnQ2Z1p4NkxqbnRVZGRzTlkyazg5Q3dmM0lUSENqN040SDE5Mll3VFBZajd0NkI5Q1Y4SXVaZEtKaWpFNkFYbHMKU2J0WjRYWStiUTdGaWIwM25CbTRSSXdMeEdVV3JMbkFnYzJBRnFGK29xSmc5SFFzdEgxVS8rOGhwWkkzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeHdzVFlTcXdBTURzSDNQcnUrWm5JaFBCRTZZWFBKMG5SSlpsTENGMWgrRFYyU3dmCm9MRjVEY08rdWFhcW92MWVmS3R1TTFPSzVQRHFnNm9WV2x6bzVYM0JDUExwMVdkNlpVeHhSUDUwalBub3RQU1EKMDQ3RVVnQm0wbURtOXFobUpJaS81Y2lmUGpPZUxRZ0MzblptSXVSMnpiYzRmRUpWOEtQbzk5TFcway95WkJacgpDWXRaNXpiUXFDVzAwUnJ6RldnNG9udjdxZHJLanZyTHhpbmF2MnZlZmtQRGtUbVpQNjUxN296dXFxOTA5WElECld6Z1ZDcmR4UW1WdnNkbzNhUnVEaFkwRnZLaXVzYkNkRi9uNGJkTEMzZnpFbVNZK3pQMUFJMTE2TE0zNkl5cUIKOVJzYmI2a25RVEtpa2VPamxYMWRXbG1od3FQOXQwYXlMZ1RqWlFJREFRQUJBb0lCQUdIU2hxNjlmUXlSeERwZApEV0VtaGs5UUtCY1JET0NFVi9VMGVQcXNZd2ZwcncveHlJV0FVMzg1VWJZS1BGaW9iMVNVS0MvZmdpYXNaSVZiCkJPMkpOZ2o3dWZBOCtrRWdmeDNqNk5OQXYyVTl1V21kdk1QTXFaMm5odUVrTUw3TzJveGdEUGZRbHJyS1FaWGUKRnhMZ1c2Z1FZbmNOOGh2WHVrYnZONkw4b3dsdTFOc01HVFJPdG10NEQ0WVptSnlGKzNsakZQcGF3TFlZL3M5awp5TGVaRXBDd2VCdEpDS1ZyODhaMXVVaVh2Mzg0cGEzMVA2VjFnRUt5SFQya3lGUXFvdWNLUDE0Y0FrazNyb0JGCkJ0cjc1WHBjUHYvZGExY2gvU3VQZDdscnV4UUtpZ1dWOWtNZG1TczVON0c2Rm5ZYS9jbnpxUWovZFNmV3lMUkgKRHZmTUN3MENnWUVBMDc4VXZjUVU2aUZBMm1ZLzNFQW5Zbmg1UzhJTE5OSXVQY1pMTkhqSVp5WGlyRFJ4VjRKNApXMWlZdWhUK0lVVFkwYWptVmhLUStMTkhJK0hzTkZOL2svdmM0cTVaa0czWUlMNk5pbWd3Y3FCNjVnbUMrNlo2ClJJQ3Y3YnBkUm9mYTdCMit3TjcxeEx1S282d2RyblArYmNKbzhaY09LQmYvRDlXa0RmNlZUM3NDZ1lFQThLUlkKNDZRWDMxYlRxSFhTWGhQSHV6QWdvMEFHd2JPRlAxT2pPeG4xVFBWQnNHa2N5dnhwOGtYNUlYS2ZNdExZWnpUbQpqdmpjV1dlNHFZTlZiUTF2VVpxT05aSUVrYjZNbGF6NW0xaVZMa3FucktubkJaaHRNNGtyMzhTUEpPY0dZazlHClVlaDBFZmhOZ3Y2Z1VtTTFBSUJTR1NVcjc1OHUvOFdrMzNCL3NwOENnWUJoQUsxNHpjWWpCLzdVem5pODVxcmsKUW5xV3lSc25KSTVJZ0huZFhPTzUxVEpGWDNUNCtPMDRNNXNyekFncnA0V0liczZ1YWF6K01lc0tOaXBtUWtZMAp2ZklQNm4xZlcrTGlCVW1FT1h6UVZsSlc1YzZhaUVhRThVc25KZlFySm51VkpYOUlqaHVhOTZ0b2xhVzNVSzRqCkRDZlZYVFVBQ3hZdTQ5bFhDK1RNMXdLQmdRRE43cGJ6R0RZbHRwUWpFZEVaR1N4UGtId2R1R2tQMHFVdzhFNDgKQVpiZWFQUHlGOEhBSkFvMmZwTVlnSktrVjdOQmZ3L2ZRakN2Z2dlUmFRYnQ4QlZYYkVCT3I4cWhQc1BvUXNMSQpvaUhvSDVNbU82K3NKaWt0ZFRIS3FOY202VjJaTytZZHFpUEtUUWRvRnFiMFdsbTlPQk1KMmJtanNrSHlPQjFECjZXNGVXUUtCZ1FERWY4bzdNZUxLditZdXliTW85MnZXaDhiODBsVDhyVGxYa1hDakU3TkRtU1FUbWZEOVFRNFIKeWJ4SHlmR2dwZFIzN1EraWwxWGxoSllmZERFOTNEZW5ZeXdQaUNyWnJNaVVWcWRRQW1JMGc2WjRCSi91RDNZNwpPc3JSUUhvL0VBSnc5aUdHeXVzUmpyNEpPMUFrWDZwbGo5VTU4ZWtIRStSMGh0RW5RUXRzaXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/terraform/stacks/k8s/main.tf b/terraform/stacks/k8s/main.tf new file mode 100644 index 0000000..d6a0e76 --- /dev/null +++ b/terraform/stacks/k8s/main.tf @@ -0,0 +1,122 @@ +module "metallb_helm" { + source = "../../modules/k8s/metallb/helm" + + providers = { + helm = helm + } +} + +module "metallb_resources" { + source = "../../modules/k8s/metallb/resources" + + providers = { + kubernetes = kubernetes + } + + addresses = ["192.168.0.230-192.168.0.250"] + + depends_on = [module.metallb_helm] +} + +module "nginx_ingress" { + source = "../../modules/k8s/nginx_ingress/helm" + + pool_name = module.metallb_resources.pool_name + + depends_on = [module.metallb_resources] +} + +# # ceph +# module "ceph_csi_rbd" { +# source = "../../modules/k8s/ceph/k8s-ceph-csi-rbd" + +# providers = { +# helm = helm +# kubernetes = kubernetes +# } + +# namespace = var.ceph_csi_namespace +# chart_version = var.ceph_csi_chart_version + +# ceph_cluster_id = var.ceph_cluster_id +# ceph_monitors = var.ceph_monitors +# } + +# module "ceph_rbd_storage" { +# source = "../../modules/k8s/ceph/k8s-ceph-rbd-storage" + +# providers = { +# kubernetes = kubernetes +# } + +# namespace = var.ceph_csi_namespace +# ceph_cluster_id = var.ceph_cluster_id +# ceph_rbd_pool = var.ceph_rbd_pool + +# ceph_user_id = var.ceph_user_id +# ceph_user_key = var.ceph_user_key + +# # чтобы Secret/SC создавались после установки CSI +# depends_on = [module.ceph_csi_rbd] +# } + +module "openebs" { + source = "../../modules/k8s/openebs" + storageclass_name = "openebs-hostpath-custom" + base_path = "/var/openebs/local/" +} + +module "crunchy_operator" { + source = "../../modules/k8s/crunchy-data/operator" + + providers = { + kubernetes = kubernetes + helm = helm + } + + namespace = var.crunchy_data_namespace + chart_version = var.pgo_chart_version + release_name = "pgo" + single_namespace = true + replicas = 1 + debug = false +} + +module "crunchy_postgres_cluster" { + source = "../../modules/k8s/crunchy-data/postgres-cluster" + + providers = { + kubernetes = kubernetes + } + + namespace = module.crunchy_operator.namespace + name = var.cluster_name + storage_class_name = var.storage_class_name + + postgres_version = 16 + instance_storage = "20Gi" + backup_storage = "20Gi" + + # важно: CRD должны появиться после установки оператора + depends_on = [module.crunchy_operator] +} + +# valkey +module "valkey" { + source = "../../modules/k8s/valkey" + + providers = { + kubernetes = kubernetes + helm = helm + } + + namespace = var.valkey_namespace + create_namespace = true + + release_name = var.release_name + chart_version = var.chart_version + + values = var.values + + valkey_password = "password" +} diff --git a/terraform/stacks/k8s/providers.tf b/terraform/stacks/k8s/providers.tf new file mode 100644 index 0000000..ed35b35 --- /dev/null +++ b/terraform/stacks/k8s/providers.tf @@ -0,0 +1,9 @@ +provider "kubernetes" { + config_path = var.kubeconfig_path +} + +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + } +} diff --git a/terraform/stacks/k8s/variables.tf b/terraform/stacks/k8s/variables.tf new file mode 100644 index 0000000..29442a7 --- /dev/null +++ b/terraform/stacks/k8s/variables.tf @@ -0,0 +1,84 @@ +variable "kubeconfig_path" { + type = string + description = "Path to kubeconfig" +} + +# ceph +variable "ceph_cluster_id" { + type = string + description = "Ceph FSID (ceph fsid)" +} + +variable "ceph_monitors" { + type = list(string) + description = "Ceph MON endpoints, e.g. [\"192.168.0.100:6789\", \"192.168.0.101:6789\"]" +} + +variable "ceph_rbd_pool" { + type = string + default = "k8s-rbd" +} + +variable "ceph_user_id" { + type = string + default = "k8s-rbd-csi" # без 'client.' +} + +variable "ceph_user_key" { + type = string + sensitive = true + description = "Key from: ceph auth get client.k8s-rbd-csi" +} + +variable "ceph_csi_namespace" { + type = string + default = "ceph-csi" +} + +variable "ceph_csi_chart_version" { + type = string + default = "3.11.0" +} + +# crunchy-data +variable "storage_class_name" { + type = string + description = "Твой Ceph RBD storageclass" + default = "ceph-rbd" +} + +variable "crunchy_data_namespace" { + type = string + default = "postgres-operator" +} + +variable "pgo_chart_version" { + type = string + default = "6.0.0" +} + +variable "cluster_name" { + type = string + default = "hippo" +} + +# valkey +variable "valkey_namespace" { + type = string + default = "valkey" +} + +variable "release_name" { + type = string + default = "valkey" +} + +variable "chart_version" { + type = string + default = "0.9.2" +} + +variable "values" { + type = list(string) + default = [] +} diff --git a/terraform/stacks/k8s/versions.tf b/terraform/stacks/k8s/versions.tf new file mode 100644 index 0000000..27dd139 --- /dev/null +++ b/terraform/stacks/k8s/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.5.0" + + required_providers { + helm = { + source = "hashicorp/helm" + version = ">= 3.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.0.0" + } + } +} diff --git a/terraform/stacks/powerdns/main.tf b/terraform/stacks/powerdns/main.tf new file mode 100644 index 0000000..c74e43d --- /dev/null +++ b/terraform/stacks/powerdns/main.tf @@ -0,0 +1,41 @@ +# --------------------------- +# Zones (many) +# --------------------------- +module "zones" { + for_each = var.zones + source = "../../modules/powerdns/zone" + + zone_name = each.key + zone_kind = each.value.zone_kind + soa_edit_api = each.value.soa_edit_api + zone_nameservers = each.value.zone_nameservers +} + +# --------------------------- +# Records (flatten -> many) +# --------------------------- +locals { + records_flat = merge([ + for zone_name, z in var.zones : { + for rec_key, rec in z.records : + "${zone_name}::${rec_key}" => { + zone_name = zone_name + name = rec.name + type = rec.type + ttl = rec.ttl + records = rec.records + } + } + ]...) +} + +module "records" { + for_each = local.records_flat + source = "../../modules/powerdns/record" + + zone_name = module.zones[each.value.zone_name].name + name = each.value.name + type = each.value.type + ttl = each.value.ttl + records = each.value.records +} diff --git a/terraform/stacks/powerdns/providers.tf b/terraform/stacks/powerdns/providers.tf new file mode 100644 index 0000000..633d509 --- /dev/null +++ b/terraform/stacks/powerdns/providers.tf @@ -0,0 +1,4 @@ +provider "powerdns" { + server_url = var.pdns_server_url + api_key = var.pdns_api_key +} diff --git a/terraform/stacks/powerdns/variables.tf b/terraform/stacks/powerdns/variables.tf new file mode 100644 index 0000000..0c98ab1 --- /dev/null +++ b/terraform/stacks/powerdns/variables.tf @@ -0,0 +1,23 @@ +variable "pdns_server_url" { + type = string +} + +variable "pdns_api_key" { + type = string + sensitive = true +} + +variable "zones" { + type = map(object({ + zone_kind = string + soa_edit_api = string + zone_nameservers = list(string) + + records = map(object({ + name = string + type = string + ttl = number + records = list(string) + })) + })) +} diff --git a/terraform/stacks/powerdns/versions.tf b/terraform/stacks/powerdns/versions.tf new file mode 100644 index 0000000..01eccbd --- /dev/null +++ b/terraform/stacks/powerdns/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + powerdns = { + source = "pan-net/powerdns" + # version = "1.5.0" # опционально: можно зафиксировать + } + } +} diff --git a/terraform/stacks/proxmox/lxc/main.tf b/terraform/stacks/proxmox/lxc/main.tf new file mode 100644 index 0000000..d6e5ee2 --- /dev/null +++ b/terraform/stacks/proxmox/lxc/main.tf @@ -0,0 +1,37 @@ +module "lxc_packer_main" { + source = "../../../modules/proxmox/lxc" + + vm_id = var.lxc_packer_main_vm_id + hostname = var.lxc_packer_main_hostname + target_node = var.target_node + + template_file_id = var.lxc_template_file_id + os_type = var.lxc_os_type + + unprivileged = var.lxc_unprivileged + nesting = var.lxc_nesting + + cores = var.lxc_cores + cpu_units = var.lxc_cpu_units + memory = var.lxc_memory + swap = var.lxc_swap + + rootfs_storage = var.lxc_rootfs_storage + rootfs_size_gib = var.lxc_rootfs_size_gib + + bridge = var.bridge + netif_name = var.lxc_netif_name + firewall = var.lxc_firewall + + ipv4_address = var.lxc_ipv4_address + ipv4_gateway = var.lxc_ipv4_gateway + + dns_domain = var.lxc_dns_domain + dns_servers = var.lxc_dns_servers + + started = var.lxc_started + start_on_boot = var.lxc_start_on_boot + + password = var.lxc_root_password + ssh_public_keys = var.lxc_ssh_public_keys +} diff --git a/terraform/stacks/proxmox/lxc/providers.tf b/terraform/stacks/proxmox/lxc/providers.tf new file mode 100755 index 0000000..a41ad5f --- /dev/null +++ b/terraform/stacks/proxmox/lxc/providers.tf @@ -0,0 +1,10 @@ +provider "proxmox" { + endpoint = var.pm_api_url + api_token = var.pm_api_token + insecure = true + + ssh { + username = var.pm_user + password = var.pm_password + } +} diff --git a/terraform/stacks/proxmox/lxc/variables.tf b/terraform/stacks/proxmox/lxc/variables.tf new file mode 100644 index 0000000..40981a3 --- /dev/null +++ b/terraform/stacks/proxmox/lxc/variables.tf @@ -0,0 +1,137 @@ +# --- Proxmox provider creds --- +variable "pm_api_url" { + type = string +} + +variable "pm_api_token" { + type = string + sensitive = true +} + +variable "pm_user" { + type = string +} + +variable "pm_password" { + type = string + sensitive = true +} + +# --- Target infra --- +variable "target_node" { + type = string +} + +variable "bridge" { + type = string + default = "vmbr0" +} + +# --- LXC конкретный контейнер --- +variable "lxc_packer_main_vm_id" { + type = number +} + +variable "lxc_packer_main_hostname" { + type = string +} + +variable "lxc_template_file_id" { + type = string +} + +variable "lxc_os_type" { + type = string + default = "debian" +} + +variable "lxc_unprivileged" { + type = bool + default = true +} + +variable "lxc_nesting" { + type = bool + default = true +} + +variable "lxc_cores" { + type = number + default = 1 +} + +variable "lxc_cpu_units" { + type = number + default = 1024 +} + +variable "lxc_memory" { + type = number + default = 512 +} + +variable "lxc_swap" { + type = number + default = 512 +} + +variable "lxc_rootfs_storage" { + type = string + default = "local-lvm" +} + +variable "lxc_rootfs_size_gib" { + type = number + default = 8 +} + +variable "lxc_netif_name" { + type = string + default = "eth0" +} + +variable "lxc_firewall" { + type = bool + default = true +} + +variable "lxc_ipv4_address" { + type = string + default = "dhcp" +} + +variable "lxc_ipv4_gateway" { + type = string + default = null +} + +variable "lxc_dns_domain" { + type = string + default = null +} + +variable "lxc_dns_servers" { + type = list(string) + default = [] +} + +variable "lxc_started" { + type = bool + default = true +} + +variable "lxc_start_on_boot" { + type = bool + default = true +} + +variable "lxc_root_password" { + type = string + sensitive = true + default = null +} + +variable "lxc_ssh_public_keys" { + type = list(string) + default = [] +} diff --git a/terraform/stacks/proxmox/lxc/versions.tf b/terraform/stacks/proxmox/lxc/versions.tf new file mode 100644 index 0000000..bb496bf --- /dev/null +++ b/terraform/stacks/proxmox/lxc/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6" + + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.86.0" + } + } +} diff --git a/terraform/stacks/proxmox/vm/cloud-init/user-data.yaml.tpl b/terraform/stacks/proxmox/vm/cloud-init/user-data.yaml.tpl new file mode 100644 index 0000000..2c55300 --- /dev/null +++ b/terraform/stacks/proxmox/vm/cloud-init/user-data.yaml.tpl @@ -0,0 +1,36 @@ +#cloud-config +hostname: ${hostname} +manage_etc_hosts: true + +package_update: true +package_upgrade: true + +packages: + - parted + +# user +users: + - name: "adminuser" + groups: sudo + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$qL4GPP3AhSodbF9U$Lu4.VSpCSlAVPNIZyPNme0AH8HhbVYE6SAm3P3Er7KSLIYydj799tZBz/n6NRzzRYhyQh9a4h8m8WCbjw2nXg1" + shell: /bin/bash + ssh_authorized_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTy4Zcj3MHkW7XvnZhakl64vZXnjzDJymYlo+Ax8FM dev-kyiv01-vm-default-main-01-adminuser" + +ssh_pwauth: false + +runcmd: + - | + set -euxo pipefail + + # растянуть extended + LVM partition до конца диска + growpart /dev/sda 2 || true + growpart /dev/sda 5 || true + parted -s /dev/sda "resizepart 2 100%" "resizepart 5 100%" || true + partprobe /dev/sda || true + + # растянуть PV -> LV(root) -> FS + pvresize /dev/sda5 + lvextend -l +100%FREE -r /dev/vg0/root diff --git a/terraform/stacks/proxmox/vm/locals.tf b/terraform/stacks/proxmox/vm/locals.tf new file mode 100644 index 0000000..e034b26 --- /dev/null +++ b/terraform/stacks/proxmox/vm/locals.tf @@ -0,0 +1,72 @@ +locals { + vms = { + dev_kyiv01_vm_dns_main_01 = { + name = "dev-kyiv01-vm-dns-main-01" + cpu = 2 + cpu_type = "x86-64-v2" + memory = 3072 + disk_size = 20 + mac = "02:7A:4C:11:90:64" + } + + dev_kyiv01_vm_ntp_main_01 = { + name = "dev-kyiv01-vm-ntp-main-01" + cpu = 1 + cpu_type = "x86-64-v2" + memory = 2048 + disk_size = 8 + mac = "02:7A:4C:11:90:65" + } + + dev_kyiv01_vm_ceph_main_01 = { + name = "dev-kyiv01-vm-ceph-main-01" + cpu = 2 + cpu_type = "x86-64-v2" + memory = 4096 + disk_size = 30 + mac = "02:7A:4C:11:90:66" + osd_storage = "ceph-osd" + osd_disks = [150, 150] + } + + dev_kyiv01_vm_ceph_main_02 = { + name = "dev-kyiv01-vm-ceph-main-02" + cpu = 2 + cpu_type = "x86-64-v2" + memory = 4096 + disk_size = 30 + mac = "02:7A:4C:11:90:67" + osd_storage = "ceph-osd" + osd_disks = [150, 150] + } + + dev_kyiv01_vm_ceph_main_03 = { + name = "dev-kyiv01-vm-ceph-main-03" + cpu = 2 + cpu_type = "x86-64-v2" + memory = 4096 + disk_size = 30 + mac = "02:7A:4C:11:90:68" + osd_storage = "ceph-osd" + osd_disks = [150, 150] + } + + dev_kyiv01_vm_k8s_master_01 = { + name = "dev-kyiv01-vm-k8s-master-01" + cpu = 2 + cpu_type = "x86-64-v2" + memory = 4096 + disk_size = 40 + mac = "02:7A:4C:11:90:69" + } + + dev_kyiv01_vm_k8s_worker_01 = { + name = "dev-kyiv01-vm-k8s-worker-01" + cpu = 4 + cpu_type = "x86-64-v2" + memory = 8192 + disk_size = 60 + mac = "02:7A:4C:11:90:6A" + } + } +} diff --git a/terraform/stacks/proxmox/vm/main.tf b/terraform/stacks/proxmox/vm/main.tf new file mode 100644 index 0000000..501750f --- /dev/null +++ b/terraform/stacks/proxmox/vm/main.tf @@ -0,0 +1,41 @@ +# 1) Для каждой VM создаём snippet user-data (cloud-init) +resource "proxmox_virtual_environment_file" "user_data" { + for_each = local.vms + + content_type = "snippets" + datastore_id = var.snippets_storage + node_name = var.target_node + + source_raw { + data = templatefile("${path.module}/cloud-init/user-data.yaml.tpl", { + hostname = each.value.name + }) + + file_name = "user-data-${each.value.name}.yaml" + } +} + +# 2) Создаём VM-ки и подцепляем user-data файл +module "vm" { + source = "../../../modules/proxmox/vm" + for_each = local.vms + + name = each.value.name + target_node = var.target_node + template_id = var.template_id + + cpu = each.value.cpu + cpu_type = try(each.value.cpu_type, "qemu64") + memory = each.value.memory + + disk_size = each.value.disk_size + storage = var.storage + bridge = var.bridge + + osd_storage = try(each.value.osd_storage, null) + osd_disks = try(each.value.osd_disks, []) + + user_data_file_id = proxmox_virtual_environment_file.user_data[each.key].id + + mac_address = each.value.mac +} diff --git a/terraform/stacks/proxmox/vm/providers.tf b/terraform/stacks/proxmox/vm/providers.tf new file mode 100644 index 0000000..ca453dd --- /dev/null +++ b/terraform/stacks/proxmox/vm/providers.tf @@ -0,0 +1,17 @@ +provider "proxmox" { + endpoint = var.pm_api_url + api_token = var.pm_api_token + insecure = true + + ssh { + agent = false + username = "root" + private_key = file("/workspaces/infrastructure/.ssh/dev-kyiv01-proxmox-main-01") + + node { + name = "proxmox-main-kyiv-01" + address = "176.36.225.227" + port = 25105 + } + } +} diff --git a/terraform/stacks/proxmox/vm/variables.tf b/terraform/stacks/proxmox/vm/variables.tf new file mode 100644 index 0000000..72bca51 --- /dev/null +++ b/terraform/stacks/proxmox/vm/variables.tf @@ -0,0 +1,50 @@ +variable "pm_api_url" { + type = string + description = "Proxmox API endpoint, e.g. https://proxmox:8006/api2/json" +} + +variable "pm_api_token" { + type = string + description = "Proxmox API token: root@pam!terraform=..." + sensitive = true +} + +variable "pm_user" { + type = string + description = "SSH username for Proxmox node" + default = "root" +} + +variable "pm_password" { + type = string + description = "SSH password for Proxmox node" + sensitive = true +} + +variable "target_node" { + type = string + description = "Target Proxmox node name" +} + +variable "template_id" { + type = number + description = "Template VM ID to clone from" +} + +variable "storage" { + type = string + description = "Default datastore for OS disk" + default = "local-lvm" +} + +variable "bridge" { + type = string + description = "Default VM bridge" + default = "vmbr0" +} + +variable "snippets_storage" { + type = string + description = "Datastore where 'snippets' content is enabled (usually 'local')" + default = "local" +} diff --git a/terraform/stacks/proxmox/vm/versions.tf b/terraform/stacks/proxmox/vm/versions.tf new file mode 100644 index 0000000..bb496bf --- /dev/null +++ b/terraform/stacks/proxmox/vm/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6" + + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.86.0" + } + } +}