From 997b9f0870e387ea484034afe49bdca5ba821f1a Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Mon, 31 Jan 2022 21:12:02 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- stable/synapse/1.0.0/CHANGELOG.md | 99 + stable/synapse/1.0.0/CONFIG.md | 8 + stable/synapse/1.0.0/Chart.lock | 9 + stable/synapse/1.0.0/Chart.yaml | 32 + stable/synapse/1.0.0/README.md | 34 + stable/synapse/1.0.0/app-readme.md | 3 + stable/synapse/1.0.0/charts/common-8.14.2.tgz | Bin 0 -> 40699 bytes .../1.0.0/charts/postgresql-6.0.58.tgz | Bin 0 -> 76159 bytes stable/synapse/1.0.0/ci/base-values.yaml | 5 + stable/synapse/1.0.0/ci/basic-values.yaml | 5 + stable/synapse/1.0.0/helm-values.md | 129 + stable/synapse/1.0.0/ix_values.yaml | 317 ++ stable/synapse/1.0.0/questions.yaml | 3117 +++++++++++++++++ stable/synapse/1.0.0/security.md | 25 + stable/synapse/1.0.0/templates/_configmap.tpl | 153 + stable/synapse/1.0.0/templates/_helpers.tpl | 20 + stable/synapse/1.0.0/templates/_secret.tpl | 63 + stable/synapse/1.0.0/templates/common.yaml | 14 + stable/synapse/1.0.0/values.yaml | 0 stable/synapse/item.yaml | 4 + 20 files changed, 4037 insertions(+) create mode 100644 stable/synapse/1.0.0/CHANGELOG.md create mode 100644 stable/synapse/1.0.0/CONFIG.md create mode 100644 stable/synapse/1.0.0/Chart.lock create mode 100644 stable/synapse/1.0.0/Chart.yaml create mode 100644 stable/synapse/1.0.0/README.md create mode 100644 stable/synapse/1.0.0/app-readme.md create mode 100644 stable/synapse/1.0.0/charts/common-8.14.2.tgz create mode 100644 stable/synapse/1.0.0/charts/postgresql-6.0.58.tgz create mode 100644 stable/synapse/1.0.0/ci/base-values.yaml create mode 100644 stable/synapse/1.0.0/ci/basic-values.yaml create mode 100644 stable/synapse/1.0.0/helm-values.md create mode 100644 stable/synapse/1.0.0/ix_values.yaml create mode 100644 stable/synapse/1.0.0/questions.yaml create mode 100644 stable/synapse/1.0.0/security.md create mode 100644 stable/synapse/1.0.0/templates/_configmap.tpl create mode 100644 stable/synapse/1.0.0/templates/_helpers.tpl create mode 100644 stable/synapse/1.0.0/templates/_secret.tpl create mode 100644 stable/synapse/1.0.0/templates/common.yaml create mode 100644 stable/synapse/1.0.0/values.yaml create mode 100644 stable/synapse/item.yaml diff --git a/stable/synapse/1.0.0/CHANGELOG.md b/stable/synapse/1.0.0/CHANGELOG.md new file mode 100644 index 0000000000..4cfcda986b --- /dev/null +++ b/stable/synapse/1.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +# Changelog
+ + + +### [synapse-1.0.0](https://github.com/truecharts/apps/compare/synapse-0.0.14...synapse-1.0.0) (2022-01-31) + +#### Feat + +* move synapse to stable + + + + +### [synapse-0.0.14](https://github.com/truecharts/apps/compare/synapse-0.0.13...synapse-0.0.14) (2022-01-31) + +#### Fix + +* use opencors headerset + + + + +### [synapse-0.0.13](https://github.com/truecharts/apps/compare/synapse-0.0.12...synapse-0.0.13) (2022-01-31) + + + + +### [synapse-0.0.12](https://github.com/truecharts/apps/compare/synapse-0.0.11...synapse-0.0.12) (2022-01-31) + +#### Fix + +* secret tweaking + + + + +### [synapse-0.0.11](https://github.com/truecharts/apps/compare/synapse-0.0.10...synapse-0.0.11) (2022-01-31) + + + + +### [synapse-0.0.10](https://github.com/truecharts/apps/compare/synapse-0.0.9...synapse-0.0.10) (2022-01-31) + +#### Fix + +* fix mistake in variable definition + + + + +### [synapse-0.0.9](https://github.com/truecharts/apps/compare/synapse-0.0.8...synapse-0.0.9) (2022-01-31) + + + + +### [synapse-0.0.8](https://github.com/truecharts/apps/compare/synapse-0.0.7...synapse-0.0.8) (2022-01-31) + +#### Fix + +* fix federation service + + + + +### [synapse-0.0.7](https://github.com/truecharts/apps/compare/synapse-0.0.5...synapse-0.0.7) (2022-01-31) + +#### Fix + +* Try another way of defining the macaroon secret + + + + +### [synapse-0.0.5](https://github.com/truecharts/apps/compare/synapse-0.0.4...synapse-0.0.5) (2022-01-31) + +#### Fix + +* fix custom config and don't decode stringData + + + + +### [synapse-0.0.4](https://github.com/truecharts/apps/compare/synapse-0.0.3...synapse-0.0.4) (2022-01-31) + +#### Fix + +* update questions.yaml to beter reflect values.yaml + + + + +### [synapse-0.0.3](https://github.com/truecharts/apps/compare/synapse-0.0.2...synapse-0.0.3) (2022-01-25) + +#### Chore + +* update helm general non-major helm releases ([#1791](https://github.com/truecharts/apps/issues/1791)) + + + diff --git a/stable/synapse/1.0.0/CONFIG.md b/stable/synapse/1.0.0/CONFIG.md new file mode 100644 index 0000000000..fc9b2fa2d5 --- /dev/null +++ b/stable/synapse/1.0.0/CONFIG.md @@ -0,0 +1,8 @@ +# Configuration Options + +##### Connecting to other apps +If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide: +https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/ + +##### Available config options +In the future this page is going to contain an automated list of options available in the installation/edit UI. diff --git a/stable/synapse/1.0.0/Chart.lock b/stable/synapse/1.0.0/Chart.lock new file mode 100644 index 0000000000..68ff9032ea --- /dev/null +++ b/stable/synapse/1.0.0/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.14.2 +- name: postgresql + repository: https://truecharts.org/ + version: 6.0.58 +digest: sha256:a28ed48da9797a2e9d6e9a194aa6f65b07fc1cc0169d5ffdb0ba7c44c94806b1 +generated: "2022-01-31T21:08:16.776099224Z" diff --git a/stable/synapse/1.0.0/Chart.yaml b/stable/synapse/1.0.0/Chart.yaml new file mode 100644 index 0000000000..b58ee860c0 --- /dev/null +++ b/stable/synapse/1.0.0/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +appVersion: "1.50.2" +dependencies: +- name: common + repository: https://truecharts.org + version: 8.14.2 +- condition: postgresql.enabled + name: postgresql + repository: https://truecharts.org/ + version: 6.0.58 +deprecated: false +description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes +home: https://github.com/truecharts/apps/charts/stable/synapse +icon: https://truecharts.org/_static/img/appicons/synapse-icon.png +keywords: +- chat +- matrix +- synapse +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: synapse +sources: [] +type: application +version: 1.0.0 +annotations: + truecharts.org/catagories: | + - cloud + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/stable/synapse/1.0.0/README.md b/stable/synapse/1.0.0/README.md new file mode 100644 index 0000000000..467da7b36a --- /dev/null +++ b/stable/synapse/1.0.0/README.md @@ -0,0 +1,34 @@ +# Introduction + +A Helm chart to deploy a Matrix homeserver stack into Kubernetes + +TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://truecharts.org/ | postgresql | 6.0.58 | +| https://truecharts.org | common | 8.14.2 | + +## Installing the Chart + +To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/). + +## Uninstalling the Chart + +To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/). + +## Support + +- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first. +- See the [Wiki](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) +--- +All Rights Reserved - The TrueCharts Project diff --git a/stable/synapse/1.0.0/app-readme.md b/stable/synapse/1.0.0/app-readme.md new file mode 100644 index 0000000000..8fc105683b --- /dev/null +++ b/stable/synapse/1.0.0/app-readme.md @@ -0,0 +1,3 @@ +A Helm chart to deploy a Matrix homeserver stack into Kubernetes + +This App is supplied by TrueCharts, for more information please visit https://truecharts.org diff --git a/stable/synapse/1.0.0/charts/common-8.14.2.tgz b/stable/synapse/1.0.0/charts/common-8.14.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8e9f52707c284d237f7707f5b1a60556c6374148 GIT binary patch literal 40699 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UI68mpQ{cy>Z`-}r)3TgsH*?qRq`Pw_aeQJYefKvz zCxJ-F!k8l21SCh}&Ue2D?*~Cj@~a2ogrFZML z{LcMB9$4Uys3bVg#$Y*U!J^PVQ%Dh^tpt&{#0BN=epqBN`wOIaQo?ctrg;g@%LU>D zL|U_aj>cd{X+g%_?ggf^#iSGG^DZqHDCT9luqa5EmI!s{kWf^1<$FPjEgZ9k6bQJ4 z6qckTKrIL=<2<7%qa5m@dpH{QdWQ!GtxL4J%FBd|TWw$(Yqb@oZT_Ow2C|vU#RTcD ze*4!K{Z4<>>9u>`w&oCL6ygk(92lBIoQ?s`rulyxz@5CjXaSHx)?aG?09cf%LEoz& zic1XWsz76fUTdjvdDiI8(&A(j#OPDSYxhDqDxc>XSgW<5}um8ir;p6&$i027t zx52vtWgkyZ04Y$6r#J?2o=x$^qJ(U%x1NCiPS6xCQpyUSAp|BU&97Q{fwE2TVg3=fBs!C)|X);l;vz32T2>`jK~U^*H+fBt+E9JU(jqRi(M z;&j`QR`u!!T0`D&oK^Ytu$)mIbcUUQ8s7e4AN8Ikagy|tQQUhznNFV%pU3-$F&a*X zhXR{lWBE@@zQT?>~PwnnE}j>>rEhx9jalhHKZKOFV@`;&OsPxgli z9PIbvVQ&D3&khbYXuE!NkJ2l+B63{gJV6ANOH^(8)`0OCarK-(uMa3{JaE7)WX;G_wl#c||4F_02TL;G()_txls&O6mo*(Q#AHvB5 zqUXIs^n5t!PY2UvfCdQ~#lz{K*M|p_=ZC%F!QuX3xF5r3Xwn}glV@=_mg2C^@fuH8YcZ`{Xy^G z*<>)9^rn;Pu=jj2I*8Hp{ewaBEI#ZHr_=rYX*?P|e>U2v`Avtqb&=*1n3^#{6u=DR zOH`IPL41QISUj5IFCd@tU(-dJvdxIx!n~8E9Vo0E$|x=oF9Q-Z#Tn)k2Q&b?CMIXc zM{iz@!4#$hwOVYaR_1AnN(~ofaFQaqVAa=73&;=2nD51F zB>SZz?CQ2!z^?TM6FLTe|A&Atw~8d6BRTL-004a7CEoHsZCq}T!5CbBt?69~Cn((p ztf+9?KHaccyCWxy`2>}WkP}33i4suc2@%Ub#W5sf&~G51MR8HW1OY-zNYTZL7yThG z!Ap${*<*dciRg)-t@kJ{5u^z0NRG7&V3vUQd79$v;zN-@D(RBJI+MLQLqTBgvX>}D z6jebO@B-LNJ`@ZLz!zCwvZaFw`=;<`ORKa&uoqVM%@}(v&EXfY$lwyoM4GwXh>P1XDE8DZ}~Q_q8lp3Op{Xz!^$WO!E@JG|jIFXTS)O6)13giL(m; zL4v1KRGN)rf@8V|@Vv-N3NxyCHfN{c#}BVXXB6Zyi1_cQB^y>uSkn4@4zpy3>}ohl z$g*X?4O=Z)h%e;;3|L-}hT812RrM%IL=Bv276WLmAT9Ws0&MyxD+R67dIC;MJclJt zSAhhmwL4fKW>2u(0KjkYN&n z9-LE1XJA3tG|o^u2TNFDR)O%61*Eev__q6Pr55rauMx)Ls2of%GI)@a;FiltB0@4{`3=wBcl_0!-yql1QQPHuPrFc;EZ#;$`YWkyg+o!2+4>6De&hwd#~j# zc)~^R9DZ@%^?Dl0@#%*T6sP!Ke6CMX8KaCcM$HO7Gv(f*d0ws>i;7+!3$e_0emF)j zj`KxEYj+m1*pVpaZ7i@g8Bjq45+oqAe32$#f`HHj*e+E3rKdqcvuK&IL6{_p8+tGU z+M0rKK9gFvWK}*kGzSYJHICO)kmZy!Sf)@&MFkVCOYZ?F0AZpyAW9_Hv3CN1qIr=* ziu9>Q6uCnT!Ew4E6qWDuRH!c2@9%Mz;OwGy;L8b&^>Dx96h@e8E~$`kTsDATAx~S? zJF2o53j~`l^UGe~wF+u&?Fzfv7z@=A7oL2(EmCGws<4_+e81qsAL?YuJ~@`(o+Zi0I z5pg*<5t@S{FBYj_;e_pDsZc2xy~rzwIbo9W>(_5vPr$J*(vnkxvgHqDKG(ki z=yWaxTiUUVdb#@rh7$UShfeaSDmpf*WH2Ws;N=_e2aEssZO!h=L>|N>=9Jv(!j_z$Kw<$^0bher{Pn{4JOf z-H}~A0(k1Qjftqp*;`c8Qm7VFz&kCCC?7q$y0X0#a)bNw$I2oD#{h zz#OhXiAbI<5y(iI=a-8DU_ur`v11!u@Hf5G7}P~UI4(j`G1AxEPY4}Bn!J^k;9qjr z9Q7l)D-Z{4O7ao}%Xo%tML_6TU8!Snv|YPPkVkVuSCXEw=fD5GMALu#W2b>>#CaB@ zf|9PP*Os~*&Mw%;j4>07kC3)3*nJ}84$dyxbcWRH-Ifp!XX57@oLv%^V2)wNRFwrm zT%%z$NKm}s>n_hI`a(M~EZ_vEn6kZOzMuprdJFgChu3UoTvL@;bH`RSHXBKq7jleY zVq58qg3QfjvUMPv*Lw1)Fk+m!*l|b)W{Or=_-0k9D`$vNV>TI|h;GbhcnlHw_fS8wSusC}SH_wlFdOi%?k7MbR!;^Q61m zwjSgssV4%91d#6C3Cqle&cc zNa))Tx;knoDCUpS*)t0gp6=(xzZTMs_BkbI9;z(omTG+m_W>VdH5 zxbs#|EAqnMFI#&b#iq78>?6upBfURD`|&k^j{+#jJrzt6alXOOl%8993&*yS1kZ5_ zOLc&aJabm0nTx{QdU+A zM9bCBZ~>;QDCUd<+HOnSLS)c*eYza(vHy}mLuE3` zVyGKUiBj_nYhBA;3$;pX`0E-T%g163gSFt?kjIJ>T zaV^#ln#XzCvA&%x3J$|^2KdZ&8K3vWzh~@^^W#&gMtyjB`q{27HYDtm+?o{dDg%)1 zZ;XdqmVgUH4d3S;BaDm8{+igvT7Z*ClPHH5{Hh8uG4sdp~jH>WBm0 zYjH|HL%=##;$J%M?0z<&KeHK=;ZG=$n;UByw1mT%j#Lm9U~9*NGeQweKt8qFVWmG8 zya_%V9X7+#<${e+BA1?W*dSu+Y+=ebSq685wNDRDG^3Pi($zpIRkjr5v!tY-BTJ9W*OVVLGm;h0=kEG4J(SA-C1nb1?DQVq6lqr~Uo?A1$lZT4hz1 z*+g44MQ^9BN;viEs&e<*TwPT|;ILEeQP;>zmGAm3^;PXI7v`m^m3!A$_24!stopP( zS5ZDN(@s@jj*}$4f+e!Y^9TF|C2!dm#6MN=oa^atPk-0`+aZHnc9 za__QD7~K=KjUl!V5>K-9TtDGR|^Bja0NH4F6&lsX+awobcEo zj+A?5uH+^6GPd*|5p>1nZCkoCcG5hCsnJ<{qzXu91}O%>Xrt_t*?$$k(BoHcg3zkqV!YzSn#g0l7PvJ_B)OT8v7Hr`+1DnGE1jT*s)S&RLdA z{@Q;$M8v+jSuk25l#OtMBK$#myUC~`nAvQF^#KXzFec^%_6*KEUu2XC*$-#mg9Hf= z{#$9)7PeK*TC`BBSZ~(T`$EoZJ&2)pD&9cvx60mB@fRSz1v!tvsn`5G|$Ii z0?Q^!yET<TWrQdS}SLY0#9~_cS<5B#^1Yx(tI$cK>cdBIaa9EdE zPCp(?lK&Ihy>+Kky|BFg)~R^aNwN+XHGdCH~T*xWmz>uelIZ~T7_iR}WupKe*x%*!Xolp7n6P=+?qWWJy z@5!Rli=UPJw*9S?p2TixvY_rN5%1qJj6{PRIT4cro&f1$Sv_aKQyZ+Y_w(u~;r>8v z;Su46ks2u>@kV6oUYyRB+ya$q12In|t8kxxN z!3LAZ7ZQsxJJq=M(f+?boPFMNd{8t9R0iw^vR_qrY)#V{k6lR#5+E<|5@mphUWras z>n}2HxS?)mM>L_=w;m4e8?aXp*sR;E(v}wZ-+o-lp>eAch z3W}id5-oTf3qW5m;S?ID5YP9_q)Yc2{hcj5XLn+q^r%9|3^B=JWE{qB}-^2)tWK33st$aKNiz3g!XP#VTk;xc_ z&ysPmf_~ipvEG*`;iD*nO~wqCOkbf_2xS1Kwp)J78s%*US&uAlFTv$*v%exkAsM?W zkKVuu;ioY7xqeqv4j5$SD8UPEy^KVrjL1kc2zw=ck8g^L?Ka@Jd|3c#9_q_FwV#Gd!DT0(OlM9)jLXO8C z=TI@slcxs z4#D)$yvTV5d^t9aGtElhaGL47_#IBLoZUa)+G(k~a;BVBAx7dj7& z%$1N&0W>?(xlBoOyQyd3n2Omv^{iAoLCZChuW++Bt!(elHDYN|U}dTszK%W=k>rw~ zrKQ-a<3+w1DNs4bgz&w+h)sxR`Bf(Jc+BRxAP0izsVP|5I0kmpQg7dIFRcRz*tC3B zn1A-^K8n~jc)ogR_vg&cV4$j=uL^EGVcUp!hT==*eoxDl+?BhyDy-NRg*vBl0@o#j_aR=A-4hLkHTJ{u6QG7a69fJKk*o{SaTM`HfX zh*?HK85*v&H1mS(xk}pCKz5d8@ege3v-*2~2EUiwOeIWmVkSOHkOhjlmFE_=2*q23 z%|ZNP9dOQ3v~_r_Ujb$55(bLlpl5v&R`~gI{dCL3OPkHLD7=26W$PQxvJdrf zhU*wqVi=TmhU8;3x9zglcsi`(@bECm>*Q>S)7R=`@%P4?=n}2QU_nr+51)Yc$(gU( z7iGREy7N_A7iq0Ad0Y1$NGdajfuAi;3!Ei*iIW9P+00z3MB+RH3ZXEIQKuzFm>bVk zk~<<3mGLuco^#CJIkLC>rELU`94m0dzYEJP-#R^c0^XH?9~*!a6KbVcW}B}?QEA0` zt_bK%#bnA;jd|bsk+_+* z{}P<~uU={&$_Ihwsf;)wcQ9uhCZ8VzmydyN#7nQr^z)+>LxQy9i`3dsMoTQ-b`g!c z!k>+eR#7mv|N2xpLW)8vKo-n-WYs8D5fY(+p<+#W${5_EN1I=Xq> z0#Crt2rS5gr`Ru1oX_VdOStcWl_tVu_K-D&<8=;F1eY?*f#(ZgBp>5^K^WwCmSf9P zh{=$S$T9#^k^`JES->MaW{lwz;Y&n7xyaZS+RCLT({iSm(iAb!8j(Ff7V(TV{uXDL zO>ajX3MaWf7gqhSsx30nS22pyJWcZ}o^1LFNEy4>12FmLf>7Z|4++Q+HX`hP_^IE{%(Gey7v3A2H8&BWBSm z+V=_`^xk5V=}g|YD*dqJ2`m8wEl~+mwlvyo6ReV=iKA|v&nn^P`O@d1(bozliO&4n z*s}KU`gnRGo9}?vbc3dWykCY#y5MY@?@5b5zM$am`J!Z-d?FU}xXV{>=kgh8L)xC@ zbG|yd`J!x_EY<4T-L|?WR}M$_iM|uEy)3e@VaUqZ+X7%&*r7qTuFU$$FK!B5+9Vx1 z_Vk^ac?sz%Y?!*JXmhVfErdFy?9SkY*;;Bp{!v9g(&x#BX zoS+z5*J4;!Exsdg%vo|L#(E|0)R~GKc(k(-$5?LnmW~lZWqtlVBkcGi0`SCkNJQDv zm`JMkoPdf~p-E_;aKx*QpK@EoDSV>Wu-L7M(m&u-JM>r2G=qm2H?jgd2N}yEWB=YA3_Z<3QHn;K$xwh|o?}>aj9)&c z%`@#bTxkB%23ek2T);=b`VvWZ+HPk_Sc_3j0uQ;(0UZ4qq)?*H{JyCYFCj(X?CdATH`c087nnM#(|dTu>nb=329Tcbe0Q!D z9$w{pNYH55Mj0Ey#IM~Ex!@-`zi&XTGp00h_gKESlWkriwoAW6gwavVR5+C`#A;o% z=Hu{6Il4-_pj?pbO}IBAv#`+V(U*c>i-VQfw-EQTY95ThXPkU03H+>hv4hf?yx~GA zeO?fr%??fC3gbuZ3y98IiR>mI;ta>4cI{;BC3jIus-0e?%DhdXG3XEW2Yu^p2qWO+ z>`*xlCAKCPh1HH#;K`GF$x6WimuNa}y078}St*>nme1=t_;dxwG!tdt8CI>>bP zf-MNaSk~);sKGX2)Lvwk7lRArtvX`rI!zI^fjC)KI~4QE8S1tnueCw1Dw=aUolIYp zZxk}4lco8EF#C`hE_8Z0&@cs?!^_%<>^AC(TTxW}O9aYY0=R${%2@OEja$(C}q`8U? z(m~@=$zc_`-*s4l;C@|p+`1g1x81tP5GAu*gk!07QRWLq0{nHR??mAjlw4st<2uJ_ zp4{2mP&hQL4UOl0Y$G)AyIdR^=#3VKu6@5Yh9^&2GCM9YM{goIFps@qN||VqVKC(; z+>ENEE(t17##AYWDlj+V>jJCF-32vauexsVLQ@rWq_wYP5|=0;k)rw7z3GML z5Q3Sw##u0XPFGn@kqpWF@czx2yp+?D2y6;oe$R+^QKr^`+k2E?vVFHoR&BE$@uCmg zsX3$TWU_s?WW~)oCJR4Q*Z%S+e*|am>gzm zUeEt`us=HZOMlou+&>uf2m7PH^aj1baQ`o$cgKAVJ`1*C|4Z-IZTX%1gFM&Q-S1kQ zbL-Rxd?O)GD<|m!6(yE;($CD@(nT&ZRSDvd9!@eh5Zj@vJCe;s!>$g|X?@rI`n7d^ zt-X9AQJ^y`UA!JYV%sS> z3IJHRhbBslEcjL17VNR+0GuntYoJ(VEKq$3z`k$14uC0R0oa!S5G`?R4|AC4ny)Zd z!_k(emiO|2TPfG_r`hVtTO*5wej^$ZO%aQQDU zPp0Ln$d#-uge-KNvl(|A%<^`hU+?vX{I~F9wxnN_m3F+db~@63k0ixiO_HTLr1|>jDB218OzV{`$40OLxB$ znR~1gGCSi@B>|lX4&ei28k9#Ce!Cq9lEG18`HA7h8n56R*%c!(N=_d&Pih6>f#@Bd zU;!=yI|+^{n?*f+ev`Z25c-UfpA*@05`m|UdYPq`{Q+6$pW>ZF*Vl$#0{jJK+bf)Tfpig&v&*l`)IO@g2okTrVu6yjX~IivXS}b z7Pb{tf&2bif=GpR$pnlJucZ0^zD)(n;=_3*S>o* zs5clYDe@#RiH}Ocy*&Z>uhZ1tl>)Fv{_hVD4}AGQ>K#7H|A%;PBL6jk+^qtj!ET}f z=)#XGz@I<`C_~3LPEC1qqtSRuXbCC0Sh4-A+LTA{ks!b*1Vq=c&lX{pfSn9k@C=aM z%9lJ%adz>cNW^Dr(54WlV23Z1DTq#T3LseWU^iWz-vrJUk+pz!z9GAjX=1lB&Op}} zR4PtguCFb$HXz5+MjZHN2|fnsm!_WXVL}X`|i#F*Xn=!75h)` zu=l9{J;cL}+qV7xwTvxjwElxSB~B7gv+3VlT)Cm;U&T9Ec7OHCv-&IIt+Dyb&z8ks z!3o*>6P019YRMOBLry)Ajxk@V58N)lsX=4);L?VB0@_4K*z zZEE;8)q&fxoKD6@zwCjhG_|I{A3|DX@puY4`uZ#TqwJS+gfe~sc7RgEzFD@vSw!%U_7m(IH<`5D&pRPv73noF@A1{;_g zu&4HR{K-sB1qrdnUAING#w#nH11k|>o1*ax5Jj8dUTxFEo-@4}B!5FIQ!!FQxNCZ+ zCd2EUMCgUbuh#ZNot(=0j^n0=d5Kme(1l-RByAPA3*g_?MXaj-$xxlsJjL=b{LhCpHTbC7b3gC_j8bNP(Nt}gqIVel4)zU^#^YI|Aa$(dzJXzZ+2w#I0; zro5=ZaF?6mTFafq22-M~Clxct?Tj3@%wF4d_76|XVq4|VFYC)2WtG=7U&t8zJ(3b2 z`iI@!O(CNOz^@eCn*f$5x0@PJnC}78)@DMoW+_=4C8VRujV7?ZRvXaV(1ol;bDQ>_ zWnpW4w?2lqYt=V_jVI{no7^=c*abU6OJc*bTj^+C2CH?frO!ds z6?yfgU#;-8Jo0Xvxt_MEJifW~GIx)k8+LddQ80nq&U6lBKK@Yfim3zlyyg+4%kJ zkFxDiwmr(WO*zw}YXC zxc%=8#d(&%a%BgBGM1_g`DqRld3!qb(wf(r{H!oZ=P+0tHp@H4DJnCVzRoBrr#v~l zbqZX2%vh}!fex@%WDhujo-zwmAfGOt)|@}v;qg4Jd&eXpw2hOX&P9itLrop+aTs7b z21An%z7aDv$SNCpZ&_rU;pJz&+hW*M)y)S@)z}O*Kk?WWsHv)( zqo!)CLGAkmP7@OmIEO_uS(|XVPCXGDpeDk)IZSyOyCKijsA!(3@+gk;MMk}{(~uis zXrLU+r+2pzh&-oWOMCE;u?tp4K~xHvTB{8@VMGn>nR2&j&bqrP0?jQtMH}06z|=dI z`p5`h(i&8E{eyN+I2HP>U|mjNTt}Cc!aQ})hGix7ZCqYk`)fJ9MYA%MuVI0K=7p0& z6Y=9^?NXW?O;OOx0 zf+_MByV8}9SCjb$d8aGJAgf)=hmaxH_N@UNVx|1X(f-wzd^a!QI<{`hyWZQ&YAFh| zyQ%M=7+Hs%`CD!OaQOO9PhFaP_W85+Ku$Z#RA4<1E41#p5h)*G!qGNG1Y>1^%(j z7e&L!w^UM4d);j961Nb{Va$(Q1-vuI_P~)`1Jt!voY>O{%z>OZ7JZLW1PSV#sMi(M zqi%2&uBJ?2TnDw9%pcElxGMj}&iF1hfHm^JchDR8^8c_me3btW@ksfPz**o9dnv^0 zMYXb`1cb5X*#huy!>2{G^t%H7vOrYc~HJE=?R_ zT}PBn(SB!&B-aJ|HPE6T?6-y(E5UvmhkJ_kvrw-z*%a!h>e-=w-jM!wp?i zd1~c96dSF(Py^QK|A&?HpV4stG5^Qg5dr^ zN#}~_tZXE9>oCb~f7eRDnBX;1vDpM|JsTz7y5kKtAZT^scVt4os|-=Re{o)Jn(=Q$Q2up$P1NkWUhu$mk-?Coqk`(~2kSpT!jan>-c$UpU8itze1n zCoA^hCOd+4`v0Ks<$oOX2gAqsp9gt_{;yPjnyXvgykMC;YpHAB)DrFjoXNC6$XM}f zu7A70OO&m@`>hf+6Yv76kH=BAzV3J6s3;ge5Ze#a6LagkG~vS};VKABkJTrg?(tgQ z5+!Q{?uGU7?dZ}%dQHoG&PAjXhGM~V?3>yiZ1uE?T*Mn~+k;dASTU@2zXPu&?&46R zNb}X-&`KWqN~!#$sT1HbAt8tQ>Hr?Q?9>1r;;FL(N6 ziLE*y{MycRKINKOl%SiZ&~{Xo!7!I-r4Lgi4b=93>gb&o#!l@as=EJMV=LrD-H$AV~@U*Jh z>LLrayWMQ4gcO_3MqL8Q>tK4@wQ%YNvoYOlWi}*)?swoNqNtoRp3WoH#NE%%IqCny zW2((@sUV|etn4^e8dbZQO)R`^59BFpXcL+gG2iwFj-w4v?kzs;fv2;aP&;?9gw9@* z+B3c#v7_LXI|ZaO0(!d^bxLX#ebM6)F+3vOncbR$v`yE-+Vs9nYr#tHdyBPD_xEqD z2mQM~8|wd3zqr|fz&ih*!^4rU|Mz>3`u~GG`uxvP5paTH=&8#*=_f&D<3V7PM$DGE zyz*XuZ{ayNCPa?GPYqQrE?^lkKoCrBz6*%A3bP&o!Y^;5b{_gW}hj$4*^K-uyQCToO_D&!lVRc&EH z(!cnoNfd5d<|3!Cj4{_v8X9e~j!yac2{$|8>54bi71gJCY0Vix*%Fs| z#xJm0!V)u0B&s{83`GtE$3)eULwUIeo-X-7R{MS#=P*f$ z6tk_?z)>s8oaS+!j=}lyX$zJY#HN#a(5xgsyb`&#!d+^EsNLq80sHe-s7A7-S^zSw z?n_+SHok7;M1)k7Gs~1KHYsn}zD8P|X^H3Dh-ZHiez%sdZ6`2~B5hMWvKN?|ZQQ2i zzJ~;jhMSf?(>}w7B=x>d915r{+!%DrJg40bA+s({K9vLtJNRNEKFfF44KX%VY_zGC zM|0SA+b!Leh1Ru^{J&*Lz#94A?;m>izYlu*hx?E6{~;bN|KAlT`*?Z+;u0~k!7wG# z%tEyE7b(BDkp2~;Q2PN^@=b#gv;#!b8DQI9>~|NJ(75M!2cr_MAlS$nndQRp<%-k> zk{d&mL%&u8KW_PcXU|6bUkK{^bWc1pgkV6&&NX*@{&zBjSMvt$pl<~Utud*<6{ZHmPy)XT5IP6!} z|LF1l?+1Cb{-<+%i}~Kt=Bv|uTgj~J7jP&kc&*9ym_vLEi<`%3wN-?@xh(*9#^f7)XE7`Fe|JKDRq|Af?>d$#|WvDrG}PjAcXWBp8#jrwe^tg3WW zf^j-(UT+=j=UXOjAN8mEvAnNPKTp!%d%)j~cdzUD|1F(=Hn9Ki4=Ve=-rzC*<3XNA z{~tlTcjWjJTy$-I_$Cc}x3KFy>Wepg>em0V$hx2SU6S{n|FPd2^!)sfgVDj``hSS0 zPXCivkv^pA$FC!`w7zYwIlb0bQAT-zGI6u%jW0$uAV63_(T!c<5?w4{d8>O^Z6JXL zTN`N{%OX>{MgSA>=?9$3OxORe=I+PGdz$#aTn61wf=usi|KC3x`ug8s_;~-@f9Tk96g5?&JqqKgGO${^7{y|NZ{KgS_3Z|v5hcPEim3r z62f3)sy|iVk@Vq{RZ{GrU}!dF4)aq^N-u>NLF&nByQ zyoG$#AHwo_u>Ew5L8C)vutZ5m7gWP2kP%<&14TWXhcivuQd051V9JiFxrx66E1Tja z$`B!^Wj^5zIWIPKd1$X`<=z}BHq!s@H~&X()E`v*zaR7eKFo6u`9J)^?;boAl;r?JSW?unI6Sng)*_E#_&4N(^VKHQv|*1xt(-_ioOcKwg4 z{=bj@KM(WN+5di4bAKlmK*=(i`G$2261MIcoNj5~(rPS0IjqCjP`x`-ya@4`u{)3qvgL@T(`9V1y_%;0qM^nE0F%U#t!6_+r$#& zRoTWCbTE46S%buzTib)orsV9^>CyY6^LOtZi@|?Jk0zt4$>H*d~Ju%<6dFD=RGl<5PLUMJ{`**U^+}~5t|75!VyNLT& z&pQ8)!~Fx#|L?Fjc-;Rz$kTZLEA(!Eg{gAFe+!E{z57*NGU25UkSuq)NKVfy&(`|iYk6_p zeQ1CBim|)U{Uoq0H9z}ayj$yi{v~_A1Fg>*kns#cT*_KpD#${?h)2^{EcZZbkRjOa^~J$y=NxDY}BC z;0RF|Hxa@8gI__dTTe^z0E=7V1)xfs4wGOlI+xIM=v72tIF`pfzzOodIZal|`h!=& zF1lPyP?;f$NL(fn*mZF-*8L69(Wu#slwp;11zgY8J&9h=Wstu zDp57HG_9oT)Lf6I*45C}ssOYBzr@%i*0g}=%JQOPLr8!pPNM}It*7p22iS?tQw>ZK z!xSAOb$ucLmHSOR_GbUTr?^Hm6;~WHh8^KAG2(Y9hZ-~6_4jCr*@6vnT|5OHgHA1q zd z0Ixt$zq(H=_91PzU9C|_R~f2D(xg@GIS`RRPEr^9d?Nb#pmtr5}!F<6(5NzI|c{Yi(2hkku{0 z?X2j3+^63DS1jYZNdB_P{og$=|6l)Lbntlp!-G6q+y73L69^S~pN>UAJcn z*{U&1eQ9jc9|Y4IZQ#gDM>+6X4Hq-e*yc;@n}Q_gpEHLyRjN6Aobpn)T_Or`w&kg= z)kRrfZB}L|op;Ert6YED1$Quw#^4g6B9v(V_S=yrE%JtU9jx6wZoNT*af}Fgn-YX!T)j^c>etP zk2vx-h?Rkopaf%zzzz^LREuXsX4zh(`2?mBcxu}#ERqq$xrrM|sAyp6>7x0zc>`uye`#2>r6jlN})B5O1Ndl+tO zR`po9FBFwb^u9L<$cl<_t#b?RIOE$X%ADqLp1M=93!^!L-?4s)k)$SVTxX zLu{O8loljpVO+18+{jS6lb1qMRpb^Orwc++`T8{41v?^LmHN0V<*2wbUl*)SN31@H z^7^MESG_{l*LFGxW$bfMQ(i?Ud=XoyaO#q!_-ka9bgkXihw33lu(j8x(VCKPa+rJ% zQ<%l5Y{ttcTdSfP2lt(We5iPnDOz>*yoA#!j!le}86f9VaHIm2o7%K-JmXs7dzf9Q zhZtF!`>2|T0q?pW3a>}+5tD_`g{7{iZ-B)LHn?W=+j*B1Q9H%Rr ze%*KOc~78t^T^2>SRrG6`_s2>*ti7tP8yi>+_Mb$j!bv@%U;>H_;KsFV~6e7##nK` zn`@};n3tApduj(DI<09z=ziphaTtSi3vuxn@q_7_k7u=C&yP>7V{!F<49<^FTOr%E zDPcMvK-ND13PNz&Fcpkm6BwTzu2ecg;v`SFU7U$kVILB*l_QtQkGs3Nlj@b#1@+33 z`C)5AXh8@^feh8k)7`qyOaSgmE|sE~=H)oV+r+1uRpNe@+@#)ek*g zE0A@k4Qn)kTJ`r;mWUJfyHekg)GSj+H{&8G%azh#@tQ5UO%uNnO^0}n zVJ6Rd_MuPx8VVoH{;5xe*4lqQi7nb~tU&AH|Mn~X--n08{YU%HLplLReMJ_b_+pINYJ##2!4aYn_+HZCEgY zdQa?{%>O;GlcLOpwQDmEp8Q}(8D&m#!Th+TOd-gISDB&yH~NPBZ}fj6?T*0sb-lxC zi3nqC!pU*nn7JMH#>{n^W;G%;S-V<^5j5cqsKnug9Kvk|kf|c7zGHyXFfY-Hc!>WB zrnn@u-gnvpcqg{;e}|{a|5dCi>2lT&Z*lRTeAe*);o;$+690Yh82|GiPl$u-z<)9S zkuiB&$sEKtP)*YziN;dWuJ1TLq{;mJa6uB+Dx5~x{uA`25=6AaxtRY}@-Yhv_u6B; z{3+XPeZoa#`Y1a$9PV5FmYYgeh1+he@{rE>`>uH>8}>ly<9gl)XIIbO_*(Y0?N549 z`d*-l2-xfMBDM8xrfKsYz5qMMOOX|NTI+4e%ZFij-~0`lSK1xY8b>gNe8u4oeIHmhR9M!0mRswS96B0o3zl+UCr* z;=)ztX(|msCCrkew3xw@#T*>ijy4Jj&!p>EbG7Ha7-z>#$F)a!-<0>b7)IyYqD(8% z4&!e3o8|bMrSQ#DD2PS{cmZg4eX6hOwy2{2r+CthQAxX>*niJ%m-$;f>->NF1Kkx|M?(KNdHGAb&_{0ZxKgI9W>xf1ZE+Jzv>QAH-V8k#x0|)<_$j#}%b31=7b&^ZF`#v(^Ig}|XuHvk zID(=RrZ<)FtKFbqm2`ip?AaJu!X?D1h%jd&M&6=ruC!E`{crXS`QI!8QM=vdl6LFl z^G}_CulDsdsK$!f$0=KhCE*+3`sUD-Xt6_6(ut)62@eE6n~wj6R$?H21vEdSCC)BP zetAc*Fo>6E)daD`OGweCAg>=HJN4sp-_IKPe;4V0*5?22AB-yZKR@38`7n<<|0ywA zBEZ;bcM9c}mk|J-;uul{Fp){C79~pR4}Ux!Z8^MdAj<+?zdMX|&KHEfM5s8p>?Hq0Q^ixqHf--8n|J(MKQT-6(>GMhF zV5H?vgJAC960Jb)Ohfa)TQcEyHafF13U>knVY8a7J}*|RdGe6F*} zbG5FqXKQ-&RHDR*)I~T6^!+&R5Zt{ckGd@@-$gUE+V$} z8kpOoa`=0G!usC~G6m2wo!zJZPj57+_8*lQ%x) z!Va3CtW&%6g9*?s4Jg|^P5I+?j_pcTyB*cOTB#NwFK*FOe1YY|2#cc3ixM;C#n}D0 zyPcoCcB@|5Y28exM0ji@Sq{!FI*cKSOwz7>o1pm;mB;zK;Q9CdtKaEAj{?@XwIkYb zQ#nWsCWu0($>3H~F#H*cFZEy$D%x9ZHykF}XWKjL-K8IfeU;bUD#;iRy z3B=RbY^HO}fOL+ELh*Ng%2Rj|&r2(JXSGUQYKhaObn&kL&1VFt2 zJ32x*@L6pe#3#p>W4AVL#OzAAc;I|bx1u0AZXtoD`FVM{$YLS7wF7^R5_IZE*yQs0Lm%n8YMprqY00$>e3{Uh6K5O{2^7 z7E!E0QEju82;@q%NSyIQsXH?A=439{j3~vmvo*|7>bah+!0M>Qapd1dGc8e(a{v1O zh(Poy+Md6tUioZYs;ozGoG&uUSOVi9%{?JbofB{MT4r0fU`Hecb7oJ`YQ;!UaUtBT zgPOTXB`c(>6C~+)iVXqP8cduB*}Onyx&kp|M4^a8$;>>XWuB&}lxY_ETNF1=_2KTLy*s8 zfe`F=Ls%^Z5G-Me6X3VG^9|XJ>M#m%aP8(+%R4OhmX#c=mXatz zIXf8%(OgiINY}f@S_^{8K$V?*j;Y!4iJE=_^f~KwVrtJ9gz}MKyQ8ZTQ{-c1H|K!T zK7kz&na~P_jnh&{^JsB6-R}S|2#P#8GR_2VFrgx?mHS={y$P4JzrDmU)hSg>DS5?< zj@PR+V*xa7jseg@aTb$oRWcEo3MZIlIUifzv2e@57DAZl`E<)WLoM6ftr=HgM0bW% zysC_*c)ig;TDoOw;Ma|%1$g6OOyQ(Dij`)4@C{>VRR)nd!f}T&g_GbYnwmi(4Sse< zH&|rbk%pU)ZhcFe4ZW!!Cgd+vC$NUTU5wUDkWcOYm%3@WAKDMX-*z50T?xU) z8ktI96*$exu@+g33{Nqa0GM&+7gmVNMC1sIg^bGTm|h32Hm7J_bI}QJqiO+kazCV) zP;Oq@QJ0`upuT`5&EjM)MSam3|9sUQ!vrny`r%tM zNEVPa<0DG`&PT|QOh9~Em(^%sfoM-7FYTKuY%Y&VMb)5=s>7N{@VmoKHm7N8S?a-d zlh3H32(;PAqy(&uBt--C%~%wj7d+RR-(*b}TzSH4H{lS(nU86$r0^Qk%5N2Sophp> z2r6om|LMV|egn}Yz^v88f-r9|*Ul{fKDv&$s?72l(Ih80q@Fn~Y%sOX#7YM|Go30k zl`X7rc5x$NWdr|x3o6ya4cIV4sKSQTsA)h=ELawHW>JR*`72Kr4zk|rw{6y*!g;fG zS8eOA*li8uyJNMofe@RmY5N8&)@o#X_No?&$6B4&_dd0E#!jp7?u3;}umLt&ZE!ml zY9MdUK40;1{pQ4V;g&F86SVxX?%PGNsD4ve7YoX! zt!$%=qLNLs)dSfa&VoItndu@=&b-MEj7qp;FK!COqu!&UU~l+Ed8|_xdMW}ywj*Ry zFf{sV>Oj8-20bvSCd0ouiacog$I}n%R+=gnq5z5Ca0vRn!&=bMYEQZu2ac9!4;j=JpShH2y08tgW$i|~x(F~<~gpo!nFRNq5$V(a! z85@Ww8@zKc5E4_rQ?1eTe!br4Dv_jIR+UIKz!uylHB#S@XGt?!X3c=hwN4M_}SI|Eis0yAhPyBnBJM#9$p!3~oymgE~rZlpgO^9RaGcX>6hn zspRl7o)w>GrLTzR`X8Ex;DY9JNO26)bj4daK05t$^6LE4_peW0emZ;g{^RT8S5A2?*SHL1;d&{mgk^?bl?L!8wj=zpJKSmU+?CcFlLyc+F?idbmJ?M&|^+!6d2a z@rxS(@N=wg1R-G^sOk8INVp*Cu+T$Z*L{Z`UTj=%i}t*}x2wXa zSx)FFq%$|ecZVQ)ipn|W_cxL=4yy)`TQpi%x5AAT291pvG;7P>Xq~$ACT>taP9dJ3 zEAO_4oWP9{t;mTrxQVe^gIFN3`bHRDKSq20TRma_Pwn^6{lqo`h2a356`XJD4!Xww zdw<`*|9{Xw96jcLd61{^{(m|{V3ID7h|!qlC4V!|7nv;-z(4Z|pfkvggykY@P0%zi zRh$$LE>DHIxZ&0~%aO_@I4dz9H;p+b$yIyklyKvgsiY*#TZXlJ&s;pL z&tY2N483OWJ0&V|f@xl^z}K(innD!nTcw>Tk+&`^vLo_=pmGd){DnD?7>jKbe_MCZ zV3)BqI(7Ld(;(H~0JOo;n>Q^0N<{ee-THoGZV6M!>#w#=XTw{Q8QH=t5lyy1)Sck0 zOJq z=2YAV5~v~ryD;I!BfxL_jc55)2HNkz!RXoeVDt=hmqpf9E&L~lXY)K^-!J~-%KZj@ z{S}Bli851&)n$guB9mEy_juItDqpaP&saZCemGkW!O`&>^8fNqilG!K(bx+7vja3pb=22mM3ygt-pU4`=XYcu|98rHpIG$7Pa(UY-l zguM4DmINr4{IbXdT)9Xz=3{qu>ujAapRAoIr%nHgU8mL1sJEQ!xcFzXn7AM13j?51 zB7ps)a$EPT)&FD+I4W-*2h^4qgECD$4 zBb%+jw0b>`fjd^vgcfHphV}Qy@a1dt62AifVzMK-HBJ|4dYY#=UO74q|JEt=MxdBO9k~=bfcx?NyAP+I?iS=-KnpPm-yB{dn7qr<)%!fBOvNNCLebpe zAeAa?>voc7tO}?omS>|+?_V9g{PgbR&HsFQ|L)zn+mEOpgMYFOccW}+ z-6Cr%lrr1AKUlO#6_}@iVcD{6{?`v>KHm%jR?_S~ukD=s@*=grq1AgdHP!g)*Y8bT z>jEm%BL{}C4ETMNkGkQht}a78Sk*qflNDoiE2D?F{eB(dcG+zacj~T3+sW>4C)r>1%l3nH$jK=lpllCX^&8J`v3!-WOXk|=ON7DiSAZuG`O`({O zr`6&X@^gM`vgl^pL*Ks@MBY3exl6q85uj8C1#7Z^-OdNg5YmZh9@4|2Wj!TW)-rIH%e z6G8dWwKxOG$}M)>2KtrZ#10=eb%N~IrWFw6`0W~g@3yj*&%1;Z9G04NVhsJw`n%zl z(rKJ~-l$2aWGy$FS?OEXk%^VU`ZMQ@)!gR>ifs!tz$68S424!Jb*gj|(q%qDVXU=l zV)wfi5cxmEanE_VKqp6M;OzM5%`2eN)FgnrSZC8*bdr^&du{}p+1+YCVK?0@~xl8*AIKMHw;XApOI!kT^wLt)`|I7M$aBK`1JJz$KwSV>noEl&HM@$8U6+Q3P@g3e%sovXKpa3TNbFNGaFaLPlNRFj`?e(hI{&)Bz%hj>tsW)Ks}vErzB^B zJ9j^WjppDc%*{jwKW{&sAuyXQ*9}cnzI95zH9DkeXJh^UD8-NnMb7$p`+ZZECrDqk z_4RAZ{(XDsaLPBteC?{gZx5B`MV{sttFxj+FgeaMLQ9CH3tjEUyJ$B>rAd}!{oE4v zpU@Ka@A+(C|10S&bAYdj|L7kMEBF5%3?A?QdXR^o0G#spV{PzL_uM!JzYWZN{D{QL zE2J|Sq;7hLaQK^d_mK8|cCQR_MSdaUuw?{wgE;3U9Z6m(EMSN{;4%@7d?#wRw>{+( zSI3|)tai6#TWt|QqfVf$lpNP8%vkrs>MZZYQynDk50L9vX`NbM8>a+2uzRQCQD;6{ zM=tJ7EAJMi2nK%Jc9r8 zIR?U)8s`~E^9vkr#`WbHvyQhbN<4?M(%s;nE4X-=kQ zuv@eRkX29a`Q5@&Zd5l!DI~<8D~cK1cEm}x{3=e5HtJENuEp^1*xd~-;-`Fc&sT-G z*N}4^eJzg^4!p>T6o>3@Cwx&%tj+#Jp^9|%nzLI|pQFgy67)c&qC98f#N@ck%O*vl z75@rA@r@KH4*3cV92x8R(i@jMj|7~Fx8=N#5|5j53+N)~7pGKo^x^znR4E)7IlFbk z@k6b6S0dIxPetAJqBEzksSzD zUfY}Pp%?4nhDb?4<-P$heTh=I(#KfVG_qyf2^0d&!>YhDm2**|^I3_=EKidvY`?^Y zfGM7%d_ikbcE4{3v~W-Je3;JXFvJb_5#c}YM*gqW|7^Fk8)|`T^uNJ=@4(Oh&>KDa z|2)XUx2PY5dAGp=P z7d!KizSdc!@DUB!H-iRRQW+Z+l$uM4ExW5IZy+>)?o^<;=yN^CNx!+1Asa;0j&_AD zz>Bi>BCJj1fykcfpk!g~#8ul-*PS(oAQlW2Z6pe)U)w?v9VqhxUT|ZzDCoak1GSF1 z`hxv>{pGvPWw!Olmdn_Q7^%-kC8=Q+kUl&1?AMAR+LFFr0nj@t^SZ{=ZF5P(wtdNN!w~}B%G#$k+spVwWtCnRM)I_x zS-7Zv!Gz-Mf-`!T&2_&6N9h$@5m1z9ib?=8;1Z)%du~KUb<42krtPPZ6za+aKU*UJ9#X6GCfigp^Vf_oOP*k47yKM!T5( zsa?c%i|!$XvX6Od3q)vM(A7&^y6a25b<(f7nw|}6juO16SPIQyo(30*l2Jf=Zf=3# zf1x*cj{Q@;U?aM4s2%=Ol^uKC4OldX)sf80>Ut5QspIOR-MS(oA}(@L+&|4H|3op> zEKSG7YAUu0@UuK5()-!0nD5gVsVg#e8aDuHTb5y!)|;oGvL$Qmv_1e7zXg37_HRKB zT8YKbh+5+BlXZ1n&9h23QntL!6J5`GHLhkPSqG4fvfc*pA7hIg1HL$;deyjbVS2fN z)lbn{p>%W;L9I8rl0H01sy{dOPL(>>*=zw|=rjz}`kws%?0x%p+cwtV{;a5i9}9(KOw^eGgtF_<$rbj+^O;en>14 zyto&*xG!8>$bE#8fYFI@W@BlMT+5Axrc9=$Q}g)(c|#b0U;`r@f*J}>#qM>3WpP;K z?!kk2AMk0k|ILE|C%>#=ieWgvi2o^a>e_n(d+h)5*sI$A-qf3Zw*MdF(@_6aANr*L zatl5rYmh)n?@1bpC=`lmmU3@_>6JkN3{pZV$dXVn5ehM*+O8C7BUb;RbO=SUnu8Uu znfuC1E=;&O%Pq0Z;4hngasEIE^S%Pn2YR2>NJ`h>O?P52=)na4zzHGo8Q6HeI~<2+ zKpsNutr3GEWRS~Ad5fH}wOKI%^(}J^Cy}JmQvC-h3aO+joF^&TV3Nr^DMIeD1oSsv zAM_;x75ZobgMvr_sINuJe}wZ(NU7Q(*FUC&u=3B69Bp_S7!(`l3es2LDUd#v(ahoR z=O_#`YxKbpcn{{2QHTQLGKZr7LxAzdyC7CO6?&u{jwLvy{tg6I!%<80Qh9@72>B8c z2NK?7YcO`3ho-SnBefc^7#S1?c_2hZ!Z_ z*I>QnbJ>7|eDDYeDBw*fs7D_W327pKpTJ);)cdXRniB;npU=x&AU!oigoK!jsQqBB zl#s|l8B*g=U{01spf9+RgJ{K&9s1y${}}!7mD|wI0gJX{XBNU9yu*O3lL#?X?&}W} z`R&l>i?WRR#}ZctUQO=YzvWKU0sfyp8GaFC)@d7P-}#T>q?Z5Td!NsLJj$oR|I_|m zLPDzV4%M{*K+YOlu!0)|AP7+ew%LgLA?z|m6vgaMBV|9`Pb>M~F#xzP z{^yUX_5X+7lA0h^LSokklevIIsp+fh?{}cj; zLQ{Y40^88}p3t2I-5RuN=PkfC;oUhfn2%Xw6C3@zBZGVC)V+2H4;HXZm(lojJo1Mn zuW`5eu-kWRe7AGZ@KD_C;ln?Gmc60Goig!Z0*Qw}w8auDgWk+44>w>3#M2BH$DpiZ zRILeEVuH$-S_@Du!)n#(>DJSs!L^6!%@$(gJn<2`v<2EePPfhBwogukwx-Jxhx@2Y z{m&SYd)&_f{$Gkh+}-&*;QYVmPO9<0k@q?O`%ylhmj5SM?L%BY0ie*7{5bh*o2+T-sC zXr`W)KTQ1TtfZoiVcw&d^9g%6i(f5;hcWhd0z1IG7Vj%C9gS)^nC*;U1MSxE4>f&1 zqz{|H%Q@-6JF=O%Ejs&bWc}GbjrL#0a70gjQS~nI2bO=@Xa7wm!&?2n(dYV4kMj}d z|2KGjCeMK22ytot)tV1WutI0@Fqo)h*SkV2OJe{5B?|^(5~63iI%;umNU!0}4TF*R zTh!qI@-j+yXxj(S(U(`o>Dr)5Qzj=1m=l}k9UsXu5S&^0=2I2}0v_NT!!sl6v zsPc^x)P_2WO%gC6p&tJe{&&o9`}s&nSdoVTStle$ zG0W#dT#fyjGwmzwXquO18&AaPIfmY`{G9Ru^JJiqJKQ-EB^R;}oZ>;=wuXf9ilFHT z)Di72nu}5Ai&`%{;ewaze&=Fab}0{M)(-AU-`!c4hF6W^k>SsKE~uSY&QCk96Sg%5 z?Wo!`H@RVwICt3`r7>cNI+&c~FP+KLmc;)qI(8eNw6zsT&DYX^y75Wi1`Y zIv!Dyn_Ql$QEP}?)FA63=YQkkwmcyEf~b~y?BP~pNvr)atFcgfkGC4zE7(Evs(ZLK zSG%kEpau8g%dKItbzEu(FSJUR^+ncli5;@Qb}Xp}TTPE+YRH}*z|t^u;lmjk#**G= zXFRt5x6A(*xtSm6`~Qyv>id$2L`iJ{ zDE1Nm^}$nh{jd0XMF=x?vLRbJj5utCWNXl0Mq~~np*D92fN~GH1}t*5bp;G3@6|}; zE?!`8S!u<8c@G%57A5lYmPHYmGod^xJqbWNJqJE`#i)Uda_Ia=s&wd%fz(aZO{IGV zrD&a#DV{vXvMilZm0L|pv3n%nMWI=xNi;F<+4-$>bG-&tyj$QMB2b4=#== zLohtr!3Rmvyt1rv9co=!-m(4J@TgdKx{>^T$RaFZ^?)OYxOD&-pFBtGL8HF1Jr=eAFcfN=znFUe{B8lj{WNW50mlabNB@x-mLfcx?neL=WRH2)o++rV|C4Y1`syWP8 zHq8I%nLX^YYyDG3QgNp30|mf7``;hc?EmTXbN%l}`LwtHP5pf>IRuF7>6>)1W+8E* zN}+&_%2~~BfLVyHa0b9mJzME3zbNHD)B}N}ye-VE1ZY0Y%}J86Br`9Y$+Mzr?el=c zQ}iq75BlXMl28_eRh*f=j^*ec8V32AHFwyVe%~)uB~;-2X;HpShdz?tBGPrVibH z%+ad%t*EcvWY^THc_8)-#jaO>Yp8pv?|NwlQyHowdqXPt5!6cKKg@_)s(d$Hh?Ezn zFh)SubQI2iGOaHSZ+NgVDKga^uXa7&!X*K`HAAPp}ALY|Z|8obH z%CeXll9j5}?Tm#>?)2VLxI|}7))&(zQFZ-$;Ff|4gk(c##HD!B~c_o*l@XP;pd#B+TXzCj`05#A#B$gZ-izV>0*nx8UcO} zQnW!U~k7Td2W2{U;YCyF;X zCGi@?%<26nju!;17)$8c$w^28>dY~V;Tk&uS)b&0<puqF9Y7o zz-Va(-#-nZ^!f8>A0_{t6^hnaBzio2AN%9K)%eeF@_GOFaXwGLC1ebxv52lp4gmKn z6oYw&qmWCb1O|6v2c!1{h?9cq=5Gq<3Plm%zMahZ!SV7Kq$q+6Z;&V|Z~PA9u=fPS zNZsM}G)d6{zeAxcZ1q2n93XBABe8gsqXZI^f(XaR={e7@f4OEPMZG8BT(B(o;rtqe zIHf&jiP?$xSEAo@=Ko4h#J~E7)$)Y@qrcKkd{O|K!{9DUgzlrgFCBWH^uBcF@UHiz z!`A$7lHz6W%m3GV0)Bw0I1hL6`~~efNlN~S0@ibIh~SBAo|1p|oDB^~h)(_;1gKj7 z=P#eV`R>K5@4s`_;e+?Fd;L!)?x^bj4gJsiKacZy0?t=3UZRLB|2j{m)n4%N& zP0w+h5~L&Wbm$I;1J@f2M@K#07srmT*xr}wXfX)ojfo_N#K z$wBB~N;5=Hc>ANHo{eVDMzhzMX17AKXVUCzn!m;GIK=@;Qxq_;#+1Q3aXptv4}ei5 zwzslmnZghO9OK*%M=7<^5d$*u4x1o7AQNx6V?Zn`Y1nxsd9?v?n+L>LNjEotKL*z~&oADHA-K5w7OpX8 zj1nKTTvM)VCEK%+?R6&GbtWaUy*k;AsJPCg85P$#%&c!hrEH0S+``&cBOebZAbHTx`SqmG3$0VX5ET0>z0h!gK3uZsvku# z{;BxsNR2@|@jIE?#jk5KZr#qtty|ICZppZHXBF|g!0$jrmcr|jdzYNVNlOwZyGXRC zRkyQRbt`JsEvZ$vThL%KYDx2G7tI!}>UP$uZbgZ>C9UfE9cgYCD4C4xffCoILENqy zWabQ~6`GX>;p$^BoHZ#`zOqx5ca<}C?yHnwZ90Geh zYd4Jc0DsV#=3#|q-=z7pApoQ60)%r}evu1LS*lOcdl)JOz5Wh*o2>!G0oDg$`XTsB2j`271r%CC0QaS(72e5r4Ywff^7Dh z*V$h4D)yQ;X(Y%#d3@GJr|lNq=ycbjvl&qbTE0z0R*WdmG@@LqAzmSJ+AeH8np(rw z93vZ%ovfyODOTBY)QQk`=HY0%!#wm%Q>pa3f!Mf)*qUq*fKgQJjf1?ZqsVr;IX}OW z*tQG-j6?|FOH~QI89q!AD5p4WdS8MdLNLw}Sr;9Pg)6H+$h!hT!W~oy=9u-q1oLd2 zD0+Kef)ue7FPA7)KY>&prm;@Jq@9mHnoLZOrvhx$l5t0~UBKGem7|fr16WH3el(o! z0@f0E;>ulLo47*tsjq>EQ7e60gBtD?@unfA*0PSRd z@)s+nr)hb*2UwonC7Ojmo5k7L;H)V0!rb%*zBT&u5K`7cpv^ezY@1a~v#~+ou)6O7 zqkFg&K2N|kZHh!8CK!hxML~)<>0|){l(GR;HF-#^2SpA=yG`fO(7Ne7v+RV;x^9Hc zoJ!bhWDZ5uwMZZfR@$1-4q$}iJ7jhLY(cB;F{?7ZzKO3jVo~Nz|Fm7AoquXgw3}J> ztY%%etY%f!GHfJJO^6cc)zi&j$+=LTXGEdS3yrpl`gWGKzbg=HH9ERdUx`S0CiT|f zOm%wOWjpw%)@+BFWvgn|b*JjII=yZqfqI|nVx2@t)4R_KT*J_8kUwT+n#7KvDj0SuJ+WVY)?(f_EeQMaICDRBqek1 z(?xJAMu6cpBAMKfzen&6rGRcJLu*U^?!;mYO}ZLGld>^1DH%id?V*bH8Mo9vW2^R= zSgfZ>SL>&crONZ_cQIqQ$C=Iq2`Jx#h=Pm{8Qo|LR7@4#q<@3)Iq_`WsQ zWnz)Slde*DQkKG#k`yioEK6aTCam{v<@U{nMA;ez5yb1fl!I7>$tL(hi5$PBHuA07 zXkwAXldh6@Tz0}IB}r_IgCTCUzoNIdBDl4=En|yIJ?`pKkIOFgxa3lM^#m0W^#xf1 zM8PFz3)eE;&Tr{T`ofj8@p(%Z-Ip$Ujw!3DxaP5J-ai_5&Cwl~mGIb^m}A+PBQ3Y( zpCyT;yX8>;-+mNeY*D4-uBvogR;A;TDz&GjRwmYM$tCU%E*Z|+NyFi+7Q2<15weh% z2%gBc^3=FG(}&}wZHSw-{J5)@AD6ZKxTNKc-PGKQr$mTP8Sz=8^&F+ZxUfAXgyr|$ z+GuE22xB0;$ zS?`s*&c`L2TAA8n^Gp}A6N7QuPACjdcL;@Mr9bYf^v7kTKQ1Z#hQSag<-$;0xB(*o zBMd1;Qtyip0s<>SnJBklj*T3Lc1mG*YK_~DElPjfRq2na8fW}+yLikqOz zAI|0U^KaXim*s&m2ZC)AMAdM#lz#RD;5~)+v3U>y?A(2BUyZEWu%Jn}qH_NRMIx-1$E6YmWHzFgqTw9jv1`BIlCKejjuh1SwDj|u1 ztoOjZjA;+IPHRWpsRFbQ*I0FJ=9v!HXcm2}K}*DFee}07ICF zy$LRWgzwJ31iDU+7z=OOZoPTa9XU*1%Z&n0ZWJ^{=;dt5qJ@~mVpD=ah89^AQN*mX z(QNSZ2c2ibtIWpGoQ>*U^f^hkpj?sKsqKR@0)iEeLLj@g64Pw3`yF$q#GBQH=QR_f zY%{LV@*3`XQAzz)BZ^zAa@NF>j0szbZ4?TYc!OfOmE^VDM)B<1D84O=%I}y(#owG& zhQ~FBXIh!-|C3P$l9X(4h=3~QDTxnOYZ8J5#Bw_gW{e~#U1NDovmA+WJCDX2TRj@z zlECG6P2lpKiUB(_hoK&?=APXKrd*~dwvZkTOA%a0I7T3xgDj0GfJUWKV zR?2Dlj%hI3kMGpZKuGhA6WcQ4@7W{%wxU~|Yi?CaZuyRBvf0n=RP<)c__=3K#j;h{ z>Re!}QeVq=OjAvq#&1T$W)^j}iYi8te;67zd!V~HP)1{T7#dbh-W83i9zP5Xo5Jj< zFNf7haSuVmR;Q?QnW9RSqG5SbMpiVMC#7@Ypi14KVR=&QXf#hs_i{be(Qpqz!?RU< z=v?rjQtzQW8n#??YZ;%eqv1MUxui;YIBa;hHowm8?AN&!zs@!MI(H@$d@ZOnuNSwo zQ{z^g8rN`Y_Mp-{J#J@{+bx^iu3>WT#-!Qgb-S6oDlXxbEf=@2dpRzrR$Q75SGTL- z>Xr>xw=i5e8WSrT&4#Pn)o`uUzj6!1bvGK#=49vMS8jDuCWoQXYzK9&%~UDP8Om0e;6({InrH>l+hR-hDNid>0DZBg8}^-+uXxj~U~ewqS{;ZuyOU@Cez<(2@&&29 zsOBDlki=gwv0?CZi`Wq$83SaYZb-0_)FcU}osF7l*{GRTjhY%o{QU?qBrewxM;o&^ zqbSU&6Y=|e#i1C^BLqq<79{24VWY6gSekYV5YUC-JNMy+^H%@LUGE}=0 z8l*UBj*m|*_Rh4cy)!M_JJX82(=cgrqhgc9)yy3mzDEgMGDieY3aPb%KB zpwTG;#$Ozj(HQR%!%6&wKp4x3nOZJ;uOzmk`Q=7k7F&s*E zLp{MoNI6jiUIwsN+1$9!f)Dg}FVC;Q8mFn6+HtGHGqdq&b+=TB)-X#V9B|grl1Sgy zD30P)EIQlp+02seR!MpIN;ZjGWzyH25OFR`zET-FlBL}AEZq+x-oHW%C=c6xskXLN zdCUlIx%Ov7E6lvukX&Yz8wM1IDBwiM`Dm3MG852mO% z&J`)QgrG>Pyo79(*J+XZb%7%!5}gqY#bNPWJBz_+Cke)WV{MEyi=WXqBo=oeGGfS} zYPu`a2P;M9a%E!LIT+&|4u;Lv>tyOpDwp9*D;{4_t=MGKD@0kE1xyyb5X>&_zTvXc zNRTats$k_1YpvJrJlD*2oNHpcQD@TmMxBYcU&2`Y6XQyq%CO`rilmIwo*y5+JEa52 z1}mb{CFC%1!rK+}nAxfvD=eES@0wyEUv*2Q`(=N|wbtxZG%`e4k-CIs#_z0M<&l}K z@Q6atN_F=MpH+#rOnA9MK$fVJOt-@Hxk)p0u2SyyHMqv&Tn>nch#+yRsdx&WC5iNH)b|AurV9iVuW#RcZUmGa3yb`;?kA&dVkC20q-3U;wX&~L-Y*Xe*Kl_coWARxVNI| zb3@(qdhfwiaXs{VAhP@3gC9`J-3Rc#_kLh}-k1L4e+h^e`T03PhZv?_Ph7i-DS+T5 ziq_zj8Wwq+w79qW=HIPg~gE!ybfY&dcy}1E5--B;nfQvWRH_u+Zdhr}Q zzqopFe)H<@qQ`4_fVS5gfJ=FWb+AIgo$wrf`ZdGB-GDC<29_BP5iN8_p)eehE>G4l z&R}%%f5jWu{Efd1-S5OZC$2a6K0)z-PyfjgSm2a0r#ArC2njNO`Vrq@8|0(j0Gt;n zJ;yX4X;`!lg^gTbKpEQ-Jt zUalDBHYiFrC=vMImn`hT5ftfFFr}vWFqYX-r!97yP zZDm^+MN0ltAa10GX()S@JvrbamSR7@8jM50YvI6|w}t6kYRRww$3ilw>ztKP6e3fs zZBBs*`p>t8Ug9qZWEja)ktvK(QC2~OR>=|vQY+|@c@O@ExOBhSCS1Df(c^!~u)8Vi z>q34|(gD5qhT~e?dEQgQl^ySn^gx&@e_ zHFdxX7_6EdWV#|*lwY()MWpBsZ5^p*ib@gzjKN%Poj5>Y&0S6dPcF*mh%58=LNe-T zl$e3y#&FIVFyikINK75xR9y2X;LAWtmZA`3afnjM4FaK}Qzsyy6vAn>e=}HG!a~~- zIUam8L`iK9Y@nb?q(nd^2oR<6N^l2UumceMmZUO>iQ@%1&UGjQKXFzINuV?*S6C#V zj^U^aRYbCMAf&L;N6IHum=Dx|ojfrRK58BnN5<_!@E*(w;UjUofDuKUjb5mbUKYo7 z`U}3mvAUHnw05y+Vp4IgehW~%!6}KwdfmVj^FFD%yszj^Fsv2)D@-}$Nd9;G)6cvE zu80eO>fT@!N>KMWiufc+PnQuDvCEl7g~kjrwfUiii@cd$S*^yKGB7G`7K-#Gg!#Y-LOwlo!4pi*ZgB zLL3oUS1d_UfVfqSEbG3E+O^yct)uqh9j4+Om)bB@6VHFCj=+uf831~hh#fL4e2uxN zqDwg=>jjU%Ee?N4DZJewnH(H1Q$*M09MIC z8LW~U7ZF)XBa^PMxDY_txe>X;?b$?k)QU}V?DnyV0lgcW)B_pzTxw0TzIf6NhSZZYr^3|qFeALiw7CP+(gGe}QClmPEI8YoYOdm*yeSBQG zLDnEX3MU1{9HK%tsBm^OFejrZjb+rkD#gxIZqYLgBdXFFV&1Ewmv?oo?9-=Wt%xft z2Ji@cA4mEEEM1iiU+NkHNNC5)cXV1>dg!tru|HZqKK!adMsJV;15h)IY}p6I>?Fb)SW zW_X}~Q9?ROaEvYlD_XcqHrdHs1rR66qUe%DIHl~A#;mBytccmDtHE$Ww;wru4edObOndw$=S%Ajs4jO&gT%#+$oxk z=H6ns2#07GqDe4X3|$Y7=d-Ch8c+S<$PeHtntPLQej0@HX|Nj`(L2W|ZLm?k-=H+* zYE1ZByoGiRwa-Gsw4t;5vZ@DQqsD<`@Tlp>M$%u(W&!h3M*@jl*Uq8Kh&fDlp4 zeZPc+wEpr2Q%vHQm~#2|3a>@1TLJP#j9J3J7Kc=1Yp{~dK_uH(U=oq?@Kz-BISEV| zmJ;5OdNGdlKo~@VEAv%gyt=Cgnx#u*gIez_xV z+cC7<+TfNM5oF0Sg&_j@YutB#p7%|UxkZda?ILh{^h#fX^;F61BN3x2VJTw(*J={3 zQ6r%5WU()OaF=Mp}9BD$Nug0 zH+g=kp>@Shvt8lJ$A+FY%kv82Vk*g~3^Dg6r6oe;P^+2jpZz2s_RspFVrc)kFPN`? z*7y3q|9sr12&Tab(R^O?z8iS{=99&Zc^6pf*f! zygX51fdNe9!5lu-1J&^4i42@`@06{O{`pAJ*c2ps4RPFzw*zi!M$@%8UZrKl8F+RC zZvOiWyuCRG-yDIdCJ?_YrPqJj9Jc=K&a*6JGoj-%&7 z{9aS<`r%Cy+3W-qZ$u7?dcV2NJBHF2Mi((d=>i6*?)AN;NF~`|buJb%CK5zM*q@th zYTaWE#LKv zSj=XJbO>WWbQ4X1yqz`Q$5f~b$b2b_s@<0PGoLFPTir>9VwPh0>j`4P32#Zk0IXq> zaI`KidFvEW^(ucZWbB8pT^NP~)%}1G5imk57zhjo_n583p93iIJ~_%M)k3RboPR71 zHJB}nq6=G+$?DO$v}FX`TEygS-eoOFspjfg6p?!!q7{*B^o~m+%!=2P>JYH-u9$;@ z*&I;7yTS;iH_bNri`9@o=?(3zi*MKZmb#MpBpwONNycFER#1)rXHo>|79=>h(@yh3 z9DdassoaS^26&y2l);!;R;EsE*z4i*S5;%Q*U2v$cJ=Ys5XWC=IF5;`!yhT1?_2y1 zg|BfKMu^Kj+Ta4_3X^CH7RI^c0&D)RdbPQWR{nTCnpIefI-g5n9Ee1wb74$UVNK@#wv6G6qzwa_ zIINc>C=MlLnU*g)EqbAOx<~$|d}wHbOdoD9o5~u$f?1wYlyEx+9hDH_*pW;m{1B?F zzqRfc#o-{MDo#}zX(7*ka(@c{rD1o9#is*S7;Ng|dP0pAwz}194;_&rXz;nFOz&)fRow{U` z#agFI&ez#XqIG@@U&#qf zp{C0rPNdB0IINpxfwsZ)+W0q?1T~WP8Dga%wN&NVf}3D_hP~F2Oo!h#D1+DBFcEJ{ z3s1JwQd{n9;#gjlNssyZ;r}5PIF57VfD2&@ridf6mcbAh15X1uHVhwuGl`>Z@mRbC z(>oLbsB`wW4d}C|&Ju+lzIk<>Yu|hbz9DR-vMAr^>(ZrZ$pwt6HKI=^Y2j1qdS~3i zY_m`Ew+u9tH6~^UC)rmT@5!z&wYI0#->gs-g0N0hrXxe?8po1BNgASbeE%KCyv4CNkQXnxS%dj>Gu@A1IoWfB7bw^U)dZa1Z);{<(Na$? z=flcokiO5+Vkqjz#@!V4%|O-2$v#j)yZlwr5ny3{Z3>#*KQ zZOc-yFVkC=V|N_-Bi}{gH1NWazd)gP8qPz{n@;D`2@2+uMc_{-p6Ablkr(=-5DtAe z7`a0@IvtPqA*4MZ<(}q4xyJ`7H*b9%>V^Janw7tU#Q36#2Nu>#b40}1@FzH9yM zSq$^QhvUh77w?s;Of(X-lZwqdJJ;8k(0=VDSD=q{_z>`v%$8)$V1 z(f)yQn=B1N|Zpw>lpeR;!8_=FcyGI4}EohOBBpXhG5d)!Y)9 zr6->0Bo0wqQ9u{n{>Y7nSe|JfFtF5$n)Bu!kYLwDy)F z7>ex22Cmf09WP9xYPr9F!x$7cTSG4t|Et0Yv)SxBoTr{cIWc6BUs0opNztzvqAaJ# zSQBg?ZKbQon%ra6muyfjzm>zjScup!XN1A+F$lLYT;o6<=cSm$>KY}TpH_Myzn$s! zxRjxkzl_p`;F6j`6A~qBByVg&5k(T1ILB1JZq0l%i^YZm3c*vO>m#v}B+xjEBJLj6 zZ;RrplmipT=R}PHy>ZzpT9*CeT~`bqOq**Y^6)imPIe)t@gfk3q5tjsaRH zZ2KIi$I7ogF7lI(i^6YQkI0>sW<1w0(E&f3etMxElZ7~Lt5e?A`4P39Q2#vA({uB&h(({Nj z;Ya`+sx_HjvX`8VA5?$5y%^Y5d!$lypQuvPYQxh+P3(t;Xmb#Q2UUFXAkwghClGwQ6r|!3$EX{tT&|w_pUa<&@jrx{N8F3Z|!(AEEFAg zuB;P*LaSAhcR~@nG%hh{Sd-6myk8hA=8Xq(qdr)X`&gD<7q>Y!b|sbZ!OVYMTyy_8 zYoNd{XH_SRMvCAAOY=eU%qW&L9uIWTb`K%Ft9LFPiO%GCW6l z4zG#uYE>flbUGF34TVz7a~cH9H8FCTRBwCwks%@@9Qj-S4sH8qeSL1Qf80;xS>5$^ zAnKZ)tha;w>F+;R)U@hW!rg5FR#5p97*Q39>?XBrxYL|g19^}wUFr8Dn{RXlQxTYJ zj#TDJ%-WsPop8^bznWKtEEV#nAEY}(Um;HGx{>S1QbpbT|TA_79WVsGCZcTkR&7hvBPiPtis-Ns6%A2k2sehl?+EwU&`ioa1 z`YBI*npsN=e1h|yX7RttidV>fs#E{Lr;{G=NKrzwJ&nRy?@sKUR*Zv8q+mo!K#1U z7k7}D?};DYQk1Ii<~0POU2)o~oB^bf0~$L$_m?>VDT9%%l#ehde>az*POVe#)pu$N zpu0AA)%o4>K_@w|0Rr33f9`?}XNsYh4`r$rZNodxSSAMwAY?r-#K~qVi*w3?yngIxfCA zy15PESNeIPPxwFA`N_N^BWGQ|)6^@iY>!kcJB#NF zjO4wPe6DE`t*aN2DGisS(_N@YFGC@?m2-0@4y@j)dmkk96^TNsVd(>UN)L8;E#teiX$`cN>;@$<`far3t8`QCY6=S~Dq2J+v_>)rb%J%6}34NpfC->Hi z|LnJZkYxR{{>XLRb^o|8!*2bv{^@tP|NC)Y<=h%Ay>h#;`x^IuFU3l9pE_Zef)iPV zi(1ZONmNxaP?Xv{%X+bdTmj_og1n}M-Xg9Ib6${y5s;81i=@0!?emkPN=XVGD0_6k zH>w_qjGZ!Z%*`l4#WfR(gLIoP89Y>)^;mATi(N=@-csaBY%s;@AU}+^a}sW4=Xw^6 zlmt~mc7Y?MLwD4jz5T5(YARf&c!MLfL@#InBf)_xuyx!w>p}6EtrwO$?kD>FFn>*N zy%hvA^at_PwRs{R#|x6Kr8KW` zmIT_BtyYXByVy!V@5*7a_`nX3F$vM7r9wd|heNlMnNoVKy&^FD21YOrP%32I8{JM% z0XN?tpyp3rnv25|^`SWtM>}b=RbIH!0~5Wdu?c3*XmpZ*0r%ivWqAN(s$%fqvMjSJq9_v<3i>dXgt%d z%T8yz!Otnb-?{j7zUu9uRb5bPHXpZc?pKJ?~6lpi7iukq1EH&@AojiXOGsi(~Gsh$cFNAVw&Z z4vqqefB?wHYFq3C?y?f{vwp_I0Zi}-w-h1*!$I!(o+Kn3Y`l{vd0CL7pKAoIxp%!p zwhY~}O(^2BkSQlz%(A+9r}(Ap&wN46-hk>YuZwb@V#ZMHJOb?lZwK|(nt~T`$aNnA zD{_B0dBx(?esa4(%Z)!7!oPdqwaR)wy?PI z#BBMY*PaN7;);_3s@kMxBq0%5Zm$#WfS>0#uGG=f*R$B(=yFGk9y>8)a@;id0Tu8E z#U(I$U!AeW{Os0Z=;r3{Wg(<0jDPgdfI=(^b!W1SxIPLh?t2#4$h0(ZKKUju znbc4~)pEeOQgHmttO$N<)Xc_lh&MRQV8q?JJ6$bPl!2lQ=J%H7*ZAz*{rC~5=sR)Q z&yMYnGN^9*A4Nya8z7ZFTI_)2Z|?20p`V6)8pm~p?$C2*-Y74UGKFZgICZ^K|8#tc z!ihhf%_ob~#dNYbMT^nGn~$cW`EWR#pSt5Ia%bKgy7LhlFDAp;Y_=COxf$|jzUsg6 zqwfFL0nCTL{D1HL|E@clx|RF?hf{y}`TqaM_zVVv-U^54tOvjVFcS3mFTE#4WSIL` z8;tIIy}w2{z5}ZiExzh&RaHm_mJ|QS?=x zvTcOu3L(}9Ctr&T_FtlCJrE0we|_@g3Ahem%vWI+G1}|(dhfv-0$yWU5|3Q^W^t$s zt#b);HrV%hFM2GrmhO=&M6tVWK5E3~kDj;BpU-tYat`c9pmGu1WS zQ>SK5o$kJ_A&!B?1pDs-(Sp$%ORKV&N-J>5d-HOduxqfGsc~BCsPS?sX=rdMXxiBr zJD7R@RB;rPHn+0}yXboJSRYR2<_o-|^-1lrytoLuK&V-BejH7h^JJ7WPqmbT1mh~`ks^-C*Q`gr&srgiYC>7v_r4~X6Xp(wU zJBt|L=W7JncM!vprb;A%h(%jJ1Aj@pY$rxylF=vsy6F)S7Z?9T>Sdfrddq?#eE=bO z)Yx`82PUGp6LOan9`f~Ff(6ayvy-2}^vym{7vFt!?Te9S`sSTSbQn?lbT(>F7LWp3 zyN5#buf4zC{u_(6v^##?)I3IhwjGWhGSE_=Rk%*i5@%xv{GoFwUz)IplrVGBG=7Yb z+(ZyHNX*g>2lvwMhz|nH@2D*ptNnA6DKoqf=OSLRG7Sl=RmQtQi~{+l*DQEf*I+b| zU!fiJvcBK97?=6mk4l3Fa4t3gFxQF)9zzw+TH0|Gi;TXjpsH?K6uaRfF_4?&u(8h7 z-r}lS1cv0DqadvVa!j|~`wIv9la4!%HejLF0j+(b&2IUxo}%N?Ac6bbv7PMA&Gzmw z&N`sg3+M9^5p1vgB4g0W)p^@A_W1iueqI4-a)fdah&NMZ0qO7@f0R(xxobq0d~}_4?J&uo-acD=6OkQlOreN;OH1Jf!-;M*w3Hv@7tMov-x!m zk5(tUH*7>Q-}8L&!OYug9jMt>&#^5Y{tX2#{QNPW2G{~ZxoN{euvO4Py$msut*5wB zT}Uk-G^2=PND3p*PQmT(MAdkFi{mN#NgIQ0Eiljy-x?p9!O@K8GuP+4D~)VJ>kq8S4BjzRhrkYB{3W!Fhnwq1j(LFCv7n zu$iUs8{B7|hlYmf^`Y#9$9zu^V|u`2_mdQZCd#stKlXUWRUUz~tg+XfKA2~>&iuo( z=bjhoKkbqQ;DMR6AYC`BHzQ`}-+_<*3ue35Dg?2+2w!Ab{@ziENG50o+B#J16~&V~ ztX<+S&hOnQ0u3}f;#DP`ZVga{z0g1bgdd#liCu-8397^HhL3K@BEr)lJ$AlvfWFL z>cfR=Fx2?ZhI5B`hxHjTc@CBce1i3&ZLC)@b~GF<$A~9y-Q(UK2C>id`t1so_0whQ z(xY#>VMuhX0T5f~m>?YR;qqJPx&b`tmRZ18;$Oybgk^`(amzNgiMDf=v^Q*DD2egJLRzP4L0Hmo^HzWXx%s{rT$Meh~;P9 z-~FD5=c>V-*_}0)N&UK+?I+taBnyTTDx}j(GWych*c0q)@2gu>)>gn}`mIt0-vNm64hddO`nMJCgb~koYv69lq?H z+0;U46)&sCdCJc?%m^)TEy^;7z$O&X^KLOYx$W5-2(|#fp?iD54aQCXO|MOGCAE>r{Vb-VbUlxOTwGMITyF>eJ=-uDL|6gn{;M7obj26*aE-(| z-P8}c`3YnOa>x#)XxJ3hS`6LP#Lym!;HgdO9TkoP%R3SQqsev8u8xtpNK{B;^Uz>L zF;hOB%+`#Wyz`A`2BgTFt$5eXEC6kz<$w`ibo9kV2;$O_>u$Psigjxvg2$}lv}p>A zIaI>Pf~N;Kh&7V{+LVg@yhAB?1hG4e9B;TDxXQ(}&-?NZlH{(;4$!i zkhIIxf;!j(I{{~cTT9*(Wy;*2-O(DUGK_$N7JRI$$OFwE*tPm`J~iDyEDjYuVII{4 zLkgf64($8K(a4bG+_QH(!HJMqXgWQ`mfUV9IZQAi0Oic#pP@ukzIc9l{nyj7-w=Y- ztvGO@weDKe)v|O1MSuMuT9)tROe|uvM!?UEw~(PG{pQ{6R~}{B;J#BMC;d&s`(rB9 z?7R^4cowlh^_0&p^okiEe1?l&n!J8h$pF{&Mf-k1N}_(U%z1L8a^d6bHwQ&deA#L& z-;s^*#_n8vtCGJSoD&1wzVw@|=Ox1mbi=Ehk6Gs?E!^BBu!YQ&>d`=JA6}&0Cn;*1 z8B=)0RPkjIf#k_bzj7k1!MIt0l@HP1_R&kdsplg-*lXaT5pi+i3|Q(D%Yody7MFZ^ zv&Ol~6a@b(bP8F6T7FrXR^l~MtK_U#+ubZRDFAD^+wx|cB|ClZq5GdnEFDNm^?LYK z`0@!PFnY}IBs-A!q6j9+t^cnJzy@>TI>E(g`Axt^ZvhS=JoKt}Xc7KL12G3!U+OAX z=HD7*3$)IL+%c41OD?2p0%!qzMfM)G5kfy0LatqDc!66#u4W-t_RCMurxz?)<2Sts zHAyn?gqPlCLM}o?lxg9-h?*Jb?O=Z)q28rWUKU1STtsROo;}d;9!mIY&pR53`@@(I zPXbgD2+cihHAX{JU}U$-fa@oW=+M>oBnB`*=_U?mcf9@p;rYST03F-zzzDw+LWdR} zcl5B36CyIE%&F*2dj{emI({4A)E<00*vuJdbe+bG)hF)EKA-f|8VwP7KcSDRHh%(j z{q?q+!@Gd-f%wH#5I{j<)@<3`6WX*#6F8zY}NP(cU zXWz;%{J~QsjMV*h$$vc)7Xi8h4o_PT0K6A1i`{L^c?cbx{1Ay4J>LY0#2+N*CCR<6 z1v5u-xQloZuIZ8$Vv_JWWVp!En>Ml3HP9DrDuDZjxaiptTpaPvRoHU?Q7f zqM}bPuMf%pm{2S#!<;zl%(0)V{Z!}`{h^R@_dvfjE`M>>aD|b5BjH=92`M_ETG4FEnY32X43Vf zQ6lTEmR6LmPH8=NYE%WY=yY8e+hxiTduEa^z-`o9K(xfT4$p`UHUU1voUlh{G+=;0 z?^CS>oj0Voqdf^eV}dPEe58zkqEZwQu8g4ZgRvgbBL-m9k_pivQCdlq%mj0;ASNfc z1232=;#iMykL_B}k{PxI|57^}?)%*u?2QME{r|7hyRw z3Z_1VWv9%F!kC1SQ>K%yWnZ^R!|+CGOp@tn!7|ag%`)_o#bAMB*CSR&1M29;`YKF9 z)Qig%d*f8PxCULSU^eWUQ=EtFq{f4&P9ZsDkY_1$G*JGrbj0FMqX10;NX%gq-9&>Z zV8GEiD?`({z`1gX3;I9O`8p}9vjQlqWqZs=liftqDPXkGDJ!>!BV`FpXy?Ql>#3~O zO{)>LlNCpk4@l(5EFWf(Bcze)Gk=B+N#hYw01YfF+WWry12|N=$+Z}DOT=z`=>3@E4krun;N=Im3EhH zq?J>pD`QZFHkF~qm2)v-K$}q46pS4dN0}nYE&2I_M-|#!hMGpsrGSC-YkLaC9#|ad zB-8H*(1zBRV8l}LvZU`+A#?2_phQdwUZ3Ye-CR0;FcGn*vxBQmaAc)KsmUQ_KvT$6 zv-_seRUzIbD`sXK7#V~#z}sGcti)nvb=ATRWT@|>U1#aXidOcnjb2cJbCNC{7jbd0HUOxMs&-qvl0w3kvmGeOjLpx7dldZCA2IGr=~&nQ=A%ITu+ElJqF}oIZXWAwlapE-;LOqrPnqQLDA~ICQf*l z0{|!D=|2C=)E0h_IsH^sF7T&z8^i3nS2~)LD*<*O>#0Dh!6Nj$u49lCH3OgpXm457 zF*7`A8Q;fqIQ03cz0n-*EUgl&Lf{(GHgo%;mLI&dS;mdWGv;X1@JuyzavpsW^lcNK zeTUpt*TA7RHh(L4_IEl4H}D8KTq2YrH>}XsvHPgvLX}?!j=gR7Z_*({W9Qu8SqL=q z(yHnQ$@PY6Gqq09BhKSXC|5lyYlV(FGs$J{oon#^2cX)1c0y_S?w#UkYs&zzqrH13 zmPM!z&9S;UB+;O;z|Abfo1!&ED#TR)J@-M{rD~|TLs5HTqBA3#pB7#x-lY=<(YDEt zfc#p751G!@PnmiI=8#8-=KT49!FVah0zdP%jKOc^&!SZqvp~vnRY=W zYde(hMUZCXN<_8|IeX^vDS@Y%MP*NXUs6BN)BL{#Ae7kwqdnp;UI_oiB6kyhtn%7L~6#< zk|DRjyZ32yStQXML$jq(BF8?_bzRv3HfqgoED@;Q(LK)f=BD#DwtALg?R4|`(FD!C zaU@yM+?K|a|`QE$#DW z*K-J6L6kA!4LS^}{D@(jn<#5qZp`Kw^zK4PkIJ)~$kfIV7HZEsKyjh+8;XPO^BZO} zRx^T1N;zfs`JTr5{IXV*?h*{IGoJ5meX3J?@ZP}42zz|Qm!l$R9!GO#{jQxM**hg! za4UI$Ql0Iak1ZCHT7~J*DbS6M#x}`i~Wbp{ZDsS`Y{Mnt$OUV7y%VuxfU%QJLEw`*I zEoPZDIDI=lr!&(m%EG>5s8j5q$ar{P#c;{AHD6!0 z5N=s6?U!z|u;a|k?#BLRyw|;^{M%}u<37*6qlM%eh?Wn3Z^ffvfNS?x+xV0sB${0R zW4^*&4Bt{0EKmT;wsjk(TFvReQL-RgBXG>Hj_3`=s zXx-iS?e()@$ERR{<`z&5o{0ZB*q?q{h%vn6vIs^{5!}+Y+wG{=e3gTsF@LZOJ{su- zu~?i2X7>AO%WimJ&1G2kr-#Foz&if6vmRGGy)K3Pgo$;0p=QdDAywei4-So{IBS1W z@n51d`*37hBobAeek(dd9ZarTd@uC8m$J*c!JLVza~%$?3g0s9Q+A5dPYP0~llLQO zklazZTMJd_J1(Lo)aQ2;!FXYaEq9#(LyP?xTXx>y8TyZd5{z>q)RS2dyrtoMkpvrd zB6t&&2;+J+$)F*ar9}=>xPydS@D1k#|;?*~7WPE_rekJ4%Ah zSsE~+C&7~_T7sv1-KSzmv6;22a97Qp{t)1AE`ryThEC~)cSsZVlgd9;j$|d11L^3+ z@nT$xvcfle?1Z5lf8fQR7i9@>=*qE6P~(oG%0waKD?XA50ZNSJ;Hhy zUavH1nlCY2aU|19*_g~pP_vlavV`vz^Wun5(^KtNKZssG$Ydh(RRT20)6yp3YZf|W z8om}xxWG;&T1b)ANH1Zcm)koMt^U){0D0%Yy2)OS<1)tl&gdpv=pT^Ae8Z0a_#Z=+J_&98~GzIQ;bt<-IG z$XK&>RP*`w0Vy4EmTd|vOSFC>1em!Jvs*#SFuUPW&B#Az$;pQD_ZwHP!M{)vH-A3k zH!h@*=dw%h-r7?Gx>)ES3vwa^yS{(wQ?rx(28HOplnja3?#0RBYeVclpBjy_E+lVU_)`z;VbF;t0o_Iqu$p+xh&SD@L;ZDZHI4+1wgC zubwwCK~r3LCR#2QF{$>C)Bvuxl-#LLGxtVeJ>Ev5TF*cf#eLiPFtLH=&LHqxh`%`z zm$BjLBKB_%ZAt6!t9EU_LQ^fGMWWmBX0>YdUP)ImF1$l#fV`#xqM73<;|+hZ~gm__-XVSbSN=C3h#|7zMGGwMhwd70WFR@Ff6PW?fj{HHvNKkC_`sR+E7 z!>lZlz&PLCJW4o7Z~@Xc4~9yJ)6|{OwL9$cHJjL`H4R}%x2+Y`a!k}x5;YOt1)o+$ zk#Bl$Ex2`Sw7Jz`w3M);c}x{zezKjcX|O%H!Ihz8ffqa3H9o8=&vXp=4DtTf&tt%q zbWlyUGZ~qXTi%lP4f!OthhwIZQKR)!WIR4AQE^0GdYToZ!DkZkNWT%yoj-+=hCC~s zy?&;3fZMMR-oOxv-}4_V`pvgqON_HSAqW3gTx!l3eyu8%054J>d_`>+vbi*)=x2il{i4G6O4P5|za}1Lw#>$Oyy{44jYx>je#O^}r2i62SkP zBX@Xdd6Ksds6nT#Pi-DyDgAqZo#OZ!QCm;|;?Cg;STB>73J4$tDE1`gE-;%t+#^&q zMHQ3eMc_Leh_s&l!;-L<`MtnFam<0FEvTTTgyLLGFb!?4NjaRH#@XKFI8*MdSlqZJ zxQ(hxrlS&+=Eip-=7Rj1xD+b1RFvi|^iT6bW?Gx5!6*H<&L6h-Y6yoW#hrJorg6DogsR z<4CpyiiTgBY@8aU*~BRc;GD)}I5!SU@V5lY!yBoW3N&2WPGv(mo8~Tg6c|?tBjl$4 z>@r!dT_0s}M7DZUGxU?av0{+i@}R%OZSVt zijgiG=Aa!NHhWj&xRPpS_xB`B&%DQ?X<$Wr4pg=D8YUn-R}X`^E&X#h59{YchSs|g zv7Kv0*320_E6R^N541{t zN9`M<3o5%w zbv*{mVzJ<6&S_BdgwM&|@jVXT$HSEP{KOBak#=e`JC@+Li$}K&iVqzX)+Ybp;F;$u z{H1mhv!967{QEK-+Y5M`dtMdpIsiP`U2z&>L_*^$P&ZoeKX8y$Cs5^kFW&aW@F%=z zurXfa8CyW*DIi(g%A~C_Y`GAquQ32CZ!#}46c09U8!tGEKT^17;+yl{yVyYdzu1zO zZ+lE7(BIy#P;Oq3FI>$ylpectufwiLh{WCt2N1hWDcynz6t(@%-*>DKFE@CdaM@GZ zNa=8nX;<$$&8?B;^ex>3_fdLdxXo{@Q*rX%jE?`hJg4F19*x3fT`8}3uY>nYGw$m| zZvBL%a-A^i2zB#gf;s#TLBw-ES|sW^ggi#;Gi3E6N`fS(fcMY~?HzGk8|@;nS@l~m z4nf}(hm%4!^dO!Yu;Mzh-`AAZ0ncoWQcTuHQ>NaOACx!J6~Q%5`-N5zgI|?t&L-sw zNXWDf+qt!RrnHl`c+dZS`Mp!f@A)PHE}URLpXR@!^Ni;l&z-)j!=O~1Qp%^(=c5-( zB~;WVqC3Rn^V=19%C~9WI`Fre zvBKp9+S>K?bwt_yqcdtnr{MsAZUEvB=uk~pzzZ^hb{)d!({Ji`RTP?D(4hp1h6B_) z;&kRQw8qJ+=MKAxkoIf|qaU!goGvpbpZyvXgz=4Ya zpGH#27&1|K~kFF>%T!|!^(D(N? z)QJbRmzOvi@%;|qZja?0Ab{HYsagU-&!V@jm(I0M9G)^p(+RK0Y|z;O`w>Y~fv$Y5 zBqXnc3=AfL4HaC6wp=#Dhu(>Wn(Q&ALhT(&4UYAfeXROWF@DB*Gdlu}9>9+^cUOl5 zMZXw^oB4m@u%^GgfJlYrV$pwN_@Q-u(to~cT71IZzb?nVru)O(x0&C)2!8?D{w)^V zPm&p z*-3^0oc)VQ_T!h*-*veNkfCcgAtPomq<&49wj%d5B)k#c2((~COz-(0Cb_04v|7yu zeV~HaOc$d9N=O|Qo5#g7VQHXZM+SN91>%N{$aVF4%Gk|bD93exG-i3%fC($ZrOx?JzU#8n>#>oc6*p#rco9T& z@a6aSdgCW*Z`^qIS`Ye~3Z*_~qjNIEx5%gC&80fY%TA&ERRVb@l0y)!wUPQZ^6SVh zCqfTwCoS(Wq-iEHX8@(^?G-z+m-Ho-?vRB_Vq9&yNj{cgLy9_58yIS;EKgry7oJv~ z*U>8)iDJS82sHw?k^CkWPbj9uCl#@I#2M&ZT9`ZIeakeh%~XsL0m0KO(`_aQ36nad zM{NRL6}3+#61v-t-0wwWww8YiCsCac89oPWm^9Z5_BEe~(UCU@TmEj8-$@} zHl-9Q9e&t=$Pd13_n_#{Tmz4(P#oXV^Lo7gzi?#e@52EM|$ta1r5RT=c!1mP4ezI`zlUXTfgTrVBpWh-```iclHkik%Ukshi? zMgQIU#*_yVdAQB6?eSz z@BH=1ICfA9h-_@T3K_+w5}sqZ4^1^vZx{?`%40O=IZ*OoQ(_zO_3Tr0S(S!t+CKsp zBsY84#%faTejbpgj}6;Xn;LIyO-stMT-5eXCMigzxl^^%{QY=k>u7R{W!D+^e7uB{ z^xN4cd!wi1aYU?7Yt*l6yqCMH z_`A3#BJo0b41db4ov(>zR-!0)k}ZmZHRDmpA+J6c=Q5yyu(#LknwTm?&!D|z%0SI< z&IJ4_WN--~Eeo9B%961k%WOWeg=>guJaI`6X3JJu-Ona z5WnteN2zyVW1QH`IgO4bHBkQaxH1Q$1MnWP32qruM zrGWMR&d$_aOA$dghXCR#&ImaigqFE%h5Ue0XWu-{p?dPE-y$H+I{PQBK;F%;9J&M=jjdt^10Kd$vom zU-<%om;&9Jb-cytDG(fnY7;UNG{dhrYS4-=vPYX_Z@)h2zSbflw=(<)x_64<)!UpxkxnEBHUR#4l zrL7f-6oEtn_vU~c2C60Ve>jhHx=_Y%l4tT28P!-vx9%yWG_rjq zJPKVbF1*8JX(x$QS(@YkI)RQUrS4js10JuOe5%(`*Kgdyln%y<4-bSxg#G9%&UcOT zn*Q8wNGmlII{%uW;*H|XnmF(S>4GkgEP1Q-F7lU?$`E%Q0A5+p6B zFd#6HSKPImd8;o|87z9&Z#PFZx#!#O9*Wo(J-pf^S-iFGXJ7mory9xslhETlWhUx_ znJ--MxX*Wsy?PFZ5ISg;b1IoDT}8?x)4TwgK1P-`NcY6)BTbCSUl#|pLIr}XrO;^ifatI!IYB=X`jR=+ih_mtND;5eYdXWb?|Zfd)@w!V1T7Vav@cU_-y z=Mn1mmDT3AeCs${;U~>`e&3j}_R+S2o!+-?-}k8Uc)*7&=Sv}OV^YfCPTHzWF+byF zKHoX52r9499H^?vFECr-(j2xv8%I9xT0y!haO$F5Q3u9uGc#zQTTEK(I6xG8ht*=4 zGlj*`J%eBHdhT+Z4c(NtILUqw(Ct7YX1>Aeg6_6m=i{saeFT`i`ql7ttjWIPn<~m$0EoFI5ajgpN zNx#Xw8aJ-*PU6mCPx)L)6}LR{>3{7${s)8NO()0Z2GyFH(ZSxe^#pYuU8 zfeAz(De#~*jDYYEu6LUEnQfvE&+CMyd?C=&32_23=pQqPcQh~`j!jFbF;{wn1c$XG zI7LDfRvDK@CZ>upin$DQ@5~1Jz1rW+0j;<0nGuSEolGrpDd^U|2BQ(mv>a#ND5FSW zi)N;c3C_M^SAS$cm`8^sQ(c38{7;_&^M!#H`T2oCE`*tkzvsieaB!fv;HGd>^mHF{ z9Ra?M;)Sh!M$cW1#Xl6^?vGtKLJ_(Y3|hc3Ob^77lpfA1`pG;9ciX}CZhf}|2J|i(Jhnvse z!jB<_(E(5ACG807uw@vkC(x8XpZzUR&A0J^;K%qQh>V6Fwk97$*%15s(Sve>25HQ4 zh;t^sOyY(Va1c;8X#uV1kQr!NzuvbaweC{Ww`jRf%@4JL>W3(buQN<@U!BuYhz7~; zrzN}^C3zAF`p5n@rii+=%8<#1eHnCs9(yRWb8nF68p`(->AUhHrjHH1qvoD`F%u>o zYH>@~y`QnH*;jUb|F)6hQ5=~i5{f7Y=NAVW=myujfac~zZfUyjNM3!W9dK6$E$d!* z-w#$7T}<|-W-OiTcvrxMC+g{|{J8?rer=`^d)~#^eQI1=E4y6dF)$O2{Rq}V(gt+# z^@Jo+1eT6?Bb}*iHdN1=+)Oc)UHK5PdzbI0d}UV8b7rJX7dyX+LtpG9KRWV}g}oP9 zBL;R8itnj~s4X1uV}B<{;tAK;9jT8vda+JDSGn=HL!{@0;gmSajX zge9hlMwXy5jF{y^+N>7?@|&k`N6;b^dx@Z}8kI$ce7x=;V@67gRW-FGs)om#m-6 znXDBTPY+(@Nh2##wb;GHW`Ap`QK){&gQ!}yBcgtPSXuQI>e$V2u<*+v>7LtLZkgAG z8K7~W2rE>(;(j%9ws zXM)VLXAqfV{&rBnz7AE7$Z~Tmi|gFMB2qsH1o{AlK$c19f6(WM&pX-b2`p4aTyDEY zKqsZ^JRL!Wru*Xzw0}wWRe-f)(N&{i(M-{X5WxuO>h}VZ7pR&-*O`|b5f#IY32I~12YInH;w(Tyk}4}ZW_XPn?L z2j-YBT{X5@@ruVqJP~_1mj7);auME(og&)%-5V&XvM63#lxNz*Cr^~Y4C5#iPIx8n z;&F2s_Zee|wO+$F*6PL74E2~q#>b+a#j95oJF4lHrZK7aZ);A%THayZCP6=QqtewT zMj;iNLP@(~7Bp5_6d(S6eH0#7mR+PNB3hc8LU7U721XC9ke6yGuM97zm-Gf?VRq?u zUoi&;yCquKMX5KuIr)Gkm~@j^yzyvzetf0L#zGTf6hgUlds?XAdaOl;%4?S! z6jw1A0?wrkjXM5a)Ye8=Rrzq(vQzbZa)yQNEf0`}!L>GZE@HcS6rg z+>4&*Q40pxlV5QM2!77qkM{!+88i9a0lv;R(8Rg<7vH=511dV#h5ZB4tgkbYcM8>A zULHU0QjV|ki2S`gUECf%50_ReafI{HZf+lTV_KB9^S66s=_qM_j+v~d4Tzq3-yB$N zX$7Be$K@va_#KeMMuCwIW|eW2GGH3l%mBVJRh)ueXR!&RzLVScI1*9`3^uP8gBP+z zUHiK~wKGT7n|682>z!Li4_vh^-V$6&VTOPyHDl_W-~Ioq>zbnf<9%}8=nc%766=~e zw>NOS^U2Y)y1QPnymR8tiSW%?`CkXKM@er@-d$OzQ}T`$m)nyZL{EDw5$=NyT2dGF zijKd0$QMlkqB+$5{#;6D7I!88?+mwJ-VPkNlrH~||1X#Qf;Q!jIk{ML4L*CJm#XJS zn{-{C>$+WAXAc^+f6rtds`3^`ZhgfT2(oMc&Q`^}lhg_0HxK332}duk7j7Xxc%0;b z2{cU_1mc%-`*y9KPi?iBKfXf9{MR*beC+0IT*;R?`>*TM_!O7b^{J)$Uw0*^%W?AJ zfjY%UZb3I&xU=Zq~tte5L=_D)RqYO^VihX`3v5 z{l}sJ8WCQ&+NaCIS@_ThA%!!Ov`CuAc>CcJAV%An5}@r5bsq8i7Yf|r?*)8KjtH;3_7R#eJZpXX~k)3`0&pk(mW5<1QQk* zRD{sbP1aUzie(ww5c~ZZ^P}quO@HUL6~_?5vb1*HYDQpPEqH5$qqmMnoh;eu39ZrR z6=W5{$d*_NtVyKJ^nX`Wk*lv1R76tE4eyt_t?z1v4ClW5E<9HwZ;-l-B>*gy)vVUE zV?I=xbt{SS@d*fR#|R=((CesI4~b)qruZyo4qx%*zQ$(fS{)=bv0`CWOf&#x!i&z@ zBUu&;$)d{2Wgzh|6GoINoERo5#E}#tqKkGwuk@?jt5Z%Eyc`4XwFge$orUzKmZV+# zb7$S#7%=z?ilxJp(WT>^nV8m*X8VB>XbhAJ;P&AS%D=v<$-4l4lw+R_LkIG=+k_nI z{(pDZ3vx>jRu+;#mDX7um?MEd7X`i6RMCjL*+awi8Hf=;1l$SSaN9HXH^X}$Oc}E4 z!eo3{Gb?EdDvnt#HIC3sw^$M}XcadZDS5GmU{(pqn!eR<+k75uwfOX~M{^7!9Ocbc zc-iqa*o!0%$2N?#F?_MRuT^y;B-*{>dv)?_#*3uEqP7R!@i!Ym$My-m0D)JmIB_`U zql=1=HXjA(#B(Xq6CXRNKqQuN|G+Y7*T~u{|+OzK`jh!4@4R6C2#bo24n{YyVZvnR|zpHz*tF&hW(g&u@jH{Zh9`C33oln!lG<1PKveR4Ni7zLJYmg21ajuy1yED@6LXUqR6Aym0C}H`z zc!B83Qwz>-!3TBd9qGkZ6(AAOB+ENyzdLB@-|WgFt7T9* zpz)M)#n`p&PU(}!8Z2k4*hsFpC~9(Ph7nt6Xxhx2jXzqtm#$aU{K;Ix%391?!fN}g zP=C6?T1LcK3_gM*B`J+TPKZqOVz<{A#2k5gH?|);R;jcIu2|JG)s88cd$KEzLj5W4 zv^OJ|u|h_TR7v0b+%!s$&BQ$cLQ9ISsE#mdhElVEK__>uj%C4*LLyI;>o-AF3kvwD zP#u*rpR7A5Q?b0uW~^vn2}f$9e5=$cB*GCIHI7TJ5RonN6If|gWn)SewV3#GRarrQ zSs}fnbv9d9O*#ToJGBym)46_m)aLGErSv4EisFw@KLKhJqCEjT89JIfzhs4=Y!M0j`cma}3v6UO<?`=@>zrYSJS8qyxC*u+BkC>M=p3u0BYRZg^6>qI%BNX>q%vbdQe zbnOyVe14NX*&w(qy(Jo6ig2Ft2;oFYWTXW}ieMw9Fn^<$w$~ET8GvtE(@cnQ55hYC z2b8;M>W|)XyDuwlKGhQb^T<+W`r)OaK4#BEzK^`Z<#apjfruefvrBYi^8Mm(yXv{B zU$sY-XM)cY@P8VV?x)#G%6p$3qo)iBAJYZ+nm0A)kMdTX-+NTyq`(kGh;-i|Ni0+i zZpWOT5oWMZZE6v$u|qc*1TmZV+#>huH225ToFI$V>A%s4D-5qn*M8h?p}Y6QLLK$r zCfxIkw5g&WiQSGq1oy7ZBtOpEGQ35e)Fn|$DBSCHy>uO&Syx+$TtmE3O+)TcjIF!V)vPJt4bJ0x79zvYWPN% zLnX1bf18XAbTag}qQ+#*_Is0EaK|2`bgLCEMA&R5d5*lhvqj-Ea#CH!kV!oElaov2 z=B0E338f@?hpd5;jJ|_`x|}jS(d4j&G)GtdjzcBNETCmATUjGrDg?<9yGwRzJ$qlk ze6@2o4QU(PbixFVCJxU4Voa+Wbn&4uGyYw3sTwn8=Xn&zua5_l|8oacoDbQ_t^Bi{ z5btu_dOK?Jb6ua08!f|f$0cL52>oa*jw${+aEggs@ht?fe1TsR>8!oR40OItw>8LZ zp37cIE*i+rpc<>Y$zBOL>6;l6?CSLMe0l#^n!8zl(!4@eVoKvC6Iu&&e!ZRA+C4ml z$c?E?E;!t@js{C>_xvqk-VyJ~Dm6fWBKpilW2Y)LB_R5%5+C9J;FbT6IdNBCnrJYWC}dErnBk zMP57QVNxBu{oKHi{fM<^(_qXOv#?ZkxCp$yNV)=1L0>$X$tJmkhE4(!Piu}Mc1%k$ zyat~QixOxfo{oyq0!;lHZ*B(%hr1ld__eI!*Iog0XUTo%j}&DmYbV;5bgkzb3E zewr(Ao~)RkSwe-RkSmu1Gl0wjk*TD_e=|-H-hc7X&m9h9>wc({c~59tLb+W`)hD z^kDepFm!SuI9^I7j|Sy{nfMU&&$?l@cRuY)U(2?c^*65(x|RdG{i; zD%2tjc-k#V!`6iM^$L-NOrB*kj5G8Qd;+nw*qcneaG6L_Qtc4vc`UWy23guU1r=k{ zP#ay90l~#hE_m^gBI$z2q?!p+1vS`Zac!}ma|OV2s`Nrh%raK4WwY;MGRY%kc#cDC z8&aE$O9j%2tl>Xp2HU~w9V)~_Dq<1QVq(VCuGo|;m*bzgcBBQc-mdmYA!o?NT`=mLuCJ}jv64WbBlC6M6v8?HF{~i+FQVQ&W z_c^2c9>N`9LnyaHzAC&}X_~%DGx-2Q)0fqozMRSr&npyz?}VRzpf^-{N-wK4J-vU1 z-Mj&E2AzQcOa=ghZvThNy~Df4F3;zsp~mB@nJYueG;}wl3L_dgRMC2GWpj~LK_Hop zY>xVBq#c0>)-a}QA`O0acs;y&2^lP>{v2EiiQ50i*jq)#@jYR?xVyUt2^!o98eD_B zyA3V_1PBt`-Q6uPxVyUz?(S~+`2W6han`vyH@kaH&zhdq-Br8lsoHOU5nPm1n7h*u zO==wnvrLPHHCDAvFe{bC?QGpVHr9;k1$J8tYg!Sz2+R-iKo8gQ zS^<8W5eMtZZ_wY^0z94m;m%JTf8r?S68T^5YXr2?r7_{!Ya`etUkszLZ=Q3JY< z&+Ks>)7RIV2eSeKcPQ`P5~k3-is7(+!3 zSAkPLM1F*=H27y$x~XIWLY|g{^!&ba2JQvkf^U%Ax^nlQ_GR=BSWPHZnN?F*#SJV* zr&TE}W0~vwDwug!28m(N=6%4}lEk7P;+-vl zYaK-vo@hkqnr0^g60Azx-UPB4zc*lzPVP`fHpoesEQYqJ0(rX7L)>&b7Z;zQ6@$UP zams3o|GJj57_ZHk;~_fh+UkwpzQ{E=YCX&s1Bo ze)VciLVm7nHOXP_q&z3}uexOtEX+3pC9>rXkVXu9VI)O398q9|=2}>JshVVvU=cyv zpy1Y;>llf3eQ;6IgyWa}CRb{`D$Cf^d;7!?`D3VB@o{$kS0covOv>A%lq-PVe)mYoC7-0j`HE zz$9;b@uiZ_Y_UJSmW;<3xVC}enXs^>&3a=f6b&ro{&7*CI6yTnR6SCMGX?vLC*RMC zkej%pmmSkwCg@*kXhV$ilplLC7LuQ-?VaJB)1bVqun)l9FB{W&EK}D(S^`6~IS$-$Xvgol>2erwW{5`7g$wNAP1cOXZ?-%;mlmz)lheeD`IW^6iS-)i z#n{Su_DPi<`!z|Bl|{*hp3eyAukPO#W*RD6b9BsEguyGaGh^aOeJOECq>o~v&)Gu(2Uj7aqe7k|(j0JfM3ivi7zYgk!k zU!CZ?w5%|$qO@lURCYle#PLT(#E(%EyIv)y7MT4x85(dO`aN%@Cv89UJLD=^=F(|R+~CO~ zTNAxspayXFe!C+!<(G;X~-O@{py@($KhDGXo))FInH*Sysz;4g$@e>>Qp zQM)-yd)q#LEqKlO^YuTkmE9r2x7s%ZpHgGc4*VzU>rF4Cv?(kk5byu-%=b+3AB%j_ z(d4uyP&MT@RczKG?hl?1fP@X!{Z7g5fL#zXjKqjub`F<}%?@s&9sg$1599!m9;kg* zZ>}y()5%{=E}!-Ug+Q_T>*w8tLM$^hb(k#M`*I%9_LBIdgpF%!p}5-Zp{0tuduMS3 z=Z_Dc@#W(e=T(d2C43xx?!Rw&sw(tDB3&)9hWhOroBkdz7w_96x3~E4dwtiTIfnYe z{_kR~|BiG2%kkm>&e8k31vyhn*<>RAUQf5DDVGCtkNC55Ao$Ryb!ZaEszf8?6rFHD z25vxD#;I8ey^!#sr%;#d ze7TbWkWtAfZp$4t?A>VtUYPiR$(gKmv3d@PFPwb9^vrX@B4Gu^+oJ2wF^9H9DdCp6 zaD+i$^XPW(&I|A&$Op{M6jo9M3-XyCG%6+DvUy10b_5BlDdsSgOeM})jvjOD-=zUw z;z+#$L&WwMpjgYF4kULyH66$dj%x2H?S zkJS$D%0w?H%@y~DPhAe~_*_2dp-nURTt?xfayUzr(&y+VjuQ^VlmGqf5`<_-iCWncdC0ar7H?I&}-*ei|*cL_Tx=J1qEWy~E;crCZ{0k+rOfs>iS zmWnwXB~xj)bfal%R%b81e8A4kLGkLTl-u*Yu@MjnusRcdEJ^JF>hs#7$I{XLgT3Pe zeBLi$bf)l+Nqj9HmT%HPzf56~$p;kG9P*N9BG1opDrW9*=o#*27pI2&uEqIfjTh*U zDa@moLtJ9+kSR8|dN|+}dzuTl-#qL;cG^r{Q_SOF1lnE5h6ed^9K|fRiwXYxc9=mMc zwK!cIC*Q@JPt_Rr1EIZ~Zt#U)NqB*1nY2t~RPc&^O6Rwmch8P5Z#@2~>Vd-lCP0yA zFKax&iwxmMh4qe5;6{e<<%Ij~M&jdN;X{R-+k=b|FEwGD7hfJ=XNGXq(8KL|Voa;> zl0weuK@2;6Q|f84lk%OH!;2sfFgrtdN+IX)K&dXNaLV}>KBDLT*}gNJt4z3SLcFYS z%5m-xbbJebleq!ooUfm{fbUxDU)H#R4jG{n_8gD)b;A_K3Tw?diiD#(7)U#t^2OA= zLs{~3YoJg_;}WpQHJepzApwEljzww z+5Q-ho5Jc>BhZUzRF>P1PL4)hLedm*0_3)%&Q2CEL=$s+{|wir~AgwWY5#|S3bt8T{Bi9 zmK-8V>?CR3EZikoTFhc6Nli~w5^^qQ4ik)mIaMSG0)Gf+JTW0KEkS;Q242&L6KuBt zoKwdJ7D;plZ|NEFKO)$LPcBo3pM1_;+adW>sVm##`5w7n)?k3?!Z zP!LZNm4ifs*rm)R^GpZ2krr@*VcI3JDIoM4`RP)$deYiK zJ>VhNgYjmt=|4zE`w8jnwDw{|4Ir zbOkq4i8ni&gvU~1ZDF`UdZ($c|33u=PIPA7Eh7s3P05fD2@^5sC@x8kFqt6)b~6mg z6xV)E8e#%9v%P9O$6tQp1h+9`Fm15Gqav ze_^>vhbYGi+~f6Wt<89u*6HrjhWQcy{#a`{*!-VjPuzaGR!uy&-gM;%mP23`Jk*aS_L)*;vgf&(s1cChQ#q(*k6qajCG&Z+L zT#zy+CYM)D2F4MUCU1ecW>iUg4uqos&;8EC>iyv$9(^5c+y6|MSt#RX z8_mV0Mu8VftbIIG=le3&v;O8DIeB2I?iXv8Scb{MH~1g^CcvB6mWbbe36K(ZqeoK3 zsz2sT;8A?X9GMf&?j1ok6yKv($ZX-+USpww;=p#A?0bo<$A3Q*telWe+&7WR*Yj<1 zYOL&<`l(MyUCL1@-P$9sPeiP2Qe2AlyF6W(+nk<|{cCxZaHv>Z>i;BS{+4dLB(MFO zsZWW+OR^$t*kSEb8Ml#{F`vpr(9M*V4sY5{89lZRoapfRtXupwe7Rewh)5_noZ8sF zJ#-xILG1Ls-Z`<{zaP6rckJ)zD0#e0(U85`qQgo|=$LySJ1m(RUbxP_alhQ(2j6}s z*zh|u0}BJ!(3#Su@wq`cmAw{zfS;YZZc*G}lKWi-pmsae7!1TX=SjpaW`)!9?$e#& zxj*3>Xf^gw#)*T6O%TCLp19%Km-LXcQV7u$WZNN@7|Fq4?R!}PExE+x_@x1f{K|MS zc^sii?2t6igc*~y$p0;jtu?}#9iI~86uzNmzaIg6lg3GYJEo)ql(RhVHhw68*+rmG(;$QJv%IL1rR&`Z^H{DNMWsZIA7JMj)=F_ z-#v_4-bQl&(h_m=CjrU5P|!#}u;{0#MqN|WVBNr#v_*7_`68DK?O-C`^?uM&;3>k` z@$VIE{sQ-lx1R}3lb_^l;b^h7sdc!Q@Mr4DzQm^EQ;#ZfG z%_s_-@MMvgzlZZZh)=)ybGWgJF1DA`y zH)nQf+M;t3--zYL{5u;JG~3dN)dbEvJr!wmFDZ!N6_)yQihKx8G>T*J@-tmyf-_X<;%qM7yx;=wmyDFgCjwj2mhoQFjWU-Z4!@zbrdm>@<^{1WG#ZnaZo() zjOBttl22jetU;44m54oTW`py_&IhJIPGn!xIH0pij$pcW$R*qbFOF&o)9xR-u_dVF zpXy>}($JT4vMv`@$+QZ{z8p1*j2QWv)vp&^F2QN19KTL31kYwW&o$KNr8{rkWkrBG zc3njW6GNqH;=uzY6{1P}zaze~uj>xEml2{^W3X=`Rqs9nt65(UHl8IjH#`^U8;e-5 ze(Sf9-S@SbVM6E4u)2WrqZywTyFT{OI?6z$%~C79Hr&Z_xx6}hq}r;vkm6p!VS0nH z`1B^c&gYTKrle?X2DosX9EIVoo?In1Qh;+;Z@XCyc9b4OF64-2`y+h#}*d zG4hPPzK4fH{%yR%|8(!%Kcqgm#iVJ+3b)-5N5$jjZ?Tp^-Oz_#l!}~0Sp>!#zOA?# zkCZeU*|A?{ir6PxdQ1ep2k#P{9rjwFOYFm+01iCBB{x2Mx&Ea)2RSMSr`6=J!*Myn zh;@mzt-qw0GEE5{Sl>eD79W_l_ge>KtMkvVTG781t&y#SFL4jZgT#B7tz4p(fK0yO zq)Uf@PmAU&==}CKvrgb8^j#uHNi64Mlt+3pn<5YwQT9)P#a^kp*H=gkwb27EHFk z3yNZ;#8tUWQE|N;1~^R`qYFO2ZCg4x7JZ%@4oHPl8%cWPLgPlc^j@2U@fbOt9UbzHW(+QS>r}Z>PBTW) zu<~Uo^YnU27>#<#!e&<7SffTA9X%(z++d0FJeaaNEHfJQuasZa`njXtSWK2GzP%2t zRMX_Qm6lWLtK9P_`qGIiHlxvw5ml(!=?B&`yUuf1jLV})e7DC7uC|3QxJ_Z*Kp0)A zICM0y?D7}H79r~-^gi%37tyz6G0!(&?5sbf^)!N0>!&uiLxoJseZM-XY6F&#{Fe8o2Vgho9d|YItZ}GtL8*Vph=b|I?;%Rhr9#(xCF0>_;vI5 ztPQ?nU#`ik-Ol=zdf`*9shO-4hfO3#{InHt$xi*5WnrXN+l}2$dws1=n9F7(K3DDc zJ#jOQmF9NUe(Ht&bZHzTr+!7%<~(k?_X4e&4`<${)|q=S1x`fy7_+X<1RzC)z2?Ut z0H-zEoC$g?g7k+pR&246f@p?D4RHlCA|Hs)Qr=9G8bC+sqGc~SY=tL_?o2@wMujQk zV~*#-h|PsvDlIUs(+!0fR=QKH74?~Abk|@Gdj&<&k4Z=;@w!KOwO2`j#^Xvc-Q38& zGAxC3aTWHg5#2;^*X)ran8?f}5+xN%g4L<0rEN5@aP76j zp$1x$=-K{JH3hRblz5Wy`jT^f^15lHf4!7Lrk2-95&|eFZL0pb;BcZ z|MGS>YWJq+UXJ}?t=Te8s)QBX8nvMtCj;rR5?#ux3K=%=$KI5~Dk&O6e+^iShew6| zr|()YL_I|k6BvLLPg4=hw7&9hY$L-T6h$4r``Yji$uEJYro>VV5ueqcd+u~uai?F? zcYhhg3Ms0*lS;KhV?NX|wD|#qkp9yuDeGS1ljtSXB=a*50SCz~Z<@?cyrlmpngv+g z1j+k@urAdcTM>!uxKF3qH`SA~W?*XFnBYb*jNM!ooxLS#UJ2}ow6B-{iang}<0WX>ye7B9yYVl)3PFT82>Zc_Hc)9KrBfbJ5+-eC&^8quG-Z zG@;q7bHmuV2`X3phAV-#g|J75|EgcJ-SOm>+d?|z!Fg7j3-Cy3Io6IHIu_^IYWu9NeHFyWXfF0^4A3v+T*#;4LN#SFfkJ@cr!rMZ zKFGDz=I@?{lwd~5A~JFjhY>RqU?iZbU#GhB;vc`+Y9lER6i!n^3Has^!eqni@qBeT z>NWd(F~qQ&)lFK(&P~ zS0czm$(do>`6so>yCKkEKi3j#=wD$F{czi**U1g%lw$2knW z(x9sQY3Y)}O4eW_=yb$DO zWAO<7WP4MnToD6Ba}Ihiw!K&#A7FDYI4wYY2qIe&V`%Lb5_SzFWG8^VH0A(jj+_rK zcz#{O@Xu|yLGV<^3AesDAbEHyY6+!psiubMw!zK)`QU8~RoK_<>7iS&wY^2S2Y$#0 zpDxC*(T)LDNr>iBgtYzN+x2~v*Po5fjut`As-+rq#Y`|WQpfEO6eG1j83ve3P= zJ5;~hi=CZyLhgsD$<4L)*Sq7Jv1=|bOJ7>6%aiL+v;Te$Kjp{X2|`EP%hfgXhp*@R z$W!nHk0y`fMot|1Wfy^x@`WSe|4zGfkfJnnw6k^BH?RSIPk1Dsno`{8@cZ{nO1p>c z^$LTFk)q1xA)Tzw!EQTvcGFa)uMCs!UNHKj{(W@8!|W7x!DIdv7U`^tvZA)%^K@d> zyP;{LvWmy{bVBEBLWiCWlwDaxcZz;85`VE$g;%=()uhv{fxK)3IrcZ8Wfo8YWv3n> zQj4T~M#3Skqbq4tfnbOGtBR^t9Y!N1P1nt+0_{z7;n#FQcr?G6;%suBsacxZ5_$q! z-Ot~*@m)(Tsjkk)F4Uk)DTWGbMvT?`DwrDkPGPj`MWT}C65tU zk)@ZQu*Cld8ndZFhX?hSj`>VDir!CoGQ#!)EVC5)%3|Ut>h5)t1Y#jmqaLq0SZW3ykR)2hZa(myp(s9CJ9?|Cu{2jpCY*Ejd*6e zy&yhW^eWQU;QG>C6)RD5&2bB12c}vfJCR96_jL0_B;59zKR!t#X#0D<;-`|r#}#O^ z^((#Bc;}u*AElFt3Kz7&mmQoBsXc!tG8)ePb%AAP{@S_YVZ-Th-dU_v+I75OFa*n) z^?W7bjTu3R{ump6J_|9|54%8IjEviXiQZUTb_h-susbudXR##HmJUlJ?-#Uz?kjm@ z;%v)j2&WUk7zc!9tat^UVX-yQCg@L!kmBJvTrULy^d2GH53(Ej9t?i8?Pz4d3-9s2 z@=HUV@F-{u06yC8d>pR>DYzYHen%dR2j|H&EcZ z0iZx&vrk#YNG;x{AaCgx?{=^2L!id%AHPCqAX#civt>Vm5Cis!8Bs%D(`SK55XQ{$ z#2}u~M5E8yL!qKkv2}%;>|@&CXp0BvoiTsR2X#88XP>8L5QhCY_PzKn|I}rhqEy~n zZ+>jYd8}lQ(EJsWV_I5MAe~8m8O7mO9B){titwDQgz``_V)1(#fk!SHe-&y!V#i~0 zvEWuRTJ|6L}@n0}L0iv6ABq2g4;@y;e$+pe00@G#)D#I2hbHv?ke;h3vAMFRU>(o1_w7I3*#6tVg2yCLgscuyvIox7;^prXT<*(N+KCU*&k zx)))lQc0gYU~*9*`}x0;pje^8L${4xv@i+}P6#qctc_zUX|W#Bf;yPYPX-emMD2O< z_)b$q?stxt1jF8*7z<>`A~yNYQW7^if=TH+n0^mQPLX4Mupe&TUU=x=SE5^a3y|mo zK7ytjB(@&&jXR_yG-dTXmKobv-@@IsyRG>F3uI$((m~WQh`m)Z8H4qiOP8SWPV)y5 zk%mVJcB$pYl$!GouFRuTuW9pgIDthPU>#$B3HWwn^(<1Pv#ac}7NdszVPg z$bx;Yq@yUkl=Zd8V&Hnz5T;G`01hx_GwmeT@PmDf&hkBkXea8gm~eQ~&Fw_!J*>F~ z=I_9>SX#51KMklW94xaZonAgICI4*JN?ttvZOr&Lc9t;4wNX`bdr|DqY71eSq2$}s zB0#kor%5%)$MR2OebZ=bQhF~B_2Ol9F=i=lqDQaIwOpNJZh8NmFbZt-C6h@h^@PTQm7m zM|^GK6q7Cmjo_~k6+t0BLEctj6|`jiwjff{YEyQzOk5=8)zgg zTa^(*EJFrG@9p1Tu$-2G6YDHA74Di%IXNRcgMIC4j7S+bv2&`VmrxbRTUN7wQuzD% z=T)996(sCo)_0D8=ZUSb%<#X$A>QX-ClVD{S}OMu=ds$WW~q%b7=&;oY>VJeV07p3 z=0?ARIm&O>_gz>Hq%ioKlf&w2wO#fQ79DwXm+iKtD9q~EVdir2B{)ge%~wad4tHn$ zWp=r#$aVOGr)d(=6X7tEjqS=N_0dk_^>G;*M$z zyJy6???Zru91Q~;zjWuToglA(B|Pi(CTN#+wcrJ(Zg@$5{zB;y@x!>OL`F3d(0KIy zx1$UafH|oN>6}vQsN`q6AXtT{cDKR!n}qjU^Jh@`!x&&GrP>(bHx%^t&xe=MSYj&U zm+yn+0mM|@Hges)a)!iPbzrRN9d84K+?Ltv)e`NY0cm@^2WH(w65!$#;+9TsLt2-E&We@A9k3>utBcZ*y*cEa ztma}PI`X_WQ|Ew z(o7A-gW+el=>KGw_EQaN@G2m|w*3|I6iZT4NMdkI_g{ZN%>3o?9)o37)rwjGh<{tJ zo11q>FLasT%MSwE@pR96dvAo-^qL|~|J%q6DL73~Ka{^Y$n8cTt6bd5WoTh~N4D5D zuZdf_xbbe!Lo75;IBfUlb?P*1YqkWn`@b1Z{|<2&dCf^Hv<-tpfO}oIhCqfc{PHpy zHE-)X9Cfay%oROcCAWKH`*NB!2{NUQgLUAllz(YA+0m-V`(7bS=q4c(Bcw*(e&9FXGpGJ zVHfPxSE`$vE3L5KE=kyP6Hm({aOBwNJ_KyU)Ir!8TJx?7Lw7BbbwLU?YIb7eQ;9_x zpJLBH?sl5-Z)|w)+KdUzO`zS{pot{(?>%I?SN0Y1y2LAPzn@Y8TzGW{nvpwgF?OrP zD@{KLYJWegK?%9FE;ruq-@*!ucv}*d9B}dT3jiOT|Gney5@dDyd)y!FAYL@;N%imp zEJwe+&ja8Wx%%+BPsd32jQcFdchEeT5~$?m@x4hP9WXYz6~^st*i)Kf1uF9WXHQf(ONk4_iwEC(E=CEj%o<6UI3w(p{totLlCjv#Uso^+lk+o zLg1Vg#-M~P!&aF0Cd*67RW1mY*P7QDoU184h<^Sh30fY_5(!;P6TE)f0}TCL1#3fj z0$YL*uOK~`$up9bzta~8=SGj{<#_c6g<%;HSh>5EPvn079aG|r6am;tuD$35tqUe6 zNXPxjOGc045E@0V!{ic7^oSttKffLx(UepU-aq>vz->XBlLeP4F9K~T2H=mPn3*2Y zkN5p^@l9IGm5&-jM>v1~T=Eao??JV53IAAWkIFyRV^$`p^7wPDCwJJui>u3vt6D9K zQV+HSdnBg~HT*8FN2w4>*~5dRW^T&rzdV>Xtci}|U>akvWv-H-BmqXFcKDO-e$~J0%yVV@915i85KOAp5G~7)M953cFZ#Ro z79uLbppL!=*J8ld=3$hHH^rD5hjJoij65*HXMbi2zv%A$qM$Q5WpqimD*Kqv3}j$N z6nCF&Sr@Ul%?25!H?_kOnts5^T`h`{fV;nuVzWnhVen!=jbhxfJu=03ks(HtFKvL@`t@yMNErUDb?d{RpIB^6Tz$&BV%w2^|3KDqC&5r5aJz>G}F2< zAKk#E&zBSE+Nw_8+@t@@gLO4b0CuBsQ^JgEYIw-_A?>;>w-v*bQ|1A4KlV@+kVho|3Y@E^Ug2<`2Ll9!V zf@3lqyH9{%ycs;+m?jerX$PMHw`Ud;$Ty>NC9?K7_K9>SNKe$ zbQA14jBHge|K;i?#NsViPR3n>PGEv%>QkOV^w2Op=`JR7-gBP15Xa-hd4eztX-Y!g-Pn~@WU-4OKIsPq~bZ}?q=X|LlT{OxYaH~p`R>sW{sHDDDS(9%$&>_k4VlGKYq1{CKo;#b zB36s6;$=N_298+W^0YCm@$v<}JiHaiL~op3>ibb%3g>zZz6L3k7%HOrUS03*zIvyq zUd@XGOh`Khhe{l$9+-9`ecx`bkIvh63nCJPcAwVow;}!BC_f*YbZfnCI1A!OM^Zo; z@)XZcUk15W&IxF|n+uQ|y!R7jLbk;x3OwH= z(0;S9BRT^Uc;Q^_;EkcNBV#SGtT)QjPe~u%QkN^N4{aZ2W@8Cqyq0#!T!awhHxJ-$ zP{e7Oq58~|t+g}RhPdrF(|~9;3Yk?=WKg4>^(fQs#WVzJQ8Pme)IJM&;ZDQ-eUd$z8m9ZiwiN?%zcKSbdqLO7 zdlO$ioV;5sv(CwPZ9n5%e89``UN5hYZ<5=8I7l<6s;^I6p2eVRv+Kpx?dGH}G=`it zMg;im+4ArBZfju|eMA)r@9S^Mv+P1$9RkOdl5+p$;it5`tGeXM?bgkHs#zqCto5& zB%xgm?^QhXIMdAE?lo`gFR^j>S)NC4C7*qjj{&X|&&G1Fy7@4N8~y>1%^W+$BCuT4 z{=JQLy=g{96*@(SzXsA>zx|2-a(-}7e85l=GzolA8c=CrGZat1Wmxpq^usifqA4_9~PK)y?itD>o;WcoFK@H#tHYw^_UY=>$Cy#5?NhH#8U8 z&WiUv_IQO&j(3caohQVZY~;2^ldaCW5`Y?H2jVRsc)>*XEdSoyOzSc57QrlXd0V5M zJzGlWH^@O{#~k-Jz8mAHTXat2d635G1Xg=PW>@Q+E`NxnTi?jTI$O=1@jwv){X;06 znr#19rp~+Y@N275sBtxX+;UVPFHzkcZ5)dU{-pLIAsW=;rIX|GdxV?k5AkfczZo}? z5!%PJ;yfs+J3|*e8w->$_$fZ775?_}5z>*Ke&i*fM`t4Mcw;KRoFwW`Mhu{ksz&A$ zo-3*Y7idf9Wv+WwXHsFW811kWU3)}K?*X%K3}W{I3a%lb0>V#KNCe0ab#LqXtJ8J1 zNKe^y3LKwHt(fzfasAu3wm;Nvov+TLo^(#|Op&2B2&cSI*>0$FLol z+3|+=^v+-ASw9xm`3@_Mwu$7}8i&9D?K8KQw`saCb*od3P7$)G%h{Yu9EZVr#pT_Y)FZrUY z+v~UVZ8(Y&%$B`wl1SU}`Y^MESf46jk!*}-{1mNp`?_qWHQI&t*GfpljE~&&w%)f+ zq4*CZC6wFgzr+o5ka9Ug&oeNH{OMd{=^DAkts!Ehlr~EuQ-M)R+t(Pr2Ev`E z?hLS}v_`4Z)@cDMqSemRy{_q`e=*KAMXV@wSoy6eH*1O@V>czCAtwJ2K{#=jK*l~0 zbsw+{5|tF7y1v>sY7b-}8MRe8fEGkfnp)Sz$=uLIm4~8D6_zqqhFNB{#PIh1GGpfF z>M9lfid`|IQhyyNDNHu_9ioii%>tv(>8w}|X{HMcbqXV3RgZ8VatE(%Q=H7Es+cWs zR-{Lp_~+Oqv?B$N-HAD15y#0G#`sy?RSShOK;KfZeHy}v8Fq-9#3;}rJu1+;hMOv& zgf(Gh`Y*_tUxQHG3%KNuC>QUMGE68y2aY|8`C}+HY)lm3c z|AL$(_kAwrXzPjVqurzS-_ygpD$=45Tr`E1wqZ%&+tU0*09xIz%pX|uj9&?Bk)bzw7yS$pX7(VLzzE`Kf`J=hU~z~Z{!T+ z?>U&Q2j2e5)=9_ybjKG5ceewUbDomIXI%oT{`b#kS4Rh9sDA$M&qvoq&#Fi|3uwQ( zXGd(7yz%Xqz?>9pag-8WGjG{RNB|Z@KGa>NFaTMIXv~jDrJ`{`U-e|E#g0`0;Wnm< z(b)8;Cb;+qxN^3Ybb`|Qckgws<{Q06LrYLY<&ST2$)$b!_uoTIr#jWFFu&V6+h{9X zs8@^5jrZEXPp+nEBs6oUVrb-r z*jngJbT0^=lR!ZeITf*GS~XKDNe^(_11WI>B{yPY@luqe`UG(zH0uBiUPI^{EVgUh zJ3CK_TJu~AI|SqP`YGRG^o$7mZ%LrVrQ$B31AjTDH;Jb0LXFi=`@g|n`n*+hAW*Hc zPuE{(QmlA z)=xuumWbfww8R0lrKHMTG#~TN_g2oc6m9=)n)wg<6(nkLzSdd`Fd_2-kFMLi2EH`4 zB!cxu?OFD@k4-b~uAymwb}kGcFSd-BMy8byPlmF&}Y0gaeuE(o7!%V?#6cUowU;9R`0zUA^qlx#~Vy~AX+M? z!FaAXOd?$iPjE*%X1rV=3`4?h*Ajx<0<92&@w=ghX&GWeef&y$Ju!k@pyBrbR;rta zBz&%h`%hE=WS=j2uvKx}@NC|(5ht$x887LL$JCU!GKf1?;t_~pQCG8Q)PLFFtTa6i zy3KN^zj2d>zf+8q$A`2+*4Go7g@l1P0j3|b9L8mT(zr+;>{(}2nz4>w9rR>49$t#P z4@`aEm@Gp$oCt?Q1oa18LHDk>TNO-oJSCQNq3eP7qg-|ZXk3Cr@M}TKjeJtUyg17^ z8L`kY;$~jiroCy%PRx;ve1}-+8zH_JW3wYFzQm7#oTYdzu$G&u^(1!06zg!(IY&rR zwyxJmX^RNpom4rE-d%~(6wW^d0V@0K&m!guktDQYn@OHS1H&+0r@J=xXvWa7w2LV= zT?QVgm8=V$Ko2~JJzDj1O}B*d#oP75fmihz)CTD{O_Xcjzu4!iN5aJyMpjc{5sq5V zX*qoR81fn|8KORkr@=CP>9q&B7Ca#AGkBxb?!7YySvWq<~0T@T0OIiEe) zb0+soBzJQ>ewEd0U*&;%cgFD7l@AXrvhv$6M|i}t+No1*3jNch5Ok*8wa@|t$E86Z zj?kJbHD>6`Fyo_iT5$Dxe#5+PmA)|W*a((s%yJamG(z*;pd>OR?~BZ#$PmGdL;0Q% z_2P{SLlS+`^Gi~EADDVKgltY*+39+z)kFx#{RJi?Vo$D93|mhw(!R{j04MX@k_Q`u z_SVi1&-a75iJ9wAB_4A0sp=}V!03m~>@IakWv%(YDMCAj3zX1Ya>+GBoka`}sP?L6 z?AnQbec0>W@HX6(=%~u%i0VMSoJ)HMFk1(NZsV;%tcSmh!9#Did6q%!Kam&JXRLpQ z|B6I~V$!F1;%v2-Y4QH*_Xb#+el|pcg#qCasN5<23KWLV;u3W0uUp)u7bhRcP@$WI zN_$+kx8ZtF%Tn$Xq{cr9=elan=&h_71(2>#*&57O?Ne9S&mYvb-oC3%^XHU782Tf{ zs%(lA{c22u$`v0AnCto5_{0A`$O#tJesUT&H$%>vxZrc@1=FC6X{DonBR0w!H>-c! z+VIWQNauqnMjN(CZ?S1}(1Gr;ZvZk5-{UumVmQ>5!fL(#G=(D0B33=uROCvo!Y?GM zc&w6~jePn@h@hD_pqW_O)kR2J*RtY2we%4=fIV`?o_ z(X3Xtc@chXsIL318?@Gcpsqx14YSzadk*WRf^9cWa^7_(Xh9Sp!19m^t)Qq6#XLy5 z323%9wrlBz7?WRXtowI*-lsf7prEhTaUi^Q)QxmT)wZBb4%H~X^$v3UJ$XYi{is+B%D zHJrq-N<~XdUEo@PBPn4O$?LGzN?q45s+CvMguFBcN6S<$BEi<$RzC>!z}b!(j>!ys zEA%7dd*?|gjcD&2Bx-N1l6|0(TJroluf9L`VlXkju@dtYjq0PPrbQMma(&w%=eDEixhs5 zow{hylubwY>=rHwrkg#&7Q+^J5CkpDP_*oE+bbBNCYWMOVua4k>dE2;rZ{AIr%gdd z&ZM&Aong-KUj$sJ32i7kv^=?|Ch*kArub^#XJ|b?dj%W>P@?<7FH^~! zP!UKjpow3H4x-}wKruE7gx2a~f#~0H z;_~pSW03uBLS|6#x@+5O9-j`lj|~|39wi+zbkw%brUkc^DGsI>Hiu}*jzTrch{crP z<$-k58eL51Kr$OC>|(S70SamXV3)`_M=7nvIT@<=3zc!w$dOV?>*; ztVKrpDM(QDv~boJs$~>Q9%UFqHrR2vMj1|JP7W$4h{n-Dv8Z-d;t(WDfNwkyAk@9K zerFO;lAO8v9&=Cw#82~FZc8puWp!wTnm<8}VVNV;(g9VoN%tbcHquqoH$6x&Q<$!3 zrSTfHJng$JYCyKm9+j_68r{>?7D)%+i}Xe&DX{s;_x@vNnqS1oenBi#er)Q%HSp)*v4~MOGynhfhBHR zcvE>2FaY6}_YP&S6w*G$yK|p_Kuv;zrurBZ?f^PEFk~G^bu~+CKvx%WW-HDu>?o(` z(Je>9YKkjo3w*lXfnX%Uff;5ZY-nLn6|H9elWY3@kWZXhG45yX>6kcn9=D7zRHfU~ z?GG)NKe3Haxwo2YF{BW%{B@CKUqfv(oX>nHF1^nzo~Iw%I@sLZwq`=nDk>YE6)e!q z?bVAjEu0JSzMR6pMWcHr`ZF8O#g=$2ku6L(A}rp6k?RNpDJXvUlu%+^sB7~qVp zla0ciaWLIi+=Bqscu@7|?o;5@q5?2ZFhsI1>Z0%kwej4rh02P&8y7BDhi!F#bOX3+ z^q5*_rvhoUL~Y7LTz<^&R?A;9JIYyf7!7iXq<&Y;n1=f<*FU%>m+mvehO)L({hGf_ z3NxqLz!m@53Uma45|zx8r5<}LLqH3l0gBthYR?u~lhww0Y*J%m&pCCo_W53^e|wPI zq^H=M*xC`f26T5A@p^hWdudZU_oaf(sl*^4zpE`7R5_xk*F_5!oh6st>--rgxS+wE zyIq3uhNjE4hyKe4X-|B5iGwxfvPjFR^_?4#J3;=Uu2a)z`y?aT06n4p2d+Fs4ps%) zz2ElR?P%V{Z@rmf!7vEhFQ}BRY+_rOg~r6=r%Z5bR^PVV@Swd;1_CtnQIPwsUEH%V z_pPBi;s&P6n|^m}Vcb$B!_rdFmTs=K$euQ~uD-R}26<(<{UEApOa8%%Q+q8=FF2?( zX41ojg!iN*;=%u`Ae>rVise zQ8a41o^asGrJKqCzW4BM@N8xQI|X0gUfy> zBswMJQ_&L<4dT0f6Eh#+#~+qUjt^6YU2QFXuTSFjiGipzRTR_ZSkO9&e>tMf*_?OO znQD7g%;HCW_8!#!0~~*uo+0H0<~_sVWF@I3$F1}}GWUFNy*ncu(JueJY*pZo$;}6{ z#|CT+mS(@nkL^DnDrv%7TGk9dhw^CVJSujc0r`L)cSv1+_I@8%$A}L4|JStd2TB?W zgj{`{-apPml`cmr#QQw&w-*NDp7+Oy-&TD8Bdjq*BZXdy+Wy@I?SBxdA~ltv4j>%9 z!+%pDzHEoc0DFN?ZHKD0w4h~ts`|eXt@jqLvX0|}hqWrhOZBD5>*a3{$g+wFz2YMu z5P?|j=0F-maOwA11d}YmWRdwI?8WPpImX-fg^`bsq1%`ow5bifPND9cn9p^#{_h8S zRo72#J^%Ta=*kK?Gcs~ui=dC&+rj#FN`gnu@N)^{?m}pg_}w)k8jz*P2wJi-Y-RA7 zwfkVKzyM<+UaET*buRno_BP8g0l%GpkyG8!56G$#b{N4^Dr8YpCTLfK0*m7Sb2#`j zEMn0;S4xN*ks>Y^M;QuhhBuj{DG~yWh^sc{pc}vG-iRHP_soUPWXqpbeTZrK9dKGuw#h z24-gxJxn8Srt?sNi-RTIqZOzl8|JDDq*CZv<JZzWKLTgRc!pmz`~1+T%kp;3m1m zd>yKPdbl8J|I0*Wn%VcL%d|>B^eFh&Pob1OVw86QU_J?VcAz}90`Fp6vCYXQ0B7a#Ho6#n+Dz zj!tG8E~S_6kGSOQj!ScA&yU!;F0=j(CA&Evv+I(LHob9affPpRe6Vh{`d z3Dce7q+~%kcG#~?ND`WdU!s_3X9yo?4~=ciqFn39!Jm`!X+mg~4s>zdxN>`(E%(=q zz>%dHhh%=%fh^zEboQK8QLjzuvWIwLAKoia=um*D`Xj{hDnXyqXRo1b&ZR^EX4kKn zko!$);L`qIwj88SsGGWeoTg6dXamuU2?KIjqb2_FbC89zqIBE?K8OE!aLT^B`Ys7g zxGPykxJ}?dh6BzYGGJ?cEgKgMUB`C^CD~qM4pZHGI{};>m*&*x-XHPbb=;nVh|3aV zz}evZA1{>GTTO{%K1_hy3L`bZ2bNa}YF6w2D8=6b%i0FaT;uPD3(7BlM<-FKe+@H? z0RvATlAp9Vgm4!~s1l1#MS3n9CQRM6DXHO)+tua9GaB)E>%sX6ejqs1{@r1lbe?)s z?mKBGpnACYzrb(876}k{}{!&6HZ*Yq#&?7wAQ?&c)T{k!t)*@LSA~4 zJ^jT;liXbtqmKUvf3H}G{D1K`I-la6oEK-X6rj9K4?#ajJFY7a&Y|E=K|Xi;_JQO& z1`@^0n_~iP>MnXB&e-niiS@tGcaB)AF1Fpcmf#+!B8C+9^2fwlwfbTCgu zGWr8X2p-2Wg}=X)zRJGIaxPoEx~tFw)pWx;O`b2Ug+e6Ke{*lG|KZ-Vg52oHk_bK0 zB{3OcE@^JzA%Ty)8+h(O6N0VT#B$KfGQNEih5s15%i0@!>OI_G{tg~)t*ja1&6A@2 z{5FxCUi#&P=b5EPZd)Ekf`A3#M=A%2a0~3KIPbU^FH&yNizGjL zjrjY{gsTxU!Ofy(|Y01LDPtyG;38C0RWN@2_hZ(~OS0h{|IF+_1G`i;I*tt)MnMh+ppN*wXTKN=26+T7~weVYpk~~LhWh5 zbJ^jwuR+zd232#9hnMeua6!xz!p2qd>c$~8@+xt{Bmd<|3&k7isrgxvD2B|MXR#Rx zU07Xb5LPeC&v=;Wn$s96@fPYFuj&-n5n!E17_jyq?-_%lxpVu1x#w=9g5ixWY zLT9gi&r~dYQ}+FO@XS~pGmrGsLojGQ?jSCRzKZ?}$9>%|zE4*tBi=r@Qy-o#?ze9b zM`!n^tLM{0UEd8vMaKopZ^13_g@DGCzr=f$swPV z*h%I;CJ2&1rz?&4q8Orj>afhbaN9*sy*325c`q&K5R>?lKe*qL!UJo?ctd%D9OpQj zh5z>I3>s5~F%rl9IwS;Ta22kLk7y=0>h&n52%8$z(;IXed1H%w;AA^r`(MM^^4eo~%B(Q{ojX$ecL7C0D7uqXDO0Y{3LB8`jtv-a)o}2{! zz#&d+*|OJWb)1ZgQjCva3hn}6Lvh%uuVJz2*x56>J|D2r`|@)@MD|hC6-lokzDE7{ z)y7!+vp_c*d!S4}2%r1kW8fkB`d(z_zh|6+5hr^)uR3F}K4y1$2cFh*&oa}_7Rali z+e@Bw4*^nGdxEi0P&4gtd$4Kp8OJD7>@;)LND|RBQ{qrRbe3fc3Ua7=0z2HqWJIK~ zpGh-cdQGPV631EQ@8Q9O!lUyE#HX5Z@j}o#;j2s~Dj@bFN{mBBara|jzQ1L<-qH@Z z2}xF%2p|x5RM(&7vqiB~OpKA&FilsU>1;RVyS*OnTjsgfLroJF8+B)@%rl`yC24uC z)z-b>jZDeYM$?-SQuJHO0}0?Py6?Rn5J7n%oV`AU>x z3Y|0n41^*841FLV1VU$}83DX70DLBt;*}H8?f^dh1J8n69*9`8xqLAEDf~4{*1l_v z`ERz)J;L28NiCo%cAFr9mb2XV$s2n#MV=mEBc%*Ei>Q1}o#!A)zcJUJZ>MVwK|8lx z)PM;hg)-ff1nUMBh?5ITCZ+Wn~Ub0i3jm%K{;BD%QBDvF$}d4 z7PQ{+Q`86rjAB_(_{jZJa1d~uRcC7no8T~|*h05UcLQG5z;ze0#gsZbk$b!r;Hh_H z7c-QeW6OZN|DMaWJFAaIfM}I)ePxyP&yCuN&&n&`RvbJo3^c)+9tF{Zjs8$N2huA? z;KHUyK$cfnFC7^&rLI6@u=-GqZsdEmX7rIrJD+r5!wsh_{FD@mAOtO)$$@G9PQMSu z(bo>#4j0CGd0^(jSB!qTSw9$I+4!G3vsPyCw=mN|ivaamnLRK(zDv-*91)DWzfZB; z3vnlFO%NX2MzB6(CwP1(KI8}G3fPcr*TlbrJBC|11NVde4hU8=kgB?ErK0RbEQqro zILeEnA7=MkZ~Ha{2;3IR((RFk>fvEyLL<3SJHm4MqI1VL!6C+l^GNRp&Gcr+yTWn? z6wpr4#=ETgbJsN}OAyQnAKr+-I~(~-+!t7~?6mh@qeK|TIPIa2GwDaTfH2?LPg78Y z$J@W9kcJ|n&#qqZ&3Y8i#(CyF?sNU(=_KFyn5|{{!_{g2e%O8l4-bw_NP+D*Z8Gz7 z<(ROUe>r5PQE&WUg558i9$n;u1&m*gFPg~+f>_3GK&$ZjwYUpwYd)d|TNBfVZ~v4) zF+2VO#`$YyY(F0I4I`orsu6978IyuwCg_mZ2Z0V&VYP386nj)ZVl#CF`me6>FXemUPRt1Y_Ytc}rDG6W=Jz9w)ECcu+-~ zZa5WWxDTnYPPPM_?g|C#ZR8n6l8_VU7Bz6ekpLcLpg+<`!v0ER-o^f?15zj4J|US+`eT)s5!0Vhp@Rj2O6jm60o!bkI z>u(V`NYD(5kUxF+;8m`yr7z5FUL!z@SL>j#m}ZzxOBeQa(#qM6d!Sbz+;VK7F_>53 zZxMsad&O>-AT6oOxtG6mq-yfnalO{W@xz4|x)k`buzaZ<^)U@yMlDHsV~{*YTm<4w zLJdfG6Gcg8tb`e(RU2G`<+^E4v1Dm$i&s*6SI_PxP5EZ$1O1o7QG1GosnYU7t3Ed& zPg;DSEv!J0W*(CcC4?^Oz{iUBm%PK6d~#Q)nFQ1S@ww{;@6a$tx!gu0UhfAxzH*cb2y{dE1OY)3rSA zaL+*sK~j&J@Q^`^SV?9y zkmAu#>e3i8+{SUrdTZJ26{U81Ajn;EUI@gj(Ol&ItL{nlxtyA7R#$N94lA0VcU~Cn zPM?_&4rfs<4E6FvuRprA3)fW%I?H{SjrT|{#TEM)JPSHDd^cpN_|CJX9P+mkIm@db zTAimOVfkyFMV5uV5Z1M)^u;AvLmQ{5W;O}XQU;iN+%lzcDh&6Y2@!uy2zhY(GStkY z-Sk|-T*Iz{M!vOxHe$WD z|5|5MGRvW4_Yy+fS@EQQ*|Fgb{qX+63PMBoe!RTwg#rZ_?GQMo-dARTXtA)%kgU2q99UP#_x7GeJ`J~naJ3v|?4@J*x11Up)K0GipuUAJcFQip? z)@FkXXUA@UX_Dw|K#fT0I5o2*gRl81a?T*ONXG6}gV-dp&vn;AHB}mj0ViHq0g<^- zYG|cK0@tVl=KLp-$4ypf{FNBidaAl&sL66)RIcUIG2@W0CsMSubK%P$L(Bl>@d(NH zOhp6nx$vM~uHpz1%OWWa<3_Q;Qh#wh8R5$k6ZvNx%N>6qu;sY5DSKz32UTQ3#ylDA~l@`}S^l6EMuV!u9C`Oe! zm#v69z!6z0f7LH%iw3fK4!MN^9o7QkwJSY@w(Z4(xp*LjNk$?t-xY>?Mb#X1O&tm1O)ife$FW-Lt$E(hPtP zQv)-QKG&$(%v|xR#0dq3FIg+fqhhxePb@mmvT@I)9v8b0PHE!vomo(4ALO7YF)G}E zRGw1JXWd$5!73KktJbr! zn0HGxFb(I!CUs)e_R_=jmG9-3#+MC#US@<^!DI=h(K@q`FM0g#Hm#unYMoWbPy5I< z69nUmnhDYy8Np2iee0P9jjAsEY+3LVxLkXZ1oUP*ett0aKnO5LS7S{Y)Q;d zTWRP}p@slpYMhGl(dD=zn-~~ipcftb(YRg3E?;Uktlvnbf$bZ}R|XV55p^ias4rk) zR@YC52EFPv3P0=&ZH15uEv`|eE70%Nyb6!-@~l>xQY)8M!Q4ArvQTHVR8PYgZ_oRe zM=0i>gQTW=o5~r?#*KQ|mX}9>@6W%<%T2eOL3A_Iwew{)IZAmv=Z}6~fIdiwRb1bs zI%Q+6M`e2(N`Yn|obE-i7bj26s=uyzWS9iygnNLD3vXQ}ck{c6 z7>l>k%t4boj&TH2Cllq zt^BP?ME3gE;K3PToHt)wM5X|#8KL`^zMNH}tTn9{*S;5nYxMWHd8JX?d5R3GyiKU%h=W#OztlhJPV`fYa`DGK@e*`?1Kq%S%6kA~h5 zIZ&C~Cp!hjrh-tgt<_4H)M8C&Mn6Vr;~l~rgS7pmo{C`d(kenPr#uW&S-cr&`a^B} zEhqZ1ey&~uimWkzjObh@*Ouo+6?Cl#X$os)-c+McnYT)L$%e9v(vfSrnj^~_ZDWiI z5Z#XZsw%JUIv6VcYTXm9qzfm&xEu~WPS3_^nCI8@cUISTTl{euQY2&$bzeHqO_r-? z<}kQ|(m+BaW8pxm3=6Sqda)N>jGzDd{_b{~*T$z^Er1Yu)}CXE>75O&YK&=Lr5Ke@ zivr?$Sa}L?Odyf0Y+=tg(bQKh*ZzH!nph0!tJ_RoF8BSj^R&+SVJg?tneI?REbE~? z+oj=ZcshDK7UjgPkn4(pT-UQjBae%md>1A7Wyv9zlo<0`ROqWb9 zD7*Db+BSGw-N8i83? z;(mZvNPkkaEQe{CC@F~bn>!JHVzVKefQ6ji_X6yw&K^`B4@)W zJmi7E$eS}dl?9N5u*^A0=HM8^fqYN$uBE0r1FD z^Zj_*U1I2T@$0oBEYq`aM9uGEe`Z`J zRy<9FI?iG*Z_x;BJd(b5x zYM1Fy^E1UV*yz^c$Jv9`O!RWKIY;(t^>RZ0CB_qd7pL*_t?@b&U|QmMm99JyLe&!#UkS&&yJU&VoB?-stwz%O8=53m{P8;J>MFVVc^S=P|OexY5;>XZo84JNy|Ey^kO2u<%dufM* zZF^E!u8;?AcB3lNo5u~N%b#MTeL5`OQ%tIq>ltZt*~OoR>3n=)_j+*1esEws@?mVF zm|rovLnjnZL5kjRh23@HYa2hhyYm3nI)$w1657;q4j(GgqNS^r!?_tp*fwUJga z-|I6xBt#XnnIAETyp)o_bzVAk^{<1q#OXlg{U>yYHzyTBo`uCOSQCplsQkj@Od)k+V!iXzO-f?IE^{G#NoZA;}o^w>l^>pRPq7#y-RpH>oKB{nqsO5jEE zwO!+ZD)p=P$&hte!RwbMc5{|oYVm?jK{S6Ag_34glFB4r)KcjlJGJI1{%fb$&{%^O zsgbRx&X^Yao(tp!J_+v-0h%}&`iUfyQ`WUYGlq(+uOwj;*Tuq?J`#FVaT>ynycW*3 zK}CN0UV8QCy+~ZA02fdLS`#YDQ$2$MwkLs&<|11;T=&45KQG~+cLE!=#?{Y>ZhK7M z3YzI4Myp;OD(2G(l4IHzVALsjf&8;^i_Kzu9=o8*s{w|T!r zSy^3grp!-UvG>R`X@6|qNv#VT@hag;wM7qMZrQ^t&emd!$KN`fBbtNv5EeLxm_%GU z*5svKsy4>I`^Z9{ookie&W>f79y=-8;SSK(wgbMF6>66|#%yLSFznqHT>0Hv`dAJ1 z>F0YiG&RRbu)iyRiA@o0ouj%xm47r&otw<9SI3Lbs~2||RJ5wCy!7(!3YAmUN)f@P z;jgX7&i7w=UZ#4`Z^OqmRb6Ga;{70N*HTz06sey>*59&qc~x&eLs<+c=;w_IHOt}Q zCTOsQLPQa;l{pGDB_g&aU2kh9O+^7l;h)XAq;CZPQ9A$Wp#9N99(?bu40`mNCg zJ_cFL+WgScnA*-MEy|)=hpGI@=<0HR?~l=WO}`7$**dLloOV9&lVPM56QY*n>C%b7#kVQld4e?qMQC9kXh5QCY`=q zRJ@K1)KDN+Z72-(n(7rF8*3C-@Cm3M7|7BFkGa;df2^|6})@biI~KU97lM3w66s-8p0B=*J`2G%=w>$BNk> zMnh{tO`H!~>qT~(a(3Ir0lh)*7Dhk1Jqqu9Y2#G2?%*v$+jWgwO)CF66E85!-Xp`@ zSd5Fos_t3xwE*!Qx=%o`hGi}V(nwrLJi*s;8bKXiL~bdy6ofkKWHI;Rm~$}tT{{mA z@s8L4v)e$zzW!wCDXD^P_P9pQ04c4Vg2-ZI9*vpS0l(rb4`xVu&_GQS(+>cP=zG&bYvLb@- z`BxY5vF$~`6ong0^4^Q}UB? z|4#3o^K%`3(kJqS*hu83>LdR@qp|xiZF#1IAn8j{;N9EZdQ1a;3LK=O3sJCTTadvgHw` zaxLD^_B*wSH{3-_f(Vx42cBxIRgPyh0$jycr99KwmuKQ+{4o(+1cO+L9;rW-TQOmr z7P$+g{N}}eL89(oD9Eb%MK!aI`t5gG_@7O5#B{k>+e0Y6=L<-Cs`PlBoiZBHjY;&h z*?oBQD|4I-_a&<8K*ch<)wQV}_ig$ySheiqe{B4xFsYP;8(a zeRfu_j2{+{Ly*yj0ysV1rCxkW#I0~n9^ciec{yv}C^Hi>mV}zH(L7HnS1`QD*8+mX z$}tR8<^DzvM^`DXxggRgyo=Tk5y%g;r?(u$@n*S0zNGQyW$>oV?1zwjbDx+7ZLawu zw{hz!=uu>@zk?TFuN2RxY5qL1?#DR&v~-`Y*!Hg`ZoL&}eLq^zObm;E#<(h_lxY7t zgXAeRVaW5Im3e;IOd4ghuEwkFe@e%7+EqreFGK8A!1zJEGPv)-KG=%DC}T>tdrCaQ zV!dA71Y1M2Em;*W8Gu6TKH}*wV8dn3HC0~*-{U8)+sPwDTz04{{n{qo8}KBT@i!zQ zvW_rVib(%VL1>ol~O~N!Bf?j9%lDX02V7BEx+I3oH0H+0mf^eLtXI;5A z#{#tZY%ipp<~`k4kiK8bwI5%^c95$ob$U)#R5qA-f9Ato&29{pdCVPm1>hg__qZm_ z^^L=$6fM90n6NNPMURTX%ijkyVWN#~IAB(lzP3Mx znE(7*`qm>1JdrQ>!i{mN7buT1;F~v3GGsn04`xh(HbCHtDW+4jCWZ&&T>GcS-$Z5>Y(O@i2h-K|&X=@&Q88d9cpV8~7>-X{d|{ZcU~GCNvSF)KsgA4GuNBc* z%~trSSguTXa+sX&F}7`ik~u7mKhzU3E=D){$xcl_9XnM%>uo zSzF!bmk_{k>+W6uayx|T_1YHcRj;GQ!N zXaUB0J}gYHDs@3Zpl%)*u3ZE9dj17^~lrLf_WTHNDm6UjReFSw)mUvY}CwZ8kVE$)b~xxmF%DiA4_fAa8;VHNAupPJ8hGq0G86t|xNUv-vV{8<@>PZJ4b*Y;@5Z zL4E1O-x})UH^NTB>~{Hg@<8qT0{|ssgXB}E4|iQC!(AjzR6hu)ASpkI23Y2BCfj5# z>rW8vkeu7YGqDP5XGJ57Fn`49x!rqefc8$8b0DX-Y8as0i~v&UUEu%ZGfr9GGjP$` zupwIc<6NAg4YiHJSD{L2K)(1ij?It=Qf9xtpj;a~Uzu;+M{kj8?`=9|)HE94lx7|J zTsE+ExN;!@_P9xW&e=F4g$D6cjm;Wg0-UyOVP-?CUSzcj7~#nN=c1hfz^@ zUz)L7wvNkb9N1v?ji-gnco_fC_k)2CAkoA8o50oUEo2&dbUn?mWa?01@y4UxlT58H zrjOb`*?_7R%%C%*l;>Hnq+(B9Bn9(0noA6SyZBJ zoLN6yF!-A~59=2VDRRtB$J#yhNNC1<3t|h(nIQFS;*f$>N*Ut7onhu$jCILO6up>i z!fCd*7OewXa_?+6&) zB%XR>`YF!TFxx+YJ7;G;Vw|nfiud)2V&$^e;C16WOxS@sz5DarSe}llzq;`ihWW9J zQ4to_7@{Bpl6QQ;?ea+qQL~5lnh5Ogk&0B`2qtEE?ta4z_lLpMCNHVsZ!w8#R$-Ok zq4h97hl^oSu<(Cm>@{FrzLAYpCoC@E~?WInZM z>R@ObZ6iVbUhy9P?2WJ&a2@={hC%jcnqgbZsmf8TkCm+FLpesS@I(+C z(WqHw*74NTe;?2Pp!OImELr6~fR#YnPNxoIOe&D0y1=wntB&&rZ0E-hzij&h{(SM` z%Tos6#6maCx^iS9Lx;*kyB{YpcD#Fm?5JMGC=p>ypt+dieHm2?ert^89pEt&a zNgy}G&$tVoahT;F*t;RGrbDOUy{hzOsH}ul9#%;o>#;6xY11OpM9H5w=~f%S^*SiH z9hUxlytt5_y4runP|NI>b-!FNXTpA zDx$GC;O##_j}#SigJ+UZ*Y5V&SYW>*nDl@N40X#oiZ}=DaS~bC+SYwD#APVl|3Lr= z0V? zzsjbg1ZzXCy-aYtm|+q(v+f0Nu5T3AVhbNG&JJhO9=nj?FBeLH##24%tM|A9gDju` z`k@KRKt*#kfv}YA;(9y##9vsE;Okmk`TKf%@75dOm)T1CE6|7|_v#g>KsW)kzB?dY zFM-{EHOgK5=i$Xp}?GQPPI(6V9i&wpbMEr$P&)Svx>7z{62pl-x z;YB;mtla3~LP@}8LwmdzRkl!i!BX&-!AS#kfJ#@}o&J|0V`Vk27li^GDJh-$I`&7P zuk1_v6vRf7i2e{fQKWeP1jImJ17*9DQ+MorS?ifpC(uGIo}2BBdUfp9Gax9jidMWt z@aCq*yFHQqva0PudTMme;{*0YL|#=e9meL?l!Kx_x)IK=Kt&`=~QA$|6^DD`zj|C5(a0dH{JD+Yw-hf`*99O@(u+2BkD7@<2KBweO6bqLvy z&1Yi+veoeL4V3sB5udU~2qwjmu-|=N``d7;s_fhh)$dD8nyO%VwYG2uT1+5T1NOF4 zYzGXuP#vS`cO|l>`4oSn1dcHF>p;+daNVu>^`Z2r%_=ebSJNHxjM$t+cW}lzi+0G& zkuk~b8Ay3HmSX~sgKXDfL3Ce$R(z`00Z_$XuG2t|+vZ)MFE?KuNZ;S3-yoj5Juo+v zD4;C!k8x_r2Ahs-d57Xh7>>Qd$J*{x9tKL;Fw$^<%(Ii+jz-*p)H%3m&%E?Lg21dg}?vvHF8k`N!&4q4iHZixS9GN2_DnlB_H|G_YZ=WAdmw0FoZ~iktUiRjFP3g}~>7`5v=o z%bji5$VLd$CoxwEm)-fG(*EKTM8_L~4p)YBZIuP{Q+UHO0znVDw^4DP6Vqy1PBN4 zU{}8ZR%-zN`RSkAoLTYLdO6O7E6%%4iu5wCUR&PyA0u@e#j;d`H~78l5VUGuznR~p zFoMKRDM`qwp=F5ob_jP#7XOVESZ0k)UT&K zkjVXNMkXIJev?mm@mNBxBZ9(FLUKAq^c0_ybTW0-(TkKvfx=OSTqB9P>`M@kD{X@G z`f1x@wSAfD{n(Olw4e1gWnzG``(a)o^={J!bhYdx>+(o0u= ztohj9XX{Dw$e!2SJ}K|^d5L>z7U&ewR^9+4l9$Z-`o)BM@fgtMS^sqn_a=?+xhmlb zCQg=0eOLSs-s){b2tH%bz!ejVscZ1>ZkVpoIeW3eBq#%l zyBU#Gd>$KI3Q3-Wr)@_7=H|YWmPZ?c2o()w(4-i2wdgp{#@>vOy9~m(=S^xxp|Hj5 z3<1Wp8}5EL%iUodYL6T4@_=ld_p;H7*5X^pkj;XqJR;u`2)jm$fKAO1=0dM_n6i>L z1Vc}=w|4rKbDbY*x{xgLxee!G3u71Gxxp-#(qYs!Wp%sK*jCmAj668GwLt2IM4xi3 zH{_|XumoL299X59O3N9djDr})W$Gc}Tux%wDCi=+j5zIjO5X~ith!kweI?{#o%d`! zR(z{JdrcGGbX%=#EfdnFY7^ZzOB#2v2c*uy+opxz(MuN;dYP0Ih_YVTyr&J$6=7*N z%rVA&%h=lct~6-d(EwW@^?m?C_-7_A&~$109e8~(`vGJeySZS)qf%g8=D-Cx60tDt zbG`h<4q}FBiY1sIeZY85{@GjrX#Nku@9x?uBGSmF-?t?(S)bP1b6ZxmkDlDIvB-Y-*vn)tlQF zSl(FjWh&ryBA5h9*bmbB3jCS%XC>e{!siW;T(0~f$rugsb>ouh`=Cq!8Z~0ggxY_u z)PR6i8+haKOMQnab)`wX9*UGgjP3KUIoe;w5hs+N3|$CYf_=s_OCqKLf^j-WTbvqYjQa^~35{NkbwnLpzhVDP_GF>Ou7R7*#TKmQ_F=_j+%nye4z7yCNVQ!=rd(tTNGjMh*M{dGtiDyn>0Z* z?c9z8q_jMILhHl)+RlF{rvVZ@OZt2PVj}JWVCoRKFR0PmnrzC%nVC!#nqYUfBNWho zoqAM0ufv@o#M(rmMDJln8x+tTOM=7-&>guv8Y8+C6CJ$OfHL0IJOrPgEnzh>K$7p^5Xj{qJxZl-l#1~h8 zjhigwd~zWv9-LDa)Uj(Ho(-Qx)%lMle)-q=cSHLq0yq@Gzpj55Yq~HSWq$~M%Yg8K zzg9#*Tgn7tV9fFP&@ssBclzk&D7hY((|Cul3M%$AaxAZHjViB{t9`~lDM-fK2ib!s1{3Np?F?x zM}ccJ3~`{!MQ4NxpaI^qZA>gMRxpj{@O<{- zx7OMew#o|e*5uITchKX!v~-wy&z`KP2IO~OZGM8kO>wBAt>aS@D4PhyU8XvIZDEX# z3D+qD>j!yghWvT-X&U$f61@*;6+TCl3?ehdx(e2oK^ZEB9z+-+D3L;7e^HfNLXgQ&8nxVZRQWOyNZ6d_sY=NSn!K1i}W zT9%Y0AvvePL7-(8`FXxL2C$2d{UE@EA%Ln~5x*C!o1`@#rgaoJ5QGbK;={ZC3~;|g zdCiad67O&9q@H4t-Y~Y_UcnTAFqRtt`>PW3OB%?5yv($f_bz{*#jFLo`stKWcYVXn zC9NukJaSunA)Wb{TXoYz+(#OTmD{Mux3SMZi6(A~eb-<0(%H?nYtW|M_>WG-SrpYs z=1sm18PmJ!=kbn&&mOTg2>amKu8X6D6JYcj+UHtfh;z|LDA=EZZ4KgKgK|Z3=ypl(42^p;d)kuJP4Q zxMA5$>N!aHh{g=)6pQxYV3;Ny{?5aUZI1Qwt)|y+y6|>~Y-zxLV4Fhl8o&%4LSbTG}9x}0;GrVmRZkQt@ zb=RV0wEzVvKV-Q+a20LV^`cV3Sy1-51c>!i$?!*Zltt$|#_wmSGDdb~@$MxxF{6^G z+Y;IBE2f|kzPRUu-R&2oXRFkmNGyR|VexXuWBhes4wa)h=VP=u(wn}q+uWkeTmSHY zuqRhHtNysS&SpDAiUW^G72HIiHV-PoH#g z%3TpIPI|eE{tvqd>e42)kWi z$X~fhpup91_hIj~?~N7bE0W~1L3>1H`Xc;+Ep?jHrFMtaS_>cwM?Bj~ymHf>72?Y^0&W@A!4}_Bnb^G(E+O_z)t(G$vT& zp7?li?1)N8s!GoRJg8-VS%tvTObMIUAN-) zur--AMXY-g5Wq2e0xSSL16M{(n}BHhXIFDC)d&r?oS$=G&sm57PprIuXXF2l@>Y(% zlip-v{z&wDetu5xv6#LlNC^7jzy9LW_yi1vj0yms6$lxCx7gce?s#XuUKzhgGFtq= zvx9?m)mzK4_Yw@&wiK&}aZ_Ad>m@dB%3E$5n(+&UIuSGA6XmS$4v(`b%Ort|YQ(g?3rS5_O z>YD~2HWLd--dh009+TTIetz2mqL)4+Cz2N|RpaIoV1n28T0PzajatjU*UR+{ICBpe zfqS?YEdLjNFZkYi_`!%(?edjw%Xjm!y`#i<(;>K5n8z43%(D>ly&4g3^ctM_nQI)J zq52(>tbp(8)G$d*n#PfB0CNdPBUWT?Li~csd;s-R6{=@PAKyOSsjL%P_h_Mhurg;` zF#c=b@Y8w#_{#SEXvu_Ec^feF>GuKHce>7Cjf1}B8@Bgurr_%n1EZ#>l{4s929=?2|3cd&E_4e{& z%cuVSU#Icmdz@YJk>fuO`a?DT!(cWY@Av;M9-I6}Q<3gc^uy^$1*xw|n$vrpiqc6^ z7?aGVtrMe`Ab?pw;f;L=GdN#)*@N=1ia-nvc4|o+>ojJvh5-}u>Dw@(k*@z$)!q9? zd79CGx-kyllZE?8=l{V>&Hp``jraM#cJkQhKXV5n6Ac&>@OTId$7J&5|XtRUmR4O%e*WXXaFNvW&(H$m{kHg4Kg)r&B64+FmQQ6HjD%r z^40Drs^~nVY2um^&He(3HmqhHdk0iD3fC}(d47>4H@G3`MO~AJ-j-IL%%GyB{P&pg zKl;;wn*VP+*vJ3f&GQ8DKh(2h@2RqbJ`>4JUCZugHp}jxFV5ee{B-^OF^QlUYGOFo@a1CPC z?v*$_P`}4jcA9ylf{CQ->pp>oPv~=PpRPxp|JM7zfd*)s{%1N;`Tt}v-rN80EDOX1mq*Q653z|${D%v3O=E3@)@=$X1=Hle?tX!@`tPUXBR(@wdJJ4SH}L&uZOBRc2i~SYLCkH#r)LjnMcvh zz`_^Aj}P7E+$A58$z-0z<~+w4DPqludTc{1Fe|90|J=705+?5|$LjPQT- z(nrnx%92bd;R7hiyGQvq$oUpfexpy zA&&nRCb5Bvg&%u}kf~|N@k^dfmZfwh!6@SG&`TY5>zlS8)WdF0=V@(}Es`vk( zKi1-Z42Q#g{Lh^{jpe^HnmFz$q(7cw>@j3N3ap{zC+5X_u-vC6+4};dK5IfmcbAWr3w$H^f3hZkW*LE%s+g1sUPy1E?@;{w=2zQm|qp% zO=R4AqVAh#rDPSTBNKzO41y0C8k9VxOxvOTbb#z=E$y3A)Rpo;U;$NX-olT)uTh_D zP`aAz&52C-5e7eoK@hOFRLjwJ8w^)S{Gx9z)j= zeI;ogUjV!y{|{c1T3L1QH0+$a)eX#ISis!R0ta+uoJ#F}O>{Ua4{f+ShskF$Wg3^Z z8C0ibX`GQ|!^v3In}=o96f7Sw`u6s%1K*%Ieasa~Ync8ndb^Zfa8kN$yv!?BhsDPN z%}UiKs%S7bHP+Sos~#2%Hc3V@Sk|G0kQ^we=wwlWh`jfUQ-Emd4X4OFcpKjFK9{Qr zouaa2Rp7LKMYc(kFfMXOFn!I14`N!m5AX(G#IoDJy3GjlOq&sBUc05N*5ou$-LT`F zc-zW(W;HWY-%6un=YJCQ6Sz{rrnZQ*aGjj$6_Jn{TCWN~58x!mWnfJK2(L^N9hVCU z;J|4`ibm_1JlY0wBGS|nX6}0tJcTTMA^=)`6NS8q|5F54r-(?3V??l>@S_iL4rNng z<#GKIu0yn8jZ`fI(hDlfy zMOscP&Oa@NPZh32Np5Ok_PBQ+7wk>aZcnd~QsLDg)5`g^rA49Ti8o^LiW3d~ic7q) zj*p0uP!<1{BxM6m(#j=cp0b-!Jmxr}ta0IsYn{^ts0}WSIZlik?Lh~RIMM9WTRko zzPGYhg+%tx(uFPUzDw|XXq3jJ;a3q-|94M`ti7~DaangZ=V{5Vo2MYha!u=VuV z_<-d3KFsqUlK}FJf>@;Iz2@J=jKU;Fs9DQLxU5Iccr3bR8mkEB~FTI+Fcr^p}O zZl!G*U6B?EKpcjLs#O(It};c&6P52(3{n#@?s;s%18IESG)s!aPa=6Ly1@DV`ugIE zD@?2PrEJ(q!lFF)7Z8opqA1ebq+#4HnzT}s9wZr&RM~QKPNP*`!0hb8>4F0iu8Mu^ zQa(y@=JSI3bolHODbIgOd{rrQe=mlEV9GuTHD*kE5B92#BD!laKIlB(BeLc4ATN^a%67R`VwQVwN-N<2%Xxqsx$ummIC@*D!)>NSy zC^3mMf+nAAqhf|rXGp9Rg`4|bP~b~EUFt7- zC1&x%+Hpw_>x#-)lHW~M)Vk$Mfww&q9T26~I3tul;=nkFK+1(Mdvx%{wB_TK_3QQN zg>Ws--XDYO(~FKtcU_h!J8wW%y#O*oklH9KlyZ$>d=9WsDKUxjB*1!c#8!!Zi11d7 zTueW9yS$U^mCyzDO5pisZG&k;5JQ0&TKQ?$_8Bq2E~Qct^ot}rHqkcn$+Ao2&yEFTP;A^ZX32p0#@<&O&pLL_Qw{0wV}yZH#uZ3f*vQC+`BnUjl7%* z4FaucNNuX<4Qbj$b4p_JvM*lx*!Ph6YW7ckE7U^&^PU{q>T7|v`TvbH`|r_sJlyMl zcJW~S&m}BYSxl4d;3FsAP(mc1vtaWahz2R}GqN}2P75I?LbV+f+*WooE@IA7=g zaQ>IW%@Gj2wi~QwFh_)q7&&emGr7acn8`-dsD{HPtILHLvL=)Pr8vBzL)c^hkto9I zOA0s+^A2uu1@TYdHq7$EZaXaid=%aIzrs_8{xk2@{1B6VuXf@;`fQ>9WF)Pd9q z5bZUl4gzFxGrX#*!x~|(2KxAjd**(7)`il>w5EY-Oc7KK7}4M3i0q`vNULSwGCboGD1=1)1PXKkdhx*cwMK$FAD7-oJVOAWzNB_NQ z68W1v+w6Y_L(TqYHrU7i+{t5-|6x{0!MmBY3wLa(ZS2CSi5w0IX2thO6iAV71v?&F zVc9;$lzfVs!Weyp9I2445yfhjc@J5Om%c<@<1KJK^km%HwJO;u$teW@l=^rTaQ z=8?|3vZYb8(RDC_q!VRtH215n(XNV`zi4MRv@E@~7e>Ux9I+UhMY~LC$uRpz{B{11 z*a1$j*TbB)aq#(PlEYW;{vPPQV&Zj5Beq0r17zErBFZ`2DWcr1mQ~1g%-g)tLP(!2-d0mtu)uVsJme4Y4_3H_TfxDjVa*(PB^Ery0y)T$I-T zJ@LrMevt80>7;Zq(vhcu5O;6~Hz1Lwp?cs2p76yDC2$1n&@$t^-^7f{5#2UYglRP& zDuLO3abwkTXc}x~zC}S8gYe^N`8BT`w{pdsEcE$H*{;0|&?mM74!B9KI()7$Y=Ril z-MVkYUfyQOl1G!rVqIm=w)E&3MF}sC_K25>SmXaHl^y7i3#(C$i5qInv#$8}G|NdK)UCTT7tp`sgOL}cy-l;>D1&|Wl)K(~U6P{Yb*o2^ z+U{p7Q|Q#agxUUSM*pd&LqiSVHu~S!^nb(QXdnM)CyyxqQGexTq942CK%0-nKf$Y| zB84yhPD5i_uT2d8G$NUCPZ1FJBuyE8$G1GG;_Ow zF6gQZN~V+9E9QUnfRWXPp=ZQzOVZ>rKf9rB80Uo-`%vzgXlAyju7B328T}`V>5=2V zjAt`d{vY;dd;5=_JeW?s`Ive%$1-;1NN!2^7BuNr@+1-#!Bl|6KROq!C{!;M!PMht zC2Epn(_sMh3LJ0`VZY#^T`TaK>PZ=^hxVD^CN9&d#~l*~d5P2>CWY!&-pI>LX3 z%d6GxZTJy5J;yACcTRD{9N=*bZdXyX0l%%hD7+03qexRcA#UdvNTB2L1!@CLP7ZFM z@2zqO@?;6|0gh00GL5$(i~{0v6ot#MfB{LD9p>QRW`n2r_4ySl8^&{-ptb9E&Tc_Q zH~;}cbNJ?THQ;w4%>{k~!74|1=D@?qQ*5i3Olc$}EStE}uE>zygG|A-n+rI9I(>klJ*0Z)Jp&b*G9Cfue1SYBX1$$aP_tZ&F5)Bk@Fp7z}jMji$ zsf^2xt=452b-l~@5s~acQmx)j1av0~OB~TdDm$X(jh8vyGo%!j&bAOoD(5P?0->V< z#i4(fl4%Ch2;0~Hn**HpPILOgdZm(eDzcvVezJ-SL=q4MsqRTG)j3youb{S-3%VpI zm^6EAt!hdF&4jRPgBr_0CAFo?10->Oikg6|3KPjgHc4R?ZGi8gMZp#crHA)0?dQDrNGM)T^BHTiGAaq)k- z|BC}|e+%MmEbq4C$fTFqb( z<_~HRL#Wl((#t|GxOq@(6o%SfEyYc<{m()|KBoS6IO>no{IA2|bZ`H;lLt#T58B>l zzPHw5unIyV1tpziD8w>BO+ZcWDr>EBm>H@ZB+IZUPkf}N8UTHXdL5Ltm#e(MBY{pw zAF{B3Dpq215-4sH=mMv7tzg(lEtw>b4u*619N>Z=O@fosnBZ-g7bL8e{GJSb=`JaL zdmZ`(52;d?qA6auzn<2N0I)Q3G=L_8Gnr(eQt6S&aPs0f!DEX%W^UQof(a8opK^I= zsA-#B%eWFHx-_KZl{T8>b*+IEWXq_8ZyQSiaP47?yc>NKwPscD6=Nt=1`fNzk%uwz zZj7T?)-*0s<7atvjYXP{v{z^8+FPnO^kseXLN?=5)o$H6@ht0G#%Rj~sjFT6Vw;wy zS^Gx#P3NKRPB1oBNmLBGKx&qbHHl(W(v&g@KsnAhVFgJhLPwZvWSHq=dT&T=UcjX# z(Ftxt*8obfAEGcXuzKl$B|#Hhxw>-n0qn0{z@-~YiOodioc{e@cfJ=%9PK5kPdcOC zugYT>z;(EN__hp^0A$Pfkdj~c2$f65z&?d!H5{11+q2}CVx|g_%EOGUYG7N{W=X{O zT_Pv-*R-%L`C!YzXV_2}+N>l}1Xe9hQ31Uki7J*Uj>QF|~3E zr7bUcu6V^qbiB0OKolSiW)s8_cY0foMQ$ySACJ`1225nu(sm0HD>Txayt0j=kXGsSlTYoVky9PsqmWVx z)<8z}2Ah%45^{a=`38?8b~+6sIEMkiLCwNqgH8(YV*x%aU@XeBA-y^lD64c?N@|~y z+O7atyInKLxpsP^LdG#&DQHJEqpnfgi=yPi1q1OW_q_;j2Mw06*71nt-Wq~@m8KC~ z!np9F@3Lf-=AcLbzPnnG$S%xJQ)WRpLp!Z-{0bm;0VdOzLcj6in#(21uK`?tXZto! zSNb=Gb-F6hv}HXQ7cfK9EcAdj7skdOSY|p+f-7aR4WnZ2*sHcsl+}BZrsxe$l!rPs z=Tl(-(rh7@1x=&RrVb4HVAuykJs5s_6tUCvcNafx+i9$rX$4UH#$zz(&#bul$?_(Q ziDd}U4tr5#S=)^5i>o~8Y9UH1IwtvqD1i0#ej)TeW6lg+57Esqbx+`*;*GO*#HZ0tHem2Ay43BdA9Bv z<`M%GHQiZ}H_)fZ`SI-Y)MQBvX*)wyi~=js)LR<1T@u3@Yht){zyId!{Pp{* zHii$8nmbMRbB*@EgHMX z_h%NaS;%n`UqzvHDg{+ZA&>xNwwd6F?2t^Df%X|Hbi2N2RLJuo4`e`NN^lN*Z)7IE-rG_QP;1F#@i4p}z zC6RiZ-)ezU+-o*bvZRBO97$hGltsZ(g2AYn3IxBGX@g1wC04Dy+6m9`&6Dc zl0p46^1|gcvt`@m1lC4W;}ctOBV)A%F+*VWS{UB%y*>Y>p1Ss*+!EsOJvthsB~5TQ z-m=;pbc_A>Xr$%;pNyyb_%AzoD)avr3kYta6(l|yw@HTIER$6%G6nE!as!Hmhn0lc zD(>9C+azOtQrNjXBI@FbtZ{-NmAt%!zg`zpV3CDe%uBN$$!dWb`1LXMR_4{ zOpa0bt?i;gEF(&EEcqysAlcsl^uWp6w;cd7nB(-_Jijs4gfZm#S5c=^Gix$hwq6{N zCVRj+yb0sOeBrR)J)i#x{Y3))dLrpl{3OeuU!WNmDXHuJ_22LB^}HWm5TMWNlqKi- zHjE%&cQ}P^QjmNghAPytE6j0m2jFbK{v!DhgWe^WOkW;PrZ2(aI*kum3;z!M#WD%d z_xZnlkiUUXp8)9-DRb+EEScdtjcJtN7uf4~ldRCh$Ecs@-(Ic9;NB+IEgnaTTrVEg4`E?o-xO9_n%#Y>Swdp!#I%%CKsZBM-uGFe&)H_l-F8n!P z-N+y5ixPlV!hro=xV1ek~b6ecgmmWr`h?$D`lcGx z*yZE~GN{%{6y8FA<1;-P|M_sp1rkzYa)w*NJV#rM^IYNMkL9;xVRo7W7q+JXys)!P zDmECek0n9m;=8lgbO&Oswlr@Qhe# zq(CBOzR3%?lqiT+1s&balNeP2nqYY~eSi7p48zi}ZT#1_S+cB$0V-LZKJUet`!tc-4{&n{ zZ_8?U_w)B%1&IJkLm8Z}TZ#THXLjnRFdSSc{vm{=k5n;BArUa<`hlOd!Yr`q=4s9!vKtno} zanqe=cghF837@UCbD(@{EDw{cSIgjUt1yEBa7^9HNt`l#O`F_;rI+Tc2JnQ4Y3yp+ zU>_tLD}^Z}6Y@+iE+D_eS(8aOdkXq$RuGzb+>y74G*Yh^j%J8#E1SR~Vx@oJP(cc2#Hwk@12_lcG>)#U@Hu zA)O^R(2O-VO+0+w0VMthx$e2nR`C4f3S6C@ynO>$n3@1!6YKakA)Q1ebu~Jo0UaP& zs+1qu#fyVOQDR$7%{coLzZtHh}(ksAMJI^663cJdJYU*~#(!=n&&UWm@x75YE7Q%eDuCV?3LN0J-4mX4(0#amH* zSE;tpZL9SVl@(mU6wlJN=qC)G6}Y+j+8di8xZF$@CKzDk}PZ3|0}$ z7%b^UeK?CGFV0D74pc(;*$f5~kJ;aqwME~eI4{*f{D-6=k&4Jtjina?oYQEP7cl!a z%<|%wuvmOgN-9E&rGm~MB&Tvm8-4F3M#kJyyheE`_6=8Xt{l1tSq=8F{5G-0Lit$wbdx14954=-RA zVp@^J0j?yJ_)aTeS^tRq@@o?=xm1aHn!${P^fZW(7#3D2Xiu?Vq-XgVvFnbF=gjV zpIUEw3ChFvyaeiZ-0%_};%=7_Y_Ziv0NZBP*Vs=5_ff9-EnGvseGUSA#PDpq!C1h) zPN-3mG{NrU&tRoGxC--fB8{J$Pp1h?z3p04MWt$|=-X0;EZeCq|DQymmlHuw`1$a2 zQ=9~lC))b_xg-95ICSq8ABgeZWq&^$YLTQ#l*~6*X$HOEG>P*f^FnGuXZ`pX?M5&w zgXIW68^Zn*YQp|CpH}+6tY{Pie2f3bU^dqB{|*QH{9ikH@D0EP_CMwdKbGf4Qux(S z_u(rNA+8XQWDv>W9n9`;O70+lhQ1@U zdrfcoNa`5)5!F7-&{3N>(6Ae5Atc8=b2H}s5IT!{@r*l(s{k9|lK(dMEsu_#1=&cB-Ep4ez`E^8~TAL^76bymlP{;J0LgN^eeeNs?{ThrNvP2=yr{p_!%DE z>rG1X8e*!$)ACT}fQy_{c8LC#+!x8jisX+J(zvVAoY)%s>^Q=apbxZ)^qvVXCdpi$ zHc0}ls3`!+w>*Wu$yR76@mR%{zBIX0mVh+zBA-`L!hTb70bT_DCY5qde!70=XoU?U zC$?Tvd{Zk*N<<4p%>1j-l@t-mOTF`q0}5>@tWN!cKA7=z7DbVM2a99JG;3;UCQYQ+ zK>X{q!+MqyA3DuU-v%J}7Z3?NB?yeH6@qoNaUTjly-NJM>Rwb1sWj(;cw%Ucj{z2E zXa|gyxAvwv^mIF1(^6tkv2B1Cy@rvu;n!HgG@@S5iKBEIK7Li6QV;Pa#4UAI zg#!Fdj6B5CI+GASq#-dgsG%hmv5`TsBqbK~uB3bkp#rq4L6gzPa*h;!^B{&I2&dIp^y$_N$Sn9vYHfB-)@0w zBd#iAzu%sGS4w7UzqVZalE;WW9u-{;Yro+B5z^E!8Ds4iT1Zlf z^Z#19AbxkO=&u<;6gja%jpUgo zS;(k<4D%w4=a|sTWbW`eIEg-Zn;fJWyoDL?Vjvd}Z+RfC92PwLhl=K_swR7?#-yhr z@vd0F>_eDCK+q@>JlhvPpAuEQ(yZD;ROa0pW?2{*ec7<57FHtIDq&GY*UJd~J1BFc z_iE)xf7Z3P*VX;wV)b50Qw}@^LW&@2Yg--Q+ax1e#VUlh)-VaBrQZ{)T>M;$B}8fG zqd&QcIB!wDq+t3nWp4ooF4JQ3I?Uw##okKc*JMdg1hs@gxY9I*Y(iV%-DM+$NOEV=m= z`UNLx+%J}|Vxa)O%Y!7mpGb=FISnm!wv465O90lEsavJ+<{8kAWR;!f7l7n9S)V2O z7a$w8#AIklE%NvIwz{(9sjnN#TYgLeUQc*+tVbl-1`v%hKL+3*$HHqH*QM zRAK|OpQN>v$>^mAH9zFi^`UT5{<*SutkgA+W(xp9r(&SC_k`RdNCbu%#)*ZAG;&2Q z7EG2*Ca-zELC%u`cwp^CVE{A~4)E=@L9(c)xqEaa-UFVR^1tXRaQJ@dWuX_`oW;Ll zE4ytcfi3d?WHM0Y|H*hT-OK;GcntAhnbU6$JS4#f$r7Yqo_|QP0BfOOoUbx;S}54g z$bsi)NuGmM8sH@ZgRsb%T#46}_52_?q0oiphID0#_sVlbOb|QclGwWU_1Y=@4=^!z zCx{e?l8eqz@WT1r;uKO13=DLLNOQB=P2~p(r`c*d;&MqaR7ZGnM2ur z9bl+%6-2dB%txBxD8Z51s|ifQkx_Ihyg@mHXbWM7g!9!BO#0@bF%~lRmI1~i17lx~ zvtaL7*_x@Q#DZ5@M8|?(xBeC#A0B?aKK^?Bf4*M#Xe-B~QGbe6?&=1k|NfN2j6{Q= zNXvWGQtP!>csE`S0h@oVm#Zv_lRR&R<^Rs}Xqg1?6%CWRbF9Mb{DE)7VK4?94B0ym*RKRqE5 zL_~gSU|b0-;v}uLmzEQ8TF?kR{~z9 zk5xL0!=lDD&^G^%;Z(K%nDqO5|BszKhVvgg-=#^Av)rLt&Q_M+&;i3aKeDUIg$m#v4!{j z5_4CW(^jnFB8)&fe;?)<^nwlO{RE8t7XIYK|MO?iTafDmGNGS8|2qg0kVg=vUL{dA=37BzjXc-%0GdHZqxr!1nNSge^!AtG`>Z3XF*qkrZ(OHtO@Vdia|bR z#v-=(O9>&(y%V>cJ<-!(3h>M#7dg@ zIEutN5N*0dWzfw_7{m-b8+wIfp{FlKXtb6#Y;r~DAPu26^V6eCU z-pTW2o&WH{ddSfa12CTY2&x5wK-N9nyfl5Z8`5?Xd<5`FQ%i}k;I~fVcx=+`Gh^5#80=v;|Tke zz-oxsxIP8bQm7__*-Qu)&~6OBuIT%aHf#bfT1k)IkWI{O(AZwc`m;SX<-b)CM)~1; z8UZtG6#i+O{5PErwfKL7ef+20JlOw#9WIZF4@ek6M9p6<(XjXncubtZa3s6VB`j81 z3_Or0w*`ok0G_busAb-ejv?oUuxwDR+(iI*7^OS7ae(vfyLV0*AL#(c$aB6qxpdHf z|I48fl5A3>rG*|&p#g7UmciilDhuQJ70H4T#`CjzobcCgK0<$m-N-ut^r(X#jD5&% zW|v;!FW!7iGf2Yhi#N6`d!Z`@c}7o?B2hZYj=@OcCG zu|6p(Ml>S<4b5T7Eo*5wX8H(;ZX$X{N6nzQ&>*uQ=RY8FD-Q@u5Y>>6J>G7VxZ3Zt z8%wsgyWQBF!S>9%?(z1VmaDnehI{ySGiXMRpujn4jmsS*EgI#BJuhr`);fBxUaQ}6sQ(uQII zL7Jh%5Ha2bl$2;2fG!sNj{^>9`d|F>GD!;ICfh3(Zjrdf0+Q0enMcWu7h$$pK>*|y zI0r0kwOIrVm$xbya+ehfZ?2R=Z$5z{xxyjxdC4*e%rRyjN=q0}<;ejJUO8%Dl_Tir zWlni$#XzzmG*ju8K`Be~ZsISmLlTxwh{{bTrMx{NbzvYzX~IRsJUjPN=6VLItgE*w zH>#BsPP~RGEa6m4p-|{4XOJ%c*NJ}zGk^{M!6lrBd68}C^&!BF85{&K&7kiUFgOOQ z90GZgNKyzf4{jLe1@wY$#X3mK;>xz-Jk+|g1~2U2hTU@Cu|ni`olPiV^@t+~k#yh{ zXb!0=#VhZs^NL~8#`e(%OBC+650C+$-<$b2=KoY~e_a0GpN!P}55wVfZ~w8Arvd-} zfgd73UU+eU4&7uySeHIsFRZwbx4~*aVWb@NTva5Ph9)rxU>YSG5@?%oI`KG(4OQ~B zFPGScr*s~zMwP>SYs38ap4oa&v;ChJNrt`L8WDhP^8aY8$^YZoKK}Pkp62qu$iJ`1 zdH^^*y@?mI1%nf+lnhvioMk=+h=J(J!vLt{vr1b$QOYy=0V7GWg^7^>#gAN^Ojbp@ z5|hnvt0=8JS2!HN-+Po#w(;nyts6nxIxHzKSh9W63=l_!HO&$L>Cn^`x7RSV$&V=? zPZ1fTPPb1vT6){G_gW@9Qz`R6Y#EBGs`rMtmn_$d8H_SiU3Lt-&>&9%QE1IlLm|AUvsVLWfB0obzt2mR4lmH(%c z!G8bm;%Tt|e<70(yqjcIP}OyoL=jeDd-JM|&({qtf9=gH)c==BQdI46BQ#M+$5+Iv z2KW=m;2eJZHjD${^s;~aBlx#xpYnw_oJ@~N`0QU!F3-=-zdHt(Wv@U03!Y2uYApu{yFF=Y#8`L%>jUkESUt~!wgvf&tN**-~aCB`3hWkMFF!I zYgfs9gAWTBgPT?ueyf9D`yz$gOfY)5QjIo9EQxVVgc3+$2BI*AZpVFn_5P|zGT8YF zoZ2mVY6tAh&%iy6{bKttJ1gQ%ShW+8N*B|tT<8BAFg|I_Aw)3327K4D?7!x1m2*gR; zTYA4H894a+SA*HhX)ScZJYT{55S8zCJGMR#Y<(WI?sH%1^FZwLi1qo~@FVK6pJW;I z3$P6H!n?!ixv+VF7e)AbYn9G3FMuG7Lw*j2S#Ir5-`1ag%l?eqiPE3Gxj)b=P=~yr zL>hH~btX@tAKr#O?#b!4j*Q%ixg#TY(z+vKsUstIB6eihZZS^B%@*TyY+Z~acWmo( zy+%xZ9w~hui+vun>+_`E-r#+n3@Z9Ovh{h?y3a$U&m*DFgQIqR9yjdsxT?<MGO?5d#n0!Vh4HM9v%*1v=B08HjF^jJ*Y`6#R7c4G7>m z^r4+FSSa?WHN_q&6ni95?7^(%;Js`(crPm!jD@O?T2u9*wn;>)J}^@C?|wSN^A*G5 zLz3N*SgxeAgL-)I&JOzBZs$3GAJZg61Y`@_G>>pXjaA@0f!`7Q_sBF5S zyy>(tB-iQD1}*qi3a~>#&&%fgtVKKBaN+dr3ukECEW_5DWvFbHp}bj!3IPZbf3<{h zLF@^Vtneb5>TT(zSU$i3ro#fHUY0|wUq@?6-^c*h$yde|rJ0u3w*>;~_Y^_|{v7Xkkd}py8hC_pRL?*t$Jv-R-_RmAXC9yKO|J z?@rCA^xb-5y$KarLhZX#5tV)``aOMFPtN44?&ZWf{C%4++ixw*_7!2aFA1}4`#hU9 z>+@_@(PxV=+ixw*_7!2aFA1}?`%L;vUt(qa0e;n`W6+HJPG@%V+qVg~{no;5U*X$* zNx1DFDdhJy{0O3Cj!#|W?hAFLBlWsAZpAa`aBi;+;W%q8_siohR-2&U{8*kjpyX3YCO#X0s7E-Jjcp-PQ>wS zClE{;3PBUQ5QGr4^|_@$aO4h0N}tCrVP<^Do^-wAMJF4ifSsFkeTK9LL^ml0NZ{0c8iOvCniNGr=fNmJkHtEskqe;L!YFl|_He@vdiyAX)5P zYjIk=lA@HK8yc-8Rsw1{`x;{O&|oFN6?E`DT#|7;*Cq9KagC3AVmjM58Q-B=Q+4pEmPXx&U28#A`9npn9)}t zBhEC|DVR1pbWyuHEy5?=-;h>dx$TzogL>P!7qG1m`;>voIQLzb-HE$VhqoN!n z2BHv&RcvN-Y@%Ij$xadMj#M<{$!Si0o}MH=BK5Egx=jFWC4Zudis&gyp8Xn7Y&GY%Opq480UL2fdM1`|}u7*3vxN z;s9jO&mii0atnNz6}_Cs#SsaM_Vdr?R_&zdsL-}wF(_=d#`Au24e56${BTfn^`-IURtdk zjx1MIM{RGaUaHgEH+GQSQ=Ki-2x6NTtc=OSWg3OIp^rTxa&Vg^OYjYG=OSHic;h^> z-#EXt%1#-sW>&&9vrONt?exv$>6=wgA2UVA z%T}~UC&pMmdMQ|VaS+i7r7Q)H!L*s^H=0^SznNtL%-Sx1scaoIvn&8kp2YLGegQ4p zt`XS*h;eL^n_r<{#EmU~g zmI_a0Dm;~_aM?kb3KKJ7c6UpzZ`Mh)T0%ea!X*#ffOlcK_Ww#r&Zr?b8dytN-T_nKyKN2g)TqXUARWdwkMh%BYn(mfZMvy>WSb0Lq z60dRU(-+2b+Yp<%{G=_HpU7N(B5`@)HkC{9d4kC&(fBOk@&;x=NZ6hwNx}2o+WKH- zIP3g#H*feTw*fdfMn?|Bx)1cR{sV^K(n<+$xQ>#LBWHWaf zwKR9aHD^jEUy7ZqdEqo{Xqq{+n`Vw|Hcq3~HclhO#%UzlIEkHPCTitz2E;)^QpXSQ z?nc5!5a&rsRHT9n=y2LhEE-O&2iK9!Dr(f)Dr%%yMU6zOsD5u~J)P5VUWcVfa*P8< z^qGlU5YAyb>!!FwG%Iy{rJk z7r+a=6yHrC0))@*=!ehZ)9A6voREBL%oYWP0|gJBT~ECJ!p{te-TCjAWd64V;0y)Ep4Z8 zO?Bf9%$=dK8DeNWhCAC-guiK>LeeUkHM}L`q*&lxJYx&07^o3bSQM(lnEi zm^3@l3?|kS&B$WFHEL_XHF6aJ_DCECU0;n(c55#~G=(k;a-u0R=q;l#h9I~Bt1QZa zH@BK}k1Q5ZqqY`NiZT93u!y3)Fr#6UB3lcQiVQh34kq7nOl2T&vsD&R7Z2v{IcVtk zI9L6iUOnEeMj?wAmSV9Y(tIzz^?JP1>I^Lb4v-iHF8Cf&F;6O z@Xdz$^MTzI%NAj)b$~4;zShVUMK$b=Z$`r=7PXd&6rpHT4-K0<&|Vyn(HPc4!^+9q zqM`EfdT7`fW=noKR41ih2Mt@CqSj%Glqf|*c~Zt!G|ZFII&hE@H)tqNiX9E}q_hv$ zqmD+u4jKbn#D~@aAC!0x@@Uv>(XC;8+Kxuw9mpY7Mm^n@B&_YUNp?=9} zs?o5KvWK`}4b)ZA-;T=+p=?^M5W(waUkOWjp;~wV7=G{Snt@c%AMGlJ`J9iQv z?c_s@T{i{W{iCBs=d+_D%kgYxW4p7~YaE4OUL3Bid23`{yIu_4CZe&S$OJ z`AlKwGnJhWEbbW}!VJz=UKRituff{Oa-7$kn86xNMo3dO>|1SLT(hrWFK%Eh4n(}V zBfft>Uz}5W!JH(j`2azX#D6XDg~7oF7G0363Xt5=3<=gQnJB@mwNNvYg_@Zv)M!0I z^&?n7oLmRHHm>4T4g=mhtiR_w4#wV11c6lIHp$R<*m`IZmS$~*rI{?C%oI6E>mKb> z5?O4^1lH>&Isnd1uyE-kHhr&P$uwt~@2 z7K~Y%Z^OJGD;&F@ke_55BWjdpi4XIf z#?cPK9IgF8^g%e9HHz$WG_wTunOS7USzDQLCd-U7MP{t296V}f9&kjg1LUa8VO;4f zO>W}JU^cVII3ng4xV5uonk8#&;e`K!Ac)DtqAfy`8Df*+d=nSm$B@omBWu4So3Y=_ zB5KdtirT26A~;BLgKpr0sT>XhPZZdT)s2wO0uA(c-=AKBWte4jYA21HXO1Q>)!R}^ zT7y*@g+5w3j1sYIjo1}Wk?3s0XA?`>OC|E~Nis=aU8Fyvj$pqmQbifMWR)S&Q_2s5 z>tDiKk2u>sr&rrFJZ9u=5ce+<#xQxXA+pVKBpBpj0DaU6G9Qi1LyjgE>yVk{j5BL{ z#+k`yoSAaQ(FYSp97l{4NkSertGw`v1&`B0`0H&LL2T#@y#PClbMA}>qZuWbjEu1{ zvQ>PNpC>WSg;*p44N}cr3+7mfEti#vX?DPvR2(pDvR*4uZ>l82nJFi}GFq{?OfO+x zWGlZQK`-!P$GLA1trQGo%b_Zlau71E*UX>m$mY&9wPnL|m) zSyYl0sPEi;`0i!i^NQXgq2>}~m{7-?1@t(wMLDKentR^X#DY}qOI;ty=b64WW+&}q z0rR3XT?&cC?@_bJBS*HtBNRbvuiH=fk=kj?gv${ERw?x)_adxbknFi=niL!Z#`BAn z7eyPiNMJyQq?urZ{r!ILG-dnei5_eIzsol#uYY{=@Z^6r@;^_8LnZ&;WHOlU^Z)JQ z`3js-zY4@XJDqP=F)h^p6f8wIA1$NWvd;*tcdgxC8TlakeKf??iAHb*1r=IY9lKw$|VTfnk ze-8Hp4^yXu)2@a&@WA&lT7tK9Scp4mnYa4-`?D)>`u)k}H8{Hh=kKn;k8e)Sufg>@ z@XZ@=c7Anz^7ieU*WmTp<(t#%w|~PeUJ(b{PNxShND6Cz0sT9Ca`^jitI)sep)FE? z`6>)xUh)KU{k8%8L&FA6(-K)%beY{|?tV><@bHQW*Ep^dEM?ZJ6bS+v$NT z2yr+6{!4fl+8}p3J#bp0^g7J_Bn!&Y0eRuh=ZD45`Nj43zg!m?s)U*Z9{4-vWKDQp z3_l$DizLZmx6|wOIww&CF2nhv$dL>Rvo#Dr4_wPjn_3h9!C0l0{x4v(>{0E*1DQZI z{hv+8Gd2J7tUuh-|D8ODh7rSLL|J+yC4Z+Qtm`lbX%;TMEQ~fJDKsL&SOVSP^?!bH zMGctI_I5kpCm-M%W-q`8NZoBoSuctx{m%i;Nbh9}d4e#;l!2ymrbH2wOuVE~53thzW>fMdQ~@JXB-|7^_hMLvRlus%WFGp2E3lFI z1b%>sx?gWnMBUlwp}&aQU8MCok?%=7pz}#MxR#ku!6&My1)sn_??3+&d;(WEN9qQ6 z@y2-8&A|d@*!vG1ba~Hhv{Dt{|oG+49#1pOMSW|QdH!fi_Wh4pTi@^=K zI&lHT8XY+WJP|3sfry!Z!jzF|qwoxr8N<=a@FG;dm&Cb?isCeX7(P*?tTGsYRUE*K ztOkrw*{JI$0U^Sf+Pfb}Ref)rM$_&&^Yk`mknXGIMJzfCft z#0=xxpc z&73ChE1Sa$)(ZY@m?Ov$`RAX1|8LX)V#Fmtnl~5*1k{HxiqIsHlWvhvjU8VsR5d1a zlZhXUxRA{BRB9D!62&OaEEKUMg^c)^J1`Fm+va$el5I#RA`*VdV)MXvVF9vIg1p(_ zI0Q7NmWQY?R>NLheUFx$y=9kp%M&`47a4-^3H;M>&=6jFA20+4ttO;zyc|x)26*H{ z55}lwpn`V6FAErho1|C>6X%hHuP^X8XA~iX2#G6}X3&R7s)m+*FQaxvu0wUy-h2#m z?8ikfOzFgsokCFzuPm<}D!b1Yxfqp-6ZZTD5xeNJ$B)P?Pq8zvVj+EkA&Nc$k&P;OZLc+SaY?eH;~RK(J1-U0_c`DoMIBxySJ|-pjXhM=z5o>M{{XK5w|@0>++2i z|KF9OYs2iicUgK?8Fruud_faZ=15=f0RLPbfF0jl;ri!(?=DMwrmtUol9rr*?n_vH z$4?m?9;UxgA1xT*_@y=&kuC*G|0F6}!%UmvEVw6DN`$dLB@6tzd=s<}C$N{!<+HX# zyd>iNnnr72GQ(T4r!nb5eN>hWwl-Yan04^MY&gfeVwO^Sgt63G6$6AMmOLSHXepS& zu67m@>j0Ru@TFGvpxkY`#7B+XW}$PsV1R(L(`16&8%K%*P3Z#(v9C|7RLB~{M`5Ip zR6^9mMitI(1{Q2N$y4R^u1c}XTx#@!qJ-;khE!tJP zz%o_YJjy+ivhB^fN=P*}Vy|$N=axb4xJ1l|Yp}|wL~YBMAiJ7YED^}&f%hv)C^no9 zW{~OB@yv>_+=(y-q;X7BDs~OK;5mtDDh(>rBw{It=f8xPZ^3!-+iy9EKNQ~YTe}AX z%0NQ*B9=xZ6THWxHNo42rZ-)3r`$+AX@TCP-HhRG$}s6YHn_Sd#a)yN+BJXCLORK4 zN?rmhws4nfvX{9EAVIcGk|j%MR552?#&4KdD(kE^=NAfv+7S|hmuV0c=(&4k<3PVz zN4cCK_lf|z?MGDwFVIaH?j4k?8U7bvqv2$FKJG6jqs177AtH@C^Cn1;sY zDs}|`*$T!Zl&F!|h5d(N;UA@_!`MUK&n%~Z%D#!Tdb|tWQNt-L%e_qEdT!bor2_1J z%;H+4%^Xuja{|{mz>h%Ogsjd(hh{imEj|)t4Wh(FDvOrPx;vahAQIbT3F!H zXrV=&dB;ft3avat1Ic!dbKA7kx~w``!(E~CIxg~Cva@&3`Y?K;Ks?bj1!Y>b`VD z&a|)gZ=I&*hR2Mmcyi)C1Ih`+Jxh|LrtmLsHIO*oY@rw~i#<#@m9}5TFt2yMqnxtz zXUe7gdqp?k>(+oq;A2+suOLZ9wf5GkxtFN+6_^Y{9^OGfUyz|(P$l6Vsh85kOoTH? z@2%U_bGq)sz_xSdkM#SUS4iK_rV*!GtwLm^G5pro>e zeT1=p{@aI+k8_sEf5E1{EbdC-qFnN8*^~$(7be>ZY3dm}?x%Mz<+d(gtV?oKRA*T@ z{Pv-AN;*Yvpt5Sdqwyexit)(tq$gw6x~s+`qeeX5&kpQx|TU+Yemz z**Rz3^1Lv(l&fJ>rdV2&N)zE~s`X0x=fA0s{<#koL;a2q%;%r`1OM}fj?W3oqc!1n zUCh0k_x#P3TopMS-mxmBiMUerM->`xgLYm{I7{w`m-2+M+ihkX`z%#y7mibd6S2)S z_u`Z{=%ISAJ~u%If_eUBvgLy0FKEt%@6i~%EN|>Bf(NHGY@<@s_f)KZRxO))$s~X*1n{cU@DOt{}b2$cl6C;>^4LpL6fs^`-ah%v)Yu zUA=#P?mhYR$qU}<^7jzp_xbY^@3LqBKP0_-k+Y5d&GUl5tOfkNcD$R9*ICl0Cy?|G zVo-Gd<~Dx_lBXznnF^A}C?a*M?;R&P$cE~?SR@1lh=AK)s%(1SQv)P0fq`;we?&Ps z_aM3^+-0iZ_U)WoCNOm5=%UH!1OriipoQQu3L?sHz^?@xNy-m>P6Xc41|S)crbv|X zO5(doScsA!-X@6@3f3Iib4-#{(40V&zr;h+LT%8{DA&TbzFFL6#~?(h$4nD50`)qp zy~os~17x|Cp=x)_`nlh=j;-G$BdN%#`fHDfs3%);uj_44mPxW+E@kVSaNSjY2O0b2 zdlzBc)#$r|fy0Q1s0$QyKT@%Ve|C|gyLV9(;Qt1f|3 z4`Z#vZ&&7(x{~??pFnd`J{a2ysTq(=N)X?98I5j@(HukatGP&(Ms&xcn~dcGrJ`kL zn$U)W7QXDN8p4HvajyijN&AF+|FhdR$M34iVZ(nBbs(Y#A)P%3<2ek#fm!JL0|of9Fdsbx?iMp z2N{u}h!}Z;wt{Vtpb-QzU4k;nL7TMpw({Xa(1rsIlJ&BTq*y^#Vflcxz`|{~hwZ68 zIw!%_B)6AUWkX-VEKfPfq#i@gN`y%2*cJkQ7}wh0#^5C>?rypEQVNx7^{J|RpgK@Wi3?dV{)Fz9~nW{M7L@z;Wn})CD1m)@;^aQMs zIC(TyXnizR{Yz2ed5;?6wpAfhCR*7du|i5Grf}EffQ*zyorX=bEHFBl*&F}ClAt!^ zLyB0*Nv)3ZZ7fx=1JhnZq{88M4Tr&NshB`-rQxY|Mrx~@O`58wGI>YtANfBbq96#) z0`Dd0f;o}IY?LzurQW~*=s1cG(9F_gSA2$ED8D7xLndZ_*Fe5V>MT*5!`H8_?CEQ# z;29HZ9Yy)ZJeRIiODSM8f1;zId}2~@bdY_e@qy_2QtS4x z`s+2RLICYVM>-0UZ)mC*l;xP@hXe8Tduw}#rDN=iCMM<}-=-a?POlQ_ZHo>hN)zrG8rCD6bhn349^PXdiqG&!lZ&TDS19hWdn>Sg} zQQ0vEdkLjV%~h@iP~_yM^gcpx&AYd+u4L0KCr;p=9KiEuY7$Iv;oh6fB66|)9U9`y;HMFTt@#RL!L zIK+d&Y!=R@Bnqc-G@4BZgHafb2Y58bXgKOeE%~Ly-2W*gX^Cn4D z0~!!x-;@QaJQ-PT3eD(7uqITWT@^5=8v~WW)j$@e*U6+Y?Ancut|lF>vX}9Xh$3>q z-0$+<#LYwrEsWFZ7AT=PVF&1bT?PC&+%KblU40}|rVV2a}*n&Ig@91kbqA{x)bQU5rq%$6v5-VbdExAB)9%tv0i+rVZA zv%YO^qt;~LRcWoqV)8c7_t||eIylGMKc z=oW-~^RnY*cTvY9n@sGU)4ZeY+D;Ll)F}$T$#X>AtTfZPL78#*wVhA@ z)Sp=l>9!{1ZDUi^_Co#ZNKbcAYNG0g&}OIFb~h-i>-f&$SIncHbCqUc#NJ^FzP4}$ zrs?WMK87(Am$h((1MM%t5bk)s;YtJwfP~r_Ot08Wt;Vk!pKK2kd(s`L65TyrYFb}- zx}?EY_ec zvyZ7Ny$-KAHlk98@zKnGRXlV5ZT3JxpJh}{!&li54d}k_ec=%NJ!}t$oUgu199-qi zVj1MYw~W$IPf|2>$%|%vq6{z4mcwfXR;>=?p3PzrB)61 zs?&NRkJ69*0?XRiHq3&A}9HQBIy=NJ5jJh91Q?mc~b@wywL=$2sRzT9y^HfOFC4Qr=eB?jag z2~YOYmjnzqcwsc1oc>8n{zj8uQUX|A(Lafz@fpyflw!W}VuGL)_l;ZvNXgZitUI;^ zha@-GsUA3)AdVaWd3scOM(gwmvT08WyZ4%dv?7~~sd629-kNYXt)N+`?`Ro;)bDl? z)yvlHp?}}m-qqxO|C`qk`aLgvzHKcn@ExvuzD@r_cDyF`dtLf3&Q5y3l%kB`i^GYf zW{FwhF)oK5HGM#tKZJ&aC~?4j>mOX)EOe z3gu^a8=BBM-LHOAQvls}xvTSc%ZW~EVgas`p$_m&t>k?$YfbgFNmH3Z97Z|8Dxjy@ z@7o126-f6+a}>??1$0z^-7luYLDd}3QN?mXNJr82FxnQQjI&!Heha6r+Utf-f{RPFwNTter3LA4U{*)3CtZ{gNX_Pg(}lsIf|$b$e?@;Dv4f-oq0;jKvmP$ zgzjK9P8Ahd8blMEYN)^8^VRu|yq~YHm%68kD==x*APwdBp8U_1&CEMPo-+prEf=g1LcZ67;ly zu0U-XNA(KXzrI|``Lhr6s_BDfP?$7jLObN_eOzsAECaXA&|88LJ%%|gq=)5B3%16d z1;V5FvlwanBz#*AEzmwNi744fEK%t{&hO7?icLnegcU@^xBVt~ z-6(d^G{Mujz5wh#YW26hM*KzH{y!4>7l19`-6K@_l%<2Jku4;?g>U)w@%AJx!t7yn);thz7m7e1nhFJ zr>b!AmV7KlsxAgf@;1w|UM#^L0Jg7ZYg(8q;@ULZf+T`@8Oyebk~g}&%^cN-B%FZ? zW8gj0^+=TOR6v@WQ-VsKOeBr+T_%+CP@k+Fb=3~HkdSW)u@ZNbQ=Q0<(p|{#P9Zm| z=!7Kb60$K(^clLR?(FK54>c8*IlZF^xgr1L5lVmqwPUN}yY-;t%GL`@b^Ofq$F`ff zdVR~7cwzm_rgF9Wg0TAADUP{@3_X(!eN-t2TMp)cm)ExYvO*3ft=lEEt;#}KpR9{Z zJI*R7n!P|9n$U)nYN_7Q%!|!;V94U4TZMlAVk!&0T;7d4^1stoB)cZ{<_dB$uLO#2 zYiB#nv@+x1aoTshCB$Pt-=akSL8p`3ztm}Y;CzSHiB%=(kK(HG0Qhfn%6i> z0lhC(Yo4`EM>7H&Y*>=@Y|G$#|xV~JjV7XWCo-bE{r;J$n2W`$~ z=ws?3@A`6S89{!%A)?r+Q1wghpLcIx!B^PV&JD@FK?#)K5OIiei?@iJ_7%T@sy0-T z$1nl#$hlAt1ep?X@C7X7RRM4XSu&>9zP68D{xaf8$8;5EontgtZfsW>0ER_?WPYtW z$SJ~F;26b2zqH}XKd{c*xT1Xd*DL^?d%y#7u#V%z9m7l2`0r7(;=ryk@Q>U$ygeJ) z9zxb{V%t`s)RT&|1@dxPy5x7Iql8BAA>+cBE_;pb z20N$R|K7!??XGVJt?PoeM)OJS=Hr^kHFq|$0a&O!#%OCm(egyZbuB2d3|kpifq5*9 z6ZNLECRmre?0D+se)+o=S_EtVlyK|p*%C<(fhX?4y*e&{6_}!5(vV8^y%hvl=HMnr5m}O)LL2}~v0K`?4;YQrOH*mBKob)|kP?EGfulhZ z4*<%!+7&l}`?Lg`>*svzqKx*WrjRg%yVmmUWej)k2EE6&EXdi1+JH9Fy1pT85xQla z5d5-8Xd@g}S--qf{H1KqJmD@jPh+!nQ9kBW2$BZhVC>z&p3%3~6nvRtdG--+%|0GK zykc`2I~z9@NM1=>QY#WKP?Cfwy1izv*bV7 zNpP+d96xs}g0GyK*)+xUj^Zs!q*-@ss%1hMC@zqFx70r4v-kGnJyI+1 z``v#Oh?*}zDmYHK0kJ&~;%vav5Kj~IgJFL-=r0CiTO?(M$T*(&2lLTH*SS$`wrY=MN%1`|_{A@dh4xo693?vqpFYs0n2ZCze|xxqn^m=-7bhY_rZwz!58EY(SzS}lKkLvu}cVF z6C!-C_ai*8|1(K8UD#mq*T;_^dsh)kAOv_DYPyn z%z5|F&%Xd;acUWi@<4>!b@x*vHUI8)`}^nbpTB?p{`u0M{|^8F|Nk^O05AYB2>|-U Bzc&B? literal 0 HcmV?d00001 diff --git a/stable/synapse/1.0.0/ci/base-values.yaml b/stable/synapse/1.0.0/ci/base-values.yaml new file mode 100644 index 0000000000..7e5ba36f00 --- /dev/null +++ b/stable/synapse/1.0.0/ci/base-values.yaml @@ -0,0 +1,5 @@ +matrix: + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + hostname: "matrix.example.com" diff --git a/stable/synapse/1.0.0/ci/basic-values.yaml b/stable/synapse/1.0.0/ci/basic-values.yaml new file mode 100644 index 0000000000..7e5ba36f00 --- /dev/null +++ b/stable/synapse/1.0.0/ci/basic-values.yaml @@ -0,0 +1,5 @@ +matrix: + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + hostname: "matrix.example.com" diff --git a/stable/synapse/1.0.0/helm-values.md b/stable/synapse/1.0.0/helm-values.md new file mode 100644 index 0000000000..7093170e61 --- /dev/null +++ b/stable/synapse/1.0.0/helm-values.md @@ -0,0 +1,129 @@ +# Default Helm-Values + +TrueCharts is primarily build to supply TrueNAS SCALE Apps. +However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file. + +Most of our Apps also consume our "common" Helm Chart. +If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart. +You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| command[0] | string | `"sh"` | | +| command[1] | string | `"-c"` | | +| command[2] | string | `"exec python -B -m synapse.app.homeserver \\\n -c /data/homeserver.yaml \\\n -c /data/secret/secret.yaml \\\n -c /data/custom.yaml\n"` | | +| coturn.enabled | bool | `false` | | +| env | object | `{}` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"matrixdotorg/synapse"` | | +| image.tag | string | `"v1.50.2"` | | +| installContainers.generate-signing-key.args[0] | string | `"-m"` | | +| installContainers.generate-signing-key.args[10] | string | `"--generate-keys"` | | +| installContainers.generate-signing-key.args[1] | string | `"synapse.app.homeserver"` | | +| installContainers.generate-signing-key.args[2] | string | `"--config-path"` | | +| installContainers.generate-signing-key.args[3] | string | `"/data/homeserver.yaml"` | | +| installContainers.generate-signing-key.args[4] | string | `"--config-path"` | | +| installContainers.generate-signing-key.args[5] | string | `"/data/secret/secret.yaml"` | | +| installContainers.generate-signing-key.args[6] | string | `"--config-path"` | | +| installContainers.generate-signing-key.args[7] | string | `"/data/custom.yaml"` | | +| installContainers.generate-signing-key.args[8] | string | `"--keys-directory"` | | +| installContainers.generate-signing-key.args[9] | string | `"/data/keys"` | | +| installContainers.generate-signing-key.command[0] | string | `"python"` | | +| installContainers.generate-signing-key.env[0].name | string | `"SYNAPSE_SERVER_NAME"` | | +| installContainers.generate-signing-key.env[0].value | string | `"{{ .Values.matrix.serverName }}"` | | +| installContainers.generate-signing-key.env[1].name | string | `"SYNAPSE_REPORT_STATS"` | | +| installContainers.generate-signing-key.env[1].value | string | `"no"` | | +| installContainers.generate-signing-key.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | | +| installContainers.generate-signing-key.volumeMounts[0].mountPath | string | `"/data"` | | +| installContainers.generate-signing-key.volumeMounts[0].name | string | `"config"` | | +| installContainers.generate-signing-key.volumeMounts[1].mountPath | string | `"/data/secret"` | | +| installContainers.generate-signing-key.volumeMounts[1].name | string | `"secret"` | | +| installContainers.generate-signing-key.volumeMounts[2].mountPath | string | `"/data/keys"` | | +| installContainers.generate-signing-key.volumeMounts[2].name | string | `"key"` | | +| mail.enabled | bool | `false` | | +| mail.from | string | `"Matrix "` | | +| mail.host | string | `""` | | +| mail.password | string | `""` | | +| mail.port | int | `25` | | +| mail.requireTransportSecurity | bool | `true` | | +| mail.riotUrl | string | `""` | | +| mail.username | string | `""` | | +| matrix.adminEmail | string | `"admin@example.com"` | | +| matrix.blockNonAdminInvites | bool | `false` | | +| matrix.disabled | bool | `false` | | +| matrix.disabledMessage | string | `""` | | +| matrix.encryptByDefault | string | `"invite"` | | +| matrix.federation.allowPublicRooms | bool | `true` | | +| matrix.federation.blacklist[0] | string | `"127.0.0.0/8"` | | +| matrix.federation.blacklist[1] | string | `"10.0.0.0/8"` | | +| matrix.federation.blacklist[2] | string | `"172.16.0.0/12"` | | +| matrix.federation.blacklist[3] | string | `"192.168.0.0/16"` | | +| matrix.federation.blacklist[4] | string | `"100.64.0.0/10"` | | +| matrix.federation.blacklist[5] | string | `"169.254.0.0/16"` | | +| matrix.federation.blacklist[6] | string | `"::1/128"` | | +| matrix.federation.blacklist[7] | string | `"fe80::/64"` | | +| matrix.federation.blacklist[8] | string | `"fc00::/7"` | | +| matrix.federation.enabled | bool | `true` | | +| matrix.logging.rootLogLevel | string | `"WARNING"` | | +| matrix.logging.sqlLogLevel | string | `"WARNING"` | | +| matrix.logging.synapseLogLevel | string | `"WARNING"` | | +| matrix.presence | bool | `true` | | +| matrix.registration.allowGuests | bool | `false` | | +| matrix.registration.autoJoinRooms | list | `[]` | | +| matrix.registration.enabled | bool | `false` | | +| matrix.retentionPeriod | string | `"7d"` | | +| matrix.search | bool | `true` | | +| matrix.security.surpressKeyServerWarning | bool | `true` | | +| matrix.serverName | string | `"example.com"` | | +| matrix.uploads.maxPixels | string | `"32M"` | | +| matrix.uploads.maxSize | string | `"10M"` | | +| matrix.urlPreviews.enabled | bool | `false` | | +| persistence.config.enabled | bool | `true` | | +| persistence.config.mountPath | string | `"/data"` | | +| persistence.config.objectName | string | `"synapse-config"` | | +| persistence.config.readOnly | bool | `false` | | +| persistence.config.type | string | `"configMap"` | | +| persistence.key.enabled | bool | `true` | | +| persistence.key.mountPath | string | `"/data/keys"` | | +| persistence.media.enabled | bool | `true` | | +| persistence.media.mountPath | string | `"/data/media_store"` | | +| persistence.secret.enabled | bool | `true` | | +| persistence.secret.mountPath | string | `"/data/secret"` | | +| persistence.secret.objectName | string | `"synapse-secret"` | | +| persistence.secret.readOnly | bool | `false` | | +| persistence.secret.type | string | `"secret"` | | +| persistence.uploads.enabled | bool | `true` | | +| persistence.uploads.mountPath | string | `"/uploads"` | | +| postgresql.enabled | bool | `true` | | +| postgresql.env.POSTGRES_INITDB_ARGS | string | `"--encoding=UTF8 --locale=C"` | | +| postgresql.existingSecret | string | `"dbcreds"` | | +| postgresql.postgresqlDatabase | string | `"synapse"` | | +| postgresql.postgresqlUsername | string | `"synapse"` | | +| probes.liveness.path | string | `"/health"` | | +| probes.readiness.path | string | `"/health"` | | +| probes.startup.path | string | `"/health"` | | +| secret | object | `{}` | | +| securityContext.allowPrivilegeEscalation | bool | `true` | | +| service.federation.enabled | bool | `true` | | +| service.federation.ports.federation.enabled | bool | `true` | | +| service.federation.ports.federation.port | int | `8448` | | +| service.federation.ports.federation.targetPort | int | `8008` | | +| service.main.ports.main.port | int | `8008` | | +| service.main.ports.main.targetPort | int | `8008` | | +| service.metrics.enabled | bool | `true` | | +| service.metrics.ports.metrics.enabled | bool | `true` | | +| service.metrics.ports.metrics.port | int | `9093` | | +| service.metrics.ports.metrics.targetPort | int | `9090` | | +| service.replication.enabled | bool | `true` | | +| service.replication.ports.replication.enabled | bool | `true` | | +| service.replication.ports.replication.port | int | `9092` | | +| service.replication.ports.replication.targetPort | int | `9092` | | +| synapse.appConfig | list | `[]` | List of application config .yaml files to be loaded from /appConfig | +| synapse.loadCustomConfig | bool | `false` | | +| synapse.metrics.annotations | bool | `true` | | +| synapse.metrics.enabled | bool | `true` | | +| synapse.metrics.port | int | `9092` | | + +All Rights Reserved - The TrueCharts Project diff --git a/stable/synapse/1.0.0/ix_values.yaml b/stable/synapse/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..be3c167f9e --- /dev/null +++ b/stable/synapse/1.0.0/ix_values.yaml @@ -0,0 +1,317 @@ +image: + repository: matrixdotorg/synapse + pullPolicy: IfNotPresent + tag: v1.50.2 + +command: + - sh + - -c + - | + exec python -B -m synapse.app.homeserver \ + -c /data/homeserver.yaml \ + -c /data/secret/secret.yaml \ + -c /data/custom.yaml + +service: + main: + ports: + main: + port: 8008 + targetPort: 8008 + federation: + enabled: true + ports: + federation: + enabled: true + port: 8448 + targetPort: 8008 + replication: + enabled: true + ports: + replication: + enabled: true + port: 9092 + targetPort: 9092 + metrics: + enabled: true + ports: + metrics: + enabled: true + port: 9093 + targetPort: 9090 + +securityContext: + allowPrivilegeEscalation: true + +secret: {} + +installContainers: + generate-signing-key: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: SYNAPSE_SERVER_NAME + value: "{{ .Values.matrix.serverName }}" + - name: SYNAPSE_REPORT_STATS + value: "no" + command: ["python"] + args: + - "-m" + - "synapse.app.homeserver" + - "--config-path" + - "/data/homeserver.yaml" + - "--config-path" + - "/data/secret/secret.yaml" + - "--config-path" + - "/data/custom.yaml" + - "--keys-directory" + - "/data/keys" + - "--generate-keys" + volumeMounts: + - name: config + mountPath: /data + - name: secret + mountPath: /data/secret + - name: key + mountPath: /data/keys + +env: {} + +persistence: + config: + enabled: true + type: configMap + objectName: synapse-config + mountPath: /data + readOnly: false + secret: + enabled: true + type: secret + objectName: synapse-secret + mountPath: /data/secret + readOnly: false + key: + enabled: true + mountPath: "/data/keys" + media: + enabled: true + mountPath: "/data/media_store" + uploads: + enabled: true + mountPath: "/uploads" + +probes: + liveness: + path: /health + + readiness: + path: /health + + startup: + path: /health + +# Synapse Kubernetes resource settings +synapse: + loadCustomConfig: false + # -- List of application config .yaml files to be loaded from /appConfig + appConfig: [] + # Prometheus metrics for Synapse + # https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md + metrics: + # Whether Synapse should capture metrics on an additional endpoint + enabled: true + # Port to listen on for metrics scraping + port: 9092 + annotations: true + +# Runtime configuration for Synapse and settings related to the Matrix protocol +matrix: + # Manual overrides for homeserver.yaml, the main configuration file for Synapse + # If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents. + # If homeserverExtra is set, the contents will be appended to the end of the default configuration. + # It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense + # of the requirements and default configuration options to use other services in this chart. + # homeserverOverride: {} + # homeserverExtra: {} + + # Domain name of the server + # This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains + # from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the + # domain name at the end of every user's username + serverName: "example.com" + + urlPreviews: + enabled: false + + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + # hostname: "matrix.example.com" + + # Set to false to disable presence (online/offline indicators) + presence: true + + # Set to true to block non-admins from inviting users to any rooms + blockNonAdminInvites: false + + # Set to false to disable message searching + search: true + + # Which types of rooms to enable end-to-end encryption on by default + # off: none + # invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset + # all: all rooms + encryptByDefault: invite + + # Email address of the administrator + adminEmail: "admin@example.com" + + # Settings related to image and multimedia uploads + uploads: + # Max upload size in bytes + maxSize: 10M + + # Max image size in pixels + maxPixels: 32M + + # Settings related to federation + federation: + # Set to false to disable federation and run an isolated homeserver + enabled: true + + # Set to false to disallow members of other homeservers from fetching *public* rooms + allowPublicRooms: true + + # Whitelist of domains to federate with (comment for all domains except blacklisted) + # whitelist: [] + + # IP addresses to blacklist federation requests to + blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + + # User registration settings + registration: + # Allow new users to register an account + enabled: false + + # If set, allows registration of standard or admin accounts by anyone who + # has the shared secret, even if registration is otherwise disabled. + # + # sharedSecret: + + # Allow users to join rooms as a guest + allowGuests: false + + # Required "3PIDs" - third-party identifiers such as email or msisdn (SMS) + # required3Pids: + # - email + # - msisdn + + # Rooms to automatically join all new users to + autoJoinRooms: [] + # - "#welcome:example.com" + + # How long to keep redacted events in unredacted form in the database + retentionPeriod: 7d + + security: + + # This disables the warning that is emitted when the + # trustedKeyServers include 'matrix.org'. See below. + # Set to false to re-enable the warning. + # + surpressKeyServerWarning: true + + # The trusted servers to download signing keys from. + # + # When we need to fetch a signing key, each server is tried in parallel. + # + # Normally, the connection to the key server is validated via TLS certificates. + # Additional security can be provided by configuring a `verify key`, which + # will make synapse check that the response is signed by that key. + # + # This setting supercedes an older setting named `perspectives`. The old format + # is still supported for backwards-compatibility, but it is deprecated. + # + # 'trustedKeyServers' defaults to matrix.org, but using it will generate a + # warning on start-up. To suppress this warning, set + # 'surpressKeyServerWarning' to true. + # + # Options for each entry in the list include: + # + # serverName: the name of the server. required. + # + # verifyKeys: an optional map from key id to base64-encoded public key. + # If specified, we will check that the response is signed by at least + # one of the given keys. + # + # acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset, + # and federation_verify_certificates is not `true`, synapse will refuse + # to start, because this would allow anyone who can spoof DNS responses + # to masquerade as the trusted key server. If you know what you are doing + # and are sure that your network environment provides a secure connection + # to the key server, you can set this to `true` to override this + # behaviour. + # + # An example configuration might look like: + # + # trustedKeyServers: + # - serverName: my_trusted_server.example.com + # verifyKeys: + # - id: "ed25519:auto" + # key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr" + # acceptKeysInsecurely: false + # - serverName: my_other_trusted_server.example.com + + # Set to true to globally block access to the homeserver + disabled: false + # Human readable reason for why the homeserver is blocked + disabledMessage: "" + + logging: + # Root log level is the default log level for log outputs that do not have more + # specific settings. + rootLogLevel: WARNING + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + sqlLogLevel: WARNING + # The log level for the synapse server + synapseLogLevel: WARNING + + +# Settings for email notifications +mail: + # Set to false to disable all email notifications + # NOTE: If enabled, either enable the Exim relay or configure an external mail server below + enabled: false + # Name and email address for outgoing mail + from: "Matrix " + # Optional: Element instance URL. + # If the ingress is enabled, this is unnecessary. + # If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io + riotUrl: "" + + host: "" + port: 25 # SSL: 465, STARTTLS: 587 + username: "" + password: "" + requireTransportSecurity: true + +coturn: + enabled: false + +# Enabled postgres +postgresql: + env: + POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: synapse + postgresqlDatabase: synapse diff --git a/stable/synapse/1.0.0/questions.yaml b/stable/synapse/1.0.0/questions.yaml new file mode 100644 index 0000000000..84ce58bccc --- /dev/null +++ b/stable/synapse/1.0.0/questions.yaml @@ -0,0 +1,3117 @@ +groups: + - name: "Container Image" + description: "Image to be used for container" + - name: "Controller" + description: "Configure workload deployment" + - name: "Container Configuration" + description: "additional container configuration" + - name: "App Configuration" + description: "App specific config options" + - name: "Networking and Services" + description: "Configure Network and Services for container" + - name: "Storage and Persistence" + description: "Persist and share data that is separate from the container" + - name: "Ingress" + description: "Ingress Configuration" + - name: "Security and Permissions" + description: "Configure security context and permissions" + - name: "Resources and Devices" + description: "Specify resources/devices to be allocated to workload" + - name: "Middlewares" + description: "Traefik Middlewares" + - name: "Metrics" + description: "Metrics" + - name: "Addons" + description: "Addon Configuration" + - name: "Advanced" + description: "Advanced Configuration" +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true + - variable: global + label: "global settings" + group: "Controller" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: "flag this is SCALE" + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: "Extra Args" + schema: + type: list + default: [] + items: + - variable: arg + label: "arg" + schema: + type: string + - variable: labelsList + label: "Controller Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: " Controller Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: TZ + label: "Timezone" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: UMASK + label: "UMASK" + description: "Sets the UMASK env var for LinuxServer.io (compatible) containers" + schema: + type: string + default: "002" + - variable: envList + label: "Image environment" + group: "Container Configuration" + schema: + type: list + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: expertpodconf + group: "Container Configuration" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: "Enable TTY" + description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: stdin + label: "Enable STDIN" + description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: termination + group: "Container Configuration" + label: "Termination settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: "Grace Period Seconds" + schema: + type: int + default: 10 + - variable: podLabelsList + group: "Container Configuration" + label: "Pod Labels" + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: podAnnotationsList + group: "Container Configuration" + label: "Pod Annotations" + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: synapse + group: "Container Configuration" + label: "Synapse Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: loadCustomConfig + label: "Load Custom Config" + description: "Load custom config located in /data/custom.yaml" + schema: + type: boolean + default: false + + - variable: matrix + group: "Container Configuration" + label: "Matrix Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disabled + label: "Disable Server Globally" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: disabledMessage + label: "Disabled Message" + schema: + type: string + default: "" + - variable: serverName + label: "Server Name" + schema: + type: string + default: "example.com" + - variable: hostname + label: "Hostname" + schema: + type: string + default: "matrix.example.com" + - variable: presence + label: "Presence" + schema: + type: boolean + default: true + - variable: blockNonAdminInvites + label: "Block Non Admin Invites" + schema: + type: boolean + default: false + - variable: search + label: "Search" + schema: + type: boolean + default: true + - variable: encryptByDefault + label: "Encrypt By Default" + schema: + type: string + default: "invite" + enum: + - value: "off" + description: "off" + - value: "invite" + description: "invite" + - value: "all" + description: "all" + - variable: adminEmail + label: "Admin Email" + schema: + type: string + default: "admin@example.com" + - variable: uploads + label: "Uploads Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: maxSize + label: "Max Size" + schema: + type: string + default: "10M" + - variable: maxPixels + label: "Max Pixels" + schema: + type: string + default: "32M" + - variable: urlPreviews + label: "URL Previews Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable URL Previews" + schema: + type: boolean + default: false + - variable: federation + label: "Federation Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Federation" + schema: + type: boolean + default: true + - variable: allowPublicRooms + label: "Allow Public Rooms" + schema: + type: boolean + default: true + # TODO: whitelist: + # TODO: blacklist: + - variable: registration + label: "Registration Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Registration" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: maxPixels + label: "Max Pixels" + schema: + type: string + default: "32M" + - variable: sharedSecret + label: "Shared Secret" + schema: + type: string + default: "" + private: true + # TODO: required3PIDs + # TODO: autoJoinRooms + - variable: security + label: "Security Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: surpressKeyServerWarning + label: "Surpress Key Server Warning" + schema: + type: boolean + default: true + - variable: trustedKeyServers + label: "Truested Key Servers" + schema: + type: list + default: [] + items: + - variable: serverName + label: Server Name + schema: + type: string + default: "" + - variable: verifyKeys + label: "Verify Keys" + schema: + additional_attrs: true + type: dict + attrs: + - variable: id + label: "id" + schema: + type: string + default: "" + - variable: key + label: "key" + schema: + type: string + default: "" + private: true + - variable: acceptKeysInsecurely + label: "Accept Keys Insecurely" + schema: + type: boolean + default: false + - variable: logging + group: "Container Configuration" + label: "Logging Configuration" + schema: + additional_attrs: true + type: dict + attrs: +# TODO: Find the log levels and make the enum's + - variable: rootLogLevel + label: "Root Log Level" + schema: + type: string + default: "WARNING" + - variable: sqlLogLevel + label: "Root Log Level" + schema: + type: string + default: "WARNING" + - variable: sqlLogLevel + label: "Root Log Level" + schema: + type: string + default: "WARNING" + + - variable: mail + group: "Container Configuration" + label: "Mail Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Mail" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: from + label: "From: " + schema: + type: string + default: "Matrix " + - variable: riotUrl + label: "Riot URL" + schema: + type: string + default: "" + - variable: host + label: "Host" + schema: + type: string + default: "" + - variable: port + label: "Port" + schema: + type: int + default: 25 + - variable: username + label: "Username" + schema: + type: string + default: "" + - variable: password + label: "Password" + schema: + type: string + default: "" + private: true + - variable: requireTransportSecurity + label: "Require Transport Security" + schema: + type: boolean + default: true + + - variable: coturn + group: "Container Configuration" + label: "Coturn Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Coturn" + schema: + type: boolean + default: false + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 8008 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 8008 + - variable: federation + label: "federation Service" + description: "The federation service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: federation + label: "federation Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 8448 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 8008 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + + - variable: externalInterfaces + description: "Add External Interfaces" + label: "Add external Interfaces" + group: "Networking" + schema: + type: list + items: + - variable: interfaceConfiguration + description: "Interface Configuration" + label: "Interface Configuration" + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: "Please specify host interface" + label: "Host Interface" + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: "Define how IP Address will be managed" + label: "IP Address Management" + schema: + type: dict + required: true + attrs: + - variable: type + description: "Specify type for IPAM" + label: "IPAM Type" + schema: + type: string + required: true + enum: + - value: "dhcp" + description: "Use DHCP" + - value: "static" + description: "Use static IP" + show_subquestions_if: "static" + subquestions: + - variable: staticIPConfigurations + label: "Static IP Addresses" + schema: + type: list + items: + - variable: staticIP + label: "Static IP" + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: "Static Routes" + schema: + type: list + items: + - variable: staticRouteConfiguration + label: "Static Route Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: "Destination" + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: "Gateway" + schema: + type: ipaddr + cidr: false + required: true + + - variable: dnsPolicy + group: "Networking and Services" + label: "dnsPolicy" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ClusterFirst" + description: "ClusterFirst" + - value: "ClusterFirstWithHostNet" + description: "ClusterFirstWithHostNet" + - value: "None" + description: "None" + + - variable: dnsConfig + label: "DNS Configuration" + group: "Networking and Services" + description: "Specify custom DNS configuration which will be applied to the pod" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: "Nameservers" + schema: + default: [] + type: list + items: + - variable: nameserver + label: "Nameserver" + schema: + type: string + - variable: options + label: "options" + schema: + default: [] + type: list + items: + - variable: option + label: "Option Entry" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: searches + label: "Searches" + schema: + default: [] + type: list + items: + - variable: search + label: "Search Entry" + schema: + type: string + + - variable: serviceList + label: "Add Manual Custom Services" + group: "Networking and Services" + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: "Custom Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: portsList + label: "Additional Service Ports" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom ports" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Port Name" + schema: + type: string + default: "" + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: port + label: "Container Port" + schema: + type: int + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "App Key Storage" + description: "Stores the Application Key." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: media + label: "App Media Storage" + description: "Stores the Application Media." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: uploads + label: "App Upload Storage" + description: "Stores the Application Upload." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: persistenceList + label: "Additional app storage" + group: "Storage and Persistence" + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: "Custom Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name (optional)" + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simpleHP" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + + - variable: entrypoint + label: "(Advanced) Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: "These middlewares enforce a number of best practices." + label: "Enable Default Middlewares" + schema: + type: boolean + default: true + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingressList + label: "Add Manual Custom Ingresses" + group: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: "Custom Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: service + label: "Linked Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Service Name" + schema: + type: string + default: "" + - variable: port + label: "Service Port" + schema: + type: int + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: true + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: capabilities + label: "Capabilities" + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: "Drop Capability" + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: "Add Capability" + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + + + - variable: advancedresources + label: "Set Custom Resource Limits/Requests (Advanced)" + group: "Resources and Devices" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: "Advanced Limit Resource Consumption" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "4000m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "8Gi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "10m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "50Mi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + + - variable: deviceList + label: "Mount USB devices" + group: "Resources and Devices" + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: "Device" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "Host Device Path" + description: "Path to the device on the host system" + schema: + type: path + - variable: mountPath + label: "Container Device Path" + description: "Path inside the container the device is mounted" + schema: + type: string + default: "/dev/ttyACM0" + + # Specify GPU configuration + - variable: scaleGPU + label: "GPU Configuration" + group: "Resources and Devices" + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + + - variable: autoscaling + group: "Advanced" + label: "(Advanced) Horizontal Pod Autoscaler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: "Target" + description: "deployment name, defaults to main deployment" + schema: + type: string + default: "" + - variable: minReplicas + label: "Minimum Replicas" + schema: + type: int + default: 1 + - variable: maxReplicas + label: "Maximum Replicas" + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: "Target CPU Utilization Percentage" + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: "Target Memory Utilization Percentage" + schema: + type: int + default: 80 + - variable: networkPolicy + group: "Advanced" + label: "(Advanced) Network Policy" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: "Policy Type" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ingress" + description: "Ingress" + - value: "egress" + description: "Egress" + - value: "ingress-egress" + description: "Ingress and Egress" + - variable: egress + label: "Egress" + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: "To" + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: int + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + - variable: ingress + label: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: "From" + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: int + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + + + - variable: addons + group: "Addons" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: "VPN" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type" + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: "disabled" + - value: "openvpn" + description: "OpenVPN" + - value: "wireguard" + description: "Wireguard" + - variable: openvpn + label: "OpenVPN Settings" + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: "authentication username" + description: "authentication username, optional" + schema: + type: string + default: "" + - variable: password + label: "authentication password" + description: "authentication credentials" + schema: + type: string + default: "" + required: true + - variable: killSwitch + label: "Enable killswitch" + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: "Killswitch Excluded IPv4 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: "IPv4 Network" + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: "Killswitch Excluded IPv6 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: "IPv6 Network" + schema: + type: string + required: true + + - variable: configFile + label: "VPN Config File Location" + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: hostPathType + label: "hostPathType" + schema: + type: string + default: "File" + hidden: true + - variable: noMount + label: "noMount" + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: "Full path to file" + description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + required: true + - variable: envList + label: "VPN environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: codeserver + label: "Codeserver" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: "Git Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: "Raw SSH private key" + label: "deployKey" + schema: + type: string + - variable: deployKeyBase64 + description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence" + label: "deployKeyBase64" + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nodePort + description: "leave empty to disable" + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: "Codeserver environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + - variable: promtail + label: "Promtail" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: "Loki URL" + schema: + type: string + required: true + - variable: logs + label: "Log Paths" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: path + label: "Path" + schema: + type: string + required: true + - variable: args + label: "Promtail ecommand line arguments" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: "Arg" + schema: + type: string + required: true + - variable: envList + label: "Promtail environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + + + - variable: netshoot + label: "Netshoot" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: "Netshoot environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true diff --git a/stable/synapse/1.0.0/security.md b/stable/synapse/1.0.0/security.md new file mode 100644 index 0000000000..ac974cb2c4 --- /dev/null +++ b/stable/synapse/1.0.0/security.md @@ -0,0 +1,25 @@ +--- +hide: + - toc +--- + +# Security Overview + + + +## Helm-Chart + +##### Scan Results + + + +| No Misconfigurations found | +|:---------------------------------| + +## Containers + +##### Detected Containers + + +##### Scan Results + diff --git a/stable/synapse/1.0.0/templates/_configmap.tpl b/stable/synapse/1.0.0/templates/_configmap.tpl new file mode 100644 index 0000000000..b9597f3dab --- /dev/null +++ b/stable/synapse/1.0.0/templates/_configmap.tpl @@ -0,0 +1,153 @@ +{{/* Define the configs */}} +{{- define "synapse.config" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: synapse-config + labels: + {{ include "common.labels" . | nindent 4 }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + homeserver.yaml: | + server_name: {{ .Values.matrix.serverName }} + pid_file: /data/homeserver.pid + public_baseurl: {{ include "matrix.baseUrl" . | quote }} + use_presence: {{ .Values.matrix.presence }} + + allow_public_rooms_over_federation: {{ and .Values.matrix.federation.enabled .Values.matrix.federation.allowPublicRooms }} + + block_non_admin_invites: {{ .Values.matrix.blockNonAdminInvites }} + + enable_search: {{ .Values.matrix.search }} + + {{- if .Values.matrix.federation.whitelist }} + federation_domain_whitelist: + {{- range .Values.matrix.federation.whitelist }} + - {{ . }} + {{- end }} + {{- end}} + + federation_ip_range_blacklist: + {{- range .Values.matrix.federation.blacklist }} + - {{ . }} + {{- end }} + + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: false + + {{- if .Values.synapse.metrics.enabled }} + - type: metrics + port: {{ .Values.synapse.metrics.port }} + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + {{- end }} + + admin_contact: 'mailto:{{ .Values.matrix.adminEmail }}' + hs_disabled: {{ .Values.matrix.disabled }} + hs_disabled_message: {{ .Values.matrix.disabledMessage }} + redaction_retention_period: {{ .Values.matrix.retentionPeriod }} + + log_config: "/data/{{ .Values.matrix.serverName }}.log.config" + media_store_path: "/data/media_store" + uploads_path: "/data/uploads" + max_upload_size: {{ .Values.matrix.uploads.maxSize }} + max_image_pixels: {{ .Values.matrix.uploads.maxPixels }} + url_preview_enabled: {{ .Values.matrix.urlPreviews.enabled }} + + {{- if .Values.coturn.enabled -}} + {{- if not (empty .Values.coturn.uris) }} + turn_uris: + {{- range .Values.coturn.uris }} + - {{ . }} + {{- end }} + {{- else }} + turn_uris: + - "turn:{{ include "matrix.hostname" . }}?transport=udp" + {{- end }} + turn_user_lifetime: 1h + turn_allow_guests: {{ .Values.coturn.allowGuests }} + {{- end }} + + enable_registration: {{ .Values.matrix.registration.enabled }} + + allow_guest_access: {{ .Values.matrix.registration.allowGuests }} + + {{- if .Values.synapse.metrics.enabled }} + enable_metrics: true + {{- end }} + + report_stats: false + + {{- if .Values.synapse.appConfig }} + app_service_config_files: + {{- range .Values.synapse.appConfig }} + - {{ . }} + {{- end }} + {{- end }} + + signing_key_path: "/data/keys/{{ .Values.matrix.serverName }}.signing.key" + + {{- if .Values.matrix.security.trustedKeyServers }} + trusted_key_servers: + {{- range .Values.matrix.security.trustedKeyServers }} + - server_name: {{ .serverName }} + {{- if .verifyKeys }} + verify_keys: + {{- range .verifyKeys }} + {{ .id | quote }}: {{ .key | quote }} + {{- end }} + {{- end }} + {{- if .acceptKeysInsecurely }} + accept_keys_insecurely: {{ .acceptKeysInsecurely }} + {{- end }} + {{- end }} + {{- end }} + + suppress_key_server_warning: {{ .Values.matrix.security.supressKeyServerWarning }} + {{- if not .Values.loadCustomConfig }} + custom.yaml: | + # PLACEHOLDER + {{- end }} + + {{ .Values.matrix.serverName }}.log.config: | + version: 1 + + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + + filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + + handlers: + console: + class: logging.StreamHandler + formatter: precise + filters: [context] + + loggers: + synapse: + level: {{ .Values.matrix.logging.synapseLogLevel }} + + synapse.storage.SQL: + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + level: {{ .Values.matrix.logging.sqlLogLevel }} + + + root: + level: {{ .Values.matrix.logging.rootLogLevel }} + handlers: [console] +{{- end }} diff --git a/stable/synapse/1.0.0/templates/_helpers.tpl b/stable/synapse/1.0.0/templates/_helpers.tpl new file mode 100644 index 0000000000..21bbda61c3 --- /dev/null +++ b/stable/synapse/1.0.0/templates/_helpers.tpl @@ -0,0 +1,20 @@ +Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition +*/}} +{{- define "matrix.hostname" -}} +{{- if .Values.matrix.hostname }} +{{- .Values.matrix.hostname -}} +{{- else }} +{{- .Values.ingress.hosts.synapse -}} +{{- end }} +{{- end }} + +{{/* +Synapse hostname prepended with https:// to form a complete URL +*/}} +{{- define "matrix.baseUrl" -}} +{{- if .Values.matrix.hostname }} +{{- printf "https://%s" .Values.matrix.hostname -}} +{{- else }} +{{- printf "https://%s" .Values.ingress.hosts.synapse -}} +{{- end }} +{{- end }} diff --git a/stable/synapse/1.0.0/templates/_secret.tpl b/stable/synapse/1.0.0/templates/_secret.tpl new file mode 100644 index 0000000000..4c9e263709 --- /dev/null +++ b/stable/synapse/1.0.0/templates/_secret.tpl @@ -0,0 +1,63 @@ +{{/* Define the configs */}} +{{- define "synapse.secret" -}} +{{- $previous := lookup "v1" "Secret" .Release.Namespace "synapse-secret-macaroon" }} +{{- $msk := randAlphaNum 50 }} +{{- if $previous }} +{{- $msk = ( index $previous.data "key" ) | b64dec }} +{{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: synapse-secret-macaroon + labels: + {{ include "common.labels" . | nindent 4 }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + key: {{ $msk | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: synapse-secret + labels: + {{ include "common.labels" . | nindent 4 }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +stringData: + secret.yaml: | + {{- if .Values.mail.enabled }} + email: + enable_notifs: {{ .Values.mail.enabled }} + notif_from: {{ .Values.mail.from }} + smtp_host: {{ .Values.mail.external.host }} + smtp_port: {{ .Values.mail.external.port }} + smtp_user: {{ .Values.mail.external.username }} + smtp_pass: {{ .Values.mail.external.password }} + require_transport_security: {{ .Values.mail.external.requireTransportSecurity }} + {{- end }} + + database: + name: "psycopg2" + args: + user: "{{ .Values.postgresql.postgresqlUsername }}" + password: {{ .Values.postgresql.postgresqlPassword }} + database: "{{ .Values.postgresql.postgresqlDatabase }}" + host: "{{ printf "%v-%v" .Release.Name "postgresql" }}" + port: "5432" + cp_min: 5 + cp_max: 10 + sslmode: "disable" + + {{- if .Values.matrix.registration.sharedSecret }} + registration_shared_secret: {{ .Values.matrix.registration.sharedSecret }} + {{- end }} + + macaroon_secret_key: {{ $msk }} + + {{- if .Values.coturn.enabled -}} + turn_shared_secret: {{ include "matrix.coturn.sharedSecret" . }} + {{- end }} + +{{- end }} diff --git a/stable/synapse/1.0.0/templates/common.yaml b/stable/synapse/1.0.0/templates/common.yaml new file mode 100644 index 0000000000..e9582539af --- /dev/null +++ b/stable/synapse/1.0.0/templates/common.yaml @@ -0,0 +1,14 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} + +{{/* Render configmap for synapse */}} +{{- include "synapse.config" . }} + +{{/* Render secret for synapse */}} +{{- include "synapse.secret" . }} + +{{- $newMiddlewares := list "tc-opencors-headers" }} +{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/stable/synapse/1.0.0/values.yaml b/stable/synapse/1.0.0/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/stable/synapse/item.yaml b/stable/synapse/item.yaml new file mode 100644 index 0000000000..73e4fd6f91 --- /dev/null +++ b/stable/synapse/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/_static/img/appicons/synapse-icon.png +categories: +- cloud +